On July 7, 2017, the federal Department of Finance released a consultation paper entitled "A New Retail Payments Oversight Framework" outlining a proposed regulatory framework for retail payments. This is a significant consultation because if provisions are implemented as proposed, the proposed framework would significantly expand the scope of federal regulation in this area, including by regulating participants that are not regulated financial institutions.

The new regime is motivated by the fact that while there is comprehensive regulatory oversight in place for core payment and clearing and settlement systems (e.g., the Large Value Transfer System and Automated Clearing Settlement System), there is no analogous regime in place for the retail payments system. The Government is of the view that there are key risks facing end users of the retail payments system, namely operational risk, financial risk, market conduct risk, efficiency risk, and money laundering and terrorist financing risk. The proposed framework seeks to address these risks. The proposal would also address a common concern of many regulators that there is regulation by the nature of the entity and not by the nature of the function. This would begin to level that playing field.

The Department of Finance is seeking input on a number of aspects of the proposed framework. Comments are to be provided by October 6, 2017.

Scope

The consultation paper notes that whereas the current retail payments framework is based on an institutional approach that targets particular types of payment service providers ("PSPs"), the proposed framework would be based on a functional approach where "risks associated with a particular payment function are treated similarly regardless of the type of organization providing the service." The consultation paper highlights five core payment functions performed by PSPs, subject to certain exclusions, that would be captured by the framework:

  • provision and maintenance of a payment account;
  • payment initiation;
  • authorization and transmission;
  • holding of funds; and
  • clearing and settlement.

The proposed framework would apply to any PSP when performing one of these payment functions in the context of an electronic fund transfer ordered by an end user, and would cover a wide range of transactions, including credit card transactions, online payments, pay deposits, debit transactions, pre-authorized payments, and peer-to-peer money transfers. Certain types of transactions posing limited risk to end users would be excluded from the framework.

The consultation paper states that the development of the framework should strike an appropriate balance between the following policy objectives: (i) safety and soundness; (ii) efficiency; and (iii) user interests. In order to strike such a balance, the development process will be guided by the following principles:

Necessity – Oversight should address risks that can lead to significant harm to end users and avoid duplication and overlap with effective existing rules.

Proportionality – The level of oversight should be commensurate with the level of risk posed by a payment activity. One of the key considerations is the cost of compliance, as the oversight measures should not create a barrier to competition and innovation by unduly burdening PSPs.

Consistency – Similar risks should be subject to a similar level of oversight, irrespective of the type of entity or the technology. A clear and consistent oversight regime is desirable to promote competition and innovation.

Effectiveness – Oversight should be designed to maximize effectiveness. For example, requirements should be clear, accessible and easy to integrate within different payment services, and the entity that poses the risk should be responsible for managing it. Additionally, the regulator should have the ability to enforce oversight requirements when necessary.

While the proposed framework would be limited to transactions carried out in fiat currency, the Government will continue to monitor the use of virtual currencies in retail payments and will adjust the scope of application of the framework as necessary.

Measures

The proposed measures target:

  1. Safeguarding end user funds held by PSPs - Of particular note, the Government proposes to require PSPs to place end user funds held overnight or longer in a trust account meeting specified requirements.
  2. Operational standards - To mitigate operational risks, the framework would require that PSPs performing a payment functions comply with specified principles related to establishing security and operational objectives and policies and business continuity planning.
  3. Disclosures to end users - Under the proposed framework, all PSPs that perform a function that involve a direct PSP/end user relationship would have to provide end users with certain key information (e.g., charges and fees) in a manner that meets specified principles.
  4. Ensuring availability of appropriate dispute resolution procedures - PSPs would be required to have internal complaints-handling processes. As well, there would be a designated external complaints body to deal with complaints that are not resolved through the PSP's internal processes.
  5. Liability for unauthorized transactions - Under the proposed framework, payors would not be held liable for losses due to unauthorized transactions or errors unless they acted fraudulently or failed to fulfil certain obligations.
  6. Registration requirements for PSPs - It is proposed that all PSPs would be required to apply for registration with the designated federal retail payments regulator. It is proposed that the registration scheme would also promote compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.
  7. Protection of end users' personal information - The regulator for the oversight framework would promote awareness of and compliance with privacy legislation.

Implementation

In order to not stifle innovation and to ensure competition between PSPs, the measures would be applied in a manner that is "commensurate to the level of risk posed by each PSP." This would be achieved as follows. First, the measures would be principles-based so that they scale properly with the size and nature of the PSP. Second, certain measures may be tiered so that smaller PSPs, or PSPs posing less risk, would be subject to reduced requirements. Third, the framework would account for existing overlapping regulatory oversight to which a given PSP may be subject. In circumstances where there is a duplication of compliance between the proposed retail payments framework and another provincial or federal statute, a PSP could be exempt from the proposed retail framework's requirement.