Key Points:

  • The legalisation of Brazil’s iGaming market includes stricter online gambling regulations. 
  • There are three major focuses for operators, namely AML, CTF and PLD/FTP.
  • The SPA has also outlined a set of robust AML and KYC requirements to verify player identity and ensure compliance with relevant regulations.
  • Data centres and servers now have specific requirements to keep them secure and compliant with Brazilian gambling regulations.

In Brazil’s newly legalised gambling market, AML is not just a checkbox in online gambling regulations. It is also an important foundation for earning public trust. Brazil is rolling out new AML rules to ensure responsible growth. As part of Brazil’s Ministry of Finance, the Secretariat of Prizes and Bets (SPA) is taking a proactive role in setting the standards for a transparent industry.

For betting operators, the message is loud and clear. You need to have strong systems in place to prevent financial crime. Brazil’s gambling regulator, the Secretariat of Prizes and Bets (SPA), is raising the bar on compliance. Betting operators must now have robust policies in place for three key aspects:

  • Anti-Money Laundering (AML)
  • Counter-Terrorism Financing (CTF)
  • Preventing the proliferation of weapons of mass destruction (PLD/FTP). 

Compliance is about building a culture that runs through the entire organisation. These rules require you to assess the risk level of every customer when they register, and how you apply the same checks to employees and suppliers. 

AML Requirements for the Federal Licence

Brazil’s gambling regulator is setting a higher bar for compliance. Licensed operators must follow a strict framework to prevent money laundering, terrorism financing, and the proliferation of weapons of mass destruction. This involves:

  • Registering with the Council for Financial Activities Control (COAF)
  • Implementing clear internal policies
  • Conducting annual risk assessments. 

Brazilian iGaming industry KYC regulations

Brazil’s iGaming rules set a high bar for security and player protection. Strict Know Your Customer (KYC) procedures require bettors to verify their identity using their Individual Taxpayer Registration (CPF) number and facial recognition technology upon signups.

Operators must go further by rating players according to their risk profile. You will need to prevent prohibited individuals, such as minors, from registering. Don’t forget that financial transactions are limited to electronic bank transfers via institutions authorised by the Central Bank of Brazil. Credit cards, cash, and cryptocurrencies are off the table. 

Furthermore, licensed operators must submit detailed AML and CTF policies. You should also report suspicious transactions and screen for politically exposed persons (PEPs).

What are the requirements for data centres and servers?

Blue and white network cables in a data centre setup, illustrating infrastructure linked to online gambling regulations.

Operators must maintain their betting systems and related data in data centres located within Brazil, as set out in Normative Ordinance No. 722.

There is some flexibility if systems and data are hosted abroad in a country that has a joint civil and criminal International Legal Cooperation Agreement with Brazil. All the cumulative conditions outlined in the Ordinance are also to be met.

Your data centres must hold ISO 27001 certification. Servers hosting betting systems must also be kept in secure facilities and equipped with surveillance systems. They must be protected against alteration, tampering, or unauthorised access.

Religion’s influence on Brazilian online gambling regulations

Religion has long shaped the direction of Brazil’s gambling laws, influencing both historic bans and modern-day debates. Reportedly, President Eurico Gaspar Dutra outlawed gambling in 1946 at the urging of his deeply religious wife, shutting down casinos and entertainment venues. 

Decades later, the moral debate remains central to the discussion. Senator Eduardo Girão, a vocal critic, claims online betting has “destroyed lives” and fuelled money laundering, calling legalisation a “mistake”. The Evangelical Parliamentary Front, led by Gilberto Nascimento, also insists that gambling does not align with Brazil’s values, pledging to mobilise against casino legalisation. 

How CPI investigations are shaping industry practices

CPI in Brazil stands for Parliamentary Inquiry Commissions. For example, the betting CPI were established to investigate the growing influence of online gambling on Brazilian families’ financial spending.

The investigations have been shaping industry practices as they drive debates for stricter online gambling regulations. They have also covered key issues such as misleading influencer advertising, money laundering. The CPIs indeed increased pressure on operators for compliance. 

The Brazilian government is now attempting to regulate its fast-growing gambling industry with an increasingly rigorous framework. Federal licenses now come with strict AML policies, mandatory KYC checks that include facial recognition, and data centre rules that often require local presence and ISO 27001 certification.

The regulatory discussion also reflects wider social concerns. Despite ongoing complexities, the industry is striving to balance its growth with a safer and more accountable betting ecosystem.

Online Gambling Regulation FAQs

What does AML stand for and why is it important for online gambling?+

AML stands for Anti-Money Laundering. Licensed betting companies in Brazil must adhere to the Anti-Money Laundering (AML) framework as part of the online gambling regulations. Anti-Money Laundering (AML) is of utmost importance for combating financial crimes in online gambling such as money laundering, terrorist financing, and the proliferation of weapons of mass destruction. Operators must implement robust policies for identifying and assessing customer risk and reporting suspicious transactions to financial intelligence units like COAF.

Are KYC and AML the same thing?+

KYC and AML are not the same. KYC stands for “Know Your Customer” while AML refers to “Anti-Money Laundering”. Although they are closely related, KYC is a fundamental part of AML by definition. The former involves a set of procedures for identifying and verifying the identity of customers and assessing their risk levels. On the other hand, the latter refers to the broader set of policies to prevent financial crimes.

What’s the difference between CDD and KYC?+

CDD stands for “Customer Due Diligence”. It’s a component of KYC that focuses on gathering and analysing customer information to detect potential financial crime. In this sense, KYC is the broader compliance framework requiring operators to verify player identity and assess risk.

How are compliance requirements evolving for licensed gambling operators in Brazil?+

They have become increasingly stringent. Regulators now expect detailed KYC policies that can both identify and assess customer risk. For example, operators must implement measures like mandatory facial recognition and bank account verification through institutions authorised by the Central Bank of Brazil. After all, this framework is designed to combat financial crimes and reduce reliance on the black market.

Original article: https://igamingbusiness.com/the-rulebook/brazil/brazil-online-gambling-regulations-aml/

RELATED ARTICLESMORE FROM AUTHOR