Circular Letter No. 4070 — Amends Circular Letter No. 4,056 of May 25, 2020, Establishing Procedures for Adherence to the Instant Payment Arrangement (PIX)

The Head of the Department of Competition and Financial Market Structure (Decem), using the powers conferred upon them, respectively, by Art. 97-A, item V, and Art. 62, item IV, of the Internal Regulations of the Central Bank of Brazil, annexed to Ordinance No. 84,287 of February 27, 2015, and taking into account the provisions of Arts. 4 and 9 of Circular Letter No. 3,985 of February 18, 2020,

RESOLVES:

Art. 1º Circular Letter No. 4,056 of May 25, 2020, shall enter into force with the following wording:

“Art. 12........................................................................................................................................................

§1º............................................................................................................................................................

V – testing of the functionalities for registration, exclusion, consultation, portability, claim of ownership, and verification of key synchronization for addressing, simulating requests sent by institutions that access the DICT indirectly;

VI – capacity testing; and

VII – testing of the request for return functionality.

§ 4º At least one message from each of the tests referred to in § 1º must be duly signed.” (NR)

“Art. 13-A. Institutions that access the DICT indirectly must send a declaration to the email dict@bcb.gov.br by September 30, 2020, affirming that the institution has adequate mechanisms to protect against scanning of its internal database.” (NR)

“Art. 14........................................................................................................................................................

§ 1º Adherence will be evaluated only for the main mobile phone application made available to natural person clients.

§ 2º For the purposes of § 1º, the main mobile phone application is considered to be the application that has the largest number of users, among the applications made available by the institution.

§ 3º Compliance with the provisions of the caput is waived for:

I - transactional account providers that use a mobile phone application provided by another Pix participant;

II – transactional account providers that wish to participate in Pix optionally, whose main digital service channel made available to their natural person clients is not an application accessible via mobile phone; and

III - transactional account providers that wish to participate in Pix optionally and do not have any natural person clients.

§ 4º For the purposes of item II of § 3º, the main digital service channel is considered to be the channel that has the largest number of transactions, among the digital channels made available by the institution.

§ 5º For the purposes of the waiver referred to in item I of § 3º, the institution in the process of adhering to PIX that provides the mobile phone application must send the waiver request through the Digital Protocol, observing the guidelines in Annex III, by July 15, 2020, identifying the Pix participant to whom this service is provided.

§ 6º For the purposes of the waivers referred to in items II and III of § 3º, a waiver request must be sent to the email pix@bcb.gov.br by July 24, 2020, indicating the reason for the waiver.

§ 7º Institutions that have already sent the document referred to in item I of Art. 15 may request a waiver, via the email pix@bcb.gov.br, by July 24, 2020, indicating the reason for the waiver, if they fall under the cases provided for in items II and III of § 3º.” (NR)

Art. 2º Annex I of Circular Letter No. 4,056 of May 25, 2020, shall enter into force with the following wording:

“ Annex I – Requirements and deadlines for compliance with formal tests for access to the DICT

Object of the tests

For compliance purposes, the institution must:

Period

1. Registration, exclusion, and consultation functionalities for addressing keys

I – register at least one addressing key of each type (mobile phone number, email, CPF, CNPJ, and Virtual Payment Address – EVP); II – exclude at least one addressing key of each type (mobile phone number, email, CPF, CNPJ, and Virtual Payment Address – EVP); and III – consult at least one addressing key of each type (mobile phone number, email, CPF, CNPJ, and Virtual Payment Address – EVP).

1.6.2020 to 15.7.2020

9am to 6pm business days

2. Portability and claim of ownership functionalities for addressing keys

I – initiate a portability process with mobile phone number, email, CPF, and CNPJ; II – cancel at least one portability process with status “Pending”; III – confirm at least one portability process with status “Pending”; IV – initiate a claim of ownership process with mobile phone number and email; V – cancel at least one claim of ownership process with status “Pending”; and VI – confirm at least one claim of ownership process with status “Pending”.

1.7.2020 to 15.8.2020

9am to 6pm business days

3. Mechanisms to protect against scanning of the DICT and participants' internal databases

I – send a declaration to the email dict@bcb.gov.br, affirming that performing two successive queries of the same user results in the same “PI-PayerId” for both queries; and II – send a declaration to the email dict@bcb.gov.br, affirming that the institution has adequate mechanisms to protect against scanning of its internal database.

1.8.2020 to 30.9.2020

4. Synchronization verification functionality

I – register at least one thousand addressing keys of a specific type (mobile phone number, email, CPF, CNPJ, or Virtual Payment Address – EVP) and request synchronization verification for that type of addressing key; and II – simulate a lack of synchronization between the DICT and the internal database and identify divergent addressing keys through a file of content identifiers (CIDs) registered in the DICT.

1.7.2020 to 31.8.2020

9am to 6pm business days

(exception: CIDs – 4pm to 6pm business days)

5. Simulation of requests sent by participants accessing the DICT indirectly (all functionalities)

Execute, on behalf of another institution, the tests referred to in items 1, 2, and 4 (object of the tests).

1.7.2020 to 31.8.2020

9am to 6pm business days

6. Capacity testing

I – Consult one thousand different keys within a 60-second interval and receive a successful response from the DICT, if the institution maintains up to one million transactional accounts; II – consult two thousand different keys within a 60-second interval and receive a successful response from the DICT, if the institution maintains between one million and ten million transactional accounts; or III – consult four thousand different keys within a 60-second interval and receive a successful response from the DICT, if the institution maintains more than ten million transactional accounts.

The consultations must last ten minutes and must be distributed homogeneously over time, with the total number of operations being equal to:

I – ten thousand, if the institution maintains up to one million transactional accounts;

II – twenty thousand, if the institution maintains between one million and ten million transactional accounts; or

III – forty thousand, if the institution maintains more than ten million transactional accounts.

1.8.2020 to 30.9.2020

9am to 6pm business days

7. Request for return functionality

I – initiate a request for return process;

II – receive a request for return;

III – cancel an open request for return; and

IV – respond to a request for return process.

1.9.2020 to 30.9.2020

9am to 6pm business days

Final adjustments

By 16.10.2020 9am to 6pm business days

“(NR)

Art. 3º. This Circular Letter enters into force on the date of its publication.

Angelo José Mont Alverne Duarte