Laws & RegulationsBACEN Resolution 4893
In ForcefinancialResolução CMN nº 4.893, de 26 de fevereiro de 2021
Resolução CMN nº 4.893/2021 — Cybersecurity Policy for Financial Institutions
Also known as: BACEN Resolution 4893
BACEN Resolution 4893 requires Brazilian financial institutions to implement a cybersecurity policy, conduct annual risk assessments, manage third-party risks, and report significant incidents to the central bank.
Jurisdiction
Brazil
Regulator
Banco Central do Brasil
Effective
12/31/2022
Sector
financial
Full Text / Summary
The resolution requires financial institutions to: (1) adopt a cybersecurity policy approved by the board; (2) conduct annual cybersecurity risk assessments; (3) implement controls proportional to risk profile; (4) manage third-party service providers including cloud services; (5) maintain an incident response plan; (6) report relevant incidents to BACEN. The resolution was phased in, with full compliance required by December 31, 2022.