.svg)
One year after Canada introduced new legislation for retail payment activities, the central bank has set out how it plans to supervise payment service providers (PSPs).
Earlier this month, the Bank of Canada (BOC) announced a framework for retail payments supervision. The supervisory framework provides details about how BOC will determine if PSPs comply with the regulatory requirements, promote compliance and monitor trends in the payment system.
The framework has been developed in accordance with Canada’s Retail Payment Activities Act 2021 (RPAA), which for the first time created specific rules for Canadian PSPs and brought them under the regulatory purview of the BOC.
The publication outlines the registration process and establishes that domestic and foreign PSPs that perform retail payment activities for an end user in Canada must register with the central bank.
As part of the risk-monitoring supervisory activity, the BOC will assess payment firms’ operational risk management and incident response framework and ensure that end-user funds are safeguarded.
However, the BOC’s authority does not cover all aspects of risk. For example, policies aimed at preventing market failure or insolvency are outside the scope of BOC supervision. In addition, customer complaints regarding fees or other issues related to the fair treatment of customers sit outside its purview.
In scope
The framework sets out details on how the central bank intends to enforce the RPAA and details the various tools at the BOC's disposal to address non-compliance depending on the violation.
For example, in less severe cases, the BOC may decide to enter into a formal compliance agreement that lays out the terms of how the PSP should amend its conduct.
However, in more serious cases, the central bank could publish a notice of violation, which may include a penalty of up to $10m, issue a compliance order or, in the most severe cases, pursue court enforcement.
The central bank intends to implement different parts of the regulation in stages, beginning with the registration requirement in 2024 and following with risk monitoring and compliance supervision in 2025.
According to the BOC's estimates, the new rules will have an impact on more than 2,500 entities, which will come under the central bank’s regulatory supervision.
In an early November speech, Ron Morrow, BOC executive director of retail payments supervision, said the BOC will take “a risk-based approach that will focus on end-user impacts and the efficiency of payment services”.
“There is no ‘one size fits all’ methodology,” the BOC executive said.
Morrow emphasised that the BOC will establish a “common baseline of supervision” for all PSPs, but payment firms can meet its expectations using many approaches.
“Our job is to make the objective very clear. And then PSPs can focus on reaching the destination, not necessarily following a prescriptive journey to get there.”
Further specifics will be provided by the forthcoming regulations, which are expected to be finalised next year, and by the BOC’s supervisory guidance, which will assist businesses to understand their obligations and the central bank’s expectations.
According to Morrow, the central bank is actively engaged with PSPs and the insight gained from market participants will be fed into the forthcoming regulatory process.
Payments modernisation
The supervisory changes are part of a holistic payment modernisation effort in Canada. Last year, the country launched Lynx, a new high-value payment system using the data-rich ISO 20022 message standard.
At the same time, it is working on a new real-time payment infrastructure and is considering legislation to enable PSPs to get direct access to the central bank payment infrastructure.
As part of the same effort, Canada is also working on an open banking framework. In March, the government chose Abraham Tachjian to lead the country’s open banking initiative and develop an accreditation framework, a common set of rules and technical standards for the open banking system.
Since then, Tachjian has set up four working groups, each one focusing on different aspects of the framework, such as accreditation, liability, privacy and security. The working groups have met numerous times since July, most recently at the end of October.
