Regulatory Alerts2025-12-18 | Resolução BCB 538BCB Resolution No. 538 — Amends Resolution BCB No. 85 on Cybersecurity Policy and Cloud Services Requirements for Payment Institutions
The Central Bank of Brazil issued Resolution BCB No. 538 to amend Resolution No. 85, imposing stricter cybersecurity and cloud computing requirements on payment institutions, securities brokers, and foreign exchange firms. The regulation mandates enhanced technical controls, including multi-factor authentication for critical systems like Pix and STR, physical and logical isolation of these environments, and rigorous vulnerability management with annual independent intrusion testing. Institutions must align their operations with these new standards by March 1, 2026, ensuring comprehensive traceability, secure configuration profiles, and strict access controls for both internal and third-party services.
Share