As we reach the month of December, Christmas lights illuminate the cities, and the glow of the decorations reminds us that 2025 is coming to an end. Soon, when fireworks light up the sky to welcome 2026, Brazil’s newly implemented fixed-odds betting regulation will celebrate its first year of life.
And just like anyone taking their first steps — crawling before walking — missteps and falls are part of growing up. In such moments, supervision is the best protection, and whenever necessary, protective hands will always be extended.
The metaphor of a child who needs guidance aptly illustrates the relationship between the Secretariat of Prizes and Betting (SPA) and the operators it licenses, especially regarding practices for preventing money laundering and the financing of terrorism.
The importance of pointing out flaws to educate
One of the obligations listed in Ordinance SPA/MF 1,143/2024 requires operators to create policies, procedures, and internal controls focused on AML/CFT. As such, at the beginning of the year, the SPA requested anti–money laundering policies from operators licensed at the federal level.
These documents are being analyzed under meticulous criteria by highly qualified staff, in a process expected to be completed only in early 2026.
What has been seen so far is concerning. Far from generalizing, but structural flaws have been found in the AML policies submitted to the federal regulator. Excessive use of AI in drafting the documents — and even copy-and-paste (Ctrl+C, Ctrl+V) from competing operators — are among the issues identified.
Here is testimony from someone who, until recently, worked at the SPA: it is useless for an operator to claim it has a robust AML policy on paper if it does not hold up in practice. When supervision arrives, the consequences can be serious — not only due to the inherent risks of the activity but also due to potential sanctions from the regulator.
Official Circular
At the end of November, operators received Official Circular SEI No. 1919/2025/MF in their inboxes. The content may even resemble a scolding — the kind parents sometimes give their children. Perhaps it is, but not in the sense of punishment; rather, in the sense of education.
It serves as a warning that operators need to correct their course and show greater care and diligence in AML/CFT matters.
The Circular highlights, among other points, the importance of the Internal Risk Assessment (IRA). More than a regulatory requirement, the IRA is the best way to understand and mitigate fraud and criminal risks.
The SPA’s message — that operators must know their risks — reminds me of that old piece of advice many of us have heard from our mothers: “Take a jacket, it might get cold.” To assess the risk, she had her criteria — she looked at the sky or checked the weather forecast on TV.
But in the end, are operators taking their jackets? It is up to them to choose what kind of “child” they want to be: the rebellious one who insists on making mistakes, or the obedient and cautious one.
The first is not concerned with risks, does not invest in technology or automated systems for AML and Compliance because it sees them as costs, or chooses not to conduct KYC because it believes the process harms customer experience. Without question, this operator is on SPA’s radar.
The second is the opposite. It has robust systems that cross-check customer registration, financial, and reputational information; it makes strong and timely suspicious transaction reports to COAF; and it maintains serious policies for preventing money laundering and the financing of terrorism.
Ultimately, the choice between one path or the other will determine how each operator is perceived: as a partner — or as a problem — for the regulator.
Fred Justo
Director of AML – Legitimuz
Certified under ISO/IEC 27001, Legitimuz is a Brazilian company specializing in compliance and fraud prevention for the regulated market. Its AML/CFT solutions include real-time monitoring, automated reporting to COAF, advanced KYC, and geolocation services, all fully compliant with current regulations.
