Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.enrichlatam.com/llms.txt

Use this file to discover all available pages before exploring further.

The Compliance BR bundle runs five compliance checks against any Brazilian CNPJ in a single API call and returns a consolidated response with a deterministic risk_level plus the raw findings from every source — designed for CSRD assurance and EUDR supplier due diligence workflows.
This is a bundle, not a different product. Internally each underlying module retains its own cache, audit fields and sources_checked metadata. The consolidated response stays audit-grade so you can hand it to a Big Four auditor or pass it through to your CSRD reporting platform.

Why this bundle exists

CSRD (Corporate Sustainability Reporting Directive) and EUDR (EU Deforestation Regulation) oblige large EU companies to document the integrity of every supplier — including those in Latin America. Brazil is the hardest country to evidence: the data is public, but it lives in five different government portals. Compliance BR aggregates all five into one consolidated response so a procurement or compliance team can verify a Brazilian supplier in seconds instead of 30–60 minutes per CNPJ.

What’s included

CheckSourceWhat it covers
KYBReceita Federal (via OpenCNPJ)Legal name, status, activity, registration date
SanctionsOFAC SDN, UN ConsolidatedInternational sanctions watchlists
DebarmentCEIS, CNEP (Portal da Transparência)Public-procurement bans + corruption-related penalties
LaborLista Suja (Ministério do Trabalho)Employers found using slave-analogous labor
OwnersReceita Federal (QSA)Partners, directors and legal representatives

Risk level

The consolidated response includes a deterministic risk_level computed as follows:
LevelWhen
highAny sanctions match or Lista Suja record
mediumAny debarment record (CEIS/CNEP) or KYB status is not active
lowAll checks clean and KYB active
The risk_reasons array surfaces every signal that contributed — even when high overrides medium, every triggered reason is reported so your audit trail is complete.

Request

POST /v1/compliance-br

{
  "cnpj": "11.222.333/0001-81"
}

Parameters

FieldTypeRequiredDescription
cnpjstringBrazilian CNPJ. Formatting optional (with or without dots/slashes).

Response

{
  "cnpj": "11.222.333/0001-81",
  "company_name": "EMPRESA EXEMPLO LTDA",
  "risk_level": "low",
  "risk_reasons": [],
  "checks": {
    "kyb": {
      "company_name": "EMPRESA EXEMPLO LTDA",
      "status": "active",
      "verified": true,
      "founded_year": 2015,
      "data_as_of": "2026-04-30"
    },
    "sanctions": {
      "is_sanctioned": false,
      "matches": [],
      "sources_checked": ["OFAC_SDN", "UN_CONSOLIDATED"]
    },
    "debarment": {
      "is_debarred": false,
      "records": [],
      "sources_checked": ["CEIS", "CNEP"]
    },
    "labor": {
      "has_violations": false,
      "records": [],
      "sources_checked": ["TRABALHO_ESCRAVO"]
    },
    "owners": {
      "count": 3,
      "owners": [
        {
          "name": "João da Silva",
          "role": "Sócio-Administrador",
          "entity_type": "individual",
          "identifier": "***123456**",
          "entry_date": "2015-03-12",
          "country": "Brasil",
          "legal_rep_name": null,
          "legal_rep_role": null
        }
      ]
    }
  },
  "sources_failed": [],
  "generated_at": "2026-05-02T14:32:11+00:00"
}

Response fields

FieldTypeDescription
cnpjstringThe queried CNPJ
company_namestringResolved from KYB, falling back to Owners if KYB returns no name
risk_levelstringlow | medium | high
risk_reasonsarray of stringsEvery signal that contributed to the risk level
checks.kybobject | nullKYB result, or null if the source failed
checks.sanctionsobject | nullSanctions result, or null if the source failed
checks.debarmentobject | nullDebarment result, or null if the source failed
checks.laborobject | nullLabor result, or null if the source failed
checks.ownersobject | nullOwners result, or null if the source failed
sources_failedarray of stringsNames of checks that failed for this request
generated_atstringISO datetime of this consolidated response

Partial failures

If one or more underlying sources are temporarily unavailable, the endpoint still returns 200. The affected checks appear as null and their names are listed in sources_failed. The risk level is computed from whatever data was successfully retrieved — a positive signal from another source still escalates the risk level. This is intentional: returning a clean low when a source is down would be misleading for a CSRD audit trail. By surfacing the gap explicitly, your compliance team can decide whether to retry, escalate, or document the limitation.

Use cases

  • CSRD assurance — auditable supplier integrity records for ESG reports
  • EUDR compliance — verify Lista Suja status for any agricultural supplier
  • Procurement onboarding — full vendor risk check in seconds, not hours
  • Periodic re-screening — schedule monthly checks for your active supplier base
  • Pre-contract diligence — block high-risk suppliers before contract signature

Caching and freshness

Each underlying source has its own cache TTL — typically 6h–24h. When you call /v1/compliance-br, the consolidated response will read from the per-source caches when available, so repeated calls within the cache window are fast and cheap. Every check carries its own freshness metadata (data_as_of for KYB, lists_updated_at is reflected through sources_checked for sanctions, and so on) so you always know how fresh the underlying data is.

Pricing

PlanPriceIncludes
Standard$99/month500 consolidated verifications + $0.30 overage
EnterpriseContact usVolume pricing, MSA, SLA
A consolidated verification counts as one — not five.
The Compliance BR module is enabled separately on your API key. If your key already has KYB, Sanctions, Debarment, Labor and Owners individually, those modules continue to work as standalone endpoints — the bundle is a different SKU intended for compliance teams who want one consolidated call.

Error responses

StatusDescription
422Invalid or malformed CNPJ
403Missing API key, or compliance_br module not in plan
429Rate limit exceeded
A low risk level means no records were found in the registries we check at the time of the request. It is not a regulatory clearance. Your compliance program should define the frequency and scope of these checks as part of a broader due diligence process.

Request access

See the full product page and request an API key.