Financial institutions are at the forefront of the growing threat posed by foreign interference in Canada, and recent legislative initiatives by the federal government, along with the release of an Integrity and Security Guideline by the Office of the Superintendent of Financial Institutions (OSFI) are attempting to address and mitigate this threat.
This article sets out recent legislative and regulatory efforts to combat foreign interference within the Canadian financial sector.
As defined in OSFI’s Integrity and Security Guideline (the Guideline), “foreign interference” consists of activities that are (1) within or relating to Canada, detrimental to the interests and security of Canada, and (2) are clandestine, deceptive or involve a threat to any person, including attempts to covertly influence, intimidate, manipulate, interfere, corrupt, or discredit individuals, organizations, and governments to further the interests of a foreign state or non-state actor.
Foreign interference challenges public confidence in Canada’s financial system. Examples of foreign interference in the financial system include the use by foreign actors of Canadian financial institutions’ networks to steal sensitive financial data and the use of individuals as proxies to conduct illicit financing activities or to donate to a political party or candidate for purposes of foreign interference.
The federal government’s legislative efforts to remediate and prevent foreign interference in the Canadian financial system is fairly recent. In June 2023, parliament passed Bill C-47, which, among other things, expanded the Minister of Finance (the Minister) and OSFI’s supervisory powers over federally regulated financial institutions (FIs), leading to OSFI’s publication of the Guideline. In addition, Bill C-70, An Act respecting countering foreign interference, tabled in May 2024, introduced a new Foreign Influence Transparency and Accountability Act which will also apply to the financial services sector. Security threats are also addressed in Canada’s new Consumer-Driven Banking Framework, details of which were released as part of the federal budget in April 2024.
Bill C-47 creates an increased mandate for OSFI and provides new powers for the Minister relating to national security and foreign interference through amendments to the Bank Act, the Insurance Companies Act, the Trust and Loan Companies Act, the Office of the Superintendent of Financial Institutions Act and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the PCMLTFA).
The key provisions of Bill C-47 dealing with foreign interference are as follows:
As a result of OSFI’s increased mandate in Bill C-47, OSFI released its Guideline in January 2024, which sets out expectations and standards regarding the integrity and security policies and procedures that FIs must implement to combat threats to their integrity and security, including foreign interference. OSFI believes that FIs can protect against risks to their security1 if they act with integrity2, as a lack of integrity can lead to vulnerability to security threats, such as foreign interference.
According to the Guideline, FIs can strengthen their integrity through the following four principles:
The Guideline also sets a standard of necessary and effective security measures to thwart foreign interference. Proper security, according to the Guideline, should include (1) the physical security of premises (i.e., buildings and servers), (2) data security through data classification and restricted access to sensitive data through its life cycle, and (3) screening directors, senior management, employees and contractors to ensure they are not subject to undue influence, foreign interference and malicious activities, through background checks. The Guideline also stresses the importance of preventing third party risks through objective due diligence which is proportional to the level of involvement of a third party. This should include determining the location of operations, corporate headquarters, connection to foreign governments and ownership structure of a third party or its subcontractors.
In addition, the Guideline formalizes reporting requirements if foreign interference is detected or suspected. Specifically, FIs must report to OSFI, the Canadian Security Intelligence Service and the Royal Canadian Mounted Police when there are reasonable grounds to believe that an incident or event has occurred related to undue influence, foreign interference, or malicious activity.
OSFI notes that FIs should consider their susceptibility to undue influence, foreign interference, and malicious activity when applying the expectations of the Guideline. OSFI also expects FIs to evaluate their existing processes and procedures against the Guideline, as well as to develop ongoing monitoring, control, and reporting systems to ensure the efficacy of their policies and procedures relating to integrity and security.
The Foreign Influence Transparency and Accountability Act proposes to create a foreign influence registry, overseen by an independent Foreign Influence Transparency Commissioner, which will require individuals or entities that enter into arrangements with a foreign principal, or undertake activities to influence Canada’s government or political process, to publicly register. This act broadly defines “foreign principal” to include foreign entities (including economic entities), foreign powers or foreign states, which will capture a wide range of businesses such as financial institutions, energy companies, and sovereign wealth funds, among others.
Financial institutions, and other entities that work within the financial services sector, including fintechs and money services businesses, will be required to register if they enter into an arrangement where they carry out, under the direction or in association with the foreign principal, any of the following activities in relation to a political or government process:
Entities working in the financial services sector will have to carefully consider whether their activities fall within the range of activities that would require registration.
Budget 2024 revealed new details on the establishment of a consumer-driven banking framework (the Framework)3. Specifically, legislation will empower the Minister to refuse, suspend, or revoke access to the Framework for national security reasons, and allow the Minister to direct FCAC to take measures related to the Framework for reasons related to national security, to safeguard the integrity or security of Canada’s financial system, or in the best interest of the financial system. Details on the Minister’s powers with respect to national security will be revealed in the Budget Implementation Act, No. 2, which is to be introduced this fall.
Learn more in our overview of foreign interference regulation in Canada.