Brazil

Know Your Client ("KYC") procedures have assumed an increasingly central role in anti-money laundering and counter-terrorism financing (“AML/CFT”) compliance programs. Entities are expected not only to identify their customers, but also to understand the nature of their activities and to assess whether transactions are consistent with the customer's financial profile, and to identify any red flags that may trigger an obligation to report to the authorities. In Brazil, Federal Law No. 9,613/1998 (the “Brazilian AML Law”) provides the primary AML/CFT framework, imposing a range of obligations on entities that operate in high-risk sectors (the “regulated entities”) to prevent, detect, and report potentially unlawful activity. The subject has gained renewed relevance following reports of an investigation into the Brazilian operations of a leading global luxury fashion conglomerate and its alleged failure to report a high-value transaction to the Financial Activities Control Council ("COAF"). The case offers a timely illustration of the practical challenges that KYC poses for regulated entities. The investigation According to publicly available reports, the Brazilian Federal Police is investigating whether transactions carried out at the Brazilian operations of a leading global luxury fashion conglomerate should have triggered the filing of a suspicious transaction report to COAF. The investigation centers on a purchase of approximately BRL 196,000 (one hundred and ninety-six thousand reais), allegedly made by an individual with declared share capital of BRl 6,000 (six thousand reais) who is registered as a microentrepreneur. Investigators also found that the same individual reportedly received transfers totaling approximately BRL 180,000 (one hundred and eighty thousand reais). Those funds allegedly originated from a production company linked to a musician who is himself under investigation in a separate federal police operation targeting an alleged criminal network accused of laundering billions of reais derived from drug trafficking and illegal online gambling schemes. The conglomerate, like any regulated entity, should have identified this red flag. The disparity between the value of the purchase and the customer’s publicly known financial profile, that of a microentrepreneur with minimal declared capital, is precisely the kind of indicator that a risk-based KYC framework is designed to capture. The situation is all the more serious because the entity had reportedly been sanctioned by COAF on a previous occasion for failures in customer identification and suspicious transaction reporting. KYC and the risk-based approach KYC procedures serve a function that extends well beyond the mere collection of customer identification data. A well-designed KYC framework requires entities to assess whether a given transaction is consistent with the customer's known economic and financial profile, and to apply enhanced due diligence wherever risk indicators emerge. This is, ultimately, the risk-based approach recommended by the Financial Action Task Force (“FATF”). Entities operating in sectors such as luxury retail, art, and high-value goods are expected to calibrate their controls in proportion to the specific risks they face. A transaction above the threshold COAF sets at BRL 10,000 (ten thousand reais), carried out by a customer whose financial profile is inconsistent with that amount, or who is connected directly or indirectly to a known criminal investigation, will call for enhanced due diligence to verify the legitimacy of the ultimate beneficial owner (“UBO”) and to assess whether a report to COAF is necessary. Equally important is the temporal dimension of KYC. An effective framework does not end at client’s onboarding. Ongoing transaction monitoring, and the capacity to identify anomalies against established customer profiles, are key components of a functioning AML/CFT compliance program. The case illustrates a specific vulnerability in this respect: the use of third-party transfers as a payment mechanism, where the UBO of the funds goes unverified, creates an exposure that a static KYC assessment would fail to capture. It is worth noting that the reporting threshold is lower than many entities assume, and that there is no need to prove the funds are illicit in order to trigger the reporting obligation; reasonable suspicion is enough. Conclusion The investigation is a concrete illustration of the compliance risks that arise when KYC frameworks are applied as a formality rather than as a substantive, risk-based management tool. The gap between a customer's declared financial profile and the value of a transaction, particularly where third-party fund flows and criminal associations are present, is precisely the kind of indicator that a robust KYC program must be designed to detect and escalate. In our experience, the most consequential KYC decisions are not made at the moment of onboarding, but in the ongoing monitoring of transactions and the readiness to act on red flags as they emerge. For precisely this reason, entities increasingly choose to work alongside specialized outside counsel, both to strengthen their compliance and AML frameworks and to manage regulatory and reputational risks that are, ultimately, as foreseeable as they are avoidable. Authors: Salim Saud, Caroline Rosa, Leonardo Kozlowski, Maria Clara Hardman.

FAS Advogados announces the arrival of Thais de Gobbi as a partner in its Banking & Finance practice, in line with the firm’s strategy to deepen its work in highly complex regulatory and transactional matters and expand its presence in key segments driving the transformation of the financial market. Her arrival comes at a time of increasing regulatory sophistication, accelerated digitalization of financial services and the rise of new business models, a scenario that has required institutions to rely on legal counsel that is increasingly specialized, strategic and closely integrated with the operational dynamics of their businesses. With more than 20 years of experience in financial regulation and payment methods, Thais has built a solid track record advising financial institutions, fintechs and other market participants, with a strong focus on the structuring of products, transactions and business arrangements in sophisticated regulatory environments. Before joining FAS Advogados, she worked at firms such as Machado Meyer and, internationally, White & Case LLP. She also served as the executive responsible for the legal and regulatory department at PagBank, where she led strategic initiatives related to Pix, receivables registration and open finance, as well as institutional engagement with regulators and market associations. “Thais’ arrival represents an important step forward for our Banking & Finance practice and reflects the firm’s continued investment in strategic areas for our clients. Her combination of technical depth, executive experience and understanding of the business dynamics of the financial sector significantly enhances our ability to advise on complex regulatory matters and highly sophisticated transactions,” says Paulo Focaccia, Managing Partner of FAS Advogados in cooperation with CMS. Throughout her career, Thais has developed a practice marked by the connection between legal analysis, regulatory insight and business strategy, contributing directly to the development of innovative solutions with legal certainty, technical consistency and operational feasibility. According to Thais, the current moment in the sector calls for legal work that goes beyond regulatory interpretation and closely follows the evolution of business models and the market’s institutional agenda. “Financial institutions today operate in a dynamic and sophisticated regulatory environment, which requires not only adaptation, but also the ability to anticipate developments. At the same time, the digitalization of services, the expansion of financial ecosystems and the integration of new technologies make robust governance, compliance and risk management structures even more relevant,” she says. She adds that the legal function has been playing an increasingly central role in organizations’ strategic decisions. “More than ensuring compliance, legal teams have become effectively integrated into the business, taking part in product design, the definition of operational flows and the development of solutions that enable innovation with security and sustainability,” she notes. According to Thais, her decision to join FAS Advogados stems from the convergence of technical excellence, institutional positioning and the growth potential of the practice. “During my in-house experience, I had the opportunity to closely follow the firm’s work, which has always been marked by in-depth analysis, strong technical capabilities and the ability to handle complex regulatory matters with a strategic perspective. The cooperation with CMS also adds a particularly relevant dimension to the development of international and multijurisdictional projects,” she says. Thais holds a law degree from the University of São Paulo (USP) and an LL.M. from Columbia University School of Law. Throughout her career, she has been recognized by directories such as Chambers FinTech and The Legal 500 in the Banking and Finance area. With the arrival of Thais de Gobbi, FAS Advogados reinforces its role as a strategic adviser to financial institutions, fintechs and other market players, offering legal counsel aligned with the growing regulatory complexity and structural transformations that are reshaping the financial sector.

FAS Advogados announces the arrival of Thais de Gobbi as a partner in its Banking & Finance practice, in line with the firm’s strategy to deepen its work in highly complex regulatory and transactional matters and expand its presence in key segments driving the transformation of the financial market. Her arrival comes at a time of increasing regulatory sophistication, accelerated digitalization of financial services and the rise of new business models, a scenario that has required institutions to rely on legal counsel that is increasingly specialized, strategic and closely integrated with the operational dynamics of their businesses.   With more than 20 years of experience in financial regulation and payment methods, Thais has built a solid track record advising financial institutions, fintechs and other market participants, with a strong focus on the structuring of products, transactions and business arrangements in sophisticated regulatory environments. Before joining FAS Advogados, she worked at firms such as Machado Meyer and, internationally, White & Case LLP. She also served as the executive responsible for the legal and regulatory department at PagBank, where she led strategic initiatives related to Pix, receivables registration and open finance, as well as institutional engagement with regulators and market associations.   “Thais’ arrival represents an important step forward for our Banking & Finance practice and reflects the firm’s continued investment in strategic areas for our clients. Her combination of technical depth, executive experience and understanding of the business dynamics of the financial sector significantly enhances our ability to advise on complex regulatory matters and highly sophisticated transactions,” says Paulo Focaccia, Managing Partner of FAS Advogados in cooperation with CMS.   Throughout her career, Thais has developed a practice marked by the connection between legal analysis, regulatory insight and business strategy, contributing directly to the development of innovative solutions with legal certainty, technical consistency and operational feasibility.   According to Thais, the current moment in the sector calls for legal work that goes beyond regulatory interpretation and closely follows the evolution of business models and the market’s institutional agenda. “Financial institutions today operate in a dynamic and sophisticated regulatory environment, which requires not only adaptation, but also the ability to anticipate developments. At the same time, the digitalization of services, the expansion of financial ecosystems and the integration of new technologies make robust governance, compliance and risk management structures even more relevant,” she says.   She adds that the legal function has been playing an increasingly central role in organizations’ strategic decisions. “More than ensuring compliance, legal teams have become effectively integrated into the business, taking part in product design, the definition of operational flows and the development of solutions that enable innovation with security and sustainability,” she notes.   According to Thais, her decision to join FAS Advogados stems from the convergence of technical excellence, institutional positioning and the growth potential of the practice. “During my in-house experience, I had the opportunity to closely follow the firm’s work, which has always been marked by in-depth analysis, strong technical capabilities and the ability to handle complex regulatory matters with a strategic perspective. The cooperation with CMS also adds a particularly relevant dimension to the development of international and multijurisdictional projects,” she says.   Thais holds a law degree from the University of São Paulo (USP) and an LL.M. from Columbia University School of Law. Throughout her career, she has been recognized by directories such as Chambers FinTech and The Legal 500 in the Banking and Finance area.   With the arrival of Thais de Gobbi, FAS Advogados reinforces its role as a strategic adviser to financial institutions, fintechs and other market players, offering legal counsel aligned with the growing regulatory complexity and structural transformations that are reshaping the financial sector.  

On May 28, 2026, Secretary of State Marco Rubio announced that the United States Department of State (DOS) designated Brazil-based drug-trafficking and transnational criminal organizations Comando Vermelho (CV) and Primeiro Comando da Capital (PCC) as Specially Designated Global Terrorists (SDGTs) under Executive Order (EO) 13224, as amended by EO 138861, which targets terrorism financing. The DOS also announced its intention to designate CV and PCC as Foreign Terrorist Organizations (FTO), effective June 5, 2026, pursuant to Section 219 of the Immigration and Nationality Act and EO 13224. These designations carry significant compliance implications for companies and business units with a US nexus, non-US companies that continue to do business with CV and PCC, and individuals and entities with business operations, counterparties, supply chains, or investment relationships in Brazil. Background CV (based in Rio de Janeiro) and PCC (based in São Paulo) are among the most prominent criminal organizations in Brazil. According to the DOS, together they command thousands of members and have orchestrated attacks against Brazilian police officers, public officials, and civilians. They operate throughout Brazil, and their networks extend across the Western Hemisphere into the US, with transactions also reaching Africa and Europe. Public reporting indicates that, within Brazil, CV and PCC have infiltrated or exploited legitimate sectors of the economy – including fuel distribution and retail, public transportation, financial services and fintech, real estate, and other local service industries – while extorting businesses and disrupting hiring and logistics in areas under their influence. Reporting also suggests that organized crime, including CV and PCC, has in some jurisdictions infiltrated politics, public contracting, and local power structures. These designations align with a broader pattern of heightened US enforcement activity involving transnational criminal organizations in Latin America. On January 21, 2025, President Donald Trump issued EO 14157, directing the “total elimination” of certain Latin American drug cartels and transnational criminal organizations. The following month, the Administration designated eight Mexican and Colombian cartels – including the Sinaloa Cartel, CJNG, and Tren de Aragua – as both FTOs and SDGTs, as discussed in our prior alert. Since then, the Administration has continued to expand the scope of these designations through successive US Department of the Treasury (Treasury) and DOS actions aimed at cartel-linked networks across sectors and activities including oil and gas, timeshare fraud, real estate, and agriculture, alongside related criminal prosecutions by the US Department of Justice (DOJ) and coordination with the Mexican government. Criminal, civil and regulatory enforcement These designations may present significant legal and compliance implications for industries with operational, financial, or supply-chain touchpoints in the Americas, including agriculture, chemicals and pharmaceuticals, financial services, construction, logistics, transportation and shipping, energy, oil and gas, mining and natural resources. Industries that are cash‑intensive, embedded in local supply chains, or historically exposed to cartel activity may face heightened scrutiny. The financial services sector may face particular risk, as banks, fintech companies, and money‑services businesses have historically been subject to regulatory and law enforcement scrutiny for facilitating transactions – whether inadvertently or willfully – linked to SDGTs and FTOs. Tourism and hospitality, as well as retail and consumer goods sectors, have also been impacted by US-led sanctions enforcement. Regulatory exposure. Treasury’s Office of Foreign Assets Control (OFAC) routinely applies a strict liability standard in civil enforcement actions, meaning that companies and individuals may be held liable for sanctions violations regardless of knowledge. The maximum civil monetary penalty for violations of most OFAC-administered sanctions programs is USD377,700 per transaction, or twice the value of the underlying transaction, whichever is greater. Effective immediately under the SDGT designations, all property and interests in property of CV and PCC that are in the US or in the possession or control of US persons are blocked (i.e., transferring or otherwise dealing with the property is prohibited). This applies to tangible and intangible assets, whether present, future, or contingent. Under OFAC’s 50 Percent Rule, any entity owned 50 percent or more, in the aggregate, by one or more blocked persons is also considered blocked. US persons are generally prohibited from engaging in transactions or dealings with blocked persons or their property without a license or other authorization from OFAC. Companies may wish to ensure they have appropriate controls in place to comply with regulatory requirements related to blocking or freezing funds involving CV and PCC. Criminal penalties for willful violations. Willful violations of the International Emergency Economic Powers Act (IEEPA), on which both EOs are based, are subject to penalties of up to 20 years’ imprisonment and a USD1,000,000 fine. The US has also charged sanctions violators with related offenses including conspiracy, aiding and abetting, and money laundering. Criminal penalties for material support of terrorism. Under 18 U.S.C. § 2339B, knowingly providing – or knowingly attempting or conspiring to provide – material support or resources to an FTO is a criminal offense punishable by up to 20 years’ imprisonment. Material support may include financial services (e.g., services relating to currency, monetary instruments, or financial securities), as well as lodging, training, and transportation. The facilitation of payments, directly or indirectly, can constitute “material support” and give rise to criminal liability. US authorities also assert extraterritorial jurisdiction over material support offenses, including where support occurs outside the US but involves US dollar-denominated transactions, routing through US financial systems, or communications transmitted via US servers. Civil liability. The Anti-Terrorism Act (ATA) and Justice Against Sponsors of Terrorism Act (JASTA) provide a private right of action for US nationals injured by acts of international terrorism to sue for damages based on an aiding and abetting theory (i.e., that the defendant knowingly provided substantial assistance to an FTO or SDGT). ATA and JASTA litigation in the US have increased markedly in the last several years, including with respect to financial institutions, cryptocurrency exchanges, social media companies, medical supply and manufacturing companies, and others whose goods and/or services have allegedly been used by SDGTs or FTOs in furtherance of terrorist acts. Accordingly, companies that engage with CV or PCC at any point in the supply chain may face civil litigation risk. Seizure and forfeiture. US seizure and forfeiture authorities in the sanctions context derive from national security statutes, general federal forfeiture statutes (e.g., 18 U.S.C. § 983 and Title 19 customs authorities), and DOJ procedures for federal seizure of property linked to unlawful conduct. The US often pursues civil or criminal forfeiture under separate statutory authorities where sanctioned activity is tied to underlying offenses such as terrorism, evasion, or money laundering, enabling title to the seized property to vest in the US. In civil cases, the DOJ has pursued forfeiture actions against assets – both in the US and abroad – deemed traceable to illicit conduct, without requiring criminal conviction. In such cases, agencies may leverage judicial or administrative processes under federal forfeiture law to seize property and seek forfeiture through court proceedings. In criminal sanctions cases, forfeiture may be imposed as part of sentencing following prosecution for willful violations, often alongside fines and imprisonment, and typically coordinated between OFAC (civil enforcement) and DOJ (criminal enforcement). Secondary sanctions. Under US counterterrorism and counter-terrorist financing sanctions authorities (including EO 13224), the US can designate non‑US persons for engaging in specified dealings with sanctioned individuals or entities, including where there is no US nexus (i.e., no US dollar, person, or territory involved). Immigration consequences. Members and representatives of designated FTOs are prohibited from entering the US, and individuals who provide material support to FTOs may be deemed inadmissible or subject to removal. Compliance implications for companies with Brazil exposure Given CV and PCC's reported involvement in legitimate industries and geographic presence in certain areas in Brazil, these designations may present compliance challenges that extend beyond traditional sanctions screening. Companies are encouraged to assess the following areas. Targeted risk assessments Companies should consider assessing existing compliance programs and controls to ensure that they are adequately tailored to the risks arising from cartel activity and any links to CV and PCC. In particular, companies should consider conducting such assessments to help identify and mitigate risks of possible touchpoints with cartels, including in third party relationships. In certain sectors, this might involve enhancing risk-based programs designed to prevent money laundering and the financing of terrorism – including know your customer (KYC) and due diligence measures – to ensure they are adequately tailored to industries and geographies in Brazil where CV or PCC operate and adapted to specific higher-risk products or services. “Lookback” reviews of historical counterparty relationships may be warranted to refresh risk ratings. Regulators also increasingly expect that, where warranted, compliance programs will perform more holistic supply chain KYC that does not end at one’s immediate customer or counterparty, but instead involves “KYCC,” i.e., knowing one’s customer’s customers and/or one’s counterparty’s counterparties. Sanctions screening Companies should consider assessing whether their screening procedures incorporate CV, PCC, and all known aliases, and consider re-screening existing customers, contractors, and counterparties. Under the 50 Percent Rule, entities owned 50 percent or more by blocked persons are also blocked – even if not individually designated. Transaction monitoring Monitoring systems should be calibrated to detect red flags associated with CV and PCC activity, including unusual pricing in high-risk regions, atypical payment routing, and supply-chain touchpoints in areas of known territorial control. Supply chain and correspondent banking Companies with indirect exposure through suppliers or distribution networks in high-risk regions may face increased scrutiny with respect to third-party monitoring. Foreign financial institutions maintaining US correspondent accounts may also face exposure under secondary sanctions frameworks – including the risk of being cut off from the US financial system – as well as potential designation by the US Treasury’s Financial Crimes Enforcement Network (FinCEN) as primary money laundering concerns under Section 311 of the USA PATRIOT Act for processing transactions involving designated persons or affiliates. Looking ahead Enforcement patterns following the Mexican cartel designations – including successive OFAC actions, FinCEN alerts, and DOJ prosecutions – may signal the potential for additional designations of CV- and PCC-linked individuals and entities. Adaptable and comprehensive compliance programs are likely to continue to play a key role for companies operating in this evolving enforcement landscape. Conclusion The designation of CV and PCC as SDGTs, with FTO designations to follow, represents an expansion of the Trump Administration’s counterterrorism enforcement activity into Brazil. These actions do not create new obligations under Brazilian law, but they create potential exposure under US law for entities with a US nexus. Prior enforcement activity involving similar designations provides insight into related regulatory, civil, and criminal enforcement activities that may follow. As the SDGT blocking obligations are already in effect, companies are encouraged to assess their exposure and ensure that compliance programs are aligned with these recent developments. DLA Piper’s cross-border team supports companies in assessing and addressing compliance considerations associated with these developments. For further information and assistance, please contact the authors.