The main purpose of the Resolution, which will come into force on November 1, 2023, is to enhance procedures and controls related to fraud prevention. Data and other relevant information that will be shared among the Covered Institutions shall be made through an electronic system that contains, among other information, data reports and information on fraud or indicia of fraud identified by the Covered Institutions in their activities, as well as changes and exclusion of registered data and information.

The data shared by the Covered Institutions will need to contain (i) information regarding who or what institutions have executed or attempted to execute the fraud, (ii) a description of the indicia and fraud attempt, (iii) identify the Covered Institution responsible for registering the data and information, and (iv) identifying information about the account(s) that will receive the funds and its owner, in case of transfer or payment of funds.

BACEN is responsible for adopting the necessary measures for the implementation of the Resolution. The main changes outlined in the Resolution include that Covered Institutions must (i) establish monitoring and control mechanisms, such as processes, tests, audit trails, metrics and appropriate indicators, to ensure effective compliance with the resolution (which mechanisms must undergo periodic testing by means of an internal audit); and (ii) Covered Institutions must maintain documentation on the electronic system, shared data, criteria, and procedures used, and make this information available to BACEN for a certain period (between 5 and 10 years depending on the type of information).

Also in accordance with the Resolution, Covered Institutions shall obtain previous consent of their clients for the purpose of sharing the information cited above. However, Covered Institutions would need to be careful to not disclose any information that violates the Brazilian General Data Protection Law (“LGPD”) or any other law or resolution created to ensure the security and, where applicable, the confidentiality of the information shared under the Resolution. In summary, any Covered Institution should use its best efforts to conduct its activities in compliance with the laws and regulations in effect, in order to safeguard privacy and personal data rights and promote free competition in the financial industry.