# Compliance Documentation ## Regulatory Framework The Brazil SWIFT Operations Platform complies with Brazilian banking and foreign exchange regulations, including: - **Lei nº 14.286** (New Foreign Exchange Law, effective Dec 2022) - **Banco Central do Brasil (BCB)** regulations - **Conselho Monetário Nacional (CMN)** policies - **FATF** AML standards ## Key Compliance Requirements ### 1. USD 10,000 Reporting Threshold **Requirement:** All international transfers ≥ USD 10,000 (or equivalent) must be reported to Banco Central do Brasil. **Implementation:** - Automatic detection of transactions meeting threshold - BCB report generation - Immutable audit logging - 7-year retention period **Per-Transaction Basis:** - Threshold applies to **each individual transaction** - Multiple smaller transactions are monitored for structuring patterns ### 2. Tax ID Validation (CPF/CNPJ) **Requirement:** All parties must have valid Brazilian tax identification. **CPF (Individuals):** - 11 digits - Valid checksum validation - Required for individuals **CNPJ (Companies):** - 14 digits - Valid checksum validation - Required for legal entities **Implementation:** - Automatic validation on transaction submission - Rejection of invalid Tax IDs - Audit logging of validation results ### 3. Purpose of Payment **Requirement:** All transactions must include a clear purpose of payment. **Implementation:** - Mandatory field validation - Minimum length requirements - Maximum length enforcement (140 characters for SWIFT) - Audit trail ### 4. IOF Tax Calculation **Requirement:** IOF (Imposto sobre Operações Financeiras) must be calculated and collected. **Rates:** - **Inbound**: 0.38% (0.0038) - **Outbound**: 3.5% (0.035) **Implementation:** - Automatic calculation based on transaction direction - Display in transaction details - Inclusion in BCB reports ### 5. FX Contract Linkage **Requirement:** Foreign exchange transactions must be linked to registered FX contracts. **Implementation:** - FX contract validation - Contract amount reconciliation - Contract lifecycle tracking - Audit trail ### 6. AML Structuring Detection **Requirement:** Detect and report potential structuring (breaking large transactions into smaller ones to avoid reporting). **Implementation:** - 30-day rolling window analysis - Pattern detection across same parties - Automatic flagging for review - Escalation workflow ## BCB Reporting ### Report Types 1. **Periodic Reports**: Regular reporting for transactions meeting threshold 2. **Ad-hoc Reports**: On-demand reporting for specific periods 3. **Compliance Reports**: Regulatory compliance summaries ### Report Contents - Transaction details - Party information (with Tax IDs) - Amounts and currencies - Purpose of payment - FX contract references - IOF calculations - Compliance flags ### Report Retention - **Retention Period**: 7 years (2555 days) - **Format**: JSON and CSV export - **Audit Trail**: Immutable logging of all reports ## Audit Trail ### Audit Logging All transactions generate immutable audit logs containing: - Transaction ID - Timestamp - Rule set version - Input data - Evaluation results - Decision and rationale - User ID (if authenticated) - IP address (if available) ### Audit Retention - **Default**: 7 years - **Configurable**: Via environment variable `AUDIT_RETENTION_DAYS` - **Auto-deletion**: Configurable via `AUDIT_AUTO_DELETE` ### Audit Access - Read-only access to audit logs - Search by transaction ID - Date range filtering - Export capabilities ## Rule Version Governance ### Version Management - Rule set versions tracked in audit logs - Version changes require approval - Migration scripts for version upgrades - Compatibility checking ### Version Format - Semantic versioning (MAJOR.MINOR.PATCH) - Example: `1.0.0` - Stored in `package.json` as source of truth ## Data Retention ### Transaction Data - **Retention**: 7 years (configurable) - **Archival**: After retention period - **Deletion**: Per retention policy ### Audit Logs - **Retention**: 7 years (configurable) - **Immutable**: Cannot be modified - **Deletion**: Only per retention policy ### Reports - **Retention**: 7 years - **Export**: Available for download - **Archival**: Automatic after retention ## Compliance Checklist Before processing transactions, ensure: - [ ] USD 10,000 threshold monitoring enabled - [ ] CPF/CNPJ validation active - [ ] Purpose of payment required - [ ] IOF rates configured correctly - [ ] FX contract validation enabled - [ ] AML structuring detection active - [ ] Audit logging enabled - [ ] BCB reporting configured - [ ] Retention policies set ## Regulatory Contacts - **Banco Central do Brasil**: https://www.bcb.gov.br - **CMN**: https://www.bcb.gov.br/estabilidadefinanceira/cmn ## Compliance Updates This documentation is updated as regulations change. Always refer to the latest version and consult with compliance officers for specific questions. **Last Updated:** 2026-01-23