The decision made by the Central Bank in early March to periodically monitor the conduct of Pix participants to ensure they maintain only Pix keys in their databases in accordance with the names registered in the Federal Revenue's CPF and CNPJ databases raised a warning signal among financial and payment institutions regarding the need to enhance their transaction monitoring tools. The reason is that the regulatory agency is willing to penalize companies that do not exclude from their systems keys of individuals and companies with registration statuses such as "suspended," "canceled," "deceased holder," "null," "ineligible," "deregistered," and other similar statuses.
Alexandre Pegoraro, CEO of Kronoos, a platform that uses AI to conduct research across thousands of sources to verify the integrity of people and companies, states that the Central Bank's decision requires institutions to strengthen their technological structures for transaction monitoring.
According to him, adapting systems to new demands like these requires financial institutions to make profound adjustments to their structures. Each month, these companies review millions of alerts related to crimes or financial frauds, with nearly 95% of them being considered "not suspicious." Now, these programs will have to add new alerts regarding the compliance of the keys with the Revenue's databases. Hence the importance of having solutions that automate and facilitate this process, while at the same time ensuring it is carried out quickly and securely," he says.
By adopting these new requirements, the Central Bank argued that they aim to make it more difficult for scammers to maintain Pix keys with names different from those stored in the Federal Revenue databases. In this regard, the agency itself also promises to actively work to detect Pix keys with names different from those registered with the Revenue Service, to ensure that participants exclude or adjust these keys.
A notice published by the agency states that the Central Bank also prohibited the alteration of information linked to random keys and the claim of possession of email-type keys. People and companies that use random keys and wish to change any information linked to that key will no longer be able to do so. From now on, the random key should be excluded and another should be created with the new information.
