Defining and implementing internal policies is a requirement enforced by regulatory bodies such as the Central Bank and the Securities and Exchange Commission. Defining a compliance program will help keep businesses within these rules, and help prevent mistakes.

By combining financial solutions with technology, fintechs must pay special attention to compliance policies related to security and the Internet, such as cyber security policies and privacy policies.

The cyber security policy, for example, aims to establish internal procedures to protect sensitive information and reduce the vulnerability of the company’s operations.

“In addition to preventing leaks or cybersecurity failures, it is necessary to have a damage reduction plan if one of these events occurs”, advises Layon Lopes, CEO of Silva Lopes Advogados.

The privacy policy, on the other hand, is used by many companies, but gained new importance when the General Data Protection Act came into effect. The processing of customer data, whose collection is necessary for the provision of various services performed by fintechs, must be carried out in accordance with the LGPD regulations.

“The privacy policy must consider the purpose of collecting these data, how they will be managed, how the security of this information will be done and the rights of those who hold this data”, explains the lawyer.

Having a good implementation program brings confidence to a company, especially to get permission from the Central Bank to do it.