Adapting Your Crypto Exchange for Brazil’s “DeCripto” Reporting Standards

Hey there! So, Brazil just rolled out some fresh regulations for the crypto scene, and if you're operating an exchange, you'll definitely want to keep yourself in the loop. It’s all about staying ahead and making sure you’re compliant with the latest changes! So, the “DeCripto” standards really focus on making digital currency operations more transparent and improving how we report on them. Alright, let’s dive into how to get your exchange fully compliant and ready to go!

Understanding DeCripto

The DeCripto initiative is all about creating a straightforward guide for handling virtual currency transactions. So, you'll want to keep track of everything accurately and make sure to report certain activities to the government. Alright, here’s a little summary of the key points you should be aware of:

• Transaction Reporting: If a transaction exceeds a certain limit, it has to be reported.
• User Identification: You’ll need to confirm who your users are, kind of like those KYC (Know Your Customer) guidelines. It’s all about keeping things safe and secure!
• Regular Audits: Get ready for some routine checks to make sure we’re staying in line with these standards.

Steps to Adapt Your Exchange

To get on the same page with DeCripto, here are some important steps you’ll want to follow:

1. Update Your Software: Don’t forget to keep your trading platform up to date! It’s super important to have all the right tools handy for tracking your transactions and managing user data smoothly.

2. Get Your KYC Practices in Gear: Establish an easy and friendly process for identifying users. This could mean using tools to verify documents and check identities.

3. Reporting Processes: Set up a system that automatically collects and shares transaction data. This will really simplify the process of getting your reports ready when you need to file them.

4. Getting Your Team Up to Speed: It’s super important that your staff is on board with these new regulations and knows how to weave them into their everyday tasks.

5. Stay in the Loop: Make sure to stay updated on any shifts or news regarding DeCripto standards, since regulations can change over time.

Useful Resources

If you’re looking for more details, just take a look at these links:

• DeCripto Overview
• KYC Best Practices
• Crypto Regulatory Updates

Conclusion

I know adapting to Brazil's DeCripto standards can feel a bit overwhelming at first, but trust me, it's really worth the effort. Keeping your crypto exchange compliant and reliable will pay off in the long run! If you follow these steps, you won’t just check off the regulatory boxes--you’ll also set up a strong foundation for your business in Brazil's booming crypto market. Hey, just a quick reminder to keep yourself in the loop about everything happening with crypto compliance! It’s super important to stay informed.

Your data warehouse isn't quite speaking "DeCripto" yet. Alright, so you've got your fills, cancels, internal transfers, and those moves between hot and cold wallets--enter DeCripto Version 1! So, 0 needs a few particular record families--like 0110, 0210, 0650, and the range of 2110 to 2650. And they've got to be arranged in a super specific, pipe-delimited format. Oh, and don’t forget to include those CARF-coded fields, like CodigoReportavelCarf and CódigoNexoCarf. They’re pretty important!

Hey, just a heads up--if you overlook even one mapping, like forgetting to configure Transfer Wallet → 2650 with the correct IN/OUT semantics, you could risk having your monthly file rejected by e-CAC. And trust me, that could really throw a wrench in your compliance efforts come July 1, 2026. So, stay on top of those details! Feel free to take a look at all the details by heading over to this link: (gov.br). It’s got everything you need!

You've got a tight deadline and responsibilities on two fronts. So, just a heads-up! Beginning in July 2026, DeCripto is stepping in to replace the old 2019 model. That means the current one will be officially retired by June 30, 2026. Exciting times ahead! Brazilian exchanges are still on the hook for monthly reporting, and guess what? This now includes foreign crypto service providers that are serving users in Brazil. Hey, just a heads-up! The AML/KYC due diligence requirements related to CARF are set to take effect on January 1, 2026. Make sure you’re ready for it! If you mess up or lose your files, it could really come back to bite you. You might end up facing harsh penalties and catching even more scrutiny from the supervisors. So, it's definitely best to keep everything organized! (gov.br).

• Penalties scale fast Hey, just a heads up! If you fall behind on your filings, you'll need to be prepared to pay up. For regular entities, it’s R$1,500 a month. If you’re in the Simples/imunes/isentas category, it’s a bit lighter at R$500 a month. And for individuals, you're looking at R$100 a month. So, it’s definitely something to keep in mind to avoid those extra costs! If you come across any incorrect or missing information, just a heads up that it’ll cost you about 3% of the operation value for PJ or 1. There's a 5% penalty for PF, and just so you know, it's got a minimum fee of R$100 for every operation that's affected. Ouch! (normaslegais.com.br).
• Navigating authorization and dealing with market access challenges. Hey! Just a heads up to watch for the upcoming rules from the Central Bank (BCB) regarding VASPs (Virtual Asset Service Providers). They should be rolling out soon! So, just a heads up, 519, 520, and 521 are set to roll out on February 2, 2026. Just mark that date! If you're already playing, make sure to get your authorization squared away within the next 270 days! Starting October 30, 2026, teaming up with unauthorized companies is going to be off the table.
  Hey, just a heads up--before you switch your license, double-check that your compliance operations are all set and in good shape! You don’t want any hiccups in the process. For more details, you can check out this link: bcb.gov.br.
• There’s a big push for global cross-checking now. So, the CARF data exchange formats got a bit of an upgrade in 2024-2025. Now, it looks like the different jurisdictions are gearing up to start sharing data in 2027! Pretty exciting stuff on the horizon! Just a heads-up: when you submit your DeCripto info, regulators will be cross-referencing it with data from CARF-participating authorities. So, there’s not going to be a lot of leeway for any mistakes in reconciliation. Just make sure everything’s in order! Got to make sure we get it right! You can check out the details here.

Who this is for (and the keywords you need on your implementation docs)

• Who it's for: Hey there! This message is directed at chief technology officers, compliance VPs, heads of data engineering, and Brazil program leads at crypto exchanges and CASPs--whether you’re part of a global company or a regional player. If you're thinking about diving into the Brazilian market or looking to expand your presence there in 2026, this is for you!
• Important keywords to include so we're all aligned with DeCripto/CARF and BCB oversight:
  • “Registro 0110/0210/0650/2110-2650 mapping”
  • “CodigoReportavelCarf”
  • “CódigoNexoCarf”
  • “UTF-8 pipe-delimited hierarchy”
  • “Saldo Anual 1000/1010”
  • “e-CAC upload orchestration”
  • “RFB IN 2.291/2025”
• “BCB Res. 519/520/521 authorization window”.
• "Let’s get the CPF and CNPJ sorted out and make sure we don’t have any duplicates."
  • “BRL35k self-reporting threshold”
  • “foreign CASP in-scope”
• “CARF XML Schema (2025-07) guide.”
• "Internal validator for Status Message XML." ”.

If you're looking for more info, feel free to dive into the official guide. It's got all the details you might need!

What’s New Since January 2026

• Check out the DeCripto layout v1! Great news! The ADE Copes system is now live as of February 2025, which means we can jump into the integration work. We're planning to kick off production filing in July 2026. So, these files are basically text files that use UTF-8 encoding. They’re set up with pipes to separate values, and they also have a clear hierarchy, which means the data is organized in a specific order. Oh, and just to mention, they end each line with a CRLF (that’s just a fancy way of saying they use a carriage return and a line feed). Feel free to take a look at it here. It’s got some good info!
• Scope: So, Brazilian exchanges now have to report their activity every month, regardless of how much was traded. So, here’s the deal: if you’re an individual or a business and you’re trading outside of a Brazilian exchange, you’ll need to report things yourself only if your monthly trading volume exceeds BRL 35,000. That’s an increase from the previous limit of BRL 30,000. Just keep that in mind! This requirement also extends to foreign CASPs that serve users in Brazil. If you’re looking for more info, you can check it out here.
• Due Diligence: So, starting from January 1, 2026, all CASPs will have to stick to AML/KYC procedures that match up with CARF guidelines. If you want to get all the details, just check it out here.
• BCB Regime: Just a heads up, PSAVs (or SPSAVs) now need to get authorization before proceeding. There are three main types: intermediária, custodiante, and corretora. This new framework really focuses on solid governance, keeping client assets safe and separate, and making sure that cyber security and data protection are top-notch. You can definitely do self-custody transfers, but it’s important to have some solid documentation and controls in place to keep everything in check. So, just a heads up: these new rules will start on February 2, 2026. If you’re planning to apply, make sure you get your application in within 270 days from then. Starting October 30, 2026, we’ll need to make sure that all operations are handled by authorized entities only. If you want to dive deeper into the details, you can check it out here.

Hey there! Just a quick heads-up about the OECD CARF Tech. In 2025, they rolled out some updates for the XML User Guide and the Status Message XML. Plus, there’s some exciting news on the horizon--they’re planning to kick off information exchanges in 2027! Exciting times ahead! Hey there! Just a quick reminder to double-check the specifications for validating your CARF segment of the DeCripto records before Brazil goes live. It’s super important to get this right! Check it out here.

The Solve -- 7Block Labs’ Approach to DeCripto Compliance Without the Hassle

We've put together a three-part game plan that links engineering challenges with our regulatory goals. It even comes with clear checkpoints so we can track our progress along the way!

1) Data Model + Taxonomy Retrofit (Weeks 1-3)

• Deliverables We're planning to put together a standard “DeCripto Event Contract.” Think of it as a roadmap that connects exchange events to DeCripto/CARF records. So, when we’re talking about trades, we’ll stick with 0110 for buy/sell transactions and 0210 for crypto-to-crypto swaps. Just a heads up, the CARF mirrors you’ll want to keep in mind are 2110 to 2220. So, the wallet flows will include a few different things: we’re talking about 0350 and 0450 which are all about non-trade inflow and outflow. Then there’s also 0650, which is basically when a user sends money to a wallet that isn’t a CASP. And let's not forget about the range from 2350 to 2650 that deals with the CARF mirror. Hey there! Just a quick heads up about those big retail payments. If you're making a purchase that’s over $50,000 (or the same amount in BRL), we’ll be using 0550 along with CARF 2550. Just wanted to keep you in the loop! If you want to dive deeper into this, just click here. It’s a pretty useful resource! We're going to create a solid identity backbone by tidying up CPF and CNPJ info, making sure everything's clean and the check-digits are spot on. We'll also gather residency details and put in place some deduplication logic. This will help make CARF’s “reportable person” identification process a whole lot smoother. If you’re looking for more info, you can check it out here. There’s a lot of interesting stuff that goes into the crypto asset reporting framework and some updates on the common reporting standard.
• How It Reduces Risk on Your ROI.
• With just a one-time schema refactor, we can finally say goodbye to those frantic month-end scrambles! You'll actually be able to create both the domestic DeCripto and CARF-aligned extracts using the same normalized data. This is going to cut down about 40-60% of the time we spend on compliance engineering. That’s a pretty big deal!

2) File Generation + Transport (Weeks 3-6)

• Deliverables So, you've got this super reliable writer that works with UTF-8. It’s designed to whip up a pipe-delimited hierarchy using CRLF. Plus, it makes sure that all the parent-child relationships are spot on and handles field-level formatting too, whether it's decimals or dates. Pretty neat, right? Check it out here.
• So, we've got a "Registros" coverage matrix that covers all the necessary segments with unit tests. This includes the header 0000 and the segments 0110, 0210, 0350, 0450, 0550, 0650, 0750, 1000, and 1010. It also takes care of the 2000 block and reflects everything from 2110 to 2650 CARF. And hey, let’s not overlook those closures for 2999 and 9999! If you want to dive deeper into the details, check this out here. It’s got everything you need! We're all about making the e-CAC orchestration super smooth! This setup includes a secure upload process, smart retries that won’t mess things up if they have to be repeated, and we make sure to capture all those important receipts. Plus, we're keeping everything in check according to the RFB guidelines. If you’re looking for more details, just click here. It’ll take you right to the info you need!
• How It Reduces Risk and Boosts ROI. By using “submit-once” quality gates, we can really reduce the number of times we have to run things over again. So, what's the usual outcome? Well, you can expect an impressive over 99% acceptance rate right off the bat, with less than 0% for any issues. In similar projects that are regulated, about 5% of the files end up needing some corrections afterward.

3) Controls + Ongoing Operations (Weeks 6-10)

• Deliverables
• CARF/CRS Cross-Check Harness: Think of this as your trusty internal checker. It uses the OECD XML validation rules and Status Message patterns to ensure everything’s on point. This will give you a heads-up on the feedback loops for international transactions. Take a look at this link: (oecd.org). You'll find some interesting info there!
• PSAV Authorization Posture (BCB): So, this policy pack really dives into a lot of ground - it touches on everything from keeping assets separate to figuring out which wallet goes with what and how to respond to incidents. It's got you covered on all fronts! It also outlines what you need to consider for self-custody transfers, making sure your compliance program is in line with the requirements. 520/2025 expectations. If you're looking for more info, you can check it out right here: bcb.gov.br.
• Evidence Pack: This is basically a well-organized stash of data lineage info, reproducibility scripts, and retention policies. It's all set up to tick the boxes for the RFB’s "guardar documentos" requirements and to keep everything smooth for the BCB's supervisory reviews. Dive deeper here: (normaslegais.com.br).
• How It Reduces ROI Risks. By streamlining the reconciliation process and delivering audit-ready documents, we’ve really managed to reduce the size of our compliance team. It’s been a game changer! Basically, this means that procurement can get a better handle on OPEX planning since they have solid SLAs to back them up.

1) Mapping a Crypto-to-Fiat Sale to DeCripto and CARF

Alright, let’s dive into how a crypto-to-fiat sale goes down with DeCripto and CARF.
Alright, here’s the scoop:

• Source Events: We’ve got a few important events to focus on: trade_execution, ledger_settlement, and fiat_payout.
• DeCripto Records:
  • 0110 (Venda):
    • symbol=BTC
    • qty=0.05
    • gross_value_brl=R$18,250.00
    • fees_brl=R$36.50
    • trade_ts=2026-07-10T13:22:01Z
• 0450: This one talks about moving money to the user's external bank account, but it only counts if it's actually shown on the ledger. Otherwise, it just gets mixed in with the whole economics of the 0110.
• CARF Mirror for the Same Transaction:
• When it comes to converting crypto to cash, 2120 is definitely our top pick! It includes mapped CodigoReportavelCarf and Nexo fields, which are in line with the OECD guidelines. Take a look at this link for all the details: (gov.br). You'll find everything you need there!

2) Handling a User Transfer to Self-Custody

• Event: So, a user has made the choice to pull out 2 ETH and send it to a wallet that they own outside of the CASP.
• DeCripto Records:
  Hey there! Just a quick reminder for the 0650 (User Account → Non-CASP Wallet) process: Don’t forget to jot down the asset ID, transaction hash, and timestamp. Also, if you collected any metadata for the receiving address according to KYC/AML rules, be sure to include that as well. Thanks!
• CARF Mirror:
• 2650 (Transfer Wallet): Stay in tune with the user’s claims regarding their tax residency for CARF reporting. If you want to dive deeper into the details, just click here.
• BCB Consideration:
  Make sure your internal controls keep tabs on where the money's coming from and where it's going. Plus, don’t forget to run those risk checks! This aligns perfectly with the resolution. So, 520's really focusing on what people expect and the industry guidelines that back up self-custody transfers, as long as they've got the right controls in place. If you’re curious and want to dive deeper into the details, you can check it out here. It's a great read!

3) High-Value Crypto Payments for Goods/Services

• Threshold: If you make a transaction that’s over $50,000 when you convert it to BRL, you’ve got to report it.
• DeCripto: Hey! Just a heads up, when you're working with merchant identifiers, make sure to use the codes 0550 and CARF 2550. Also, don’t forget about value normalization! It’s super important to keep everything in check. Setting up a daily FX normalizer is a smart move! It'll help you avoid any border issues that might crop up around that threshold. If you're looking for more info, check out the official manual right here: gov.br. It’s got all the details you need!

4) Annual Balances

• DeCripto:
• Don’t forget to check out the 1000/1010 “Saldos Anuais” to stay updated on where you stand at the end of the year. If you're overseeing a custodial line, just double-check that it matches up with your custody sub-ledger and the proof-of-reserves attestations. It’s super important to keep everything in sync! If you're looking for more info, feel free to take a peek at the official manual. It's got all the details you might need!

Design decisions we recommend (emerging best practices as of 2026)

• Start with the facts, then move to the forms. Just store your atomic trade and transfer details once, and then you can easily turn them into DeCripto pipes and CARF XML for all your views and exports. This method really helps keep things on track and makes it way easier to switch up the specifications when RFB rolls out DeCripto v1. The OECD will be rolling out updates for their XML in 2026-2027. (oecd.org).
• Get a CARF-aware validator up and running as soon as you can. So, while DeCripto isn't exactly XML, the error patterns from CARF's Status Message can really help us get a good sense of what tax authorities might push back on down the line. "Hey, it's definitely a good idea to get things validated before the month wraps up. It’ll save you from having to redo a bunch of stuff later on." (oecd.org).
• Wallet tracking and separation controls. Just a heads up--be sure to use deterministic address attribution and split your client assets between cold and hot wallets. It's definitely a smart move! Hey, just a friendly reminder to make sure you have those incident playbooks ready! They’re super important for Brazil’s PSAV rules and are definitely going to be a topic during your authorization interviews. (bcb.gov.br).
• Make sure you don’t sell yourself short when it comes to identity data. When you're bringing someone on board, it's super important to collect their CPF or CNPJ. Plus, make sure to tidy up that data and double-check it for accuracy! Make sure to note down those residency claims like CARF requires, and get ready to sort things out with other jurisdictions starting in 2027. It’s going to be important! (oecd.org).
• Focus on preventing penalties instead of just fixing them later. Make sure to automatically apply the rules like “no empty required fields” and “no parent without a child” according to DeCripto v1.

0. Keep in mind that just one tiny typo can cost you a hefty 3% of your operational value when you’re dealing with a ton of transactions. That really adds up, especially when you're looking at it from the exchange perspective! (normaslegais.com.br).

Where Solidity and ZK Actually Help (Without the Hype)

Solidity Instrumentation for On-Chain Venues

If you're diving into on-chain order routing or handling settlements, make sure to toss in some events that give off CARF-aligned metadata. It'll really help keep things organized! This might cover things like the type of counterparty involved, snapshots of residency claims, and different classifications of wallets. Doing this really simplifies off-chain reconstruction for 0110, 0210, and 2110-2220. Once you've got those on-chain events all set up, it's super easy to channel them into your Kafka or Delta Lake ETL for displaying in DeCripto.

ZK Attestations for Address Ownership

So, RFB might request a ton of detailed reports, but that’s where zero-knowledge proofs really shine! They can really help you cut down on the personally identifiable information (PII) in your internal systems. With their setup, you can show that you control an address and maintain balance consistency without having to expose the actual keys. It's a smart way to keep your data safe while still getting the info you need! Imagine ZK as a tool that really beefs up your internal controls and helps streamline your auditor workflows. It's all about making sure your DeCripto output matches the specs perfectly. Let’s prioritize “privacy-preserving controls” instead of looking for quick fixes for regulators.

Procurement checklist for a Brazil-ready DeCripto stack

• Must-haves
• You should have a solid track record of creating the Registros 0000, 0110, 0210, 0350, 0450, 0550, 0650, 0750, 1000, 1010, 2000, and 2110-2650, along with 2999 and 9999. If you want to dive into the details, just click here. Happy reading! Be sure to set up some automation for uploading the e-CAC. It should definitely include a way to capture and store receipts too! To keep everything in line with DeCripto v1, having an internal validator is super important. You’re all set with the data up to October 2023, and you’ve got a handle on both the 0 and the OECD CARF XML standards. If you’re looking for more details, you can check it out here.
• Check out a controls library that works well with BCB Res. It’s gonna cost you $520 for everything related to self-custody transfers and segregation. Details available here.
• Vendor red flags
• If you come across a "generic CRS tool" that doesn't specifically address DeCripto’s record families, that's definitely a big warning sign. Watch out for vendors that only provide CSV writers or claim to handle UTF-8 but overlook important things like CRLF and proper field padding. It could really come back to bite you! Hey, just a heads up - keep an eye out for any gaps in the plan related to the 270-day authorization runway or that October 30, 2026 deadline. It's important to stay on top of that! More on that here.

GTM We’re Tracking Outcomes, Not Just Lines of Code

• Time to First Accepted File: So, typically, you can expect it to take around 6 to 8 weeks from the start date for a mid-sized exchange to get that first file approved. For larger companies with complex custody requirements, we're usually talking about a timeline of around 8 to 12 weeks.
• Zero Re-runs Month-End: So, what's the plan? We’re aiming for a fantastic 99% first-pass acceptance rate at e-CAC, and we want to keep that number below 0. About 5% of things might need some tweaks in the first five business days.
• Engineering Lift: So, after just the first couple of cycles, we've noticed a pretty impressive 40-60% cut in the time our team spends on recurring compliance engineering tasks. This has all been made possible by our reusable transforms and the straightforward “facts then forms” approach we’ve adopted. It’s great to see how these changes are paying off!
• Risk Offset: We're looking at reducing our penalty exposure by more than 90% compared to where we started--yeah, that means things like missed or incorrect filings. It’s all thanks to our automated validation process and the way we smartly tackle those tricky edge cases.
• Unlocking Revenue in Brazil: We’re making things happen faster by syncing up with PSAV authorization standards. This is helping us streamline our go-to-market strategy. Banking partners and liquidity venues in Brazil are really starting to prioritize proof of compliance. It's becoming a common request from them lately. (bcb.gov.br).

What We’ll Build with You (and Where to Start)

Integration and Orchestration

When it comes to our work with blockchain integration, event cartography and generation logic are super important. They've really become key elements in how we operate. Hey there! If you're interested in our blockchain integration services, feel free to check out this manual for all the details. It’s packed with useful info! Hey there! If your product is using new smart contracts--like for things such as DEX, staking, or tokenization--that need to send events over to DeCripto, you’ve got nothing to stress about. We've got you covered with solid, audit-ready code paths! Check out our awesome smart contract development and dApp development services! We’ve got some great solutions just waiting for you to explore!

Data Pipelines and Compliance Tooling

We're all about building cool stuff in the web3 space! As part of our development efforts, we whip up DeCripto writers, validators, and CARF crosswalks to enhance cross-chain reporting solutions. Check out our Web3 development services and dive into our exciting offerings in cross-chain solutions development! There’s a lot of cool stuff going on that we can’t wait to share with you. When it comes to those intricate ecosystems with bridges and tokenized assets, our team really focuses on blending on-chain semantics with the reporting logic. Take a look at our blockchain bridge development and asset tokenization services! We’ve got some pretty cool offerings that you might find interesting.

Security and Audit Readiness

When it comes to security, our audit services really focus on making sure everything stays secure and reliable. We make sure that event emissions, wallet attribution, and custody segregation are all handled with the utmost care. You can count on us to keep things safe and sound! Here are some key things to keep in mind when it comes to BCB oversight. Check out our security audit services to find out how we can assist you! We’re here to help you feel more secure. 😊

Technical appendix -- key spec notes your engineers will ask about

• File characteristics We're handling text files that are encoded in UTF-8 and use pipes ("|") to separate the data. Just a heads up: when you’re putting this together, don’t forget to add those hierarchical records! And remember to use CRLF for the line endings, okay? It’s really important to make sure the parent/child dependencies are in the right order. For all the details, just take a look here. Happy reading!
• Let’s focus on the core record families we need to implement right away. Alright, here’s the plan: we’ve got a few record families we need to set up. First off, we’ll tackle 0110/0210 for all the buy and sell stuff, plus any crypto-to-crypto transactions. Then, we need to cover 0350/0450 for anything that isn’t a trade in or out. After that, let’s jump on 0550 for those high-value retail transactions. We also have to get 0650 sorted for transfers from users to non-CASP wallets. Don’t forget about 0750 for loss reporting, and finally, we’ll wrap it up with 1000/1010 to handle the annual balances. Sounds good? Hey, just a heads up! The CARF reflects the records for the 2000 block, which includes 2110, 2120, 2210, 2220, 2350, 2450, 2550, and 2650. Don’t forget to finish it off with 2999 and 9999! If you’re looking for more details, you can check it out here. Happy reading!
• Checking the scope and timing. DeCripto is set to launch in July 2026, so just a heads up--the old model will be in effect until June 30, 2026. Just a heads-up: the due diligence guidelines according to CARF will kick in on January 1, 2026. Also, the monthly reporting rules for Brazilian exchanges aren’t changing, so you can expect those to stay the same. Just a heads up, there’s a BRL 35k limit when it comes to self-reporting if you’re not using exchanges. And yeah, this also applies to foreign crypto service providers. Check the details here.
• Keep in mind the regulatory landscape you need to stay in sync with as well.
• Make sure to connect with BCB Res. The new regulations 519, 520, and 521 are set to start on February 2, 2026. You need to get that PSAV authorization sorted out within 270 days. Hey, just wanted to give you a quick heads up! After October 30, 2026, things are going to get a bit tighter around here. Only authorized folks will be able to operate, and there will be a strong emphasis on keeping things separate and on those self-custody transfer controls. Just something to keep in mind! If you're looking for more details, just click here.
• CARF technology alignment If you’re diving into tech updates, make sure to check out the OECD’s 2025 XML updates along with the Status Message schema. They’ll definitely help you keep your validators ahead of the curve! We can look forward to the first exchanges making their debut in 2027! Check out all the details here. It’s worth a look!
• Penalties (set them up as business rules). So, here’s the scoop on the penalties: if you miss the deadline, you’ll be looking at R$1,500 a month for standard PJ. If you’re in the Simples/imunes/isentas category, it drops down to R$500 a month. And for individuals (PF), it’s a more manageable R$100 a month. Keep this in mind to avoid those extra costs! If there are any mistakes or things missing, it's either 3% (PJ) or just 1. It’s a 5% fee on the operation value, but it won’t be less than R$100. Hey, just a quick reminder to hang on to all those important documents and systems for evidence retention! If you want more info on this, you can take a look here.

Solve it now -- let’s blueprint your Brazil launch this month

Hey there! If you’re handling compliance or engineering for Brazil and haven’t gotten around to mapping your event store to those Registros 0110/0210/0650 and the 2000-series CARF mirrors, now’s the time to jump on it! Why not schedule a quick 30-minute session with our solutions architect in São Paulo this week? It'll be super helpful!

Let’s team up to figure out how to connect your existing Kafka topics to DeCripto v1. I'll take a close look at what might be missing, and then I'll whip up a gap report for you. This will include rough order of magnitude estimates and a plan for how to get it all done. You'll have it all ready to go in just 48 hours! This way, you can step into July 2026 ready and feeling good about everything!

References

The Receita Federal is really getting things moving with the CARF, rolling out the DeCripto initiative and outlining what it's all about. So, it seems like the whole due diligence thing is set to start on January 1, 2026, and guess what? Foreign CASPs are going to be in the mix as well. Just a heads up, there’s a BRL 35,000 limit to remember. The old model is set to end on June 30, 2026, and that’s when DeCripto will kick off in July 2026. Check it out here.

• If you're getting into the DeCripto Manual v1, here’s what you need to know. In section 0, you'll get the scoop on record families, how to format things, the hierarchy involved, and those CARF-mirrored blocks (2110-2650). If you need the manual, you can check it out right here.
• So, let's talk about the penalty framework that’s laid out in IN RFB 2. Definitely keep an eye on 291/2025! It’s worth noting, especially with the changes in evidence retention rules coming up and the farewell to IN 1. Lots of shifts happening! 888/2019. If you're looking for more details, just check it out here. It's all there!

Hey, don't forget to take a look at the BCB Resolutions 519, 520, and 521, along with the details about when they go into effect. It's important stuff! So, just a heads-up about the PSAV classes and controls. There are some details you’ll want to check out regarding the authorization runway. Also, mark your calendars--there's a cutoff date for self-custody transfer controls coming up on October 30, 2026! If you're looking for more info, you can check it out here.

Hey there! So, if you're in the market for the OECD CARF XML schemas (the ones from the 2024 baseline, with some updates coming in July 2025), I’ve got some news for you. The first exchanges are targeting a launch in 2027. Keep that on your radar! Get the scoop here.

Internal links to engage our team

Take a look at our blockchain integration services that are designed specifically for DeCripto/CARF data pipelines. Get in on the action by exploring our smart contract development and dApp development services. We’re all about setting up protocols that keep you in the loop with your reporting needs!

• Get your multi-chain flows running smoothly and in line with all the rules using our cross-chain solutions development and blockchain bridge development services! Hey there! If you're looking to boost your security, check out our security audit services. They'll help fortify your controls and keep things safe. Plus, if you want to speed up your product development, our web3 development services can really help you get ahead. Let’s make your project even better together!