Liability working group meeting 5 – October 12, 2022

This discussion guide is provided to assist working group members in preparing for the meeting.

For questions or comments, please contact obbo@fin.gc.ca.

On this page:

Discussion guide

Source of obligations of market participants

In their final report, the Advisory Committee on Open Banking outlined the guiding principle with regard to liability, stating that it should flow with the data and rest with the party at fault.

Issues of liability can arise in a variety of circumstances in an open banking environment. The first meeting of this working group discussed the liability as it pertains to consumers. Notably, working group participants reached a consensus that, barring cases where the consumer was proven to have committed gross negligence/gross fault, or criminal acts, liability should be limited up to a small fixed dollar amount. As a corollary, this meeting will focus on the potential liability between participants, namely where the technical requirements of an open banking system are not fulfilled.

As has been the case for previous discussions, experiences from other jurisdictions may help guide the discussion. It is notable that under Australia's Consumer Data Right (CDR) regime, liability between participants is addressed through legislation. The Competition and Consumer Act 2010 (CCA)Footnote 1 provides for the creation of "data standards"Footnote 2 that must be followed when consumer-permissioned information is disclosed between a data holder and a data recipient. To strengthen this requirement, the CCA provides clarity on responsibilities by establishing a deemed contractual relationship between data holders and accredited parties whereby each agrees to observe the standardFootnote 3. As a result, a party may seek judicial redress from the failure of the other to meet its obligations, namely the disclosure of data in accordance with the standardFootnote 4. The Australian Competition and Consumer Commission may also take the matter to courtFootnote 5. In addition, the CCA allows a consumer to take action against a system participant that has not complied with their obligation to disclose data in accordance with the standard in the event it suffers loss or damage as a result Footnote 6.

This approach provides certain benefits. Among them are: establishing clarity for the relationship between the data holder and data recipient and clearly outlining responsibilities that system participants have toward each other. Providing such clarity could, in turn, translate into greater adherence to requirements which would provide for better overall system performance.

The United Kingdom (UK)'s framework contrasts with the Australian one. Unlike the CDR, there is no legislative provision to enforce obligations system participants owe to each other. In addition, these obligations are not prescribed in legislation as they are under the CDR data standards. However, the UK's Open Banking Implementation Entity (OBIE) has outlined certain expectations with respect to the roles and responsibilities of system participantsFootnote 7. These expectations were dependent on their status as an "API user"Footnote 8 or an "API provider"Footnote 9, the latter being the nine UK banks mandated to provide data. For API providers, the obligations generally require that:

API users, meaning those accessing open banking data from API providers, share similar but pared down responsibilities.

Discussion

  1. How should the legal relationship between participants be addressed? Should enforcement of obligations follow the Australian approach of a deemed contract or the UK one?
  2. How should the obligations between participants be addressed? Should they be prescribed like the Australian Data Standards?
  3. Should the obligations apply uniformly between participants? For example, should the obligations for those mandated to participate differ from those who voluntarily participate?
  4. Should the right to enforcement be extended to open banking end users?

Outcomes

Source of obligations of market participants

Discussion 1

How should the legal relationship between participants be addressed? Should enforcement of obligations follow the Australian approach of a deemed contract or the UK one?

Discussion 2

How should the obligations between participants be addressed? Should they be prescribed like the Australian Data Standards?

Discussion 3

Should the obligations apply uniformly between participants? For example, should the obligations for those mandated to participate differ from those who voluntarily participate?

Discussion 4

Should the right to enforcement be extended to open banking end users?

Liability working group attendees

Members

  • Bank of Montreal
  • Banque Nationale du Canada
  • Canadian Western Bank
  • Canadian Imperial Bank of Commerce
  • Neo Financial
  • Meridian Credit Union
  • Option consommateurs
  • Plaid
  • Prosper Canada
  • Public Interest Advocacy Centre
  • Servus Credit Union
  • Vancity Credit Union
  • Wealthsimple

Absent

  • Intuit
  • Portage Ventures

External guests

  • Autorité des marchés financiers
  • Competition Bureau Canada
  • Financial Consumer Agency of Canada
  • Office of the Superintendent of Financial

Chair

  • Abraham Tachjian, Open banking lead

Secretariat

  • Department of Finance Canada

Page details

Date modified: