KYC for Fintechs in Brazil: Practical Guide & Checklist for 2025
Key takeaways
Brazil is the largest fintech market in LatAm, with over 2,000 active companies.
Identity fraud is one of the biggest threats: deepfakes, synthetic identities, and document forgery.
Fintechs must comply with KYC/AML rules as strict as banks. Initial verification is not enough: continuous monitoring is mandatory.
Didit enables compliance quickly, transparently, and with no hidden costs.
The fintech industry is one of the most dynamic in Brazil. Reports indicate there are over 2,000 fintechs across the country. That’s about 56% of all fintech companies mapped in Latin America. In numbers, Brazil’s fintech market reached $4.73 billion in 2024.
This growth brings opportunities but also regulatory challenges, especially around compliance and anti-money laundering. On September 1st, regulators announced that Brazil will require fintechs to comply with the same regulations as banks, just days after dismantling a money laundering network run by the country’s largest criminal organization. The upcoming regulation demands that fintechs report financial transactions through the same system banks have used for over two decades—potentially even retroactively, according to some sources.
With increasing regulatory pressure, Brazilian fintechs can no longer treat identity verification as a simple checkbox. KYC processes are more important than ever. To keep up, they need secure, fast, and transparent tools to combat the country’s growing identity fraud problem.
Identity Fraud: A Growing Threat for Brazilian Fintechs
Brazil faces a severe identity fraud problem. In Q1 2025 alone, fraud attempts surged over 50%, while the country leads the global ranking for deepfake-related fraud—five times more incidents than the U.S. and ten times more than Germany.
But deepfakes aren’t the only issue. Synthetic identities rose 140% YoY, while fake IDs and forged documents continue to challenge verification systems.
An alarming trend: every 16 seconds a scam attempt occurs in Brazil, leading to multimillion-dollar losses.
Direct Impact on Fintechs
Brazilian fintechs saw fraud in the sector grow 143.2%, according to TIInside. This makes fintech the third most affected sector in the country, right after betting platforms and social networks.
Fraud impacts fintechs by:
- Direct financial losses
- Excessive friction for legitimate users
- False positives and customer churn
Brazil’s KYC Regulations: What Fintechs Must Know
In Brazil, the KYC (Know Your Customer) framework for fintech is undergoing major changes. While AML rules aren’t new (the Law nº 9.613/1998 already required financial institutions to report suspicious activities to COAF), regulators now want to align fintech obligations with those of traditional banks.
This means Brazilian fintechs must implement robust compliance programs that can:
- Identify, verify, and validate customer identities (KYC)
- Monitor transactions and suspicious operations
- Report suspicious activity to COAF within 24 hours
- Retain records for at least five years
In addition, Resolução BCB nº 3.978/2020 and later Central Bank of Brazil (BCB) guidelines add specific obligations, such as risk-based frameworks proportional to each entity’s profile and internal controls capable of detecting synthetic identities and deepfakes.
Identity Verification Requirements in Brazil
Identity verification in Brazil is not a routine formality, but a strict legal process starting with the collection of key data: full name, CPF, and a valid ID document, which must then be cross-checked with official sources like Serpro or the Receita Federal.
Under the risk-based approach (Circular BCB 3.978/2020, Res. 119/2021), Proof of Address is only mandatory for profiles not classified as low risk. If fintechs are regulated by the CVM, additional data is required, such as date of birth, phone, email, and occupation.
All verification flows must comply with Law nº 9.613/1998 and Brazil’s Data Protection Law (LGPD): companies should only request essential data, disclose its usage, respect 5-year retention rules, and delete what’s not needed.
👉 Learn more about KYC and AML regulations in Brazil.
Continuous Monitoring is Mandatory in Brazil
Compliance doesn’t end with initial verification. Continuous monitoring of users is mandatory, as required by Circular BCB 3.978 (Article 17). Companies must keep customer data updated.
While no fixed frequency is set, re-checks are required whenever a user’s risk profile changes.
Which Regulators Oversee Fintech Compliance in Brazil?
Fintech compliance is supervised by multiple authorities combining federal laws and sector-specific requirements.
The key regulators are:
- Central Bank of Brazil (BCB/BACEN). Oversees KYC/AML framework for fintech.
- COAF (Financial Activities Control Council). Brazil’s financial intelligence unit.
- CVM (Securities and Exchange Commission of Brazil). Oversees securities, exchanges, fund managers, and token issuers.
- SUSEP (Private Insurance Superintendence). Regulates insurance and pensions.
- ANPD (National Data Protection Authority). Enforces LGPD, critical for fintechs handling personal data.
Ultimate Checklist of Regulations Impacting Fintechs in Brazil
- Law 9.613/1998. Foundational KYC/AML law.
- Law 13.810/2019. Sanctions law.
- Law 14.478/2022. VASPs as regulated entities.
- Circular BCB 3.978/2020. First KYC compliance guide in Brazil.
- Resolução BCB 119/2021. Mandatory address collection.
- Sector-specific rules:
- Real Estate → Resolução COFECI 1.336/2014
- Telecom → Resolução ANATEL 477/2007
- iGaming → Law 14.790/2023
How Didit Helps Fintechs in Brazil
Brazilian fintechs face a dual challenge: complying with KYC/AML rules and protecting against fraud.
Local providers have shown limitations:
- IDWall relies heavily on manual review, slowing down onboarding.
- Unico is not an end-to-end platform, leaving gaps exploitable by criminals.
Didit combines document verification, biometrics, official-source checks, and global screening in a flexible, open, and cost-efficient platform. Plus, it offers the first unlimited free KYC plan.
With Didit, you can build custom verification flows—from onboarding to biometric authentication—always aligned with Brazil’s fast-changing regulatory environment.