Liability working group meeting 4 – September 14, 2022
This discussion guide is provided to assist working group members in preparing for the meeting.
For questions or comments, please contact obbo@fin.gc.ca.
On this page:
Discussion guide
Public accountability
Transparency is an important feature of an open banking system. Participating organizations can instill confidence in the system by reporting certain information to the public or to regulators. The type of information, and how it is reported, varies based on the objective for the reporting.
Open banking system participants are subject to various reporting requirements already. For this discussion, these reporting requirements are referred to as incident reporting and proactive reporting. Incident reporting refers to when an event or circumstance triggers a report (typically to a regulator). Proactive reporting is information regularly disclosed on a periodic basis.
Incident reporting
Standardization of incident reporting requirements create confidence in the resiliency of the open banking system. There are a variety of existing incident report requirements that could be adopted or aligned to the open banking framework.
There are existing reporting requirements for firms that have had a breach of security related to consumers’ sensitive financial data. Firms subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) are required to report to the Privacy Commissioner of Canada about any breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals, as well as notify affected individual about those breachesFootnote 1.
As well, federally-regulated financial institutions are required to notify the Office of the Superintendent of Financial Institutions when technology and cyber incidents relating to their operations occur. The requirement to report incidents depends on the severity of the incident. Banks are also required to report incidents that did not originate from the bank but would impact the security of bank assets, or the security or data of banking customersFootnote 2.
In addition, federally-regulated banks and external complaints bodies are required to report on consumer complaints and their outcomes, depending on the case. The Advisory Committee on Open Banking recommended that open banking participants disclose complaints in line with requirements of the Financial Consumer Protection FrameworkFootnote 3. External complaints bodies are also required in certain cases to report to the public about complaints cases that they receive. Note that complaints handing processes were discussed in liability working group meeting 2, but this discussion did not extend to complaints reporting.
Discussion
- Are there any categories of incidents that should be reported under the open banking system which are not already reported elsewhere? How should these incidents be reported?
- How should an open banking system handle consumer complaints reporting?
Proactive reporting
The core objective for Canada’s open banking system, outlined by the Advisory Committee on Open Banking, is to realize consumers' right to data portability, and to move towards secure, efficient consumer-permissioned data sharing. Proactive reporting can demonstrate how well the system is working.
An approach taken in the United Kingdom has been to report periodically on application programming interface (API) call performance. These reports are posted monthly on the Open Banking Implementation Entity’s website. They provide information for consumers on the robustness and effectiveness of open banking platforms offered by data providers. Key metrics include average call response time, number of failed, rejected and successful calls, and average API availability. These metrics are segmented by category, as well as by brand (that is, by data provider)Footnote 4.
Discussion
- What reporting requirements, if any, should be implemented regarding API performance?
- Are there other open banking areas where proactive reporting should be introduced? If so, what should be the required content, recipient, and timeline for this report?
Outcomes
Incident reporting
Discussion 1
Are there any categories of incidents that should be reported under the open banking system which are not already reported elsewhere? How should these incidents be reported?
- There was a general consensus that the categories provided as examples in the discussion guide to the meeting were complete.
- Participants noted however that reporting obligations based on existing requirements would not extend to all participants and that the system should ensure uniform application.
Discussion 2
How should an open banking system handle consumer complaints reporting?
- There was a general consensus that disclosing complaints in line with the Financial Consumer Protection Framework is appropriate.
- Participants again raised the issue of ensuring the uniform application of the framework.
Proactive reporting
Discussion 3
What reporting requirements, if any, should be implemented regarding API performance?
- Participants generally agreed that the reporting metrics captured by the United Kingdom and Australian systems were sufficient.
Discussion 4
Are there other open banking areas where proactive reporting should be introduced? If so, what should be the required content, recipient, and timeline for this report?
- Participants suggested a variety of areas, including overall health and efficiency of the ecosystem, number of users, number of complaints and number of parties with accreditation revoked.
Liability working group attendees
Members
- Bank of Montreal
- Banque Nationale du Canada
- Canadian Western Bank
- Canadian Imperial Bank of Commerce
- Intuit
- Neo Financial
- Meridian Credit Union
- Option consommateurs
- Plaid
- Prosper Canada
- Public Interest Advocacy Centre
- Servus Credit Union
- Vancity Credit Union
- Wealthsimple
Absent
- Portage Ventures
External guests
- Competition Bureau Canada
- Financial Consumer Agency of Canada
- Office of the Superintendent of Financial Institutions
Chair
- Abraham Tachjian, Open banking lead
Secretariat
- Department of Finance Canada
Page details
- Date modified: