d-bis/brazil-swift-ops
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
brazil-swift-ops/docs/COMPLIANCE.md
defiQUG 880443280c Complete final todos: frontend optimization, user docs, compliance docs 
- Added code splitting and memoization for frontend
- Created comprehensive user guide
- Created compliance documentation
- All remaining implementable todos completed
2026-01-23 16:47:02 -08:00

201 lines
4.9 KiB
Markdown
Raw Permalink Blame History

# Compliance Documentation
## Regulatory Framework
The Brazil SWIFT Operations Platform complies with Brazilian banking and foreign exchange regulations, including:
- **Lei nº 14.286** (New Foreign Exchange Law, effective Dec 2022)
- **Banco Central do Brasil (BCB)** regulations
- **Conselho Monetário Nacional (CMN)** policies
- **FATF** AML standards
## Key Compliance Requirements
### 1. USD 10,000 Reporting Threshold
**Requirement:** All international transfers ≥ USD 10,000 (or equivalent) must be reported to Banco Central do Brasil.
**Implementation:**
- Automatic detection of transactions meeting threshold
- BCB report generation
- Immutable audit logging
- 7-year retention period
**Per-Transaction Basis:**
- Threshold applies to **each individual transaction**
- Multiple smaller transactions are monitored for structuring patterns
### 2. Tax ID Validation (CPF/CNPJ)
**Requirement:** All parties must have valid Brazilian tax identification.
**CPF (Individuals):**
- 11 digits
- Valid checksum validation
- Required for individuals
**CNPJ (Companies):**
- 14 digits
- Valid checksum validation
- Required for legal entities
**Implementation:**
- Automatic validation on transaction submission
- Rejection of invalid Tax IDs
- Audit logging of validation results
### 3. Purpose of Payment
**Requirement:** All transactions must include a clear purpose of payment.
**Implementation:**
- Mandatory field validation
- Minimum length requirements
- Maximum length enforcement (140 characters for SWIFT)
- Audit trail
### 4. IOF Tax Calculation
**Requirement:** IOF (Imposto sobre Operações Financeiras) must be calculated and collected.
**Rates:**
- **Inbound**: 0.38% (0.0038)
- **Outbound**: 3.5% (0.035)
**Implementation:**
- Automatic calculation based on transaction direction
- Display in transaction details
- Inclusion in BCB reports
### 5. FX Contract Linkage
**Requirement:** Foreign exchange transactions must be linked to registered FX contracts.
**Implementation:**
- FX contract validation
- Contract amount reconciliation
- Contract lifecycle tracking
- Audit trail
### 6. AML Structuring Detection
**Requirement:** Detect and report potential structuring (breaking large transactions into smaller ones to avoid reporting).
**Implementation:**
- 30-day rolling window analysis
- Pattern detection across same parties
- Automatic flagging for review
- Escalation workflow
## BCB Reporting
### Report Types
1. **Periodic Reports**: Regular reporting for transactions meeting threshold
2. **Ad-hoc Reports**: On-demand reporting for specific periods
3. **Compliance Reports**: Regulatory compliance summaries
### Report Contents
- Transaction details
- Party information (with Tax IDs)
- Amounts and currencies
- Purpose of payment
- FX contract references
- IOF calculations
- Compliance flags
### Report Retention
- **Retention Period**: 7 years (2555 days)
- **Format**: JSON and CSV export
- **Audit Trail**: Immutable logging of all reports
## Audit Trail
### Audit Logging
All transactions generate immutable audit logs containing:
- Transaction ID
- Timestamp
- Rule set version
- Input data
- Evaluation results
- Decision and rationale
- User ID (if authenticated)
- IP address (if available)
### Audit Retention
- **Default**: 7 years
- **Configurable**: Via environment variable `AUDIT_RETENTION_DAYS`
- **Auto-deletion**: Configurable via `AUDIT_AUTO_DELETE`
### Audit Access
- Read-only access to audit logs
- Search by transaction ID
- Date range filtering
- Export capabilities
## Rule Version Governance
### Version Management
- Rule set versions tracked in audit logs
- Version changes require approval
- Migration scripts for version upgrades
- Compatibility checking
### Version Format
- Semantic versioning (MAJOR.MINOR.PATCH)
- Example: `1.0.0`
- Stored in `package.json` as source of truth
## Data Retention
### Transaction Data
- **Retention**: 7 years (configurable)
- **Archival**: After retention period
- **Deletion**: Per retention policy
### Audit Logs
- **Retention**: 7 years (configurable)
- **Immutable**: Cannot be modified
- **Deletion**: Only per retention policy
### Reports
- **Retention**: 7 years
- **Export**: Available for download
- **Archival**: Automatic after retention
## Compliance Checklist
Before processing transactions, ensure:
- [ ] USD 10,000 threshold monitoring enabled
- [ ] CPF/CNPJ validation active
- [ ] Purpose of payment required
- [ ] IOF rates configured correctly
- [ ] FX contract validation enabled
- [ ] AML structuring detection active
- [ ] Audit logging enabled
- [ ] BCB reporting configured
- [ ] Retention policies set
## Regulatory Contacts
- **Banco Central do Brasil**: https://www.bcb.gov.br
- **CMN**: https://www.bcb.gov.br/estabilidadefinanceira/cmn
## Compliance Updates
This documentation is updated as regulations change. Always refer to the latest version and consult with compliance officers for specific questions.
**Last Updated:** 2026-01-23
Reference in New Issue View Git Blame Copy Permalink