Department of Finance and BOC's Proposed Legislation for PSPs: We Can Help

Recently, the Department of Finance and the Bank of Canada (BOC) presented details on proposed legislation related to retail payment service providers (PSPs). Key areas of this legislation include; operational risk, financial risk, market conduct risk, efficiency risk, money laundering and terrorist financing risk.  While we don’t know the timing of its release, once legislation is passed, there will be guidelines to support it. 

We can share a few things with you at this time. You will find below some of the highlights that we feel will have the biggest impact. If you’d like to review the DOF’s 2017 consultation paper , click and enjoy reading the full recommendations.

If you or your team have any questions about this, please connect with us. We work with PSPs regularly to ensure they meet all AML compliance regulations whether they are just starting their AML program or need The AML Shop’s expertise to refine certain areas. We’d love to hear from you.

Here are some of the key highlights that we thought were important to share:

  1. The legislation will be based on functions; Finance was pretty clear that these were still proposed and not finalized: provision and maintenance of a payment account, payment initiation, authorization and transmission, holding of funds and clearing and settlement.

  2. There are four principles that have been identified to guide the development of the oversight framework should be proportionate with the level of risk posed by a payment activity; oversight measures should not create a barrier to competition and innovation by unduly burdening PSPs.

    • There should be consistency of oversight, irrespective of the type of entity or the technology.

    • Oversight should be designed to maximize effectiveness with clear, accessible and easy to integrate requirements within different payment services.

    • If an entity is already under prudential oversight, there may be some exemptions under this new legislation.

    If an entity is already under prudential oversight, there may be some exemptions under this new legislation.

 The BOC will be the primary regulator of this legislation, once final, and will have three components to their mandate:

  1. Registration: all PSPs will be required to register with the BOC.  The registry will be public and the registration process has not been established yet.

  2. Operational Risk Management: this will be a principles-based approach similar to that of larger systematically important systems (like Payments Canada). 

  3. PSPs will be required to provide reporting to the BOC on their operational risk management programs.  


The BOC will provide guidance to PSPs on end-user funds safeguarding.  PSPs will be required to report certain activities to the BOC based on the guidance. The BOC will have oversight responsibilities and may even perform examinations of the PSPs.  Not all PSPs will be looked at equally; it will be a risk-based approach.

The BOC will also provide time for all PSPs to adjust to the new expectations, although there was no specific mention of how much time or any deadlines.