Data sharing services currently depend on screen scraping, which requires users to share login details with a third party, raising security risks. Open banking will replace that.
The 2023 fall economic statement committed to open banking by 2025. As for the first open banking bill that received royal assent in June 2024? There was “very little” in it, said Sabet-Stephenson, the leader of financial services and technology at the Gowling WLG law firm in Toronto.
A second open banking bill, expected to become law in 2024, was thrown off track when Parliament was prorogued at the request of outgoing Prime Minister Justin Trudeau. It would’ve introduced substantive elements of the open banking framework, such as details on accreditation for participating entities. So far, the government has only updated a related framework.
“That framework without the legislation doesn’t do anything,” Sabet-Stephenson said. “This is a promise of 2026, but what’s the promise [worth] if the legislation hasn’t been passed?”
Still, open banking is making progress. That means financial institutions and fintechs will need to convince customers to move data into their systems, said Robert Hayman, head of emerging initiatives and product delivery at Central1, which provides back-end banking services to more than 250 financial institutions.
But financial institutions that can opt-in to open banking might face a dilemma.
“Do I want to be so insular to say I’m not going to let them move their data [to a competitor] and risk the entire customer relationship?” said Hayman. “Or [are we] going to enable you to move that data to that fintech in the hopes of continuing to maintain that overall customer relationship? And who knows, maybe in time we will be able to offer a similar type of service.”
The FCAC and complaints mechanisms
The framework that defines the Financial Consumer Agency of Canada’s (FCAC) regulatory role in open banking promises to align players with a single technical standard, states the need for accreditation and certification requirements and mandates a common liability structure. That regulatory role will include developing a consumer awareness campaign and creating a public registry of banks, credit unions, fintechs and other participating financial services providers.
Although the FCAC will handle open banking complaints, each participating organization will have independent policies to handle consumer complaints, Sabet-Stephenson said. It could be similar to the code of conduct for the payment card industry in Canada, also under the FCAC’s authority, which requires clear, simple and transparent complaint-handling processes.
The federal government will select a single technical standard so that application programming interfaces (API) are interoperable.
Adopting the same standards as the U.S. would help fintechs access data from both countries, said Saba Shariff, senior vice–president and chief strategy, product and innovation officer with Symcor, a payment processor in Mississauga, Ont. In January, the U.S. Consumer Financial Protection Bureau approved Financial Data Exchange’s (FDX) application to issue open banking standards.
“I would be shocked if FDX wasn’t the standard that Canada chooses,” Hayman said, noting that the U.S. is the most relevant market with which Canada might want to exchange data.
But financial institutions don’t need to wait for the final technical standard, Shariff added. The risk in picking a standard for a pilot project can be eased by working with a technical service provider that bridges the gap between standards once the FCAC makes a decision.
Whatever an organization chooses to do, it’s important to select an existing standard instead of starting from scratch, Shariff said. “At least they’ve actually figured out the best practices. … Even if it’s not 100% the standard that will get selected in Canada, you usually don’t see a massive variation between APIs.”
Fintech accreditation and technical certification
Financial institutions that want to be accredited will apply to FCAC with information on oversight arrangements, governance, security and privacy controls and liability instruments, among other requirements. Key information will need to be regularly reported to maintain accreditation.
Only fintechs, such as technology vendors that support banks, will need to be accredited, said Hayman, who’s part of the Department of Finance’s open banking accreditation working group. They will need to demonstrate privacy and security controls as well as an ability to make consumers whole in case anything goes wrong with something like liability insurance coverage.
“The accreditation…
Read More: Open questions about open banking