Brazil’s central bank gives IT providers 15 days to tighten audit trails

<p>New rules force IT service firms to enhance cybersecurity and fraud controls under BCB’s Resolution 498</p>

BlueBank control transfer

By Brazil Stock Guide – Brazil’s Central Bank has given information technology service providers 15 days to adopt stricter audit trail mechanisms and tighten digital security standards, according to a directive published Thursday in the Diário Oficial da União.

The rule, set under Instrução Normativa BCB No. 664 and signed by Caio Moreira Fernandes, head of the Central Bank’s IT department, requires providers to implement end-to-end transaction audits, secure data retention, and multi-factor authentication for systems including Pix and STR.

Companies must also step up monitoring of certificates, track potential leaks of credentials, and block suspicious access attempts, including those made during late-night hours.

Fraud management policies must be fully implemented within 30 days. Firms are required to hire an independent auditor registered with Brazil’s CVM to certify compliance and submit a report to the Central Bank within 15 days after completion.

Failure to meet the deadlines may result in cautionary measures, including restrictions on the operations of providers serving the financial system.


Clear insights on Brazilian equities

Join portfolio managers and investors who get our curated analysis on Latin America’s largest economy.

Advertisement