Banks in Canada have a long history of contributing to the country’s economic growth and prosperity. As the voice of more than 60 domestic and foreign banks in the country, the Canadian Bankers Association (CBA) has a number of recommendations for the consultation paper covering this third phase of the federal government’s review of Canada’s federal financial institutions statutes, related legislation, and policies, including the Bank Act.
The CBA’s submission for the Consultation on Proposals to Strengthen Canada’s Financial Sector makes recommendations across five key themes:
- Supporting a competitive market structure and expanding consumer choice - The CBA is calling for the government to subject banks in Canada like other sectors of the economy, avoiding additional sector-specific measures. It also recommends clearer processes for mergers, particularly between federal and provincial credit unions.
- Enhancing consumer protections - The CBA is emphasizing the importance of collaboration across sectors to better protect Canadians from scams. Key recommendations include support for a cross-sector anti-scam alliance effort to address the ever-evolving and accelerating threats of scam and fraud, and the creation of a made-in-Canada anti-scam action plan. The CBA is also recommending that the government focus on reducing the occurrence of fraud through a strong collaborative effort between public and private sectors.
- Modernizing the financial sector framework - The CBA supports relying on established frameworks and bank practices to manage conflicts of interest amongst members of a Board of Directors. We also recommend updates to certain regulations, such as increasing thresholds for specialized financing activities and public float requirements.
- Adapting to geopolitical risks - The CBA recommends enhancing financial sector security by improving information sharing related to integrity and security, including national security, between public and private sectors, while avoiding regulatory overlap. We support greater consultation on compliance measures related to national security.
- Upholding world-class regulation - The CBA is advocating for stronger cooperation and coordination, both between federal and provincial governments as well as within the federal government. We also recommend that the federal government plays a leadership role in developing model financial consumer protection standards to ensure equivalent activities face consistent oversight. We also support harmonization in AI regulations to promote innovation without duplicating efforts across provinces.
This submission highlights the CBA's commitment to balanced regulation that supports stability, innovation, and consumer protection to ensure that Canada’s financial system works for all Canadians.
Further Reading
CBA Submission to Consultation on Proposals to Strengthen Canada’s Financial Sector
Recommendations
Theme 1 - Supporting a Competitive Market Structure and Expanding Consumer Choice
- The federal government subject the banking sector to the same treatment as other sectors of the economy and refrain from layering additional sector-specific measures on top of that. Insofar as additional transparency or scrutiny is desired, that enhanced level of review is already provided for in the existing large bank merger review guidelines that require the House of Commons Finance Committee and Senate Banking Committee to hold hearings on large bank merger proposals.
- The Minister of Finance assess on a case-by-case basis whether Ministerial applications merit some enhanced form of engagement such as public hearings as part of their approval process.
- The Department of Finance reevaluate the legislation and the regulatory process to facilitate federal credit unions merging with or acquiring a provincially-regulated credit union so that expectations for both parties are clear, transparent and proportionate to the risks of the transaction, in order for the transaction to be completed in a timely manner.
- The Department of Finance and the banking sector engage in further discussions on the topic of auto leasing to better understand Finance’s views on what the potential negative impact on the current market structure might be, and considerations in connection with the potential requirement to obtain the agreement of the auto manufacturer.
Theme 2 - Enhancing Consumer Protections
- The Department of Finance should not mandate the delay of transactions for the purposes of fraud or scam mitigation.
- The Department of Finance focus on reducing the occurrence of fraud through a strong collaborative effort between public and private sectors (e.g., banks, telecommunication providers and online platforms).
- The Department of Finance support a cross-sector anti-scam alliance effort to address the ever-evolving and accelerating threats of scam and fraud and the creation of a made-in-Canada anti-scam action plan.
- The Department of Finance does not impose additional or new maximum liability thresholds and focus its efforts on reducing the occurrence of fraud and scams through a strong collaborative effort between public and private sectors rather than shifting liability associated with fraud and scams.
- The Department of Finance explore alternatives to reporting of aggregated fraud and scam data to FCAC. As fraud goes beyond the financial sector, an agency like the Canadian Anti-Fraud Centre (CAFC) would be well suited to holistically address fraud and scams.
- The Department of Finance retain the existing notice and information requirements that apply when a bank intends to close a branch, cease opening retail deposit accounts or teller-based cash disbursals, and refrain from layering additional requirements on top of those that already exist.If the Department of Finance is referring to “facilitate[ing] account transfers” to another branch outside of the bank’s branch network (e.g. to another bank or financial institution) and/or capturing products and services other than deposit accounts, this should be clarified. If this broader scope was intended, there should be further consultation and discussion on this topic before any legislative or regulatory changes are made.
- The Department of Finance retain the existing requirements to publish an annual public accountability statement that includes the addresses of the branches opened and closed by the bank during the course of that year and refrain from expanding data-reporting requirements for banks with respect to their branch networks.
- The Department of Finance carefully consider how retail deposit account opening requirements at the branch and physical points of service level could be applied to digital channels. While banks are not opposed to this policy, managing the possibility of increased fraud should be a primary consideration.
- The Department of Finance maintain the current limits for immediate availability of funds when cashing a cheque to limit potential fraud losses, help protect consumers and merchants, and support the modernization of payments.
Theme 3 - Modernizing the Financial Sector Framework
- The Department of Finance rely on the existing well-established legislative and regulatory framework and bank practices that serve to manage potential conflicts of interest, including conflicts that may arise as a result of interlocking directorates, rather than prescribing new requirements to regulate interlocking directorates for banks.
- The Department of Finance increase the size threshold above which banks must have 35 per cent of their voting shares publicly listed from $2 billion in equity to $5 billion in equity. Banks that exceed the threshold and subsequently fall below it should no longer be subject to the requirement. FRFIs which are the subsidiary of another FRFI that satisfies the public float requirement under its governing legislation should be explicitly exempt from the requirement.
- The Department of Finance implement its proposal to provide a written update to an applicant when they are involved in a financial transactions application process.
- The Department of Finance increase the threshold for specialized financing activities to at least $500 million.
- The Department of Finance remove the restriction on FRFIs acquiring, by way of specialized financing activities, an entity that acts as an insurance broker or agent in Canada. If restrictions are removed to a Bank’s investment authority, corresponding changes are made to the Specialized Financing Regulations.
- The Department of Finance maintain specialized financing activities thresholds in regulations (as opposed to in guidelines).
Theme 4 - Adapting to Geopolitical Risks
- The Department of Finance, when considering the establishment of an oversight committee specializing in financial sector risks related to integrity and security, including national security (which the CBA is supportive of), carefully consider the mandate of existing committees and supervisory authorities, including that of the Financial Institutions Supervisory Committee (FISC) to ensure that any additional measures to enhance the oversight of financial sector risks related to integrity and security avoid any potential overlap or conflict with other initiatives, requirements, or measures. A priority for any additional measures should be facilitating the sharing of information related to integrity and security, including national security, among financial institutions (with appropriate anti-trust safeguards and safe harbour protection for participating institutions), as well as the sharing of intelligence and other information from the public sector to banks. The Department of Finance should further consult with the banking sector, OSFI, and other stakeholders prior to implementing any such additional measures.
- The Department of Finance and OSFI consult further with the banking sector on certain aspects of the proposed enhancements to compliance authorities (which the CBA is supportive of) to help ensure they are implemented in a reasonable manner.
Theme 5 - Upholding World-Class Regulation
- Federal and provincial regulatory authorities increase their cooperation and coordination to address potential gaps in regulations that could be exploited by actors in the financial marketplace. This coordination could be achieved by building on the Department of Finance’s long-standing process for consultations with provinces and territories by including consumer protection matters as an area for consideration to ensure better awareness and alignment. This includes having the federal Department of Finance play a leadership role by developing model financial consumer protection standards for unregulated or under-regulated financial service providers (such as e-commerce platforms and similar entities) for provincial and territorial adoption, and work with provinces and territories to adopt these standards.
- Federal and provincial regulatory authorities adopt a regulatory framework that adheres to the principle of "same activity, same risk, same regulation" to ensure actors that engage in equivalent activities as banks are subject to the same rules and oversight.
- Policymakers, regulators and international partners involved in ongoing digital and data initiatives such as regulatory oversight of AI and consumer-driven banking increase their coordination to ensure a degree of harmonization between legislative and regulatory frameworks.
- The Department of Finance, along with its federal financial regulatory partners (OSFI, CDIC, FCAC, Bank of Canada, and FINTRAC) increase their cooperation and coordination, including coordinated periodic announcements on likely forthcoming regulatory actions.
- The Department of Finance effectively manage a whole-of-government approach, including sufficient consultation timelines and clear communications regarding the policy intent that supports amendments, as memorialized through regulatory impact analysis statements or other formal mechanisms, for future changes to the AML regime.
- The Department of Finance, along with its federal financial regulatory partners (OSFI, CDIC, FCAC, Bank of Canada, and FINTRAC) implement cost-benefit and post-implementation impact analyses as tools to determine whether market intervention is justified and the impact of that intervention. Federal financial regulatory partners should consider working with their provincial counterparts to design a consistent and coordinated approach to such analyses of financial regulation.
- The Department of Finance, along with its federal financial regulatory partners (OSFI, CDIC, FCAC, Bank of Canada and FINTRAC) as well as Global Affairs Canada (GAC) consult, whether formally or informally, with sectoral stakeholders on international issues. Furthermore, a mechanism should be implemented where participants can obtain updates as to what was discussed at such meetings and an opportunity to provide feedback to help inform Canada’s positioning and engagement in these international dialogues.
- The Department of Finance proceed with its proposal of information sharing by the federal government about integrity and security risks. Timely notification and information from law enforcement or intelligence agencies about known threats of foreign interference, undue influence, or malicious activity will empower FRFIs to act, where appropriate, to help mitigate such risks. Timely guidance on recent and emerging typologies or indicators of foreign interference, malicious activity, or undue influence, including relevant information as to tactics, techniques, and procedures, will be most helpful.
- The federal government prioritize a federal approach to any AI legislative and regulatory framework and promote harmonization across provinces to ensure Canadians continue to benefit from consistent privacy and other protections across jurisdictions and, importantly, avoiding duplicative, or conflicting obligations by consulting impacted stakeholders extensively in the creation of any requirements for AI systems.
- The federal government promote a flexible, risk-based AI framework that avoids any duplication or overlap with other frameworks and does not impede innovation or the ability of Canadian organizations to compete globally.
- The federal government, when developing a strategy to mitigate risks posed by AI systems, consider how certain well-intentioned measures may disincentivize innovation, including making it difficult for vendors to sell or license AI systems to Canadian organizations or for Canadian organizations to adopt third-party AI systems. The federal government additionally should consider how proposed measures may result in the disclosure of sensitive or otherwise confidential information and introduce risks (e.g. compromising the efficacy of AI systems, exposing exploitable information related to critical systems) that may not be balanced with the benefits such disclosure is intended to provide.
Introduction
The CBA is grateful for the opportunity to contribute to the government’s consultation paper on the third phase of the review of Canada’s federal financial institutions statutes (the Bank Act, the Insurance Companies Act, and the Trust and Loan Companies Act, referred to as the financial institutions statutes), and related legislation and policies. The CBA is the voice of more than 60 domestic and foreign banks that help drive Canada’s economic growth and prosperity. We advocate for public policies that contribute to a sound, thriving banking system to ensure Canadians can succeed in their financial goals.
We have already contributed to the first two phases of the review process: the Consultation on Upholding the Integrity of Canada’s Financial Sector1 and the Consultation on Strengthening Competition in the Financial Sector2. Our third submission both addresses the new questions that Finance has raised while reinforcing feedback the CBA has previously provided in these earlier submissions.
Banking Sector’s Economic Contributions
Canada’s banks have a longstanding and continuing record of supporting our country’s economy and investing in our communities. In 2023, banks contributed over $70 billion (or 3.5%) to Canada’s GDP; paid approximately $15 billion in taxes to all levels of government; and generated over $28 billion in dividend income that went to Canadian seniors, families, pensions, charities, and endowments. The sector has invested approximately $120 billion in technology across Canada over the last decade and operates a network of over 5,600 branches and 18,600 automated banking machines (ABMs) across Canada, providing accessible, affordable, and competitive banking services. The banking sector employs close to 300,000 people, a workforce represented by women (55%) and self-identified visible minorities (43%), highlighting a workforce that is inclusive, equitable, and talent-driven.
Banks also play an important role in the household and business financing ecosystem. According to CBA statistics, at the end of 2023, banks in Canada have lent, in total, more than $1.61 trillion in residential mortgages and authorized nearly $1.8 trillion in business credit, of which $286 billion was authorized to support small- and medium-sized businesses (SMEs). Since 2010, on average, 87% of small business debt financing requests have been approved annually in Canada.3
State of Competition in the Financial Sector
Technology has facilitated the entry of, and allowed for greater scale for, bank and non-bank financial sector companies, thus increasing competition and competitive intensity in the sector. Because of this increased competition, financial sector companies are incorporating technology into their business models to improve the customer experience. As a result, competitive intensity within the financial sector has increased, with contestability for the financial consumer never being higher.
Banks compete against each other and other established players such as provincial credit unions and caisses populaires, government-owned deposit-taking and finance institutions, life and health insurance companies, general insurance companies, trust companies, mutual funds, securities dealers, pension managers, investment advisers, and specialized finance companies – all of whom are leveraging digital financial technologies and innovative business models to varying degrees.
In addition, the banking sector as well as other established financial sector companies are part of an ever-expanding ecosystem of new entrants emerging in the competitive landscape. The combination of maturing digital technology, steady growth and adoption of e-commerce, and a strong investment climate for innovative business models has fostered the growth of new types of financial sector fintech firms such as payment services providers, buy-now-pay-later companies, digital currency exchanges, robo-advisors, and other business models that were never contemplated when most of Canada’s financial sector legislative architecture was designed. According to Tracxn, there are more than 4,500 of these firms in Canada as of August 2024.4
Furthermore, large multinational technology companies with growing access to consumer data are increasingly expanding their presence into the financial services marketplace. These global technology giants are becoming central players in the Canadian financial sector, yet they are not subject to the robust bank regulatory framework that helps keep the sector, and Canadians, secure. These companies engage in equivalent activities as banks, carrying equivalent risk, and should be subject to the same regulations based on the principle of ‘same activity, same risk, same regulation’. Further, these new, large entrants are not hindered by outdated rules around information technology and electronic communications that exist under the Bank Act. The CBA has elaborated on its views in the Section addressing Enhancing Federal, Provincial, and Territorial Collaboration.
Theme 1 - Supporting a Competitive Market Structure and Expanding Consumer Choice
Preventing Consolidation Among Large Banks
The CBA addressed the topics of competition and merger review extensively in its March 2024 submission to Finance Canada in response to the Finance consultation on Strengthening Competition in the Financial Sector.5 In that submission, we highlighted that the Competition Bureau’s framework already allows for a detailed, evidence-based analysis of the impacts of a proposed merger on competition, which applies to all sectors including the banking sector. June 2024 amendments to the Competition Act have made it easier for the Competition Bureau to challenge mergers that exceed statutory market share and concentration-based presumptions. No further change is required to the Competition Act merger review process, which is sector-neutral and principles-based and has withstood the test of time since it became the law of Canada in 1986.
The CBA’s views remain unchanged – Canada has a robust competition law framework that applies across industries, and banking should be subject to the same treatment as other sectors of the economy. Insofar as additional transparency or scrutiny is desired, that enhanced level of review is already provided for in the existing large bank merger review guidelines that require the House of Commons Finance Committee and Senate Banking Committee to hold hearings on large bank merger proposals.
Recommendation: The federal government should subject the banking sector to the same treatment as other sectors of the economy and refrain from layering additional sector-specific measures on top of that. Insofar as additional transparency or scrutiny is desired, that enhanced level of review is already provided for in the existing large bank merger review guidelines that require the House of Commons Finance Committee and Senate Banking Committee to hold hearings on large bank merger proposals.
Strengthening the Ministerial Approval Application Process
The CBA believes that changes to the merger review process are not needed and, indeed, could have negative unintended consequences. The current review processes are well designed to address any considerations relating to a merger or acquisition transaction. This includes a review by the Competition Bureau for competition concerns, an assessment by the Office of the Superintendent of Financial Institutions (OSFI) regarding prudential matters, and finally, a broader review by the Minister of Finance that can touch on any public policy matter that relates to the “best interests of the financial services system in Canada.” As noted in the consultation document, there is also a capacity for public consultations to be undertaken. In our view, public authorities are best positioned, including with the resources, expertise, experience, mandates, governance, and authority, to undertake comprehensive consultation processes where needed. As has been previously noted by the government, the current merger review process is well designed to ensure that public interest considerations are appropriately taken into account:
The Government agrees that the banks are best positioned to decide whether a merger makes good business sense. But given their special status and role in the Canadian economy, the public policy issue is whether a merger is in the public interest and how Canadian consumers and businesses will benefit from a merger. The Minister of Finance is the steward of the public interest in the review of mergers involving financial institutions and is responsible for the policy framework for the financial sector in Canada. The Minister has a continuing responsibility to ensure that domestic capital markets are functioning effectively. The Government believes that the public interest considerations in the merger context reflect these roles and responsibilities.6>
Given these considerations, we do not believe that any additional benefit could be gained by requiring firms involved to undertake some sort of separate public consultation process, or indeed how this could be designed or completed.
Beyond the question of need, the proposal to strengthen the ministerial approval application process could trigger significant uncertainty and new costs for firms that would act as a disincentive from either opting to become federally-regulated financial institutions (FRFI) or from exploring options to grow within that space. It is in the interest of the Government of Canada, the financial sector, and Canadian consumers to have financial services enter the federally-regulated space by obtaining a federal banking license, and for those firms to be able to grow. This promotes financial stability, transparency, and consumer protection. A blanket requirement for applicants to hold public hearings may have a chilling effect because it creates an added layer of cost, uncertainty, and delay.
In addition, given the myriad of potential applicants (existing FRFIs, provincially-regulated and/or -licensed FIs, foreign banks seeking to enter the Canadian market, non-financial firms seeking to enter the banking space, fintechs seeking a federal banking license, etc.) and application types (new licenses, acquisitions, changes, business combinations, etc.), it is highly unlikely that a uniform list of criteria for establishing what constitutes a “material public interest consideration” could be developed that would not create some instances of misapplication. Materiality is by its nature a term that is subjective and context-dependent. Therefore, rather than trying to codify a specific materiality test and associated set of measures, the CBA recommends that the Minister assess on a case-by-case basis whether applications merit some enhanced form of engagement such as public hearings as part of the Minister’s approval process. This would allow for the decision to be made after dialogue with the applicant(s) and would ensure that it considered the nature and context of the application.
Recommendation: The Minister of Finance should assess on a case-by-case basis whether Ministerial applications merit some enhanced form of engagement such as public hearings as part of their approval process.
Facilitating the Growth of Federal Credit Unions
As the CBA highlighted in its March 2024 submission to Finance Canada7, the CBA has long supported the federal credit union regime option. The regime was created to support growth, consumer choice, and seamless expansion of the Canadian credit union system across provincial boundaries and to do so within an appropriate prudential framework that protects the safety and soundness of Canada’s financial system. Credit unions that choose to be federally regulated benefit from a robust prudential framework based on the bank model and have the freedom to expand across provincial borders while recognizing the unique cooperative elements of credit unions.
Consideration should be given by the federal government, notably the Department of Finance and OSFI, to facilitate a scenario in which a federal credit union would like to merge with or acquire a provincially regulated credit union. While these transactions are generally permissible under the current framework, the legislation and the regulatory process should be reevaluated to facilitate a process that can be completed by credit unions in a timely manner and where the expectations for both parties are clear, transparent, and proportionate to the transaction’s risks. This would include updated expectations as to what is required by both entities, including information and disclosure requirements as well as OSFI’s expectations for its review of the transaction. This would also include updates to the Bank Act to ensure that:
- The requirements (including approvals) are proportionate to the transaction. Specifically, an amendment to the Bank Act to provide for a streamlined process for continuance for the purposes of amalgamation and, in particular, removing requirements for the federal credit union to obtain approval from members and shareholders where the provincial credit union it is merging with is smaller than the federal credit union based on a defined threshold (i.e., below 50%).
- Transitional provisions are available for credit unions regardless of the legal structure chosen for the transaction (e.g., amalgamation or asset purchase). Specifically, the Bank Act and CDIC Act should allow the same transitional relief in this context that is available to credit unions that have followed a continuance process.
- The process for a federal credit union to acquire the assets of a provincial credit union and for the provincial credit union’s members to become members of the federal credit union is clear and does not create tax exposure to credit unions or members that is inconsistent with comparable transactions between provincial credit unions. Put another way, credit unions need to be confident that the merger has the same tax outcome as comparable mergers in the provincial context and, in particular, confidence that members will not be exposed to tax as a result of the transaction.
Such updated expectations would be beneficial to a competitive and stable financial system.
Recommendation: The Department of Finance should reevaluate the legislation and the regulatory process to facilitate federal credit unions merging with or acquiring a provincially regulated credit union so that expectations for both parties are clear, transparent, and proportionate to the risks of the transaction, in order for the transaction to be completed in a timely manner.
Leasing Automobiles to Retail Consumers
As a general note, the banking sector supports measures that increase competition and offer consumers more choice. The CBA would appreciate the opportunity to engage in further discussions with Finance on this topic to better understand Finance’s views, namely on what the potential negative impact on the current market structure might be, and what is being considered in connection with the potential requirement to obtain the agreement of the auto manufacturer.
Recommendation: The Department of Finance and the banking sector engage in further discussions on the topic of auto leasing to better understand Finance’s views on what the potential negative impact on the current market structure might be, and considerations in connection with the potential requirement to obtain the agreement of the auto manufacturer.
Theme 2 – Enhancing Consumer Protections
Preventing Financial Fraud
Preventing or Delaying Potentially Fraudulent Transactions
Banks are leaders in preventing and detecting fraud.8 Banks regularly detect and suppress fraud while also continuously improving their fraud detection to respond to an evolving digital banking landscape.
It is important to recognize the legal requirements of banks in carrying out instructions from their customers. Banks have both legal and contractual obligations to honor their customers’ instructions and act on them so long as the customer has sufficient funds available, either on credit in their account or by borrowing them. Banks are entitled to treat their customers’ instructions as presented (i.e. at face value), after taking reasonable steps dependent on contractual obligations. It is a recognized principle in banking law that financial institutions should not unduly interfere in the internal affairs of their customers.
If banks were required, among other things, to conduct extensive enquiries of their customers’ instructions, their obligations would therefore extend far beyond the legal scope of banks’ role, causing them to no longer act as mandataries of their customers, as the law provides. Even done in good faith, this can cause significant inconvenience and frustration for customers. It would effectively put banks in the position of fiduciaries.
Furthermore, requiring banks to prevent or delay transactions and consult with customers to confirm transactions would be impractical and detrimental to the efficiency of Canadian payment systems, negatively impacting Canadian banks’ competitiveness both domestically and internationally, and, more generally, the Canadian economy. The potential for pausing transactions must also be considered in the context of ongoing efforts to modernize Canada’s payments system. As we move towards real-time payments, such as with the implementation of the Real-Time Rail (RTR), slowing down transactions is at odds with the move to modernize the payments system.
Recommendation: The Department of Finance should not mandate the delay of transactions for the purposes of fraud or scam mitigation.
Allowing Consumers to Adjust Account Capabilities
Banks share the government’s goal of reducing fraud. However, allowing customers to adjust account capabilities would not be the most effective fraud mitigation.
When contemplating potential fraud mitigation, it should also be considered how fraud is carried out and how fraudsters react to fraud controls. For example, in cases where a fraudster gains access to a client’s account (i.e. account takeover), the fraudster would be able to adjust limits within the account as well as turn on functionality if it had been turned off. This would render any account capability adjustments made by the consumer ineffective.
Importantly, many instances of fraud occur outside of the financial sector’s purview. As seen in other jurisdictions such as Australia, an effective mitigation approach requires collaboration between public and private sectors to holistically address and reduce the occurrence of fraud.9
Recommendation: The Department of Finance focus on reducing the occurrence of fraud through a strong collaborative effort between public and private (e.g., banks, telecommunication providers and online platforms) sectors.
Increasing Transparency and Accountability for Financial Fraud
Banks are Leaders in Detecting Fraud/Scams and Protecting Consumers
Banks are recognized for their leading fraud prevention practices and their strong investments in technology and security measures.
Privacy and protection of clients’ personal information is, and always has been, a cornerstone of banking. Given the nature of the services that banks provide to millions of Canadians, banks are trusted custodians of significant amounts of personal information. Banks take their responsibility to protect customers’ information very seriously and are committed to meeting not only the requirements of privacy laws but also the expectations of customers.
Banks work closely with each other and with regulators, law enforcement, and all levels of government to continuously share best practices and information to address the evolving challenges of fraud. Banks also make significant efforts and investment in educating consumers about fraud and how consumers can protect themselves.
Banks have long recognized their role in supporting and strengthening the financial literacy of Canadians. The CBA and its member banks administer or support several programs in communities across the country to help Canadians strengthen their financial knowledge, skills, and confidence. The industry does this by:
- Providing financial support and volunteers for a variety of financial literacy programs run by educational and not-for-profit groups;
- Creating financial education programs and services for customers and the general public;
- Dedicating financial and volunteer support for not-for-profit credit counselling agencies; and
- Educating customers about safe online practices and how to distinguish between legitimate requests and attempted fraud.
Given that banks are already leaders in financial literacy, fraud detection, and prevention, and that banks work collaboratively with other parties, requiring banks to meet additional requirements could potentially take away from existing and growing efforts and resources dedicated to improving fraud detection. Furthermore, as fraud is a rapidly evolving field, it would be a significant challenge for requirements to evolve quickly enough to keep pace with the environment. A regulated standard could hinder continuous innovation and improvement of fraud prevention capabilities.
The Need for Cross-Sectoral Support to Develop a Made-in-Canada Anti-Scam Action Plan
Similar to other jurisdictions, scams in Canada have surged in recent years. While the Canadian Anti-Fraud Centre (CAFC) reported $569 million in losses for 2023, we estimate that the true annual impact is around $11 billion CAD, or 0.53% of GDP. This rise is driven by increasingly sophisticated scams targeting vulnerable populations, such as the elderly and youth. There is also significant underreporting and inadequate investigation of fraud across sectors, with only 12% of reported cases investigated and about 2% resulting in convictions.
Addressing the challenge of the rise in scams requires a unified effort from various sectors. The focus should be on reducing the number of scams Canadians are dealing with, rather than reassigning liability. Lessons learned from other countries, such as Australia, demonstrate that voluntary cross-sector public-private anti-scam initiatives have helped create safer environments for consumers.
In response to the rising rates of scams, on July 16th, 2024, the CBA convened 71 leaders from diverse sectors at an Anti-Scam Roundtable. The objective was to adopt global learnings and to drive collective action to combat scams. The roundtable focused on understanding scam impacts, exploring existing capabilities and priorities, and promoting stakeholder alignment.
Learnings from the Roundtable included that Canada has a solid foundation with ongoing investments in multi-factor authentication, ID verification, call blocking/labelling, and transaction monitoring. However, there are opportunities to make progress in data and intelligence sharing, security technologies/capabilities, reporting mechanisms, public education, and cross-sector collaboration. To make progress in these areas an anti-scam alliance has been established. This alliance, with workstreams involving cross-sector and public-private participants is working toward the development of a comprehensive anti-scam action plan to enhance protections for Canadians.
Recommendation: The Department of Finance support a cross-sector anti-scam alliance effort to address the ever-evolving and accelerating threats of scams and fraud, and the creation of a made-in-Canada anti-scam action plan.
Unauthorized Transaction and Consumer Liability Limits
An unauthorized transaction refers to cases of fraud where the consumer has not provided instructions and has not contributed to the unauthorized use of their card, PIN, or account. Debit/credit card theft or account takeover by a malicious actor are examples of situations that may lead to unauthorized transactions. Unauthorized transactions may also occur as a result of someone’s identity being stolen, which allows the fraudster to make transactions without the individual or business’ knowledge or consent.
Consumers are generally protected in cases of unauthorized transactions at their banks under provisions in the Bank Act,10 Codes of Conduct (including the Canadian Code of Practice for Consumer Debit Card Services (Debit Card Code)),11 zero liability protections for credit cards, and banks’ consumer protection policies, provided there is no gross negligence on the part of the consumer. Determination of liability should be completed on a case-by-case basis after investigation12 and take into consideration multiple factors, such as the type of payment method, the fraudster’s approach to conduct fraud, and the consumer’s role in adequately protecting their product and credentials. The CBA would therefore question the need to introduce a limit for consumer liability.
A maximum liability threshold could have unintended consequences, such as impacting access to credit for some consumers. In addition, introducing a maximum liability threshold could also create an uneven playing field, favoring larger institutions with more resources to absorb potential fraud losses. We urge Finance to carefully consider these potential consequences before implementing a maximum liability threshold. A more balanced approach that considers individual circumstances, encourages responsible consumer behavior, and fosters innovation within the industry would be more effective in the long run.
A threshold could also lead to an increase in fraud cases because consumers may not feel a responsibility to limit or stop the fraud in cases where they are accountable (such as shared passwords, PINs, one-time verification codes, and cards); this could also lead to possible abuse of the system by clients. We reiterate the need for effective consumer education to stop fraud at the source.
Banks should not be absorbing all the risk associated with fraud over a certain threshold as many instances of fraud occur outside of the financial sector’s purview (e.g., via SMS), and not all factors leading to fraud are entirely within the control of banks. It should be noted that there are also constraints on banks in relation to the technologies and tools that they are permitted to deploy to detect and prevent fraud (e.g., requirements under privacy law with respect to consent for collection and use of biometric data, such as mandatory fingerprint or eye scans).
A liability cap would also have unintended consequences for the reporting and prosecution of crime as it would likely disincentivize the reporting of fraud. If consumers are refunded for losses associated with fraud, it is unlikely that they would further report to law enforcement. This can amplify the severe underreporting of fraud that already exists today and further negate the ability to effectively prosecute fraudsters and stop fraud at the source.
Recommendation: The Department of Finance does not impose additional or new maximum liability thresholds and focus its efforts on reducing the occurrence of fraud and scams through a strong collaborative effort between public and private sectors rather than shifting liability associated with fraud and scams.
Collecting and Reporting Data on Fraud/Scams
The industry supports the collection and reporting of data and notes the importance of clearly defining what constitutes fraud in order to support more effective data collection.
Underreporting of scams is a significant issue in Canada, with only about 5-10% of incidents being reported according to the Canadian Anti-Fraud Centre (CAFC).13 It is therefore important that Canada make significant progress on reporting of fraud/scams and that the CAFC has sufficient resourcing and capacity to do so.
Effectively tackling the scam epidemic in Canada requires a concerted effort from both the private and public sectors, necessitating collaboration across these sectors as most scams are initiated outside the purview of the financial sector (e.g., telecommunications, online platforms). For example, a scam may arise through a telephone impersonation and might not compromise a consumer’s bank account. Banks would not have this data. A key element of this is sharing data on a common platform. The establishment of an effective data-sharing framework should be rooted in a culture of cooperation.
Given that fraud/scams involve sectors outside of the Financial Consumer Agency of Canada’s (FCAC) purview (e.g., telecommunications), we believe that the CAFC would be better placed to support holistically addressing the growing rate of fraud and scams. Enhanced reporting to CAFC would also support law enforcement in the prosecution of fraudsters and scammers. Data collected only from banks will not provide complete and accurate information.
Recommendation: The Department of Finance explore alternatives to reporting of aggregated fraud and/or scam data to the FCAC. As fraud goes beyond the financial sector, an agency like CAFC would be well-suited to holistically address fraud and scams.
Supporting Consumers When Banks Close Branches
Notices to the Public and FCAC
The decision to close a branch is never taken lightly by banks. It involves the consideration of a number of factors outside of the volume or value of transactions and number of in-person visits, including confidential leasing matters and the construction of new or expanded branches to better serve communities. In every case, there is careful consideration of the impacts to the community, their customers, and employees. Banks provide advance notice of the closure, and consultations take place with members of the community to help ensure that they are aware of the closure and that they will continue to have access to banking services. Branches are only closed after extensive analysis of a full range of factors.14
The industry has invested approximately $120 billion in technology across Canada over the last decade and operates a network of over 5,600 branches across Canada, providing accessible, affordable, and competitive banking services. Branches remain a vital part of the banking services offered in Canada, and the country remains a leader in maintaining their branch networks when compared to other jurisdictions (Chart 1 and Chart 2).
Chart 1: Number of Bank Branches
Chart
1: Number of Bank Branches
Country |
2012 |
2022 |
% Change |
Canada |
6,205 |
5,656 |
-9% |
U.S. |
82,461 |
69,590 |
-16% |
Ireland |
809 |
502 |
-38% |
Australia |
6,631 |
4,012 |
-39% |
U.K. |
11,355 |
6,305 |
-44% |
Netherlands |
2,466 |
1,353 |
-45% |
Sweden |
1,805 |
962 |
-47% |
Source: : Various national bank trade associations
Chart 2: Number of Bank Branches per 100,000 Adults
Chart
2: Number of Bank Branches per 100,000 Adults
Country |
2012 |
2021 |
% Change |
Canada |
24.3 |
20.7 |
-15% |
U.S. |
34.9 |
28.3 |
-19% |
Australia |
30.9 |
24.1 |
-22% |
U.K. |
25.8 |
16.1 |
-32% |
Ireland |
24.5 |
13.5 |
-45% |
Sweden |
21.8 |
11.4 |
-48% |
Netherlands |
19.7 |
9.6 |
-51% |
Source: World Development Indicators, World Bank. 2021 is the most recent year which data is available.
In-person banking, while declining in frequency with the steady growth and adoption of digital banking solutions, remains an available method to conduct a range of transactions, and many Canadians continue to value personal service.
The current Notice of Branch Closure Requirements in the Bank Act (see s. 627.993 – 627.995) provides consumers with a substantial amount of information and ensures that banks provide them with the support they need in cases of branch closures. The proposed additional information Finance is considering requiring banks to disclose in their notices to the public and the FCAC, including detailed rationale for the decision; additional data about the impacted branch, including the volume and value of transactions at the branch and the number of annual in-person visits to the branch; and how that data compares to a bank’s branch average volume and value of transactions and number of in-person visits, is competitively sensitive information. It would be inappropriate to require banks to disclose such information publicly.
Recommendation: The Department of Finance retain the existing notice and information requirements that apply when a bank intends to close a branch, cease opening retail deposit accounts, or teller-based cash disbursals, and refrain from layering additional requirements on top of those that already exist.
Facilitate Customer Account Transfers and Waive Associated Transfer Costs
Banks are committed to meeting their customers’ needs. When a bank closes a branch, it transfers the customer’s personal banking deposit accounts to an alternative receiving branch of the same bank at no fee to the customer.
Further clarification on this question is required as it is not clear if the Department of Finance is referring to transferring accounts to another branch within the bank’s branch network, or, a fee to transfer to another bank or FI and what is meant by “facilitate account transfers.” It is also not clear what products are in scope (deposit accounts only or mortgages, etc.). Approaches may differ depending on what is being referred to.
Recommendation: If the Department of Finance is referring to “facilitating account transfers” to another branch outside of the bank’s branch network (e.g., to another bank or FI) and/or capturing products and services other than deposit accounts, this should be clarified. If this broader scope was intended, the sector would welcome further consultation and discussion on this topic before any legislative or regulatory changes are made.
Enhancing Bank Reporting on Branch Networks and Closures
The significant level of detail that banks are currently required to publish in their annual public accountability statement is sufficient to inform stakeholders on how banks make determinations about what branches to maintain. Requiring banks to disclose additional information, including the average volume and value of transactions processed at its branch locations, would result in the exposure of critical inputs in the bank’s retail branch strategy. Exposing such strategic information would constitute a disclosure of competitively sensitive information that could lessen competitive intensity in the sector. For example, disclosing this information could indicate to other banks that branch volume and value of transactions is low in a certain location, which could suggest that a branch should not be opened in that location.
The decision to close a branch, as outlined above, is always carefully considered, and it is inappropriate for regulators, policymakers, and researchers to engage in detailed analysis of a bank’s decision to close a branch. It is also worth noting that the CBA already provides aggregated data on branch networks to the public on its website.15
Recommendation: The Department of Finance should retain the existing requirement to publish an annual public accountability statement that includes the addresses of the branches opened and closed by the bank during the course of that year and refrain from expanding data-reporting requirements for banks with respect to their branch networks.
Clarifying Rules for Opening Deposit Accounts Outside of Bank Branches
Banks are strongly committed to providing access to basic banking services in accordance with section 627.17 of the Bank Act. This section does not contemplate the opening of a bank account online and was drafted on the assumption that bank accounts would only be opened at a point of sale or a branch. While the CBA understands Finance’s desire to expand this access to digital channels, it is not clear if the current identification requirements used to verify the identity of the consumer in a face-to-face channel can easily be translated to the digital space. Banks may vary in their ability to offer account opening through every channel to all clients. For example, verification of certain types of identification may only be possible in-branch to manage fraud risk. With digital identity theft being a rising trend in Canada, it is important that identification requirements for any new services provided through a remote channel be carefully considered.
The requirements should also be aligned with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) requirements with any necessary changes to the Bank Act. For example, the wording “where the point of service or branch is located” may have to be removed from subparagraph 627.17(1)(a)(ii) of the Bank Act: “if the person’s identity is also confirmed by customer in good standing with the member bank or by a natural person of good standing in the community where the point of service or branch is located” to give banks the requisite flexibility to open a deposit account through digital channels in such cases. In addition, as noted above, drafting changes would likely be required to the opening paragraph of section 627.17 of the Bank Act as it was drafted on the assumption that bank accounts would only be opened at a point of sale or a branch. The sector would welcome further consultation and discussion on this topic before any legislative or regulatory changes are made.
Recommendation: The Department of Finance carefully consider how the application of branch and physical points of service as it relates to retail deposit account opening requirements to digital channels could be done. While banks are not opposed to this policy, managing the possibility of increased fraud should be a primary consideration.
Immediate Access to Funds Deposited by Cheque
Currently, Canadian consumers have same day or next business day access to the first $100 of funds deposited by cheque into their bank accounts, regardless of the customer and the means, whether over the counter, ATM, or mobile application.
As access to the first $100 of deposited funds is provided immediately to consumers (subject to limited exceptions), banks are currently exposed to potential losses as the cheque clearing process has not been completed at the time funds are made available to the consumer. Funds deposited by cheque are not guaranteed funds. When a cheque is deposited, until the cheque clearing process has been completed in accordance with the timeframes set out under Payments Canada’s rules, a bank has no assurance that: (i) there are funds available in the payor’s bank account, (ii) if the payor’s bank account is still open, or (iii) if the payor has requested a stop payment on the cheque. The current regulatory requirements balance the need of consumers to access funds with the need to ensure the safety and security of banks and of the banking system by limiting potential losses in cases of fraud or where the cheque is returned due to insufficient funds. These requirements also help banks protect consumers and merchants (e.g., in cases where a fraudster convinces a consumer or merchant to deposit a cheque that the fraudster has no intention of honouring).
Similarly, with respect to the maximum cheque hold periods, the current timeframes under the Bank Act align with the cheque clearing process set out under the Payments Canada rules. While there have been technological advancements in banking generally, cheques are a legacy payment system, and there have not been changes to the timeframes set out under the Payments Canada rules since 2012. Accordingly, the maximum cheque hold periods under the Bank Act should not be lowered as this would make them out of alignment with the Payments Canada cheque clearing process.
Currently, under the Bank Act, the maximum length of time a bank may put a hold on a cheque is based on: (i) the amount of the cheque ($1,500 or less or more than $1,500), and (ii) how it was deposited (in person or any other way – e.g., at an ATM). These are important parameters to maintain as the amount of the cheque directly ties to the potential monetary losses a bank could incur were the cheque not to clear. Moreover, additional processing time may be required if a cheque is deposited in a non-face-to-face channel as that cheque can be deposited outside the daily clearing cut-off times, and therefore the cheque clearing process does not start until the next business day.
These restrictions were adopted after carefully considering the need of consumers to access funds to help ensure the safety and security of banks and of the banking system by limiting potential losses in cases of fraud or where the cheque is returned due to insufficient funds. They also reflect the high accessibility and low cost of banking services in Canada.
As Finance has recognized, the use of cheques is on the decline with a 45 per cent decrease over the past five years according to Payments Canada. Cheques are losing volume to card and electronic payment types. The CBA believes the Government should focus its efforts on encouraging the use of more modern payment methods. Increasing the amount of funds immediately available when cashing a cheque via any means and lowering the maximum cheque hold period is inconsistent with payments modernization efforts and will result in more fraud and greater losses that will negatively impact consumers, banks, and other stakeholders. Increased cheque fraud will also erode consumer trust in the banking system.
Recommendation: The Department of Finance maintain the current limits for immediate availability of funds when cashing a cheque to limit potential fraud losses, help protect consumers and merchants, and support the modernization of payments.
Theme 3 - Modernizing the Financial Sector Framework
Prohibiting or Restricting Interlocking Directorates in the Financial Sector
While the Bank Act does not specifically address the practice of interlocking directorships, it does establish a general duty of care that includes a requirement for directors to “act honestly and in good faith with a view to the best interests of the bank” (ss. 158(1)). In addition, the Bank Act requires the directors of a bank to establish procedures to resolve conflicts of interest (s. 157) and includes a number of provisions that address conflicts of interest (sections 202-206), This includes requirements for directors to disclose conflicts in certain situations (s. 202) and abstain from director meetings or voting on transactions relating to these conflicts (s. 203). The Bank Act also prohibits banks from entering into certain transactions with its directors (Part XI – Self-Dealing).
This general duty and the related restrictions regarding conflicts and self-dealing are underpinned by, among other things, guidance issued by the OSFI that requires banks to adopt formal conflicts of interest policies and procedures6, conduct background checks on directors and senior officers with respect to conflicts of interest17, and implement a board director independence policy that “considers, among other factors, the specific shareholder/ownership structure of the [bank]”.18
The above-referenced existing statutory duties and prudential regulatory framework is further supported by an expectation among bank stakeholders for banks to ensure that their board meets this duty of care. This includes recommendations from proxy advisory firms for shareholders to withhold votes in certain circumstances involving interlocking directorates.19
Banks in Canada have responded to these regulatory and stakeholder expectations by implementing formal interlocking directorate policies or independence standards as an integral part of mitigating potential conflicts of interest and adopting sound corporate governance practices. These typically include tests to assess a director’s independence, and promote independence by:
- Limiting or providing guidance on board members serving on multiple boards of public companies; and/or,
- Implementing a monitoring mechanism to review the impact of any board interlocks or outside directorships to ensure that they do not compromise a director’s ability to operate with independent judgment.
In addition, banks are advocates for strengthening the degree to which their boards and senior management teams reflect the clients and communities they serve. For many years, banks have been recognized leaders in promoting diversity, equity and inclusion throughout their organizations, including at the board level.
In light of the above existing regulatory framework and bank practices, the CBA is strongly of the view that prohibiting or restricting interlocking directorates within the financial sector is unnecessary and risks the unintended consequence of further complicating the board recruitment process by adding an additional constraint to the process. Existing requirements for bank board members currently include:
- A majority of the directors on the board, including the Chief Executive Officer, must be resident Canadians.
- OSFI’s Corporate Governance Guideline specifies there should be appropriate representation of financial industry and risk management expertise at the board and board committee levels.
- Bank Act limits in respect of the number of affiliated directors on the board (sections 162 and 163).
- Banks must ensure that relevant board members and employees have expertise in risk management and compensation based on the Principles for Sound Compensation adopted by the Financial Stability Board.20
- OSFI Guideline E-17 requirements – Background Checks on Directors and Senior Management.
- OSFI’s new Integrity and Security Guideline.
Adding further constraints to the director onboarding process risks further limiting the available pool of qualified candidates for directors. It may also make the recruitment process especially challenging for small- and medium-sized banks by further shrinking the already smaller pool of talent available to them.
The contemplated scope of the prohibition or restrictions, as set out in the Consultation Paper, is problematically broad, potentially precluding a bank director from serving as an employee, executive, partner, owner or director of another “firm” or having another interest in the business of that second “firm” if such “firm” is engaged in any way in the “financial sector”. The term “firm” is not defined and “financial sector” is a term that extends well beyond banks and does not take into account the safeguards banks have implemented to manage potential or actual conflicts of interest.
We are not aware of compelling policy reasons to create new requirements on this topic. As noted in recent commentary from Torys LLP:
We are uncertain why additional restrictions on interlocking directors are necessary since the requirement to establish conflict of interest policies established in 1992 has been very effective and at that time replaced certain restrictions on interlocking directors.21 (Emphasis added.)
We also note that interlocking directorates has not been an area of particular focus or concern from a prudential regulatory perspective.
Recommendation: The Department of Finance rely on the existing well-established legislative and regulatory framework and bank practices that serve to manage potential conflicts of interest, including conflicts that may arise as a result of interlocking directorates, rather than prescribing new requirements to regulate interlocking directorates for banks.
Updating Public Holding Requirement Thresholds
The Bank Act requires a bank with more than $2 billion but less than $12 billion in equity to have shares with at least 35% of the voting rights listed and traded on a recognized stock exchange and not held by any major shareholders. This threshold was initially $750 million in 1992, then was increased to $1 billion in 2001 and to $2 billion in 2007. The CBA believes that the threshold should be increased to at least $5 billion in equity. There should also be an ability for a bank that exceeds the threshold to subsequently fall below in the future and no longer be subject to the restriction. In addition, we believe that there should be an explicit exemption for a FRFI which is the subsidiary of another FRFI that satisfies the public float requirement under its governing legislation, as we do not believe there is a policy reason to require such institutions to seek a statutory exemption from the Minister.
Recommendation: The Department of Finance increases the size threshold above which banks must have 35 percent of their voting shares publicly listed from $2 billion in equity to $5 billion in equity. Banks that exceed the threshold and subsequently fall below it should no longer be subject to the requirement. FRFIs which are the subsidiary of another FRFI that satisfies the public float requirement under its governing legislation should be explicitly exempt from the requirement.
A More Transparent Financial Transactions Application Process
The CBA agrees with the proposal to provide a written update to an applicant. The lack of clarity on the status of an application or the timing of an approval can create uncertainty for applicants. The written update to an applicant should describe what the process is that remains as well as the outstanding issue(s).
Recommendation: The Department of Finance implements its proposal to provide a written update to an applicant when they are involved in a financial transactions application process.
Updating Statutory Thresholds
The $250 million investment threshold applicable to specialized financing activities should be materially increased, as that threshold was implemented over 23 years ago in 200122. Simply adjusting for inflation as a proxy and using the Bank of Canada calculator,23 the $250 million from 2001 would be today approximately $410 million.
Under the Specialized Financing Regulations, the calculation of the $250 million maximum limit per investment uses the balance sheet value of the investment. The “balance sheet value, in respect of the shares and ownership interests held by an entity, means the value reported on its balance sheet on an unconsolidated basis.” The balance sheet value of an investment made by a specialized financing entity (SFE) can change over time based on the accounting treatment. For example, if the investment increases in value (which obviously is the hope for any investment) the increased value increases the carrying value on the SFE’s balance sheet on an unconsolidated basis and the balance sheet value as defined increases. Given investments could have a life of up to 13 years under the Specialized Financing Regulations there is often a need to ensure the original investment is much lower than the $250 million maximum because of the potential of the investment increasing in value over time. For these reasons, we would suggest an increase to at least $500 million.
The restriction on FRFIs acquiring, by way of specialized financing activities, an entity that acts as an insurance broker or agent in Canada should also be removed. Note the FRFI Acts were amended in 2001 to enable FRFIs to acquire control of, or a substantial investment in, entities that engage in financial services activities (including an insurance agent or broker). However, a corresponding change was not made to the Specialized Financing Regulations to remove the same restriction.
The specialized financing activities limits are contained in regulations, not in the statute. It may be difficult to effectively move this to an OSFI guideline since it is based on government policy, not prudential risk. Given the 5-year review cycle for FRFI legislation, it would not appear to be a significant constraint to keep it in regulations.
In its consultation paper regarding Proposals to Strengthen Canada’s Financial Sector, the Department of Finance refers to considering measures to update “limits on investment powers.” The CBA and its members would appreciate further details and clarification regarding the updates to “limits on investment powers” that are contemplated.
Recommendations:
- The Department of Finance increases the threshold for specialized financing activities to at least $500 million.
- The Department of Finance removes the restriction on FRFIs acquiring, by way of specialized financing activities, an entity that acts as an insurance broker or agent in Canada. If restrictions are removed to a Bank’s investment authority, corresponding changes should be made to the Specialized Financing Regulations.
- The Department of Finance maintains thresholds in regulations (as opposed to in guidelines).
- The Department of Finance provides further details and clarification regarding the updates to “limits on investment powers” that are contemplated.
Theme 4 - Adapting to Geopolitical Risks
Enhancing the Oversight of Financial Sector Risks Related to National Security
The CBA is generally supportive of an oversight committee specializing in financial sector risks related to integrity and security, including national security. Considering the expertise of the Canadian Security Intelligence Service (CSIS) and the Royal Canadian Mounted Police (RCMP), including in relation to national security, threat actors, foreign interference, and terrorist financing, it would be beneficial for CSIS and the RCMP to participate in this oversight committee. A priority for any new measures should be facilitating the sharing of information related to integrity and security, including national security, among financial institutions (with appropriate anti-trust and safe harbour protection to promote active and effective intelligence sharing), as well as the sharing of information from the public sector to banks (including as described in Theme 5, below, under the sub-heading "Sharing of information about integrity and security risks"). Enhancing the ability for financial institutions to share and receive information in the foregoing manner would help support the timely and efficient identification, prevention, and mitigation of geopolitical risks that have the potential to impact the financial sector, such as, for example, international supply chain risks.
Banks are already subject to extensive requirements related to integrity and security including under the OSFI Integrity and Security Guideline and were required to submit by July 31st, 2024 a comprehensive action plan for OSFI’s review, on new and expanded expectations, which includes interim deliverables to achieve compliance in respect of such Guideline.
It is unclear how Finance’s proposed measures, including the establishment of a formal structure to oversee financial sector risks related to integrity and security, will operate within the existing framework and requirements.
To avoid imposing potentially overlapping, conflicting, or cross-purpose regulatory burdens on banks, Finance should further consult with the banking sector, OSFI, and other stakeholders prior to implementing any additional measures.
Recommendation: The Department of Finance, when considering the establishment of an oversight committee specializing in financial sector risks related to integrity and security, including national security (which the CBA is supportive of), carefully consider the mandate of existing committees and supervisory authorities, including that of the Financial Institutions Supervisory Committee (FISC) to ensure that any additional measures to enhance the oversight of financial sector risks related to integrity and security avoid any potential overlap or conflict with other initiatives, requirements or measures. A priority of any additional measures should be facilitating the sharing of information related to integrity and security, including national security, among financial institutions (with appropriate anti-trust and safe harbour protection for participating institutions), as well as the sharing of intelligence and other information from the public sector to banks. The Department of Finance should further consult with the banking sector, OSFI, and other stakeholders prior to implementing any such additional measures.
Enhancing the Minister of Finance and the Superintendent of Financial Institutions’ Compliance Authorities
While the CBA is generally supportive of the proposed enhancements (i.e. the legislative authorities of the Superintendent should refer to an FRFI adhering to policies and procedures to protect itself against threats to its integrity or security, including foreign interference), it will be important for Finance and OSFI to consider the role of CSIS, the RCMP, and other authorities in sharing threat intelligence and other information with banks. For example, it may be difficult for a bank to obtain information on a third-party’s connections to foreign governments (e.g., in the case of widely-held publicly traded companies) without intelligence or other reliable information gathered and shared by law enforcement and intelligence agencies in this regard.
Recommendation: The Department of Finance and OSFI consult further with the banking sector on certain aspects of the proposed enhancements to compliance authorities (which the CBA is supportive of) to support the implementation of such enhancements in a balanced and reasonable manner.
Theme 5 - Upholding World-Class Regulation
Enhancing Federal, Provincial, and Territorial Collaboration
It is imperative that Canada’s financial sector regulatory landscape evolves with increased adoption of technological innovations like AI, new players entering the market, and initiatives such as payments modernization and consumer-driven banking. The regulatory regime needs to foster innovation and competition. It must also ensure Canadians continue to benefit from safe, secure, and reliable financial services while also having consistent protections across jurisdictions and avoiding duplicative, conflicting, or residual obligations.
We encourage federal and provincial/territorial cooperation to help achieve a harmonized set of rules and regulations to help foster innovation and competition in financial services by allowing market participants to more quickly and cost-effectively respond to customer demand by developing and enhancing products and services that are available and consistent in all provinces and territories.
Where there is a robust federal regime, such as the new financial consumer protection framework introduced under the Bank Act, provinces and territories may wish to rely on the federal regime to reduce their own regulatory burden and promote a consistent consumer experience. Where a harmonized framework is lacking, we believe Finance can play a leadership role by developing model financial consumer protection standards for unregulated or under-regulated financial service providers (such as e-commerce platforms and similar entities) for provincial and territorial adoption, and work with provinces and territories to adopt these standards. To the greatest extent possible, the standards should emulate relevant consumer protection regulations to which FRFIs must adhere.
We also encourage greater cooperation and coordination at the federal level, including coordinated periodic announcements on likely forthcoming regulatory actions. There is a multiplicity of initiatives ongoing in federally regulated spaces including in the areas of prudential and market conduct regulation and supervision, payments, consumer-driven banking, housing, competition law, privacy law, deposit insurance, and anti-money laundering. While these initiatives tend to travel on distinct paths, they often converge around the same timelines which adds to complexity, resource burdens, and operational risk for market participants. It is crucial that appropriate prioritization of these initiatives and proper sequencing of key elements within and across multiple projects occurs. This would enable stakeholders to thoughtfully and meaningfully participate in consultations, prepare for regulatory change, and implement pertinent compliance programs in a methodical and timely fashion.
Recommendations:
- Federal and provincial regulatory authorities increase their cooperation and coordination to address potential gaps in regulations that could be exploited by actors in the financial marketplace. This coordination could be achieved by building on the Department of Finance’s long-standing process for consultations with provinces and territories by including consumer protection matters as an area for consideration to ensure better awareness and alignment. This includes having the federal Department of Finance play a leadership role by developing model financial consumer protection standards for unregulated or under-regulated financial service providers (such as e-commerce platforms and similar entities) for provincial and territorial adoption, and working with provinces and territories to adopt these standards.
- Federal and provincial regulatory authorities adopt a regulatory framework that adheres to the principle of "same activity, same risk, same regulation" to ensure actors that engage in equivalent activities as banks are subject to the same rules and oversight.
- Policymakers, regulators, and international partners involved in ongoing digital and data initiatives such as regulatory oversight of AI and consumer-driven banking ensure a degree of harmonization between legislative and regulatory frameworks and continue their engagement between themselves.
- The Department of Finance, along with its federal financial regulatory partners (OSFI, CDIC, FCAC, Bank of Canada, and FINTRAC) increase their cooperation and coordination, including coordinated periodic announcements on likely forthcoming regulatory actions.
A Strong and Predictable Regulatory Framework
Managing AML Regime Changes
The CBA supports the collaborative and consultative approach the Department of Finance has relied on to develop amendments that introduce to the Canadian anti-money laundering (AML) regime, information sharing within the private sector for AML purposes. The Department of Finance has effectively managed a whole-of-government approach, which included sufficient consultation timelines, to develop a critical tool to help industry better detect and deter money laundering (ML) and terrorist financing (TF) activities. The CBA appreciates the Department of Finance’s use of a similar approach on other AML files, including discrepancy reporting for the federal beneficial ownership registry.
Going forward, we encourage the Department of Finance to continue to use this type of whole-of-government approach. Piecemeal reform on an unpredictable cadence undermines the clarity, efficacy, and efficiency of the Canadian AML regime, which is a particular challenge for newly added sectors that require significant regulatory attention and guidance. It also leaves the regime in flux, inhibiting a clear analysis of proposed reforms and undermining a proper understanding of the regime’s strengths and weaknesses and how it should evolve to meet ML and TF risks. Strategic and structured change is needed.
To complement this approach, the CBA also suggests the Department of Finance clearly communicate the policy intent that supports amendments. Clear policy intent, memorialized through regulatory impact analysis statements or other formal mechanisms, assists FINTRAC and reporting entities in understanding and implementing changes as planned. It also helps to ensure the regime remains predictable and does not unintentionally change in ways that create unintended consequences that policymakers and stakeholders have not properly considered.
Recommendation: The Department of Finance effectively manage a whole-of-government approach, including sufficient consultation timelines, and clear communications regarding the policy intent that supports amendments as memorialized through regulatory impact analysis statements or other formal mechanisms, for future changes to the AML regime.
Conducting and Publishing Impact Statements of Regulatory Actions
Global financial regulators in leading financial centers have increasingly utilized cost-benefit and post-implementation impact analyses as tools to determine whether market intervention is justified. These regulators recognize that the policies and regulations they propose to develop and implement should have a net benefit to the financial markets and the broader economy. In Canada, these tools have been used sparingly and not in a way that would deliver a consistent policy development process with predictable results.
Cost-benefit and post-implementation analyses contribute to ensuring policies and regulations advance the public interest. For example, they help ensure the production of net benefits, improvements in transparency and accountability by forcing regulators to communicate their assumptions, and allow regulated entities to plan and predict how regulators will respond to new industry practices.
According to the C.D. Howe Institute, financial regulators must balance different objectives – market integrity, consumer protection, financial stability, and market competitiveness. Decisions to intervene must be targeted at a well-defined problem with metrics to measure the degree of success or failure, considering the trade-offs with other objectives. A properly designed cost-benefit analysis should have a counterfactual or baseline scenario, as well as the identification and quantification of direct and indirect impacts. Once a certain amount of time has passed, a post-implementation impact analysis measuring the desired and actual outcomes should be conducted to determine whether the regulation in fact achieved its objectives and why, in order to influence further planning. Ultimately, such analyses should reduce the overall life cycle of rule development and implementation by reducing the number of new rules that are not demonstrably necessary, allowing both policymakers/regulators as well as market actors to focus their attention on those that are.
We believe the Department of Finance, along with its federal financial regulatory partners (OSFI, CDIC, FCAC, Bank of Canada, and FINTRAC) should implement cost-benefit and post-implementation impact analyses as tools to determine whether market intervention is justified. Consistent with enhancing federal, provincial, and territorial collaboration, federal financial regulatory safety net regulators could work with their provincial counterparts to design a consistent and coordinated approach to such analyses for financial regulation. Combining resources and expertise would enable a harmonized approach to the assessment of the costs and benefits of important rule implementation across all financial markets.
Recommendation: The Department of Finance, along with its federal financial regulatory partners (OSFI, CDIC, FCAC, Bank of Canada, and FINTRAC) implement cost-benefit and post-implementation impact analyses as tools to determine whether market intervention is justified and the impact of that intervention. Federal financial regulatory partners should consider working with their provincial counterparts to design a consistent and coordinated approach to such analyses of financial regulation.
Developing a Forum for Coordinating and Collaborating on International Issues
The global financial crisis ushered in an unprecedented amount of regulatory change. A significant amount of this regulatory change impacting capital, liquidity, deposit insurance, market conduct, prudential supervision, and resolution has been discussed, developed, and agreed to in international organizations such as the Financial Stability Board (FSB), Basel Committee on Banking Supervision (BCBS), International Association of Deposit Insurers (IADI), International Organization of Securities Commissions (IOSCO), among others. Furthermore, individual financial regulators in the United States and the European Union have implemented rules that have impacted Canadian financial institutions such as Title VII of the Dodd-Frank Act, OTC derivatives measures, and the Foreign Account Tax Compliance Act (FATCA). Lastly, there has been an increase in the amount of activity surrounding sanctions and ESG-related disclosures in recent years.
Given the amount of financial regulatory change that is being developed outside of the country’s borders, it is critical that Canada continues to have a strong voice internationally whether in multilateral or bilateral forums. Differences in the regulation and implementation of activity internationally can lead to inefficiencies, uncertainty, and impose undue costs on market participants and their customers.
This is why the CBA has encouraged the use of Financial Services Committees in trade agreements to better communicate concerns about other jurisdictions’ policies and regulations, leading to a greater likelihood of coordination and standardization as well as implementation schedules of cross-border activity. This can include advocating for mutual recognition and substituted compliance, prevention/minimization of the extraterritorial application of laws, and greater alignment of implementation schedules.
In recent years, we have noted that the Department of Finance, in the lead-up to Financial Services Committee meetings, has made an increased effort to reach out to industry to survey issues and concerns to help prepare. This is in addition to OSFI’s efforts to consult with the industry ahead of meetings at international organizations. This engagement is welcomed and appreciated. If the Department of Finance, OSFI, and other regulatory partners would like to create a forum with the objective of coordinating and collaborating on international issues, the CBA and the broader banking sector would be supportive and would welcome the opportunity to participate. Such a forum should have a mechanism where participants can obtain an update as to what was discussed at such meetings and an opportunity to provide feedback to help inform Canada’s positioning and engagement in these international dialogues.
Recommendation: The Department of Finance, along with its federal financial regulatory partners (OSFI, CDIC, FCAC, Bank of Canada, FINTRAC) as well as Global Affairs Canada (GAC) consult, whether formally or informally, with sectoral stakeholders on international issues. Furthermore, a mechanism should be implemented where participants can obtain updates as to what was discussed at such meetings and an opportunity to provide feedback to help inform Canada’s positioning and engagement in these international dialogues.
Sharing of Information About Integrity and Security Risks
As part of its expanded mandate, OSFI published the Integrity and Security Guideline in January this year. The overarching requirement under the Guideline is that FRFIs must have adequate policies and procedures in place to protect against threats to integrity or security, including foreign interference. With certain exceptions, the deadline for complying with new or expanded expectations under the Guideline is January 31st, 2025.
Threat actors may use a range of strategies to target financial institutions in Canada. While the Government of Canada continues to monitor for threats that may be attempts at foreign interference, undue influence, or malicious activity, as defined under the Guideline, FRFIs currently do not have definite or dependable access to intelligence possessed by law enforcement (e.g., the Royal Canadian Mounted Police (RCMP) or investigative agencies such as Canadian Security Intelligence Service (CSIS)).
Given the evolving nature of the threat environment, we welcome Finance’s proposal of information sharing by the federal government about integrity and security risks. Timely notification and information from law enforcement or intelligence agencies about known threats of foreign interference, undue influence, or malicious activity will empower FRFIs to act, where appropriate, to help mitigate such risks. Timely guidance on recent and emerging typologies or indicators of foreign interference, malicious activity, or undue influence, including relevant information as to tactics, techniques, and procedures, will be most helpful.
Public confidence in the Canadian financial system depends on the integrity and security of the financial system and the sharing of such information by the public sector to FRFIs is vital for meeting the policy objective of effectively managing risks to the integrity or security of the financial sector in Canada.
Recommendation: The Department of Finance proceeds with its proposal of information sharing by the federal government about integrity and security risks. Timely notification and information from law enforcement or intelligence agencies about known threats of foreign interference, undue influence, or malicious activity will empower FRFIs to act, where appropriate, to help mitigate such risks. Timely guidance on recent and emerging typologies or indicators of foreign interference, malicious activity, or undue influence, including relevant information as to tactics, techniques, and procedures, will be most helpful.
Advancing Work on Artificial Intelligence
Supporting Responsible Innovation
Banks in Canada recognize the opportunities presented by innovations such as artificial intelligence (AI) to improve the speed, accessibility, and security of services. More and more, banks are using AI and analytics to assess their customers’ needs and offer them personalized financial advice. Very often this advice can support everyday spending decisions and improve the ability of customers to manage their money effectively.
Banks leverage advanced tools like machine learning and AI to produce meaningful insights that improve organizational efficiency and enhance the customer experience while also better combating cybersecurity and fraud related risks. They are responsible innovators with a strong track record of developing and adopting technologies, like AI, to serve and protect their customers better.
As key contributors to Canada’s competitive and innovative financial services sector, Canada’s banks are active contributors to the important dialogue surrounding the safe, transparent, and responsible use of AI in Canada. Our banks are constantly working to maintain trust, stay secure and help Canadians understand and enjoy the significant benefits of this evolving technology.
Risk Based, Harmonized Regulations
The CBA has expressed support25 for policy objectives outlined in federal AI legislation (through the proposed Artificial Intelligence and Data Act, or AIDA) that aim to promote the responsible development and use of AI systems in a manner that supports existing principles under Canadian law, including consistency with applicable privacy and human rights laws.
AI regulation should not be overly prescriptive or contain a set of ‘one-size-fits-all’ risk mitigation measures. In a rapidly evolving field like AI, we believe a flexible, risk-based regulatory AI framework that avoids any duplication or overlap with other frameworks is necessary to ensure Canadian organizations can serve consumers in a manner that fosters confidence and builds trust in the responsible development, deployment and use of AI systems. We believe other, more prescriptive approaches, could impede innovation and become overly complex for organizations as AI systems become more ubiquitous in our daily lives.
For this reason, it is important that any strategy to manage risks proposed by the Government should be principles-based, outcomes-focused and developed in consultation with impacted stakeholders. This means that any legislative or regulatory framework should be flexible, future proof and targeted (while avoiding duplication or overlap with other such frameworks) while acknowledging that AI use cases may change over time as technology evolves. To the extent possible, we believe that any future requirements should be practical, support innovation and align with existing regulatory requirements, such as those under relevant privacy laws. We therefore recommend a separate and substantive set of consultations with impacted stakeholders on the criterion (e.g., system type, requirements, thresholds) for high-impact systems before any legislative or regulatory AI framework is finalized in Canada.
We are concerned that the financial industry may face a complex regulatory environment with the introduction of multiple layers of AI regulation, as general AI legislation is under review in Parliament (such as AIDA). This could lead to challenges in compliance, potentially hindering innovation for financial institutions. We recommend that the government carefully consider the potential impact of overlapping regulations and strive for a streamlined and coordinated approach to AI governance.
Coordination and cooperation with domestic partners such as the federal and provincial governments, including regulatory agencies like OSFI, and international partners, at the G7 level in particular, is also an essential component of ensuring a degree of interoperability and harmony between various AI legislative and regulatory frameworks, particularly as it relates to the definition of AI.
This includes prioritizing federal AI legislation and promoting a harmonized regulatory approach across provinces to ensure Canadians continue to benefit from consistent privacy and other protections across jurisdictions and, importantly, avoiding duplicative, or conflicting obligations.
We urge the Department of Finance to consider research conducted by their peers such as the 2023 OSC report26 on artificial intelligence in Ontario’s capital markets and OSFI’s Edge Principles ,27 to better understand AI use cases in the financial markets and ensure collaboration and coordination between regulators when considering the creation of regulatory guidance, rules or framework, that would support responsible AI innovation while mitigating associated risks.
Recommendation: The federal government prioritize a federal approach to any AI legislative and regulatory framework and promote regulatory harmonization across provinces to ensure Canadians continue to benefit from consistent privacy and other protections across jurisdictions and, importantly, avoiding duplicative, or conflicting obligations by consulting impacted stakeholders extensively in the creation of any requirements for AI systems.
Harnessing the Benefit of AI Systems & Mitigating their Risks
Banks have an established practice of using technology to analyze data to better serve their clients and manage risks while ensuring obligations under prudential guidance and other regulations are being met. We agree it is essential to protect the public against harm that may arise from AI systems and that this is an important area of concern which requires mitigation.
Banks are heavily regulated and to maintain client trust, models are designed, developed and deployed in adherence to OSFI guidance, which has existing principles-based, risk-based guidance on model risk (i.e. Guideline E-23 Model Risk Management) and other non-financial risks more broadly (e.g., Guideline B-10 Third-Party Risk Management and Guideline B-13 Technology and Cyber Risk Management). The AI models banks develop and the use cases they deploy are additionally subject to existing privacy laws, human rights law and the Bank Act (including with respect to consumer protection). This reinforces the importance of avoiding the introduction of any overlapping or duplication requirements that could hinder innovation and positive consumer experiences.
It is important to also consider the potential for unintended consequences resulting from well-intentioned measures. Unintended consequences could restrict or disincentivize Canadian organizations and other entities from using third-party AI systems and impact the ability of vendors to sell or license AI systems to Canadian organizations. This would negatively impact the ability of Canadian financial institutions to deploy value-adding use cases, to innovate and to compete both locally and globally.
Recommendation: The federal government promote a flexible, risk-based AI framework that avoids any duplication or overlap with other frameworks or impedes innovation or the ability of Canadian organizations to compete globally.
Protecting Canadians Against Fraud
AI is a double-edged sword when it comes to fraud and cybersecurity. AI is a tool that greatly enhances capabilities to detect and prevent fraud and cyber-attacks, but the use of AI is also permitting real-time face and voice impersonations, and AI-powered fraud is increasing. As a result of the ever-evolving threat environment, fraud management has become an integral part of the products and services that financial institutions provide to their customers, and AI will also play an increasingly significant role in detecting AI-powered fraud.
Exceptions for risk mitigation measures should always be considered for AI systems that perform functions critical to public safety objectives (e.g. fraud prevention and detection, AML monitoring). Detecting fraud may involve monitoring a consumer’s behaviour on digital channels through the use of AI, for example to assess whether keystroke patterns, spending patterns, and log-in patterns are consistent with typical human behaviour (instead of a bot) or consumer behaviour (instead of a fraudster). The objective is to protect that consumer from others who may attempt to access their financial accounts.
Canadian banks continue to adapt and enhance operations and services by capitalizing on technological advancements without wavering from their steadfast commitment to protect the personal information of their customers. It is also crucial that we strengthen public-private partnerships to increase awareness of cyber and fraud threats. As Finance proceeds to develop its federal strategy, we look forward to providing additional feedback on how to ensure risks arising from technology like AI are appropriately governed and we welcome continued dialogue to support Finance in its efforts to harness the advantageous capabilities of AI in the financial sector.
Recommendation: The federal government, when developing a strategy to mitigate risks posed by AI systems, consider how certain well-intentioned measures may disincentivize innovation, including making it difficult for vendors to sell or license AI systems to Canadian organizations, or for Canadian organizations to adopt third-party AI systems. The federal government additionally should consider how proposed measures may result in the disclosure of sensitive or otherwise confidential information, and introduce risks (e.g. compromising the efficacy of AI systems, exposing exploitable information related to critical systems) that may not be balanced with the benefits such a disclosure is intended to provide.
[1] CBA’s submission on the Consultation on Upholding the Integrity of Canada’s Financial Sector (Financial Institutions Statutes Review), December 4th, 2023.
[2] CBA Submission on Strengthening Competition in the Financial Sector, March 1st, 2024.
[3] Survey of Financing and Growth of Small and Medium-Sized Enterprises and Credit Conditions Survey, Innovation Science and Economic Development (ISED).
[4] Tracxn, as of August 16th, 2024. In June 2023, Tracxn reported over 3,800 financial sector fintech firms – an increase of 700 firms or 18% in 14 months.
[5] CBA Submission on Strengthening Competition in the Financial Sector, March 1st, 2024
[6] Response of the Government to Large Bank Mergers in Canada: Safeguarding the Public Interest for Canadians and Canadian Business, June 23rd, 2003.
[7] CBA Submission on Strengthening Competition in the Financial Sector, March 1st, 2024.
[8] How Banks are Helping to Protect Canadians from Fraud and Scams, CBA, August 7th, 2024.
[9] Collaboration, National Anti-Scam Centre, Australian Government.
[10] Bank Act 627.33 (1) The maximum liability of a borrower for the unauthorized use of a credit card issued to them in Canada, the account information of the credit card or the personal authentication information created or adopted in relation to the credit card or credit card account is $50, unless the borrower has demonstrated gross negligence or, in Quebec, gross fault, in safeguarding the credit card, the account information or the personal authentication information.
[11] The Debit Card Code was originally developed through broad consultation with representatives from consumer organizations, financial institutions, retailers, and federal and provincial governments and covers liability for loss and procedures for addressing unauthorized transactions. CBA members have also committed to applying the Debit Card Code to online payments in respect of customer deposit accounts. The FCAC monitors banks’ compliance with the Debit Card Code and several other Codes of Conduct. See online here: Codes of conduct - Canada.ca for more information.
[12] The FCAC has already established expectations in respect of investigations of alleged debit and credit card transactions. See online here: B-6 Investigations of unauthorized credit and debit card transactions - Canada.ca.
[13] Canadian Anti-Fraud Centre’s fraud reporting datasets mark first RCMP addition to Open Government Portal, RCMP, July 11th, 2023.
[14] More information about banking services offered to consumers in Canada is available online here: Banks and Consumers.
[15] Banks branches in Canada by province, CBA.
[16] Integrity and Security - Guideline, OSFI, January 31st, 2024.
[17] Background Checks on Directors and Senior Management of FREs – Guideline, OSFI, February 29th, 2008.
[18] Corporate Governance – Guideline, OSFI, September 30th, 2018.
[19] 2024 Benchmark Policy Guidelines, Glass Lewis
[20] Guideline Corporate Governance - Sound Business and Financial Practices, OSFI, September 2018. See also: Principles for Sound Compensation Practices, FSB, 2009.
[21] Canada advances review of financial institution statutes, Torys LLP, August 19th, 2024.[22] This was increased from the previous threshold of $90 million.
[23] Bank of Canada, Inflation Calculator. The calculator shows a 64.7% change in the Consumer Price Index (CPI) from 2001 to 2024.
[24] Paul C. Bourque and Gherardo Gennaro Caracciolo, The Good, the Bad and the Unnecessary: A Scorecard for Financial Regulations in Canada, Commentary 664. C.D. Howe Institute
[25] Briefing Document – CBA Recommendations: Bill C-27 Artificial Intelligence and Data Act, CBA, January 6th, 2024, to the Standing Committee on Industry and Technology on Bill C-27‘s Artificial Intelligence and Data Act.
[26] OSC releases report on artificial intelligence in Ontario’s capital markets, Ontario Securities Commission (OSC), October 10th, 2023.
[27] Financial Industry Forum on Artificial Intelligence: A Canadian Perspective on Responsible AI, OSFI, April 30th, 2023.