Brazil's Open Finance in 2026: What the BCB Built and How to Integrate
Brazil's Open Finance framework is broader than UK Open Banking and more aggressive than EU PSD3. Where it sits in 2026 and the integration shape for fintechs and banks.
Brazil’s Open Finance framework is the most aggressive open-banking-adjacent regulation among major economies. Where the UK’s Open Banking covered current accounts and basic payment initiation, and the EU’s PSD2/PSD3 framework expanded modestly from there, Brazil’s Open Finance covers banking, credit, investments, insurance, exchange, and pension data — a broader scope than any other implemented regime. The framework has been operational in phases since 2021 and is now mature, with payment initiation handling meaningful volume and the data-sharing categories all reaching active use.
For fintechs building in Brazil or for foreign companies entering the Brazilian market, the practical integration with Open Finance is increasingly a competitive necessity.
The phases and what they unlocked#
Open Finance Brazil rolled out in four operational phases plus an in-progress fifth:
Phase 1 (Feb 2021) — Public data about participating institutions (product offerings, branch locations, ATM locations). Foundational, low-stakes.
Phase 2 (Aug 2021) — Customer registration data and basic transaction data sharing with consent. The first real data-sharing phase.
Phase 3 (Oct 2021) — Payment initiation, allowing third parties to initiate PIX or other payment instruments on behalf of consenting customers.
Phase 4 (Dec 2021 / Mar 2022) — Expanded data scope to investments, insurance, exchange, pension data.
Phase 5 (in operational stages 2024-2026) — Further refinement of data sharing across the broader financial product universe, including credit-bureau-equivalent data exchange under specific consent flows.
The structural commitment from BCB has been unusually decisive — phase deadlines have been enforced, and institutions that have lagged have faced regulatory action.
The technical architecture#
Open Finance Brazil operates as a coordinated multi-party framework with several specific components:
The DCR (Dynamic Client Registration) — third-party fintechs register with the regulator and are issued credentials they use to integrate with participating banks.
The Diretório (Directory) — central directory of participating institutions, their endpoints, and their certificates.
The OIDC and FAPI 1.0 Advanced security profile — the authentication and authorization layer. Brazil’s Open Finance is technically rigorous in its security design.
The participant endpoints — each participating institution exposes a defined set of APIs at predictable URL paths.
The user authentication flow — consent is captured at the user’s bank, the user authenticates at the bank’s authentication page, and an authorization is issued for the specific scope and duration.
The technical detail is the part that most surprises foreign fintechs — Brazil’s specification is more rigorous than UK or EU equivalents, and certification is required.
The data scopes in operational use#
By 2026, the data scopes producing meaningful operational volume:
Account information — account balance, transaction history, holder details. Used for personal financial management, credit underwriting, and identity verification.
Credit operations data — outstanding loans, credit limits, repayment history. Used for cross-institutional credit decisioning.
Investment data — brokerage account holdings, position history. Used for portfolio aggregation tools and advisory.
Insurance data — policies held, claims history. Used for cross-sell, advisory, and underwriting.
Pension data — retirement plan balances and contributions. Used for financial planning tools.
Exchange data — foreign-currency holdings and transactions. Smaller volume but operational.
Payment initiation — initiating payments (most commonly via PIX) on behalf of the customer. Used for embedded checkout, bill payment, and recurring-payment flows.
The use cases that produce volume#
Several use cases have crossed meaningful operational volume:
Account aggregation apps — Mobills, Guiabolso (now PicPay), and a long tail of others. Customers link multiple bank accounts and see consolidated views.
Cross-institutional credit decisioning — fintech lenders pull account data across institutions for underwriting models. Particularly impactful for small-business credit where the existing credit-bureau data is thin.
Payment-initiated commerce checkout — replacing card-network payment processing for some online checkout flows. Slower-growing than initial projections; PIX’s QR-based checkout has been the larger growth vector.
Wealth management aggregation — XP, BTG, and the smaller wealth platforms pull investment positions from competitors for advisory.
Insurance cross-sell — using bank account and investment data to identify insurance opportunities.
The total Open Finance API traffic exceeded 5 billion requests per month by mid-2025 and continues to grow.
The integration shape for a fintech#
For a Brazilian fintech or a foreign fintech entering Brazil, Open Finance integration typically involves:
-
Become a participating institution — register with the BCB, obtain certificates, comply with the operational and security requirements. Foreign-headquartered fintechs typically partner with a domestic licensed entity rather than registering directly.
-
Implement the security profile — OIDC plus FAPI 1.0 Advanced, with the specific Brazilian profile additions. This is non-trivial; most teams use specialized SDKs or partner with infrastructure providers.
-
Build the consent UX — customers authenticate at their bank, not at your fintech. Your job is initiating the flow and handling the returned authorization. The consent UX is regulated for specific transparency and revocation handling.
-
Wire up the data ingestion pipeline — accept the data feed, normalize it (institutions vary in implementation quality), and integrate it into your product.
-
Handle consent revocation — customers can revoke consent at any time; your pipeline must respect this immediately.
-
Compliance and monitoring — ongoing reporting to the BCB-coordinated oversight body.
The operational cost is real. Many fintechs use specialized infrastructure providers — Quanto, Belvo, Setu Brasil — that provide Open Finance access as a service, abstracting some of the integration complexity.
Comparisons with other Open Finance regimes#
A quick comparison:
vs. UK Open Banking. UK is narrower in scope (banking primarily) but has produced higher per-capita transaction volume per use case. Brazil is broader; the UK is more developed in specific verticals.
vs. EU PSD2 / PSD3. EU coverage has been less consistent across member states; Brazil’s centrally-mandated phased rollout has produced more uniform institutional participation.
vs. India Account Aggregator. India’s AA framework is more centralized (the AA is a separate regulated entity); Brazil’s is more bilateral (the fintech connects directly to each institution). Both produce comparable use cases with different operational shapes.
vs. Singapore SGFinDex. Singapore’s framework is government-mediated; Brazil’s is bilateral with central coordination. Different shapes for similar goals.
The convergence over 2024-2026 has been toward similar capabilities even with different technical architectures.
Where pdpspectra fits#
We integrate Open Finance for fintechs and traditional banks operating in Brazil. The work covers technical integration, consent UX design, data ingestion pipelines, and the operational compliance work that makes Open Finance sustainable.
Related reading: the Brazil PIX architecture post, the India Account Aggregator post, and the open banking comparison post.
Brazil’s Open Finance is the broadest implemented framework. Talk to our team about your integration.