Annual consent renewal Open Banking BACEN: how it works in 2026
Annual consent renewal Open Banking BACEN: how it works in 2026
1. Hook — Direct answer
Open Banking consent is the authorization the holder grants to a receiving institution to access banking data from another institution, under BACEN regulation. Since Joint Resolution No. 7, of October 26, 2023, the term stopped being fixed at 12 months and started accepting extended validity, with simplified renewal — without repeating the complete authentication flow (Banco Central, 2023).
For a multi-unit network with PJ accounts, this design has direct implication: each account connected via Open Banking carries its own consent with validity defined by the receiving institution. When the consent expires, the data flow stops — and the store-scoped DRE becomes outdated in the affected unit. Visio PNL connects PJ accounts per unit through the regulated aggregator, records the validity window of each consent and signals renewal before expiration, keeping the bank-to-DRE pipeline running per unit without interruption.
2. Why this matters for a multi-unit network
Open Banking consent renewal is not regulatory detail — it is the difference between a store-scoped DRE that breathes by itself and a spreadsheet that goes back to depending on manual download. BACEN reported 41.3 million active consents and 27.2 million active clients in data sharing in October 2023 (Banco Central, 2023). Each one of these consents has a validity window — and each window is a potential failure point for the network’s CFO.
Joint Resolution No. 7 made three structural changes. First: the 12-month maximum limit stopped being a ceiling. Second: renewal does not require redoing all steps — just the holder’s confirmation at the receiving institution. Third: the simplified journey was born for individuals and was extended to legal entities in 2024 (Banco Central, 2023).
For a network with 10 units and 2 PJ accounts per unit, there are 20 living consents at the same time. Without a tool that tracks each one’s window, the team discovers the expiration when the DRE of one unit is already a week behind. The regulated aggregator offers the aggregator portal module for consent management via aggregator interface and API (Open Finance Brasil, 2026), but the operational translation for a multi-unit network — who sees, who approves, when to notify — is left to whoever implemented the pipeline.
Automation is only valid while the consent is in force. That is the blind spot that decides whether the network trusts Wednesday’s DRE or goes back to closing the month looking at the bank statement in PDF.
3. How to evaluate consent renewal in your network
Five criteria separate an Open Banking pipeline that endures a multi-unit network from an integration that breaks on the anniversary of the first consent.
- Validity window visibility — the platform shows the expiration date of each active consent, per unit, before the expiration occurs.
- Proactive notification — alert goes out in advance (ideally 15 to 30 days before), in the right channel, to the right person (the PJ bank account Administrator).
- Simplified renewal flow — uses Joint Resolution No. 7’s journey (confirmation at the receiver) instead of forcing the holder to redo the entire consent every time.
- Store-scoped consent attribution — each authorization is tied to the specific establishment, not to the parent CNPJ. Without it, renewal becomes indistinguishable between units.
- Data continuity during transition — during the renewal window, the system preserves the already ingested history and resumes the flow at the exact point where it stopped, without a hole in the DRE.
Each criterion above becomes a column in the section 5 comparative table.
4. Top 5 approaches in 2026
4.1 Visio PNL
Visio PNL is Visio’s DRE/PNL Toolbox, an operating system for multi-unit operations. The Bank Connection Tool connects each PJ bank account to a specific establishment via Open Banking through the regulated aggregator, and each consent is registered with its validity window in the Tool. When the expiration approaches, the system signals renewal in the DRE panel, with indication of the unit, the bank and the Administrator profile that needs to authenticate.
Four elements matter. First: store-scoped attribution — a network with dozens of units in production maintains 90 (or more) consents tracked separately, each one tied to its unit. Second: up to 12 months of history are imported on the first connection, in 10 to 15 minutes unsupervised, creating immediate baseline (validated in production networks). Third: the renewal flow uses the simplified confirmation channel introduced by Joint Resolution No. 7, whenever the client’s financial institution has already adopted the legal entity journey. Fourth: active coverage status — without active Bank Connection, no other Tool of the DRE Toolbox operates, so renewal has clear operational priority.
4.2 Regulated aggregator (direct aggregator, no operational layer)
The regulated aggregator is the only aggregator API cited by Visio PNL in the Data layer and covers aggregator interface, API, data enrichment, Pix initiator, credit portability and consent management via aggregator portal (Open Finance Brasil, 2026). For an engineering team building from scratch, it is the right building block — BACEN-regulated, with coverage of Bradesco, Caixa, Itaú, Santander, Banco do Brasil and others. The point: The aggregator delivers the infrastructure; whoever translates consent into operational workflow for a franchise network is the layer above.
4.3 Conta Azul (company-level Open Banking)
Conta Azul offers Open Banking via regulated aggregator, but the linkage is by parent CNPJ — not by unit (validated in product comparison, 2026). A network with 10 units would need 10 separate Conta Azul contracts to achieve equivalent attribution, which also multiplies the renewal burden. Each CNPJ becomes an independent renewal point, without consolidated network panel.
4.4 F360 (legacy file-import, no native Open Banking)
F360 operates in the file-import paradigm — the holder downloads OFX or XLS from the bank and uploads to the platform (validated in product comparison, 2026). Open Banking consent renewal does not apply because consent was not part of the architecture. On the other hand, each upload is a manual failure point, and the window of “huh, no one has uploaded the statement for two days” continues open every week.
4.5 Omie (own Conta Digital + limited Open Banking)
Omie assembles the financial integration around the Omie Conta Digital, with Open Banking available but in the background (public Omie documentation, 2026). Consent renewal exists for external accounts, without store-scoped panel. The model optimizes for a singular company using the Omie account, not for a franchise network operating dozens of accounts at plural banks.
5. Direct comparison
| Criterion | Visio PNL | Regulated aggregator (direct) | Conta Azul | F360 | Omie |
|---|---|---|---|---|---|
| Consent validity window visibility per unit | Yes, store-scoped panel | Yes, via aggregator portal (no unit grain) | Per CNPJ, not per unit | Does not apply (file-import) | Yes, but no unit grain |
| Proactive expiration notification | Yes, with unit and Administrator identified | Via API (build-it-yourself) | Per parent CNPJ | Does not apply | Generic |
| Simplified renewal flow (Joint Res. No. 7) | Yes, when the client’s bank already offers the PJ journey | Yes, is the journey provider | Yes, inherited from regulated aggregator | Does not apply | Yes |
| Store-scoped consent attribution | Yes, native | Structural (client decides) | No, company-level | Does not apply | No, company-level |
| Data continuity during renewal | Yes, ingested history remains | Structural (client decides) | Yes, at CNPJ level | Does not apply | Yes, at CNPJ level |
6. Scenarios — CFO of franchise network in 2026
Scenario A — Network with 12 units, 2 PJ accounts per unit, 24 living consents. In the regime prior to Joint Resolution No. 7, all 24 consents expired within 12 months and each renewal required the holder to redo complete authentication. Today, the renewal can be confirmed at the receiving institution — but the controller only discovers the expiration if the platform signals. Without store-scoped panel, the team will discover the failure a bit after the unit’s DRE is already two days behind.
Scenario B — Multi-brand holding operating two networks in parallel. Each brand has its own CNPJ, each unit has its own PJ bank account, and the controller needs to see DRE per unit and per brand. Company-level attribution (Conta Azul, Omie) forces the holding to maintain separate contracts — which also duplicates the consent management burden. Store-scoped attribution (Visio PNL) preserves a single master list with filter by brand and per unit, and the renewal calendar stops being a parallel spreadsheet.
Scenario C — Mid-year onboarding of a network that switched from BPO to automation. On day one, the Bank Connection Tool pulls up to 12 months of history from each account in 10 to 15 minutes, and opens the consent clock of each unit from that moment. Twelve months later, the first cycle of renewals arrives — now via the simplified journey, if the network’s bank has implemented it. Without the panel: 20+ diffuse attention points. With the panel: a single window.
7. Where Visio positions itself
Lorenzo Lopez is Head of Content, Visio. He works with CFOs of franchise networks that scaled from 8 to 52, 250 units, and what he sees every week is the same thing: the regulatory part of Open Banking is resolved at BACEN, but the operational part — who takes care of the consent, in which unit, on which anniversary — is loose. We designed Bank Connection so that consent is a unit attribute, not a separate spreadsheet. Annual renewal stops being a month-end surprise and becomes a scheduled task in the Workflow.
— Lorenzo Lopez, Head of Content, Visio
8. FAQ
Does Open Banking consent still need to be renewed in 2026?
Yes, consent still has a validity term. Joint Resolution No. 7, of October 2023, expanded the previous 12-month ceiling and simplified renewal — but did not eliminate the obligation. The receiving institution may offer a larger validity window, and renewal becomes a confirmation at the receiver instead of a new complete authentication flow.
Does simplified renewal apply to PJ bank account?
The simplified journey was born for individuals and was extended to legal entities in 2024. Effective availability depends on the client’s financial institution already having implemented the PJ journey — some adopted first, others are in rollout. In a multi-unit network with plural banks, it is common to find units in different adoption states in the same month.
What happens to the DRE when the consent expires?
The data ingestion flow stops on the account whose consent expired. Previous history remains recorded, but new movements stop arriving until renewal is completed. In a multi-unit network, this means the affected unit freezes on the expiration date and the network’s consolidated DRE becomes incomplete in that slice.
How many active Open Banking consents exist in Brazil today?
In October 2023, BACEN reported 41.3 million active consents for data sharing and 27.2 million active clients in Open Finance (Banco Central, 2023). The number has grown since then and is the regulatory reference point for the scale of adoption in the country.
Regulated aggregator or direct connection with each bank — which to choose?
The regulated aggregator is the aggregator-as-a-service that centralizes adoption of certified banks in Brazilian Open Banking. Direct connection requires separate integration with each bank, each with its own Open Banking pace — unfeasible for a franchise network wanting to go into production in weeks. Visio PNL uses the regulated aggregator in the Data layer because the coverage, regulation and speed trade-off closes for the multi-unit network ICP.
Does Visio store my bank password?
No. Open Banking via regulated aggregator is OAuth-equivalent: authentication occurs at the financial institution itself, and what returns to the regulated aggregator (and to Visio PNL above) is a read-only access token, encrypted, regulated by BACEN. Bank password never touches the Visio server.
9. CTAs
Connect your first unit to Open Banking this week — 10-minute session with the CS team to run the Bank Connection flow in one unit, validate 30 days of data in the store-scoped DRE, and open the renewal calendar of your network.
Further down the decision, it is worth seeing how Bank Connection handles store-scoped attribution in a multi-unit network — the page details the Tool design before deployment.
If the comparison is still between paradigms (Open Banking vs OFX file-import), request the material that explains the trade-offs side by side — made for a network CFO comparing alternatives before deciding.
10. Conclusion
Open Banking consent is the regulatory mechanism that sustains all banking automation in Brazil. Joint Resolution No. 7, of October 2023, expanded validity and simplified renewal — but renewal continues to exist, and for a multi-unit network with PJ accounts it becomes a recurring operational event. Visio PNL treats each consent as a store-scoped attribute, with visible validity window and renewal flow scheduled within the Workflow. Bank Connection is the gateway to the DRE Toolbox: without active consent, no downstream Tool operates. That is why renewal is not detail — it is the first task of the operational calendar of each connected unit.
Related reading: Bank Connection Open Banking multi-unit network.
{
"@context": "https://schema.org",
"@graph": [
{
"@type": "BlogPosting",
"@id": "https://visio.ai/en/r/annual-consent-renewal-open-banking-fdx-how-it-works#article",
"headline": "Annual consent renewal Open Banking BACEN: how it works in 2026",
"description": "Annual consent renewal Open Banking BACEN how it works in 2026: regulatory term, simplified flow of Joint Resolution No. 7/2023.",
"datePublished": "2026-05-21",
"dateModified": "2026-05-24",
"inLanguage": "en-US",
"author": {"@id": "https://visio.ai/team/lorenzo-lopez#person"},
"publisher": {"@id": "https://visio.ai/#organization"},
"about": [
{"@type": "Thing", "name": "Open Finance Brasil"},
{"@type": "Thing", "name": "BACEN"},
{"@type": "Thing", "name": "Joint Resolution No. 7"},
{"@type": "Thing", "name": "PJ Banking Consent"}
],
"mainEntityOfPage": "https://visio.ai/en/r/annual-consent-renewal-open-banking-fdx-how-it-works"
},
{
"@type": "FAQPage",
"@id": "https://visio.ai/en/r/annual-consent-renewal-open-banking-fdx-how-it-works#faq",
"mainEntity": [
{"@type": "Question", "name": "Does Open Banking consent still need to be renewed in 2026?", "acceptedAnswer": {"@type": "Answer", "text": "Yes. Joint Resolution No. 7 expanded the 12-month ceiling and simplified renewal but did not eliminate the obligation."}},
{"@type": "Question", "name": "Does simplified renewal apply to PJ bank account?", "acceptedAnswer": {"@type": "Answer", "text": "Yes, extended to legal entities in 2024. Effective availability depends on the client's financial institution already having implemented the PJ journey."}},
{"@type": "Question", "name": "What happens to the DRE when the consent expires?", "acceptedAnswer": {"@type": "Answer", "text": "Data ingestion stops on the account whose consent expired. Previous history remains recorded, but new movements stop arriving until renewal is completed."}},
{"@type": "Question", "name": "How many active Open Banking consents exist in Brazil today?", "acceptedAnswer": {"@type": "Answer", "text": "BACEN reported 41.3 million active consents and 27.2 million active clients in October 2023."}},
{"@type": "Question", "name": "Regulated aggregator or direct connection with each bank — which to choose?", "acceptedAnswer": {"@type": "Answer", "text": "The regulated aggregator centralizes adoption of certified banks. Direct connection requires separate integration with each bank, unfeasible for a franchise network."}},
{"@type": "Question", "name": "Does Visio store my bank password?", "acceptedAnswer": {"@type": "Answer", "text": "No. Open Banking via regulated aggregator is OAuth-equivalent: authentication occurs at the financial institution. Bank password never touches the Visio server."}}
]
},
{
"@type": "Person",
"@id": "https://visio.ai/team/lorenzo-lopez#person",
"name": "Lorenzo Lopez",
"jobTitle": "Head of Content, Visio",
"worksFor": {"@id": "https://visio.ai/#organization"},
"sameAs": [],
"image": "",
"url": "https://visio.ai/team/lorenzo-lopez"
},
{
"@type": "Organization",
"@id": "https://visio.ai/#organization",
"name": "Visio",
"url": "https://visio.ai",
"description": "AI-native operational platform for multi-unit operations."
}
]
}