Lei 15. 358/2026 corporate compliance Brazil is now the defining concern for every general counsel and compliance officer at companies operating in the country. Published on 24 March 2026 in the Diário Oficial da União, the statute, formally titled the Marco Legal do Combate ao Crime Organizado, rewrites the rules on how organised crime is defined, investigated, and punished, with direct consequences for corporate entities. The new organised crime law Brazil 2026 expands the categories of criminal conduct that can attach to businesses, introduces sweeping powers for the seizure of digital assets Brazil authorities can now repurpose, and raises the personal exposure of executives who fail to implement adequate controls.
This guide delivers the practical, prioritised steps that in-house legal teams need to take in the first 90 days, and flags the constitutional challenges already underway.
Lei nº 15.358/2026 entered into force upon its publication in the DOU on 24 March 2026. It consolidates, expands, and in several respects replaces the framework that previously governed organised crime in Brazil, creating new offence categories, broadening definitions of criminal organisations, and granting authorities explicit power to seize, freeze, and repurpose assets, including cryptocurrency and digital tokens held by custodians. For corporates, the statute’s most consequential features are its widened net for corporate criminal liability Brazil, the reduced evidentiary thresholds for emergency asset measures, and the creation of integrated databases that allow rapid cross-referencing of corporate structures with known criminal networks.
Four immediate priorities for the next 90 days:
The Marco Legal do Combate ao Crime Organizado is the most comprehensive overhaul of Brazil’s criminal-organisation framework since Law 12.850/2013. It was enacted to address the evolving structure of criminal groups, particularly factions and militias, that operate through layered corporate vehicles, digital-finance channels, and cross-border logistics networks. The law introduces or materially amends provisions in the following areas:
| Statutory Term | Plain Meaning | Business Implication |
|---|---|---|
| Organização criminosa (expanded) | Structured group of four or more persons acting with division of tasks to commit serious offences | Companies whose employees or agents meet these criteria, even inadvertently, may be treated as components of the organisation |
| Domínio social estruturado | Exercise of structured economic or territorial control by criminal groups, including through legal entities | Corporates operating in high-risk sectors (logistics, real estate, fintech) must demonstrate they are not facilitating such control |
| Ativos digitais (digital assets) | Cryptocurrency, tokens, and digitally represented rights subject to seizure and repurposing | Crypto custodians, exchanges, and companies holding digital assets on balance sheet face direct seizure risk |
| Perdimento e destinação de bens | Forfeiture and repurposing of seized assets for public use or destruction | Assets frozen during investigation may be permanently lost, early intervention and protective orders are critical |
Corporate criminal liability Brazil has operated under a dual-track system: direct liability of the legal entity (primarily under environmental and anti-corruption statutes) and individual liability of officers and directors. Lei 15.358/2026 materially expands the second track. Executives who fail to implement or maintain effective compliance controls can face personal criminal exposure where their omissions facilitated, even passively, the operations of an organised-crime group. The law does not require proof that the executive personally benefited; wilful blindness or systemic negligence in oversight may suffice.
The practical effect, as legal commentators have noted, is to shift the burden onto management to prove that adequate preventive measures were in place. Industry observers expect prosecutors to test these provisions aggressively in the financial and logistics sectors, where organised-crime infiltration has been well documented.
While the organised crime law Brazil 2026 does not create an explicit statutory safe harbour for companies with compliance programmes, Brazilian jurisprudence and the existing anti-corruption framework (Lei 12.846/2013) recognise the existence and effectiveness of a compliance programme as a material mitigating factor in sentencing and in the negotiation of leniency agreements. Legal analysts writing in ConJur have emphasised that companies with documented, functioning compliance systems will be better positioned to argue against the imposition of the harshest penalties, and to resist the extension of personal liability to senior management.
The likely practical effect is that Lei 15.358/2026 corporate compliance Brazil will become a core governance requirement, not a discretionary investment. Boards that can demonstrate a documented chain of compliance, risk assessment, training records, monitoring logs, incident response, will have a materially stronger defence posture.
One of the most consequential provisions of the Marco Legal do Combate ao Crime Organizado concerns the seizure of digital assets Brazil authorities can now execute. The law provides explicit statutory authority for the emergency freezing and subsequent forfeiture of cryptocurrency, tokenised securities, and other digitally represented rights. This fills a gap in prior legislation, which addressed physical property and bank accounts but left digital assets in a grey zone.
The statute permits emergency seizure orders, without prior notice to the asset holder, where there is reasonable suspicion that the assets are proceeds of, or instrumentalities used in, organised-crime activities. Judges may authorise these orders on an ex parte basis, and the new integrated databases allow authorities to identify and trace digital-asset flows across exchanges and custodians in near-real time.
Once seized, assets can be repurposed: sold at auction, transferred to law-enforcement agencies for operational use, or, in the case of digital assets, converted to fiat currency and allocated to public-security budgets. The standard for permanent forfeiture (perdimento) is a final criminal conviction, but assets may remain frozen throughout the duration of proceedings, which in Brazilian criminal cases can extend for years.
| Authority Action | Immediate Internal Steps | Preservation Checklist |
|---|---|---|
| Emergency freeze order served on custodian or exchange | Notify legal counsel immediately; do not attempt to move or convert assets; preserve all transaction records | Screenshot and timestamp all wallet balances; preserve blockchain transaction logs; document chain of custody |
| Request for disclosure of wallet addresses and transaction history | Verify the legal authority cited in the request; respond within the statutory deadline; produce only what is legally required | Maintain a parallel internal record; flag any privileged communications for counsel review before production |
| Seizure of company-held digital assets (direct blockchain transfer) | Record the transaction hash; notify insurers and D&O carriers; assess business-continuity impact | Document the pre-seizure valuation; preserve evidence of legitimate acquisition and use of the assets |
| Conversion or auction of seized assets by authorities | File protective measures immediately if contesting forfeiture; engage forensic accountants to establish asset provenance | Compile full audit trail from acquisition to seizure; prepare expert valuation report for court proceedings |
Companies holding digital assets on their balance sheets, or operating as custodians for clients, should treat asset-seizure preparedness as an immediate compliance priority. Early indications suggest that authorities intend to exercise these powers broadly in the initial enforcement phase.
Conducting internal investigations Brazil in the wake of this legislation requires careful navigation of privilege rules, data-protection obligations, and the boundaries of voluntary cooperation with authorities. Unlike common-law jurisdictions, Brazil does not recognise a broad attorney-client privilege that shields all communications between in-house counsel and the business. Privilege in Brazil attaches primarily to communications with external advogados acting in a specifically retained advisory or defence capacity.
This distinction becomes critical under Lei 15.358/2026, which empowers investigators to request, and in some cases compel, the production of internal documents, interview transcripts, and digital communications as part of organised-crime investigations. Companies that conduct internal investigations without proper privilege protocols risk involuntary disclosure of sensitive findings that could be used against the entity and its officers.
| Communication Type | Privilege Risk | Recommended Handling |
|---|---|---|
| Emails between in-house counsel and business managers on operational matters | High, unlikely to attract privilege protection | Separate legal-advice communications from business correspondence; label legal opinions clearly |
| Instructions to and opinions from retained external advogados | Low, generally protected under sigilo profissional | Route all sensitive legal analysis through external counsel; maintain clear retainer documentation |
| Internal-investigation interview memoranda prepared by compliance team | Medium-High, may be compelled if not prepared under external counsel direction | Ensure all investigation interviews are directed by and reported to external advogados; mark documents as privileged and for legal-advice purposes only |
| Forensic reports commissioned by the company | Medium, depends on whether commissioned by counsel for litigation/defence purposes | Commission through external counsel with a clear litigation-hold or defence mandate |
There are circumstances under which continuing an internal investigation may create more risk than it mitigates. Companies should consider suspending or pivoting their approach when:
The criminal compliance checklist 2026 below provides a structured, prioritised action plan for companies responding to Lei 15.358/2026 corporate compliance Brazil requirements. Each item identifies the responsible owner, the recommended deadline, and the evidence that demonstrates completion.
| # | Action Item | Owner | Deadline | Evidence of Completion |
|---|---|---|---|---|
| 1 | Governance escalation, brief board and audit committee on new exposures | General Counsel / CCO | Day 30 | Board minutes; briefing memorandum |
| 2 | Risk mapping, gap analysis of existing policies against Lei 15.358/2026 definitions and offences | Compliance team + external counsel | Day 45 | Written gap-analysis report with remediation plan |
| 3 | Update policy language, revise code of conduct, anti-crime policy, and disciplinary rules | Compliance team | Day 60 | Updated policy documents; board approval record |
| 4 | Asset custodian review, audit crypto, escrow, and payment intermediary relationships | CFO / Treasury | Day 45 | Custodian audit report; updated asset register |
| 5 | Vendor/KYC/third-party screening, add organised-crime red flags to due-diligence protocols | Procurement / Compliance | Day 60 | Updated KYC checklists; screening-tool configuration records |
| 6 | Monitoring and detection updates, configure transaction-monitoring systems for new statutory triggers | IT / Compliance | Day 75 | System-configuration documentation; test results |
| 7 | Incident-response protocol, update escalation matrix and authority-notification procedures | General Counsel / CCO | Day 60 | Revised incident-response playbook |
| 8 | Internal-investigation SOP, establish privilege-protected investigation procedures aligned with the statute | General Counsel + external counsel | Day 60 | Written SOP; external-counsel engagement letter |
| 9 | Training, deliver targeted sessions on white-collar crime Brazil risks and new obligations to management and front-line staff | Compliance / HR | Day 90 | Training attendance records; assessment scores |
| 10 | Insurance and D&O review, confirm that current policies cover organised-crime investigation costs and asset-seizure defence | General Counsel / Risk | Day 75 | Insurer confirmation letter; policy endorsement |
| 11 | Forensic readiness, ensure data-preservation and forensic-collection capabilities are in place for rapid response | IT / Legal | Day 90 | Forensic-readiness assessment; vendor retainer agreement |
| 12 | Coordinate with counsel, retain or brief specialist Brazilian criminal-law counsel; establish retainer for crisis response | General Counsel | Day 30 | Engagement letter; counsel briefing memorandum |
Lei 15.358/2026 does not introduce a general mandatory self-reporting obligation for corporates. However, companies in regulated sectors, financial institutions, payment processors, crypto exchanges, already face reporting duties under existing AML/CFT legislation, and the new statute’s expanded definitions of organised-crime conduct effectively widen the universe of suspicious activities that must be reported. Industry observers expect regulators such as COAF (Conselho de Controle de Atividades Financeiras) to issue updated guidance that aligns existing reporting triggers with the statute’s new offence categories.
When deciding whether to self-report or cooperate proactively, companies must weigh the potential benefits, reduced penalties, leniency consideration, protection of business continuity, against the risks, including the possibility that voluntary disclosures could accelerate enforcement action or expose the company to civil liability from affected third parties.
Under the new framework, Lei 15.358/2026 corporate compliance Brazil demands that existing anti-crime and ethics policies be updated to reflect the statute’s expanded definitions and offence categories. Generic anti-corruption language is no longer sufficient. Companies should incorporate specific references to organised-crime facilitation, digital-asset handling, and the domínio social estruturado concept.
Monitoring systems must be recalibrated. Transaction-monitoring rules should be updated to flag patterns associated with organised-crime financing, including rapid cycling of funds through multiple accounts, unusually high volumes of digital-asset transactions with newly onboarded counterparties, and payments to or from entities in territories identified as militia or faction-controlled areas.
Companies should consider inserting or strengthening the following clauses in vendor, supplier, and joint-venture agreements:
Not all provisions of the Marco Legal do Combate ao Crime Organizado are settled law. As reported by ConJur, a professional association has filed a constitutional challenge before the Supremo Tribunal Federal (STF) questioning 19 specific provisions of the statute. The challenged points reportedly include the scope of the domínio social estruturado concept, the breadth of emergency asset-seizure powers, and procedural provisions that critics argue infringe on due-process guarantees.
No injunctive relief or suspension of any provision has been granted as of the date of this publication. However, companies should adopt a conservative compliance posture, treating all provisions as enforceable, while monitoring STF proceedings closely. Early indications suggest that the court may take several months to schedule oral arguments, meaning the statute will operate in its current form throughout most of 2026. Compliance programmes should therefore be built to the full statutory standard, with the flexibility to adjust if specific provisions are later narrowed or struck down.
| Entity Type | Reporting/Cooperation Obligations Under Lei 15.358/2026 | Practical Steps for Compliance |
|---|---|---|
| Banks and fintechs | High regulatory scrutiny; special reporting triggers for suspected facilitation of organised-crime operations; executive exposure for compliance failures | Update AML/KYC protocols; add organised-crime red flags; establish escrow checkpoints for crypto custodians; coordinate with legal and regulatory teams |
| Real estate and construction companies | Risk from contracts with intermediaries linked to paramilitary or militia financing (domínio social estruturado) | Strengthen vendor due diligence; enhance beneficial-owner checks; implement transaction monitoring for high-risk geographies |
| Multinationals with Brazil operations | Cross-border evidence requests and possible coordinated seizures of assets held in Brazil | Add Brazil-specific escalation protocols; establish local criminal-counsel retainers; map data-access and transfer obligations under LGPD |
| Date | Event | Compliance Implication |
|---|---|---|
| 24 March 2026 | Lei nº 15.358/2026 published in the Diário Oficial da União and enters into force | All provisions enforceable from this date; companies are immediately subject to the new framework |
| 9 April 2026 | Constitutional challenge filed before the STF questioning 19 provisions | Monitor STF docket; do not rely on prospective invalidation, treat all provisions as enforceable |
| Q2–Q3 2026 (estimated) | Expected issuance of regulatory guidance by COAF and other agencies aligning existing reporting triggers with the new statute | Prepare for updated reporting requirements; engage regulatory-affairs teams to track draft regulations |
| 24 June 2026 | 90-day mark from publication, recommended deadline for completing the corporate compliance checklist | All 12 action items in the checklist above should be completed or well advanced |
For assistance identifying experienced criminal-law counsel in Brazil, consult the Global Law Experts lawyer directory.
This article was produced by Global Law Experts. For specialist advice on this topic, contact David Rechulski at David Rechulski, Advogados, a member of the Global Law Experts network.
posted 33 minutes ago
posted 56 minutes ago
posted 1 hour ago
posted 2 hours ago
posted 2 hours ago
posted 2 hours ago
posted 3 hours ago
posted 4 hours ago
posted 4 hours ago
posted 4 hours ago
Find the right Legal Expert for your business
Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Send welcome message
