If your company is a fintech operating or hoping to operate in Canada with a business model that offers financial products, you should be aware that Canada’s federal government has announced its intention to enact legislation that could apply to your organization.
This impending legislation is the Consumer-Driven Banking Act (CDBA), and it will set the foundation for a framework that enables consumers and small businesses to securely transfer their financial data through an API to approved service providers of their choice.
The framework for consumer-driven banking—a.k.a. “open banking”—includes six core elements, all of which will play into whether your organization is subject to the framework, and what obligations could apply. These obligations will come in two phases because the CBDA will be enacted in two pieces—the first, expected in H1 2024 will implement elements including governance, scope and a technical standard. The remaining elements are expected to be legislated in the fall of 2024.
The table below gives a high-level snapshot of the core elements of the framework as introduced in the Government’s policy statement: Budget 2024: Canada’s Consumer-Driven Banking Framework1. Note: the CDBA has not yet become law and could yet change. Further, the Government’s policy statement makes clear that the development of Canada’s Consumer-Driven Banking Framework will be an iterative process and may evolve significantly over time. Lastly, the table is not exhaustive and does not constitute and should not be relied upon as legal advice.
If you have any questions about the information in this blog post or require legal advice, please contact Matt Flynn.
Canada’s Consumer-Driven Banking Framework |
|
Core Framework Element |
Fintech Obligations/Considerations |
Governance: Oversight and management of the framework |
|
Scope: What entities can participate Data that must be shared Functionality, such as read or write access |
|
Accreditation: Requirements and process for participating in consumer-driven banking |
|
Common Rules: To protect consumers and govern privacy, liability, security |
Privacy:
Liability:
Security:
|
National Security: Safeguards to protect the integrity and security of the consumer-driven banking framework and financial system |
|
Single Technical Standard: Establishment, maintenance, and oversight of a technical standard flow of data between consumers and the financial tools of their choice |
|
1 https://www.canada.ca/en/department-finance/programs/financial-sector-policy/open-banking-implementation/2023-fes-policy-statement-consumer-driven-banking.html
2 The framework will apply to in-scope fintechs that opt into the framework. The government will mandate participation for banks that meet a specified threshold for retail volume. This threshold will scope-in Canada’s largest retail banks. The remaining federally regulated financial institutions, as well as credit unions, Crown corporations acting as banks, and other entities seeking accreditation, will be provided the ability to opt-in.