Last August 1, 2021, Resolution BCB No. 85/2021 came into force, which provides for the cyber security policy and the requirements for contracting data processing and storage and cloud computing services to be observed by payment institutions authorised to operate by the Central Bank of Brazil.
The new regulation, which revokes Circular no. 3,909/2018, brings the harmonisation of the rules applicable to IPs with those applicable to FIs, such as, for example, the communication to Bacen of the occurrences of relevant incidents and interruptions of relevant services that configure a crisis situation by the IP, where the IP now establishes and documents the criteria that configure this type of situation, keeping the documentation available to Bacen for a period of five years.
It is important to remember that the Bacen still maintains the deadline of 31 December 2021 for the adaptation of contracts for the provision of relevant data processing and storage and cloud computing services that were entered into before 1 September 2019 (the date Circular No. 3,909/2018 came into force).
For further information, the Payment team is at your disposal.
