Payments Modernization in Canada: Open Banking

The Retail Payments Activities Act (RPAA), the open banking framework, amendments to the Canada Payments Act, and the Real-Time Rail (RTR) will be introduced in the coming months and years. The timing could not be better. 

The RPAA regulates payment service providers to ensure security and compliance. It opens the payments ecosystem for new entrants just as data-sharing standards are being defined and harmonized under the open banking framework (with legislation expected in Fall 2024).  

Amendments to Canada’s Payments Act will open access to the RTR for PSPs and Fintechs. And the RTR itself will introduce fast, data-rich payments 24 hours a day, 365 days a year (expected to launch at the end of 2026). 

Each piece of the puzzle helps to build the bigger picture: a modernized Canadian payments ecosystem. 

With access to real-time data through open banking and the RTR, third-party providers can offer personalized financial services such as budgeting tools, financial advice, and instant credit assessments. The Real-Time Rail, meanwhile, is expected to boost open banking adoption and enable innovative solutions while lowering transaction costs for payment processing. 

In this article, we delve deep into a cornerstone, the consumer-driven banking framework (i.e. open banking). We explore Canada’s approach to open banking, how it will benefit Canadian consumers, businesses and the economy, and lessons that can be learned from around the world. 

 (If you’d like to learn more about the Real-Time Rail and the RPAA, read “The Real-Time Rail is coming! What can Canada learn from other payment schemes?). 

Canada’s Approach to Open Banking

Canada is taking a somewhat unique approach to open banking. Where regulation leads most regions (see: PSD2 in the EU), Canada is adopting a hybrid model that combines government-led legislative frameworks with industry-managed implementation and administration. The aim is to balance robust regulatory oversight with innovation and flexibility. 

Under the legislation, the Financial Consumer Agency of Canada (FCAC) will oversee and establish the foundations of the Open Banking Framework. The FCAA seeks to create a single technical standard for data sharing so open banking works across banks and regional borders. 

To meet key public policy objectives for a Canadian consumer-driven banking system, the Framework broadly fits into the following categories: 

• Safety and Soundness: Ensuring secure and regulated financial data sharing to maintain the stability of the financial sector.  

• Consumer Financial Well-Being and Protection: Empowering Canadians to securely access and use their financial data for better financial outcomes.  

• Economic Growth and International Competitiveness: Creating a transparent and fair accreditation framework to enhance the global competitiveness of Canada’s financial sector. 

What does Canada’s Open Banking Framework look like?

The foundations of the Open Banking Framework, as mandated for and governed by the FCAC, are formed of five parts: governance, accreditation, scope, technical standards, and common rules. 

Governance

Canada’s open banking governance outlines clear roles and responsibilities for participants and the government, as well as actions for non-compliance.  

It includes strict regulatory oversight to protect consumers and ensure transaction integrity. There are lofty standards for data security that will guard against unauthorized access and cyber threats. Consumer education initiatives will build confidence and encourage adoption, while efficient dispute management mechanisms will address grievances related to open banking.  

Accreditation

Since many third-party providers are tech companies, it’s important to validate their merit and financial capability to build consumer trust in the system. The formal accreditation process aims to set up, maintain, and oversee organizations that want to collect consumer data from data holders to do just that. 

The delegates will be expected to regularly report key information and adapt as necessary to maintain accreditation. If they don’t, or if consumer risks are identified, the FCAC could suspend or revoke the credentials. 

The accredited entities will be maintained in a central repository by FCAC for transparency.  

Scope

The implementation will follow a phased approach initially focusing on secure, consumer-permissioned data sharing. 

The scope will define the eligibility criteria, breadth of data to be shared, and functionality. This includes consumer-permissioned data-sharing requests, which will start with “read access” for the participants followed by “write access”.  

Participation will be mandatory for federally regulated banks that meet a specified retail volume threshold. There will be an opt-in option for other banks, credit unions and accredited entities.  

Data sharing, meanwhile, will include consumer-provided data, balances, transaction history, and other publicly available data. It will exclude derived data. The framework will guarantee reciprocal access for consumer-permissioned data-sharing requests. 

Technical Standards

The Open Banking Framework will outline and mandate the principles and processes to identify a technical standard.  

APIs will ensure security and interoperability with standards in other areas. (This includes the upcoming American framework overseen by the U.S. Consumer Financial Protection Bureau.) Consultations and industry engagements are in-flight for finalizing these standards.   

Common Rules

Aligning the Open Banking framework with existing legislation guarantees consistency in consumer protection and market conduct standards. (For example, the Retail Payment Activities Act (RPAA), the Financial Consumer Protection Framework (FCPF) within the Bank Act, and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act).  

The common rules focus on three areas. This first is policy, designed to standardize consent management for an extra layer of protection. This includes the provisioning of consent, consent management, reconfirmation, and revocation. 

A second area establishes a liability structure. By defining clear boundaries and processes for handling complaints, the data provider maintains liability toward the consumer for data under its control. 

National security

Finally, to safeguard customer data and interests, the Open Banking Framework lays the groundwork for security requirements. These will govern the participant’s robust information security systems to include people, processes, technology, and infrastructure that interact with the in-scope data.  

Global lessons for Canadian Banks

If there’s anything to learn from other nations, it’s that the adoption of Open banking will take time. Canada has just started. But that puts the FCAA in a good position. 

While it formalizes the consumer-driven banking framework, the FCAA can cherry-pick the best bits of legislation from other regions. 

The UK: Strong regulatory oversight

The UK is a pioneer in open banking. The government-led Open Banking Implementation Entity (OBIE) started with data sharing for checking accounts and credit cards. It has since broadened its scope to include payment initiation.  

With 9 million consumers and more than 750,000 small businesses benefiting, the UK is now looking to transition to Open Finance. 

This evolution extends the benefits of open banking principles to other sectors (including energy, telecoms, pensions, retail, mortgages, transport and insurance). A robust regulatory framework that can adapt to changing market needs and technological advancements (such as single standards for APIs) has been crucial.  

The EU: Interoperability

From the EU, Canada can find value in harmonized data standards to enable interoperability. 

The EU’s open banking framework is driven by the PSD2 regulation which defines the rules around customer authentication, third-party service providers, account information and payment initiation services. At the outset, PSD2 broadly mandated large banks and authorized entities – Account Information Service Provider (AISP) and Payment Initiation Service Provider (PISP) – to provision access for data sharing and payment initiation services. But it fell short of prescribing a harmonized API standard. 

Like the UK, Europe realized the benefits of open banking and is now considering moving the needle further, driving the transition into open finance. The EU’s proposed Financial Data Access (FIDA) framework will require financial institutions to share a broad set of customer data with authorized entities.  

The EU’s approach shows the challenges of varied data standards and the need for a harmonized API standard. Seamless interoperability across different banks and financial institutions is critical for its long-term success. 

Australia: Consumer trust

Australia’s phased implementation and focus on consumer education proves the power of a gradual expansion. 

Australia’s Open Banking regime is built on the Consumer Data Right (CDR) legislation, a government-led, multi-industry initiative adopted in phases. It began with the banking sector and is now set to include the energy and telecommunications sectors.  

For banking, the initiative started with data sharing related to retail banking products. It then gradually incorporated mortgages and now covers a comprehensive range of banking services (including business lending, asset financing, and trust accounts, encompassing both individual and non-individual customers).  

The focus remains solely on data sharing, with no provisions for payment initiation. Yet Australia’s experience underscores the complexity of regulatory rules, the high cost of accreditation for accredited data recipients (ADRs), and the essential need for extensive consumer education to build trust and drive adoption. 

United States: Consistency

The US has just embarked on its open banking journey. With the introduction of the Personal Financial Data Rights Rule, banks and other payment firms must share transaction and account data with customers and authorized third parties. This implies a regulatory nudge in a (largely) industry-driven market. 

With no roadmap in site for the adoption of a formal open banking framework in the US, several financial institutions including Citibank, Wells Fargo, BBVA are currently providing access to proprietary APIs for vetted third parties, as a means to exchange banking data securely. 

The US scenario underscores the potential drawbacks of a lack of regulatory push, including fragmented standards and inconsistent consumer experiences.  There are also concerns around privacy, security, and use of personal data, reflecting a lack of customer education and awareness.  

The key takeaways for Canadian banks

Canada has an opportunity to leverage the experience of other regions to create a robust Open banking framework. While it has already done a fantastic job of addressing many issues faced by early adopters, there is still some room for being prescriptive in certain areas such as liability. 

At the same time, banks need to create an open-banking-enabled ecosystem for it to thrive. This will require big changes to the bank’s infrastructure and talent pool. Refurbishing legacy infrastructure to support new technologies such as APIs and upgrading the talent pool in APIs and AI will be challenging and time-consuming. 

Data is also a large part of the equation. Banks should think beyond data collection and look at leveraging AI and machine learning capabilities to analyze the incoming data. They must avoid becoming mere data pipelines and should strategically build comprehensive business models for monetizing data.  

Identifying relevant use cases targeted towards different client segments will be crucial for commercial success. In instant payments, Earned Wage Access schemes are helping to drive adoption by offering daily access to pay for low-income workers. By finding the equivalent for Open Banking, banks can enhance customer satisfaction, foster loyalty, and drive revenue growth. 

Finally, banks must evaluate their data and API strategies. They must focus on value creation through building internal capabilities or defining their Partnership and Acquisition strategies. They should consider their role within the evolving ecosystem and decide if they want to act as orchestrators or become an embedded participant in others’ ecosystems.  

I’m a Canadian bank, how can I prepare for the future of payments?

With the final elements of the open banking framework expected at the end of 2024 and the Real-Time Rail launching in 18 months, Canadian banks have a lot on their plate. The opportunity now is to learn from other markets. 

At RedCompass Labs, we are global payments modernization experts. We’ve helped some of the biggest banks on the planet embrace the future of payments. If you’d like to discuss your bank’s requirements, reach out to the team today.