How to Develop a Fintech App: Requirements, Costs, and Compliance in Brazil
Complete technical guide to fintech app development in Brazil: Central Bank regulation, PCI-DSS, LGPD, tech stack, costs per module, open banking, and security.
The Fintech Market in Brazil: Opportunity and Complexity
Brazil is the largest fintech market in Latin America and one of the five largest in the world, with over 1,000 active fintechs according to ABFintechs' 2025 Fintech Report. PIX, launched by the Central Bank in 2020, processed over 50 billion transactions in 2025, representing the world's largest instant payment system per capita.
Developing a fintech app is substantially more complex than a conventional marketplace or management app. The difference lies in the level of regulation, security requirements, and the responsibility the company assumes when handling third-party money.
For those starting to understand development costs, read our complete app cost guide. To understand how to start smaller, see our guide on app MVPs.
Fintech Types and Their Regulatory Requirements
| Fintech Type | Applicable Regulation | Regulator | Required License |
|---|---|---|---|
| Payments (digital wallet, POS) | Law 12.865/2013, Res. BCB 80/2021 | Central Bank | IP (Payment Institution) |
| Direct consumer credit | Res. CMN 4.656/2018 | Central Bank | SCD (Direct Credit Company) |
| P2P lending | Res. CMN 4.656/2018 | Central Bank | SEP |
| Investments | ICVM 558, ICVM 617 | CVM + Central Bank | CVM Accreditation |
| Exchange | Res. BCB 277/2022 | Central Bank | Specific authorization |
The Central Bank authorization process for a Payment Institution takes an average of 12-24 months and requires minimum capital of R$ 1 million to R$ 10 million depending on the segment. Many fintechs opt for partnerships with already-licensed IPs (banking-as-a-service) to accelerate go-to-market.
Essential Compliance Requirements
LGPD (Brazilian Data Protection Law)
Mandatory for any company processing personal data of Brazilians. For fintechs, exposure is maximum as the data handled includes financial data, identity data, sensitive data (credit score, income), and behavioral data.
Key implementation requirements: explicit and revocable consent per data type, DPO appointment (mandatory for medium and large fintechs), privacy by design architecture, data subject rights mechanisms (access, portability, correction, deletion), and a defined incident notification process (72-hour window to notify ANPD).
PCI-DSS
Required for any application that processes, stores, or transmits credit or debit card data. Key developer requirements: card data never stored locally on the device, card numbers and CVV tokenized before network transit, HTTPS/TLS 1.2+ exclusively for communication with processors, use of PCI-certified SDKs (Stripe, Adyen, Pagar.me), and annual penetration testing.
KYC/AML
All money-moving apps must implement: CPF + photo document verification (OCR + facial recognition), CPF validation via Federal Revenue API, OFAC/PEP list verification, suspicious transaction monitoring, and COAF reporting for cash transactions above R$ 10,000.
Essential Features by App Type
Digital Wallet / Payment App
| Feature | Complexity | Technical notes |
|---|---|---|
| Onboarding with KYC | High | Document OCR + facial biometrics + Revenue Service query |
| Balance and statement | Medium | Real-time update via websocket or polling |
| PIX (receive and send) | High | Integration with licensed PSP; QR Code generation |
| Virtual card | High | Tokenization (Apple Pay/Google Pay), PCI-DSS |
| Biometric authentication | Medium | Face ID, Touch ID, Android biometrics |
Recommended Technical Architecture
Mobile (Frontend)
For fintechs, Flutter has shown excellent results. Its own rendering engine eliminates UI inconsistencies between platforms — critical in financial apps where consistency builds trust. Native biometric integration (Face ID, Touch ID, Android biometrics) is mature and tested in the Flutter ecosystem.
Alternative: React Native with new architecture (JSI) for teams with JavaScript experience. For apps requiring very deep integration with specific security hardware, native (Swift + Kotlin) is the right choice. Read our comparison: native vs hybrid vs cross-platform app.
Backend
- REST API or GraphQL: Node.js + NestJS or Kotlin + Spring Boot are the most common choices in Brazilian fintechs
- Database: PostgreSQL for transactions (ACID compliance), Redis for cache and sessions, MongoDB for event logs
- Message broker: Kafka or RabbitMQ for asynchronous transaction processing
- Event sourcing: stores each transaction as an immutable event — ideal for audit and reconciliation
Infrastructure and Security
- Cloud: AWS, GCP, or Azure with Brazilian region (data in Brazil, per LGPD)
- AES-256 encryption at rest for sensitive data
- TLS 1.3 in transit for all communication
- Certificate pinning to prevent man-in-the-middle attacks
- Jailbreak/root detection blocking financial features
- Code obfuscation to hinder reverse engineering
Payment Gateway Integration
| Gateway | Strengths | Integration | Cost per transaction |
|---|---|---|---|
| Pagar.me (Stone) | Robust API, transparent checkout, strong support | REST API + SDKs | 2.2% to 3.5% |
| Stripe | Best DX, excellent documentation, international | REST API + Flutter/RN SDKs | 2.9% + R$ 0.50 |
| Adyen | Enterprise, global, high availability | Complex API, best for high volume | 0.3% + interchange fee |
| Mercado Pago | Credit marketplace, cashback | REST API | 2.99% to 5.19% |
Cost Estimate by Module
| Module | Complexity | Estimated Cost (BRL) | Notes |
|---|---|---|---|
| Onboarding + KYC | High | R$ 35,000 - R$ 80,000 | OCR, facial biometrics, bureau queries |
| Core financial (balance, statement, transfers) | High | R$ 40,000 - R$ 90,000 | Reconciliation, ACID consistency |
| PIX integration | Medium-high | R$ 25,000 - R$ 55,000 | QR Code, PIX keys, DICT |
| Virtual/physical card | High | R$ 45,000 - R$ 100,000 | Tokenization, PCI-DSS, processor |
| Credit module | Very high | R$ 80,000 - R$ 200,000 | Credit engine, digital signature, bureaus |
| Admin dashboard + compliance | Medium | R$ 30,000 - R$ 60,000 | Transaction monitoring, COAF reports |
Total Cost Estimate by Fintech Type
| Type | Scope | Timeline | Estimated cost |
|---|---|---|---|
| Digital wallet MVP | KYC + balance + PIX + transfers | 5-8 months | R$ 150,000 - R$ 300,000 |
| Credit app MVP | Simulation + analysis + contract + disbursement | 6-10 months | R$ 200,000 - R$ 450,000 |
| Full fintech | All modules above | 12-24 months | R$ 500,000 - R$ 1,500,000 |
FWC Tecnologia's Fintech Experience
FWC Tecnologia has experience in financial application development, including payment gateway integrations (Pagar.me), KYC flows with facial recognition, NFC payment apps, and financial management systems.
Our process for fintech projects: security-focused architecture from the discovery phase, integration with Brazil's main gateways and credit bureaus, production-tested stack (Flutter + Node.js/NestJS + PostgreSQL + Redis), and delivery of security documentation for regulatory due diligence.
If you are evaluating developing a fintech, the conversation needs to start at the regulatory scope before reaching the technical scope. Request a technical meeting with our team to map the specific requirements of your financial project. Also see our guide on essential questions before hiring a software company.
Guia completo sobre MVP de aplicativos: o que incluir, quanto custa, prazo, como medir sucesso e quando pivotar. Para startups e empresas que querem validar antes de investir o orcamento completo.
Saiba maisChecklist com as 10 perguntas criticas que todo empresario deve fazer antes de contratar uma software house. O que perguntar, por que importa e qual resposta voce deveria esperar.
Saiba maisEntenda as diferencas tecnicas entre desenvolvimento nativo, hibrido e cross-platform. Comparativo com scores, custos, performance e quando usar cada abordagem no seu projeto.
Saiba maisGuia completo sobre desenvolvimento de software sob medida: quando faz sentido, comparativo com solucoes prontas, processo de desenvolvimento, vantagens de seguranca, escalabilidade e integracao.
Saiba mais