The SPA’s wake-up call
When it comes to anti-money laundering prevention, there has been a clear effort by both the regulator and regulated entities to combat this practice, which is harmful to the market and to society. However, the year ends with a mild wake-up call from the operators’ regulator.
At the beginning of the year, the regulator requested the AML/CFT policies from regulated operators. The deadline was initially set for the end of March, later extended to April, and some companies submitted even after that. It was not ideal, but worse than submitting late was failing to submit a document required by regulation.
So far, several dozen AML/CFT policies have been reviewed, and the outcome was the trigger for the SPA’s mild reprimand to operators. Copied policies, AI-generated texts, and documents disconnected from operational reality were identified.
In light of these findings, the Secretariat of Prizes and Betting issued Circular Letter No. 1919/2024. In addition to this document, operators also received a questionnaire with 28 questions that require well-structured answers.
Events and alignment of expectations
Although enforcement on operators increased, throughout 2025 the SPA held several events focused on AML/CFT, as a way to share knowledge and align expectations regarding the topic.
There were three virtual meetings and one in-person event, the latter held in December at the Federal Police headquarters in the Federal District. It was a major event, with extensive knowledge sharing and learning. The regulator was clear, direct, and objective: those who do not care about AML today may face problems in the near future.
What the SPA will require in 2026
That “future” is just around the corner—more precisely, between the last day of January and the first of February—when, in accordance with Ordinance SPA/MF No. 1,143/2024, operators must submit the “non-occurrence” report (if no reports were filed with Coaf) and the AML/CFT best practices report.
The “non-occurrence” report may give the impression that simply submitting it is enough. That is a mistake. Delivering this document can cause more headaches than many imagine.
Having no suspicious activity on a betting platform over an entire year is highly unusual. The operator will have to justify to the SPA why no suspicious activity was identified and may also face the risk that another operator reported suspicious activity to Coaf involving a bettor who is also registered on its platform.
The best practices report, in turn, must detail everything that was done in 2025 to prevent money laundering and terrorist financing. The question remains whether operators’ responses will be aligned with what the SPA expects.
Just ask yourself:
* Is your deposit and withdrawal monitoring automated?
* Is your monitoring aligned with your risk matrix?
* Does your monitoring generate a risk-based approach capable of qualifying and classifying your customers?
* Does your reporting to Coaf include the information required to be considered a high-quality suspicious activity report?
* Can your staff analyze past transactions retrospectively?
* Is your system capable of storing all information related to suspicious operations in an easy-to-use dashboard?
Well, if most of your answers are “yes,” congratulations! Your operation is monitored and better protected. But if most are “no,” don’t worry—Legitimuz has developed a product 100% compliant with Ordinance SPA/MF No. 1,143/2024.
Contact our team. The sooner you implement an automated monitoring system, the faster you will be secure and compliant with the regulation.
We are at your disposal!
Finally, we wish everyone a Merry and Blessed Christmas and a Prosperous New Year. See you in 2026!
Legitimuz
Legitimuz is a Brazilian technology company specializing in compliance and identity verification solutions for the regulated market. ISO/IEC 27001 certified and validated by GLI (Gaming Laboratories International), it offers an integrated platform that includes KYC (Know Your Customer), AML/CFT transaction monitoring (Anti-Money Laundering and Counter-Terrorist Financing), real-time geolocation, relationship verification, and checks against restricted databases.
Fred Justo
AML Director – Legitimuz
