On April 26, 2018, Brazil's National Monetary Council issued Resolution 4,658, creating new rules on cybersecurity policies and requirements for data processing and storage (source document in Portuguese). Per the Resolution, institutions authorized to operate by the Central Bank of Brazil must implement a cybersecurity policy in order to ensure confidentiality of data systems. In addition, the Resolution requires that institutions notify the Central Bank of third-party vendor contracts, regardless of the nationality of the corresponding service provider.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.