Operation Sangue Impuro investigated irregularities in the importation of horses. The suspect’s name first appeared in a plea agreement in 2015. In 2018, when the police inquiry was formally opened, a Financial Intelligence Report (RIF) issued by COAF had already been attached to the case file — requested before the investigation itself was formally instituted.
That detail proved decisive. The Superior Court of Justice (STJ) declared the evidence unlawful and ordered the investigation to be dismissed. The case reached Brazil’s Supreme Federal Court (STF), where it was recognized as a matter of general repercussion (Topic 1,404).
The urgency of the Court’s interim ruling was reinforced by information brought into the case by the Institute for the Defense of the Right of Defense, indicating that, in the context of Operation Bazaar, state agents had been using financial intelligence reports outside formal investigations — mapping individuals based on financial activity and, in some cases, using such data as a tool for pressure and extortion.
On March 27, 2026, Justice Alexandre de Moraes issued an interim decision establishing a clear limit: COAF data cannot be used as the starting point of a criminal investigation.
What is a Financial Intelligence Report — and why it is not an ordinary document.
A Financial Intelligence Report (RIF) is produced by COAF based on mandatory reports submitted by regulated entities — banks, brokers, insurers and other financial intermediaries. When these entities detect atypical transactions, they are required to notify COAF, which then analyzes and cross-references the data before issuing a report.
Technically, a RIF is not a formal breach of bank secrecy. In practice, however, it can produce similar effects: it reconstructs financial flows, reveals behavioral patterns and identifies economic and transactional links. Its impact on privacy is therefore significant — which demands strict limits on how and when it can be used.
Financial intelligence and criminal investigation are not the same
COAF does not investigate crimes. It receives mandatory disclosures of atypical transactions and produces intelligence reports based on that data.
Criminal investigation operates on a different footing. Whether conducted through a police inquiry or by the Public Prosecutor’s Office, it begins with a defined fact, requires a minimum level of suspicion and unfolds within a formal procedure, with a defined scope and an identified target. Investigations are not conducted to “see what turns up”; they are conducted because there is something specific to be investigated.
When a RIF is requested before any formal investigation is in place — to map financial activity and, from that, decide who should be investigated — this logic is reversed. Data ceases to be a supporting element and becomes the basis for selecting targets.
That is precisely what characterizes a fishing expedition: the use of investigative tools not to examine a defined set of facts, but to determine whether any facts exist at all.
What the Supreme Court had already said — and what remained unresolved
This was not the first time the STF addressed the issue. In RE 1.055.941/SP (Topic 990), the Court recognized the constitutionality of sharing financial intelligence reports with prosecutorial authorities, provided constitutional limits were observed. The Court did not endorse unrestricted access.
That precedent rejected the use of financial intelligence as a means of prospecting targets in the absence of a prior investigation. The starting point remained the existence of an ongoing inquiry.
What remained unclear was the status of requested reports: whether, even within a formal investigation, authorities could request a RIF without demonstrating concrete necessity. The STJ began to restrict such requests in certain cases; the STF, in turn, overturned decisions adopting that position. The result was legal uncertainty.
Topic 1,404 emerges precisely in this context — not to decide whether sharing is possible, but to define the conditions under which it is legitimate.
The interim ruling: objective criteria and immediate effects
To address this uncertainty, the interim decision in Topic 1,404 establishes a clear framework: financial data sharing is allowed, but subject to verifiable conditions.
Pending final judgment by the Court’s plenary, Justice Alexandre de Moraes set out objective parameters for requesting RIFs:
- A formal proceeding must already exist. This includes police inquiries, prosecutorial investigations or administrative/judicial proceedings of a sanctioning nature. Preliminary checks and non-punitive procedures are excluded.
- The target must be identified. The request must expressly state that the individual is formally under investigation, supported by the corresponding act of initiation.
- Strict relevance is required. The connection between the requested data and the object of the investigation must be concrete and specific. Generic or exploratory requests are not permitted.
- Fishing expeditions are prohibited. A RIF cannot be the first or sole investigative measure. Its necessity must be demonstrated within an already structured investigation.
- Judicial and parliamentary requests are subject to the same rules. Courts and parliamentary inquiry committees are not exempt.
- Express prohibitions apply. RIFs cannot be requested to support preliminary fact-finding procedures or non-sanctioning inquiries.
The most immediate consequence concerns ongoing investigations. The ruling applies to reports already obtained and attached to case files: if these requirements are not met, the evidence is unlawful — and so is any evidence derived from it.
What remains unsettled
The ruling is provisional. The final decision in Topic 1,404 will be rendered by the full Court, where the definitive contours will be established. For now, the decision stabilizes the legal landscape and signals its direction.
There is no absolute prohibition on requesting RIFs. What the Court has done is impose conditions: a formal investigation, a defined target and a concrete justification are required. Outside these parameters, requests are unlawful.
Spontaneous reports issued by COAF remain possible. When the agency, based on its own risk analysis, identifies atypical activity and produces a report on its own initiative, this is not a targeted request — and therefore does not fall under the same restrictions.
What changes in practice
The decision enforces a limit that had often been disregarded in practice: access to financial data cannot precede the investigation itself. If a RIF was requested without a formal proceeding, without an identified target or without a concrete justification, the evidence is unlawful — and it compromises everything derived from it.
Authorities can no longer approach COAF without a defined investigative basis and ask what information exists about a given individual.
This has a direct impact on ongoing cases. Reports obtained at the earliest stages — or even before the formal initiation of proceedings — become vulnerable to challenge. In many instances, such data forms the foundation for more intrusive measures, including bank secrecy breaches and search warrants.
The issue is no longer abstract. It now affects the validity of entire investigations. If the evidence was obtained in violation of these requirements, it cannot be cured later.
If your company — or you personally — are subject to financial investigations, it is essential to assess how this data was obtained
