It may be a cliché to say rapid technological change and innovation are dominating the Canadian payments space, but that evolution is only speeding up, partner Elizabeth Sale told attendees of Osler's inaugural Payments Law in Canada webinar. Along with partners Victoria Graham, Adam Kardash, Wendy Gross and Simon Hodgett, the group discussed how recent regulatory developments will have significant privacy, risk management, contractual and other implications for participants in Canada's ever-evolving and increasingly complex payments ecosystem.
The revamp of Canada's payments system has been underway for several years. Updated regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act expand the definition of money services businesses, adding record keeping, client identification and reporting obligations to crowdfunding platforms. Exemptions for some credit, debit and prepaid card transaction from the definition of "electronic funds transfers" have been removed, meaning some payment service providers (PSPs) may need to implement anti-money laundering compliance programs quickly. The Retail Payment Activities Act, meanwhile, provides a general supervisory framework for the regulation of PSPs, but its scope remains unclear.
Complex data ecosystems in the payments sphere, involving multiple parties and seemingly infinite potential applications for that data, are also driving a new set of privacy considerations. Ongoing privacy legislative reform will only exacerbate the regulatory expectations organizations face in this regard. They can likely expect a fairly intense compliance burden and a major shift in how they conduct risk analysis, with multiple statutory frameworks governing privacy and data collection and use across the country.
New technology and entrants into the market may fall under multiple regulatory frameworks, or may not fit in with the governing regulatory paradigm at all. Both market norms and traditional risk tolerances are shifting, as these businesses seek new models and ways of interacting with their customers. Organizations will need to examine their entire chain of third-party service providers and build ongoing oversight and allocation of compliance responsibilities into their commercial contracts.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.