Answer ... (a) Crowdfunding, peer-to-peer lending
Crowdfunding is regulated by Instruction 588, issued by the CVM on 13 July 2017.
Instruction 588/17 establishes that investment-based crowdfunding (ie, a public offer of securities in order to raise funds) for small-sized companies does not require prior registration with the CVM if:
- the funds raised do not exceed BRL 5 million and the fundraising term is no longer than 180 days;
- the offer complies with the procedures set forth in the instruction;
- investors are guaranteed a seven-day cooling-off period; and
- the amount raised is not used for operations involving other companies (eg, mergers and acquisitions, acquisitions of shares or securities, concession of credit).
Except as provided in the instruction, annual investments in crowdfunding are limited to BRL 10,000 per investor.
An electronic crowdfunding platform must be duly constituted and organised in Brazil and requires prior authorisation from the CVM. To register with CVM, the platform must fulfil the requirements laid down in the instruction, which include a minimum paid-in capital of BRL 100,000.
Fintechs that aim to raise funds through crowdfunding must thus comply with the instruction or fulfil the requirements for exemption from prior registration. Fintechs that aim to operate as crowdfunding platforms in Brazil must observe the instruction, together with other determinations of the CVM.
Peer-to-peer lending in Brazil is usually structured through:
- a bank correspondent of a financial institution, which performs credit-linked transactions with creditors and borrowers; or
- a peer-to-peer credit company, which is a financial institution regulated by the National Monetary Council (CMN) through Resolution 4,656 of 26 April 2018. Peer-to-peer credit companies must have a strict social purpose and their operations must comply with the terms and conditions set forth in Resolution 4,656/18.
Consequently, Instruction 588/17 and Resolution CMN 4,656/18 have brought clarity and legal security to companies, platforms and investors. They constitute a solid framework which must be mandatorily observed by agents.
(b) Online lending and other forms of alternative finance
The most common fintechs providing online lending through electronic platforms are the credit fintechs regulated by Resolution 4,656, issued by the National Monetary Council on 26 April 2018, which provides for two different types of credit fintechs:
- direct credit companies; and
- peer-to-peer credit companies.
In addition, several digital platforms operate as bank correspondents in Brazil through partnership with a financial institution that originates the credit.
Regarding online lending, Resolution 4,656 sets out:
- which entities can act as creditors and debtors in lending operations;
- the requirements and procedures for online lending operations;
- the provisions that must be included in instruments supporting lending operations; and
- the terms for release of the applicable funds.
Peer-to-peer credit companies are forbidden from, among other things:
- performing lending operations with their own resources;
- owning participating interests in financial institutions; and
- remunerating or using for their own benefit funds related to lending operations.
Pursuant to the resolution, a peer-to-peer credit company shall intermediate lending operations, providing services to the parties and thereby being entitled to charge fees for such purpose.
Additionally, a creditor must not participate in operations with the same debtor beyond a limit of BRL 15,000.
In conclusion, a fintech that aims to provide online lending services in Brazil must adapt its business model to the structure required under the current legislation, alongside the applicable requirements.
(c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb)
Payment service providers are generally regulated in Brazil as sub-acquirers, which do not need a licence from the Central Bank of Brazil to operate.
Under Brazilian law, a ‘sub-acquirer’ is a participant in a payment scheme that enables the recipient end user to accept the payment instrument issued by a payment institution or financial institution participating in the same payment scheme. The sub-acquirer does not participate in the liquidating process of payment transactions as a creditor of the issuer.
As sub-acquirers, such payment services providers shall enter into agreements with acquirers and therefore join the payment scheme as participants. Such companies must comply with the applicable legislation on payment schemes (including Circulars 3,885, 3,886 and 3,887 issued by the Central Bank of Brazil), together with know-your-customer and anti-money laundering prevention mechanisms, among others.
Sub-acquirers in Brazil still face a centralised market, as traditional banks dominate most segments of the payment chain.
(d) Forex
Under Brazilian regulation, forex activity is regarded as derivatives activity and is therefore subject to Law 6,385/76 (which regulates securities and exchange activities) and general control and inspection by the CVM.
Pursuant to Law 6,385/76, a public offer of forex must be registered with CVM and must be made by an institution participating in the securities distribution system. CVM’s Instruction 400/03 regulates the distribution of such assets.
Therefore, the offering of investments relating to forex to Brazilian individuals must strictly comply with the Brazilian regulations on the subject.
According to CVM’s understanding, with regard to forex brokers, a fundraising will be deemed valid only if:
- the prospection activity was performed abroad; and
- the operation cannot be characterised as a public offer made in Brazil, according to the current regulation.
Otherwise, the offer is illegal, potentially constituting either an administrative violation before CVM or even a crime against the national financial system (as defined by Law 7,492/86).
In conclusion, any agent that aims to offer forex-related services or products to the Brazilian market must be rigorously cautious and, if possible, initiate activities only following prior consultation with the CVM.
(e) Trading
The most relevant players in the Brazilian trading sector are:
- securities and exchange brokers;
- securities and exchange distributors; and
- financial institutions whose main or secondary purpose is the intermediation of operations in regulated securities markets.
Such services involve the execution of securities and exchange sale and purchase orders for clients, but may also include:
- providing information on investment analysis;
- managing securities portfolios (including investment funds); and
- providing custody services.
Trading operations involving securities in regulated securities markets must comply with CVM Instruction 505/11. To operate in this segment, the company must be authorised to act as a participant in the distribution system and fulfil the requirements set forth in CVM Instruction 505/11.
With regard to exchange operations, a bill of law is pending deliberation by the Brazilian Congress which aims to modernise the national exchange regime (Bill of Law 5,387/19) and open the market to foreign investment. The bill would consolidate 39 legal instruments that variously govern exchange operations and appoint the National Monetary Council as the competent body for issuing supplementary provisions.
(f) Investment and asset management
CVM Instruction 558/15 provides for the professional management of securities portfolios. Players can be registered as fiduciary managers or resource managers, and may perform asset management activities only with the prior authorisation of the CVM and in compliance with the instruction’s terms and conditions.
(g) Risk management
The Central Bank of Brazil provides that the risk management structures of payment institutions must consider operational, credit and liquidity risks. Such structures must:
- be compatible with the nature of the institution’s activity and the complexity of the services rendered;
- be separate from the unit performing the internal audit function;
- allow for the identification, measurement, monitoring, control and mitigation of risks in a continuous and integrated manner;
- present policies and strategies reviewed by the institution’s board at least annually; and
- maintain all documentation regarding risk management policies and strategies, so that it can be accessed by the Central Bank at its discretion.
Regarding operational risks, the structure shall provide, among other things, for:
- a contingency plan and mechanisms guaranteeing continuity of services;
- mechanisms for the protection and security of data, network, sites, servers and communication channels;
- procedures for monitoring, tracking and limiting access to sensitive data; and
- user authentication mechanisms.
Similarly, regarding liquidity risks, the structure shall provide for:
- procedures for identification, assessment, monitoring and control of exposure to liquidity risks; and
- liquidity contingency plans, which must anticipate liabilities and set out procedures for situations of liquidity stress.
For credit risks, the structure shall provide for:
- transaction limits;
- procedures for identification, assessment, monitoring and control of exposure to credit risks; and
- procedures for credit recovery.
Central Bank Circular 3,680/13 provides that payment institutions must also implement risk management systems aimed at preventing money laundering and combating terrorist financing.
On the other hand, for an insurtech to be allowed to participate in the regulatory sandbox (implemented by Resolution 381/20 of the Superintendency of Private Insurance), it must have had previously analysed the major risks regarding its activities, including risks relating to cybersecurity and a mitigation plan for occasional damages.
Lastly, pursuant to Instruction 588/17 of the CVM, electronic platforms that aim to offer investment-based crowdfunding must, among other requirements for eligibility, present a code of conduct setting out rules, procedures and internal controls for the identification, analysis and mitigation of risks. Such platforms must also obtain prior confirmation from investors of acknowledgement of the risks involved in such operations.
In conclusion, a fintech that aims to act as a payment institution under Brazilian law may face more robust regulation of its risk management structure (which could result in specific expenses in order to ensure compliance). Insurtechs and crowdfunding platforms must also be aware of possible risks and present appropriate plans for mitigation.
(h) Roboadvice
Roboadvisers provide services regulated by the CVM. The rules in this regard are the same as those applicable to humans providing the same services, such as those set out in Instructions 539, 558, and 592, and in the General Data Protection Law (expected to come into force in 2021). Nonetheless, no particular regime applies in this regard to roboadvice; the applicable rules will be the same in terms of the fiduciary duties of human advisers.
(i) Insurtech
Currently, insurtechs are regulated and supervised like traditional entities by the Superintendency of Private Insurance (SUSEP). The Brazilian insurance market is comprised of large insurance and reinsurance companies, private pension funds and insurance and reinsurance brokers.
The insurance sector is regulated by Decree-Law 73 of 21 November 1966 and Complementary Law 126/07.
In March 2020 SUSEP published Resolution 381/20, which sets forth conditions for the temporary authorisation and operation by companies participating in an experimental regulatory environment (regulatory sandbox). To be eligible, interested companies must, among other things, offer a product and/or service that is deemed innovative and use remote devices in operations relating to insurance plans.
The regulatory sandbox for insurtechs reflects the regulator’s desire to modernise the insurance sector opening it up to new business models and ideas.