Reputational risk is currently one of the most lethal risks for the image and business continuity of organizations that manage third-party money worldwide, including Brazil.
To this end, financial institutions, investment fund managers, investment advisors and consultants, and all organizations doing business in Brazil must be able to identify, on a day-to-day basis, through their compliance procedures, potential events that generate reputational risks.
Below we list 5 of the main Compliance Policies to identify potential reputational risks that foreign market players must implement:
1. Know Your Client Policy (KYC): Supervised with close look by the Brazilian Central Bank (BACEN) and the Brazilian Securities and Exchange Commission (CVM), the KYC Policy must establish the procedures to be followed by the Fintech to know its clients, including due diligence in their identification, qualification and classification.
The procedures must include the obtention, verification and authenticity validation of the client’s identity information, including, when necessary, through confrontation of such information with private and public data base.
2. Data Protection Privacy Policy: Framed by the Brazilian Data Protection Law, the Data Protection Privacy Policy is a key item for financial and capital markets institutions and must establish the rules for collection, registration, storage, use, sharing and elimination of data collected from customers, employees and third parties related to the institution.
3. Anti-Corruption Policy: Required by Federal Law, the Anti-Corruption Policy is another high level guidance and must prevent the institution, including shareholders, management, employees and outsourced service providers, from practicing harmful acts against domestic or foreign public administration.
4. Code of Ethics and Conduct: Based on the Brazilian Anti-Corruption Law, Administrative Misconduct Law and certain resolutions, the Code of Ethics and Conduct must provide for the ethical principles and standards of conduct that are part of the way of acting and conducting the institution’s business with the most diverse stakeholders related to the company.
5. Money Laundering Prevention and Terrorism Financing Policy (PLDFT): Regulated especially by Brazilian Central Bank regulations and Federal Money Laundering Prevention, the PLDFT must provide that the institution, including shareholders, management, employees and outsourced service providers must adopt the best practices in contracting with customers and to prevent and combat money laundering and terrorist financing.
The policies listed are not exhaustive. They aim to draw the attention of financial institutions, investment fund managers, advisors and investment consultants to be careful in their operations with facts that generate reputational risks, aiming to avoid and mitigate them if they materialize.
