Rob Scavone, Pat Forgione, Tayleigh Armstrong, and Kelly Kan / Best Law Firms 2017

Financial technology or “FinTech”—using information and communications technology to better deliver financial services—has undergone explosive growth in recent years. Technology spending by the Canadian financial sector is estimated to reach C$14.8 billion by 2018.[1] FinTech itself is nothing new, of course: from ATMs to online banking, financial institutions have been using technology to deliver services to end users for over 30 years. But what is new is the entry into the market place of “disruptors”—both new technologies and new players—that promise to deliver a new user experience, especially to the younger demographic that grew up on smartphones and tablets.  

FinTech is incredibly diverse and does not have clearly defined boundaries. It can include everything from conventional online banking to big data, peer-to-peer or marketplace lending, mobile payments, digital wallets, crowdfunding, robo-advice, and novel applications of the distributed ledger/blockchain technology that drives BitCoin. FinTech is both responding to and creating a demand for more efficient business models and a seamless user experience that may bypass traditional trusted intermediaries. Financial services once offered exclusively by brick-and-mortar financial institutions are now being unbundled by emergent startups, and the traditional players are scrambling to maintain market share either alone or by collaborating with dedicated FinTech firms. Both groups are using new technologies to deliver innovative financial service products directly to consumers. 
As with many disruptors that encroach on areas once reserved for highly regulated industries (think Uber and Airbnb), FinTech poses many challenges to regulators struggling to strike the right balance between protecting end users and fostering innovation. The established players may argue that the new kids on the block aren’t constrained by the same rules as the incumbents and may lobby regulators to level the playing field by imposing uniform regulation across the board. The new entrants will respond that regulatory compliance is costly and that too much regulation imposes unreasonable barriers to entry that protect vested interests and oligopolies, stifling competition and innovation. How much regulation is too much or too little?

In the coming years, we expect to hear heated debates around whether and how FinTech should be regulated and in particular how best to draft legislation that helps level the regulatory playing field without stifling innovation yet fosters that innovation without sacrificing the safety and security of end users.

ISSUES IN REGULATION

One of the recurrent complaints from incumbents in the space is that FinTech startups are subject to less onerous regulation than less nimble traditional financial institutions, allowing them to employ faster go-to-market strategies and reach more customers. Federally regulated financial institutions, for example, must maintain minimum levels of regulatory capital and abide by a host of detailed prudential regulations that protect depositors and borrowers, while FinTech startups face few of those constraints. Businesses providing similar services are subject to different regulations based on the nature of the business entity, rather than the services they offer. Banks that provide funds transfer services to their customers are subject to the registration and reporting requirements of the anti-money laundering legislation discussed below, while services such as PayPal, often are not. Clearing members of Payments Canada that settle funds through the national check clearing system are subject to voluminous rules governing standards and finality of payment while operators of private retail payment networks such as Visa and MasterCard are governed largely by contract. A few years ago, the Task Force for Payments Systems Review proposed that all payments be regulated under a single system at the federal level, without regard to the type of entity that facilitates the payment,[2] and the Department of Finance more recently issued a consultation paper on the same theme.[3] Should regulators take the same approach to the whole FinTech ecosystem?

FinTech regulators face the difficult challenge of balancing the need to ensure the safety and soundness of the financial markets against the need to encourage further innovation that will allow Canadian FinTech businesses to become global competitors.

One specific area of concern is consumer and investor protection. FinTech companies are revolutionizing consumer lending,  using alternative credit models that link lenders and borrowers directly, cut out the heavily regulated “middlemen,” apply sophisticated algorithms that can analyze the financial condition of prospective borrowers, and deliver credit approvals in hours or even minutes rather than days. While this technology can expedite consumer lending, improve user experience, and lower consumer costs, it raises some red flags as well. Happy with the slick and frictionless user interface, borrowing consumers may not be aware of the concerns that have been raised regarding cybersecurity and information privacy. Direct lenders may embrace the ease with which they can lend money out at attractive rates of return but not appreciate the risks of investing large sums of cash without the manifold protections mandated by securities regulations, but the FinTech companies themselves may be frustrated by the long delays and high legal costs they face when they have to jump through those regulatory hoops. As always, the regulators must find a way to safeguard consumer and investor interests without imposing such a heavy regulatory that innovators give up and move elsewhere.

AN OVERVIEW OF THE CURRENT REGULATORY LANDSCAPE

There is currently no single Canadian FinTech regulator at either the federal or provincial level, nor any standard-setting technical bodies. The multidisciplinary nature of FinTech makes it difficult to determine what activities should be regulated and by whom. While there is no FinTech-specific body of regulation in Canada, some existing legislation does apply. 

Information Security

Personal information and data security are major concerns in the FinTech world, and the growth of FinTech has significant cybersecurity implications. As FinTech products are increasingly embraced, both corporate and individual consumer financial information is at risk. Emerging tech companies are eager to jump into the financial services industry, but their security measures may be untested and insufficient.

Some legislative protections do exist. Currently, businesses must comply with the federal Personal Information Protection and Electronic Documents Act or its provincial equivalents and Canada’s Anti-Spam Legislation. However, some have expressed concerns that emergent FinTech companies may not be adequately equipped to deal with cybersecurity issues. The CEO of Toronto-Dominion Bank recently maintained that data breaches and solvency issues have “plagued” many new entrants, a claim hotly denied by the entrants themselves.[4]

Anti-Money Laundering

Canada’s federal government has made significant strides in recent years to strengthen its anti-money laundering (AML) regime in accordance with its international obligations. Because some FinTech transactions involving money transfers do not need to be made through financial institutions that are subject to AML laws, regulators have expressed some concern that such transactions could be used for money laundering without appropriate regulatory scrutiny. Some FinTech companies must comply with the registration, client identification and verification, and transaction reporting requirements under the federal Proceeds of Crime (Money Laundering) and Terrorist Financing Act administered by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s financial intelligence unit. Many others, however, do not fall within any of the categories of entities required to report to FINTRAC.

Consumer and Investor Protection

Due to rapid go-to-market strategies, investors and other FinTech users may not receive the same amount of information and disclosure as that provided by incumbent financial institutions. However, startups must comply with relevant securities laws when raising capital and with provincial consumer protection law when offering consumer-oriented products, but may be unfamiliar with the complex rules in these areas or assume that they do not apply. Regulators have recently made some efforts to accommodate innovative forms of financing but they are constrained by a restrictive legislative framework. For example, some provincial securities commissions have recently enacted new prospectus exemptions under Multilateral Instrument 45-108 for “crowd-funding” investments of relatively small amounts (C$1,500 per investor, up to C$250,000 per issue), but the requirements are complex and may necessitate bringing hundreds of shareholders on board. The Ontario Securities Commission has also warned online marketplace lenders that the investments they offer to prospective lenders may be regarded as “securities” for the purpose of securities legislation and accordingly attract onerous registration and prospectus requirements, unless an exemption is available. [5] Currently there are no exemptions specifically tailored to online lending.

In addition, each province has detailed requirements in place under consumer protection legislation that mandate disclosure of the cost of borrowing (such as the “annual percentage rate”), for consumer loans that apply to all lenders in this sector, not just financial institutions or finance companies as such. Any online lender making loans to consumers would be bound by these complex laws regardless of the electronic medium.

Third Party Outsourcing Relationships

Building in-house tech solutions is expensive, increasingly pushing financial institutions to outsource their IT functions. With this, however, comes the danger of data leaks and the difficulty of engaging with companies that lack the tools to handle information responsibly. The federal Office of the Superintendent of Financial Institutions has issued guidelines[6] on outsourcing business activities and functions for federally-regulated financial institutions, which provide that the entity retains ultimate accountability.

NEXT STEPS IN REGULATION

While the FinTech regulatory ecosystem is still in its infancy, it won’t remain that way for long. Canadian federal and provincial governments will soon be fostering innovation in existing and startup companies, while remaining cognizant of their role in providing regulatory protection to end consumers of FinTech products. Although regulatory compliance can be costly for companies, it may be useful in the long term to clarify applicable legislation and who it applies to. Online payment methods and anti-money laundering are just two of many areas where we are likely to see—or are already seeing—considerable development.

Payments

Consumers are increasingly turning to mobile apps and online platforms to transfer funds, transforming existing payment infrastructures. In Canada, consumers are protected by provincial consumer protection laws and by the policies and business practices that companies impose on themselves, but in the absence of federal regulation (which constitutionally is probably impossible), regulation by the provinces and self-regulation by services providers are inconsistent at best.

In the retail payment space, existing rules and regulations have focused on the nature of the provider (i.e., a bank is regulated differently from a non-financial institution) rather than on the service that is provided (e.g., both entities may hold or transfer funds on behalf of consumers). Payments Canada recommends a functional approach to regulation, focusing on the product or service rather than on the nature of the provider. Adopting this recommendation may provide better protection for system participants and end-users through enhanced consistency of rules, regardless of the service provider.

Anti-Money Laundering

A significant consideration for financial service regulators will be protecting against money laundering risk. Because FinTech companies may not be directly regulated by traditional regulators, compliance with AML legislation may be inconsistent or nonexistent. Many FinTech companies do not have the infrastructure in place or the requisite expertise to adequately investigate users and trace funds. With the increasing use of platforms that facilitate payments and movements of money with more speed and greater anonymity, FinTech companies and those using financial technology will likely come under greater scrutiny to ensure that they are taking steps to mitigate money laundering risk. It is critical that financial services providers understand the extent they are subject to AML regulation and how to adequately comply.

On June 17, 2016, the federal Department of Finance released amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act that were published on June 29.[7] The new regulations make material changes in the areas of client identification and verification—especially for clients who are not physically present—and the adoption of electronic signatures. These changes should make processes (such as online customer onboarding) faster, more seamless, and much less dependent on paper documents, thereby fostering growth and innovation in the FinTech space. By the same token, they also serve as a reminder that FinTech companies are not flying under the regulatory radar.

ALTERNATIVE APPROACHES TO REGULATION AND INNOVATION: SANDBOXES AND HUBS

Some jurisdictions (notably the U.K., Australia, and Singapore) have implemented an innovative approach to regulating FinTech service providers that could serve as a model for similar initiatives federally and provincially in Canada, known as the “regulatory sandbox.”[8]  In this model, qualified entrants are permitted to offer innovative products and services to a select subset of end users to allow them to test the waters without fear of regulatory sanctions. Often regulators will issue no-action letters, confirming that the rules are suspended for a specified period. Once the startup is established, it leaves the “sandbox” and complies with the general regulatory regime in the “real world.”

The U.S. Office of the Comptroller of the Currency recently issued a white paper[9] supporting reasonable financial innovation based on eight core principles. The Consumer Financial Protection Bureau proposed a “no-action letter” policy that bears some similarity to the regulatory sandbox approach. In the U.K., the government chief scientific advisor has issued a FinTech Futures Report that makes 10 key recommendations for government to contribute to and support the evolution of FinTech.

Another promising approach that Canadian regulators are considering is the “innovation hub” that offers startups dedicated teams to help them navigate the regulatory landscape and obtain the necessary approvals. In line with this approach, on October 24, 2016, the Ontario Securities Commission announced an initiative known as OSC Launchpad, which is described as a dedicated team that “engages with FinTechs, provides them with guidance and flexibility in navigating the [securities law] requirements, and works to keep securities regulation in step with digital innovation” with a view to helping FinTechs get to market more quickly.  

These novel approaches show that regulators can do more than apply the brakes to FinTech innovation; they can also put their feet to the accelerator.

CONCLUSIONS

It’s clear that the FinTech train will be moving at an ever accelerating pace for the foreseeable—and maybe not so foreseeable—future. If Canadian financial institutions and regulators fail to climb aboard and embrace the challenges and opportunities that Fintech has to offer, Canada may be left at the station.


------------------------------------


[1] MaRS & Information Venture Partners, “Ten Surprising Facts about Fintech in Canada,” online: <https://www.marsdd.com/wp-content/uploads/2015/02/Ten-Surprising-Facts-about-Fintech-in-Canada.pdf>.
[2] See Task for the Payment Systems Review, “The Way We Pay:  Transforming the Canadian Payments System,” available here.
[3] “Balancing Oversight and Innovation in the Ways We Pay: A Consultation Paper” (2015), available here.
[4] Barbara Schechter, “Debate over regulating Fin-Techs heats up in Canada and the U.S.,” Financial Post, March 31, 2016.
[5] Ontario Securities Commission News Release, "OSC Sets out Expectations for Businesses Planning to Operate Peer-to-Peer Lending Websites" (June 19, 2015), available here.
[6] OSFI Guideline B-10, “Outsourcing of Business Activities, Functions and Processes” (Revised March 2009), available here.
[7] Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, 2016 SOR/2016-153 June 17, 2016, available here.
[8] For the U.K. example, see the Financial Conduct Authority, “Regulatory Sandbox” (Nov. 2015), available  here.   
[9] E.g. the Australian Securities & Investment Commission’s Innovation Hub, details of which are available here.