Canada’s government has released a long-anticipated report that proposes January 2023 as the ‘ambitious but achievable’ target date for launching an open banking system.
Open banking aims to boost competition by enabling third parties, such as fintech companies, to use customers’ financial data (with their permission) to develop new apps and services.
The country’s progress in developing a legal and regulatory framework for open banking – described as ‘fast becoming a worldwide phenomenon’ in an analysis by payments company Mastercard a couple of months ago – has lagged countries such as the UK, where its Open Banking Implementation Entity was set up five years ago.
Canada’s government, on 4 August, released a final report by its Advisory Committee on Open Banking on how to modernise the financial services sector and implement a secure system. In it, the committee recommends that an initial phase of a formal open banking system becomes operational by the start of 2023.
The committee was tasked by the government with leading a review into the merits of open banking in 2018. Its final report is the ‘culmination of the work undertaken’ since then, according to a finance ministry press release.
In January 2020, then finance minister Bill Morneau released the advisory group’s initial findings, which said that ‘more secure infrastructure’ was required to protect people sharing their financial data. He then announced that the committee would undertake a second research phase with a focus on data security in financial services. The consultation process for the final review was delayed by the Covid-19 pandemic.
Federally regulated banks required to participate
The committee proposes in its 29-page final report that all federally regulated banks be required to participate in open banking’s first phase. Provincially regulated financial institutions could join on a voluntary basis and other entities would be allowed to participate upon meeting accreditation criteria.
The initial scope should further enable individuals as well as small- and medium-sized enterprises (SMEs) to participate, the committee writes. The authors argue that SME participation in open banking – which is enabled by software intermediaries known as application programming interfaces (APIs) – would help facilitate post-pandemic economic recovery.
Tackling the question of what data financial institutions would be forced to share, the committee recommends all data ‘that is traditionally readily available to consumers through their online banking applications’. This would include data from checking and savings accounts, but also investment accounts and loans such as credit cards and mortgages. Additionally, all industry participants should have the right to exclude ‘derived data’, a term referring to data enhanced by a financial institution to provide additional value or insight to the consumer, such as internal credit-risk assessments.
‘Read access’ and ‘screen scraping’
There is general agreement among stakeholders that the initial scope of open banking should allow third-party service providers to receive consumer financial data, but not edit this data on banks’ servers – a function known as ‘read access’, according to the committee’s report.
On the topic of security and privacy, the committee recommends establishing common rules. ‘Consumers must have a clear window into what data is within scope of open banking, how it is being used, and how it can be moved,’ the report states in a ‘security’ sub-section. In terms of privacy, the report says: ‘Consumers need to trust and have confidence that the system is designed with safety and security considerations at every level.’
In respect of risks, the report also gives prominence to the need to eliminate so-called ‘screen scraping’, defined as a process whereby a consumer shares their financial institution usernames and passwords with a third party (such as a fintech) in order to gain access to data-driven financial services. Doing so may violate the terms of consumer service agreements with their financial institutions and result in consumers unknowingly bearing the risk of loss.
More than four million Canadians currently use screen scraping to share their financial data, according to the report. But it is described as presenting ‘real security and liability risks to Canadians’ due to the sharing of login credentials. As this data transfer method proliferates, ‘so too will the associated risks to Canadian consumers and financial institutions’, the authors warn.
‘Hybrid, made-in-Canada system’
The committee points out that while the initial focus of its work has been ‘to determine whether open banking has sufficient value to merit the implementation of a system, it is clear that Canadians have already answered this question’.
Therefore, it recommends the government move forward quickly to implement a ‘hybrid, made-in-Canada system’. This means implementation should be neither exclusively government-led nor industry-led.
‘Government should avoid being too prescriptive at the start as this could deter innovation, or prescribing too little which could lead to an inefficient market or poor consumer outcomes,’ the report says. The authors propose a two-phase approach with the initial phase to include the design and implementation of the system. The second phase would involve the system’s evolution and ongoing administration.
In an immediate next step, the government should designate an open banking lead, the report says. This position would be responsible for convening industry, government and consumers in designing the foundation of the system. The authors recommend the lead conclude the design elements within nine months of appointment.
The conclusion of the lead’s mandate should then ‘transition seamlessly into a second phase that would see the implementation of a formal, fit-for-purpose governance entity to manage the ongoing administration of the system’, the report continues. Here, the government should consider the need to codify parts of the open banking system in legislation and regulations.
Reacting to the report
The government has welcomed the report, with deputy prime minister and minister of finance Chrystia Freeland saying that she would be reviewing the committee’s recommendations and developing next steps.
The Canadian Bankers Association said, in a statement sent to Global Government Fintech, that it was ‘looking forward to studying the Advisory Committee’s final report and associated recommendations, as well as continuing dialogue with the government and key stakeholders to implement a system that optimises the possibilities of open banking in Canada’s unique financial services landscape’.
However, there have been voices criticising the pace of the government, which received the final report from the committee in April, but took four months to release it. The Financial Data and Technology Association (FDATA) of North America sent a letter to Freeland in July addressing the delay and outlining how it was affecting consumers and fintechs.
Steve Boms, FDATA’s North American regional director, now called the report ‘an important milestone in Canada’s move toward customer-directed finance’ in a press statement. “We urge policymakers to move quickly to begin implementation, and to ensure the framework allows for payment initiation and money movement use cases,” he added.
=> Global Government Fintech’s dedicated open banking / open finance section <=
‘Australia’s open banking regime enters next phase’ – our news story (14 July 2021) on Australia‘s new Consumer Data Right (CDR) legislation coming into effect, extending the number of banks now expected to share open banking-relevant data
‘Open banking “set to become globally ubiquitous”: report’ – our news story (21 June 2021) on Mastercard‘s analysis, which focused on open banking’s development in ten European countries
‘From OBIE to the “Future Entity”: UK consults on open banking governance’ – our news story (8 March 2021) on the Competition and Markets Authority (CMA) opening a consultation on the future governance of open banking in the UK
‘Canada open banking review to focus on data security’ – our news story (14 February 2020) on the first phase of Canada’s open banking review