Yazılar

Brazil’s Central Bank Tightens Financial System Security After Cyberattacks

/in /tarafından

Brazil’s central bank unveiled new rules on Friday to bolster the resilience of the financial system following a wave of cyberattacks targeting financial institutions.

Effective immediately, non-authorized payment institutions connected to the National Financial System Network through IT providers will face a 15,000 reais ($2,767) cap on digital transfers. Central bank Governor Gabriel Galipolo explained that nearly all corporate transfers using Pix or TED already fall below this threshold, meaning the cap will mainly disrupt criminal attempts to move large sums in single operations.

“This measure is aimed at organized crime, not the financial institutions,” Galipolo stressed. By forcing attackers to carry out multiple smaller transactions, the central bank hopes to make illicit activity easier to detect.

In addition, the deadline for unauthorized firms to apply for a banking license has been moved up from December 2029 to May 2026, accelerating regulatory oversight. Going forward, no payment institution will be allowed to operate without prior approval.

Regulation director Gilneu Vivan also announced that long-awaited cryptoasset regulations will be issued later this year, building on a framework approved by Congress in 2022. Officials have raised concerns about the use of stablecoins in illicit financial flows.

Galipolo reassured markets that the banking system remains sound, despite heightened scrutiny. “There is no risk to Brazil’s banking system. The system is stable and there is no threat whatsoever,” he said.

On geopolitical risks, Galipolo called U.S. sanctions against Brazilian Supreme Court Justice Alexandre de Moraes under the Magnitsky Act “unusual.” While he declined to comment on the central bank’s recent decision to block the acquisition of lender Master by BRB due to confidentiality, he noted that all board decisions are taken collectively and based on technical grounds.

The sanctions against Moraes — which freeze his U.S. assets and restrict business with American firms — have sparked questions about potential spillover effects on Brazilian banks with U.S. operations, though the central bank said it is closely monitoring the situation.

Cyberattack on Brazil Tech Provider Disrupts Reserve Accounts of Several Financial Institutions

/in /tarafından

Brazil’s central bank revealed on Wednesday that C&M Software, a technology services provider catering to financial institutions without their own connectivity infrastructure, suffered a cyberattack targeting its systems. In response, the central bank ordered C&M to suspend access to the infrastructure it manages for these institutions.

Kamal Zogheib, C&M Software’s commercial director, confirmed the company was a direct victim of the attack, which involved fraudulent use of client credentials to try to access its services. Despite the breach, C&M said its critical systems remain intact and fully operational, with all security protocols activated. The company is working closely with the central bank and Sao Paulo state police as investigations continue.

Brazilian financial institution BMP and five other banks reported unauthorized access to their reserve accounts during the Monday attack. These reserve accounts, held directly at the central bank, are used solely for interbank settlements and are separate from client accounts, which were unaffected. BMP stated it has taken appropriate operational and legal measures and holds sufficient collateral to cover any impacted amounts, ensuring no disruption to its operations or partners.

An anonymous official indicated C&M services about two dozen smaller financial institutions, and the financial impact of the attack does not reach billions of reais. Another source confirmed no losses were sustained by clients.

The central bank refers to these affected entities as “financial institutions lacking their own connectivity infrastructure,” including many digital payment providers that have grown rapidly in Brazil. The Pix instant payment system, operated by the central bank since late 2020, has become the country’s most popular payment method, driving competition and innovation in the sector.