BCBS 239 Comes to Brazil: The 12 Data-Quality Dimensions Banks Must Meet by December 2026

BCBS 239 Comes to Brazil: The 12 Data-Quality Dimensions Banks Must Meet by December 2026

BCBS 239 Comes to Brazil: The 12 Data-Quality Dimensions Banks Must Meet by December 2026

Maarten Masschelein

Maarten Masschelein

Maarten Masschelein

CEO and Founder at Soda

CEO and Founder at Soda

Table of Contents

For years, Brazilian banks treated data quality as an internal engineering concern. That era is over. On November 28, 2025, the Conselho Monetário Nacional and the Banco Central do Brasil jointly issued Resolução Conjunta nº 18, a policy that turns data quality into a supervised, board-level obligation.

It took effect on January 1, 2026, and full compliance is due by December 31, 2026. When the industry asked for more time, the central bank said no.

So what does the regulation actually demand, and how do you prove your bank meets it? The answer comes down to twelve named dimensions of quality and your ability to show, on demand, that your data satisfies each one.

Key Takeaways

Resolução 18 turns a global principle into a Brazilian obligation.

The resolution sets a policy for the quality of information that regulated institutions submit to the central bank. It reaches further than most compliance teams expect. The scope covers operational reports, credit-system (SCR) data, Open Finance data, and customer fee schedules, spanning quantitative and qualitative data alike.

Three requirements give the rule teeth.

  • First, every institution must designate a statutory director who answers to the Banco Central for data quality, and whose responsibility extends to the processes that produce the data, not only its submission.

  • Second, institutions must run continuous monitoring, including quality tests, and correct problems as they surface.

  • Third, the regulator can reject information, demand corrections, and run its own tests, much as European supervisors now run data "fire drills" on the banks they oversee.

"During the crisis it became evident that financial institutions couldn't aggregate risk data with sufficient speed, precision and comprehensiveness to support decision-making during stress periods," noted Fábio Lacerda, a risk management partner at KPMG (translated from the original Portuguese).

That diagnosis is exactly where this rule comes from.

This is BCBS 239, and a decade of evidence shows how hard it is.

Resolução 18 carries the DNA of BCBS 239, the Basel Committee's Principles for effective risk data aggregation and risk reporting — extending Basel's data-quality logic beyond risk data to the full range of information Brazilian institutions report.

Published in January 2013, BCBS 239 was one of the clearest lessons of the 2008 financial crisis: banks could not aggregate their risk exposures fast enough or accurately enough when it mattered most. Its 14 principles, 11 for banks and 3 for their supervisors, have applied to global systemically important banks since January 2016.

Here is the uncomfortable part. More than a decade after that deadline, only 2 of 31 assessed G-SIBs are fully compliant with the principles, and not a single principle has been fully implemented across every bank (BIS, November 2023). The Basel Committee named the obstacle plainly: underfunded programs, thin board attention, and fragmented legacy IT systems.

That track record should reframe how Brazilian institutions read their own December 2026 deadline. If banks with a ten-year head start and billion-dollar budgets have struggled, treating Resolução 18 as a last-quarter documentation exercise is a serious miscalculation.

There's a tell worth noticing, too: Brazil elevated traceability to a named, first-class dimension. That's precisely the lineage capability BCBS 239 tucks inside its data-architecture principle, and precisely what legacy-heavy banks find hardest to prove.

The twelve dimensions Brazilian banks must now prove.

Resolução 18 makes explicit what BCBS 239 embeds in its aggregation and reporting principles. Where the Basel text describes capabilities, the Brazilian rule enumerates twelve measurable dimensions of quality. Each one maps back to a BCBS 239 principle, which is why teams that have studied Basel are not starting from zero.

Resolução 18 dimension
Maps to BCBS 239 principle
Acurácia (Accuracy)
Principle 3 — Accuracy and Integrity
Integridade (Integrity)
Principle 3 — Accuracy and Integrity
Completude (Completeness)
Principle 4 — Completeness
Tempestividade (Timeliness)
Principle 5 — Timeliness
Adaptabilidade (Adaptability)
Principle 6 — Adaptability
Confiabilidade (Reliability)
Principle 7 — Accuracy of risk reports
Clareza (Clarity)
Principle 9 — Clarity and usefulness
Relevância (Relevance)
Principle 8 — Comprehensiveness
Comparabilidade (Comparability)
Principles 7–9 — Risk reporting practices
Consistência (Consistency)
Principles 1 & 3 — Governance and integrity
Rastreabilidade (Traceability)
Principle 2 — Data architecture and IT infrastructure (the lineage capability it implies)
Acessibilidade (Accessibility)
Principles 2 & 11 — Infrastructure and distribution

The table shows each dimension's closest BCBS 239 principle, not a strict one-to-one — several map to more than one. Relevância, for example, sits under Principle 8 (comprehensiveness) but also overlaps Principle 9's call for information tailored to its recipients.

The list is coherent, but it raises the operational question every governance lead is now asking. How do you prove, dimension by dimension, that your data holds up, and keep proving it every day between now and the deadline?

If you want to see how banks structure this dimension-by-dimension, our walkthrough of closing the BCBS 239 data-quality gap covers the controls end to end.

How data teams can cover all twelve dimensions.

This is where the regulation stops being a legal document and becomes a data-engineering program. Twelve dimensions sound daunting until you recognize that each is a measurable property of a dataset.

So how can we, as data teams, turn twelve regulatory words into continuous, evidenced checks?

By treating quality as living checks that run on every load, not as a static policy that lives in a slide deck.

At Soda, we've seen governance leads collapse the twelve into a set of automated checks that run against production data continuously. The mapping below shows how each dimension becomes something you can measure, alert on, and evidence for a supervisor.

Resolução 18 dimension
How to make it measurable
Acessibilidade (Accessibility)
Freshness and volume checks confirm data arrived and is reachable
Acurácia (Accuracy)
Validity checks against expected formats, ranges, and reference data
Adaptabilidade (Adaptability)
Schema-change detection plus data contracts that evolve as sources change
Clareza (Clarity)
Data contracts as human-readable specs co-authored by business and engineering
Comparabilidade (Comparability)
Historical baselines and distribution checks that track metrics over time
Completude (Completeness)
Completeness checks on missing or null values
Confiabilidade (Reliability)
Anomaly detection to surface issues, plus tests and contracts that enforce the rules behind reliable data
Consistência (Consistency)
Reconciliation checks that confirm agreement across systems
Integridade (Integrity)
Uniqueness and referential-integrity checks
Rastreabilidade (Traceability)
Lineage plus a stored record of every failed check for audit
Relevância (Relevance)
Contracts that define fit-for-purpose expectations per consumer
Tempestividade (Timeliness)
Freshness checks that flag stale or late-arriving data

Three of Soda's capabilities carry most of the regulatory weight here.

  • Data contracts let governance and engineering co-author what "good" means for a dataset, in plain English. One artifact covers clarity, relevance, adaptability, and consistency.

  • Soda's data observability capability handles the measurable dimensions, accuracy, completeness, timeliness, and reliability, with anomaly detection that adapts to each dataset's baseline and Smart Alerting that delivers 70% fewer false positives.

  • And the Diagnostics Warehouse stores failed records and validation results inside your own environment, so nothing leaves your warehouse. That's how you satisfy traceability and hand a supervisor an audit-ready record without moving data.

A supervisor tests three things for every dimension.

For each of the twelve dimensions, a supervisor must be ready to see three things: the check that ran, the result it returned, and the record of what failed and when.

It helps to picture the exam before you sit it. The Banco Central can pull a submission, re-run its own quality checks against it, and reject the report if its results and yours disagree — which turns the evidence package into the real deliverable.

The distinction that separates a passing program from a failing one is timing. A team that can produce that evidence on demand — for any regulated dataset, on any date the regulator names — passes. A team that has to reconstruct it after the request, assembling months-old runs from logs and memory, does not.

This is why the statutory director's accountability reaches into the processes that produce the data, not just the filing: the director is the one who has to stand behind that evidence when the Banco Central runs its own test.

What to do before December 31, 2026.

The deadline is closer than the calendar suggests, because covering twelve dimensions across every regulated dataset is a program, not a project. Here are the steps that matter most, ordered by urgency.

  1. Name the responsible director now. The regulation requires it, and the appointment shapes accountability for everything that follows. Do this first.

  2. Inventory your regulated data against the twelve dimensions. Map operational, SCR, Open Finance, and fee data to the dimensions, and mark where you have no way to measure a given dimension today. Those gaps are your work list. Sequence by regulatory exposure, not convenience. The reports the Banco Central can reject outright, SCR submissions and operational reports, earn checks first. Fund the traceability work early; it's the dimension banks consistently find hardest to evidence.

  3. Automate continuous quality tests. Convert the twelve dimensions into checks that run on every data load, so quality is evidenced by default rather than assembled by hand before an audit.

  4. Build the audit trail as you go. Store the results of every check where your evidence lives in your environment, so traceability is a byproduct of monitoring, not a scramble.

Do not treat this as a one-time certification. A dashboard that was green in November proves nothing about the data a supervisor tests in March. And do not wait for the RDARR-style financial-services controls to be someone else's problem; the director you appoint owns them.

Brazil is not an outlier. It's the pattern.

Resolução 18 fits a clear global direction. In May 2024, the European Central Bank published its Guide on effective risk data aggregation and risk reporting, tightening supervisory expectations for the banks it oversees. Brazil is now doing the same, and other jurisdictions are watching both.

The shared message from supervisors is that BCBS 239 has moved from principle to enforceable, tested operational requirement.

For data leaders, that shift is the real headline — and one they already feel: 94% of banking data leaders name the accuracy and reliability of data a priority (Deloitte, 2024).

Regulatory data quality is no longer a periodic reporting exercise handled by a compliance team. It is a continuous engineering capability that boards are accountable for, measured against dimensions a regulator can test at any time.

The banks that treat the December 2026 deadline as the start of a permanent capability, rather than a one-off filing, are the ones that won't be repeating this exercise for the next regulation.

This is the kind of obligation that should run continuously, not get assembled in a scramble before an audit. That's the shift Soda is built for: the twelve dimensions become automated data contracts and monitors that evidence themselves on every load, with a failed-record trail a supervisor can inspect.

If you're turning Resolução 18 into controls, explore our data contract templates or book a demo to see dimension-by-dimension coverage in your own environment.

Frequently asked questions

What is Resolução Conjunta nº 18?

It is a joint policy from Brazil's Conselho Monetário Nacional and Banco Central do Brasil, issued November 28, 2025 and effective January 1, 2026. It requires regulated financial institutions to ensure the quality of information submitted to the central bank across 12 defined dimensions, with full compliance due by December 31, 2026.

When is the Resolução 18 compliance deadline, and can it be extended?

Full compliance is due December 31, 2026. The central bank has already declined to postpone it. Institutions must have governance, continuous monitoring, correction mechanisms, and a designated responsible director in place by that date, and be ready for the regulator's own tests.

Does a data quality platform make my bank BCBS 239 compliant?

No tool grants compliance on its own; that comes from governance, accountability, and supervisory review. What a platform does is make each of the 12 dimensions measurable and continuously evidenced, so you can prove quality on demand instead of assembling it by hand before an audit.

Trusted by the world’s leading enterprises

Real stories from companies using Soda to keep their data reliable, accurate, and ready for action.

At the end of the day, we don’t want to be in there managing the checks, updating the checks, adding the checks. We just want to go and observe what’s happening, and that’s what Soda is enabling right now.

Sid Srivastava

Director of Data Governance, Quality and MLOps

Investing in data quality is key for cross-functional teams to make accurate, complete decisions with fewer risks and greater returns, using initiatives such as product thinking, data governance, and self-service platforms.

Mario Konschake

Director of Product-Data Platform

Soda has integrated seamlessly into our technology stack and given us the confidence to find, analyze, implement, and resolve data issues through a simple self-serve capability.

Sutaraj Dutta

Data Engineering Manager

Our goal was to deliver high-quality datasets in near real-time, ensuring dashboards reflect live data as it flows in. But beyond solving technical challenges, we wanted to spark a cultural shift - empowering the entire organization to make decisions grounded in accurate, timely data.

Gu Xie

Head of Data Engineering

4.4 of 5

Your data has problems.
Now they fix themselves.

Automated data quality, remediation, and management.

One platform, agents that do the work, you approve.

Trusted by

Trusted by the world’s leading enterprises

Real stories from companies using Soda to keep their data reliable, accurate, and ready for action.

At the end of the day, we don’t want to be in there managing the checks, updating the checks, adding the checks. We just want to go and observe what’s happening, and that’s what Soda is enabling right now.

Sid Srivastava

Director of Data Governance, Quality and MLOps

Investing in data quality is key for cross-functional teams to make accurate, complete decisions with fewer risks and greater returns, using initiatives such as product thinking, data governance, and self-service platforms.

Mario Konschake

Director of Product-Data Platform

Soda has integrated seamlessly into our technology stack and given us the confidence to find, analyze, implement, and resolve data issues through a simple self-serve capability.

Sutaraj Dutta

Data Engineering Manager

Our goal was to deliver high-quality datasets in near real-time, ensuring dashboards reflect live data as it flows in. But beyond solving technical challenges, we wanted to spark a cultural shift - empowering the entire organization to make decisions grounded in accurate, timely data.

Gu Xie

Head of Data Engineering

4.4 of 5

Your data has problems.
Now they fix themselves.

Automated data quality, remediation, and management.

One platform, agents that do the work, you approve.

Trusted by

Trusted by the world’s leading enterprises

Real stories from companies using Soda to keep their data reliable, accurate, and ready for action.

At the end of the day, we don’t want to be in there managing the checks, updating the checks, adding the checks. We just want to go and observe what’s happening, and that’s what Soda is enabling right now.

Sid Srivastava

Director of Data Governance, Quality and MLOps

Investing in data quality is key for cross-functional teams to make accurate, complete decisions with fewer risks and greater returns, using initiatives such as product thinking, data governance, and self-service platforms.

Mario Konschake

Director of Product-Data Platform

Soda has integrated seamlessly into our technology stack and given us the confidence to find, analyze, implement, and resolve data issues through a simple self-serve capability.

Sutaraj Dutta

Data Engineering Manager

Our goal was to deliver high-quality datasets in near real-time, ensuring dashboards reflect live data as it flows in. But beyond solving technical challenges, we wanted to spark a cultural shift - empowering the entire organization to make decisions grounded in accurate, timely data.

Gu Xie

Head of Data Engineering

4.4 of 5

Your data has problems.
Now they fix themselves.

Automated data quality, remediation, and management.

One platform, agents that do the work, you approve.

Trusted by