The Central Bank of Brazil (BCB) opened for public consultation, on November 28, drafts of a joint regulatory act of the National Monetary Council (CMN) and the BCB and a BCB Circular dealing with the introduction of a “Controlled Testing Environment for Financial and Payment Systems Innovations” (Regulatory Sandbox) under the National Financial System and the Brazilian Payments System.[1]

The draft CMN-BCB joint regulatory act sets out the general guidelines for the Regulatory Sandbox, while the draft BCB circular regulates in more detail the proposal for the first cycle of the Regulatory Sandbox under the BCB. The measures are in accordance with the regulatory strategy announced in Brazil in June of 2019, by means of a joint release[2] signed by the BCB, the Securities and Exchange Commission (CVM), the Private Insurance Superintendency (Susep), and the Special Finance Bureau of the Ministry of Economy.

In general terms, the strategy envisages the creation of an experimental regulatory environment that seeks to encourage innovation in the financial, capital, and insurance markets by granting temporary authorizations to institutions that have innovative business models. The companies selected may fulfill fewer regulatory requirements for a given period, but will be subject to the limits and conditions set by regulators, which should act in a coordinated manner if activities undertaken by a venture fall within the regulatory purview of more than one entity.

The objective of the measures is to give greater effectiveness to the provision of article 3, VI, of the recently promulgated Law No. 13,874/2019 (the Economic Freedom Act), which gives everyone the right to “develop, execute, operate, or market new types of products and services when regulatory standards become outdated by virtue of internationally established technological development, under the terms set forth in a regulation governing the requirements for the measurement of the specific situation, the procedures, the timing, and the conditions of the effects.”

Far from being a peculiarity of the Brazilian legal system, today the sandbox strategy is an international trend. According to a survey conducted between February and April of 2019 with the support of the World Bank,[3] many countries already have provisions on the sandbox model, including Australia, Canada, Singapore, the United States, the United Kingdom, Russia, and Switzerland. Various others are already considering adoption of this model, such as South Africa, Brazil, Spain, Japan, and Mexico.

Among the sandbox initiatives adopted in other countries, those of the United Kingdom and Singapore stand out, which have established themselves at the forefront of regulatory innovations and point to interesting ways for putting the Brazilian sandbox model into operation.

In the United Kingdom, the financial system regulator, the Financial Conduct Authority (FCA), operates the sandbox strategy by opening pre-established registration periods for interested parties. In the call notice for each of these periods, the FCA highlights proposals and technologies whose applications will be prioritized, but does not rigorously restrict potential participants. Initiatives entering into each period follow a specific six-month testing cycle.

In Singapore, for its part, the Monetary Authority of Singapore adopts a sandbox model that segregates interested entities into two groups. The first, called Sandbox, is for more complex business models that require customization to balance the project’s risks and benefits. The second, called Sandbox Express, has fast approvals and predefined rules, and is aimed at businesses that pose low risk and are already known in the market.

Meanwhile, in Brazil, the Regulatory Sandbox is rehearsing its first steps with the advantage of being able to observe results from international experience. In addition to the aforementioned public consultation initiated by the BCB, the CVM submitted a draft regulatory instruction for public hearing in the second half of 2019, while Susep submitted drafts of a circular and a resolution from the National Private Insurance Board (CNSP). The main points of the three proposals are compared in the table below:




Target Audience

Legal entities that offer an innovative design, understood as one that represents a technological innovation or improvement, such as gain in efficiency, reach, capillarity, reduction in cost, or increased safety (article 2, I and II, of the draft CMN-BCB joint regulatory act)

At each cycle some topics/activities are defined as strategic priorities, and the relevance of the proposal serves as a tiebreaker criterion if the number of eligible entities exceeds the maximum number of participants (article 30 of the draft joint CMN-BCB regulatory act and article 7 of the draft BCB circular)

Legal entities operating in the Brazilian securities market that (i) promote some sort of technological innovation, (ii) provide new products or services, or (iii) promote gains in efficiency, cost savings, or increased access by the general public to products or services in the securities market (article 2, IV, of the ICVM draft)

Legal entities presenting an innovative project, understood as being one that develops products and/or services in the insurance market based on a new technology, or on existing technology applied differently (article 1 and 2, III, of the draft CNSP resolution)

Insurance and pension plans structured in financial capital allocation and capitalization systems are excluded (sole paragraph of article 1 of the draft CNSP resolution).

Eligibility criteria and formal requirements

According to article 4 of the draft CMN-BCB joint regulatory act, the formal criteria are:

I - Be a legal entity; and

II - Assume the form of an association, company, sole proprietorship (Eireli), notary and registry service provider, public companies, and government-controlled companies.

Moreover, article 28 brought in the following requirements:

I - Unblemished reputation of officers and directors and controlling shareholders; and

II - Adequacy of the discontinuity plan, understood as being the sequence of measures promoted by the participant upon termination of its participation in the Regulatory Sandbox.

According to article 5 of the ICVM draft, the criteria are:

I - The innovative business model must be conducted primarily within the Brazilian securities market, even if its activities may expand into other jurisdictions;

II - The applicant must demonstrate sufficient technical and financial capacity to carry out the activity intended;

III - The officers and directors and direct or indirect controlling shareholders of the applicant may not (i) be disqualified or suspended from managing institutions authorized by the regulatory bodies, (ii) have been convicted of the offenses provided for in the draft, or (iii) be prevented from managing their assets or disposing of them by reason of a judicial or administrative decision;

IV - The applicant may not be prohibited from contracting with official financial institutions or participating in bidding; and

V - The applicant must have adopted internal policies, procedures, and controls that, at a minimum, establish mechanisms to protect against cyber attacks and improper logical access to its systems and that relate to the production and keeping of records and information, including for the purposes of performing audits and inspections.

According to articles 5 and 6 of the draft CNSP resolution, the criteria are:

I - Use of remote means in operations related to its insurance plans, as provided for in applicable regulations;

II - Presentation of analysis of the main risks associated with its performance, including those related to cyber security, and plan for mitigation of any damages to its customers;

III - Have headquarters in Brazil;

IV - Be duly organized and registered with the National Registry of Corporate Taxpayers (CNPJ); and

V - Have officers and directors and direct or indirect officers and directors that (i) are not disqualified or suspended from holding a position at financial institutions or other entities authorized to operate by the CVM, BCB, Susep, National Supplementary Health Agency (ANS), or by the National Supplementary Pension Superintendency (Previc), (ii) have not been convicted of the crimes provided for in the draft, and (iii) not be prevented from managing or disposing of their assets as a result of a judicial or administrative decision.

Procedure to join

1. BCB issues call notice containing the rules for the cycle (article 26 of the draft joint CMN-BCB regulatory act).

2. Interested parties must register and present the documents required by the regulations and the call notice (article 27 and 28 of the draft joint CMN-BCB regulatory act).

3. BCB conducts a preliminary review based on the formal requirements set forth above and, if the number of applicants is equal to or less than the total number of participants admitted, reviews the other requirements and issues the authorizations (articles 29 and 31 of the draft joint CMN-BCB regulatory act).

4. If the number of applicants exceeds the number of participants admitted, the BCB, after a preliminary review of the formal requirements, classifies the candidates according to the strategic priorities of that cycle, project maturity, risks involved, and technical and operational and governance capacity. After classification, it evaluates the best placed registrants according to the other requirements, up to the maximum number of participants expected for that cycle, and issues the authorizations (articles 30 and 31 of the draft joint CMN-BCB regulatory act).

1. Sandbox Committee coordinates the procedures for the beginning of the cycle, including the deadlines for registration (article 3 of the ICVM draft).

2. Proposals must be submitted with information about the activity and regulatory exemptions intended, among other information (article 6 of the ICVM draft).

3. Proposals are evaluated by the Sandbox Committee (article 7 of the ICVM draft).

4. A report is presented to the board (article 9 of the ICVM draft).

5. Board approves temporary authorizations (article 12 of the ICVM draft).

1. Susep will publish a notice for a selection containing the general conditions for granting temporary authorization (article 2, VII, of the draft Susep circular)

2. Interested parties request authorization with the documents required in the regulation and in the public notice (article 9 of the draft Susep circular).

3. Evaluating committee issues an opinion on each participant within 60 days after the end of the call notice (article 6 of the draft Susep circular).

4. Susep issues approval (article 10 of the draft CNSP resolution).

5. Within 90 days after the authorization, the participants must be organized, elect officers and directors, submit corporate acts for approval by Susep, and prove the origin of the funds invested in the project (article 10 of the draft Susep circular).

6. Susep issues temporary authorization (article 11 of the draft Susep circular).

Relevant prohibitions and scenarios for cancellation of authorization

Contracts signed with customers may not have their expected maturity dates after the period provided for the duration of the Regulatory Sandbox (article 10, VII, of the draft joint CMN-BCB regulatory act).

Participants may not hire correspondents to supply products or services in Brazil (article 12 of the draft joint CMN-BCB regulatory act).

In the case of participants in the foreign exchange market, it is forbidden (article 22 of the draft joint CMN-BCB regulatory act).

I - Carry out a foreign currency purchase or sale transaction with a foreign financial institution;

II - Maintain deposit accounts in national currency of persons resident, domiciled, or headquartered abroad or accounts in foreign currency for customers served in the Regulatory Sandbox;

III - Use funds in cash for the delivery or receipt of Brazilian Reais or foreign currency; and

IV - Change and cancel the foreign exchange transactions performed in the Regulatory Sandbox.

The BCB may cancel the authorization due to (article 40 of the draft joint CMN-BCB regulatory act).

I - Failure to comply with the terms of the authorization granted;

II - Increased risks arising from the participant's activities, such that they are no longer compatible with the Regulatory Sandbox system;

III - Failure to prove the legal origin of the funds used in the project;

IV - Non-compliance with the deadline for the beginning of the execution of the project; and

V - Receipt of excessive complaints from users.

Authorization may be canceled in the following scenarios:

I - Failure to comply with the obligations to report to investors and customers, as well as those related to the CVM's special monitoring (article 18, I, of the ICVM draft);

II - Existence of serious operational failures (article 18, II, of the ICVM draft);

III - generation of excessive risks not previously foreseen by the Sandbox Committee (article 18, III, of the ICVM draft);

IV - Failure to meet any eligibility criteria (article 18, IV, of the ICVM draft); and

V - Commission of irregularities (article 18, V, of the ICVM draft).

Authorization may be canceled in the following scenarios (article 49 of the draft Susep circular):

I - Complaint rate found to be above 1%, cumulatively;

II - Occurrence of harm to consumers;

III - Non-compliance with the conditions for risk limits or items subscribed;

IV - Inadequate creation of technical provisions;

V - Insufficient collateral assets;

VI - Application of funds from technical provisions in disagreement with what is established by the CMN and the criteria established for insurance companies;

VII - Book equity, net of any intangible assets and deferred acquisition costs, lower than the minimum required capital;

VIII - Offer or sale of product and/or service in disagreement with the innovative project approved by Susep;

IX - Breach, without acceptable justification, of the business plan;

X - Increase in the risks associated with the activity carried out, such that they are no longer compatible with the authorization framework for a given time;

XI - Serious failures in the business model developed; and

XII - Existence of evidence of wrongdoing through intent or fraud.

Duration of the cycle

Defined by the BCB, with a maximum limit of one year, which may be extended for up to one year (article 7 of the draft joint CMN-BCB regulatory act)

Defined by the Sandbox Committee, with a maximum limit of one year, which may be extended for up to one year (article 3, III and paragrpah 3, of the ICVM draft)

Defined in the call notice, with a maximum limit of 36 months (article 4, I, of the draft CNSP resolution).

Status of the consultation

Open until January 31, 2020

Closed on October 12, 2019

Closed on October 30, 2019

[1] Public Consultation Notice No. 72/2019.

[2] Statement {Release}: implementation of model regulatory sandbox in Brazil.

[3] CGAP-World Bank: Regulatory Sandbox Global Survey, 2019. Available at: