Fintech in Canada Q1 2024As we highlighted in our last quarterly Fintech update in 2023, a new regulatory framework under the Retail Payments Activities Act (RPAA) will soon affect all retail payment service providers (PSPs) doing business in Canada. PSPs will be able to register with the Bank of Canada from November 1 to 15, 2024, with compliance obligations to take effect in 2025. The Bank of Canada recently released draft supervisory guidelines to help PSPs understand those compliance obligations (copies of which can be found on the Bank of Canada's website). The following drafts are open for public comment until May 21, 2024:
Proposed Amendments to Public Crypto Asset FundsOn January 18, 2024, the Canadian Securities Administrators (the CSA) released a notice and request for comment concerning proposed amendments to National Instrument 81-102 Investment Funds and Companion Policy 81-102CP Investment Funds (the Proposed Amendments) pertaining to public investment funds that invest in crypto assets (Public Crypto Asset Funds). The Proposed Amendments regarding NI 81-102 include:
The Proposed Amendments regarding 81-102CP include:
In publishing the Proposed Amendments, the CSA has opened a 90-day comment period to solicit feedback and comments, which terminates on April 17, 2024. OSFI's Guideline On Technology and Cyber Risk ManagementIn Q1 2024, the Office of the Superintendent of Financial Institutions (OSFI) of Canada released its Guideline B-13 – Technology and Cyber Risk Management, which sets out OSFI’s requirements for the management of technology and cyber risk for federally regulated financial institutions (FRFIs). This is important for Fintechs because the roster of FRFI’s under OSFI’s regulatory purview includes 400 financial institutions—including all banks (domestic and foreign) and insurance companies. If a Fintech offers a service to one or more FRFI’s and that service interacts with or otherwise impacts the FRFI’s technology assets or systems, it can expect the FRFI to pass relevant B-13 mandated obligations along to the Fintech—legal and operational. This will add risk and cost to the Fintech and will likely impact pricing and commercial terms around risk allocation including indemnities, limits of liability and insurance requirements, and the Fintech’s information security posture. To add to the fun, OSFI states Guideline B-13 should be considered along with existing OSFI guidance and tools including: the Corporate Governance Guideline, Guideline E‑21 (Operational Risk Management), the revised draft Guideline B‑10 (Third-Party Risk Management), the Technology and Cyber Security Incident Reporting Advisory and the Cyber Security Self-Assessment tool. Lost yet? Bennett Jones is here to help you navigate the path forward. Open BankingOn the open banking file, the Canadian federal government has promised framework legislation in its upcoming budget set for April 16, 2024. This publication, and indeed this author, has commented on Canada’s glacially slow pace in adopting open banking. When it does, will Canadian consumers themselves adapt to and adopt open banking? Time will tell, but at the very least, it will give Fintechs and consumers new ways to provide and receive financial services in Canada. And change is healthy. Authors
Please note that this publication presents an overview of notable legal trends and related updates. It is intended for informational purposes and not as a replacement for detailed legal advice. If you need guidance tailored to your specific circumstances, please contact one of the authors to explore how we can help you navigate your legal needs. For permission to republish this or any other publication, contact Amrita Kochhar at kochhara@bennettjones.com. |