Open Finance Brasil

Brazilian Central Bank (BCB) – Banco Central do Brasil (BCB)

Brazil

The basis for the development and implementation of APIs for Open Banking in Brazil include:

The adoption of security mechanisms should consider the standards applicable to each of its phases, aiming at the protection and availability of the ecosystem as a whole, considering customers, participants and the specific data shared.

The existing standards will be adopted whenever their application is relevant or appropriate.

APIs flows will be extended to meet more complex use cases in future releases.

The API will use two status codes that meet two different purposes: (i) the HTTP status code reflects the result of the API call, and (ii) a status field on some resource payloads reflects the status of resources in write access cases (e.g. payment initiation).

A REST feature must have a unique identifier that can be used to identify the resource, with format and pattern to be defined from Open Banking Phase 2 in Brazil.

When a requirement is being implemented by a transmitter and/or receiver, a different categorisation is applied. The features, endpoints, and fields in each resource will be categorised as ‘Required’, ‘Conditional’ or ‘Optional’.

The APIs will be agnostic to the implementation where they can be consumed regardless of the technologies adopted in the ecosystem, but with adherence to the principles contained in this documentation.

Princípios – Área do Desenvolvedor – Open Finance Brasil – Área do Desenvolvedor (atlassian.net)

Fintech Disruption in Brazil: a Study on the Impact of Open Banking and Instant Payments in the Brazilian Financial Landscape.

Belvo, an API platform focused on the Latin American market, offers the technology Fintechs need to access all the benefits of Open Banking. 

Sensedia Banco – Use BaaS to take the lead in the OB race.

Unlocking Value Open Banking Brazil By embracing the principles of Open Banking and upgrading their strategies, banks will find Open Banking actually enables them to deepen their customer relationships and creates new potential for growth.

Open Data v1.0.2 / 27 Oct 2022

AIS v2.0.1 / 27 Oct 2022

PIS v2.0.0 / 18 Nov 2022 

In addition to having corporate governance and management practices corresponding to the risk level, the potential partner operates should provide documented procedures to ensure that:

• Compliance with legislation and regulations in force.

• The partner institution must be provided access to information demonstrating the effectiveness of data transfer and how data is stored on shared services ensuring confidentiality, integrity, availability and retrieval of data and information about shared services.

• Adherence to certifications required by the partner institution for sharing data.

• The partner institution must be granted access to the reports prepared by an independent specialised auditing company hired by the potential partner regarding the procedures and controls used in data sharing.

• Proof of the existence of information and adequate management resources to monitor the data share.

• The quality of access controls aimed at protecting data and information about shared services.

Minimum capital for TPP (Third Party Provider) PISP (Payment Initiation Service Provider): R$ 1MM.

The individual or legal entity can decide when and with whom they want to share their data. Open Banking ensures the standardisation of data sharing and services. Brazil has modelled their Open Banking initiative on the UK OBIE Standard and worked directly together with the UK when designing Open Banking Brazil.

• Retailers, utility companies, and big tech can partner with banks and embedded Fintech service providers.
• The maximum duration of data sharing consent is 365 days (e.g. in comparison to 90 days in the UK).
• The participation of large and medium-sized Brazilian banks with significant international presence is mandatory.
• A strong focus on payment and deposit accounts and functions.
• Free access to customer data, transactions and payment initiation services.
• More than 150m online accessible bank accounts for Open Banking, and 45m unbanked to be tackled with Open Banking enabled use cases (financial inclusion).
• Retailers partner with embedded Fintech services.

Open Banking

• Payment Initiation
• Account Information

Open Finance

• Products and Services
• Service Channels
• Capitalisation Bonds
• Investments
• Exchange 
• Accreditation
• Social Security
• Insurance
• Credit Card
• Loans

Consent is outlined in the developer area where the Consents API enables the creation, consultation and revocation of consents.

Both FAPI and OPENID certifications are mandatory.

FAPI uses OAuth 2.0 and OpenID Connect (OIDC) as its foundation and sets additional technical requirements for the financial industry and other industries that require increased security.

Specification details can be consulted at the following websites:

More on security in Portuguese.

More on security in English.

Brazil uses PIX for Payment Initiation

Open Banking Brasil GitHub

Developer area

The Open Banking Brazil project was approved in 2019 by the Brazilian Central Bank (Banco Central do Brasil) as part of a broader modernisation agenda of the country’s financial system. The project was supposed to start in the second half of 2020; however, the timescale was delayed due to the COVID-19 pandemic.

Open Banking Brazil is implemented in four phases. Starting in February 2021, the phases include regulating the Open Data sharing from financial institutions, people sharing their registration and transactional data with any financial institution participating in the Brazilian Open Banking ecosystem, enabling PIX payments, the payment initiation through bank transfers, “Boleto bancario” and debit accounts, credit proposal submissions, and making information regarding insurance, investment, foreign exchange, and private pension public and transactional. 

PIX is a new payment method in Brazil for instant direct bank transfers, which is built and owned by the Central Bank and operated by the Brazilian banks, digital accounts and wallets. The account-holding institutions must carry out financial transactions by instant payments, initiated from other regulated institutions, upon the customer’s request.

By September 2021, 158 institutions had joined – including mandatory and voluntary institutions – and another 663 institutions were expected to join in the near future.

The Governance Structure comprises of three levels: Deliberative Council, Secretariat and Technical Group.

A Deliberative Council, composed of six representatives from financial associations and one independent councillor, oversees the technical and operational standards of Open Banking Brazil.

The Secretariat group aims to organise the work plans and technical proposals presented by the Technical Groups.

The Technical Groups develop studies, technical proposals and work plans aimed at the implementation and management of Open Banking in the country, always guided by the guidelines approved by the Deliberative Council.

Currently, there are nine Technical Groups working for the implementation of Open Banking Brasil.

The following documents must be applied together with the standard: 

• [ISODIR2] – ISO/IEC Directives Part 2 [ISODIR2]

  View full list

Open Banking Brazil has introduced some non-exhaustive technical principles, the third of which states:

“Existing standards will be adopted whenever their application is relevant/appropriate and as long as they do not violate any of the other principles, focusing on the developer and user experience, and also providing for the extensibility, resilience and evolution of Open Banking in Brazil”.

General Personal Data Protection Law (Law No. 13.709 of 14 August 2018; amended by Law No. 13.853 of 8 July 2019)