This summer the federal Department of Finance released a discussion paper regarding the oversight framework for retail payment systems in Canada. The paper proposes a number of changes to the way the retail payment systems in Canada are regulated. These changes will be of particular importance to Fintech companies operating in the retail payments space as for some of these entities, the level of regulation could increase substantially.
Retail payments in Canada are currently subject to a patchwork of regulations with some players regulated heavily and others minimally. In addition, regulation is often based on an “institutional approach” whereby regulations are based on the type of entity being regulated as opposed to the activities undertaken by that entity. For example, banks and other federally regulated financial institutions are subject to detailed and complex regulations with respect to credit cards, deposits and other aspects of their payments’ businesses. However, non-traditional payment service providers (referred to as PSPs in the discussion paper) are often subject to minimal, if any, direct federal regulation. While non-traditional PSPs do not currently account for a large percentage of retail payments transactions in Canada, the Department of Finance recognizes that the landscape is rapidly changing and is seeking to implement a new oversight framework which will reflect the federal government’s three policy objectives of (i) maintaining safety and soundness, (ii)encouraging efficiency, and (iii) meeting the needs of users. The Department of Finance also seeks to adopt a “functional approach” whereby entities undertaking similar functions are regulated in a similar way, regardless of the type of entity.
While the discussion paper does not precisely define which PSPs will be subject to this new oversight framework, it does identify the following core functions of PSPs in the context of electronic fund transfers:
- provision and maintenance of a payment account;
- payment initiation at the request of an end user;
- authorization and transmission of transactions;
- holding of funds; and
- clearing and settlement.
PSPs exercising any one of these core functions in the context of an electronic funds transfer by an end user would be subject the oversight framework. However, the discussion paper proposes to exempt a number of categories of transactions including cash transactions, transactions conducted by agents where the funds are held in trust, transactions using instruments that function only at the issuing merchant’s physical location (e.g. in-store credit cards), transactions related to securities asset servicing, ATM cash withdrawals and deposits, transactions between members of the same corporate group (if no third party intermediary is involved) and clearing and settlement of transactions made through payment systems which have been designated under the Payment Clearing and Settlement Act (Canada).
Importantly, the discussion paper proposes that the new oversight framework would not initially apply to transactions undertaken using virtual currencies like Bitcoin. The use of these currencies in retail payments is currently limited but the government will continue to monitor their use and implement adjustments to the oversight framework as necessary.
The discussion paper proposes that the new retail payments oversight framework would contain the following measures:
- End-User Funds Safeguarding – PSPs would be required to place end user funds in a trust account that would hold only end user funds. Among other requirements, the funds would have to be held in highly secure financial assets readily convertible into cash. Record keeping and reporting requirements would also apply.
- Operational Standards – PSPs would, among other things, need to establish an operational risk management framework, have clearly defined operational objectives and policies as well as a business continuity plan, and should (on an ongoing basis) identify, monitor and manage the risks that end users, vendors and other third parties might pose to the PSP’s operations.
- Disclosures – PSPs involved in a direct relationship with end users would be required to make certain disclosures to end users including fees, other key characteristics of the product, and customer and PSP responsibilities. PSPs would also be required to provide end users with their transaction history and receipts for completed transactions.
- Dispute Resolution – PSPs will be required to have certain complaint-handling procedures in place which would include having sufficient resources to handle complaints. PSPs would have to report aggregate data regarding complaints to the regulator on an annual basis. An external complaint body would also be established to handle complaints that were not resolved via the PSP’s internal complaint handling process.
- Liability – Under the new retail payments oversight system, payors would not be liable for losses due to unauthorized transactions unless they acted fraudulently or failed to fulfill certain obligations (e.g. failing to maintain password security or failing to promptly notify the PSP after a payment instrument is lost or stolen).
- Registration – All PSPs will be required to register with a new retail payments regulator and provide certain information to the regulator.
The Department of Finance is seeking comments on the discussion paper by October 6, 2017.