The Central Bank will exclude 31 companies from Pix after reinforcing security
Among the financial institutions that operate without requiring authorization from the Central Bank, 31 will have to comply with the new rules imposed by the monetary authority, after a series of cyberattacks on the Pix system left a hole of about R$ 1.5 billion.
This information is included in the minutes of the last Pix Forum, held on the 4th. Another 39 are already in the new standard. These companies need a contract with a financial institution that participates directly in Pix. Therefore, they are called indirect participants of Pix.
According to a resolution published by the BC on September 5, only institutions that submit a complete risk assessment form can be responsible for third parties. This document contains data on transactions, values under custody, among other financial information used by the monetary authority to assess the likelihood of default or insolvency.
Credit cooperatives also lost the right to oversee the participation of other companies in the Pix System.
Indirect participants who are in violation of the new rule and do not find a new partner by March 4 will be excluded from the system.
The BC is also expected to present, next year, a risk matrix to identify participants with systemic security failures.
In the hacker attacks recorded between June and September, shell accounts maintained in indirect Pix participants were used to disperse money obtained from the frauds. Companies like Soffy, which received about R$ 270 million of the R$ 541 million diverted from BMP Moneyplus on June 30, had their participation in Pix suspended.
At the Pix Forum, the monetary authority also disclosed the agenda for 2026. There are plans to make it more difficult for people with a history of fraud to access Pix to curb the activities of frontmen.