The Gaming Boardroom

Where the gambling industry comes to think

Brazil Gambling Regulations: A Complete Guide to Staying Compliant

Steve Tyler Exec Content

Brazil Gambling Regulations: A Complete Guide to Staying Compliant

Summary

This guide breaks down Brazil’s new federal framework for online gambling, with a strong emphasis on anti-money laundering (AML), know your customer (KYC) rules and technical standards required for a federal fixed-odds betting licence. The Secretariat of Prizes and Bets (SPA) — part of the Ministry of Finance — has translated national AML laws into sector-specific ordinances that set detailed obligations on operators, covering registration with COAF, internal policies, annual risk assessments and record-keeping.

Key technical demands include local hosting or specific international legal cooperation, ISO 27001 data-centre requirements, mandatory certification of betting systems, facial recognition for KYC using CPF, encrypted communications, DNSSEC and the exclusive use of the “.bet.br” domain for fixed-odds sites. The SPA also defines required senior roles, reporting obligations and surveillance rules for live studios, while multiple government bodies (RFB, COAF, BCB, ANPD, MESP, ANATEL and consumer protection agencies) share enforcement powers.

Punchy: If you plan to operate in Brazil, this isn’t optional reading — it’s your compliance checklist.

Key Points

  • Brazil’s federal framework (Law No. 14,790/2023 + SPA ordinances) imposes sector-specific AML/CTF/PLD controls and strict KYC rules for licensed operators.
  • Operators must register with COAF, implement internal AML/CTF policies, run annual risk assessments and retain records for at least five years.
  • KYC requires CPF verification and facial-recognition checks; operators must screen for PEPs and classify customers by risk.
  • Technical compliance includes certification of betting systems, ISO 27001-certified data centres (hosting in Brazil unless specific legal cooperation exists), data redundancy, backups and business continuity plans.
  • Network security: DNSSEC, encrypted communications, IDS/IPS, application-level firewalls and use of the “.bet.br” domain for fixed-odds sites.
  • Fairness and live-studio rules: RNG-determined game results, continuous surveillance and recordings (retain for minimum 90 days).
  • Designated senior roles are mandatory (directors for accounting, integrity/compliance, customer service/ombudsman, liaison to Ministry of Finance; plus data protection and operational security leads).
  • Multiple agencies enforce rules — SPA (Ministry of Finance), MESP, RFB, COAF, BCB, ANPD, state authorities and consumer bodies — each with distinct powers including audits, blocking illegal sites and tax enforcement.
  • Federal licence application fee: BRL 30 million for five years; some states offer local licences (e.g. Rio de Janeiro) with lower fees but jurisdictional limits.

Why should I read this?

Look — if you’re thinking of entering Brazil’s market or already operating there, this summary saves you from trawling rules and ordinances. The regulator is strict and the penalties, technical demands and licence costs are real. Read it to know the non-negotiables: AML/CTF controls, KYC with facial recognition, local data rules and the exact senior roles you must name. In short: read this before you spend time or money on an application.

Source

Source: https://igamingbusiness.com/the-rulebook/brazil/brazil-gambling-regulations-compliance-aml-kyc/