How to meet Central Bank requirements using outsourced infrastructure
June 5, 2025
When a company decides to offer financial services — opening accounts, operating Pix, issuing cards, custodizing assets, or moving funds — it enters a regulated territory. And in that territory, the Central Bank of Brazil is not just a regulator: it is the arbiter, the operator of the system, and the final validation instance.
The question is: how to meet these requirements without effectively becoming a bank?
This is where outsourced infrastructure comes in — not as a shortcut, but as an operational model based on delegation, shared responsibility, and technical transparency.
What does Bacen expect from those who offer financial services?
The Central Bank does not require every company to be a financial institution. But it does require any company offering structural financial services (such as accounts, transactions, intermediation, custodianship, issuance, etc.) to be integrated into a regulated, auditable, and traceable model.
In practical terms, this involves:
KYC, AML/CFT, and transaction monitoring
Segregated balances and bank reconciliation
Indirect or direct participation in the SPB (Brazilian Payment System)
Traceability of orders and real-time records
Generation of statements, regulatory reports, and auditable logs
For most fintechs and platforms, building this from scratch is impractical — technically and legally.
The role of outsourced infrastructure
An infrastructure like Azify's acts as a connection mechanism between your product and the Brazilian regulatory system. This means:
Azify's banking engine (Maestro) is already structured to generate logs, segregated balances, and reports required by Bacen.
The embedded compliance (Compliance Engine) integrates KYC validations, risk control, AML, and user scoring — all via API, with auditable logic.
The account, even when operated on your front, is technically backed by a regulated structure.
You provide the service. Azify ensures it runs on a foundation that withstands auditing.
Shared responsibility ≠ diluted irresponsibility
Using outsourced infrastructure does not exempt your company from regulatory responsibility — but it changes the type of responsibility.
You remain responsible for:
The experience you deliver to the customer
The clarity of the information provided
The registration flow, UX, and business logic
But you do not need to implement or maintain:
Reconciliation systems compatible with Bacen
Anti-money laundering policies
Infrastructure for connecting with SPI, STR, COMPE
Control of accounting vs. operational balance
This model reduces operational, legal, and reputational risk, while accelerating go-to-market.
Why trust? Because what is at stake is traceable
At Azify, every transaction, every account opening, every validation goes through systems that have been designed from the start to comply with Central Bank regulations. This means:
Structured and versioned logs
Traceable webhooks
Reports ready for compliance and auditing
Testing environment (Provabank) compatible with regulatory scenarios
You do not depend on trust in the partner. You depend on data, auditing, and structure.
Operating with freedom requires structure
Meeting Central Bank requirements is not a choice, but the way you comply could be.
You can build everything — and lock your team into parallel journeys.
Or you can focus on what creates value for your customer, while a regulated infrastructure takes care of the rest.
Azify's role is clear: we take responsibility for the structure, so you can take responsibility for the experience.
