Laws & RegulationsBACEN 4893 (Brazil)
In ForceBanking, Financial institutions, Payment institutions
BACEN Resolution 4893/2021 — Cybersecurity Policy for Financial Institutions
Also known as: BACEN 4893 (Brazil)
Brazil's Central Bank resolution requiring financial institutions to establish comprehensive cybersecurity policies, conduct annual risk assessments, implement security controls, and report significant cyber incidents. Requires board-level approval of cybersecurity policies.
Jurisdiction
Brazil
Regulator
—
Effective
2/26/2021
Sector
Banking, Financial institutions, Payment institutions
Full Text / Summary
Brazil's BACEN Resolution 4893/2021 establishes cybersecurity policy requirements for financial institutions regulated by the Central Bank of Brazil (Banco Central do Brasil). The Resolution requires financial institutions to implement a cybersecurity policy that addresses: classification of information assets; access controls; encryption; incident response; business continuity; and third-party risk management. Institutions must designate a cybersecurity officer responsible for policy implementation. The Resolution also requires institutions to implement a cloud computing services contracting policy and to conduct due diligence on cloud service providers. Incident reporting to BACEN is required within 72 hours for significant cybersecurity incidents. The Resolution applies to banks, payment institutions, and other entities regulated by BACEN, and represents a significant strengthening of Brazil's financial sector cybersecurity requirements. Non-compliance can result in administrative sanctions including fines and restrictions on operations.