On March 13, the Brazilian Securities and Exchange Commission (CVM) launched its Inspection and Technical Supervision Meeting Plan for 2026. Prepared by the Strategic Risk Supervision Superintendence (SSR), the Plan is part of CVM’s risk-based supervision (SBR) strategy and represents a significant shift in how the regulator will conduct its on-site activities with capital market participants throughout the year.

The Plan was internally approved in November 2025 by the Governance and Risk Management Committee (CGR) and will, exceptionally, be in force for one year only – aligned with the end of the 2025-2026 Biennial SBR Plan. From 2027 onwards, it is expected to be published on a biennial basis, accompanied by an annual report on the results of the actions carried out.

The Plan establishes 44 on-site inspections and 32 technical supervision meetings, both to be conducted in person at regulated entities’ premises, but differing in nature and purpose.

On-site inspections are investigative and enforcement-oriented in nature. They are conducted based on structured scripts prepared in advance and are generally limited to five working days in the field. They conclude with the preparation of a Technical Opinion that may result in enforcement proceedings, including a Formal Accusation, an Alert Letter, an Administrative Inquiry Proposal, or filing.

As to the technical supervision meetings, these are predominantly advisory and exploratory in nature, targeting regulated entities subject to ordinary CVM supervision, particularly those carrying out higher-risk activities. These meetings tend to take place in a single day and aim to address specific aspects of supervisory routines in greater depth.

From the perspective of the regulated entities that will be subject to these actions, the Plan covers a broad spectrum of market participants, including fund managers and administrators, intermediaries, independent auditors, publicly held companies, crowdfunding platforms, securitization companies, and public offering coordinators, among others.

The thematic scope of the on-site inspections reflects the CVM’s regulatory priorities for 2026 and includes, among others: Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT), compliance with CVM Resolution No. 175 (investment funds), CVM Resolution No. 88 (crowdfunding), CVM Resolution No. 60 (securitization companies), CVM Resolution No. 161 (public offering coordinators), CVM Resolution No. 178 (investment advisors), digital assets, and suitability. Technical supervision meetings will cover topics such as duties of senior management and the board of directors, information security, interoperability, and AML/CFT, among others.

The key shift brought about by the Plan lies not only in the volume of planned actions, but in the repositioning of the CVM’s on-site presence as a central instrument of risk-based supervision.

On-site activities will now be structured around risk-prioritization criteria, with targeted selection of participants and sensitive themes, which tends to increase the effectiveness of enforcement actions and reduce gaps in supervisory coverage. It is no coincidence that the Plan was launched at a time when recent episodes involving investment managers have highlighted the limits of off-site supervision and the need for a more active CVM presence among its regulated entities. At the same time, the expansion of technical meetings reinforces the regulator’s advisory role, with greater emphasis on prevention and regulatory alignment.

The prior publication of the Plan is in itself a change of stance by the CVM, which is now communicating in advance the general scope of its on-site activities – without, of course, identifying the specific regulated entities that will be inspected or visited. This transparency reinforces the preventive and advisory nature of risk-based supervision and provides market participants with an opportunity to review their practices before the regulator arrives.