Accreditation working group meeting 6 – May 1, 2023

This discussion guide is provided to assist working group members in preparing for the meeting. This will be the last accreditation working group meeting as the remaining topics will be covered on May 1.

For questions or comments, please contact obbo@fin.gc.ca.

On this page:

Discussion guide

Accreditation process

The Final Report of the Advisory Committee on Open Banking (the Report) underscored the importance of a clear and transparent process to gain, maintain, and display accreditation of organizations to Canadians and other participants. This working group has already discussed many of the potential requirements that an entity would need to fulfil in order to become accredited. The criteria covered included required information (Meeting 2),  financial capacity (Meeting 3), and certification (Meeting 4). Accreditation was also discussed at the first Steering Committee meeting.

Timeliness in reviewing an application is also a critical element of accreditation in so far as it provides clarity and transparency. Though delays in the process may exist – for multitude of factors, including the completeness of an application, open banking systems in other jurisdictions typically provide an indication of expected turnaround times. The Australian Competition and Consumer Commission (ACCC), the governance body in charge of accreditation, estimates a three-month standard for making a decisionFootnote 1. Similarly, the United Kingdom (UK)'s Financial Conduct Authority (FCA) describes a three-month process that could extend to 12 if an application is incompleteFootnote 2.

A submission for accreditation may lead to a few outcomes. Where the application is deemed incomplete or deficient, approval will not be granted and may lead to further discussions to remedy the situation. As described in the Report, the reasons for the decision should be provided, along with an opportunity to address deficiencies without having to restart the accreditation process. Conversely, approval of an application would form the first step of admission into the system with subsequent administrative steps to follow, for example, addition to a registry of accredited participants. The Retail Payment Activities Act (RPAA) includes provisions for a public registry that captures activities performed by the entityFootnote 3.

Accreditation approvals may be conditional. For example, in Australia, the ACCC may impose binding conditions on the applicantFootnote 4. These conditions could include meeting testing requirements or limiting the products or services the applicant may offer to end users. Those conditions are then published on the central registry.

Accreditation may involve costs to the applicant. This could involve a cost related to the submission or work related to the preparation of the application. As noted by the Report, applicants should bear the cost of their own accreditation. This aligns with other practices in Canada, such as the proposed registration fee under RPAA regulationsFootnote 5. The FCA has similar application fees for on-boarding new applicants under PSD2Footnote 6.

Maintaining accreditation

The Report indicated that accreditation should be renewed periodically. This could take the form of a full review at predetermined intervals or a simple submission of forms to an accreditation entity with management attestations. In addition, material changes to a business model, such as the scope of data an entity intends to collect on behalf of their customers, could trigger a mandatory renewal of accreditation.

Ongoing reporting obligations can serve as an alternative. Under this scenario, information is provided to the regulator at certain intervals as opposed to a full assessment. Australia's Consumer Data Right (CDR) rules require bi-annual reporting on complaints, the total number of product data requests, new services offered and what data those services requireFootnote 7. In addition, accredited entities must inform the ACCC within five business days if there is a change to any information displayed on the registry, or changes to fit and proper personnelFootnote 8. The UK has similar reporting requirements applicable depending on the service provided, the occurrence of an event, as well as on a continuing basis. This includes reporting with regards to changes to control of the business, individuals responsible for management, capital adequacy, complaints, and operational and security risk reportingFootnote 9

The RPAA takes an analogous approach. Payment service providers (PSP) subject to the legislation are required to submit annual reports on risk management practices and business operation to the Bank of Canada (the Bank). These reports are supported by an obligation to make the Bank aware of any significant changes to the operation of the PSP five business days before they take effect, or changes to information submitted at the time of registration between thirty days before to thirty days after the changes take effect. 

To maintain the trust and security in an open banking system, participants who are accredited may need to be stripped of accreditation. The Australian CDR rules set out several reasons for which accreditation may be suspended or revoked, including providing false or misleading information in the accreditation application, committing illegal activities pertaining to the CDR, posing a risk to the security of consumers or the system, or no longer possessing fit and proper persons in key positionsFootnote 10.

Discussion

  1. What are the expectations with respect to time to accredit and costs borne by applicants as part of the application process?
  2. What information should be made publicly available about an accredited entity?
  3. What information regarding a rejected application should be made publicly available?
  4. How frequently should an applicant need to resubmit/renew accreditation? Alternatively, should the process be limited to ongoing reporting for certain criteria?
  5. Under what circumstances would accreditation be revoked or suspended?

Outcomes

Accreditation process

Discussion 1

What are the expectations with respect to time to accredit and costs borne by applicants as part of the application process?

Discussion 2

What information should be made publicly available about an accredited entity?

Maintaining accreditation

Discussion 3

What information regarding a rejected application should be made publicly available?

Discussion 4

How frequently should an applicant need to resubmit/renew accreditation? Alternatively, should the process be limited to ongoing reporting for certain criteria?

Discussion 5

Under what circumstances would accreditation be revoked or suspended?

Accreditation working group attendees

Members

  • Central 1 Credit Union
  • Desjardins
  • Flinks
  • Laurentian Bank of Canada
  • National Bank of Canada
  • Plaid
  • Scotiabank
  • Stripe
  • TD Canada Trust
  • Vancity Credit Union
  • Wealthsimple

External guests

  • British Columbia Financial Services Authority
  • Competition Bureau Canada
  • Financial Consumer Agency of Canada
  • Office of the Superintendent of Financial
    Institutions

Chair

  • Abraham Tachjian, Open banking lead

Secretariat

  • Department of Finance Canada

Page details

Date modified: