Central Bank of Brazil convenes cyber resilience forum for critical providers and says cybersecurity rulemaking will continue

The Central Bank of Brazil held the BC Cyber Resilience Forum 2026 Critical Providers, bringing together central bank officials, technology providers, security companies and banks to discuss cybersecurity and operational resilience in the National Financial System. In opening remarks at the event, senior officials said recent cyber incidents showed that cyber risk has become a structural risk for the system and for financial stability, and indicated that the central bank's cybersecurity regulatory agenda will continue. Officials said resilience cannot be built by institutions in isolation and depends on coordinated action across software suppliers, information technology service providers and network providers that support infrastructures such as Pix and the Reserve Transfer System. They stressed that outsourcing does not remove risk from either financial institutions or providers, that supervision will assess entities' effective capacity to manage risks and incidents, and that critical services in the National Financial System and the Brazilian Payments System must be supported by secure and resilient operational arrangements and technology services. The forum discussions highlighted access management, third-party risk mitigation, application programming interface protection and continuous monitoring as key elements of cyber resilience. The Central Bank of Brazil also cited a rise in critical incident reports submitted annually by financial institutions from 20 in 2020 to 76 in 2025, while incidents involving the diversion of financial institutions' funds rose from 9 to 36 over the same period, and said it will continue to examine possible further regulatory enhancements.