Crypto Law Profile

Brazil BCB Normative Instruction 701/2026 on VASP Technical Certification

Brazil’s central bank instruction sets procedures and minimum content for independent technical certification tied to VASP intermediation and custody communications.

Brazil Effective Regulation Feb 2, 2026

At a glance

Jurisdiction Brazil; issued by Banco Central do Brasil departments.
Status In force from February 2, 2026.
Scope Applies to communications for virtual asset intermediation and custody services.
Certification Requires an independent technical certification submitted through BCB systems.

Overview

BCB Normative Instruction No. 701/2026 is a Banco Central do Brasil regulatory instruction for Brazil’s virtual asset service provider regime. As of July 6, 2026, it is in force, having entered into force on February 2, 2026. The instruction establishes how covered institutions and entities communicate an interest in providing virtual asset intermediation or custody services in Brazil, and the minimum content of the independent technical certification linked to Resolution BCB No. 520/2025.

The instrument is narrow but operationally important. It does not replace Brazil’s broader virtual asset framework under Resolution BCB No. 520/2025. Instead, it specifies the filing route, the role of the independent certifier, and the control areas that a certification opinion must address before the Banco Central do Brasil treats the communication as effective.

Key provisions for Brazil VASP technical certification

Communication through Unicad and APS-Siscom

The instruction provides that the communication must include two procedural steps: registration and updating of information in Unicad, and submission of the independent technical certification through APS-Siscom, in the Módulo de Comunicação Relevante. The text states that failure to complete all required procedures leaves the communication without effect before the central bank, meaning the applicant remains unable to provide the covered services under the applicable regulation.

Independent certification and no-conflict evidence

The certification must be prepared by a qualified independent company. The certifier’s package must include an institutional presentation showing suitability for the work, existing and valid qualifications or credentials, and a declaration that there are no corporate or business relationships with the contracting institution that would create a conflict of interest or impair the independence of the analysis.

Minimum scope of the certification opinion

Article 4 describes the certification as a conclusive opinion on the applicant’s adequacy across multiple control domains. The required review areas include:

  • segregation between the provider’s own virtual assets and customer or user virtual assets;
  • proof-of-reserves procedures demonstrating that the provider holds the virtual assets it states it holds for customers and users;
  • relevant outsourced services, including processing, data storage and cloud computing arrangements;
  • technical, operational and regulatory capability of relevant service providers, including foreign providers where applicable;
  • recovery plans for virtual asset positions and customer financial resources after incidents;
  • AML/CFT and anti-proliferation controls, cybersecurity, incident response, internal controls, risk management, compliance and internal audit;
  • asset listing, suspension and delisting policies, including controls for fiat-referenced virtual assets; and
  • custody contracts, custody safeguards, redundancy mechanisms and recovery procedures for control instruments over virtual assets.

Consumer information and supervisory evidence

The instruction also requires the independent opinion to assess whether the provider makes adequate information available to customers and users. The specified information categories include the provider and its services, support channels, contracted institutions and services, the existence or absence of guarantee fund or insurance coverage, rights and obligations, custody and storage processes, risks related to the relevant asset and distributed-ledger system, staking information, educational risk content and updated customer position reports.

The certification must address each item specifically. General consolidated opinions are not accepted under the text. The Banco Central do Brasil may request deeper analysis or clarification, and the independent entity must keep working papers and supporting memoranda available to the central bank for at least five years.

Status and timeline

IN BCB No. 701/2026 is dated January 22, 2026, was published in Brazil’s Federal Official Gazette on January 23, 2026, and entered into force on February 2, 2026. No separate future milestone appears in the instruction itself. Related implementation dates under Resolution BCB No. 520/2025 should be tracked separately from this technical-certification profile.

CryptoSlate classification

For CryptoSlate’s legal-reference taxonomy, this profile is best classified as a Brazilian regulation, in force, focused on licensing and registration, custody, AML/CFT, cybersecurity and consumer protection. It should be read as a neutral regulatory reference, not as legal, tax, investment or compliance advice.

Key provisions

BCB communication route

Covered institutions must update Unicad data and submit the independent certification through APS-Siscom’s relevant communication module.

Licensing & Registration Feb 2, 2026 Source

Incomplete communication has no effect

Failure to complete all stated procedures leaves the communication ineffective before BCB and the applicant barred from the covered services under the regulation.

Licensing & Registration Feb 2, 2026 Source

Qualified independent certifier

The certifier must provide credentials and a no-conflict declaration signed by the applicant’s responsible director or administrator and the certifier.

Licensing & Registration Feb 2, 2026 Source

Segregation and proof of reserves

The certification opinion must address mechanisms for segregating provider and customer assets and procedures for proof of reserves.

Custody Feb 2, 2026 Source

Controls, AML and cybersecurity

The opinion must review AML/CFT and anti-proliferation controls, cybersecurity, incident response, internal controls, risk, compliance and audit structures.

AML/CFT Feb 2, 2026 Source

Customer information review

The certifier must assess whether customers receive adequate information on services, support, contractors, coverage, custody, asset risks, staking and positions.

Consumer protection Feb 2, 2026 Source

Working papers retained for BCB

Independent certifier working papers and supporting memoranda must remain available to BCB for at least five years.

Licensing & Registration Feb 2, 2026 Source

Timeline

  1. Resolution BCB 520 issued

    BCB issued the broader VASP regulation that IN BCB 701/2026 operationalizes for certification communications.

    Enacted Source
  2. IN BCB 701 adopted

    BCB departments issued the technical certification instruction for virtual asset intermediation and custody communications.

    Enacted Source
  3. Published in DOU

    The instruction was published in Brazil’s Federal Official Gazette, Section 1, page 71.

    Enacted Source
  4. Entered into force

    The instruction’s communication and certification requirements became operative.

    In force Source

Who it affects

Actors

Banco Central do Brasil

Asset classes

Fiat-referenced virtual assets, Virtual assets

Official sources

Editorial note

Operational regulation under Brazil’s BCB virtual asset regime. Profile focuses on IN BCB 701/2026 and cites Resolution BCB 520/2025 only for context. Not legal advice.