Publications
- Category: Banking, insurance and finance
More than three years after discussions began on reforming the regulations regarding the prevention of money laundering and financing of terrorism (AML/FT) within the national financial system,[1] the new rules have a definite date of entry into force: July 1, 2020.
On that date, Bacen Circular No. 3978, which revokes Bacen Circular No. 3461, and CVM Instruction No. 617, which revokes CVM Instruction No. 301, take effect.
Taken together, the new regulations bring in important changes in AML/FT rules. We move from a model based on a filing approach, with standard rules and procedures (Bacen Circular No. 3461 and CVM Instruction No. 301), to a new, more flexible model, based on internal risk assessment (Bacen Circular No. 3978 and CVM Instruction No. 617).
With the entry into force of the new rules, the institutions authorized to operate by Bacen and the main service providers of the securities market[2] will be obliged to assess internally the risk not only for their clients, but also themselves, their operations, employees, partners, and service providers, also mandating the adoption of reinforced or simplified controls, according to the level of risk ascertained.
It is not yet clear, however, how the risk models of each institution will be assessed. Explaining further, under Bacen Circular No. 3461 and CVM Instruction No. 301, the obligations imposed on covered parties had a well-defined profile, so that any non-conformities could be easily characterized. In Bacen Circular No. 3978 and CVM Instruction No. 617, however, controls and procedures required of the institution are defined based on an internal risk assessment. In this manner, situations which, according to the old rules, could constitute irregularities may not be in accordance with the new rules.
In this scenario, the adoption of "best practices" and "standardized procedures" within certain markets may be an interesting alternative to eliminate risks and uncertainties. In the case of institutions regulated by the Bacen, however, there is a mitigating factor, which is the updating of the circular letter[3] that discloses the list of transactions and situations that may constitute evidence of AML/FT crimes.
Among the other novelties of AML/FT regulations for the Brazilian financial market, the following is also worth mentioning:
1) Bacen Circular No. 3978:
- Strengthening governance requirements: in addition to being obliged to evaluate from time to time the quality and effectiveness of their internal procedures, institutions should detail the roles and responsibilities of the professionals appointed to work in AML/FT-related functions.
- The reinforcement of know your client (KYC) procedures: institutions are now obliged to compare their internal data with that coming from public databases.
- The increase in controls of cash transactions: it is now mandatory to identify the bearer in any cash transactions with a value exceeding R$ 2,000. More information will be required in the case of deposits in cash in an amount exceeding R$ 50,000.
- The requirement to have access to information on final beneficiaries: the rule provides for the obligation for sub-purchasers to grant paying institutions access to information on final beneficiaries of payments.
- Longer deadline for analysis of transactions: 30 to 45 days.
2) CVM Instruction No. 617:
- The provision for specific duties to the responsible officer and to the senior management of the institutions.
- The requirement that the AML/FT policy must establish mechanisms for the exchange of information between companies in the same conglomerate.
- The obligation for the responsible officer to prepare an annual report to senior management regarding the internal AML/FT risk assessment.
- The duty to identify, analyze, understand, and mitigate AML/FT risks inherent to their respective activity, even for institutions that have no direct relationship with the investor.
- Detailed regulations regarding the duties arising from Law No. 13,810/19, which provide for the obligation to comply with sanctions imposed by resolutions of the United Nations Security Council.
[1] The discussions began on November 17, 2016, with the publication by the Brazilian Securities and Exchange Commission (CVM) of Public Hearing Notice SDM No. 09/2016, and were intensified after Public Consultation Notice No. 70/2019, released by the Central Bank of Brazil (Bacen) on January 17, 2019.
[2] More specifically, the following are subject to the CVM rule: (i) individuals or legal entities that provide services related to the distribution, custody, brokerage, or portfolio management of securities, (ii) organized market management entities and financial market infrastructure operators, (iii) independent auditors that operate within the scope of the securities market, and (iv) other persons referred to in specific regulations that provide services in the securities market, with the exception of publicly-held companies and securities analysts that do not perform any other of these activities.
[3] This is Bacen Circular Letter No. 4001, which also takes effect on July 1, 2020, and revokes Bacen Circular Letter No. 3542.
- Category: Tecnology
There is still uncertainty relating to Bill 1,179/20, which provides for a different postponement period.
Executive Order (MP) No. 959/20, published on April 29, extended the entry into force of the General Data Protection Law (LGPD) to May 3, 2021. The MP is subject to approval by the Brazilian Congress to become definitive law, but its effects are valid as of publication.
Postponement of the entry into force of the LGPD was already under discussion in the legislature last year, and last month it gained momentum with the publication of Bill No. 1,179/20, due to the declaration of the covid-19 pandemic. Currently, the Bill is under discussion in the House of Representatives, after approval in the Senate.
Although the pandemic scenario is the same, the date proposed by the MP is different from the solution adopted by the Senate in the Bill: postponement of entry into force to January 1, 2021, except for the provisions dealing with administrative sanctions by the National Personal Data Protection Authority (ANPD), which would be August 1, 2021.
A second point that can be questioned in the MP is the relevance, affinity, and connection of the matter dealt with in this instrument. This is because it mainly addresses the emergency benefit proposed by the government, but in its article 4 and last paragraph, the MP changes the subject and changes the date for entrance into force of the LGPD. The fact is that the position on postponement of the LGPD seems settled, and it is up to Congress to resolve the impasse regarding the deadlines.
In addition, there are still no clear signs regarding actual creation of the ANPD by the federal government, which is increasingly necessary both to regulate the law and to guide the debate around issues on the agenda of personal data protection.
What to do
Regardless of the context, it is notable that privacy and data protection issues will continue to attract the attention of authorities and the general public. The recent discussion surrounding MP 954/20, which provides for the sharing of user data by telecommunications service providers with the Brazilian Institute of Geography and Statistics (IBGE) and ended up being suspended by the Federal Supreme Court (STF), is evidence of this. Various measures taken against companies in recent months by consumer protection associations or the Federal Public Prosecutor's Office, related to the issue of privacy and data protection, also corroborate this scenario.
Those who have not started their adaptation projects should take the opportunity to structure their plans and start the processes as soon as possible. For those who are already carrying out their projects, it is advisable to continue the work and monitor more closely the political and regulatory situation of the law.
- Category: Capital markets
The Brazilian Securities and Exchange Commission (CVM) has initiated the process of a public hearing for the preparation of a new regulatory instruction whose objective is to establish rules for holding of general meetings of debentureholders (AGD) by digital means.
The rule covers only debentureholders' meetings related to public issues and held by publicly-held companies. Private debentures and public offerings conducted by companies that are not registered with CVM are not included, even if such issues were done with restricted placement efforts, pursuant to CVM Instruction 476. The instruction does not address other publicly distributed real estate securities, such as CRIs (Real Estate Receivables Certificates), CRAs (Agribusiness Receivables Certificates), and promissory notes.
The approach of the new rule proposed is similar to that of CVM Instruction No. 622, which regulated the holding of digital meetings for publicly-traded companies in Brazil and whose main aspects were dealt with here on the Legal Intelligence portal.
Such measures are part of the package of rules issued by CVM to tackle some of the challenges imposed by the covid-19 pandemic. The public hearing notice highlights that the wording proposed is preliminary and that both the new instruction and CVM Instruction 622 will be subject to a broader review within CVM's planning to promote improvements to the changes implemented by them. The objective is to promote an evolution towards the adoption of digital mechanisms that had already been demanded by the market and were accelerated by the pandemic.
As determined by CVM Instruction 622 for the notices convening shareholders' meetings, the draft of the new instruction provides that notices convening shareholders' meetings must contain guidelines for debentureholders regarding the procedures for participation and voting through digital means. Also in the same line of CVM Instruction 622, the draft proposed by CVM provides that the company may require prior submission of documentation from debentureholders who wish to participate in the AGD remotely and that a digital protocol be made available for this purpose (another possibility is to submit the documentation at the time of the AGD, in the event of participation in person).
Seeking to incorporate a mechanism similar to the ballot paper used by publicly-traded companies in their shareholders’ meetings, as provided for in CVM Instruction 481, the agency proposes in the draft of the new rule that the debentureholders' vote may also be exercised by means of the sending of a vote instruction. In this case, the company or the fiduciary agent of the issuance shall make the template document available to send the vote instruction, so that the debentureholder may exercise it using already known options such as "approve", "reject", or "abstain".
Both the issuer and the fiduciary agent, as applicable, shall be responsible for providing the means for remote voting. On this point, it is worth highlighting article 10 of the draft instruction, which provides for the responsibility of the issuer's Investor Relations director, or the fiduciary agent, as the case may be, for the information and documents made available to debentureholders for the exercise of their voting rights.
Also similar to CVM Instruction 622, a provision was inserted into the draft that, exceptionally, AGDs convened before the entrance into force of the new instruction may be held digitally, provided that the remote voting procedure is described in a material fact released by the company, in the case of meetings convened by the issuer, or in a release by the fiduciary agent addressed to all debentureholders, at least five days in advance of the holding of the AGD.
Comments from those interested in participating in the public hearing may be sent to the CVM by May 4, 2020, to the e-mail
- Category: Real estate
In order to guarantee the maintenance of essential services during the period of social distancing imposed in response to the covid-19 pandemic, the São Paulo State Department of Justice approved, on April 28th, CG Ordinance No. 12/20, which regulates the procedure for drawing up public deeds by videoconference and electronic signature.
The measure covers the most varied of types of public deeds, including the purchase and sale of real estate, notarial acts, public powers of attorney, and mortgage guarantees. Based on the existence of more specific provisions and formalities for such acts in the Brazilian Civil Code, it was expressly prohibited, however, to perform notarial acts for the drawing up of a public will and approval of a sealed will. During the pandemic, such acts may still be carried out in person, respecting the exceptional operating arrangement for notary publics.
For the approval of this ordinance, which has an initial validity of 30 days from its publication, special consideration was given to the peculiarities relating to the territorial jurisdiction of the notary public and the security in identifying the signatory parties of the deeds. In sum, the main rules are as follows:
1) As for territorial jurisdiction:
- Acts of acquisition or creation of real property rights must be executed by the notary public of the district where the property is located.
- Acts that do not comprise acquisition or creation of real property rights must be drawn up by a notary public of the district of the residence of one of the parties to the legal deal.
- Public powers of attorney shall be drawn up by the notary public of the district of the granting party's domicile.
2) As for formalities:
- The capacity and expression of will of the parties shall be verified by remote means, via image and sound transmission (videoconference). The notary public should preserve the recording of this content. The videoconference can be done simultaneously with all the parties or individually with each of them.
- The identity of the parties shall be verified remotely by means of presentation of a digital identification document or, failing that, of documents that have been filed for the opening of signatures at the notary office itself or at another notary office.
- If the signature card has been opened before another notary, the person in charge of the other service will have 24 hours to send it to the notary who will draw up the act a scanned copy of the card and the party’s documents.
- The parties must sign via a digital certificate with the ICP infrastructure standard.
In addition to the performance of notarial acts via electronic media, notaries public linked to a registration authority may also issue digital certificates by videoconference during the state of public health emergency. This flexibility originates from Executive Order No. 951/20, of April 15, regulated by Resolution No. 170/20, of April 23, of the Public Keys Infrastructure Management Committee, which, by allowing videoconferencing for this purpose, waives the collection of fingerprints from interested parties.
The state of São Paulo is not, however, the first to regulate the performance of notarial acts by electronic means. The Rio de Janeiro Justice Department, through the CGJ Ordinance No. 31/20, of March 25, had already allowed the performance of acts in electronic form in the state without, however, providing rules in such detail.
In São Paulo, some notaries are already moving to offer the service as soon as possible. On the other hand, some notaries still have doubts about the practical application of the rules, for example, regarding the need for an individual digital certificate for representatives of legal entities.
Without prejudice to any procedural shortcomings that may exist, the measures announced have the potential to greatly facilitate the drawing up of public deeds during the pandemic, for which they were proposed, in addition to perhaps contributing to modernizing the Brazilian notarial system, boosting the economy and real estate businesses that require the services of notaries.
- Category: Banking, insurance and finance
On May 4, after some months of public consultation, the National Monetary Council (CMN) and the Central Bank (BC) published a regulation[1] that governs the open banking in Brazil, one of the priority topics on what has been presented as the BC# Agenda.
At a press conference held on the same date, representatives of the Central Bank stated that the objective of open banking in Brazil is to empower financial consumers. In this sense, and in line with the General Data Protection Law (LGPD) and other rules on the subject, the new regulation is based on the principle that registration data and information on products and services provided belong to the customer and it is up to them to decide whether or not to share with third parties participating in the ecosystem. The bill also aims to increase efficiency and competitiveness within the National Financial System and encourage financial innovation.
Open banking is a concept of standardized sharing of data and services provided by financial institutions through the opening and integration, via Application Programming Interface (API), of their online platforms with other information system infrastructures. As an example, let us imagine that a customer of financial institution X already uses internet banking (through an application developed internally by institution X) to look up balances, make transfers etc. This same customer has another account at financial institution Y, also using the application developed internally by this institution to manage investments, check balances, payments made, etc. After implementing open banking it will be possible to look up the financial activities of both accounts through the use of a single application integrated via API to the financial institution's platform (since the participating institutions would have a standardized and integrated data sharing format).
Open banking enables financial institutions to dedicate themselves to their core activities, i.e., to the creation of new financial products and activities inherent to this segment, by encouraging other participants to enter the market to offer technological solutions focused on the customer's experience. It is assumed, in a way, that the data is the property of the customer and that, in fact, institutions should focus their energies on the purely financial market activities. This concept is attractive because it represents a great leap forward in the availability and provision of banking services. It has been discussed and/or implemented in various countries, such as Canada, Mexico, United States, Hong Kong, Japan, Singapore, Australia, New Zealand, Russia, and the United Kingdom.[2]
In Brazil, according to the new regulations issued, institutions authorized to operate by BC may participate in open banking. Large banks within Segments 1 (S1) and 2 (S2)[3] must participate. The other authorized institutions may participate if they wish and non-authorized institutions may participate through partnerships with authorized participating institutions. Any participation must follow the principle of reciprocity, i.e. the recipient must also share information.
In addition to sharing data and information, open banking in Brazil also involves sharing services and for those the obligation to participate is different. In the case of sharing of a payment transaction initiation service, participation is mandatory for (i) institutions holding an account;[4] and (ii) institutions initiating payment transactions.[5] In the case of sharing of a credit proposal forwarding service, participation is mandatory for institutions that have signed a correspondent contract in Brazil, the purpose of which contemplates receipt and forwarding of proposals for credit and leasing operations granted by the contracting institution, as well as other services provided for the monitoring of the operation, by electronic means.
The regulator divided the implementation of the project into four phases. First, participants should disclose less sensitive data about the institution itself that is easily available, such as data about customer service channels (divided into own facilities, banking correspondents, and electronic channels) and, for each channel, the form of access by customers and the services provided in each of them. In the first phase, data on products and services offered by the institution should also be shared, including cash and savings accounts, prepaid and postpaid payment accounts (such as credit card data made available) and credit transactions.[6] Such information should be disclosed in an organized and standardized manner, so that it can be looked up in a simple way by third parties, which can make comparisons between the various products and services offered. This phase should be implemented by November 30, 2020.
The second phase, the implementation of which must be completed by May 31, 2021, provides for the sharing of data and transactions involving the customers themselves, in a manner previously authorized by them. The objective of the second phase is to share both customer registration data and information on transactions carried out through a checking account or savings accounts, prepaid and postpaid payment accounts (including credit card transactions), and credit operations entered into by them. This is expected to encourage healthy competition, as a third-party bank will be able to offer customers the same product in a more advantageous, cheaper, and customized way.
The third phase, the implementation of which must be completed by August 30, 2021, involves the sharing of services of (i) initiation of payment transactions[7] and (ii) forwarding of credit proposals. Under the terms of Joint Resolution No. 1/2020, in relation to this sharing, institutions that do not fall under segments S1 and S2, but which hold accounts (deposit or prepaid) or provide payment transaction initiation services, in the case of the service mentioned in item "i", or which have signed a correspondent agreement in Brazil to receive and forward proposals for credit or leasing transactions, in the case of the service mentioned in item "ii", must also join open banking.
Finally, in the fourth phase, the regulator intends to expand the scope of open banking to include data and transactions involving foreign exchange services and transactions, insurance, private supplementary pensions, and investments. Here coordination with other regulators, such as the Bureau of Private Insurance (Susep) and the Brazilian Securities and Exchange Commission (CVM), is expected. This last phase must be completed by October 25, 2021.
The regulation also presents essential issues for the development and consolidation of open banking in Brazil, such as: (i) the requirements for sharing customer data; (ii) the responsibilities of the parties involved in data sharing; and (iii) the obligation for participating institutions to enter into a convention regarding issues related to:
- technological standards and operating procedures;
- standardization of data and service layout;
- channels for forwarding customer claims;
- procedures and mechanisms for handling and resolving disputes between participating institutions;
- reimbursement among the participants;
- participant repository;
- rights and obligations of participants; and
- other issues deemed necessary for compliance with the regulations.
Regardless of the regulations and the approach of the regulator, the perception of insecurity behind the sharing of data and information is high, especially in the case of financial information that is also protected by banking secrecy. Therefore, BC established the obligation of institutions to conduct their activities with ethics and responsibility, in compliance with the laws and regulations in force, as well as the principles of transparency, data security and privacy, data quality, non-discriminatory treatment, and interoperability.
With respect to business continuity, the regulations require institutions to ensure that their risk management policies cover:
- procedures to follow in the event of unavailability of the interfaces used for sharing;
- deadline for restarting or normalizing the availability of the interface;
- handling of incidents related to customer data breaches and the measures taken to prevent and remedy them; and
- results of business continuity tests, considering the scenarios of unavailability of interfaces.
In addition to the regulations published by CMN and BC, open banking will also have a self-regulation structure. As mentioned above, the rules provide for the existence of a convention to be discussed and prepared by a governance structure representing the market itself.[8] The self-regulation structure will mainly deal with putting open banking into operation, including technology standardization and communication and security protocols, as well as dispute resolution and reimbursements among participants.
Since it enables the reduction of information asymmetry among the various financial service providers, open banking promises structural changes in the supply of financial products and services in Brazil, transforming the experience of customers and institutions and fostering competition, innovation, and financial inclusion in the local market.
[1] CMN/BC Joint Resolution No. 01/2020 and BC Circular 4,015/2020.
[2] The United Kingdom pioneered the development of this concept as public policy. That country's experience is widely regarded as a reference, having been publicly mentioned by interlocutors of BC as a source of inspiration. To learn more about how this initiative is developing in the UK and possible paths for the Brazilian experience, we recommend accessing: https://www.openbanking.org.uk/
[3] Institutions belonging to prudential conglomerates that do not provide the services referred to in customer transaction data shall be exempt from the compulsory participation requirement.
[4] These are defined as those that maintain a customer's checking account or savings account or prepaid payment account.
[5] They are the authorized institutions that, within the scope of open banking, will provide payment transaction initiation services, without holding at any time the funds transferred in the provision of the service. A payment transaction initiation service is a service that enables the initiation of a payment transaction instruction, ordered by the customer, regarding a deposit or prepaid payment account.
[6] The information should cover, for example, fees charged, packages of services made available and their amounts, minimum balance requirement in accounts, procedures for closing accounts, income rates, reward programs, interest charged (both on credit cards and other credit transactions), and types of collateral required for credit transactions, among others.
[7] The aforementioned institutions may be hired by other open banking participants to provide these services, which should include, at a minimum, account debit services, transfer of funds between accounts at the institution itself (book transfer), electronic transfer of available funds (TED), instant payment transaction (PIX), credit document (DOC), and bank invoice payment.
[8] In early March of this year, BC published an ordinance setting up a working group to propose a structure responsible for the governance of the process of implementing open banking in Brazil. This group completed its activities on April 30, 2020, and delivered a report on a number of governance topics to the BC’s Director of Regulations. It is expected that the governance structure to be determined by BC will follow the recommendations of this report and will be published in the coming days.
- Category: Litigation
We recently wrote about the initiative of the São Paulo State Court of Appeals (TJ-SP) to create a pilot project for pre-trial conciliation and mediation for business disputes arising from the effects of the pandemic (CG Resolution No. 11/2020, of April 17). On that occasion, we drew attention to the fact that the covid-19 crisis, despite its dramatic consequences, established a context conducive to the emergence of new forms of dispute resolution by the judiciary. Now we observe the same situation in the special civil courts, with the creation of the “conciliation not in person" or virtual conciliation.
In the special courts, the actions are brought by the plaintiff itself (or through an attorney, for cases with a value between 20 and 40 minimum wages). It is then called a conciliation attempt hearing, chaired by a conciliator. If there is a settlement, its terms are systematized by the conciliator and, later, ratified by the judge, so that the parties are bound. In the absence of a settlement, the case proceeds to a pre-trial hearing presided over by a judge. There, the respondent presents its answer and the parties may request the hearing of witnesses. Finally, the judgment is handed down.
Under Law No. 9,099/90 (the Special Courts Law), if the respondent is duly summoned to the conciliation attempt hearing and fails to appear, the penalty of default judgment applies. This means that the facts alleged by the plaintiff will be presumed to be true and the case must proceed for a decision to be handed down by the competent judge. If the plaintiff does not appear, the case is extinguished.
These are very serious penalties, implemented precisely in order to stimulate appearance at the conciliation attempt hearings and settlement of disputes submitted to the Judiciary. However, the situation generated by the covid-19 pandemic, in which despite the effort of the laws and regulations to encourage conciliation, has created an impasse due to the need for the parties to attend the conciliation hearing.
To resolve the situation, Law No. 13,994/20 brings in an important innovation to the Special Courts Law, expressly establishing the appropriateness of “conciliation not in person" with the use of the technological resources available to the courts. What we see is an effort to maintain operation of the judiciary in times of crisis.
The legislative amendment also maintained the imposition of the penalty of default judgment if the respondent does not participate in the virtual conciliation session or even refuses to participate. In other words, once summoned, the respondent does not have the option to state its disinterest in this type of conciliation, precisely as occurs in relation to the in-person type.
Therefore, virtual conciliation has been widely instituted in the Brazilian special courts, which demonstrates the admirable movement of the Judiciary towards the adoption of new technologies in its activities, especially with regard to the protection of citizens' rights and stimulus for the resolution of disputes through settlement.
The world is going through an unprecedented crisis. Even if numerous misfortunes arise from it, it is to a certain extent hopeful to see it as an opportunity for the introduction of technological innovations in the day-to-day provision of judicial services.