Retail Payments Activities Regulations released and open for comment
By Kevin Landry and Colton Smith
The Retail Payment Activities Regulations have been released in the Canada Gazette Part 1 for comment. Interested persons may make representations concerning the proposed regulations for a period of 45 days.
The regulations provide further detail about the governance structure being imposed by the Retail Payments Activities Act, which we have previously written about here and here.
The Retail Payments Activities Act was enacted by the federal government in June 2021 with the objective of regulating retail payment providers in Canada.
What Will the Retail Payments Activities Regulations Do?
Certain Parties Excluded
The proposed Retail Payment Activities Regulations provide further specifics on parties who are excluded from the application of the Retail Payments Activities Act.
Regarding securities transactions, the Retail Payments Activities Act states that electronic funds transfers are excluded from the Act if they are made “for the purpose of giving effect to a prescribed transaction in relation to securities”. The Retail Payment Activities Regulations elaborate on this exemption, defining these prescribed transactions as those that are performed by an individual or entity under Canadian securities legislation. These transactions are excluded as they are not for the purpose of retail payments and are already captured by provincial securities regulators.
The Retail Payment Activities Regulations also exclude the Society for Worldwide Interbank Financial Telecommunication global messaging network (SWIFT) from the application of the Retail Payments Activities Act, as it is already subject to supervision by major central banks (including the Bank of Canada).
Finally, the Retail Payment Activities Regulations will further exclude retail payment activities that are performed as a service or business activity which is incidental to other services or business activities that are not a payment function.
Safeguarding of End User Funds
The proposed Retail Payment Activities Regulations also provides clarity on the steps payment service providers are to take to safeguard end-user funds. These regulations are intended to protect the funds of consumers and businesses from financial loss in the event that a payment service provider becomes insolvent. To achieve this objective, the Retail Payment Activities Regulations requires that payment service providers must either:
- hold funds in trust in a trust account; or
- hold funds in a segregated account while also holding insurance or a guarantee with respect to the funds.
The Retail Payment Activities Regulations would also require that accounts that are used to hold end-user funds must be held at regulated financial institutions, such as banks, provincial credit unions, or foreign financial institutions. Additionally, if payment service providers choose to insure or guarantee end-user funds, the insurance or guarantee must also be from a regulated financial institution that is not an affiliate of the payment service provider. Furthermore, any insurance or guarantee proceeds are required to be payable to end user as soon as possible following insolvency, and must not form a part of the general estate of the payment service provider.
Under the Retail Payment Activities Regulations, payment service providers will also have to implement a “Fund Safeguarding Framework” that will ensure that funds make their way to end users without delay upon bankruptcy. This written framework must describe the “systems, policies, processes, procedures, controls and other means” to meet the objective of safe-guarding end user funds. This will require payment service providers to make use of liquidity arrangements to hold end-user funds in secure and liquid assets, as well as keeping accurate records of end users as well as the amount of funds currently held.
Safeguarding measures taken by payment service providers will be reviewed annually, and biennially by independent parties. Payment service providers will also be required to evaluate if end-user funds were not properly safeguarded in the year prior, and to implement steps to prevent these circumstances from occurring.
Registration
Under the Retail Payment Activities Regulations, applicants will be required to pay a one-time registration fee of $2,500 (to be adjusted for inflation). This does not include the separate annual assessment fee to be paid by payment service providers. The Retail Payment Activities Regulations also provides further details on the information that is required to be included within an application under the Retail Payment Activities Act.
The Bank of Canada will maintain a registry of all registered payment service providers, and may refuse or revoke applications if a payment service provider is behind on assessment fees, or if the Retail Payment Activities Act no longer applies to the payment service provider. Under the Retail Payment Activities Regulations, the registry will contain information regarding the registration status of the payment service provider, their business contact information, and the payment functions they perform.
Additionally, new applications will be required to be filed if an individual or entity wishes to acquire control of a payment service provider. Control is defined within the Retail Payment Activities Regulations and would include acquiring direct or indirectly more than one-third of the votes that may be cast to elect the directors of the payment service provider or acquiring control of an entity that controls the payment service provider.
Reporting
Under the Retail Payments Activities Act, payment service providers must establish, implement and maintain an operational risk management and incident response framework and implement certain measures to safeguard end-user funds, if applicable.
The Bank of Canada is tasked with monitoring and assessing registered payment service providers performance of the above noted obligations. To do so, payment service providers will be required to submit three kinds of reports:
- Annual reports will be required to contain a risk management framework that includes a description of operational risks and the human and financial resources used to implement the framework. Annual reports will also be required to contain a description of their fund safeguarding framework, which must include a description of the methods used to safeguard funds, a description of the Fund Safeguarding Framework, information on account providers, and independent reviews that were conducted in the year prior. Finally, the annual report will be required to include information on the total value of end-user funds held, the volume and value of electronic fund transfers related to the performance of a retail payment activity, the number of end users, and the number of payment service providers that services are provided to.
- Significant change reports require notices to be filed at least 5 days prior to making a significant change. Additionally, the contents of the report will be required to include information regarding the reason for the change, and the payment service providers evaluation of the changes effect on operational risks or fund safeguarding, as well as any new policies introduced due to the change.
- Incident reports, which contain a description of incidents that have a “Material Impact” on end users, payment service providers, and certain financial market infrastructure. These reports will outline the incidents and its impact on individuals/entities affected, as well as the actions taken by the payment service provider to respond to the incident.
The Bank of Canada will use these reports, along with responses to requests submitted to payment service providers, to assess a payment service providers compliance. Assessment may include desk reviews, on-site visits, or a special audit.
Finally, the Retail Payment Activities Regulations would provide for a standard period of 15 days to respond to information requests from the Bank of Canada, unless they are related to ongoing events that may have a significant adverse impact, in which case the response time would be required within 24 hours.
Penalties and Enforcement
The proposed Retail Payment Activities Regulations establish a wide-ranging set of penalties for serious to very serious violations of the Retail Payment Activities Act. These include penalties of up to $1,000,000 per violation for “serious violations” and up to $10,000,000 per violation for “very serious” violations. Enforcement will be up to the Bank of Canada. Further information on enforcement, as well as the Bank of Canada’s supervisory role under the Retail Payment Activities Regulations can be found here.
This update is intended for general information only. If you have questions about the above, please contact the author(s) to discuss your needs for specific legal advice relating to the particular circumstances of your situation.
Click here to subscribe to Stewart McKelvey Thought Leadership
Archive
Section 156 of the Excise Tax Act (the “ETA“) provides an election that relieves certain related parties from having to collect Harmonized Sales Tax (“HST“) on the goods and services sold between them. The election deems qualifying…
Read MoreIN THIS ISSUE: More Than Wind – Emergence of Tidal Energy in Atlantic Canada by Sadira Jan Aquaculture and Salmon Farming in Atlantic Canada by Greg Harding The Expanding Atlantic Canada Offshore Industry: Growing Offshore without Going Offside by Stephen Penney and Rebecca…
Read MoreThe Supreme Court of Canada’s unanimous decision in the breach of contract case Bhasin v Hrynew, 2014 SCC 71 was released on November 13, 2014. The case is important in the law of contracts because…
Read MoreOn June 20, 2014, the Government of Canada announced a series of reforms to overhaul the Temporary Foreign Worker Program (“TFWP”). These reforms, many of which are effective immediately, function to: Re-organize the TFWP The…
Read MoreThe Editor’s Corner Clarence Bennett Summer is halfway over, but we know you will want to take this edition along with you while you enjoy more summer weather and time out of the office. Employers…
Read MoreOn June 26, 2014, the Supreme Court of Canada released one of the most significant aboriginal law decisions since Marshall – Tsilhqot’in Nation v. British Columbia, 2014 SCC 44 (also known as the William decision). This decision could have…
Read MoreIn Industrial Alliance Insurance and Financial Services Inc. v. Brine, 2014 NSSC 219, National Life (and later its successor Industrial Alliance) alleged Brine had received undisclosed CPP and Superannuation disability benefits resulting in a substantial overpayment of…
Read MoreAny individual, business or organization that uses email, text messages or social networks to promote their products and services should take note of Canada’s Anti-Spam Legislation and its accompanying regulations. Effective July 1, 2014, the…
Read MoreIN THIS ISSUE: Consistent Use: The Collection of Union Members’ Personal Information by their Union by Alison Strachan and Jonah Clements. Single Incident of Offensive and Threatening Facebook Post is Just Cause by Harold Smith, QC. The New Anti-Spam Law –…
Read MoreYesterday, Monday June 2, 2014, the Government of Newfoundland and Labrador introduced brand new (and unexpected) amendments to the Labour Relations Act. The full text of the proposed amendment can be accessed here. Bill 22, if it…
Read More