Brazil

Introduction The Brazilian Law No. 9,613/1998(“Brazilian AML Law”) is a landmark for the regulatory anti-money laundering and combating the financing of terrorism (“AML/CFT”) landscape, indicating an active role for obligated persons – whether legal entities or natural persons. In the past few years, technological developments – particularly in the financial sector trough innovation, crypto-assets, artificial intelligence and digital platforms – have created a more complex framework for money laundering, requiring regulators and authorities to constantly adapt to keep pace with these changes. In this regard, in August 2025, the Federal Revenue of Brazil (“RFB”) published the Normative Instruction No 2,278 (“IN 2,278”), which brings a key regulatory shift: payment institutions, including fintech companies and participants in payment arrangements, are now required to comply with the same regulations applicable to banks and other institutions submitted to Brazilian AML Law and Law No. 12,865/2013 (“Payment Arrangements Law”). The IN 2,278 signals heightened enforcement efforts from Brazilian authorities, especially in the wake of recent money laundering scandals related to fintech and criminal organizations. On this matter, AML/CFT compliance programs must implement and constantly update Know Your Client (“KYC”) policies, as these policies represent an essential safeguard to mitigate liability arising from clients’ potential unlawful activities. This article seeks to examine KYC, outlining its mechanisms and evaluating its effectiveness in AML/CFT enforcement. The foundations of KYC Know Your Client refers to a structured set of procedures set to collect, validate, and verify clients’ information, ensuring appropriate due diligence in their identification, qualification, and risk classification. While primarily applied by financial institutions, KYC is also mandatory across different sectors to prevent unlawful activities, as well as mitigate regulatory exposure. On this subject, under Article 9 of Brazilian AML Law, the duty to implement KYC measures extends beyond financial institutions to a wide range of obligated persons from different sectors. These include but are not limited to: (i) securities; (ii) insurance, capitalization and private pension; (iii) real estate; (iv) luxury or high-value goods; and (v) virtual assets’ operators. Amongst other obligations, these obligated persons are responsible for monitoring clients’ data and transaction history and to report of any suspicious or atypical transactions to the Financial Activities Control Council (“Coaf”), which is Brazil’s Financial Intelligent Unit. Further to that, some sectors are regulated by special authorities and need to comply with targeted regulation, such as the financial institutions by Brazilian Central Bank (“BCB”), the insurance market by Superintendency of Private Insurance (“SUSEP”) or the securities market by the Securities and Exchange Commission (“CVM”). For all sectors that do not have a specific regulatory authority, supervisory responsibility rests with Coaf. Failure to comply with KYC and other AML/CFT obligations may result in severe sanctions, including, but not limited to warning and monetary fines – which are capped at BRL 20 million, as well as sanctions for the administrators involved, as temporary disqualification, for up to ten years, from serving as an officer or director of regulated entities. In addition to that, companies involved money laundering scandals might face serious reputational damage, as seen previously in Operation Car Wash – Brazil’s largest anti-corruption and AML taskforce. Know Your Client: in practice Brazilian authorities require obligated persons to implement and maintain customer due diligence procedures proportionate to their size and operations – in other words, a tailored KYC for the risk of each company. The framework follows the risk-based approach recommended by the Financial Action Task Force (FATF) and adopted by COAF and other regulators, requiring enhanced measures for higher-risk situation Client identification must include the collection, verification, and validation of data, including for remote transactions – which can be specially challenging. Qualification involves assessing the client’s financial capacity, determining whether they are a politically exposed person (“PEP”), and ensuring sufficient information to establish a reliable risk profile. Risk classification, in turn, must reflect categories defined in the company’s internal assessment. The reoccurrence of these analysis needs to be proportionate to the client’s risk classification, ensuring that higher-risk clients are subject to more frequent revalidation. For fintech, implementing robust KYC can be particularly challenging. Their highly digital and fast-paced operations, with restricted human and financial resources, increase exposure to clients who may attempt to conceal their identities through complex structures. For this reason, it is not uncommon for companies to outsource KYC procedures to specialized firms or outside counsel, particularly in cases involving more complex analyses where independent expertise adds value to the compliance process. A central component is the identification of the Ultimate Beneficial Owner (“UBO”), defined as the individual who ultimately control, influence, or benefit from a legal entity, directly or indirectly. Obligated persons must extend risk classification to administrators, partners, representatives, and proxies, and are prohibited from initiating relationships without completing the required identification and qualification procedures. This requirement is especially sensitive given the use of shell companies, front men/company and other mechanisms designed to obscure the UBO and disguise unlawful activities, which significantly heightens the complexity of AML/CFT compliance for financial institutions. Case study and conclusions In 2025, a massive scandal was discovered involving one of Brazil’s biggest criminal organizations that disguised billions of reais through fintechs and other financial institutions for money laundering. At the time these unlawful acts were perpetrated, certain payment institutions, including fintech companies and participants in payment arrangements, were not subjected to AML/CFT regulation. Hence, the scheme remained invisible to authorities. This criminal organizations employed several strategies to conceal and disguise the UBO. This case shed light on the deficiencies in KYC procedures, which stemmed from the regulatory gaps created by the IN No. 2,278. As of this regulation, one of the obligations is the submission of the e-Financeira, a digital report of high-value financial transactions that enables authorities to monitor suspicious activities more effectively. This obligation, alongside with properly designed and affectively enforced KYC policies, could have mitigated or even prevented the unlawful acts. While no compliance framework ensures absolute prevention, robust AML/CFT mechanisms significantly reduce exposure to acts unlawful acts, as well as it serves as a defensive mechanism against regulatory sanctions and a strategic tool for safeguarding corporate integrity and reputation. Ultimately, the growing role of KYC in Brazil’s regulatory framework reflects a broader global trend toward heightened accountability for AML/CFT. For companies operating in this environment, compliance is no longer confined to meeting minimum legal requirements; it demands a culture of vigilance, ethical responsibility, and continuous improvement. In this regard, entities that prioritize KYC not only mitigate legal and reputational risks but also position themselves as trusted players in a market where integrity has become a decisive competitive advantage. Authors: Leonardo Kozloswki , Isabelly Nunes, Salim Saud.

The recent enactment of Complementary Law 213/2025 has introduced significant changes to Brazilian Insurance Law, creating new challenges that require careful interpretation and practical application. Beyond the realm of legal hermeneutics, these innovations raise issues that affect regulatory structures, the insurance market, and the protection of citizens. Against this backdrop, Fábio Medina Osório, Founding Partner at Medina Osório Advogados, will take part in the panel “Innovations in Complementary Law 213/2025”, scheduled for 17 October from 16:30 to 18:00, during the X International Congress on Insurance Law of the Brazilian Institute of Insurance Law (IBDS). This year, the Congress will be held in São Paulo, with sessions taking place at two of the city’s most iconic venues – the São Paulo Museum of Art (MASP) and the Theatro Municipal. The event has established itself as one of the leading international forums for debate and reflection in the field of Insurance Law, convening leading academics, practitioners, regulators and representatives of public institutions to discuss the key issues shaping the sector. The X International Congress on Insurance Law – IBDS will take place from 16 to 18 October 2025, consolidating its position as a forum for open, plural and high-level dialogue on the future of Insurance Law in Brazil and beyond.  

Medina Osório Advogados is pleased to record the holding of the 1st Petrobras Seminar on Administrative Sanctioning Law, an initiative of great institutional relevance for strengthening integrity, governance and compliance in Brazil. The event will bring together public authorities, Petrobras executives, judges and leading jurists, consolidating itself as a plural and highly qualified forum for dialogue. The opening panel will feature Petrobras’ President, Magda Maria de Regina Chambriard; the Chair of the Board of Directors, Bruno Moretti; Petrobras’ General Counsel, Wellington Cesar Lima e Silva; the Director of Governance and Compliance, Ricardo Wagner de Araujo; Petrobras’ Chief Inspector General, Edson Leonardo Dalescio Sá Teles; the Chair of the Public Ethics Commission, Manoel Caetano Ferreira Filho; and the Executive Secretary of the Office of the Comptroller General (CGU), Eveline Martins Brito. We are proud to highlight that the opening lecture will be delivered by our founding partner, Fábio Medina Osório, a jurist whose career has consolidated Administrative Sanctioning Law as a scientific and applied field in Brazil. Among the speakers, special mention should be made of the President of IBDA, Cristiana Fortini, and the Vice-President of IDASAN, Alice Voronoff, alongside names such as Judge Rogério Tobias de Carvalho (TRF-2), Luiz Fernando Delazari (Itaipu Binacional), Fernanda Alvares da Rocha (CGU), Antônio Carlos Vasconcellos Nóbrega (Ministry of Finance) and Bruno Espiñeira Lemos (Public Ethics Commission). This seminar reinforces the importance of integrating institutional experience, academic thought and legal practice in addressing the contemporary challenges of public ethics and Administrative Sanctioning Law.

Fábio Medina Osório Partner at Medina Osório Advogados. PhD in Administrative Law from the Complutense University of Madrid, Spain. Master’s in Public Law from the Federal University of Rio Grande do Sul (UFRGS). Former Attorney General of Brazil. President of the International Institute for Studies of State Law (IIEDE). Law No. 14,230 of 25 October 2021 introduced a wide-ranging reform of Law No. 8,429/1992, known as the Administrative Improbity Law. Among the most significant changes are the requirement of specific intent (dolo específico) for the configuration of acts of improbity, the possibility of civil non-prosecution agreements, the redefinition of sanctioning hypotheses and, above all, changes to the regime of limitation periods and statutes of limitations during proceedings (prescrição intercorrente). In response to these changes, the National Association of Members of the Public Prosecutor’s Office (CONAMP) filed Direct Action of Unconstitutionality (ADI) No. 7,236, accompanied by a request for interim relief, alleging that various provisions of the reform violated constitutional principles such as administrative morality, proportionality, legal certainty and the very institutional mission of the Public Prosecutor’s Office. The issue quickly gained prominence before the Federal Supreme Court (STF). On 27 December 2022, Justice Alexandre de Moraes, the rapporteur, partially granted the injunction, ad referendum of the Plenary, suspending provisions of the law relating to prescription. This was followed, on 16 May 2024, by a complementary vote in plenary and, on 23 September 2025, by a new ex officio interim decision, motivated by the alleged imminent risk of mass expiry of actions for improbity. The object of ADI 7,236 fell upon Article 2 of Law No. 14,230/2021, insofar as it amended several provisions of the Administrative Improbity Law. Of these, Article 23, § 5 drew particular attention: it provided that, once the limitation period was interrupted, the deadline would resume at half the original time, that is, only four years. CONAMP argued that this rule was incompatible with the reality of Brazilian civil procedure, in which complex actions take, on average, almost five years to be processed in each instance, which would render accountability for acts of improbity impracticable. The analysis of interim relief in ADI 7,236 reveals three successive moments in which the Supreme Court sought to balance the risks posed by the immediate application of the reform. In the first decision, on 27 December 2022, the rapporteur partially granted the injunction, recognising fumus boni iuris and periculum in mora only in relation to prescription. The provisions dealing with limitation periods and statutes of limitations during proceedings were therefore suspended, while the other requests were denied. On 16 May 2024, Moraes delivered a vote in Plenary declaring the partial nullity, with reduction of text, of Article 23, § 5, in order to exclude the expression that halved the limitation period. The aim was to prevent the eight-year period, after interruption, from being reduced to four. The judgment, however, was suspended by requests for review from Justices Gilmar Mendes and Edson Fachin. Finally, on 23 September 2025, in view of reports that more than eight thousand improbity actions could become time-barred within weeks, the rapporteur ex officio supplemented the interim relief. He reiterated that the regime of prescription during proceedings undermined the effectiveness of the law and once again suspended the validity of the expression that reduced the period. The rapporteur’s decisions were based on some central grounds. The plausibility of the argument that the reduction of the deadline weakened the constitutional protection of probity (Article 37, caput and § 4 of the Constitution) was emphasised. Also highlighted were the concrete risk of the mass extinction of ongoing proceedings, the incompatibility of the reduced period with the complexity of improbity actions — which require extensive evidentiary proceedings and adversarial debate — and the consistency of the measure with STF precedents, such as ARE 843.989-RG, which recognised the imprescriptibility of claims for damages to the Treasury caused by intentional acts. Although correct in identifying the danger of generalised prescription, the interim relief may be criticised for its premature character. The immediate suspension of § 5, since 2022, eliminated the effectiveness of the provision at once, without considering alternatives such as modulating effects on the basis of concrete cases of prescription. An intermediate solution would have allowed at least partial preservation of the legislative intent to expedite proceedings. On the other hand, the complementary measures of 2024 and 2025 show the STF’s attention to the practical realities of the judiciary. Data presented by state Public Prosecutors’ Offices indicated that application of the rule would result in the limitation of thousands of actions. The Court’s action, in this context, illustrates its role as guardian of constitutional effectiveness, adjusting the legal text to bring it into line with the republican principle and administrative morality. Nevertheless, within the scope of interim relief, the injunction granted presents a serious problem, namely that it empties the Plenary of its jurisdictional competence. By granting relief before the lapse of the time required for a possible prescription, the rapporteur in fact prevented the impugned provision from taking effect and emptied the substance of the main action. In this sense, it would have sufficed to grant the injunction one day after the lapse of the statutory deadline and thereafter submit the matter to the scrutiny of the Plenary. The trajectory of ADI 7,236/DF reveals how the Supreme Court progressively intervened, between 2022 and 2025, to set aside the effects of the rules on prescription introduced by Law No. 14,230/2021. The focus was on Article 23, § 5, whose provision for reducing the period, after interruption, could prematurely extinguish thousands of actions for improbity. The strongest argument for intervention lies in the risk of prescription without inertia on the part of the claimant. In lengthy and complex proceedings, the punitive claim could be extinguished even where the Public Prosecutor’s Office or the legitimate public entity had acted diligently, contrary to the very logic of prescription in Brazilian law, which has always been linked to procedural inactivity. Even so, less drastic solutions could have been envisaged, such as making the reduction of the deadline conditional upon proof of the claimant’s inertia, thereby preserving the legislative intent of conferring greater speed on proceedings. The Supreme Court’s monocratic decision, in suspending a legal provision dependent upon the passage of a specific period of time, opens the door to criticism of possible premature interference in the normative framework, since the effectiveness of this provision would still depend upon the occurrence of a factual condition. Ultimately, the interim relief in ADI 7,236 highlights the classic dilemma of constitutional review: protecting administrative probity and ensuring the effectiveness of the accountability system, but at the cost of straining legislative autonomy and the separation of powers. In this context, an injunction cannot be granted in such a way that it empties the very content of the direct action of unconstitutionality, depriving the Plenary of its decision-making competence.