LogoRegulatory Alerts
2026-05-29 | Instrução Normativa BCB 739

Central Bank of Brazil Normative Instruction No. 739 of May 29, 2026

The Central Bank of Brazil issued Normative Instruction No. 739 to amend Instruction No. 704, requiring virtual asset service providers to submit a reasonable assurance report from an independent CVM-registered auditor as part of their authorization proceedings. The regulation also updates capital increase notification procedures for institutions under Resolution No. 519 and defines the specific content and scope of the required assurance report regarding anti-money laundering and fraud prevention controls. These changes aim to enhance the rationality, security, and robustness of the regulatory examination process for virtual asset service providers.

Banco Central do Brasil logo

Brazil

Banco Central do Brasil

Click to view thumbnail

CENTRAL BANK OF BRAZIL NORMATIVE INSTRUCTION NO. 739, OF MAY 29, 2026

Amends Central Bank of Brazil Normative Instruction No. 704, of January 29, 2026, which publishes procedures, documents, deadlines, and information necessary for the instruction of authorization requests related to the operation of foreign exchange brokerage firms, securities brokerage firms, securities distribution firms, and virtual asset service providers.

The Head of the Department of Financial System Organization (Deorf), in the exercise of the authority conferred by Articles 23, item I, letter “a”, and 98, item VI, of the Internal Regulations of the Central Bank of Brazil, annexed to Resolution BCB No. 340, of September 21, 2023, based on Article 4 of Resolution BCB No. 519, of November 10, 2025,

RESOLVES:

Article 1. Central Bank of Brazil Normative Instruction No. 704, of January 29, 2026, published in the Official Gazette of the Union on January 30, 2026, shall be effective with the following changes:

“Article 5. ................................................................................................................................... ................................................................................................................................................. XV

  • reasonable assurance report issued by an independent auditor registered with the Securities and Exchange Commission (CVM), in the form of Annex IV, in the case of virtual asset service providers. .......................................................................................................................................” (NR)

“Article 10. .......................................................................................................................... ................................................................................................................................................. X

  • reasonable assurance report issued by an independent auditor registered with the Securities and Exchange Commission (CVM), in the form of Annex IV. .......................................................................................................................................” (NR)

“Article 24. Capital increases funded with resources originating from accumulated profits, capital reserves, and profits or credits to shareholders as remuneration for capital must be communicated to the Central Bank of Brazil within fifteen days of their occurrence, by including a record in Unicad, according to the outline available in subsection 3.3.40.120 of Sisorf.” (NR)

Article 2. Annex IV to Central Bank of Brazil Normative Instruction No. 704, of January 29, 2026, published in the Official Gazette of the Union on January 30, 2026, shall be effective with the following wording:

“ANNEX IV CONTENT OF THE REASONABLE ASSURANCE REPORT

Article 1. The reasonable assurance report regarding the detection and prevention of operations whose characteristics may indicate the existence of crimes defined in Law No. 9,613, of March 3, 1998, must contain a conclusive opinion on the following aspects:

I - institutional policy, organizational structure, and employee training, which must include: a) institutional policy:

  1. verification that the policy is documented and approved by the Board of Directors or, in its absence, by the Executive Board of the company;
  2. verification that the policy includes the guidelines set forth in Article 3, item I, of Circular No. 3,978, of January 23, 2020;
  3. verification that the policy includes guidelines for implementing procedures set forth in Article 3, item II, of Circular No. 3,978, of January 23, 2020; b) organizational structure:
  4. verification that the structure is compatible with the size and volume of operations of the company;
  5. verification that there is no conflict of interest between the management of procedures for the detection and prevention of the operations referred to in the main text and the business areas of the company; c) employee training: verification of the compatibility of the content, application method, and controls regarding training with the activities performed by employees, including employees of their correspondents in the country;

II - internal risk assessment regarding the use of products and services of the company in the practice of the crimes referred to in the main text, which must include: a) formalization of the procedure: verification of the existence of an internal risk assessment, its approval by the responsible director, and awareness of the Risk Committee and the Audit Committee, when they exist, and of the Board of Directors or, if non-existent, the Executive Board of the company; b) risk profiles: verification that the internal risk assessment considers the risk profiles of clients, the company, operations, transactions, products, and services, covering all distribution channels and the use of new technologies, and of the activities performed by employees, business partners, and outsourced service providers, and evaluation of the criteria used to define risk categories;

III - procedures for knowing your clients, which must include: a) formalization of procedures: verification of the existence of a specific manual of procedures for knowing clients and evaluation of the compatibility of these procedures with the internal risk assessment; b) client identification: evaluation of the adequacy of procedures for collecting, verifying, validating, and storing evidence for client identification, including their representatives and administrators, in the case of legal entities; c) client qualification:

  1. evaluation of the adequacy of procedures for collecting, validating, verifying, and analyzing data on the financial capacity of clients, as well as on other qualification elements and storing evidence, and their compatibility with the risk profile of clients;
  2. evaluation of the adequacy of procedures that allow qualifying clients, their representatives, and ultimate beneficiaries, in the case of a legal entity, as politically exposed persons or as persons related to politically exposed persons;
  3. verification that the company has procedures for identifying and qualifying the ultimate beneficiary of the client legal entity;
  4. evaluation of the adequacy of procedures for the reputational qualification of the client, including their representatives and administrators, in the case of legal entities, in the process of establishing a relationship with the company;
  5. evaluation of the adequacy of enhanced due diligence procedures for politically exposed persons, high-risk clients, and jurisdictions under the monitoring of the Financial Action Task Force – FATF; d) client classification: evaluation of the adequacy of procedures for classifying clients into risk categories defined in the internal risk assessment;

IV - procedures for knowing your partners, which must include: a) formalization of procedures: evaluation of the adequacy of the formalization of procedures regarding the company's partners; b) identification of partners: evaluation of the adequacy of procedures for identifying the company's partners; c) qualification of partners: evaluation of the adequacy of procedures for qualifying the company's partners; d) classification of partners: evaluation of the adequacy of procedures for classifying the company's partners;

V - monitoring, selection, analysis, and communication of suspicious operations and situations of money laundering and financing of terrorism and weapons of mass destruction, which must include: a) formalization of procedures: verification of the existence of a specific manual of procedures for monitoring, selection, and analysis, and evaluation of the compatibility of these procedures with the internal risk assessment; b) monitoring and selection of operations:

  1. evaluation of the existence and scope of parameters, variables, rules, and scenarios used in the procedures for monitoring and selection of operations;
  2. evaluation of the compatibility of the procedures and monitoring and selection tools with the size, volume, and complexity of the company's operations; c) analysis of operations:
  3. evaluation of the procedures for analyzing operations and suspicious situations, observing, among other criteria, the adequacy of the information collected, the scope, and the depth of the analyses;
  4. evaluation of the adequacy of procedures for formalizing dossiers, including the decision to communicate to the Financial Activities Control Council – COAF, and for retaining these dossiers for a period of ten years;
  5. evaluation of the adequacy of the company's thresholds for archiving or forwarding alerts and for the decision to communicate to COAF;
  6. evaluation of the adequacy of the procedures for monitoring, selection, and analysis of operations related to the crimes referred to in the main text;
  7. verification that the structure is sufficient for the analysis of all generated alerts; d) communications to COAF:
  8. verification that the company's procedures determine that communications to COAF must be made without informing those involved or third parties;
  9. verification that the company has procedures for mandatory communication to COAF regarding cash operations;
  10. evaluation of the adequacy of the deadlines for communications;

VI - monitoring and analysis regarding indications of the occurrence or attempt of fraud and scams, which must include: a) monitoring regarding indications of frauds: evaluation of the adequacy of transactional monitoring procedures for preventing frauds and scams executed by the company; b) analysis regarding indications of frauds and scams: evaluation of the adequacy of procedures for analyzing situations alerted by transactional monitoring for preventing frauds and scams;

VII - administrative blocking of assets, which must include: a) monitoring, detection, and blocking:

  1. evaluation of the adequacy of procedures defined to monitor unavailability determinations of assets resulting from Resolutions of the United Nations Security Council – UNSC or from designations by its sanctions committees;
  2. evaluation of the adequacy of procedures for monitoring the existence or emergence of assets of clients covered by the determinations of Resolution BCB No. 44, of November 24, 2020, so that, as soon as detected, they are placed under the regime of unavailability; b) communication to authorities: evaluation of the adequacy of procedures defined for communicating blocks to the Central Bank of Brazil, the Ministry of Justice and Public Security, and COAF;

VIII - registration of operations, which must include: a) registration of operations performed, products, and services contracted: verification that the records contain the minimum information about operations set forth in Article 28 of Circular No. 3,978, of January 23, 2020; b) payment, receipt, and transfer of resources operations: verification that the registration of payment, receipt, and transfer of resources operations contains, in addition to the information set forth in Article 28 of Circular No. 3,978, of January 23, 2020, the identification of the origin and destination of resources determined in Article 30 of the said Circular.

§1. Items V, letter “c”, items 1, 2, and 5, VI, letter “a”, VII, and VIII of the main text apply only to virtual asset service providers that were in activity on the date of entry into force of Resolution BCB No. 519, of November 10, 2025.

§2. Reasonable assurance reports issued in the last twelve months regarding the aspects mentioned may be considered in the issuance of the conclusive opinion.” (NR)

Article 3. This Normative Instruction enters into force on the date of its publication.

Carolina Pancotto Bohrer Head

ANNEX NOTE This Central Bank of Brazil Normative Instruction - IN BCB aims to amend provisions of Central Bank of Brazil Normative Instruction No. 704, of January 29, 2026, to:

I – include in the instruction of authorization requests for the operation of virtual asset service providers the submission of a reasonable assurance report issued by an independent auditor, supported by Articles 2, §5, and 4 of Resolution BCB No. 519, of November 10, 2025, in order to confer greater rationality, security, and robustness to the examination of these requests; II – include clarifications on the method of communication of capital increases of institutions regulated by Resolution BCB No. 519, of 2025, which do not require authorization.

  1. Decree No. 10,411, of June 30, 2020, regulates the conduct of regulatory impact analysis - AIR as a prerequisite for the issuance of normative acts. However, in its Article 4, the aforementioned decree establishes the hypotheses for dispensing with the conduct of AIR. This IN BCB falls under the hypothesis set forth in item II, as it does not introduce any additional requirements to those contained in the current regulation and is intended to clarify the method of compliance with obligations defined in a hierarchically superior norm. Thus, based on item II of Article 4 of Decree No. 10,411, of 2020, I understand that the issuance of this normative instruction dispenses with the conduct of AIR.

Carolina Pancotto Bohrer Head

Share