Sunday, 12 July 2026 · World
USD/EUR 0.8755 USD/GBP 0.7459 USD/JPY 161.8 USD/CNY 6.79 All rates →
RSS
EUROS The World Financial Report
LATEST
Emerging Markets

Brazil weighs Pix restrictions for banks with weak cyber defences

EUROS Newsroom · 1h ago · 2 min read · 🇧🇷 Brazil
Brazil weighs Pix restrictions for banks with weak cyber defences

Brazil's central bank is drafting rules to restrict Pix access for banks with poor cyber defences, a move that raises compliance costs and could accelerate consolidation among smaller lenders.

Brazil's central bank is studying rules that would restrict or sever Pix access for financial institutions failing to meet cyber-security standards. The regulator wants the power to impose limits on transaction times, days, and values, or ban the registration of new Pix keys entirely.

The proposed framework closes a regulatory gap. Currently, the central bank can only penalise firms for breaching Pix operational rules, leaving it unable to act preventively against institutions that simply lack adequate digital defences.

The urgency stems from a relentless surge in cyber fraud. Criminal attacks drained more than 1.5 billion reais, equivalent to over $280 million, from the financial system in the past year alone. Of the 43 incidents reported to the regulator by May, 34 were directly tied to cyber fraud.

A single breach exposed the systemic risk posed by weak links in the supply chain. In June last year, an attack on C&M Software, a tech provider connecting smaller institutions to the network, siphoned about 813 million reais. It stands as the largest event of its kind ever recorded in Brazil, demonstrating how one vulnerable supplier can endanger the entire network.

Weeks later, another technology provider was hit, affecting a foreign bank and a cooperative lender and adding hundreds of millions in losses. Following these 2025 attacks, the regulator already capped certain transfers routed through third-party tech providers at 15,000 reais per operation.

The central bank is not waiting for the new rules to take effect. It has dispatched a risk-mapping questionnaire to 1,745 regulated firms, asking more than 400 questions about staffing, artificial intelligence, and data protection.

For market professionals, these evolving security demands represent a clear headwind for smaller players. Combined with incoming capital rules, the rising cost of robust digital defence significantly increases the expense of operating a bank or fintech in Brazil. This dynamic is expected to accelerate consolidation as weaker firms either invest heavily or seek buyers.

Experts note that the attacks exploit internal weaknesses at individual firms rather than flaws in the Pix system itself. However, the draft framework is still months from taking effect, and the exact penalties and thresholds could change before finalisation.