Central Bank Public Consultation Notice No. 77/20 proposes changes to the rules for authorizing the operation of payment institutions set out in BCB Circular No. 3,885/18. Published in early July, the draft brings in impact proposals for the Brazilian payments industry. Some of them have been long awaited by the market, such as the regulation of a new type of payment institution (creation of payment transaction initiator).

 

In this article we address three aspects of the public notice that deserve special attention from the industry.

 

Objective of payment transaction initiator

 

Inspired by the payment initiation service provider (Pisp), created under the open banking regulation in the United Kingdom, the BCB has been indicating since April of 2019 that the service of initiating payment transactions is one of those contemplated in the Brazilian open financial system (open banking).

 

The first regulatory provision of this service took place on May 4, 2020, with Joint Resolution No. 1 of the BCB and the National Monetary Council (CMN), which established the regulatory framework for open banking in Brazil. The rule defines what payment transaction initiating institutions are (article 2, VI) and that the service to be provided by them consists of enabling "the initiation of the instruction of a payment transaction, ordered by the client, in relation to a deposit account or pre-paid payment" (article 2, VII). In addition, the rule makes it clear that payment transaction initiators will be mandatory participants in open banking and must observe the rules applicable to them.

 

These definitions, however, are somewhat abstract in nature, an option commonly adopted by regulatory bodies to confer a legal framework to future and uncertain situations.

 

The market expectation was a more detailed rule on payment initiation services. However, as the notice shows, it seems that the BCB intends to follow an abstract definition that guarantees it a comfortable level of control over potential new entrants, even at the expense of greater predictability for the industry. This dilemma is commonplace in financial regulation and so far the BCB has shown no sign of changing strategy.

 

Even so, it is already possible to find some practical examples that give a more precise idea of how this service will work in practice. According to a note published on the BCB website, a payment transaction initiator will allow the client to make payments by debiting his deposit or payment account without using cards, that is, through any other existing systems, such as book transfers or PIX, the instant payment arrangement to be implemented by the BCB by the end of 2020.

 

Good examples of use are delivery applications, which currently facilitate payments with the use of cards, but may offer a debit service without having to manage a payment account or participate in the transaction settlement chain.[1]

 

The less detailed nature of the standard opens up an important range of options for implementing this service. Regardless of the means used for the transfer (debit card registration, provision of data on the source account itself, or another tool that allows for direct transactions between accounts), if the initiation involves a payment debit or deposit account, it is a regulated service.

 

Greater regulatory rigidity on the part of the Central Bank

 

A second highlight of the public notice is the greater restriction to be imposed on payment transaction initiators. In the proposal presented, payment transaction initiators will need to request prior authorization from the BCB to operate. The rule differs from the current system for payment institutions, which should only request authorization after reaching certain operational limits.

 

In addition, the BCB has proposed that payment transaction initiators may not store end-user credential data used to authenticate payment transactions with the account-holding institution, unless the initiators provide a cloud storage service to financial institutions under the regulations in force.

 

In practice, this means that people will have to input their information with each transaction carried out, if this proposal is implemented, which may compromise the user experience. Currently, one of the greatest features for using cards in online purchases, especially in e-commerce sites and delivery and transportation applications, is the possibility of registering and activating cards for future transactions, without the need to manually input information with each purchase.

 

The BCB's proposal responds to the growing concern for cyber security and personal data protection in the financial system. However, it also shows the weight that this factor has been having in the regulator's decisions: information security is taken as a priority, even though it may harm the end user experience.

 

Greater stringency with electronic money issuers

 

A third point to highlight is the tightening of the rules on the authorization of electronic money issuers (institutions offering pre-paid payment accounts) to operate.

 

Currently, these issuers need to apply for operating authorization from the BCB only after reaching R$ 500 million in payment transactions or R$ 50 million in client funds held in a pre-paid payment account.

 

The BCB proposed in the public notice that all new institutions falling into this category should apply for authorization before starting to operate and those already operating below the limit should seek authorization according to a predetermined schedule, depending on the operational volume of each institution. Thus, all issuers would be covered by mid-2023.

 

According to the note released by the BCB, the change has reasons of a competitive nature (to level the market conditions of the providers of this service), a regulatory nature (to improve the monitoring of transactions, especially for the purposes of preventing money laundering and terrorist financing), and prudential nature (to improve the risk management of popular savings accounts managed by these institutions).

 

In various countries, there is growing concern regarding the financial resilience of pre-paid payment account managers and e-money issuers. In the US, for example, where the regulation of these players is generally more flexible and varies according to the state in which the institution is organized, some authors advocate improving the institutional arrangement applicable to e-money issuers in order to increase the protection afforded to users’ funds.[2]

 

Regardless of the reason, there is a clear indication of the change in risk perception by the BCB, which will certainly transform the payments market in Brazil, which, after six years of development, is already showing signs of resourcefulness and attracting a growing number of consumers.

 

Regarding the payment transaction initiators, there is no exact measure of the size of this market in Brazil, but it is already possible to have an idea of its potential, evidenced, for example, by the recent controversy involving WhatsApp Pay.

 

The regulator’s expectation is that this new type of payment institution will make the market increasingly competitive, stimulating creativity and innovation, both from established players and possible new entrants. However, the exact effects of this are still uncertain. After all, if the brief history of payment initiation in Brazil has taught us anything, it is that its potential impact is of great proportions.

 


[1] A payment method already present in Brazil for purchases over the Internet is bank transfer via partner bank. In these cases, the online store provided a direct link to the internet banking of one or another partner bank for transfer with pre-filled-in data of the beneficiary. With the concept of the payment initiator, the expectation is that this model may be replicated more widely and in a centralized manner, with lower transaction costs.

 

[2] Awrey, Dan. Bad Money (February of 2020). 106 Cornell Law Review. Available at: https://ssrn.com/abstract=3532681.

 

Due to the covid-19 pandemic and its consequences for the operation of certain services on a global scale, the Central Bank of Brazil (BC) changed the schedule for submission of the Brazilian Assets Abroad Survey (CBE) by means of Circular No. 3,995/20, , provided for in another circular, No. 3,624/13.

 

The survey is provided for in Resolution 3,854/10, which provides that individuals or legal entities resident, domiciled, or headquartered in Brazil are required to provide to the BC, by electronic means, a declaration of assets and securities that they own outside Brazilian territory. Individuals or legal entities must provide information on capital arising from financing, portfolio investments, leasing, direct investments, investments in derivative financial instruments, and other modalities provided for in the rule.

 

Also in accordance with Resolution No. 3,854/10, declarants who have assets and/or securities equal to or greater than USD 100 thousand (or a corresponding amount in other currencies), on the base date of December 31 of each year, must submit the survey annually. Those with assets and/or securities abroad equal to or in excess of USD 100 million must submit surveys on the base dates of March 31, June 30, and September 30 of each year.

 

The periods for the submission of CBE surveys are set forth by BC Circular No. 3,624/13 for each of the base dates.

 

The deadline for annual CBE survey with a base date of December 31, 2019, has been extended to June 1, 2020, while the period for quarterly CBE surveys with a base date of March 31, 2020, has been changed to between June 15 and July 15, 2020.

 

Failure to submit the surveys described herein or submission thereof in disagreement with the applicable BC regulations may result in fines of between BRL 2,500 and BRL 250,000. The amounts may increase by 50% if the CBE surveys are not reported, amended, or supplemented when requested by the BC, in accordance with Circular No. 3,857/17.

 

More than three years after discussions began on reforming the regulations regarding the prevention of money laundering and financing of terrorism (AML/FT) within the national financial system,[1] the new rules have a definite date of entry into force: July 1, 2020.

 

On that date, Bacen Circular No. 3978, which revokes Bacen Circular No. 3461, and CVM Instruction No. 617, which revokes CVM Instruction No. 301, take effect.

 

Taken together, the new regulations bring in important changes in AML/FT rules. We move from a model based on a filing approach, with standard rules and procedures (Bacen Circular No. 3461 and CVM Instruction No. 301), to a new, more flexible model, based on internal risk assessment (Bacen Circular No. 3978 and CVM Instruction No. 617).

 

With the entry into force of the new rules, the institutions authorized to operate by Bacen and the main service providers of the securities market[2] will be obliged to assess internally the risk not only for their clients, but also themselves, their operations, employees, partners, and service providers, also mandating the adoption of reinforced or simplified controls, according to the level of risk ascertained.

 

It is not yet clear, however, how the risk models of each institution will be assessed. Explaining further, under Bacen Circular No. 3461 and CVM Instruction No. 301, the obligations imposed on covered parties had a well-defined profile, so that any non-conformities could be easily characterized. In Bacen Circular No. 3978 and CVM Instruction No. 617, however, controls and procedures required of the institution are defined based on an internal risk assessment. In this manner, situations which, according to the old rules, could constitute irregularities may not be in accordance with the new rules.

 

In this scenario, the adoption of "best practices" and "standardized procedures" within certain markets may be an interesting alternative to eliminate risks and uncertainties. In the case of institutions regulated by the Bacen, however, there is a mitigating factor, which is the updating of the circular letter[3] that discloses the list of transactions and situations that may constitute evidence of AML/FT crimes.

 

Among the other novelties of AML/FT regulations for the Brazilian financial market, the following is also worth mentioning:

1) Bacen Circular No. 3978:

  • Strengthening governance requirements: in addition to being obliged to evaluate from time to time the quality and effectiveness of their internal procedures, institutions should detail the roles and responsibilities of the professionals appointed to work in AML/FT-related functions.
  • The reinforcement of know your client (KYC) procedures: institutions are now obliged to compare their internal data with that coming from public databases.
  • The increase in controls of cash transactions: it is now mandatory to identify the bearer in any cash transactions with a value exceeding R$ 2,000. More information will be required in the case of deposits in cash in an amount exceeding R$ 50,000.
  • The requirement to have access to information on final beneficiaries: the rule provides for the obligation for sub-purchasers to grant paying institutions access to information on final beneficiaries of payments.
  • Longer deadline for analysis of transactions: 30 to 45 days.

2) CVM Instruction No. 617:

  • The provision for specific duties to the responsible officer and to the senior management of the institutions.
  • The requirement that the AML/FT policy must establish mechanisms for the exchange of information between companies in the same conglomerate.
  • The obligation for the responsible officer to prepare an annual report to senior management regarding the internal AML/FT risk assessment.
  • The duty to identify, analyze, understand, and mitigate AML/FT risks inherent to their respective activity, even for institutions that have no direct relationship with the investor.
  • Detailed regulations regarding the duties arising from Law No. 13,810/19, which provide for the obligation to comply with sanctions imposed by resolutions of the United Nations Security Council.

[1] The discussions began on November 17, 2016, with the publication by the Brazilian Securities and Exchange Commission (CVM) of Public Hearing Notice SDM No. 09/2016, and were intensified after Public Consultation Notice No. 70/2019, released by the Central Bank of Brazil (Bacen) on January 17, 2019.

[2] More specifically, the following are subject to the CVM rule: (i) individuals or legal entities that provide services related to the distribution, custody, brokerage, or portfolio management of securities, (ii) organized market management entities and financial market infrastructure operators, (iii) independent auditors that operate within the scope of the securities market, and (iv) other persons referred to in specific regulations that provide services in the securities market, with the exception of publicly-held companies and securities analysts that do not perform any other of these activities.

[3] This is Bacen Circular Letter No. 4001, which also takes effect on July 1, 2020, and revokes Bacen Circular Letter No. 3542.

The Central Bank of Brazil (BC) and the National Monetary Council (CMN) issued, in early May, rules governing the use of book-entry trade notes in order to provide more security for financial institutions to use bills to offer credit.

 

Following the trend of dematerialization of financial assets and securities[1] seen in the Brazilian market in recent decades, the new rules face the issue at two levels:

  • CMN Resolution No. 4,815 deals with financing transactions based on book-entry trade notes; and
  • BC Circular No. 4,016 regulates the bookkeeping activity of these securities, creating a series of rules aimed at providing greater security for their issuance, registration, settlement, and trading.

More specifically, CMN Resolution No. 4,815 regulates market receivables discounting operations carried out by financial institutions and loans guaranteed by those receivables.

 

The main change brought about by the rule for these transactions was the mandatory use of registered and book-entry trade notes under BC Circular No. 4016. According to article 4 of the resolution, financial institutions should require their counterparts, in particular forward sellers who wishes to accelerate their receivables, to issue book-entry trade notes in sales or services.

 

The trade notes issued or receivables to be created in the future (in the case of so-called "smoke credits”), the institutions to which payments will be made, and the conditions for release of funds paid by debtors of the trade notes, in the case of loans guaranteed by such securities should also be specified via contract (article 5).

 

Also according to the resolution, the commands in the registration systems or centralized deposit in which the trade notes will be registered must be made by the creditor financial institution (article 6), including exchange of ownership and creation and cancelation of liens and encumbrances.

 

BC Circular No. 4,016, in turn, provides the necessary support for trading with electronic trade notes to grow in scale, without prejudice to security for the parties and the financial system as a whole. For this purpose, the agents responsible for operating the electronic bookkeeping systems (bookkeepers) must obtain prior authorization from the BC (article 11) and ensure that, concerning trade notes, such systems allow (article 3):

  • the performance of all appropriate acts of exchange;
  • control of payments;
  • trading and exchange of ownership, registration, and centralized deposit in systems authorized to operate by the BC;
  • input of encumbrances and lines on trade notes in such systems;
  • input of information regarding the transactions carried out, issuance of statements; and
  • interoperability with other systems of the same nature.

In a complementary manner, such agents must also observe a series of minimum service and governance standards, including the creation of internal risk management policies, the performance of services with minimum operational reliability, and care for the quality of information recorded in conducting the activity, among other requirements provided for in article 7 of BC Circular No. 4,016.

 

Also, emphasis should be placed on[2] the provisions of BC Circular No. 4,016 which require association between the trade notes and the respective electronic invoice by the bookkeeper (article 3, sole paragraph) and registration of the trade note in a system for registration or centralized deposit authorized by the BC that interoperates with the others (articles 14 and 19). These requirements are seen as important tools to prevent fraud that was considered an obstacle to the development of this market, such as the issuance of "cold" or duplicate trade notes.

 

Considering the technical challenge represented by the implementation of these new systems, the mandatory issuance of book-entry trade notes for the negotiation of commercial receivables by financial institutions will only become effective after approval of the agreement between registrars and depositories provided for in BC Circular No. 4,016 and within deadlines that vary according to the size of the clients financed, as shown in the figure below (article 3 of CMN Resolution No. 4,815):

 

Capture

 

The system of book-entry trade notes established by BC Circular No. 4,016 and CMN Resolution No. 4,815 represents an effort to give this market security and robustness in the bookkeeping infrastructure already established by the national regulatory framework for other financial assets and securities. Figures such as bookkeeping agents, registration and centralized deposit systems, settling banks, and supervision closest to the BC itself may be new to the trade notes market in particular, but the fact is that this model and its effectiveness and solidity are already widely known by the financial market and its clients in general.

 

At the same time, applying these new rules to a segment as traditional as trade notes, with their own vices and virtues, may lead to the emergence of a set of new challenges, particularly cultural adaptation. Add to this the current unprecedented crisis resulting from the covid-19 pandemic, which makes it even more difficult to implement a technologically complex process.

 

In fact, security and predictability have their cost. But what is perhaps seen today as another concern by many can easily become a source of new opportunities. With significant adherence by financial institutions to loans and financing backed by book-entry trade notes, many companies will be able to access new, cheaper forms of credit. In addition, another opportunity is created for financial asset registrars. The financial market and its infrastructure providers therefore have the mission of adapting to this new regulatory reality and of seeking to achieve the objectives expected of them, which can certainly contribute to the resumption of economic development in Brazil.


 

[1] A more complete description of this process can be found in WELLISCH, Julya. “Títulos Nominativos: da Cártula ao Depósito Centralizado”  [“Registered Securities: from Card System to Centralized Deposit”]. In: Revista de Direito Bancário e do Mercado de Capitais [“Review of Banking and Capital Markets Law”], vol. 66/2014, pp. 35-62.

[2] Other noteworthy provisions in the circular are the rules on the security of financial settlements relating to the payment of trade notes (Chapter III, Section II), minimum information to be made available to drawees (article 6), duties of the registration and centralized deposit systems (Chapter VI, Section I), and the execution of an agreement among the entities that manage them, which shall be prepared with the participation of the BC and deal with operational issues such as layouts and informational content of the files, procedures, times of exchange of information, fees, among others (article 20).

 

On May 4, after some months of public consultation, the National Monetary Council (CMN) and the Central Bank (BC) published a regulation[1] that governs the open banking in Brazil, one of the priority topics on what has been presented as the BC# Agenda.

 

At a press conference held on the same date, representatives of the Central Bank stated that the objective of open banking in Brazil is to empower financial consumers. In this sense, and in line with the General Data Protection Law (LGPD) and other rules on the subject, the new regulation is based on the principle that registration data and information on products and services provided belong to the customer and it is up to them to decide whether or not to share with third parties participating in the ecosystem. The bill also aims to increase efficiency and competitiveness within the National Financial System and encourage financial innovation.

 

Open banking is a concept of standardized sharing of data and services provided by financial institutions through the opening and integration, via Application Programming Interface (API), of their online platforms with other information system infrastructures. As an example, let us imagine that a customer of financial institution X already uses internet banking (through an application developed internally by institution X) to look up balances, make transfers etc. This same customer has another account at financial institution Y, also using the application developed internally by this institution to manage investments, check balances, payments made, etc. After implementing open banking it will be possible to look up the financial activities of both accounts through the use of a single application integrated via API to the financial institution's platform (since the participating institutions would have a standardized and integrated data sharing format).

 

Open banking enables financial institutions to dedicate themselves to their core activities, i.e., to the creation of new financial products and activities inherent to this segment, by encouraging other participants to enter the market to offer technological solutions focused on the customer's experience. It is assumed, in a way, that the data is the property of the customer and that, in fact, institutions should focus their energies on the purely financial market activities. This concept is attractive because it represents a great leap forward in the availability and provision of banking services. It has been discussed and/or implemented in various countries, such as Canada, Mexico, United States, Hong Kong, Japan, Singapore, Australia, New Zealand, Russia, and the United Kingdom.[2]

 

In Brazil, according to the new regulations issued, institutions authorized to operate by BC may participate in open banking. Large banks within Segments 1 (S1) and 2 (S2)[3] must participate. The other authorized institutions may participate if they wish and non-authorized institutions may participate through partnerships with authorized participating institutions. Any participation must follow the principle of reciprocity, i.e. the recipient must also share information.

 

In addition to sharing data and information, open banking in Brazil also involves sharing services and for those the obligation to participate is different. In the case of sharing of a payment transaction initiation service, participation is mandatory for (i) institutions holding an account;[4] and (ii) institutions initiating payment transactions.[5] In the case of sharing of a credit proposal forwarding service, participation is mandatory for institutions that have signed a correspondent contract in Brazil, the purpose of which contemplates receipt and forwarding of proposals for credit and leasing operations granted by the contracting institution, as well as other services provided for the monitoring of the operation, by electronic means.

 

The regulator divided the implementation of the project into four phases. First, participants should disclose less sensitive data about the institution itself that is easily available, such as data about customer service channels (divided into own facilities, banking correspondents, and electronic channels) and, for each channel, the form of access by customers and the services provided in each of them. In the first phase, data on products and services offered by the institution should also be shared, including cash and savings accounts, prepaid and postpaid payment accounts (such as credit card data made available) and credit transactions.[6] Such information should be disclosed in an organized and standardized manner, so that it can be looked up in a simple way by third parties, which can make comparisons between the various products and services offered. This phase should be implemented by November 30, 2020.

 

The second phase, the implementation of which must be completed by May 31, 2021, provides for the sharing of data and transactions involving the customers themselves, in a manner previously authorized by them. The objective of the second phase is to share both customer registration data and information on transactions carried out through a checking account or savings accounts, prepaid and postpaid payment accounts (including credit card transactions), and credit operations entered into by them. This is expected to encourage healthy competition, as a third-party bank will be able to offer customers the same product in a more advantageous, cheaper, and customized way.

 

The third phase, the implementation of which must be completed by August 30, 2021, involves the sharing of services of (i) initiation of payment transactions[7] and (ii) forwarding of credit proposals. Under the terms of Joint Resolution No. 1/2020, in relation to this sharing, institutions that do not fall under segments S1 and S2, but which hold accounts (deposit or prepaid) or provide payment transaction initiation services, in the case of the service mentioned in item "i", or which have signed a correspondent agreement in Brazil to receive and forward proposals for credit or leasing transactions, in the case of the service mentioned in item "ii", must also join open banking.

 

Finally, in the fourth phase, the regulator intends to expand the scope of open banking to include data and transactions involving foreign exchange services and transactions, insurance, private supplementary pensions, and investments. Here coordination with other regulators, such as the Bureau of Private Insurance (Susep) and the Brazilian Securities and Exchange Commission (CVM), is expected. This last phase must be completed by October 25, 2021.

 

The regulation also presents essential issues for the development and consolidation of open banking in Brazil, such as: (i) the requirements for sharing customer data; (ii) the responsibilities of the parties involved in data sharing; and (iii) the obligation for participating institutions to enter into a convention regarding issues related to:

  • technological standards and operating procedures;
  • standardization of data and service layout;
  • channels for forwarding customer claims;
  • procedures and mechanisms for handling and resolving disputes between participating institutions;
  • reimbursement among the participants;
  • participant repository;
  • rights and obligations of participants; and
  • other issues deemed necessary for compliance with the regulations.

Regardless of the regulations and the approach of the regulator, the perception of insecurity behind the sharing of data and information is high, especially in the case of financial information that is also protected by banking secrecy. Therefore, BC established the obligation of institutions to conduct their activities with ethics and responsibility, in compliance with the laws and regulations in force, as well as the principles of transparency, data security and privacy, data quality, non-discriminatory treatment, and interoperability.

 

With respect to business continuity, the regulations require institutions to ensure that their risk management policies cover:

  • procedures to follow in the event of unavailability of the interfaces used for sharing;
  • deadline for restarting or normalizing the availability of the interface;
  • handling of incidents related to customer data breaches and the measures taken to prevent and remedy them; and
  • results of business continuity tests, considering the scenarios of unavailability of interfaces.

In addition to the regulations published by CMN and BC, open banking will also have a self-regulation structure. As mentioned above, the rules provide for the existence of a convention to be discussed and prepared by a governance structure representing the market itself.[8] The self-regulation structure will mainly deal with putting open banking into operation, including technology standardization and communication and security protocols, as well as dispute resolution and reimbursements among participants.

 

Since it enables the reduction of information asymmetry among the various financial service providers, open banking promises structural changes in the supply of financial products and services in Brazil, transforming the experience of customers and institutions and fostering competition, innovation, and financial inclusion in the local market.


[1] CMN/BC Joint Resolution No. 01/2020 and BC Circular 4,015/2020.

[2] The United Kingdom pioneered the development of this concept as public policy. That country's experience is widely regarded as a reference, having been publicly mentioned by interlocutors of BC as a source of inspiration. To learn more about how this initiative is developing in the UK and possible paths for the Brazilian experience, we recommend accessing: https://www.openbanking.org.uk/

[3] Institutions belonging to prudential conglomerates that do not provide the services referred to in customer transaction data shall be exempt from the compulsory participation requirement.

[4] These are defined as those that maintain a customer's checking account or savings account or prepaid payment account.

[5] They are the authorized institutions that, within the scope of open banking, will provide payment transaction initiation services, without holding at any time the funds transferred in the provision of the service. A payment transaction initiation service is a service that enables the initiation of a payment transaction instruction, ordered by the customer, regarding a deposit or prepaid payment account.

[6] The information should cover, for example, fees charged, packages of services made available and their amounts, minimum balance requirement in accounts, procedures for closing accounts, income rates, reward programs, interest charged (both on credit cards and other credit transactions), and types of collateral required for credit transactions, among others.

[7] The aforementioned institutions may be hired by other open banking participants to provide these services, which should include, at a minimum, account debit services, transfer of funds between accounts at the institution itself (book transfer), electronic transfer of available funds (TED), instant payment transaction (PIX), credit document (DOC), and bank invoice payment.

[8] In early March of this year, BC published an ordinance setting up a working group to propose a structure responsible for the governance of the process of implementing open banking in Brazil. This group completed its activities on April 30, 2020, and delivered a report on a number of governance topics to the BC’s Director of Regulations. It is expected that the governance structure to be determined by BC will follow the recommendations of this report and will be published in the coming days.