Brazil Adds Mandatory Audits for Crypto Firms Ahead of October 2026 Deadline

• New rule requires CVM-registered professionals to audit crypto firms on AML, CTF, and custody compliance
• All providers, including smaller companies, face higher costs and an October 2026 deadline

On June 2, 2026, Cryptopolitan reported that Brazil’s central bank has introduced a mandatory independent audit requirement for all crypto service providers seeking new licenses or renewals. Providers must now undergo audits conducted by professionals registered with the Comissão de Valores Mobiliários (CVM), Brazil’s securities regulator, as the country tightens oversight in one of Latin America’s largest crypto markets.

The audits cover anti-money laundering (AML) measures, counter-terrorism financing (CTF) controls, custody practices, internal risk management, customer asset segregation, and employee compliance programs. These standards target comprehensive management of both operational and financial risks.

The mandate covers all crypto service providers, regardless of size or business model. Both new applicants and existing firms seeking license renewal must comply. The central bank set October 2026 as the compliance deadline for existing providers.

Compliance costs are expected to rise significantly. Cryptopolitan cited compliance experts who project that audit fees could run into the tens or hundreds of thousands of dollars, creating new barriers for smaller firms and startups. The central bank has not released official cost estimates.

Firms that fail the audit will not receive authorization to operate in Brazil’s crypto market. Regulatory approval is now directly tied to proven compliance with these standards.

This mandatory audit rule adds another enforcement layer to Brazil’s already strict crypto regulatory framework, which includes multi-tiered requirements for licensing, asset custody, stablecoin oversight, governance, and compliance verification.