Accreditation working group meeting 2 – July 27, 2022
This discussion guide is provided to assist working group members in preparing for the meeting.
For questions or comments, please contact obbo@fin.gc.ca.
On this page:
Discussion guide
Objective
Accreditation is the process through which organizations would demonstrate their fitness to participate in the open banking system. The aim of this working group is to draft an accreditation framework to recommend to the government.
In their final report, the Advisory Committee on Open Banking (the Committee) noted that the crucial challenge in establishing an accreditation framework is to strike the right balance between promoting entry to the system for smaller participants while maintaining security and protection for all participants. Open banking will only provide value to consumers and the economy if service providers are able to participate and develop new services and products. At the same time, consumer trust in the system underpins participation and can be lost quickly if something goes wrong.
A sound, robust, and transparent accreditation process is necessary to mitigate operational, reputational, and concentration risks.
Information required for accreditation
To accredit access into open banking, any accredited participant must provide a level of transparency that gives confidence in their business. Information will be needed about the applicant’s services, arrangements, structure, people and controls. Such details demonstrate to accreditors that the applicant has reflected on the impact of their business to consumers and the financial system. Importantly, accreditors also provide crucial insight on the scope and quality of risk identification and mitigation measures of the applicant, so that issues can be addressed and controls strengthened up front.
A high-level map of accreditation criteria is available in the Annex of this discussion guide. This map was developed leveraging the European Banking Authority’s Guidelines on authorisation and registration under PSD2 (for Account Information Service Providers), the Australia Competition & Consumer Commission’s Consumer Data Right Accreditation Guidelines and application form for unrestricted applicants as well as the Retail Payment Activities Act.
Please note the Annex is not a final definitive list of requirements, but rather items to promote a discussion during the meeting among participants, which will lead to the creation of the final requirements. For further clarity, all the criteria may not be necessary. Furthermore, the Annex does not include categories of criteria that are subject to the work of another working group (such as data security requirements or privacy requirements). As well, it does not include information that would be required to assess financial capacity, which will be discussed in Meeting 3.
Discussion
- Are there any information categories missing from the criteria provided in Annex A? Are any categories unnecessary?
- What information will be hard to provide? What information will be straightforward?
- Which categories should be mindful of proportionality, if any?
- How should the information provided by the applicant be protected?
Annex A– High-level map of accreditation criteria
Required information category and rationale |
Examples of information which may be requested (non-exhaustive) |
---|---|
Applicant name and contact information To collect general and contact information for identification purposes |
Official name |
Incorporation status | |
Physical address of head office and any other places of business | |
Email address | |
Regulatory or supervisory oversight To determine standing with existing regulatory authorities, including provincially. For example, this may include applicants subject to registration by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) or in the case of the Retail Payment Activities Act, the Bank of Canada. |
Name(s) of existing financial services regulatory authority(ies) that a potential applicant is subject to, and license numbers |
Description of services To understand the details of the applicant’s offering, how it relates to the applicant’s broader business, and how the offering is intended to impact consumers. |
Description of services |
Description of any ancillary services to the account information service | |
Confirmation as to whether the applicant has or intends to provide similar services in another country | |
Anticipated number of consumers to serve and volume of services | |
Value proposition To understand the details of the applicant’s offering, how it relates to the applicant’s broader business, and how the offering is intended to impact consumers. |
Description of how the data will be used |
Description of the benefits to consumers | |
Description of the costs to consumers | |
Intended target audience | |
Business plan To understand the details of the applicant’s offering, how it relates to the applicant’s broader business, and how the offering is intended to impact consumers. |
Overview of the applicant’s marketing plan, competitive position, sources of funding, product roadmap and growth plans |
Organizational structure To understand the organization and structure of the applicant that is providing the offering. |
Financial statements for previous financial year(s), financial forecast |
Details of ownership and corporate structure, detailed organizational chart | |
Current number of employees and future forecast estimate | |
Governance arrangements To understand the procedures used in the decision-making and control of the business that provide its structure, direction and accountability. |
Details of the composition of the board and related committees as well as their respective terms of reference |
Evidence that internal control functions are independent of the business, adequate segregation of duties as well as appropriate financial and human resources | |
Description of auditor arrangements | |
Description of governance by parent organizations | |
Internal controls To understand how the organization identifies and controls for risks. |
Description of internal control mechanisms, including identification of risks and control procedures |
Evidence of board approved frameworks and related risk documentation | |
Description of how frameworks and related documentation are communicated throughout the organization | |
Description of controls for agents or branch arrangements | |
Description of outsourcing arrangements and copies of agreements | |
Fit-and-proper assessment of key personnel To understand the capabilities and reputation of key personnel in charge of governing and managing the applicant and their provision of the intended offering. |
Detailed information on all directors and persons responsible for the management of the applicant (key personnel), including details of their position |
Description of any assessment process performed by the applicant on the suitability of the key personnel | |
Evidence of knowledge, skills and experience with respect to the position of the key personnel | |
Evidence of reputation, honesty and integrity (via signed declarations from each key personnel), including criminal record checks, dismissals from employment, refusals or expulsions by a regulatory or government body or professional association, history of bankruptcy |
Outcomes
Information required for accreditation
Discussion 1
Are there any information categories missing from the criteria provided in Annex A? Are any categories unnecessary?
- A majority of participants agreed that the information categories provided in Annex A were appropriate. Some participants queried the value proposition of requiring business plans. Some participants suggested information on past privacy breaches or cyber incidents should also be requested.
- Participants noted the importance of accreditors receiving guidance on how to assess the information provided.
Discussion 2
What information will be hard to provide? What information will be straightforward?
- Participants noted that there may be difficulties in providing information on financial and staff forecasts, business plans, and assessments of fit-and-proper personnel. The level of difficulty may vary according to size of the applicant.
- Participants noted overlap with reporting requirements applicable to money service businesses subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and associated Regulations, as well as the Retail Payments Activities Act and forthcoming regulations and proposed that requirements be aligned where possible.
Discussion 3
Which categories should be mindful of proportionality, if any?
- There was no consensus on information categories which should apply on a proportional basis.
- Participants expressed interest in further discussion of accreditation tiers. Suggested criteria for tiers included: the role of the accredited participant in the open banking ecosystem (such as an aggregator or intermediary to multiple consumer services), the size of the accredited participant or volume of consumer data they process, or the intended use for the data. It was noted that additional discussion on accreditation tiers is planned for accreditation working group meeting 6.
Discussion 4
How should the information provided by the applicant be protected?
- Participants noted that the protection of information will vary according to its sensitivity.
- One participant suggested looking at the current model applicable to federally regulated financial institutions in the way they disclose information to regulators.
Accreditation working group attendees
Members
- Desjardins
- Flinks
- Laurentian Bank of Canada
- National Bank of Canada
- Plaid
- Scotiabank
- Stripe
- TD Canada Trust
- Vancity Credit Union
- Wealthsimple
Absent
- Central 1 Credit Union
External guests
- British Columbia Financial Services Authority
- Competition Bureau Canada
- Financial Consumer Agency of Canada
- Office of the Superintendent of Financial Institutions
Chair
- Abraham Tachjian, Open banking lead
Secretariat
- Department of Finance Canada
Page details
- Date modified: