Home Comparative Guides FinTech

Comparative Guides

Welcome to Mondaq Comparative Guides - your comparative global Q&A guide.

Our Comparative Guides provide an overview of some of the key points of law and practice and allow you to compare regulatory environments and laws across multiple jurisdictions.

Start by selecting your Topic of interest below. Then choose your Regions and finally refine the exact Subjects you are seeking clarity on to view detailed analysis provided by our carefully selected internationally recognised experts.

1
TOPIC
4
RESULTS: Answers
4. Results: Answers
FinTech
4.
Activities
4.1
How are the following key activities in the fintech space regulated and what specific legal issues are associated with each? (a) Crowdfunding, peer-to-peer lending; (b) Online lending and other forms of alternative finance; (c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb); (d) Forex; (e) Trading; (f) Investment and asset management; (g) Risk management; (h) Roboadvice; and (i) Insurtech.
Canada
EKB | Edwards, Kenny & Bray LLP

Answer ... (a) Crowdfunding, peer-to-peer lending

There are different types of crowdfunding, such as donation, pre-selling of products and securities (or equity) crowdfunding. Under Canadian law, a person who receives bonds, shares or other securities in exchange for giving money to a business is considered to be an investor and securities laws will apply. A business seeking to raise capital by issuing securities must file a prospectus with the securities regulator or have an exemption from such prospectus requirements. In addition, a person cannot be in the business of trading securities unless such person is registered in the province or territory where it is carrying on this business or has an exemption from the registration requirement under securities laws.

Certain Canadian provinces and territories have adopted crowdfunding exemptions from the prospectus requirement, which permit start-ups and small businesses to raise relatively small amounts of capital from investors using securities crowdfunding without filing a prospectus, provided that certain conditions are met. Some jurisdictions also permit funding portals to facilitate trades of securities without having to register as a dealer, provided that certain conditions are met; although a funding portal can also be operated by a registered dealer. Fintechs that seek to raise capital through crowdfunding or that wish to operate a crowdfunding portal will need to be aware of any crowdfunding regimes available in the jurisdiction in which they are operating, including Multilateral Instrument 45-108, Crowdfunding, and Multilateral CSA Notice 45-316, Start-up Crowdfunding Registration and Prospectus Exemptions. These exemptions are not harmonised across Canada and there are differences in the regimes applicable in some provinces and territories.

Canadian securities regulators have taken the position that loan arrangements entered into using peer-to-peer (P2P) lending platforms may be ‘securities’ and P2P lending companies could be trading in securities and therefore must register as dealers with securities regulators in the provinces where they operate. Further, if their services also involve issuing new securities, P2P lending companies must either file a prospectus in respect of those securities or be able to rely on an exemption. P2P lending companies in Canada have worked to fit into the regulatory model by registering with regulators and sidestepping the prospectus requirement using existing exemptions. For many, this has meant restricting investing opportunities to a limited class of institutional investors and high-net-worth individuals who qualify as ‘accredited investors’. Others have worked with regulators to find different approaches to access a larger market of borrowers and investors – for example, through operating as an exempt market dealer and relying on the offering memorandum exemption.

(b) Online lending and other forms of alternative finance

Fintechs that provide online lending services or other forms of alternative finance services will need to comply with any applicable provisions of consumer protection legislation in respect of disclosure of the cost of consumer credit with respect to fixed and open credit. In addition, some jurisdictions have enacted specific regulations that govern payday loans, which are generally short-term unsecured loans for small amounts of money. Among other things, such payday regulations may:

  • require payday lenders to be licensed;
  • impose limitations on the amount of any loan to a consumer relative to net pay;
  • set requirements with respect to loan cancellation rights of the consumer; and
  • impose requirements on signage.

In addition, the federal Criminal Code, which applies across Canada, provides that it is a criminal offence to enter into an agreement or arrangement to receive, or actually to receive, ‘interest’ on credit in excess of 60% per annum of the total value of the credit advanced. The broad definition of ‘interest’ in the code captures ordinary commercial interest as well as a broad range of fees, fines and expenses. Accordingly, fintechs offering online sending services or other forms of alternative finance will need to ensure that total interest (as defined in the code) does not exceed this criminal interest rate.

If, in the course of providing online lending or alternative finance services, the fintech is collecting, using or disclosing personal information, it must ensure that it is doing so in compliance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) or its provincial equivalents, if applicable. PIPEDA requires businesses to:

  • obtain informed consent for the collection, use and disclosure of personal information;
  • have in place appropriate safeguards to protect personal information; and
  • in certain circumstances, report any security breach involving the personal information to the privacy commissioner and affected individuals.

In addition, under Canada’s anti-spam legislation, businesses must obtain consent from recipients before sending commercial electronic messages, such as emails or texts, or installing computer software on the recipient’s device.

(c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb)

The current oversight of payments in Canada is focused on the core national payment clearing and settlement systems, including:

  • the Large Value Transfer System, which facilitates the transfer of irrevocable payments between Canadian financial institutions; and
  • the Retail System, which clears paper-based and electronic payments, and through which the majority of payments in Canada are cleared.

Legislation and codes of conduct impose operational requirements – such as mechanisms to safeguard consumer funds upon insolvency, specific disclosure rules and complaint-handling procedures – on specific regulated financial service providers, such as banks and payment card networks. However, other non-traditional retail payment service providers (PSPs) are not currently subject to this comprehensive oversight framework. Given the rapid pace of innovation in the retail payments space and the entrance of non-traditional PSPs into the Canadian payments ecosystem, the federal government has confirmed that it intends to put into place a new oversight framework for retail payments that will be focused on payment activities rather than the type of entity performing them. Accordingly, it is expected that fintechs involved in the payments industry that are currently unregulated may be subject to the new regulatory framework when it comes into force.

In addition, fintechs operating a payment service may be required to register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as a money services business. A business will be considered a money services business if it provides certain prescribed services to the public, including transferring funds from one individual or organisation to another using an electronic funds transfer network or any other method. As a money services business, a fintech will be required to:

  • implement a compliance regime;
  • keep certain records and ascertain client identification;
  • report suspicious transactions and terrorist property to FINTRAC; and
  • report certain large cash transactions and international funds transfers to FINTRAC.

(d) Forex

Canada does not have federal securities legislation or a national securities regulator. Rather, provincial securities commissions are responsible for regulating and enforcing securities legislation in each of their respective jurisdictions. Collectively the provinces and territories have formed the Canadian Securities Administrators (CSA), which is primarily responsible for developing a harmonised approach to securities regulation across Canada. Many substantive aspects of securities regulation – including registration and prospectus requirements, exemptions and continuous disclosure requirements – are harmonised through the use of national instruments. Securities regulators also rely on two national self-regulatory organisations, the Investment Industry Regulatory Organization of Canada (IIROC) and the Mutual Fund Dealers Association, to govern the activities of certain securities dealers.

In Canada, forex trading is regulated as trading in either securities or derivatives, and regulation may vary under applicable provincial and territorial securities and derivatives legislation. Persons seeking to offer forex trading services must be registered in the provincial jurisdiction in which they intend to do business, and if they intend to offer trading on margin, must also be a member of IIROC.

Fintechs offering forex trading services where forex trading is considered trading in a security must comply with various provincial securities instruments regarding registration and prospectus requirements, unless exemptions are available. In addition, traders must ensure that they avoid misrepresentations in secondary market transactions.

(e) Trading

A person (including an individual or a firm) that is in the business of trading securities must be registered with the securities regulator in each province or territory where it does business, unless an exemption applies. The registration regime that applies to all provinces and territories is set out in National Instrument 31-103, Registration Requirements, Exemptions and Ongoing Registrant Obligations, and related rules. National Instrument 31-103 sets out the different categories of registration and the requirements and qualifications of registrants in respect of each. Registrants are permitted to offer products and services based on their category of registration. In addition, detailed regulations apply to marketplaces that bring together buyers and sellers of securities and meet certain other enumerated conditions.

Canadian securities regulators have taken the position that securities laws may apply to fintech businesses that issue cryptoassets, such as tokens or certain cryptocurrencies if based in Canada or that issue cryptoassets to Canadian residents, as well as to platforms that facilitate the trading of cryptoassets. In CSA Staff Notice 46-307, Cryptocurrency Offerings (published in August 2017), the CSA outlined how existing securities laws may apply to initial coin offerings, initial token offerings, cryptocurrency investment funds and cryptocurrency trading platforms. In March 2019, the CSA published Consultation Paper 21-402, Proposed Framework for Crypto-Asset Trading Platforms, proposing new rules governing platforms that facilitate the purchase, sale or transfer of cryptoassets, and seeking comments from industry stakeholders in respect of same. The proposed rules, which have not been finalised, would apply to those platforms which are subject to securities legislation that operate in Canada or which serve Canadian investors.

(f) Investment and asset management

Canada does not have federal securities legislation or a national securities regulator. Rather, provincial securities commissions are responsible for regulating and enforcing securities legislation in each of their respective jurisdictions. Collectively, the provinces and territories have formed the CSA, which is primarily responsible for developing a harmonised approach to securities regulation across Canada. Many substantive aspects of securities regulation – including registration and prospectus requirements, exemptions and continuous disclosure requirements – are harmonised through the use of national instruments. Securities regulators also rely on two national self-regulatory organisations, the Investment Industry Regulatory Organization of Canada (IIROC) and the Mutual Fund Dealers Association (MFDA), to govern the activities of certain securities dealers.

A person (including an individual or a firm) that is in the business of trading securities or advising clients on securities must be registered with the securities regulator in each province or territory where it does business, unless an exemption applies. The registration regime that applies to all provinces and territories is set out in National Instrument 31-103, Registration Requirements, Exemptions and Ongoing Registrant Obligations, and related rules. National Instrument 31-103 sets out the different categories of registration and the requirements and qualifications of registrants in respect of each. Registrants are permitted to offer products and services based on the category of registration. For example, mutual fund dealing representatives can only offer to sell mutual funds.

Registrants which are registered under the ‘investment dealer’ category must be members of IIROC and will be subject to further rules as prescribed by IIROC. Investment dealers are individuals or firms that are permitted to sell a wide range of investment products, such as shares, bonds, mutual funds, exchange-traded funds and other investment funds. IIROC oversees all investment dealers and trading activity on debt and equity marketplaces in Canada by setting and enforcing rules regarding the proficiency, business and financial conduct of dealer firms and their registered employees.

Similarly, registrants which are registered under the ‘mutual fund dealer’ category must be members of the MFDA and will be subject to further rules as prescribed by the MFDA.

(g) Risk management

Fintechs that collect personal information in the course of provision of risk management services must comply with PIPEDA or its provincial equivalents, if applicable. PIPEDA requires businesses to:

  • obtain informed consent for the collection, use and disclosure of personal information;
  • have in place appropriate safeguards to protect personal information; and
  • in certain circumstances, report any security breach involving the personal information to the privacy commissioner and affected individuals.

In addition, the federal Office of the Superintendent of Financial Institutions (OSFI) has published Guideline B-10, Outsourcing of Business Activities, Functions and Processes, which sets out OSFI’s expectations for federally regulated entities (FREs) that outsource or contemplate the outsourcing of one or more of their business activities to a service provider. FREs include banks, federally regulated trust and loan companies, and certain insurance companies, among others. Although provincially regulated entities, such as provincially regulated credit unions, are not specifically subject to Guideline B-10, it the general practice of provincial regulators to require compliance with Guideline B-10 as well. Thus, if a fintech will be providing services to FREs or their provincial equivalents, they should be aware of the need to comply with Guideline B-10. Guideline B-10 contains obligations with respect to such matters as:

  • confidentiality, security and separation of property;
  • location of records;
  • business continuity planning;
  • access and audit rights;
  • rules and limitations on subcontracting by the service provider; and
  • monitoring and overseeing the outsourcing arrangement.

These items must typically be addressed in any outsourcing contract between the service provider and the FRE.

(h) Roboadvice

A person (including an individual or a firm) that is in the business of trading securities or advising clients on securities must be registered with the securities regulator in each province or territory where it does business, unless an exemption applies. The registration regime that applies to all provinces and territories is set out in National Instrument 31-103, Registration Requirements, Exemptions and Ongoing Registrant Obligations, and related rules. Canadian securities regulators have stated (see CSA Staff Notice 31-342 Guidance for Portfolio Managers Regarding Online Advice, published 24 September 2015) that there is no ‘online advice’ exemption from the normal conditions of registration for a portfolio manager, and that the registration and conduct requirements set out in National Instrument 31-103 are technology neutral. The CSA has stated that online advisers which have been approved to carry on business in Canada differ from ‘roboadvisers’ operating in the United States, which may provide their services to clients with little or no involvement of a human advising representative. Rather, online advisers in Canada are viewed as providing hybrid services, whereby they use an online platform for the efficiencies it offers, while human advising representatives remain actively involved in and responsible for decision making. A fintech wishing to undertake roboadvising activities in Canada will be required to file substantial documentation with the securities regulators, including the proposed know-your-customer questionnaire and processes, which will then be reviewed by regulators in order to determine how the fintech will meet its obligations under National Instrument 31-103.

(i) Insurtech

The traditional insurance industry is heavily regulated in Canada at both the federal and provincial level. Given that one of fintech’s biggest advantages in the insurance sector is enabling traditional insurance companies to gain risk insights through existing data, the largest potential legal issue facing insurtech businesses likely relates to the collection and use of big data.

Much of the data being gathered for insurtech purposes will constitute personal information and is therefore subject to PIPEDA or its provincial equivalents, if applicable. PIPEDA requires businesses to:

  • obtain informed consent for the collection, use and disclosure of personal information;
  • have in place appropriate safeguards to protect personal information; and
  • in certain circumstances, report any security breach involving the personal information to the privacy commissioner and affected individuals.

In addition, under Canada’s anti-spam legislation, businesses must obtain consent from recipients before sending commercial electronic messages, such as emails or texts, or installing computer software on the recipient’s device.

For more information about this answer please contact: Kelly Samuels from EKB | Edwards, Kenny & Bray LLP
Contributors
Topic
FinTech
Emily Reid
Emily Reid
Hogan Lovells
Contributing Editor
Article Author(s)
Kelly Samuels
Russell Allsup
EKB | Edwards, Kenny & Bray LLP
Canada

  © Mondaq® Ltd 1994 - 2024. All Rights Reserved.