The decision made by the Central Bank in early March to periodically monitor the conduct of Pix participants to ensure they only maintain Pix keys in their databases in accordance with the names registered in the CPF and CNPJ bases of the Federal Revenue Department has raised a red flag in financial institutions and payment companies regarding the need to enhance their transaction monitoring tools. The reason is that the regulatory agency is willing to penalize companies that do not remove from their systems keys of individuals and companies with registration statuses such as ‘suspended,’ ‘canceled,’ ‘deceased holder,’ ‘null,’ ‘inactive,’ ‘downgraded,’ and similar ones.
Alexandre Pegoraro, CEO of Kronoos, a platform that uses AI to conduct searches in thousands of sources to verify the integrity of individuals and companies, states that the Central Bank’s decision forces institutions to strengthen their transaction monitoring technological structures.
According to him, adapting systems to new requirements like these requires financial institutions to make profound adjustments to their structures. ‘Every month, these companies already review millions of alerts related to financial crimes or fraud, with almost 95% of them being considered “non-suspicious.” Now, these programs will have to add new alerts about the compliance of keys with the Revenue bases. Hence the importance of having solutions that automate and facilitate this process, while ensuring that it is carried out quickly and securely,’ he says.
By adopting these new requirements, the BC argued that they aim to make it more difficult for scammers to hold Pix keys with names different from those stored in the Federal Revenue databases. In this sense, the agency itself also promises to actively act to detect Pix keys with names different from those registered with the Revenue, to ensure that participants delete or adjust these keys.
A note published by the agency informs that the BC also banned changing information linked to random keys and claiming ownership of email-type keys. Individuals and companies using random keys and wanting to change any information linked to that key can no longer do so. From now on, the random key must be deleted and a new one created with the new information.
