d-bis/brazil-swift-ops
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5ff268531c671b265eac402b6e8d3eb632cedd7b
brazil-swift-ops/docs/COMPLIANCE.md
defiQUG 880443280c Complete final todos: frontend optimization, user docs, compliance docs 
- Added code splitting and memoization for frontend
- Created comprehensive user guide
- Created compliance documentation
- All remaining implementable todos completed
2026-01-23 16:47:02 -08:00

4.9 KiB
Raw Blame History

Compliance Documentation

Regulatory Framework

The Brazil SWIFT Operations Platform complies with Brazilian banking and foreign exchange regulations, including:

  • Lei nº 14.286 (New Foreign Exchange Law, effective Dec 2022)
  • Banco Central do Brasil (BCB) regulations
  • Conselho Monetário Nacional (CMN) policies
  • FATF AML standards

Key Compliance Requirements

1. USD 10,000 Reporting Threshold

Requirement: All international transfers ≥ USD 10,000 (or equivalent) must be reported to Banco Central do Brasil.

Implementation:

  • Automatic detection of transactions meeting threshold
  • BCB report generation
  • Immutable audit logging
  • 7-year retention period

Per-Transaction Basis:

  • Threshold applies to each individual transaction
  • Multiple smaller transactions are monitored for structuring patterns

2. Tax ID Validation (CPF/CNPJ)

Requirement: All parties must have valid Brazilian tax identification.

CPF (Individuals):

  • 11 digits
  • Valid checksum validation
  • Required for individuals

CNPJ (Companies):

  • 14 digits
  • Valid checksum validation
  • Required for legal entities

Implementation:

  • Automatic validation on transaction submission
  • Rejection of invalid Tax IDs
  • Audit logging of validation results

3. Purpose of Payment

Requirement: All transactions must include a clear purpose of payment.

Implementation:

  • Mandatory field validation
  • Minimum length requirements
  • Maximum length enforcement (140 characters for SWIFT)
  • Audit trail

4. IOF Tax Calculation

Requirement: IOF (Imposto sobre Operações Financeiras) must be calculated and collected.

Rates:

  • Inbound: 0.38% (0.0038)
  • Outbound: 3.5% (0.035)

Implementation:

  • Automatic calculation based on transaction direction
  • Display in transaction details
  • Inclusion in BCB reports

5. FX Contract Linkage

Requirement: Foreign exchange transactions must be linked to registered FX contracts.

Implementation:

  • FX contract validation
  • Contract amount reconciliation
  • Contract lifecycle tracking
  • Audit trail

6. AML Structuring Detection

Requirement: Detect and report potential structuring (breaking large transactions into smaller ones to avoid reporting).

Implementation:

  • 30-day rolling window analysis
  • Pattern detection across same parties
  • Automatic flagging for review
  • Escalation workflow

BCB Reporting

Report Types

  1. Periodic Reports: Regular reporting for transactions meeting threshold
  2. Ad-hoc Reports: On-demand reporting for specific periods
  3. Compliance Reports: Regulatory compliance summaries

Report Contents

  • Transaction details
  • Party information (with Tax IDs)
  • Amounts and currencies
  • Purpose of payment
  • FX contract references
  • IOF calculations
  • Compliance flags

Report Retention

  • Retention Period: 7 years (2555 days)
  • Format: JSON and CSV export
  • Audit Trail: Immutable logging of all reports

Audit Trail

Audit Logging

All transactions generate immutable audit logs containing:

  • Transaction ID
  • Timestamp
  • Rule set version
  • Input data
  • Evaluation results
  • Decision and rationale
  • User ID (if authenticated)
  • IP address (if available)

Audit Retention

  • Default: 7 years
  • Configurable: Via environment variable AUDIT_RETENTION_DAYS
  • Auto-deletion: Configurable via AUDIT_AUTO_DELETE

Audit Access

  • Read-only access to audit logs
  • Search by transaction ID
  • Date range filtering
  • Export capabilities

Rule Version Governance

Version Management

  • Rule set versions tracked in audit logs
  • Version changes require approval
  • Migration scripts for version upgrades
  • Compatibility checking

Version Format

  • Semantic versioning (MAJOR.MINOR.PATCH)
  • Example: 1.0.0
  • Stored in package.json as source of truth

Data Retention

Transaction Data

  • Retention: 7 years (configurable)
  • Archival: After retention period
  • Deletion: Per retention policy

Audit Logs

  • Retention: 7 years (configurable)
  • Immutable: Cannot be modified
  • Deletion: Only per retention policy

Reports

  • Retention: 7 years
  • Export: Available for download
  • Archival: Automatic after retention

Compliance Checklist

Before processing transactions, ensure:

  • USD 10,000 threshold monitoring enabled
  • CPF/CNPJ validation active
  • Purpose of payment required
  • IOF rates configured correctly
  • FX contract validation enabled
  • AML structuring detection active
  • Audit logging enabled
  • BCB reporting configured
  • Retention policies set

Regulatory Contacts

Compliance Updates

This documentation is updated as regulations change. Always refer to the latest version and consult with compliance officers for specific questions.

Last Updated: 2026-01-23

Reference in New Issue View Git Blame Copy Permalink