BCB Activates Automatic Blocking for PIX Settlement Accounts Under Resolution 554

Banco Central do Brasil published Resolution 554 on March 24, 2026, adding an automatic blocking mechanism to the Instant Payment Account (Conta PI) used by direct participants in the Sistema de Pagamentos Instantaneos. The regulation, signed by Monetary Policy Director Nilton David, takes effect on March 30 and amends BCB Resolution 195/2022.

The resolution introduces three features. First, participants can configure a minimum operational balance threshold for their Conta PI. Any payment order that would reduce the balance below this floor is automatically rejected by the SPI. Second, when that rejection occurs and the participant has pre-activated the blocking option, the account is automatically frozen for all SPI settlement activity. The freeze persists until the institution manually unblocks the account through the SPI module of SPB-Web. Third, the BCB will provide an alternative channel for checking Conta PI statements, independent of the RSFN (Rede do Sistema Financeiro Nacional), ensuring institutions maintain balance visibility during network disruptions or cyberattacks.

The publication came two days after criminals diverted approximately R$100 million from BTG Pactual's reserves held at the central bank through the PIX infrastructure on March 22. The bank suspended PIX operations and restored service the following day. Of the R$100 million diverted, R$73 million was recovered. The funds were dispersed across accounts at seven institutions before partial conversion to cryptocurrency.

Institutions reported 76 critical incidents involving the SPI in 2025, up from 59 in 2024. Approximately 65 percent of the 2025 incidents occurred in the second half of the year, including the breaches at technology service providers C&M Software and Sinqia, which together resulted in the diversion of over R$1.5 billion from participant accounts.

The BCB characterized Resolution 554 as part of the Agenda BC modernization program rather than a reactive response to the BTG Pactual incident. The regulation directly addresses the vulnerability exploited in that attack and the earlier provider breaches: unauthorized fund movements from Conta PI accounts during periods when institutions' monitoring systems were compromised or bypassed.

Direct SPI participants must now calibrate their minimum operational balance thresholds. Setting the floor too high risks rejecting legitimate payment orders during peak transaction hours. Setting it too low reduces the protective effect against unauthorized withdrawals. For institutions operating PIX settlement around the clock, the manual-only unblocking requirement through SPB-Web introduces deliberate friction intended to slow automated attack sequences.

Resolution 554 follows BCB Resolution 524, effective since December 1, 2025, which required direct SPI participants to adopt real-time mechanisms for identifying atypical movements in their PI Accounts. Together with the cybersecurity compliance requirements of BCB Resolution 538 (deadline March 1, 2026), these regulations form a three-layer defense around PIX settlement infrastructure: detection of anomalies, prevention of unauthorized outflows, and containment of compromised accounts.