Open Finance Brazil

Brazilian Central Bank (BCB) – Banco Central do Brasil (BCB)

Brazil

Banking | Finance

Open Banking

• Payment Initiation
• Account Information

Open Finance

• Service Channels
• Products and Services
• Investments
• Capitalisation Bonds
• Accreditation
• Exchange
• Insurance
• Social Security
• Loans
• Credit Card

The development and implementation of Open Banking APIs in Brazil are based on the following principles:

• Security mechanisms should align with the standards applicable to each phase, ensuring the protection and availability of the entire ecosystem, including customers, participants, and the shared data.
• Existing standards will be adopted wherever relevant or appropriate.
• API flows will be expanded in future releases to support more complex use cases.
• Two status codes will be used for different purposes: (i) the HTTP status code indicates the result of the API call, and (ii) a status field in some resource payloads reflects the state of resources in write-access scenarios (e.g., payment initiation).
• REST features must include a unique identifier to distinguish the resource, with the format and pattern to be defined from Open Banking Phase 2 in Brazil.
• When a requirement is implemented by a transmitter and/or receiver, different categorizations are applied. Features, endpoints, and fields in each resource are classified as ‘Required,’ ‘Conditional,’ or ‘Optional.’
• APIs are designed to be implementation-agnostic, meaning they can be consumed regardless of the technologies used in the ecosystem, while adhering to the principles outlined in this documentation.

Princípios – Área do Desenvolvedor – Open Finance Brasil – Área do Desenvolvedor (atlassian.net)

Current Accounts | Credit Cards | Investments | Lending | Insurance

ISO 20022 | JSON | RESTful | YAML

Regulated

In addition to maintaining corporate governance and management practices appropriate to its risk level, a potential partner must provide documented procedures to ensure:

• Compliance with applicable laws and regulations.
• Access for the partner institution to information demonstrating the effectiveness of data transfers and how data is stored in shared services, ensuring confidentiality, integrity, availability, and retrievability of data and information.
• Adherence to the certifications required by the partner institution for data sharing.
• Access for the partner institution to reports prepared by an independent specialized auditing firm engaged by the potential partner, detailing the procedures and controls used in data sharing.
• Evidence of the existence of information and adequate management resources to monitor data sharing.
• The quality of access controls designed to protect data and information within shared services.
• A minimum capital requirement for a Third-Party Provider (TPP) Payment Initiation Service Provider (PISP) of R$ 1 million.

Mandated

Individuals or legal entities have the right to decide when and with whom they share their data. Open Banking ensures standardization in data sharing and services. Brazil modelled its Open Banking initiative on the UK OBIE Standard and collaborated directly with the UK in designing Open Banking Brazil.

Retailers, utility companies, and major tech firms can partner with banks and embedded Fintech service providers.

The maximum duration for data-sharing consent is 365 days, compared to 90 days in the UK. Participation by large and medium-sized Brazilian banks with significant international presence is mandatory.

The framework places a strong emphasis on payment and deposit accounts and their functionalities. Customers have free access to their data, transactions, and payment initiation services.

Open Banking in Brazil covers over 150 million online-accessible bank accounts, while also addressing financial inclusion for 45 million unbanked individuals. Retailers can collaborate with embedded Fintech services.

DCR | Certificates | Registry | Directory

FAPI1 | OIDC | OAuth

Both FAPI and OpenID certifications are required.

FAPI is built on OAuth 2.0 and OpenID Connect (OIDC) and establishes additional technical requirements for the financial sector and other industries that demand enhanced security.

Specification details can be found at the following websites:

• More on security (Portuguese)
• More on security (English)

Browser Redirect | App to App Redirect | Decoupled

Consent is outlined in the developer area where the Consents API enables the creation, consultation and revocation of consents.

Single Domestic Payments | Pay Later | Other

Brazil uses PIX for Payment Initiation

Operational Guidelines | API Specifications | Customer Experience Guidelines

Balances | Accounts | Cards | Beneficiaries | Transactions | Parties or Contacts | Other

Open Banking Brasil GitHub

Developer area

The Open Banking Brazil project was approved in 2019 by the Brazilian Central Bank (Banco Central do Brasil) as part of a broader effort to modernize the country’s financial system. The project was initially scheduled to begin in the second half of 2020, but its timeline was delayed due to the COVID-19 pandemic.

Open Banking Brazil is being implemented in four phases. Starting in February 2021, these phases cover regulating Open Data sharing among financial institutions, allowing individuals to share their registration and transactional data with any participating financial institution, enabling PIX payments, facilitating payment initiation through bank transfers, “Boleto bancario” and debit accounts, credit proposal submissions, and providing public and transactional access to information on insurance, investments, foreign exchange, and private pensions.

PIX is a new instant payment system in Brazil for direct bank transfers, built and owned by the Central Bank and operated by Brazilian banks, digital accounts, and wallets. Account-holding institutions are required to process instant payments initiated by other regulated institutions at the customer’s request.

By September 2021, 158 institutions had joined, both mandatory and voluntary, with another 663 expected to participate soon.

In January 2025, a governance restructure introduced a new voting system: FEBRABAN now holds two votes, and the Zetta and INIT associations were added. Consent numbers grew by 44%, from 43 million in January 2024 to 62 million in January 2025.

February 2025 marked the four-year anniversary of Open Banking Brazil, with 2.3 billion successful communications occurring weekly.

In April 2025, the BCB announced its regulatory priorities for 2025–2026, including the evolution of Open Finance, followed by significant updates in July 2025. Other 2025 updates include the implementation of Pix Automático, enabling automatic and programmable transfers; intensified credit portability measures for smoother operations; and the advancement of the Journey Without Redirection initiative, enabling Pix by Proximity.

Functional | DCR | Security Profile

The Governance Structure consists of three levels: the Deliberative Council, the Secretariat, and the Technical Groups.

The Deliberative Council, made up of six representatives from financial associations and one independent councillor, oversees the technical and operational standards of Open Banking Brazil.

The Secretariat organizes the work plans and technical proposals submitted by the Technical Groups.

The Technical Groups conduct studies, develop technical proposals, and prepare work plans to support the implementation and management of Open Banking in the country, following the guidelines approved by the Deliberative Council.

Currently, nine Technical Groups are actively involved in the implementation of Open Banking Brazil.

General Personal Data Protection Law (Law No. 13.709 of 14 August 2018; amended by Law No. 13.853 of 8 July 2019)