The regulation of fixed-odds betting in Brazil marked a historic milestone. The country now requires operators not only to prove financial and technological strength but also to demonstrate a genuine commitment to integrity, crime prevention, and social responsibility.
In this new scenario, compliance has ceased to be a competitive advantage and has become a matter of survival. Operators that neglect the legal requirements are exposed to legal, financial, and reputational risks that may jeopardize their authorization to operate and undermine the credibility of the industry as a whole.
Below, I outline six fatal mistakes no operator can afford to make.
1. Weakness in AML/CFT policies
Anti-money laundering and counter-terrorism financing (AML/CFT) is one of the most critical pillars of compliance in Brazil’s regulated betting market. Law No. 9.613/1998 already established monitoring and reporting duties, but with the enactment of Law No. 14.790/2023 and Ordinance SPA/MF No. 1.143/2024, the betting industry now faces specific and stricter rules.
- Operators are required to:
- Identify and assess bettors’ risk profiles;
- Apply enhanced due diligence for high-risk cases;
- Continuously monitor transactions;
- Report suspicious activity to COAF;
- Implement training programs and a culture of integrity.
Fatal mistake: treating AML/CFT as a mere bureaucratic requirement. Some operators create “off-the-shelf” policies just to pass licensing checks but fail to implement them effectively. This exposes them to heavy fines, administrative sanctions (including license revocation), and even criminal liability, as weak systems may open the door to organized crime.
In a market actively targeted by criminal organizations seeking to launder illicit funds, robust AML/CFT compliance is what separates serious operators from those doomed to fail.
2. Inefficient Onboarding and KYC
Onboarding and Know Your Customer (KYC) processes are the gateway to operational integrity in the betting market. Brazilian law requires strict mechanisms to block underage players, prohibited persons (such as athletes and officials), and those attempting to hide their identity.
Law No. 14.790/2023 and Ordinance SPA/MF No. 722/2024 require operators to implement systems that ensure:
- Minimum registration age of 18;
- CPF validation against official databases;
- Mandatory facial recognition before account activation;
- Prevention of duplicate accounts;
- Screening against exclusion lists (self-exclusion, court orders, regulatory restrictions);
- Explicit consent from bettors for data monitoring and sharing with SPA/MF.
Fatal mistake: “simplifying” sign-ups to attract customers quickly. Weak KYC creates entry points for minors, fraudsters, and criminals.
Failing to protect against these risks undermines consumer trust and brand reputation. Scandals involving underage betting or insider manipulation can be devastating.
3. Neglecting Data Protection (LGPD)
In betting, personal data is like gold: identity, consumer habits, gaming behavior, payment methods, and biometrics are collected daily. Protecting this information is crucial.
Brazilian Law No. 14.790/2023 and the LGPD (Law No. 13.709/2018) require operators to:
- Collect only data strictly necessary for services;
- Clearly inform bettors how data is used;
- Ensure robust security against leaks, fraud, or unauthorized access;
- Appoint a Data Protection Officer (DPO);
- Store betting data in Brazil or in countries with legal cooperation agreements, with bettor consent for international transfers.
Fatal mistake: failing to implement effective data governance. Leaks of sensitive information such as CPFs or payment details not only bring lawsuits and regulatory penalties but also erode trust in the entire industry.
4. Advertising and marketing misconduct
In betting, the line between attracting customers and encouraging irresponsible gambling is thin. For this reason, Brazilian rules are strict. Ordinance SPA/MF No. 1.231/2024 and CONAR’s Annex X mandate that advertising must follow responsible gaming principles.
Key rules include:
- Ads must not target minors and must always display “18+”;
- No promises of easy money or association of gambling with status or success;
- Transparency on licensing, betting odds, taxation, and complaint channels;
- Affiliates and influencers must comply with the same rules, with operators held accountable for them;
- Bonuses must not be misleading or encourage excessive play.
Fatal mistake: treating betting ads like traditional entertainment marketing. In a highly regulated industry, responsible advertising is essential to protect both the market and the brand.
5. Weak responsible gaming policies
Responsible Gaming is a cornerstone of Brazil’s regulation. It protects not only individual bettors but also families, communities, and the sector’s reputation.
Operators are required to implement:
- Self-control tools (deposit/loss limits, self-exclusion);
- Responsible communication policies;
- Proactive monitoring of player behavior;
- Protection for vulnerable groups.
Fatal mistake: treating Responsible Gaming as a formality. Operators that fail here fuel the perception that the industry profits from addiction. Those that make it a core value gain public trust and long-term sustainability.
6. Ignoring oversight and sanctions
Brazil’s regulation established not only rules but also a strong enforcement framework. Ordinances SPA/MF No. 1.225/2024 and 1.233/2024 define monitoring, inspections, and penalties.
Operators must:
- Provide real-time data to the SIGAP system;
- Submit to inspections and audits (on-site and remote);
- Avoid serious infractions such as operating without authorization, providing false data, or violating AML and advertising rules.
Penalties range from warnings and fines to suspension and license revocation. Even during the adjustment period (until Dec/2024), unauthorized operators face website blocks, app removals, and legal liability.
Fatal mistake: underestimating the regulator’s reach. Enforcement will be fast, digital, and backed by cross-agency cooperation. Neglect could mean not just losing market share, but losing the right to operate altogether.
Conclusion
Brazil’s regulated betting market is promising but demanding. Neglecting compliance is a losing bet: each of these six mistakes (and others) can cost operators their license, reputation, and sustainability.
Conversely, those that embrace compliance as a strategic ally—integrating AML/CFT, KYC, LGPD, responsible advertising, responsible gaming, and cooperation with regulators—gain not only legal certainty but also a competitive edge.
In Brazil’s betting industry, compliance is not a cost. It is the only path to safe, legitimate, and credible operations in a vibrant sector under constant public and regulatory scrutiny.
Tiago Horta Barbosa
Head of Integrity, Genius Sports – LatAm
