← Back to all briefings
Compliance 6 min read Published Updated Credibility 90/100

Compliance Briefing — Brazil CVM Resolution 193 anchors ISSB-aligned sustainability assurance

On 20 October 2023 the Comissão de Valores Mobiliários (CVM) issued Resolution 193, requiring listed companies in Brazil to publish sustainability reports aligned to ISSB IFRS S1 and S2 from fiscal 2026 (large issuers) with phased adoption through 2027 and subject to independent assurance. The rule sets LATAM expectations for climate metrics, governance disclosures, and audit-ready controls that mirror EU CSRD and PCAOB assurance principles.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: The Brazilian securities regulator, Comissão de Valores Mobiliários (CVM), adopted Resolution 193 on , mandating sustainability reports aligned to the International Sustainability Standards Board (ISSB) IFRS S1 and IFRS S2.[1] Large accelerated issuers must apply the requirements for fiscal years beginning on or after ; other listed companies follow in 2027, and assured sustainability reporting becomes mandatory alongside existing financial audits.[2] The rule positions Brazil as an early LATAM adopter of climate and sustainability assurance, bringing expectations closer to EU CSRD and SEC climate proposals.

Resolution 193 requires companies to disclose governance, strategy, risk management, and metrics and targets consistent with ISSB standards. It demands transparent descriptions of climate transition plans, financed and operational emissions, and the processes used to identify and manage sustainability-related risks. The CVM rule also establishes an assurance path: sustainability information must be subject to independent assurance, initially limited assurance with a roadmap toward reasonable assurance as standards mature.

Scope, phased timelines, and filing mechanics

The rule applies to all issuers in categories A and B that are required to file annual reference forms with CVM, excluding investment funds.[1] Category A issuers with free float above BRL 40 billion implement in 2026; remaining category A and B issuers adopt in 2027. Companies can opt for early adoption if they also adopt IFRS S1 and S2 in full.

Reports must be filed in Portuguese via the CVM system as part of the annual reference form, alongside audited financial statements. CVM encourages digital tagging consistent with ISSB taxonomy developments, signaling that structured data will become part of supervisory analytics. Compliance teams should map sustainability disclosures to internal control frameworks used for financial reporting to ensure consistency of governance statements, risk factors, and quantitative metrics.

Governance and control expectations

Resolution 193 ties sustainability reporting to board oversight and management accountability. Boards must describe how they oversee sustainability risks, how responsibilities are allocated to committees, and how management monitors and responds to those risks.[1] Internal control over sustainability information should mirror financial reporting controls: defined owners for data elements, change-control logs, and review-and-approval evidence.

Audit committees should extend their charters to include sustainability disclosures, ensuring that internal audit tests controls over greenhouse gas inventory calculations, scenario analysis, and transition plan tracking. Because CVM requires assurance, management must prepare evidence binders for assurance providers: data lineage for metrics (e.g., Scope 1, 2, and relevant Scope 3), model documentation for scenario analysis, and tie-outs between sustainability and financial statements where climate risks affect impairment, provisions, or asset lives.

Assurance requirements and auditor coordination

CVM’s press release confirms that sustainability reports will undergo independent assurance, initially at limited assurance with the potential to move to reasonable assurance.[2] That places Brazil alongside jurisdictions such as the EU (CSRD/ESRS) and Singapore (MAS climate disclosures) in demanding audit-ready sustainability data. Issuers should engage with their external auditors early to determine whether the financial statement auditor or another assurance provider will sign the sustainability opinion.

Key preparatory steps include establishing evidence repositories, aligning measurement methodologies with ISSB technical guidance, and performing readiness assessments against IAASB’s forthcoming ISSA 5000 assurance standard. Where estimation uncertainty is high—such as financed emissions or climate scenario outputs—management should document assumptions, data sources, and sensitivity analyses to support auditor challenge.

Data, scenario analysis, and transition plans

Resolution 193 echoes IFRS S2 by requiring companies to disclose transition plans, scenario analysis results, and metrics and targets that are consistent across reporting periods.[1] Companies should select scenarios reflective of Brazil’s sector exposures (e.g., energy transition in oil and gas, deforestation risks in agriculture) and explain how assumptions tie to business strategy. Data governance must extend to supply-chain emissions and financed emissions where material.

Because Brazil’s regulation references ISSB directly, issuers can leverage global tooling and methodologies being built for ISSB and CSRD programmes. Nevertheless, companies must adapt controls to local specifics: Portuguese-language filings, CVM electronic submission formats, and alignment with Brazilian Corporate Law for management reports. Cross-functional working groups should ensure climate data reconciliation with financial planning and with any environmental permits or IBAMA reporting to avoid inconsistencies.

Implementation checklist for Brazilian issuers

To meet the 2026/2027 deadlines, compliance officers should drive a staged plan:

  • Assign executive sponsors and board committees to oversee ISSB adoption, with documented reporting lines.
  • Map ISSB disclosure requirements to existing sustainability and financial data sources; identify gaps for Scope 3 and climate scenario capabilities.
  • Design internal controls over sustainability information (ICoSI), mirroring SOX-style ownership, documentation, and testing.
  • Engage external auditors on assurance scope, materiality thresholds, and evidence expectations; schedule dry-run assurance in 2025.
  • Localize disclosures and controls for Portuguese filings and CVM submission formats, including any XBRL or tagging once released.
  • Train investor-relations and legal teams to align sustainability narratives with financial statements and risk factors.

Resolution 193 sets a LATAM benchmark for sustainability governance and assurance. Companies that operationalize ISSB data pipelines, internal controls, and audit coordination now will be prepared for the phased compliance dates and will strengthen investor confidence in climate and sustainability reporting.

Investor communication and enforcement outlook

CVM signaled that enforcement will focus on the quality of governance narratives, the traceability of metrics, and alignment between sustainability and financial disclosures. Investor-relations teams should prepare briefings explaining how ISSB metrics tie to capital allocation and risk management, reducing the risk of greenwashing allegations. When climate risks affect forecasts or impairments, management must reconcile those assumptions with sustainability targets to avoid inconsistencies.

Issuers should also monitor how other LATAM regulators—such as Chile’s CMF or Mexico’s CNBV—reference ISSB in their roadmaps to ensure cross-listing filings remain consistent. Early adopters can differentiate by publishing assurance-ready data dictionaries, control matrices, and scenario assumptions, demonstrating maturity before the 2026/2027 deadlines and reducing scrutiny during CVM supervisory reviews.

Data quality metrics and control monitoring

To make sustainability information assurance-ready, issuers should define data quality thresholds for completeness, timeliness, and accuracy. Dashboards that show the percentage of emissions data sourced from primary evidence, the share of suppliers covered by activity-based estimates, and the number of manual adjustments flagged for review provide transparency to both management and auditors. Out-of-tolerance thresholds should trigger remediation tickets and management sign-off.

Companies can leverage existing internal control over financial reporting (ICFR) tooling—such as control attestations, issue trackers, and certification workflows—to monitor sustainability controls. Aligning control testing cycles for financial and sustainability reporting reduces duplicate effort and demonstrates to CVM that governance is embedded rather than parallel.

IFRS S1/S2 data governance: CVM expects issuers to use ISSB baselines, which require entity-wide control over significant judgements, estimates, and assumptions. Build a data dictionary for climate and sustainability metrics, map control owners, and implement change logs for emission factors, scenario choices, and transition-plan assumptions. Maintain Portuguese and English versions of policies to support cross-border investors.

Assurance readiness beyond phase-in: Even where assurance is phased, issuers should prepare for limited assurance over both qualitative disclosures and quantitative metrics (Scopes 1, 2, and material Scope 3). Align evidence folders to ISAE 3000/ISSA 5000 criteria, including management representation letters, sampling procedures, and evidence of board approval of sustainability statements.

Integration with audit committees: Audit committees should receive quarterly updates on CVM Resolution 193 milestones, management’s application of materiality for sustainability topics, and status of remediation for control deficiencies. Meeting minutes should reference specific IFRS S1/S2 paragraphs to show how oversight aligns with ISSB expectations.

Regulator and investor communication: CVM has signalled active monitoring of issuers’ readiness and may request explanations during the transition. Maintain prepared Q&A for investor calls covering methodology changes, scenario selection, and how management addressed data gaps. Keep correspondence logs to demonstrate transparent engagement.

Testing and continuous improvement: Run dry-run filings using 2024 data to validate consolidation, tagging, and narrative coherence before mandatory submission. Track KPIs such as percentage of ESRS-to-IFRS S2 reconciling items resolved, number of data quality exceptions per reporting cycle, and remediation cycle time for control issues uncovered by internal audit or external assurance providers.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Sustainability reporting
  • ISSB
  • Assurance
  • Climate risk
Back to curated briefings