On 18 December 2025, Brazil’s Central Bank (BCB) and National Monetary Council (CMN) issued new resolutions strengthening cybersecurity for financial institutions. The rules mandate 14 security controls, including encryption, intrusion detection, and monitoring of the Deep/Dark Web. Additional requirements apply to PIX and RSFN systems, cloud computing isolation, and annual independent intrusion tests. Institutions must comply by 1 March 2026.
Brazil: BCB and CMN establish additional cyber security requirements
Related articles