Global fintech and funding innovation ecosystem

Canada’s Open Banking Journey: Working Group Meeting Updates

McMillan | Darcy Ammerman, Robbie Grant, Mitch Koczerginski, Pat Forgione, Robert C. Piasentin, Isabelle Guevara  | Nov 2, 2022

Open banking in Canada  - Canada's Open Banking Journey:  Working Group Meeting UpdatesFour working groups assembled earlier this year have been working to develop common rules, accreditation criteria, and technical standards for Canada’s open banking system.

  • Accreditation:  criteria should focus on four elements: (1) background information and internal governance, (2) financial capacity, (3) certification, and (4) privacy and security.
    • Categories of environmental and social governance (ESG) and anti-money laundering (AML) were considered but no agreement was reached.
    • The working group took interest in the potential for a framework with different tiers of accreditation, based on factors such as size or role of the prospective participant.  Participants must have the financial capacity to meet their liabilities.
    • An adequate insurance policy or comparable financial guarantee would be required in order to obtain accreditation.
      • General consensus in favour of Australia’s flexible approach, which evaluates the adequacy of an insurance policy based in part on (i) the nature of the products or services to be offered, (ii) the nature of data to be managed, and (iii) the volume of data to be handled.

See:  NCFA Open Banking Governance with Senator Colin Deacon and Mahi Sall

  • Liability:  This includes establishing (i) the process for consumer complaints, (ii) rules to apportion liability, and (iii) traceability frameworks.
    • When a consumer suffers a loss in the course of exercising any function of open banking, the consumer should not be liable for more than a nominal fee of $50, unless it can be proven that the consumer committed gross negligence, gross fault or fraud.
    • the data recipient should be required to automatically compensate consumers who suffer financial harm, though a pooled fund between all open banking participants was also considered.
    • Interest in creating a standard approach to protecting consumers following a sensitive data breach.  Active and ongoing measures such as credit monitoring services, shutting down compromised accounts, changing account numbers, and transparency of root cause investigations.
    • Traceability framework to facilitate monitoring and create audit trails for data-in-transit such as user consent, flows of data, and date stamps of each data-sharing request.
      • The group agreed upon a decentralized approach (i.e. one without a government data intermediary).
      • The group also agreed that all data recipients should have obligations even if they outsource their business operations.
  • Privacy:  rules for how consumers provide and revoke consent to share their data, and how consumer data can be used pursuant to the consent provided.
    • Should align with privacy standards already established for the financial services industry, including federal and provincial privacy laws.
    • Agreed that the process for giving or withdrawing consent should be clear, simple and transparent, to promote a positive consumer experience.
    • Revocation of consent automatic under certain circumstances, such as when a consumer closes their account, or when the purpose for which the consumer’s data was collected changes.
    • Public disclosure of useful information for consumers (e.g., terms and conditions, service agreements, complaint procedures, etc.) and agreed that the principles of the Financial Consumer Protection Framework would serve as a good baseline for these requirements.

See:  Canada’s Open Banking Journey: Interview with Abe Karar, Chief Product Officer, Fintech Galaxy

  • Security:  baseline security requirements for open banking participants, particularly in light of the data security, cyber security and operational risks of open banking.
    • After assessing various existing frameworks and certification regimes (including ISO27001 and SOC 2), a majority of the working group agreed that the National Institute of Standards and Technology (“NIST”) framework was the best option.
      • Challenges include fact that (a) compliance may be challenging for smaller participants, (b) significant time and resources may be required for implementation, framework modifications, and additional controls, and (c) NIST framework expertise in the market is relatively low.

Continue to the full article --> here

NCFA Jan 2018 resize - Canada's Open Banking Journey:  Working Group Meeting UpdatesThe National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit:

Latest news - Canada's Open Banking Journey:  Working Group Meeting UpdatesFF Logo 400 v3 - Canada's Open Banking Journey:  Working Group Meeting Updatescommunity social impact - Canada's Open Banking Journey:  Working Group Meeting Updates

Support NCFA by Following us on Twitter!

NCFA Sign up for our newsletter - Canada's Open Banking Journey:  Working Group Meeting Updates


Leave a Reply

Your email address will not be published. Required fields are marked *

14 − eleven =