In its 2015 consultation paper entitled "Balancing Oversight and Innovation in the Ways We Pay," the Government of Canada sought the views of Canadians on the merits of a functional approach to retail payment oversight. On July 7, 2017, the Canadian Department of Finance ("Department") noted that a functional approach to retail payments oversight had received broad stakeholder support and issued a new consultation paper entitled "A New Retail Payments Oversight Framework" (the "Consultation Paper") that outlines various components of a new oversight functional framework for retail payments.
Regulate the Playing Field, Not the Players
The Department has acknowledged that its traditional practice of regulating the players as opposed to the playing field is no longer appropriate in a rapidly changing retail payments space with evolving business models, activities and products. Accordingly, consistent with recent international trends in payments oversight, notably in the European Union and Australia, and in line with the earlier recommendations of the Task Force for the Payments System Review, the Department has proposed the adoption of a functional approach to regulation. In this way, risks associated with a particular payment function will be treated similarly regardless of the type of organization providing the service.
What Types of Payments Are Included?
The proposed regulatory framework would apply to any retail payment service provider ("PSP") when performing one or more of the following payment functions in the context of an electronic fund transfer ordered by an end-user (a person or entity that is not a PSP or a financial intermediary):
- Provision and Maintenance of a Payment Account: providing and maintaining an account held in the name of one or more end-users for the purpose of making electronic fund transfers.
- Payment Initiation: enabling the initiation of a payment at the request of an end-user.
- Authorization and Transmission: providing services to approve a transaction and/or enabling the transmission of payment messages.
- Holding of Funds: enabling end-users to hold funds in an account held with a PSP until it is withdrawn by the end-user or transferred to a third party through an electronic fund transfer.
- Clearing and Settlement: enabling the process of exchanging and reconciling the payment items (clearing) that result in the transfer of funds and/or adjustment of financial positions (settlement).
Accordingly, the proposed regulatory oversight framework would cover a wide variety of day-to-day transactions that are conducted through various payment methods, including credit card transactions, online payments, pay deposits, debit transactions, pre-authorized payments and peer-to-peer money transfers.
However, it is expressly acknowledged that certain types of transactions that pose limited risk to end-users would be excluded from this regulatory oversight framework, including all-cash transactions, transactions involving funds held in trust accounts (e.g., involving real estate agents or lawyers), transactions involving gift cards or limited-use cards, transactions related to securities asset servicing (e.g., dividends distribution, redemption or sale) and derivatives, transactions at ATMs for the purpose of cash withdrawals and cash deposits, transactions between entities of the same corporate group (if no intermediary outside of the corporate group is involved in the transaction) and the clearing and settlement of transactions made through systems designated under the Payment Clearing and Settlement Act (e.g., the large value transfer system ("LVTS") and the automated clearing and settlement system ("ACSS")).
In addition, the application of the proposed regulatory oversight framework would be limited to transactions that are carried out solely in fiat currencies (i.e. regulated currencies such as the Canadian dollar) and would not extend to virtual currencies, as the use of virtual currencies in retail payments is limited. However, the Department has stated that it will continue to monitor the use of virtual currencies in retail payments and will propose adjustments to the regulatory framework to include them as warranted.
How Will This Regulation Be Achieved?
The Department has stated that the proposed regulatory framework would be anchored in federal legislation. Given how systemically important or prominent payment systems (e.g., LVTS and ACSS) are currently regulated, it is quite possible that the Payment Clearing and Settlement Act could be used as the vehicle for this regulation. However, the Department has also stated that there are other considerations that need to be taken into account to determine whether specific proposed measures to mitigate identified risks would be introduced through legislated or voluntary vehicles (such as already exist under the Code of Conduct for the Credit and Debit Card Industry in Canada). These include effectiveness, the scope of federal jurisdiction and input received from provincial oversight authorities. Accordingly, it appears that the Department is acknowledging that there is some shared provincial jurisdiction in this area. In our view, any new federal oversight framework should not produce conflicting or inconsistent regulation of PSPs in different jurisdictions in Canada.
End-User Fund Safeguarding
The Department has proposed to require PSPs to place end-user funds held overnight or longer in a trust account that meets certain clearly-defined requirements. PSPs would be required to maintain detailed accounting records that would allow for the accurate identification of funds held in trust and the beneficiaries. In addition, PSPs would be required to report on their trust accounts in their annual filings to the regulator.
To mitigate against a set of operational risks described in the Consultation Paper, the Department has proposed that the regulatory oversight framework would require that PSPs performing any of the five payment functions set forth above comply with a set of principles related to establishing security and operational objectives and policies and business continuity planning that would be based on the Principles for Financial Market Infrastructures (which are incorporated in the Bank of Canada's risk management standards in assessing operational risks in core national payment clearing and settlement systems) and adapted to address operational risks inherent to retail payments.
The Department acknowledges that certain disclosures are currently required for certain PSPs already subject to federal oversight, including under the Bank Act, the Competition Act and the Code of Conduct for the Credit and Debit Card Industry in Canada. In addition, the Department acknowledges that provincial legislation can provide protection against unfair contracts and offer legal recourse to end users. However, while these safeguards can offer basic protections, the Department states that they may not address all information asymmetries specific to payments.
Accordingly, it is proposed that the regulatory oversight framework would require that all PSPs that perform a function that involve a direct PSP/end-user relationship would have to provide end-users with information on the key characteristics of the service or product (e.g., charges and fees, functions, limitations, security guidelines), the end-users' responsibilities, the PSP's responsibilities, terms and conditions, the end-user's history of payment transactions on an account and receipts for transactions. The disclosures would have to meet certain principles, including containing adequate and relevant content, timely delivery, being presented in language that is clear, simple and not misleading and being easily accessible.
The Department states that there is currently no obligation for many PSPs to have complaint-handling procedures in place, creating uncertainty that consumer disputes will be treated in a fair and impartial manner. Accordingly, to reduce market conduct risks, the Department proposes that PSPs performing a function that involves a direct PSP/end-user business relationship have documented procedures for dealing with complaints that meet certain defined requirements. Each of these PSPs would also have to provide the regulator with aggregate data about complaints on an annual basis and a copy of their complaint handling procedures. In addition, an external complaint body would be designated to receive complaints that fail to be resolved through PSPs' internal complaint handling processes.
The Department notes that currently there are liability rules related to unauthorized transactions and errors for certain payment instruments and systems (e.g., Payments Canada system rules, provisions in the Cost of Borrowing (Banks) Regulations for lost or stolen credit cards and the Canadian Code of Practice for Consumer Debit Card Services). However, it points out that these liability rules are not applicable to all retail payment services and it identifies that other jurisdictions, notably the EU and Australia, have specified when an end-user is liable for a loss related to an unauthorized transaction or error.
Under the proposed regulatory framework, end-users would not be held liable for losses due to unauthorized transactions or errors unless they acted fraudulently or failed to fulfil certain obligations (e.g., failing to protect passwords, failing to notify the PSP of a known breach or incorrectly entering information). The payment-authorizing PSP would have to refund the end-user for losses resulting from unauthorized transactions or errors.
The Department has proposed that the regulatory framework will require all existing PSPs to apply for registration with the designated federal retail payments regulator when the oversight framework comes into force or, in the case of a new PSP, before their payment services are launched. In order to register, PSPs would be required to provide in their application detailed information as listed in the Consultation Paper. In addition, the applicants' owners and directors would be required to undergo a criminal record check for fraud and other financial offences under the Criminal Code.
It is also proposed that this registration requirement be used to promote compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act ("PCMLTFA"). The PCMLTFA already requires that certain PSPs facing significant money laundering and terrorist financing risk (e.g., banks, credit unions, money remitters) implement a series of measures to help deter and detect those activities. It is proposed that the retail payments regulator could deny or revoke registration of a PSP if it has been penalized by the Financial Transactions and Reports Analysis Centre of Canada ("FINTRAC") for a "very serious" violation or, in the case of a money remitter, if it is not registered with FINTRAC.