Skip to content

Canada 2024 Federal Budget paves the way for Open Banking

By Kevin Landry

On April 15, 2024, the Canadian federal budget was released. Connected to the budget was an explanation of the framework for Canada’s proposed implementation of Open Banking (sometimes called consumer-driven banking).

This follows several other recent developments in the fintech and payments space in Canada, such as the Retail Payment Activities Regulations, and the Retail Payments Activities Act.[1]

Background

In March 2022, the Federal Government named Abraham Tachjian as the Open Banking lead, and was mandated to develop a “made in Canada” regime based on the recommendations in the final report of the Advisory Committee on Open Banking.

 

What was revealed about the expected open banking framework?

Governance

The Financial Consumer Agency of Canada (“FCAC”) will have an expanded mandate that includes oversight of Open Banking and responsibility for establishing foundational framework elements. The Department of Finance will retain its role in respect of policy and legislative or regulatory development.

Next steps- legislation

The government will introduce one or more pieces of legislation in spring of 2024 to implement the Open Banking framework. These statutes are expected to outline key elements, such as governance, scope, criteria, and process for the technical standard. Remaining elements of the framework will be legislated in fall of 2024.

Framework rules are expected to avoid creating duplicative or potentially conflicting requirements with existing legislation.

Multi-stage implementation

In the initial phase of implementation, the government will mandate participation for Canada’s largest banks and allow opt-in participation for other financial institutions desiring to participate (such as fintechs) and provincially regulated organizations like credit unions.

What data can be shared?

Data related to chequing and savings accounts operations, investment products available through their online portals, and lending products – such as credit cards, lines of credit, and mortgages – will be shareable in the initial phase.

Importantly for many participants, data that has been materially enhanced such that it offers the participant “significant additional value or insight” will not be required to be shared, which will protect many participants’ market advantage.

Standing prohibitions on the sharing of customer information for the business of insurance will remain in force.

How will data be shared?

Once allowed to access the framework, all accredited participants, when authorized by a consumer, are required to share consumers in-scope data in its unaltered, original format, free of charge, with other participants. This will be a requirement for continued participation in the framework.

Accreditation

The framework will set out specific criteria for data requestors to access consumer financial data. A list of all authorized participants will be publicly available in a central registry for transparency.

Participants will need to apply to the FCAC with information on their organization, operational standards, and financial capacity. Mandatory reporting of key information will be required to maintain accreditation.

Privacy

Although participants in the framework will continue to be required to comply with existing privacy legislation, additional privacy rules for financial data sharing will be introduced.

Some interesting features outlined in the disclosure are that participants will be required to “reconfirm” consent from consumers at regular intervals, and provide dashboards to ensure consumers have real-time knowledge of who has access to their data; the type of data they share; the accounts where the data is collected; what consents are granted and how to revoke them.

Liability to flow with the data

The framework establishes a statutory relationship between participants, eliminating the need for cumbersome bilateral contracts between participants for data sharing.

This expected liability structure will move liability with the data and place it with the party who is in control of the data, if anything goes wrong.

Any data provider’s liability toward a consumer for how the data is managed or protected ceases once it leaves the institution but the data provider maintains liability toward the consumer for data under its control.

Security

The legislation will establish the baseline security requirements for all participants to protect consumer data. Participants will also be required to complete ongoing reporting obligations and surveillance audits.

National security and the integrity of the financial system

The Minister of Finance will have authorities to refuse, suspend, or revoke access to the framework for national security-related reasons.

Single technical standard

Open Banking will move Canada’s fintech sector away from screen scraping to the use of application programming interfaces (APIs), enabling different products and services to communicate in a consistent manner.

To align with international best practices, the government will mandate the use of a single technical standard.


This update is intended for general information only. If you have questions about the above, please contact the author(s) to discuss your needs for specific legal advice relating to the particular circumstances of your situation.

Click here to subscribe to Stewart McKelvey Thought Leadership.


[1] Stewart McKelvey had previously written about these herehere and here

 

SHARE

Archive

Search Archive


 
 

Client Update: To B or Not To B? Potential Changes to PEI Auto Insurance

June 28, 2013

Significant changes may be coming to the standard automobile policy in PEI, including increases to the accident benefits available under Section B and an increase to the so-called “cap” applicable to claims for minor personal…

Read More

Client Update: Special Project Orders the next milestone for Muskrat Falls progress

June 21, 2013

On June 17, 2013, pursuant to the recently amended Section 70 of the Labour Relations Act for Newfoundland and Labrador (“NL”), the Government of Newfoundland and Labrador issued three Special Project Orders (“SPOs”) in respect of the…

Read More

Client Update: Hold your breath, SCC rules on random alcohol testing

June 17, 2013

On June 14, 2013, the Supreme Court of Canada (“the Court”) released the decision that employers across the country were waiting for. In CEP Local 30 v. Irving Pulp & Paper Ltd., 2013 SCC 34, a…

Read More

Client Update: Newfoundland and Labrador Aboriginal Consultation Policy

June 14, 2013

The Government of Newfoundland and Labrador (“NL”) has recently released its “Aboriginal Consultation Policy on Land and Resource Development Decisions” (the “Policy”). A copy of the Policy can be accessed here. This new Policy is the…

Read More

Spring 2013 Labour & Employment Atlantic Canada Legislative Update

June 11, 2013

The following is a province-by-province update of legislation from a busy 2013 spring session in Atlantic Canada. Watching these developments, we know the new legislation that has passed or could soon pass, will impact our…

Read More

Client Update: Jury Duty – Time to Think Twice

June 6, 2013

The integrity of the jury system has become a pressing topic for our courts of late, with articles about jury duty frequently appearing front and centre in the press. The recent message from the Nova…

Read More

Doing Business in Atlantic Canada (Summer 2013)(Canadian Lawyer magazine supplement)

June 2, 2013

IN THIS ISSUE: Cloud computing: House to navigate risky skies by Daniela Bassan and Michelle Chai Growing a startup by Clarence Bennett, Twila Reid and Nicholas Russon Knowing the lay of the land – Aboriginal rights and land claims in Labrador by Colm St. Roch Seviour and Steve Scruton Download…

Read More

Client Update: The Personal Health Information Act (PHIA) is coming…..

May 27, 2013

DOES IT APPLY TO YOU? On June 1, 2013, the Personal Health Information Act (PHIA) comes into force in Nova Scotia.  If you are involved in health care in Nova Scotia, you need to know whether PHIA…

Read More

Atlantic Employers’ Counsel – Spring 2013

May 22, 2013

EDITOR’S COMMENT This edition of Atlantic Employers’ Counsel focuses on key areas of employment standards in Atlantic Canada. Employment standards legislation outlines the rights and obligations of employees and requirements that apply to employers in…

Read More

Client Update: Nova Scotia New tort of cyberbullying

May 17, 2013

NEW TORT OF CYBERBULLYING On May 10, 2013 the Nova Scotia legislature passed the Cyber-safety Act (Bill 61). When this bill comes into force, it will give rise to a new tort of cyberbullying that…

Read More

Search Archive


Scroll To Top