Requirements for Payment Institutions in Brazil Following the Recent Publications of BCB Rule #495/2025 and Joint Rule #14/2025

November 27, 2025

The Brazilian payments market has stood out for its intense innovation and growth, driven by the increasing digitalization of the economy and the demand for more agile and accessible financial solutions. The rise of new technologies, such as Pix , and the rise of a diverse ecosystem of payment institutions have radically transformed the country's financial landscape. In this dynamic context, the Central Bank of Brazil (BCB) plays an essential role as the main regulator and supervisor, aiming to ensure the soundness, efficiency, security, and transparency of operations within the Brazilian Payment System (SPB) .

The need for robust regulation is pressing to mitigate risks, protect consumers, and foster a competitive and innovative environment. BCB Rule #80, dated March 25, 2021, and its subsequent amendments, including BCB Rule #494, dated September 5, 2025,  form essential pillars of this regulatory framework. They govern the incorporation and operation of payment institutions, setting the parameters for these entities, whether Brazilian or foreign, to obtain the necessary authorization to operate in the country. This Article aims to explore in detail the requirements for such authorization, analyzing the regulatory evolution and its practical implications for payment institutions.

General Requirements for the Authorization of Payment Institutions

The authorization of a payment institution in Brazil begins with compliance with general requirements that reflect the nature and structure of the entity. The Central Bank of Brazil aims to ensure that payment institutions are founded on solid principles of governance, capitalization, and legal compliance.

Corporate Structure and Company Name

The legal constitution of a payment institution (PI) is a crucial starting point. According to BCB Rule #80, payment institutions must adopt a specific legal form, as per Article 5 of BCB Rule #80:

“The payment institution must be constituted as a limited liability company or a corporation and have as its main corporate purpose at least one of the activities listed in Article 6, item III, of Statute #12,865, of October 9, 2013.”

The activities listed in Article 6, item III, of Statute #12,865, dated October 9, 2013, include:

Main or ancillary activities, whether alternative or cumulative.

Provide a service for depositing or withdrawing funds held in a payment account;

Execute or facilitate payment instructions related to a specific payment service, including transfers originating from or destined for a payment account;

Manage payment accounts;

Issue payment instruments;

Authorize the acceptance of payment instruments;

Execute fund transfers;

Convert physical or book-entry currency into electronic currency, or vice versa; authorize the acceptance of or manage the use of electronic currency; and

Other activities related to the provision of payment services, as designated by the Central Bank of Brazil;

An important change, introduced by BCB Rule #257/2022, was the prohibition of establishing a payment institution with a single individual partner: BCB Rule #80/2021, Article 5, § 1 (as amended by BCB Rule #257/2022):

"It is forbidden to establish a payment institution in which a natural person is the sole partner."

In addition to defining the structure, it is mandatory to clearly identify the nature of the institution, requiring that the corporate name reflect its activity: BCB Rule #80/2021, Article 5, § 4, I:

“I – to have the expression “Payment Institution” in its corporate name;”

This condition, which aims to guarantee transparency for customers and the market, also extends to the payment institution's communication channels: BCB Rule #80/2021, Article 5, § 4, II and III:

"II - to clearly state, in its communication and customer service channels, its status as a payment institution; and III – disclose on its website the types of payment services it provides.”

Corporate Governance

Robust corporate governance is a fundamental pillar for the stability and integrity of any financial institution, and payment institutions are no exception. The Central Bank requires these institutions to implement a formalized governance policy that is periodically reviewed. BCB Rule #80/2021, Article 6:

"Payment institutions must implement a governance policy, approved by the board of directors or, in its absence, by the institution's management, aimed at ensuring compliance with the regulations governing these institutions."

This policy must be comprehensive, well-documented, and assign clear responsibilities: BCB Rule #80/2021, Article 6, Sole Paragraph:

"I - define duties and responsibilities; and II – be properly documented and subject to review every two years, with the documentation kept available to the Central Bank of Brazil.”

For limited liability companies, the rule also details aspects of the directors’ term of office: BCB Rule #80/2021, Article 7:

"I - The director's term of office shall be fixed, not exceeding four years, with the possibility of reappointment; II – The term of office of the directors shall extend until the appointment of their replacements; and III – the administration of the payment institution must be carried out by at least three directors.”

Minimum Capital Requirements for Payment Institutions

Financial soundness is a cornerstone of payment institutions’ operations, and the minimum capital requirement reflects the need for a financial buffer to absorb potential losses and ensure service continuity. BCB Rule #80, in its updated version, had its minimum thresholds amended by Joint Rule #14, dated November 3, 2025, issued by the Central Bank of Brazil and the National Monetary Council (CMN).

Therefore, the minimum values are now regulated as follows: Joint Rule #14/2025, Article 2:

"The institutions mentioned in Article 1 (financial institutions and other institutions authorized to operate by the Central Bank of Brazil) must permanently maintain a minimum amount of paid-in share capital and net worth calculated in accordance with this Joint Rule, considering, at a minimum:"

I – the categories of operational activities reported to the Central Bank of Brazil, as per Article 5; and

II – the categories in which investment and fundraising activities are classified.”

With respect to net worth, the rule sets forth the following provisions: Joint Rule #14/2025, Article 3:

"For the purpose of verifying compliance with the minimum limits established in this Joint Rule, net worth must be adjusted by:"

I – the sum of the balances of credit income statement accounts; and

II – deduction of the corresponding amounts:

a) asset valuation adjustments;

b) the revaluation reserve;

c) the balance of debit income statement accounts; and

(d) participations within the minimum limit of paid-in capital and adjusted net worth of financial institutions and other institutions authorized to operate by the Central Bank of Brazil, determined in accordance with this article.”

Regarding the calculation methodology, these financial institutions, including payment institutions, must: Joint Rule #14/2025, Article 8

The institutions mentioned in Article 1 must determine the minimum limit of paid-in capital and net worth by adding the value associated with the following items:

I – the cost, determined according to Article 9; and

II – the activities, determined according to Article 10.”

Regarding cost calculation, the following guidelines apply: Joint Rule #14/2025, Article 9:

"The amount of the installment corresponding to the cost, as referred to in Article 8, paragraph 1, item I, must be determined by adding:"

I – R$2,000,000.00 (two million reais) multiplied by the number of categories of operational activities reported in accordance with Article 5, including categories subject to authorization or specific reporting process, pursuant to Article 10, § 1; and

II – R$5,000,000.00 (five million reais), if the institution provides services that, as defined by the Central Bank of Brazil, depend on data processing, data storage, network infrastructure, information security and cybersecurity infrastructure, and other computing resources provided by the institution or by a contracted service provider.”

Regarding activity allocation, the following guidelines apply: Joint Rule #14/2025, Article 10

“I – the sum of amounts assigned to:

a) the categories of all operational activities reported by the institution, as per Article 5, including those subject to authorization or a specific reporting process; and

b) the category in which the investment activity was classified; and

II – the multiplication of the amount determined under item I by the factor assigned to the category in which the fundraising activity was classified.”

In summary, the second paragraph of the same provision sets forth the amounts assigned to the categories of operational activities, investment activities, and the factor corresponding to the categories of fundraising activities, as detailed below: Joint Rule #14/2025, Article 10, § 2:

Amount

Operational Activity Categories

R$ 1,000,000.00 (one million reais)

Service

R$ 3,000,000.00 (three million reais)

Custody and administration of third-party funds

R$ 5,000,000.00 (five million reais)

Intermediation

R$ 7,000,000.00 (seven million reais)

Granting:

Amount

Investment Activity Categories

R$ 5,000,000.00 (five million reais)

Restricted

R$ 8,000,000.00 (eight million reais)

Unrestricted

Percentage

Factor Corresponding to Fundraising Activity Categories

60% (sixty percent)

Own funds

80% (eighty percent)

Institutional funds

120% (one hundred and twenty percent)

Public funds, except deposits

200% (two hundred percent)

Deposits

This new minimum capital rule for payment institutions, approved by Joint Rule #14 on November 3, 2025, sets forth the following transitional provisions regarding the obligation to maintain a minimum amount of paid-in capital and net worth: Joint Rule #14/2025, Article 12:

Transitional Provisions

I – Until June 30, 2026, the minimum amount of paid-in share capital and net worth, as determined under the regulations in force on the day prior to the effective date of this Joint Rule, must be maintained; and

II – From July 1, 2026, through December 31, 2027, the amount referred to in item I must be maintained, plus the following percentages of the positive difference between the amount determined under this Joint Rule and that amount:

a) 25% (twenty-five percent) until December 31, 2026;

b) 50% (fifty percent) until June 30, 2027; and c) 75% (seventy-five percent) until December 31, 2027.

Furthermore, capital contributions must be made in legal tender, subject to certain exceptions for capital increases derived from profits or reserves: BCB Rule #80/2021, Article 18:

"The capital of payment institutions must be fully paid in legal tender, except as provided in Article 19."

Capital increases not made in legal tender are also governed by the same rule: BCB Rule #80/2021, Article 19:

"Capital increases not made in legal tender may only be paid in with funds originating from: I – accumulated profits; II – capital and profit reserves; or III – credits to shareholders related to the[GM2.1] payment of interest on equity, as provided for in Article 9 of Statute #9,249 of December 26, 1995, or to the payment of dividends.”

Operational Requirements

Beyond their legal and financial structure, payment institutions must demonstrate robust operational capacity to deliver services securely and efficiently. This entails significant investments in technology, risk management, and, above all, information security.

Information Technology Systems

The foundation of any modern payment institution's operations lies in its information technology (IT) systems. These systems must not only be effective but also secure and resilient, ensuring the integrity, reliability, security, and availability of the payment services offered. They must be capable of handling the transaction volumes processed and comply with the technical standards established by the Central Bank of Brazil (BCB).

BCB Rule #80/2021 clarifies that the prohibitions on (i) requesting end-user data beyond what is necessary for providing the payment transaction initiation service and (ii) using, storing, or accessing such data for purposes other than the payment transaction initiation service expressly requested by the end-user, do not apply to data processing and storage services or cloud computing services provided by a payment transaction initiator to institutions authorized by the Central Bank of Brazil, under a contractual relationship, particularly regarding cybersecurity policy: BCB Rule #80/2021, Article 4, Sole Paragraph, I:

“I – the cybersecurity policy and the requirements for contracting data processing and storage services and cloud computing to be observed by institutions authorized to operate by the Central Bank of Brazil;”

This means payment institutions must comply with the BCB's cybersecurity regulations, which define the robustness and characteristics required for their IT systems.

Risk Management

The nature of payment operations, which involve large-scale, real-time movement of financial resources, exposes payment institutions to multiple types of risk. A well-defined risk management framework is therefore essential.

Payment institutions are required to implement a structure that identifies, assesses, monitors, and mitigates risks inherent in their operations. At a minimum, this framework must address credit, market, liquidity, operational, and legal risks.

Although BCB Rule #80/2021 revoked item I of Article 25 (which originally addressed "risk prevention in contracting operations"), it implicitly maintains the focus on prudential management, i.e., rules and procedures aimed at ensuring the security, soundness, and stability of financial and payment institutions operating in Brazil. Article 25-A, recently added by BCB Rule #407/2024, reinforces this guideline: BCB Rule #80, Article 25-A (Included by BCB Rule #407):

"Until the Central Bank of Brazil issues a specific regulatory act on the subject, the regulations in force on the date of publication of this resolution, which provides for preventive prudential measures aimed at ensuring the soundness, stability, and proper functioning of the National Financial System, shall apply to payment institutions."

In practice, this means that even in the absence of specific regulations for payment institutions, they must comply with the “preventive prudential measures” governing the National Financial System, as established by CMN Rule #4,019, dated September 29, 2011, demonstrating active and effective risk management.

Information Security

Protecting user data and ensuring transaction integrity are essential to maintaining trust in the payment system. Information security policies must be rigorous.

Payment institutions are required to adopt policies and procedures that safeguard user data and ensure service continuity. This includes implementing access controls, encrypting sensitive data, and establishing contingency plans for security incidents.

BCB Rule #80, as previously mentioned, refers to the cybersecurity policy as a requirement to be observed, which is directly related to information security.

Requirements for Compliance with Brazilian Legislation

Regulatory compliance extends beyond Central Bank regulations to encompass the entire Brazilian legal framework, with particular emphasis on preventing financial crimes.

Prevention of Money Laundering and Terrorist Financing (AML/CFT)

Combating money laundering and the terrorist financing is a global priority, and in Brazil, financial and payment institutions play a critical role in this effort. Payment institutions must implement robust control mechanisms: BCB Rule #80, Article 4, Sole Paragraph, II:

“II – the policies, procedures, and internal controls to be adopted by institutions authorized to operate by the Central Bank of Brazil, aimed at preventing the use of the financial system for the practice of the crimes of “money laundering” or concealment of assets, rights, and values, as provided for in Statute #9,613, of March 3, 1998, and the financing of terrorism, as provided for in Statute #13,260, of March 16, 2016;”

This includes identifying and verifying the customer identities, monitoring transactions, and reporting suspicious activities to the competent authorities.

Compliance with Statutes #9.613/1998 (Money Laundering) and #13.260/2016 (Terrorist Financing) is not merely a regulatory requirement, it is a critical responsibility for all payment institutions.

General Regulatory Compliance

In addition to AML/CFT obligations, payment institutions must maintain a comprehensive compliance framework covering all applicable regulations, including those issued by the Central Bank of Brazil and other legal domains.

Institutions must ensure adherence to all relevant rules and requirements, which includes maintaining accurate records, providing information to the BCB, and undergoing periodic internal and external audits.

The requirement for a governance policy—reviewed biennially and documented, and available to the BCB (Article 6, Sole Paragraph, II, of BCB Rule #80)—illustrates the need for continuous compliance.

Comparison between BCB Rule #80/2021 and BCB Rule 494/2025

BCB Rule #80, dated March 25, 2021, marked a significant milestone in regulating payment institutions. However, market dynamics and evolving regulatory needs led to its amendment through BCB Rule #494, dated September 5, 2025. This amendment introduced substantial changes, particularly regarding authorization processes and regularization deadlines.

The most notable changes include the repeal and redrafting of Articles 9 and 9-A of BCB Rule #80/2021, as well as the revocation of articles 10, 11, 12, and 13.

Below is a comparative analysis of the main differences, based on the structure of web research and supplemented with details from the documents:

Aspect:

BCB Rule #80/2021 (original version/before 494/2025)

BCB Rule 494/2025 (amends BCB 80/2021)

**Operating Authorization**

Required specific authorization for electronic money issuers (Article 9, I) and payment transaction initiators (Article 9, II).

Amends Article 9 to establish a general requirement: "The payment institution must request authorization from the Central Bank of Brazil to begin providing payment services." And “it must include in its application for authorization all payment service modalities in which it intends to operate.” (*BCB Rule #494/2025, Article 1, amending Article 9 of BCB Rule #80/2021*). This consolidates the authorization process, requiring all modalities to be included in a single application.

**Deadlines for Authorization Requests**

Established staggered and complex deadlines for electronic money issuers (Article 10) and for issuers of postpaid payment instruments or acquirers (Article 11), based on transaction volumes and specific dates (e.g., by December 31, 2021 for R$500 million in transactions). Articles 10, 11, 12 and 13 were revoked.

Introduced new consolidated deadlines and conditions for submitting authorization requests for payment institutions that were already operating: (*BCB Rule #494, Article 1, which adds Article 9-A to BCB Rule #80*) **From May 1, 2026 to May 31, 2026:** Electronic money issuers that began operating before March 1, 2021, and are not authorized. Issuers of postpaid payment instruments and acquirers that began operating before September 5, 2025, and are not authorized. **Consequences for non-compliance:** Institutions that fails to submit the request may continue operating for only 30 set forth days after the deadline additional in the main provision. If the application is improperly documented, the institution may continue operating for 30 days from the date of notification by the Central Bank of Brazil. (*BCB Rule 494/2025, Article 1, which adds Article 9-A, §§ 1 and 2 to BCB Rule #80/2021*)

**Minimum Capital**

It defined a minimum capital of R$ 2,000,000.00 for electronic money issuers, postpaid payment instrument issuers, and acquirers; and R$ 1,000,000.00 for payment transaction initiators. Specific amounts for closed-loop arrangements (R$ 3,000,000.00). (*BCB Rule #80, Article 17, as amended by BCB Rule #407/2022*).

BCB Rule #494/2025 does not directly change the minimum capital amounts established in Article 17 of BCB Rule #80. However, Joint Rule #14/2025 expressly revoked these amounts and introduced new rules, which were detailed in the previous section.

Practical Implications of the Changes

BCB Rule #494/2025 simplified and consolidated the authorization requirements, eliminating the complex transaction volume criteria and staggered deadlines that previously determined the need for authorization. Now, the general rule is that all payment service modalities require authorization, and the deadlines have been unified for payment institutions that were already operating without authorization, creating a specific window between May 1 and May 31, 2026 for regularization.

This change reflects the Central Bank’s effort to formalize and bring under regulatory oversight a larger number of participants in the payments market, ensuring an equivalent level of supervision and compliance for all. The imposition of clear deadlines and the consequences for non-compliance reinforce the BCB's commitment to promoting a regulated environment. Payment institutions that miss these deadlines will face severe restrictions on their operations.

Practical Recommendations

The regulation of payment institutions in Brazil, anchored in BCB Rule #80/2021 and its amendments, such as BCB #494/2025, reflects the evolution of the digital financial market and the need to protect participants and ensure system stability. Obtaining authorization to operate as a payment institution in Brazil is a complex and multifaceted process that demands strict compliance with the requirements established by the Central Bank, covering everything from corporate structure and governance to operational and legal compliance aspects.

The recent changes introduced by BCB Rule #494/2025 consolidate and intensify the need for payment institutions to adapt to more rigorous standards, reformulating authorization criteria and imposing definitive deadlines for the regularization of entities already operating. This demonstrates the BCB's commitment to strengthening supervision and ensuring that all institutions operating in the payments ecosystem act in a secure, transparent, and compliant manner.

For Brazilian or foreign payment institutions wishing to operate in Brazil, the following practical recommendations are a priority:

1. Review Internal Structures and Governance: Evaluate and, if necessary, restructure governance, risk management, and information security policies to ensure alignment with the latest requirements. This includes defining clear responsibilities, documenting processes, and undergoing periodic reviews.

2. Corporate Adaptation and Capitalization: Ensure that the corporate structure complies with legal requirements, including the correct company name and adherence to director qualification standards. It is essential to guarantee that the minimum capital required for the services provided is fully paid in and that the institution maintains a compliant net worth on an ongoing basis. Plan financially for potential capital increases or adjustments.

3. Investment in Technology and Security: Prioritize the development and maintenance of robust, secure, and resilient information technology systems capable of handling transaction volumes and protecting user data. Compliance with the BCB's cybersecurity policy is non-negotiable.

4. Strengthening Compliance Controls: Reinforce internal policies, procedures, and controls for the Prevention of Money Laundering and Terrorist Financing (AML/CFT), including customer identification, transaction monitoring, and reporting of suspicious activities. Implement a comprehensive regulatory compliance program that ensures adherence to all applicable rules and regulations.

5. Close Monitoring of Regulatory Deadlines: Maintain constant vigilance regarding the deadlines established by the Central Bank for authorization requests and other obligations. The window between May 1 and May 31, 2026 is critical for payment institutions that began operations before the stipulated dates and have not yet obtained authorization. Missing these deadlines may result in the inability to continue operations.

In a constantly evolving financial environment, proactivity and regulatory adaptability are essential for the success and sustainability of payment institutions in Brazil. Compliance should not be viewed merely as an obligation, but also as a strategic advantage that strengthens market and consumer confidence.

Alexandre Dalmasso

RECENT POSTS

Charlie Brown Jr. trademark: former band members authorized by courts to use registered name in performances

November 6, 2024

“Starbucks” vs. “Starbuds” Case and the Concern for Intellectual Property Assets

October 3, 2024

D'LINEA and DELINIA case: Leroy Merlin's Trademark Registration Declared Null for Imitating that of a Rio Grande do Sul Company's

September 20, 2024

Marca Charlie Brown Jr.: ex-integrantes da antiga banda são autorizados pela justiça a utilizar a expressão registrada em suas apresentações artísticas

November 6, 2024

Caso “Starbucks” x “Starbuds” e o zelo pelos ativos de Propriedade Intelectual

October 3, 2024

Caso D’LINEA e DELINIA: Leroy Merlin Teve Seu Registro de Marca Declarado Nulo por Imitação de Marca de Empresa Gaúcha

September 20, 2024

Requirements for Payment Institutions in Brazil Following the Recent Publications of BCB Rule #495/2025 and Joint Rule #14/2025

November 27, 2025

Brazil’s Sports Betting Act: Statute #14,740/2023 and the new paradigm for regulating gambling and betting

October 10, 2025

Typologies of money laundering and terrorist financing by COAF

September 25, 2025

Requisitos para instituições de pagamento no Brasil após as recentes publicações da Resolução BCB 495/2025 e Resolução Conjunta 14/2025

November 27, 2025

Lei das ‘bets’: A Lei nº 14.740/2023 e o novo paradigma da regulação de jogos e apostas

October 10, 2025

Tipologias da lavagem de dinheiro e do financiamento ao terrorismo pelo COAF

September 25, 2025

A regulação da inteligência artificial no direito

November 26, 2025

Decisão da União Europeia reacende discussão sobre conteúdo ilegal em redes sociais

October 28, 2025

Nova regulamentação da pesquisa clínica no Brasil

October 14, 2025

Regulation of artificial intelligence in law

November 26, 2025

European Union decision reignites debate over illegal content on social media

October 28, 2025

New regulations for clinical research in Brazil

October 15, 2025

Contracts in the technology sector

December 11, 2024

Pharmaceutical Industry Contracts and Legal Perceptions

December 4, 2024

Limitation of liability clauses: balancing risks in contracts

November 28, 2024

LINKEDIN FEED

Newsletter

Register your email and receive our updates

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Newsletter

Register your email and receive our updates-

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Licks Attorneys' Government Affairs & International Relations Blog

Doing Business in Brazil: Political and economic landscape

Licks Attorneys' COMPLIANCE Blog

Requirements for Payment Institutions in Brazil Following the Recent Publications of BCB Rule #495/2025 and Joint Rule #14/2025

November 27, 2025
No items found.

The Brazilian payments market has stood out for its intense innovation and growth, driven by the increasing digitalization of the economy and the demand for more agile and accessible financial solutions. The rise of new technologies, such as Pix , and the rise of a diverse ecosystem of payment institutions have radically transformed the country's financial landscape. In this dynamic context, the Central Bank of Brazil (BCB) plays an essential role as the main regulator and supervisor, aiming to ensure the soundness, efficiency, security, and transparency of operations within the Brazilian Payment System (SPB) .

The need for robust regulation is pressing to mitigate risks, protect consumers, and foster a competitive and innovative environment. BCB Rule #80, dated March 25, 2021, and its subsequent amendments, including BCB Rule #494, dated September 5, 2025,  form essential pillars of this regulatory framework. They govern the incorporation and operation of payment institutions, setting the parameters for these entities, whether Brazilian or foreign, to obtain the necessary authorization to operate in the country. This Article aims to explore in detail the requirements for such authorization, analyzing the regulatory evolution and its practical implications for payment institutions.

General Requirements for the Authorization of Payment Institutions

The authorization of a payment institution in Brazil begins with compliance with general requirements that reflect the nature and structure of the entity. The Central Bank of Brazil aims to ensure that payment institutions are founded on solid principles of governance, capitalization, and legal compliance.

Corporate Structure and Company Name

The legal constitution of a payment institution (PI) is a crucial starting point. According to BCB Rule #80, payment institutions must adopt a specific legal form, as per Article 5 of BCB Rule #80:

“The payment institution must be constituted as a limited liability company or a corporation and have as its main corporate purpose at least one of the activities listed in Article 6, item III, of Statute #12,865, of October 9, 2013.”

The activities listed in Article 6, item III, of Statute #12,865, dated October 9, 2013, include:

Main or ancillary activities, whether alternative or cumulative.

Provide a service for depositing or withdrawing funds held in a payment account;

Execute or facilitate payment instructions related to a specific payment service, including transfers originating from or destined for a payment account;

Manage payment accounts;

Issue payment instruments;

Authorize the acceptance of payment instruments;

Execute fund transfers;

Convert physical or book-entry currency into electronic currency, or vice versa; authorize the acceptance of or manage the use of electronic currency; and

Other activities related to the provision of payment services, as designated by the Central Bank of Brazil;

An important change, introduced by BCB Rule #257/2022, was the prohibition of establishing a payment institution with a single individual partner: BCB Rule #80/2021, Article 5, § 1 (as amended by BCB Rule #257/2022):

"It is forbidden to establish a payment institution in which a natural person is the sole partner."

In addition to defining the structure, it is mandatory to clearly identify the nature of the institution, requiring that the corporate name reflect its activity: BCB Rule #80/2021, Article 5, § 4, I:

“I – to have the expression “Payment Institution” in its corporate name;”

This condition, which aims to guarantee transparency for customers and the market, also extends to the payment institution's communication channels: BCB Rule #80/2021, Article 5, § 4, II and III:

"II - to clearly state, in its communication and customer service channels, its status as a payment institution; and III – disclose on its website the types of payment services it provides.”

Corporate Governance

Robust corporate governance is a fundamental pillar for the stability and integrity of any financial institution, and payment institutions are no exception. The Central Bank requires these institutions to implement a formalized governance policy that is periodically reviewed. BCB Rule #80/2021, Article 6:

"Payment institutions must implement a governance policy, approved by the board of directors or, in its absence, by the institution's management, aimed at ensuring compliance with the regulations governing these institutions."

This policy must be comprehensive, well-documented, and assign clear responsibilities: BCB Rule #80/2021, Article 6, Sole Paragraph:

"I - define duties and responsibilities; and II – be properly documented and subject to review every two years, with the documentation kept available to the Central Bank of Brazil.”

For limited liability companies, the rule also details aspects of the directors’ term of office: BCB Rule #80/2021, Article 7:

"I - The director's term of office shall be fixed, not exceeding four years, with the possibility of reappointment; II – The term of office of the directors shall extend until the appointment of their replacements; and III – the administration of the payment institution must be carried out by at least three directors.”

Minimum Capital Requirements for Payment Institutions

Financial soundness is a cornerstone of payment institutions’ operations, and the minimum capital requirement reflects the need for a financial buffer to absorb potential losses and ensure service continuity. BCB Rule #80, in its updated version, had its minimum thresholds amended by Joint Rule #14, dated November 3, 2025, issued by the Central Bank of Brazil and the National Monetary Council (CMN).

Therefore, the minimum values are now regulated as follows: Joint Rule #14/2025, Article 2:

"The institutions mentioned in Article 1 (financial institutions and other institutions authorized to operate by the Central Bank of Brazil) must permanently maintain a minimum amount of paid-in share capital and net worth calculated in accordance with this Joint Rule, considering, at a minimum:"

I – the categories of operational activities reported to the Central Bank of Brazil, as per Article 5; and

II – the categories in which investment and fundraising activities are classified.”

With respect to net worth, the rule sets forth the following provisions: Joint Rule #14/2025, Article 3:

"For the purpose of verifying compliance with the minimum limits established in this Joint Rule, net worth must be adjusted by:"

I – the sum of the balances of credit income statement accounts; and

II – deduction of the corresponding amounts:

a) asset valuation adjustments;

b) the revaluation reserve;

c) the balance of debit income statement accounts; and

(d) participations within the minimum limit of paid-in capital and adjusted net worth of financial institutions and other institutions authorized to operate by the Central Bank of Brazil, determined in accordance with this article.”

Regarding the calculation methodology, these financial institutions, including payment institutions, must: Joint Rule #14/2025, Article 8

The institutions mentioned in Article 1 must determine the minimum limit of paid-in capital and net worth by adding the value associated with the following items:

I – the cost, determined according to Article 9; and

II – the activities, determined according to Article 10.”

Regarding cost calculation, the following guidelines apply: Joint Rule #14/2025, Article 9:

"The amount of the installment corresponding to the cost, as referred to in Article 8, paragraph 1, item I, must be determined by adding:"

I – R$2,000,000.00 (two million reais) multiplied by the number of categories of operational activities reported in accordance with Article 5, including categories subject to authorization or specific reporting process, pursuant to Article 10, § 1; and

II – R$5,000,000.00 (five million reais), if the institution provides services that, as defined by the Central Bank of Brazil, depend on data processing, data storage, network infrastructure, information security and cybersecurity infrastructure, and other computing resources provided by the institution or by a contracted service provider.”

Regarding activity allocation, the following guidelines apply: Joint Rule #14/2025, Article 10

“I – the sum of amounts assigned to:

a) the categories of all operational activities reported by the institution, as per Article 5, including those subject to authorization or a specific reporting process; and

b) the category in which the investment activity was classified; and

II – the multiplication of the amount determined under item I by the factor assigned to the category in which the fundraising activity was classified.”

In summary, the second paragraph of the same provision sets forth the amounts assigned to the categories of operational activities, investment activities, and the factor corresponding to the categories of fundraising activities, as detailed below: Joint Rule #14/2025, Article 10, § 2:

Amount

Operational Activity Categories

R$ 1,000,000.00 (one million reais)

Service

R$ 3,000,000.00 (three million reais)

Custody and administration of third-party funds

R$ 5,000,000.00 (five million reais)

Intermediation

R$ 7,000,000.00 (seven million reais)

Granting:

Amount

Investment Activity Categories

R$ 5,000,000.00 (five million reais)

Restricted

R$ 8,000,000.00 (eight million reais)

Unrestricted

Percentage

Factor Corresponding to Fundraising Activity Categories

60% (sixty percent)

Own funds

80% (eighty percent)

Institutional funds

120% (one hundred and twenty percent)

Public funds, except deposits

200% (two hundred percent)

Deposits

This new minimum capital rule for payment institutions, approved by Joint Rule #14 on November 3, 2025, sets forth the following transitional provisions regarding the obligation to maintain a minimum amount of paid-in capital and net worth: Joint Rule #14/2025, Article 12:

Transitional Provisions

I – Until June 30, 2026, the minimum amount of paid-in share capital and net worth, as determined under the regulations in force on the day prior to the effective date of this Joint Rule, must be maintained; and

II – From July 1, 2026, through December 31, 2027, the amount referred to in item I must be maintained, plus the following percentages of the positive difference between the amount determined under this Joint Rule and that amount:

a) 25% (twenty-five percent) until December 31, 2026;

b) 50% (fifty percent) until June 30, 2027; and c) 75% (seventy-five percent) until December 31, 2027.

Furthermore, capital contributions must be made in legal tender, subject to certain exceptions for capital increases derived from profits or reserves: BCB Rule #80/2021, Article 18:

"The capital of payment institutions must be fully paid in legal tender, except as provided in Article 19."

Capital increases not made in legal tender are also governed by the same rule: BCB Rule #80/2021, Article 19:

"Capital increases not made in legal tender may only be paid in with funds originating from: I – accumulated profits; II – capital and profit reserves; or III – credits to shareholders related to the[GM2.1] payment of interest on equity, as provided for in Article 9 of Statute #9,249 of December 26, 1995, or to the payment of dividends.”

Operational Requirements

Beyond their legal and financial structure, payment institutions must demonstrate robust operational capacity to deliver services securely and efficiently. This entails significant investments in technology, risk management, and, above all, information security.

Information Technology Systems

The foundation of any modern payment institution's operations lies in its information technology (IT) systems. These systems must not only be effective but also secure and resilient, ensuring the integrity, reliability, security, and availability of the payment services offered. They must be capable of handling the transaction volumes processed and comply with the technical standards established by the Central Bank of Brazil (BCB).

BCB Rule #80/2021 clarifies that the prohibitions on (i) requesting end-user data beyond what is necessary for providing the payment transaction initiation service and (ii) using, storing, or accessing such data for purposes other than the payment transaction initiation service expressly requested by the end-user, do not apply to data processing and storage services or cloud computing services provided by a payment transaction initiator to institutions authorized by the Central Bank of Brazil, under a contractual relationship, particularly regarding cybersecurity policy: BCB Rule #80/2021, Article 4, Sole Paragraph, I:

“I – the cybersecurity policy and the requirements for contracting data processing and storage services and cloud computing to be observed by institutions authorized to operate by the Central Bank of Brazil;”

This means payment institutions must comply with the BCB's cybersecurity regulations, which define the robustness and characteristics required for their IT systems.

Risk Management

The nature of payment operations, which involve large-scale, real-time movement of financial resources, exposes payment institutions to multiple types of risk. A well-defined risk management framework is therefore essential.

Payment institutions are required to implement a structure that identifies, assesses, monitors, and mitigates risks inherent in their operations. At a minimum, this framework must address credit, market, liquidity, operational, and legal risks.

Although BCB Rule #80/2021 revoked item I of Article 25 (which originally addressed "risk prevention in contracting operations"), it implicitly maintains the focus on prudential management, i.e., rules and procedures aimed at ensuring the security, soundness, and stability of financial and payment institutions operating in Brazil. Article 25-A, recently added by BCB Rule #407/2024, reinforces this guideline: BCB Rule #80, Article 25-A (Included by BCB Rule #407):

"Until the Central Bank of Brazil issues a specific regulatory act on the subject, the regulations in force on the date of publication of this resolution, which provides for preventive prudential measures aimed at ensuring the soundness, stability, and proper functioning of the National Financial System, shall apply to payment institutions."

In practice, this means that even in the absence of specific regulations for payment institutions, they must comply with the “preventive prudential measures” governing the National Financial System, as established by CMN Rule #4,019, dated September 29, 2011, demonstrating active and effective risk management.

Information Security

Protecting user data and ensuring transaction integrity are essential to maintaining trust in the payment system. Information security policies must be rigorous.

Payment institutions are required to adopt policies and procedures that safeguard user data and ensure service continuity. This includes implementing access controls, encrypting sensitive data, and establishing contingency plans for security incidents.

BCB Rule #80, as previously mentioned, refers to the cybersecurity policy as a requirement to be observed, which is directly related to information security.

Requirements for Compliance with Brazilian Legislation

Regulatory compliance extends beyond Central Bank regulations to encompass the entire Brazilian legal framework, with particular emphasis on preventing financial crimes.

Prevention of Money Laundering and Terrorist Financing (AML/CFT)

Combating money laundering and the terrorist financing is a global priority, and in Brazil, financial and payment institutions play a critical role in this effort. Payment institutions must implement robust control mechanisms: BCB Rule #80, Article 4, Sole Paragraph, II:

“II – the policies, procedures, and internal controls to be adopted by institutions authorized to operate by the Central Bank of Brazil, aimed at preventing the use of the financial system for the practice of the crimes of “money laundering” or concealment of assets, rights, and values, as provided for in Statute #9,613, of March 3, 1998, and the financing of terrorism, as provided for in Statute #13,260, of March 16, 2016;”

This includes identifying and verifying the customer identities, monitoring transactions, and reporting suspicious activities to the competent authorities.

Compliance with Statutes #9.613/1998 (Money Laundering) and #13.260/2016 (Terrorist Financing) is not merely a regulatory requirement, it is a critical responsibility for all payment institutions.

General Regulatory Compliance

In addition to AML/CFT obligations, payment institutions must maintain a comprehensive compliance framework covering all applicable regulations, including those issued by the Central Bank of Brazil and other legal domains.

Institutions must ensure adherence to all relevant rules and requirements, which includes maintaining accurate records, providing information to the BCB, and undergoing periodic internal and external audits.

The requirement for a governance policy—reviewed biennially and documented, and available to the BCB (Article 6, Sole Paragraph, II, of BCB Rule #80)—illustrates the need for continuous compliance.

Comparison between BCB Rule #80/2021 and BCB Rule 494/2025

BCB Rule #80, dated March 25, 2021, marked a significant milestone in regulating payment institutions. However, market dynamics and evolving regulatory needs led to its amendment through BCB Rule #494, dated September 5, 2025. This amendment introduced substantial changes, particularly regarding authorization processes and regularization deadlines.

The most notable changes include the repeal and redrafting of Articles 9 and 9-A of BCB Rule #80/2021, as well as the revocation of articles 10, 11, 12, and 13.

Below is a comparative analysis of the main differences, based on the structure of web research and supplemented with details from the documents:

Aspect:

BCB Rule #80/2021 (original version/before 494/2025)

BCB Rule 494/2025 (amends BCB 80/2021)

**Operating Authorization**

Required specific authorization for electronic money issuers (Article 9, I) and payment transaction initiators (Article 9, II).

Amends Article 9 to establish a general requirement: "The payment institution must request authorization from the Central Bank of Brazil to begin providing payment services." And “it must include in its application for authorization all payment service modalities in which it intends to operate.” (*BCB Rule #494/2025, Article 1, amending Article 9 of BCB Rule #80/2021*). This consolidates the authorization process, requiring all modalities to be included in a single application.

**Deadlines for Authorization Requests**

Established staggered and complex deadlines for electronic money issuers (Article 10) and for issuers of postpaid payment instruments or acquirers (Article 11), based on transaction volumes and specific dates (e.g., by December 31, 2021 for R$500 million in transactions). Articles 10, 11, 12 and 13 were revoked.

Introduced new consolidated deadlines and conditions for submitting authorization requests for payment institutions that were already operating: (*BCB Rule #494, Article 1, which adds Article 9-A to BCB Rule #80*) **From May 1, 2026 to May 31, 2026:** Electronic money issuers that began operating before March 1, 2021, and are not authorized. Issuers of postpaid payment instruments and acquirers that began operating before September 5, 2025, and are not authorized. **Consequences for non-compliance:** Institutions that fails to submit the request may continue operating for only 30 set forth days after the deadline additional in the main provision. If the application is improperly documented, the institution may continue operating for 30 days from the date of notification by the Central Bank of Brazil. (*BCB Rule 494/2025, Article 1, which adds Article 9-A, §§ 1 and 2 to BCB Rule #80/2021*)

**Minimum Capital**

It defined a minimum capital of R$ 2,000,000.00 for electronic money issuers, postpaid payment instrument issuers, and acquirers; and R$ 1,000,000.00 for payment transaction initiators. Specific amounts for closed-loop arrangements (R$ 3,000,000.00). (*BCB Rule #80, Article 17, as amended by BCB Rule #407/2022*).

BCB Rule #494/2025 does not directly change the minimum capital amounts established in Article 17 of BCB Rule #80. However, Joint Rule #14/2025 expressly revoked these amounts and introduced new rules, which were detailed in the previous section.

Practical Implications of the Changes

BCB Rule #494/2025 simplified and consolidated the authorization requirements, eliminating the complex transaction volume criteria and staggered deadlines that previously determined the need for authorization. Now, the general rule is that all payment service modalities require authorization, and the deadlines have been unified for payment institutions that were already operating without authorization, creating a specific window between May 1 and May 31, 2026 for regularization.

This change reflects the Central Bank’s effort to formalize and bring under regulatory oversight a larger number of participants in the payments market, ensuring an equivalent level of supervision and compliance for all. The imposition of clear deadlines and the consequences for non-compliance reinforce the BCB's commitment to promoting a regulated environment. Payment institutions that miss these deadlines will face severe restrictions on their operations.

Practical Recommendations

The regulation of payment institutions in Brazil, anchored in BCB Rule #80/2021 and its amendments, such as BCB #494/2025, reflects the evolution of the digital financial market and the need to protect participants and ensure system stability. Obtaining authorization to operate as a payment institution in Brazil is a complex and multifaceted process that demands strict compliance with the requirements established by the Central Bank, covering everything from corporate structure and governance to operational and legal compliance aspects.

The recent changes introduced by BCB Rule #494/2025 consolidate and intensify the need for payment institutions to adapt to more rigorous standards, reformulating authorization criteria and imposing definitive deadlines for the regularization of entities already operating. This demonstrates the BCB's commitment to strengthening supervision and ensuring that all institutions operating in the payments ecosystem act in a secure, transparent, and compliant manner.

For Brazilian or foreign payment institutions wishing to operate in Brazil, the following practical recommendations are a priority:

1. Review Internal Structures and Governance: Evaluate and, if necessary, restructure governance, risk management, and information security policies to ensure alignment with the latest requirements. This includes defining clear responsibilities, documenting processes, and undergoing periodic reviews.

2. Corporate Adaptation and Capitalization: Ensure that the corporate structure complies with legal requirements, including the correct company name and adherence to director qualification standards. It is essential to guarantee that the minimum capital required for the services provided is fully paid in and that the institution maintains a compliant net worth on an ongoing basis. Plan financially for potential capital increases or adjustments.

3. Investment in Technology and Security: Prioritize the development and maintenance of robust, secure, and resilient information technology systems capable of handling transaction volumes and protecting user data. Compliance with the BCB's cybersecurity policy is non-negotiable.

4. Strengthening Compliance Controls: Reinforce internal policies, procedures, and controls for the Prevention of Money Laundering and Terrorist Financing (AML/CFT), including customer identification, transaction monitoring, and reporting of suspicious activities. Implement a comprehensive regulatory compliance program that ensures adherence to all applicable rules and regulations.

5. Close Monitoring of Regulatory Deadlines: Maintain constant vigilance regarding the deadlines established by the Central Bank for authorization requests and other obligations. The window between May 1 and May 31, 2026 is critical for payment institutions that began operations before the stipulated dates and have not yet obtained authorization. Missing these deadlines may result in the inability to continue operations.

In a constantly evolving financial environment, proactivity and regulatory adaptability are essential for the success and sustainability of payment institutions in Brazil. Compliance should not be viewed merely as an obligation, but also as a strategic advantage that strengthens market and consumer confidence.

Related
No items found.

ABOUT US

Licks’ Blog provides regular and insightful updates on Brazil’s political and economic landscape. The posts are authored by our Government Affairs & International Relations group, which is composed of experienced professionals from different backgrounds with multiple policy perspectives.

Licks Attorneys is a top tier Brazilian law firm, speciallized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

ABOUT US

Licks Attorneys Compliance’s Blog provides regular and insightful updates about Ethic and Compliance. The posts are authored by Alexandre Dalmasso, our partner. Licks Attorneys is a top tier Brazilian law firm, specialized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

QUEM SOMOS

O blog Licks Attorneys Compliance fornece atualizações regulares e esclarecedoras sobre Ética e Compliance. As postagens são de autoria de Alexandre Dalmasso, sócio do escritório. O Licks Attorneys é um escritório de advocacia brasileiro renomado, especializado em Propriedade Intelectual e reconhecido por seu sucesso em lidar com grandes e estratégicos cases no país.

Follow Us on Social Media

Offices

Rio de Janeiro

Av. Oscar Niemeyer, 2000
9th floor, Aqwa Corporate
Rio de Janeiro RJ - Brazil
20220-297
Phone: +55 21 3550 3700
Fax: +55 21 3956 9444
info@lickslegal.com

Sao Paulo

Av. Nações Unidas, 12.901
North Tower - 15th floor
Sao Paulo/SP Brazil
04578-910
Phone: +55 11 3033 3700
info@lickslegal.com

Brasilia

SH/Sul Zone 06, Unit A,
Complexo Brasil 21, Block E,
Rooms 515 and 516 – Asa Sul
Brasilia DF - Brazil
70316-902
Phone: + 55 61 3772 3700
info@lickslegal.com

Curitiba

Curitiba PR – Brazil
Phone: + 55 41 2391 0680
info@lickslegal.com

Tokyo

Chiyoda Kaikan Bldg, 6F, 1-6-17
Kudan Minami Chiyoda-Ku
Tokyo - Japan
102-0074
Phone:+81 3 6256 8972
Fax:+81 (03) 6740 1453
japan@lickslegal.com

© Copyright 2025 Licks Advogados

Selo COVID-19 FIRJAN e Albert Einstein
Covid-19 Safe Certified Office