Brazil raises compliance bar for virtual asset companies

Licensed and prospective crypto firms must meet new audit requirements as Brazil tightens supervision of its expanding digital asset market.

Brazil strengthens compliance standards for crypto firms

Brazil’s Central Bank has introduced a new requirement for virtual asset service providers seeking authorisation to operate in the country.

From 1 June 2026, companies applying to operate as sociedades prestadoras de serviços de ativos virtuais, or SPSAVs, must submit a reasonable assurance report issued by an independent auditor registered with Brazil’s securities regulator, the Comissão de Valores Mobiliários.

The audit requirement is intended to assess whether applicants have adequate compliance and control structures in place. Reviews will focus on anti-money laundering and counter-terrorist financing measures, including governance arrangements, client verification procedures, internal risk controls, and mechanisms to prevent misuse of virtual asset services.

The measure builds on Brazil’s broader virtual asset regulatory framework, established under Law No. 14,478 of 2022 and further developed through Central Bank resolutions issued in 2025. Those rules created a dedicated category for virtual asset service providers and placed their authorisation and supervision under the Central Bank.

The Central Bank said the new audit requirement is designed to strengthen security and efficiency in Brazil’s financial system while supporting the development of the country’s virtual asset market. The measure is also intended to align supervision with stronger standards for governance, transparency, internal controls, and financial crime prevention.

The additional requirement is expected to increase compliance costs for applicants, but it also signals that Brazil is moving towards more structured and bank-like oversight of crypto service providers.

Why does it matter?

Brazil’s move shows how crypto regulation is shifting from basic registration towards deeper supervisory checks. By requiring independent assurance over compliance controls before authorisation, the Central Bank is placing greater emphasis on AML/CFT, governance, client protection, and operational integrity. For virtual asset firms, market access will increasingly depend not only on business activity but also on whether internal controls can withstand external review.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.