Hello and thank you for inviting me to attend this year’s Canadian Innovation Exchange Summit. This is an exciting event for entrepreneurs, investors and service providers who are on the cutting edge of technological innovation in Canada.
Today, I want to talk about how the Bank of Canada’s evolving role in payments is keeping pace with rapid advancements in how everyone pays for goods and services.
The exchange of payment for these goods and services – like so much else in society – is increasingly moving into the digital realm. Consumer use of cash at the point of sale has declined to approximately 22% in 2021 from 54% in 2009. The COVID-19 pandemic has also resulted in increased use of debit and credit cards. Around 85% of merchants now accept these electronic payment methods, up from 60% in 2018.
More money, more problems
All this to say that the payments ecosystem in Canada is changing rapidly, with a surge in the use of mobile and digital payments. The fintech industry, which includes a large number of payment service providers (PSPs), has facilitated this development. And this industry is growing rapidly, both in terms of the number of companies involved and the amount of capital invested.
As the Notorious BIG so aptly put it: it’s like the more money we run into, the more trouble we run into. There are new ways to pay and an abundance of new players in payments. When money changes hands electronically in these new and different ways, we all need to make sure consumers and the payments ecosystem are protected.
So where does the Bank of Canada fit into all of this? Well, Canadians trust these PSPs every day when they use their card to make a purchase, send money electronically to friends and family, or click the pay button at their merchant. preferred online. And under the Retail Payment Business Actpassed last summer, the government mandated the Bank to supervise these PSPs.
This bill will preserve the trust that Canadians place in PSPs. The Act establishes a new oversight framework to ensure that PSPs manage certain risks that could affect their users. The impetus behind all of this is to build trust in the security and reliability of payment services.
Let’s dig a little deeper into what it means when the rubber hits the road.
Who it will affect
Before we get to the how and when, let’s talk about the who. I’m sure there are fintech companies in the room today who may be wondering if the new framework will apply to them.
Simply put, if your business is to help individuals and businesses make day-to-day payments, or store or transfer their money electronically, your organization could very well qualify as a PSP that will fall under this new framework. This includes payment processors, digital wallets, money transfers and others.
Banks and credit unions are already subject to a high degree of supervision at the federal and provincial levels, so they are not covered by the Act. But we currently estimate that there are over 2,500 entities that will be subject to our regulatory oversight. This includes well-established domestic and global entities that are household names in payments. It also includes a whole host of newly created fintech companies.
Domestic and foreign PSPs will need to register with us. And we will maintain a public list of all PSPs who have registered as well as a list of those whose registration has been denied or revoked. All of this helps us better monitor PSPs’ ongoing compliance with the Act.
Our Guiding Principles
This framework will apply to many entities, but we are not going to use a blanket monitoring approach to the task at hand. We will establish a common supervisory basis for all PSPs, but recognize that companies will have different business structures and operational processes.
This is why we will adopt a risk-based approach that will focus on the impacts on end users and the efficiency of payment services. This essentially means that the level of oversight attention and oversight actions we take will be guided by the level of risk that each PSP brings to consumers and the payments ecosystem.
Therefore, there is no “one size fits all” methodology. Moreover, PSPs can meet our expectations using many approaches. Our job is to make the objective very clear. And then PSPs can focus on reaching the destination, not necessarily on a prescriptive journey to get there.
Of course, with this flexible risk-based approach, there is a need to ensure that industry participants truly understand their obligations. We will clearly set out requirements and expectations so that PSPs can adapt.
The Act and forthcoming regulations will establish the mechanisms of the new framework. But to really make sure industry players understand what’s expected of them, we’ll be supplementing these documents with oversight guidance.
It is important that we promote understanding and compliance within the PSP community to ensure that this law does what it was designed to do. It is equally important that everyone understands the consequences of non-compliance.
Under the Act, we have the power to take action if a PSP fails to comply with the Act or its regulations. It starts with a compliance agreement that sets out the terms under which the PSP must rectify its operations.
The next level of enforcement is a Notice of Infringement. When we issue a notice of violation, we will post the company’s name and the nature of its violations on our website. The notice may also include a monetary penalty, which will be made public and could be up to $10 million for a very serious violation.
Finally, the governor has the power to issue a compliance order if a PSP commits – or is about to commit – an act that would have a material adverse impact on consumers and other end users. Additionally, if a situation of non-compliance becomes serious, we may pursue legal enforcement, requiring the service provider to comply with the law or an order.
Now I have talked about the new powers and responsibilities that the law gives us. I think it’s also important to be clear about some areas that are outside of our jurisdiction.
We will not monitor all aspects of risk. For example, we will require PSPs to ensure that end-user funds can and will be returned to them if a PSP becomes insolvent. Our supervision, however, will not prevent bankruptcy or insolvency of a PSP from occurring in the first place.
In addition, customer complaints about fees charged by PSPs or other issues related to the fair treatment of customers are beyond the scope of our oversight.
I would like to point out that our approach to supervision will change and evolve. We must look to the future to assess emerging risks and practices in retail payment activities and to follow the spirit of innovation that is driving change in the way Canadians pay for goods and services.
Where to go from here
So what’s the next step?
Our ongoing engagement with our Retail Payments Advisory Board continues to guide the way forward. The committee was created in 2020 to provide us with industry expertise. The insights we get from PSPs serving on this committee shape our advice to the Department of Finance Canada regarding future regulations.
We also work with industry groups, individual PSPs and associations that represent them and raise awareness of the framework more broadly. The Bank has also launched outreach efforts through trade shows that we know PSPs will attend.
In due course, when the draft regulations are posted online, this will open the door to a formal comment process. This will give PSPs the opportunity to provide feedback on the new requirements.
Following the subsequent publication of the final rulebook, we will begin publishing our monitoring guidelines. We will continue to solicit feedback; it’s important that we take the time to make sure we’re doing it right, right from the start.
In the same vein, the law should come into force in stages. For example, PSPs will need to register with us before they have to comply with operational risk management and end-user funds protection requirements.
Given these milestones, we plan to require payment service providers to register with the Bank from 2024. The initial pilot and subsequent launch of our risk monitoring and compliance work is currently underway. planned for 2025.
To meet this timeline, next year we will focus on finalizing the regulations and publishing our regulatory guidance.
I want to emphasize that these are our current assumptions. Ultimately, the federal government will decide how and when each provision of the Act will come into force.
I’m going to wrap up now, so we have time for questions.
Before I give the floor, I want to remind everyone here that our goal in all of this is to support the innovation we see in the payments ecosystem while ensuring that PSPs manage their operational risks and ensuring that their consumers’ funds are protected.
By ensuring that these key risks are well managed, we will further strengthen and maintain Canadians’ confidence that payment methods are not, in fact, creating the problems.
I would like to thank you for your time and attention today, and I would be happy to answer any questions you may have.
I would like to thank Harold Gallagher for his help in preparing this speech.