Authorization Basics

3 mins read

Brazil Open Banking

Learn how the Open Banking Brazil directive aims at improving the process of sharing data and financial services between different financial institutions.

What Open Banking Brazil Is

Open Banking Brazil is a directive created by the Banco Central do Brasil (BCB) and the National Monetary Council (CMN) that aims to bring Brazilian financial institutions into an Open Banking innitative. As other directives on open banking, the Brazilian open banking environment is designed to standardize the sharing of data, products, and services between financial institutions licensed by BCB - all of that with full customers' control of the use of their data within the ecosystem, better transparency of processes, and greater competition on the market that promotes the emergence of new business models.

Get OAuth, Consent, and API Security for Open Finance Brasil

Cloudentity comes with an instantly applicable authorization server profile specific to the Brasil Open Banking and Open Insurance ecosystems that can make your solution instantly compliant with the Brasil Open Finance requirements.

Open Banking Brazil in Depth

To allow Brazilian financial institutions to adapt to the new directive, the rollout of OB Brazil directive was divided into four parts:

  1. Phase 1 - Data on the participating institutions - deadline February 1, 2021

    Financial institutions deliver their data in a standardized way. Service channels, products, services, and costs of all of them are publicly available.

  2. Phase 2 - Customer data - deadline August 13, 2021

    Customers of a financial sector can share their data (account data, transaction history, available credit cards, and more) with the institutions of their choice and all this happens only after a consent is granted by the customer.

  3. Phase 3 - Services - deadline August 30, 2021

    Consumers have access to financial services like payments, credits or credit offers, without the need to access the financial institutions channel. Such access can be made from a completely external channel the service originally comes from.

  4. Phase 4 - Other data - deadline December 15, 2021

    Products and services related to foreign exchange transactions (international payments), term deposits accounts, insurances, open pension funds, and more financial products made available for customers through external channels different from the channel the service originates from.

Where Cloudentity steps in

Cloudentity is a platform for application and API access control. With its powerful capabilities of an advanced authorization, governance, and developer enablement features, Cloudentity provides Brazilian financial institutions with the tools they need to comply with the Open Banking Brazil standards and guidelines.

Cloudentity methodology is based on the regional Security Profiles that codify the standards implementations and Security Policy Packs that allow users to select the policies that apply to them.

Quartet of services

Besides bringing advanced and modern authorization and API access control, Cloudentity brings another feature to the Open Banking Brazil ecosystem. To be compliant with OB Brazil, financial institutions must provide their customers with full and fine-grained control over their personal data. Customers need to be able to accept or reject consents they grant to third-party provider’s applications. Such consents should be also revokable giving the user a possibility to cancel their consent at any time. Cloudentity as a service provider gives your users control over their personally identifiable information (PII) with a proper granularity. Built-in consent features of Cloudentity make it a breeze to provide your customers with consent pages that you need for your financial institution to be Open Banking compliant.

You can, for example, extend an open-sourced Open Banking Quickstart environment for the purposes of a proof of concept. You can also create your custom consent page using Cloudentity production ready and provided out of the box APIs and integrate it with Cloudentity.

Updated: Sep 8, 2023