Well before the COVID-19 crisis, Canadian banks were on the path to digitization, automation and virtualization, but these efforts were accelerated significantly as a result of the pandemic. Canadian banks are now experiencing a surge in rapid integration of technology and digitization amid several developments currently underway that will revolutionize the financial services industry in the coming years.
In particular, the Canadian government has launched initiatives to modernize its payment systems and introduce a consumer-directed banking framework, all of which will further foster the growth of Canada’s fintech ecosystem and increase Canada’s competitiveness as a digital economy in the global landscape.
Areas to Watch
Modernization of Canada’s Payments Systems
Alternative digital payment solution platforms have entered and expanded the market and niche offerings, ranging from independent online trading platforms to digital loans and new financing providers. To address the significant momentum for change taking place in the financial services industry, Payments Canada, responsible for the operation of the national clearing and settlement infrastructure, is undertaking a multi-year initiative to modernize the nation’s payments ecosystem1.
Payments Canada is currently implementing a new real-time payments system, referred to as Real-Time-Rail, or RTR, which will be comprised of: 1) RTR Exchange, to facilitate the real-time exchange of payment messages between participants; and 2) RTR Clearing and Settlement, to perform the real-time clearing and settlement of transactions between participants. Immediate benefits of this new system will include: 1) 24/7 availability; 2) real-time message exchange, where payment and transaction processing and settlement will be fully completed within seconds (i.e., in “real time”); 3) immediate payment finality for payors and payees; and 4) support for the ISO 20022 messaging standards (the data rich global messaging standard that will serve to harmonize payment messages both domestically and internationally).
The greater availability of secure payments data is arriving just in time to spur growth of fintechs in Canada by enabling new financial services, including through open banking APIs.
With an estimated 3.5 to 4 million Canadians already adopting open banking services, consumer-directed (or “open”) banking—a system that allows customers to access personalized products and services that require the secure transfer of financial data from their bank to third parties such as fintechs—is increasingly being leveraged by Canadians2.
In August 2021, the Minister of Finance released the Advisory Committee on Open Banking’s Final Report which recommends that the government implement a hybrid, made-in-Canada approach which recognizes the important and distinct roles of government and industry. Under this hybrid approach, the government will establish the policy objectives, oversee the consultation process, set the framework and timelines, while the industry will manage the implementation and administration of the system. The recommended hybrid, made-in-Canada open banking system would have the following core elements: common rules for all participants; an accreditation framework for third-party service providers to enter the system; and technical specifications to ensure data security.
The Committee suggests a two-staged open banking implementation plan: 1) an initial low-risk open banking system to be designed and implemented by January 2023, followed by 2) a period of ongoing evolution and administration of the system.
In the latest federal budget, the government is proposing to introduce legislation to implement a new retail payments oversight framework (RPOF) to continue to promote growth and innovation in digital payment services, such as digital wallets, while ensuring that these payments services are safer and more secure. It will require non-financial institution payment service providers (PSPs) to establish sound operational risk management practices and protect users’ funds against losses. The RPOF will include a public registry of regulated PSPs maintained by the Bank of Canada to ensure their compliance with operational and financial requirements3.
Canadian Central Bank Digital Currency
As central banks around the world contemplate the adoption of digital reserve currencies, the Bank of Canada is exploring a Central Bank Digital Currency for use in everyday retail payments4. The Bank of Canada has not committed to the issuance of a CBDC and has stated the importance of working with the private sector to create the system. While it has yet to define a process for doing so, this presents a significant opportunity for the industry and stakeholders to work with government in order to establish a robust framework.
As part of this initiative, the Bank of Canada is working alongside the Bank of England, the Bank of Japan, the European Central Bank, the Federal Reserve, Sveriges Riksbank, the Swiss National Bank and the BIS to consider the key features that would be needed for a workable CBDC system.
Doing Deals and Investing
The financial services industry is showing the active pursuit of M&A opportunities; however, as regulatory regimes continue to evolve in alignment with technology and other innovations, dealmakers in the sector will want to keep watch on changes to regulatory approach, new frameworks and guidance, and changing industry best practices to help mitigate risk.
The momentum in financial services M&A activity is continuing, with notable dealmaking across asset management, fintech, insurance, banks and related loyalty partnerships, and international bancassurance (see figure 2 and figure 3 below).
In recent years, the industry has attracted a broader group of investors—including asset managers, pension plans, private equity groups and even retail companies—interested in the opportunities presented by financial services businesses where fees and income streams can produce strong returns and an increased customer base over time. Auction processes involving the sale of insurance, fintech and asset management businesses have been particularly competitive as a result. Opportunities for scale remain ongoing, and we anticipate further consolidation activity in the industry along with sales of non-core assets.
Data Governance and Regulatory Risk
As industry players accelerate their adoption of digital technologies and focus on harnessing the vast and rich transaction and consumer behavioral data they hold, they need to ensure that they collect, use, share, and safeguard such data in compliance with regulatory and contractual obligations as well as industry standards. In addition to privacy and competition law obligations, organizations need to be mindful of whether they are required to comply with industry-based regulations such as the Payment Card Industry Data Security Standard, and/or contractual obligations by financial institutions, payment card networks etc.
Privacy and Cybersecurity
While customer engagement in digital banking continues to gain ground, it is accompanied by a rising risk of privacy breaches and cyber attacks. From an M&A perspective, it is vital that acquirors fully comprehend the privacy and cybersecurity risks associated with their targets. Financial services players must also be mindful of the Canadian privacy law reform presently underway. Canadian governments at the federal and provincial levels have announced their intentions to enhance the Canadian privacy law framework by moving private sector privacy laws towards an EU General Data Protection Regulation model, a model that empowers individuals by providing more control over their personal information. Given the patchwork of federal and provincial private sector laws in place and on the horizon, financial institutions operating across Canada will need to anticipate the extent to which these updated and new privacy laws apply to them. Much of this will be driven by a constitutional division of powers analysis, the outcome of which may have significant operational and regulatory consequences on the financial sector .
Privacy and cybersecurity. While customer engagement in digital banking continues to gain ground, it is accompanied by a rising risk of privacy breaches and cyber attacks. From an M&A perspective, it is vital that acquirors fully comprehend the privacy and cybersecurity risks associated with their targets. Financial services players must also be mindful of the Canadian privacy law reform presently underway. Canadian governments at the federal and provincial levels have announced their intentions to enhance the Canadian privacy law framework by moving private sector privacy laws towards an EU General Data Protection Regulation model, a model that empowers individuals by providing more control over their personal information. Given the patchwork of federal and provincial private sector laws in place and on the horizon, financial institutions operating across Canada will need to anticipate the extent to which these updated and new privacy laws apply to them. Much of this will be driven by a constitutional division of powers analysis, the outcome of which may have significant operational and regulatory consequences on the financial sector5.
More than two years ago, the government introduced in Bill C-86 (Bill), legislative amendments to the Bank Act and the Financial Consumer Agency of Canada Act to strengthen the Financial Consumer Agency of Canada’s mandate and powers, and to introduce the new Financial Consumer Protection Framework (Framework) to further advance consumers’ rights and interests when dealing with their banks. While the amendments to the Financial Consumer Agency of Canada Act came into force in April 2020, the Bank Act amendments introducing the Framework will come into force on June 30, 2022. Applicable to banks and authorized foreign banks, the Framework consolidated existing consumer provisions and regulations and strengthened consumer provisions that apply to banks and authorized foreign banks under the Bank Act. The Framework provides for a wide range of new requirements intended to encourage responsible business conduct and the fair treatment of consumers, including the obligation to establish and implement policies and procedures to ensure that products sold to consumers are appropriate to the for the person having regard to their circumstances, including their financial needs. Particularly onerous are the new complaint management requirements which require comprehensive records to be made of all complaints.
Financial institutions should be mindful of this expanded role of the FCAC and its powers to sanction by enhancing their compliance with financial consumer protection requirements, particularly the more onerous market conduct obligations that are forthcoming in the new framework6.
Enforcement Activity and Litigation
Organizations are also increasingly facing civil liability for failing to comply with their regulatory obligations, predominantly in the form of privacy and data breach class actions. Compliance violations associated with sensitive consumer payments data are particularly likely to attract civil litigation. More attention is also being paid by class action counsel and regulators to the relationship between financial institutions and their clients, especially with regard to the duties owed by financial institutions.
Sources of potential litigation include consumer protection matters, with potential risk areas covering adequate and clear disclosure of fees, conflicts of interest, and exclusions of liability for specific events in standard consumer contracts. Canada’s anti-money laundering regulator, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), has, after a temporary pause during the pandemic crisis, resumed its examinations of industry players’ potential breaches of anti-money laundering and countering terrorist financing legislation. This will further lead to heightened regulatory scrutiny in the financial services industry7.
See Torys bulletin, “How will Canada reinvent its payments framework for a post-pandemic digital reality”, available here.
Available here. The report finds that the term “open banking” is often misunderstood and that “consumer-directed finance” more accurately reflects what is intended, providing better control over and protection of their financial data.
See Torys bulletin, “Budget 2021’s impact on the Canadian financial sector”, available here.
Bank of Canada report 2021, available here. See also Torys bulletin, “Digital dollars: central banks, cyber space and your cash”, available here.
See Torys bulletin, “Cross-border privacy and cybersecurity considerations for M&A”, available here
See Torys bulletin, “Roadmap for the new financial consumer protection framework”, available here.
For detail, see Torys’ bulletin, “Mitigating litigation risks, enforcement actions for financial institutions”, available here.
To discuss these issues, please contact the author(s).
This publication is a general discussion of certain legal and related developments and should not be relied upon as legal advice. If you require legal advice, we would be pleased to discuss the issues in this publication with you, in the context of your particular circumstances.
For permission to republish this or any other publication, contact Janelle Weed.