Canadian Fintech Review

The Canadian landscape

With Toronto being described as the third largest tech hub in North America by the New York Times², the Canadian fintech ecosystem is considered to be internationally competitive.

From coast to coast, fintechs are relatively well distributed across Canada (based on population concentration). Approximately 59.5% of Canadian Fintechs are based in Ontario, 14.8% are based in Québec, 23.5% are based in Western Canada (with the vast majority of those based in British Columbia) and 2% are based in the Atlantic provinces³.

Canadian jurisdictions are also seeing significant in-bound investment from fintechs. Montréal is one of Canada’s leading fintech hubs and houses a number of key investors. While the Atlantic provinces have relatively smaller hubs, there is significant activity such as a US$2.75 billion acquisition of a St. John’s-based fintech by Nasdaq in late 2019, fintech companies continue to receive some of the largest total investment dollars as compared to companies in other industries. According to the Canadian Venture Capital Association’s 2021 Year in Review report, the largest announced deal in Canada in 2021 was Wealthsimple Financial Inc.’s $750M financing round and according to the CVCA’s Q1 2022 Market Overview, the largest announced deal in Western Canada in the first quarter of 2022 was Neo Financial’s $191M financing round.

What is captured in fintech

 
Fintech is a broad term that captures many different verticals. Each of these verticals are large markets in themselves, differentiated by the problems they aim to solve. The most common (and largest) Canadian fintechs categories in operation are Payments, Lending (personal and SMBs), and Back Office. However, fintechs in regtech (i.e., risk management), wealthtech and Personal Financial Management (PFM) are also seeing significant growth. Regtech startups continue to set funding records, wealthtech activity has seen a significant increase in retail and enterprise activity and PFM has responded strongly to the financial challenges of the COVID-19 pandemic, with some PFM fintechs responding particularly well to provide financial support to Canadians in economically uncertain times.

The ecosystem

Any healthy startup ecosystem needs accelerators to support the growth of established firms and incubators to nurture the earliest stages of a company. While competitive to get into, they provide important services for fintech firms such as expert advice, funding, mentorship, networking and training. The funding for such programmes typically comes from a variety of sources including financial institutions and technology companies. Well-known accelerators and incubators in Canada include Innovate Calgary, Ryerson’s Digital Media Zone (DMZ), MaRS Discovery District and Fintech Cadence which is dedicated to supporting the fintech industry. DMZ has a specific fintech stream: DMZBMO Fintech Accelerator⁴.

The talent

CBRE’s 2021 Scoring Tech Talent report noted that Toronto is an outlier for tech talent job creation, adding 54,700 more tech talent jobs than graduates. Canada has been benefitting from the fintech “brain gain” (the difference between the number of technology degrees granted versus the number of technology jobs created). Toronto ranked fourth just behind San Francisco Bay Area, Washington, D.C. and Seattle, among 50 of the largest markets which were analysed to create a scorecard ranking them comparatively, using metrics such as market depth, vitality, and attractiveness to companies seeking talent and talent seeking employment⁵.

Data from the Business Development Bank of Canada (2018) has also demonstrated that Canada’s skilled foreign workers as a percentage of its population has been on the rise and is six times more concentrated than that of the U.S. (attributable to a progressive labour migration policy). Though the pandemic did see a drop off in immigration, initiatives such as virtual work permits have been proposed as economic stability returns. Also contributing to domestic growth has been the strength of Canada’s university-backed incubator system⁶.

Regulatory bodies and approaches

The Canadian financial regulatory system is fragmented with oversight of the financial system divided among, and often overlapping, federal and provincial regulators.

Federal

The three principal federal regulators of financial institutions are: the Office of the Superintendent of Financial Institutions (OSFI); the Canada Deposit Insurance Corporation (CDIC); and the Financial Consumer Agency of Canada (FCAC).

Policy surrounding federal financial services legislation is driven by the Department of Finance and, although they work independently from the Department, OSFI, CDIC, FCAC and the Bank of Canada (BOC) contribute to the development of Canada’s federal financial services legislative and regulatory framework.

OSFI

Established in 1987, OSFI is an independent agency of the federal government and reports to the Minister of Finance. As Canada’s prudential regulator, OSFI has both a regulatory and supervisory role for more than 400 federally regulated financial institutions and 1,200 pension plans. In its regulatory role, OSFI develops rules and other guidance, interprets legislation and regulations, helps to create accounting, auditing and actuarial standards and provides regulatory approvals for certain types of transactions. In its supervisory role, OSFI assesses economic data and trends for issues that could have negative impacts on financial institutions, and, at the same time, assesses financial institutions for weaknesses that could raise solvency or similar critical risks. When weaknesses are identified, OSFI takes steps to work with an affected institution to address these matters.

In August 2021, OSFI released updated requirements governing how federally regulated financial institutions should disclose and report technology and cyber security incidents to OSFI.

CDIC

A federal crown corporation established in 1967, CDIC’s objectives are to:

• provide insurance against the loss of part or all of deposits;
• promote and otherwise contribute to the stability of the financial system in Canada; and
• pursue the objects set out above for the benefit of persons having deposits with member institutions and in such manner as will minimise the exposure of CDIC to loss; and
• act as the resolution authority for its members.

CDIC provides deposit insurance for eligible deposits up to a limit of C$100,000 per insured category at CDIC member institutions. Members include banks, federally regulated credit unions, as well as loan and trust companies and associations governed by the Cooperative Credit Associations Act that take deposits.

In addition to savings and chequing accounts, CDIC coverage applies to guaranteed investment certificates and other term deposits. Notable exclusions from coverage include mutual funds, stocks, bonds, exchange traded funds and cryptocurrencies. While eligible deposits at federally incorporated credit unions are covered, deposits at provincially incorporated credit unions are not; rather, they are covered by provincial insurance corporations established similar to the CDIC model.

CDIC is funded by premiums paid by member institutions and does not receive any public funds to operate.

Recognising that Canadian banks have been rapidly partnering with fintech firms, as well as adopting their own innovation, CDIC identifies on its website the Basel Committee on Banking Supervision’s key observations about the impact of fintech on the banking industry. Recognising that the emergence of fintechs presents a new challenge for CDIC, it reiterates its commitment of actively monitoring the increasing profile of fintechs and the risks they represent to Canadian financial institutions.

FCAC

Established in 2001, FCAC is Canada’s federal financial consumer protection regulator and ensures that federally regulated financial institutions comply with their market conduct obligations under federal legislation, regulations, codes of conduct and public commitments. Although the Payment Card Networks Act (PCNA) also gives FCAC the authority to supervise payment card network operators (PCNOs), its role is limited in this regard since the PCNA lacks implementing regulations. However, FCAC does supervise PCNOs for compliance with market conduct obligations found in voluntary codes of conduct and public commitments.

FCAC also monitors and evaluates trends and issues that may affect financial consumers, educates Canadians about their rights and responsibilities in dealing with financial institutions, and collaborates with stakeholders to contribute to and support initiatives that strengthen the financial literacy of Canadians.

FCAC’s role as overseer of market conduct obligations is becoming increasingly challenging as existing market conduct obligations which are designed for a “paper-based” world become impractical at best, and unworkable at worst, in a digital world. Unfortunately, the disclosure-heavy approach, which is not aligned with today’s digital world, was preserved in the recent modernisation efforts of the federal financial consumer protection legislative framework. The new Framework⁷ which came into force on June 30, 2022 consolidates existing consumer provisions and regulations and strengthens consumer protection provisions that apply to banks and authorised foreign banks under the Bank Act.

In November 2022, the FCAC published a pilot study on BNPL services. Although the FCAC identified potential risks of over-borrowing and over-indebtedness, the FCAC Study falls short of recommending regulations or regulatory oversight. Rather, the FCAC concludes that it will:

• continue to monitor the evolution of the BNPL market in Canada and internationally, and conduct targeted follow-up research on BNPL services in Canada;
• seek to coordinate with provincial and territorial oversight authorities to help support, to the extent possible, the sharing of insights and expertise and the harmonisation of approaches to oversight; and
• continue to provide consumers with access to timely, effective, and unbiased educational information on BNPL services to foster the responsible use of BNPL services.

The BOC

The BOC plays an important role in fostering a stable and efficient financial system. The BOC accomplishes this objective by:

• providing central banking services, including liquidity and lender-of-last-resort facilities;
• overseeing and acting as the resolution authority for critical financial market infrastructures;
• conducting and publishing analyses and research; and
• helping to develop and implement policy.

Under the Payment Clearing and Settlement Act, the BOC acts as the resolution authority for designated financial market infrastructures, such as Canada’s Large Value Transfer System (LVTS), the Automated Clearing Settlement System (ACSS), and other clearing and settlement systems, which are owned and managed by Payments Canada, a public-purpose, non-profit organisation funded by the members that participate in its systems.

The Bank’s role in Canada’s payment systems is poised to further expand with the introduction of the new retail payment oversight framework which is examined in more detail below.

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)

Canada’s financial intelligence unit, FINTRAC, focuses on detecting, preventing, and deterring money laundering and the financing of terrorist activities. FINTRAC fulfils this mandate by engaging in a range of activities including data gathering and analysis (most notably receiving financial transaction reports and voluntary information in accordance with the legislation and regulations) and ensuring compliance by reporting entities with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

Under the PCMLTFA, a “money services business” (MSB) is required to fulfil certain obligations as a reporting entity. This includes registering the MSB’s business with FINTRAC (Canada’s regulator responsible for ensuring compliance with the PCMLTFA), fulfilling reporting and recordkeeping requirements, conducting know-your-client identification, and having a compliance programme.

As of June 1, 2021, amendments to the PCMLTFA have expanded the MSB category of reporting entities to include entities dealing in virtual currencies and foreign exchange dealing entities. These amendments bring within scope certain fintechs, both in and outside Canada, that were not previously subject to the PCMLTFA. FINTRAC considers “dealing in virtual currencies” to include both virtual currency exchange services and virtual currency transfer services. These legislative amendments, along with corresponding regulatory guidance from FINTRAC, have significant implications for the regulation of fintechs dealing in digital currencies. In particular, this amendment expands the application of anti-money laundering laws to entities that may not have previously been subject to the PCMTLFA; namely, fintechs (for example, cryptocurrency trading platforms and exchanges).

Under the new rules for foreign MSBs, businesses dealing in virtual currencies without a place of business in Canada who direct their services at persons or entities in Canada and provide these services to clients in Canada are now subject to the PCMLTFA. This change also has implications for virtual currency exchanges as many operate outside of Canada while servicing Canadian clients.

One of the related amendments to the PCMLTFA is the new obligation for all reporting entities to keep “large virtual currency transaction records” for amounts received in virtual currency of C$10,000 or more in a single transaction, or across several virtual currency transactions that equal C$10,000 or more within a 24-hour period. Such records must include the identity of the person from whom the amount was received, as well as other prescribed information including the date, amount and type of currency and exchange rate. Reporting entities must also file large virtual currency transaction reports in certain circumstances, including where the reporting entity receives virtual currency that can be exchanged for C$10,000 or more in cash in the course of a single transaction, or across several virtual currency transactions that equal C$10,000 or more within a 24-hour period. These reports are not required for amounts received from another financial entity or public body, or a person acting on their behalf. As with the expansion of the MSB concept noted above, this amendment to reporting requirements is most likely to impact fintechs.

As of April 27, 2022, amendments to the PCMLTFA have further expanded the MSB category of reporting entities to include crowdfunding platforms and certain PSPs. These amendments again bring within scope certain fintechs, both in and outside Canada, that were not previously subject to the PCMLTFA. Such entities need to register with FINTRAC as MSBs or foreign MSBs, as applicable, and are now subject to the PCMLTFA and its associated obligations with respect to reporting and recordkeeping requirements, conducting know-your-client identification, ongoing monitoring, and having a compliance programme. More specifically, crowdfunding platforms now need to perform know-your-client identification on (i) any individual or entity that receives crowdfunding platform services, and (ii) any individual or entity who donates $1000 or more to a crowdfunding platform. These obligations extend to transactions in both fiat and virtual currency. The amendments come in the aftermath of the protests in Ottawa in early 2022 and the temporary (30-day) extension of obligations under the PCMLTFA to crowdfunding platforms and certain PSPs pursuant to the federal government’s Emergency Economic Measures Order.

Previously, FINTRAC, by way of policy interpretation, distinguished PSPs that transfer funds for the purposes of utility payments, payroll and commission services, mortgage and rent payment services, and certain tuition payment services from MSBs and foreign MSBs, noting that their function is payment processing, and the transfer of funds is a “corollary of their actual service” as opposed to transmitting funds “for the sake of the service”, like an MSB or a foreign MSB. FINTRAC has now reversed this policy interpretation. FINTRAC has also changed its position on the exclusion of businesses that provide merchant services for the purchase of goods and services (i.e., providing settlements directly to merchants on behalf of the merchant’s customers) from the scope of the PCMLTFA. Accordingly, PSPs that carry out these activities are now subject to the PCMLTFA requirements applicable to MSBs or foreign MSBs. FINTRAC has also removed exemptions applicable to MSBs and foreign MSBs for the transfer of funds by way of credit, debit and prepaid products (other than in respect of financial entities and casinos).

Office of the Privacy Commissioner of Canada (OPC)

The OPC administers the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA applies to federal and provincial businesses in respect of personal information collected, used or disclosed in the course of commercial activity, and to the personal information of employees of federal works, undertakings or businesses (such as banks). PIPEDA has extra-territorial jurisdiction to the extent that a foreign organisation is handling personal information of Canadians or within Canada. PIPEDA may not apply to certain organisations that process personal information entirely within Alberta, British Columbia, and Québec, which have substantially similar provincial privacy laws.

PIPEDA incorporates the 10 fair information processing principles contained in the Canadian Standards Association’s Model Code for the Protection of Personal Information. Among these is the core principle that an individual’s knowledge and consent are required for the collection, use or disclosure of personal information, except where this knowledge and consent are inappropriate (such as to comply with court orders or FINTRAC reporting requirements or investigate financial abuse).

The OPC can audit organisations to ensure that they comply with the legislation’s requirements. Individuals can file complaints for investigation by the OPC and have the right to apply to court for a hearing and remedies, which may include an award of damages and an order for the business to change its practices. Obstructing the Privacy Commissioner’s audit or investigation is an offence punishable by a fine of up to C$100,000.

Organisations subject to PIPEDA or Alberta or Québec privacy laws must notify the regulator and affected individuals of breaches of personal information that create a “real risk of significant harm” to an individual. Organisations must keep internal records of all privacy breaches (even those not reported) for two years to facilitate regulatory audits and the identification of systemic privacy flaws. Non-compliance with breach reporting obligations can result in fines of up to C$100,000.

The federal government introduced Bill C11, the Digital Charter Implementation Act, 2020, into Parliament in 2020. The Bill was not passed owing to an intervening election, but is expected to be re-introduced in 2022 and passed in 2023. Bill C11 proposes to replace PIPEDA with the Consumer Privacy Protection Act (CPPA) and create a new administrative tribunal, the Personal Information and Data Protection Tribunal. Among other changes, CPPA proposes to: (a) impose algorithmic transparency requirements; (b) introduce new data subject rights, including the right to data portability (this right aligns with ongoing Canadian consumer-directed finance proposals such as open banking); and (c) expand the OPC’s powers, including the ability to impose mandatory orders and to recommend that the Tribunal impose financial penalties of up to C$10 million or 3% of an organisation’s gross global annual revenue for contravention of certain data use and security provisions.

Additionally, in 2021, the federal government announced that it intends to move forward with plans to create a new federal Data Commissioner. While this role is not yet in place, the proposed Data Commissioner’s mandate will be to “inform government and business approaches to data-driven issues to help protect people’s personal data and to encourage innovation in the digital marketplace”.

The Québec government reformed its provincial privacy laws in 2021, ushering in significant changes over a three-year period. The Québec law will require more transparency, including with respect to automated decision-making, prohibit bundling privacy consents with other terms of service, offer consumers additional rights to information and data portability, and empower the Commission d’Acces à l’Information to impose fines of up to C$25 million or 4% of worldwide annual turnover. The Québec regulator has signalled an intent to enforce this law against any company processing personal information of Québec residents or within Québec, even where the OPC may also have jurisdiction over national or international operations.

Provincial regulators

Consumer protection regulators

Provincial agencies or administrative bodies responsible for consumer protection oversee the market conduct obligations of provincially incorporated businesses, including provincially regulated financial institutions/services such as mortgage brokering activities, credit unions, and payday lenders. In a 2014 decision, Canada’s Supreme Court ruled that Québec’s consumer protection legislation is applicable to federally regulated institutions unless a conflict existed between provincial legislation and federal legislation, in which case federal legislation would have primacy. This gives the provinces leeway to impose consumer protection requirements on federally regulated institutions as long as such requirements conflict with neither the federal legislation nor the purpose of such (it was previously believed that federally regulated institutions were exempted from such requirements).

Provincial regulators have similar investigative and enforcement tools with which to respond to consumer complaints. Depending on their activities, fintechs are subject to provincial consumer protection law requirements such as provisions in respect of payment card fees, expiry dates and disclosures for open-loop, closed-loop and gift cards, as well as rules with respect to contracts not made in person (e.g., internet contracts).

Enforcement tends to aim at the resolution of complaints but can include compliance orders, fines, and prosecution.

Securities

Provincial securities commissions regulate the securities markets with a focus on investor protections and ensuring efficient markets and contributing to the stability of the financial system and reducing systemic risk. The securities commissions oversee securities trading, registration requirements for participants, continuous disclosure requirements, and enforcement of securities legislation and rules. Self-regulatory organisations also play a role in securities regulation. The Investment Industry Regulatory Organization of Canada (IIROC), overseeing investment dealers, and the Mutual Fund Dealers Association of Canada (MFDA), regulating mutual fund dealers, are two examples (a merger of these two organisations is anticipated later in 2022).

Canadian securities regulators have identified as a priority the need to develop and maintain a responsive and aligned regulatory framework to address fintech and other market innovation, while recognising potential benefits and economic opportunities for Canadian businesses that may come from innovation and disruption in the financial services industry. To date, Canadian securities regulators have applied the existing securities regulatory framework to these innovative products and services rather than providing blanket exemptions or exclusions. For example, in 2021, the Canadian securities regulators have taken a number of steps to highlight the risks associated with crypto assets, asserting their oversight of crypto asset trading platforms to bring crypto firms engaging in dealer or marketplace activities into compliance with securities laws. This recent work has included developing tailored regulatory approaches to domestic platforms and service providers (e.g., custodians) and taking enforcement action against unregistered foreign entities.

Fintech businesses have been encouraged to engage with staff of the Canadian securities regulators through a “regulatory sandbox” to discuss novel products and services, the anticipated treatment under applicable securities laws, and to obtain any required approvals and/or exemptive relief to operate in Canada. Areas where new business models have obtained securities regulatory clearances include peer-to-peer lending platforms, startup and venture introduction and capital raising platforms, and online advisory services. Notably, the Canadian securities regulators have also permitted the establishment of exchange-traded funds that invest in bitcoin and other cryptocurrencies, while adopting a restrictive approach to retail distribution of more speculative tokens or initial coin offerings (where compliance with prospectus and dealer/advisor registration requirements is mandated on the basis that these instruments are properly characterised as securities).

The regulatory sandbox is also available for discussions with regtech services providers developing solutions that support regulated entities in the financial services industry (including regulatory monitoring, reporting and compliance services), although these services would not be subject to the oversight of Canadian securities regulators. In 2022, the Ontario Securities Commission announced the launch of its TestLab program, where businesses will test solutions to support registered firms (including product comparison, client onboarding, portfolio analytics and assessment tools leveraging behavioural science, IA and automation).

Regulatory technology

Insurance

After a slow start in Canada, InsureTech is starting to advance in both the Property and Casualty and Life and Health insurance sectors. From underwriting and acquisition, to claims and administration, all aspects of the businesses of each sector are impacted. That said, in 2019, only 12.2% of property and casualty insurers sold insurance through digital channels and only 1.3% of all property and casualty insurance policies were sold online. In 2020, the percentage of property and casualty insurers selling products through digital channels increased to 18.4%. In 2019, 46% of life and health insurers sold insurance online with only 1% of policy sales completed online, while in 2020 the percentage of health insurer selling online decreased to 43.10%⁸.

The regulation of insurance in Canada is a matter of shared jurisdiction between the provinces and territories and the federal government. Market conduct and regulatory matters most germane to InsureTech fall to provincial/territorial regulation. This has resulted in a lack of harmonisation across the country in the rules applicable to InsureTech. By way of example, something as simple as the electronic proof of automobile insurance is not uniformly accepted across the country, with the majority, but not all, of the provinces having adopted measures to allow drivers to provide electronic proof of insurance on devices such as their smartphones.

Most notably, L’Autorité des marchés financiers (the AMF), Québec’s financial market regulator, adopted the Regulation respecting Alternative Distribution Methods. The regulation, which came into effect in June 2019, is intended to clarify the rules applicable to insurers and intermediaries selling insurance through digital means. The regulation also requires online aggregators and comparison-shopping sites to become licensed as insurance intermediaries under most circumstances. The regulation is unlike any other presently in effect in Canada. While intended to support innovation and new distribution approaches, the regulation is prescriptive and rule-based, with significant implications for website and application architecture. The effect has been a retreat of some online and digital insurance offerings previously available in this province. In February 2022, the AMF undertook a consultation on the impacts of the regulation on industry members since its coming into force, with a focus on legal, technological, and regulatory aspects. The consultation has now closed.

In 2019 the Province of British Columbia enacted amendments to its Financial Institutions Act. These amendments, among other things, allow the BC regulator to make rules regarding insurance issued through “electronic agents”. In June 2020, the Financial Services Authority Rule-Making Procedure Regulation was introduced, which establishes the framework through which the BC Financial Services Authority can publish rules under its rule-making powers. Those rules have not yet been released for public consultation and it is unclear if they will align with the regulation that has been adopted in Québec.

The principles for the “Fair Treatment of Customers”⁹ remain the primary stated concern of market conduct regulators across the country. The regulatory expectations are that both insurers and intermediaries must embed into their operations and cultures principles for the fair treatment of customers¹⁰. These principles must be applied before a contract is entered into and through to the point at which all obligations under the contract have been satisfied. While these are the stated regulatory expectations, no specific laws or regulations have been adopted to explicitly incorporate the core principles into enforceable and clearly articulated requirements although the BC Regulator has announced that a code of conduct for insurance intermediaries will be adopted in province.

Expectations about the Fair Treatment of Customers applies to both InsureTech and traditional approaches and channels. In April 2022, the Financial Services Regulatory Authority of Ontario (FSRA) initiated a consultation to adopt principles of conduct for those who sell, distribute or service property, casualty and life, and health insurance.

In April 2022, the Canadian Insurance Services Regulatory Organizations concluded its consultation and published the Principles of Conduct for Insurance Intermediaries¹¹. These Principles, which are intended to supplement the fair treatment of customer principles, reflect the minimum regulatory conduct standards that are common across Canada regarding the fair treatment of customers, while recognising that each jurisdiction has its own regulatory approach for the conduct of business. The principles apply to adjusters, agents, brokers and representatives, as well as business entities that distribute insurance products and services, including managing general agencies and third-party administrators, and apply to all distribution methods, including over the internet.

Digital identity

In 2021, the Digital ID and Authentication Council of Canada launched the PanCanadian Trust Framework (PCTF), a set of digital ID and authentication industry standards that will define how digital ID will roll out across Canada. While not yet in force, the PCTF Voila Verified Trustmark Assurance Program is expected to launch in late 2022.

In 2021, the Ontario and Saskatchewan governments had also announced plans to roll out an optional digital ID for business and individuals, but neither province has advanced these initiatives toward launch.

Provincial developments

Alberta

On March 30, 2022, the Government of Alberta introduced Bill 13, the Financial Innovation Act. If passed, Bill 13 will establish a regulatory sandbox for financial services and fintech companies in Alberta. Approved companies would receive a certificate of acceptance, allowing them to test products or services while being temporarily exempt from some laws and regulations¹². To participate in the proposed scheme, among other requirements, applicants must maintain a physical presence in Alberta.

Ontario

In 2020, FSRA established the Innovation Office to enable and support innovation across the Ontario financial services sector. In January 2022, FSRA released its final Innovation Framework and issued the Test and Learn Environment (TLE) Guidance¹³. The Innovation Framework sets out FSRA’s strategy on working with both regulated and non-regulated entities to support innovation. Through a TLE, innovators can test their novel financial services solutions/business models and evaluate the commercial viability of an innovation under either an exemption from certain regulatory requirements or conditional streamlined licensing. The TLE Guidance¹⁴ sets out a mechanism to validate and assess new financial services products, services or business models before they are introduced to the Ontario market. The Guidance applies to property and casualty insurance, life insurance, credit unions and caisses populaires, loan and trust companies, mortgage brokers, health service providers as they relate to auto insurance, and to financial planners and advisors. The Guidance will remain open for consultation through 2022.

Federal developments

Recognising the imperative for a modern payment system that is fast, flexible, secure and promotes innovation, the federal government and Payments Canada are currently leading four significant initiatives which will further accelerate the growth of the Canadian fintech ecosystem.

Bank Act amendments to promote innovation

As part of the 2018 Federal Budget, the Bank Act (Canada), Insurance Companies Act (Canada) and Trust and Loan Companies Act (Canada) were amended to support innovation and competition in the Canadian financial sector.

These amendments will provide Canadian federal financial institutions with broad new powers to: provide referrals of their customers to fintechs; engage in collecting, manipulating and transmitting information, as well as to engage in a broad range of technology-related activities without any regulatory approval (subject to potential restrictions in regulations); commercialise activities developed in-house and provide them to third parties (subject to potential restrictions in regulations); and invest in entities, a “majority” of whose activities consist of financial services activities that a financial institution is permitted to carry on (subject to new regulations that will define the meaning of majority and may impose other restrictions).

We note that while these amendments have been passed, they will not come into force until accompanying regulations are published. As of the time of writing, drafts of those regulations have not yet been published.

Open banking

With over 4 million Canadians currently using screen-scraping, an online data transfer method to manage their finances, the federal government recognises that open banking is here to stay and is currently developing its open banking framework¹⁵ In 2018, the Minister of Finance appointed the Advisory Committee on Open Banking (Committee) to review the merits of open banking. In August 2021, the Minister of Finance released the Committee’s final report and made several ambitious recommendations, including meeting a January 2023 target date for the implementation of the first phase of the proposed open banking implementation plan.

The Committee recommended that the government implement a hybrid, made-in-Canada approach which recognises the important and distinct roles of government and industry. Under this hybrid approach, the government will establish the policy objectives, oversee the consultation process, set the framework and timelines, while the industry will manage the implementation and administration of the system.

The proposed open banking system will have the following core elements: common rules for all participants; an accreditation framework for third-party service providers to enter the system; and technical specifications to ensure data security. A separate governance entity to oversee the open banking system will be established following the initial 18-month period.

All federally regulated banks should be required to participate in the first phase of open banking in Canada, whereas provincially regulated financial institutions will be given the opportunity to participate voluntarily. Other entities should be permitted to participate after they meet accreditation criteria.

The Committee suggested a two-staged open banking implementation plan: 1) an initial low-risk open banking system to be designed and implemented by January 2023; and followed by 2) a period of ongoing evolution and administration of the system.

To meet the January 2023 target date, the initial system build would be limited to consumer-provided data (but not derivative data), and read access functionalities, but would also allow for the scope to be expanded to include new types of data and, potentially riskier functionalities, such as write access functions, as the open banking system evolves.

To achieve this ambitious date, the Department of Finance appointed on March 23, 2022 Abraham Tachjian as Canada’s Open Banking lead responsible for overseeing the implementation of Canada’s Open Banking regime. Mr. Tachjian confirmed in speaking engagements that he plans on meeting the aggressive timelines proposed by the Committee.

Payments modernisation

Established by the Canadian Payments Act (the CPA) in 1980, Payments Canada is a non-profit organisation funded by banks and other deposit-taking institutions. Its legislated mandate includes the following objectives:

• Establish and operate national systems for the clearing and settlement of payments and other arrangements for the making or exchange of payments.
• Facilitate the interaction of its clearing and settlement systems and related arrangements with other systems or arrangements involved in the exchange, clearing or settlement of payments.
• Facilitate the development of new payment methods and technologies.

The CPA also authorises Payments Canada to set rules for the daily operations of participants in its national clearing and settlement systems. The Minister of Finance is granted a range of powers, including to issue directives to make, amend or repeal a bylaw, rule, or standard.

Payments Canada is in the midst of a multi-year modernisation programme to ensure that Canada’s payment infrastructure is equipped to support innovation, the economy and Canada’s global position. Payments Canada’s Modernization Plan focuses on three deliverables.

Retail batch payments

In 2020, Payments Canada completed the upgrades to Canada’s existing retail batch system, the ACSS and the U.S. Bulk Exchange, which runs parallel to the ACSS. The work included refreshing existing functionalities and business processes and introduced new and efficient capabilities, such as:

• data-rich payments to streamline reconciliation and enable straight-through processing;
• the ability to exchange same-day batch payments, which introduces new business opportunities;
• increased automation and improved risk management;
• the ability to make last-minute, time-sensitive payments;
• more frequent daily exchanges, meaning faster funds availability; and
• the introduction of a third daily exchange window, increasing convenience for Western Canada.

High-Value Payments System (LYNX)

In September 2021, Lynx replaced the Large Value Transfer System (LVTS) as Canada’s high-value payment system. A real-time gross settlement system LYNX enables the use of the data-rich ISO 20022 messaging standard and includes an enhanced risk model to comply with Canadian and international risk standards.

A second release of the system is planned for late 2022 and will enable the ISO 20022 messaging standard. This will support Canadian financial institutions in meeting SWIFT ISO 20022 global requirements in November 2022.

Introduction of a new Real-Time Payments System (RTR)

Operated by Payments Canada and to be regulated by the BOC, Canada’s new RTR to be launched in 2023 will allow Canadians to initiate payments and receive irrevocable funds in seconds at any time. In March 2021, Payments Canada selected Interac Corp. as the exchange solution provider for the RTR.

The RTR will have two main components: the RTR Exchange; and the RTR Clearing and Settlement. The RTR Exchange will facilitate the real-time exchange of payment messages, while the RTR Clearing and Settlement will perform the real-time clearing and settlement of transactions. The RTR will provide for immediate benefits, including:

• 24/7/365 availability;
• real-time message exchange, where payment and transaction processing and settlement will be fully completed within seconds;
• immediate payment finality for payors and payees; and
• support for the ISO 20022 messaging standard.

The ISO 20022 messaging standard which became available in early 2022 represents an opportunity for payment service providers (PSPs) to better understand user behaviour through data analytics, implement safeguards against potentially fraudulent behaviour (through more robust fraud detection algorithms), and develop new customer-facing services or products that are responsive to customer needs. For now, direct participation in the RTR will be available only to financial institutions and members of Payments Canada.

However, the Department of Finance has proposed to expand the scope of membership to include PSPs, but only after the implementation of the new regulatory regime for payments service providers which is examined below.

Regulatory regime for PSPs

In June 2021, the federal Retail Payments Activities Act (RPAA) which establishes the legal framework for the BOC to supervise retail payment providers, including its scope and powers was approved by Parliament. Regulations are expected later in 2022.

The BOC, who will take on the role of regulator, will oversee “any retail payment activity that is performed by a payment service provider” with a place of business in Canada or by a PSP outside of Canada but which directs retail payment activities for a Canadian end user (natural persons and businesses). A “retail payment activity” is defined as a “payment function” that is performed in relation to an electronic funds transfer made in Canadian currency or the currency of another country or using a unit that meets prescribed criteria. A “payment function” refers to:

• the provision or maintenance of an account that, in relation to an “electronic funds transfer, is made on behalf of end users;
• the holding of funds on behalf of end users until they are withdrawn or transferred to another individual or entity;
• the initiation of an “electronic funds transfer” at the request of an end user;
• the authorisation of an “electronic funds transfer” or the transmission, reception or facilitation of an instruction in relation to an “electronic funds transfer”; or
• the provision of clearing or settlement services.

Equally as key as to whom the RPAA applies, is who is specifically excluded from its application:

• regulated entities such as federally or provincial regulated entities, provincial governments that accept deposits, the BOC and the Canadian Payments Association;
• certain classes of closed-loop, stored-value and prepaid cards;
• cash withdrawals from ATMs;
• agents and mandataries of PSPs; and
• electronic funds transfers that are made for the purpose of giving effect to an eligible financial contract such a derivatives and securities lending agreements.

Where the RPAA applies, PSPs must register with the BOC before engaging in retail payments activities, and provide prescribed information including details on the scope of their business and the services they plan on providing, the number of end users, the safeguard mechanisms for any funds held on behalf of users, a declaration as to whether it is registered with FINTRAC, and details on their mandatory operational risk and incident response framework.

PSP applications may be rejected for national security reasons if they are incomplete or contain false or misleading information or if a PSP is not registered as an MSB under the PCMLTFA.

The BOC is developing a framework for PSPs that meet the following five major requirements under the Act:

1. Registration: PSPs will need to register with the BOK before performing any retail payment activities. The BOC will maintain a public registry of all regulated PSPs as well as a list of those whose registration has been refused or revoke registration.
2. Mitigation of operational risk: PSPs will be required to establish, implement and maintain a risk management and incident response framework to identify and mitigate operational risks and to respond to incidents. PSPs will be expected to notify affected parties and the BOC If a material adverse operational incident occurs which results or is expected to result in the reduction, deterioration or breakdown of any retail payment activity.
3. Safeguarding end user funds: Where the PSP holds end user funds, it will be required to hold such funds in a segregated trust account or an account that is solely used for that purpose and that is insured or guaranteed.
4. Reporting: PSPs will be required to provide various reports to the BOC, including prior notification where a change or a new service is expected to have a material impact on operational risk or how end user funds are safeguarded.
5. Fee payment: PSPs will need to pay a registration application fee as well as an annual assessment fee to recover expenses related to the BOC’s supervisory role.

The RPAA also provides the BOC with a range of enforcement tools to verify and encourage compliance, including administrative and monetary penalties up to a maximum of C$10 million. Since a PSP will be responsible for the acts committed by its employees and its third-party service providers, it will be crucial that the PSP establishes the appropriate oversight mechanisms to address these risks.

Canadian Central Bank Digital Currency

In response to the rising popularity of digital tokens or cryptocurrencies, like many central banks, the BOC has been working with industry and academia to design a Central Bank Digital Currency (CBDC) as a protective measure against decentralised technologies that challenge the traditional monetary policy transmission systems¹⁶. The BOC is well into the development process of a CBDC and is exploring the challenges and opportunities of CBDCs, but sees no rush in implementing one anytime soon. The BOC has identified safety, universal accessibility, privacy, resilience, competition and efficiency, and monetary sovereignty as important policy considerations¹⁷. The BOC issued a policy note in 2020 discussing the spectrum of CBDC privacy concerns and some potential solutions¹⁸.

In March 2022, the BOC and the Massachusetts Institute of Technology (MIT) announced they would collaborate on a 12-month research project on CBDCs to explore how advanced technologies could affect the potential design of a CBDC, building on the MIT’s Media Lab Digital Currency Initiative ongoing research into CBDC. The project forms part of the Bank’s wider research and development agenda on digital currencies and fintech. It will focus on exploring and experimenting with potential technology approaches to determine how a CBDC could work.

In addition, the 2022 Federal Budget announced the government’s intention to launch a financial sector legislative review, which, among other things, will examine the potential need for a CBDC in Canada. While the BOC continues to explore the potential design of a CBDC in Canada, no decision has been made on its introduction¹⁹.

In order to implement a CBDC, the BOC, as well as other central banks, must seek legislative amendments to current laws and regulation. Even if a digital banknote is a “banknote” that may be issued by a central bank under its note-issuing power²⁰, legislation and regulation as to distribution and transfers must be passed, defining the roles of commercial banks in the process. Legal tender legislation must also be reviewed. The International Monetary Fund has affirmed the importance of properly legislating the necessary domestic legal reforms to issue CBDCs in order to establish strong legal foundations, ensuring the continued integrity of monetary law and policies²¹.

The Bank of International Settlement recommends²² that CBDCs would best function in a system where central banks and the private sector collaborate, which will encourage commercial banks, credit companies, and digital payment processors to work in partnership with central banks and governments in designing Canada’s digital economic future²³. Aligned with this recommendation, the BOC will work closely with stakeholders, including the private sector, to help inform the design of Canada’s CBDC.