Law 15.190/2025 and the new culture of environmental governance in banks

In the current scenario of regulatory rigor, financial institutions face the constant challenge of adapting their internal processes to legislative changes. A recent milestone in this regard was the revision of the environmental licensing law, which made it explicit that banks must require environmental licenses from their clients when financing projects or activities.

Although the sector already conducts this control in some form, the new legislation brings new challenges for financial institutions, as we will see in this article.

Enjoy the reading! 

1. Law 15.190/2025 and the responsibility of financial institutions

In the wording of Law 15.190/2025 - General Environmental Licensing Law (LGLA), Article 58 adopts a model of subsidiary liability for financial institutions that do not require an environmental license when financing activities or projects subject to licensing.

Art. 58. The natural or legal person, public or private, including a development institution, that contracts an activity or project subject to environmental licensing must demand the presentation of the corresponding environmental license, defined by the licensing authority member of Sisnama, having no duty to inspect the contractor's environmental regularity, under penalty of subsidiary liability, to the extent and proportion of their contribution, regarding environmental damages resulting from the execution of the activity or project.  

§ 1º Institutions supervised by the Central Bank of Brazil, in the exercise of their legal and regulatory functions, must require the corresponding environmental license, defined by the licensing authority member of Sisnama, for the financing of activities or projects subject to environmental licensing, having no duty to inspect environmental regularity, under penalty of being held liable, to the extent and proportion of their contribution, for eventual environmental damages resulting from the execution of the activity or project by the third party directly involved.

§ 2º Once the presentation of the environmental license is required under this article, the contractors with activities or projects subject to environmental licensing and the institutions supervised by the Central Bank of Brazil shall not be held liable for any environmental damages occurring due to the execution of the activity or project.

(Emphasis added)

According to an analysis published in Consultor Jurídico, this definition reveals more than a technical change: it exposes the intense political clash between the Executive and Legislative branches regarding the topic, in a scenario of strong public attention and institutional dispute. 

From a legal point of view, the prevailing thesis was that of subsidiary liability. In practice, this limits the liability of banks to scenarios where three elements are present: 

  1. existence of environmental damage;
  2. breach of the duty of diligence in demanding environmental documentation;
  3. inability of the direct polluter to bear the required repair or compensation.

In this context, the causal link becomes tied to the failure of the financial institution's duty of diligence. Even so, the phrase "to the extent and proportion of their contribution" opens the door to subjective interpretations and can maintain the risk of litigation in cases of environmental damage. 

If the law itself restricts the bank's duty to demanding the license and removes the duty of inspection, how can we precisely define what its contribution to the damage was, beyond the simple financing that made the activity economically viable?

Therefore, although the new wording establishes a minimum standard of action, it does not eliminate the need for more robust socio-environmental governance practices. The formal requirement of an environmental license is important, but insufficient on its own to avert reputational, regulatory, and legal risks. The current scenario demands closer scrutiny of projects with potential environmental impacts.

Thus, it is highly recommended that financial institutions not only demand the applicable licenses and authorizations but also store and track them until the final disbursement of the operation. More than fulfilling a formality at the time of contracting, banks need to adopt consistent monitoring and control routines.

The provision of subsidiary liability represents an advance for banks, but not an absolute shield. The mere requirement of an environmental license is not enough, by itself, to eliminate the risk of liability. 

In a rapidly evolving regulatory environment, it will be the effective practices of due diligence, environmental governance, and the management of social and climate risks that will define the legal security and reliability of financial institutions.

2. The bottleneck of manual monitoring 

Today, with all these legislative changes, the great challenge for financial institutions lies in scale: large institutions have thousands of operations and clients spread across the country, making manual monitoring "quite complex" and, in many cases, unviable.

Many organizations still operate in a limited model, where license tracking is done in a sampled and manual manner. The common workflow involves sending individual emails to clients requesting documents, which are then archived without a real capacity for continuous monitoring.

This approach creates critical vulnerabilities:

  • Lack of comprehensiveness: it is practically impossible to manually monitor thousands of clients and operations nationwide over time.
  • Fragile processes: reliance on emails and spreadsheets ("Word + email + Excel") prevents the traceability and agility required for audits.
  • Risk of obsolescence: without automated monitoring, the institution may not be notified about the revocation, alteration, or expiration of an already issued license.

3. The transition to a regulatory operating system

To overcome these limitations, the financial sector is migrating to solutions that automate the scanning of Federal, State, and Municipal Official Gazettes. The goal is to ensure that 100% of mentions of client licenses are identified at the source, without the need for constant individual requests.

In this scenario, Sigalei acts as a regulatory operating system that transforms this regulatory information into a structured workflow.

3.1. Monitoring and 3-layer triage

The technology uses a coarse filter (technical criteria), a medium filter with AI that prioritizes what is relevant according to the business context, and a fine filter with human validation. This drastically reduces noise and ensures the team focuses only on what impacts the portfolio.

3.2. Connected objects

Inputs (license publications) are no longer isolated texts and become objects linked to the client's context, allowing for semantic search by meaning and not just by keywords.

3.3. Auditable evidence trail

The workflow is standardized: radar → impact → responsible → task → deadline → evidence

This allows the institution to prove compliance during an inspection or audit with the complete history of the decision and the handling of each license.

4. Efficiency and strategic role

By automating environmental license monitoring, the compliance team stops wasting time on manual data entry and repetitive requests and assumes a strategic role. 

The use of AI-assisted technology allows anticipating risks and preparing the organization before requirements become critical regulatory problems.

Is your institution ready to move beyond sampled monitoring and achieve total governance?

Schedule a demo based on a real workflow from your market and discover how Sigalei can orchestrate your regulatory processes with security and traceability.