THE STANDING SENATE COMMITTEE ON BANKING, TRADE AND COMMERCE
EVIDENCE
OTTAWA, Thursday, May 10, 2018
The Standing Senate Committee on Banking, Trade and Commerce met this day at 10:30 a.m. to study the subject matter of those elements contained in Divisions 2, 4, 5, 6, 7, 12, 16 and 19 of Part 6 of Bill C-74, An Act to implement certain provisions of the budget tabled in Parliament on February 27, 2018 and other measures.
Senator Douglas Black (Chair) in the chair.
[English]
The Chair: Good morning and welcome, colleagues and members of the general public who are following today’s proceedings of the Standing Senate Committee on Banking, Trade and Commerce either here in the room or listening via the web.
My name is Doug Black, I am a senator from Alberta and I chair this committee. I’m going to ask my colleagues to introduce themselves.
[Translation]
Senator Ringuette: Pierrette Ringuette from New Brunswick.
[English]
Senator Wallin: Pamela Wallin, Saskatchewan.
Senator Tannas: Scott Tannas from Alberta.
[Translation]
Senator Dagenais: Jean-Guy Dagenais from Quebec.
[English]
Senator Wetston: Howard Wetston from Ontario.
Senator Stewart Olsen: Carolyn Stewart Olsen, New Brunswick.
Senator Tkachuk: David Tkachuk, Saskatchewan.
The Chair: Thanks very much, senators.
Today we continue our subject matter examination of various divisions of Part 6 of Bill C-74, the budget implementation act, 2018, no. 1.
Senators, today we have a three-part meeting as we added a part, as you know, with some of last evening’s witnesses on Division 16, and we subtracted a part due to the illness of James Hicks, National Coordinator, Council of Canadians with Disabilities.
We have a busy session. Of course, we’ll keep our questions and answers crisp and succinct.
In the first panel, we will deal with Division 16, relating to financial sector legislative renewal. I am pleased to introduce the following witnesses from the Department of Finance Canada: Manuel Dussault, Senior Director, Framework Policy, Financial Sector Policy Branch; Julien Brazeau, Senior Director, Financial Services Innovation, Financial Sector Policy Branch; Jeremy Weil, Senior Project Leader, Financial Sector Policy Branch; and Saskia Tolsma, Senior Economist, Financial Services Innovation, Financial Sector Policy Branch.
Please proceed with your opening remarks and then we will move to questions. Thank you very much for being here.
Manuel Dussault, Senior Director, Framework Policy, Financial Sector Policy Branch, Department of Finance Canada: Thank you, Mr. Chair. Part 6, Division 16 of the bill, entitled “Financial Sector Legislative Renewal,” proposes amendments as part of the financial sector legislative review prior to the statutory sunset date of March 29, 2019.
The periodic sunset of financial sector legislation is designed to ensure the financial sector framework is reviewed regularly and remains effective and technically sound. The Department of Finance began the financial sector legislative review in 2016. Over the course of 2016 and 2017, the department led comprehensive public consultations with stakeholders in order to understand their priorities and perspectives.
Through these consultations we heard the financial sector framework is functioning well and the foundational elements of the framework continue to be supported. These elements include strong and clear mandates for federal financial sector regulatory agencies and a principles-based approach to regulation. They also include a separation between banking and insurance activities, which we’re not proposing to reform.
Stakeholders also told us that certain targeted updates would help Canada’s financial sector keep pace with global developments and the changing needs of businesses and consumers. To that end, amendments are being proposed in four priority areas.
[Translation]
The proposed legislation focuses on four priority reforms in the review of the financial sector. First, amendments are proposed to give financial institutions more flexibility to undertake activities related to financial technology and to benefit from them. Second, amendments are proposed to give prudentially regulated deposit-taking institutions, such as credit unions, the flexibility they need to use generic bank terms subject to disclosure. Third, amendments are proposed that would enable life and health insurance companies to make predictable and long-term investments in infrastructure. Finally, amendments are proposed to renew the sunset date in the federal financial institution statutes.
I will take a moment to explain the amendments related to infrastructure.
[English]
Part 6, Division 16 proposes amendments to the Insurance Companies Act to permit life and health insurance companies to make long-term investments in infrastructure and help obtain predictable returns. These new investment powers would also be granted to fraternal benefit societies and insurance holding companies. Through our consultations, we heard life and health insurers are seeking greater flexibility to invest in infrastructure, assets that would support their asset liability matching needs.
Life and health insurers are attracted to infrastructure as an investment class because it is generally long term, with stable and predictable returns. These characteristics make infrastructure a suitable type of investment for insurers to match against the liabilities they take on when they issue long-term insurance policies.
As part of a general restriction on commercial investments under the Insurance Companies Act, the current legislation does not permit life and health insurers to make such investments. By enabling insurers to invest in infrastructure assets, the proposed amendments will support the industry asset liability matching needs, which will make insurers more financially resilient. The proposed amendments will also have the added benefit of unlocking a new source of infrastructure financing that can support Canadian communities.
My colleague, Mr. Brazeau, will speak to the proposed amendments in the area of financial technology and bank terms.
Julien Brazeau, Senior Director, Financial Services Innovation, Financial Sector Policy Branch, Department of Finance Canada: Part 6, Division 16 of the budget implementation act amends a number of acts governing federal financial institutions in order to adapt the legislative framework in response to the emergence of financial technology, which is commonly revised to as fintech. Fintech refers to both the innovative delivery of financial services through technology and a technology-focused firm that offers financial services or related products.
The further development of fintech can make the financial sector more efficient for Canadians as it has with such previous innovations such as online banking and email money transfers.
[Translation]
In our consultations, stakeholders pointed out that changing client expectations in terms of products and service channels are putting pressure on their business model.
[English]
I would like to underline that the vast majority of stakeholders across the financial sector, from financial institution such as banks and insurers to small and large fintechs, emphasize that adapting the federal framework was a core priority for their business in the financial services industry in Canada. The statutes covering financial institutions are one of the more direct levers the federal government has to foster innovation through setting a technology neutral regulatory framework that is less prescriptive in approach.
[Translation]
Currently, the financial sector framework generally limits investments made by federally regulated financial institutions, such as banks or insurers, to financial services fields. The challenge involves hybrid business plans that mix financial and non-financial services provided through technology interfaces. Our current laws do not allow that kind of a model.
Take for example a company called Square.
[English]
Square is a financial and merchant services aggregator and mobile payment provider. While Square is clearly focused on delivery of a financial service, it is also harnessing its technology to enable other commercial activities, including GPS tracking and food delivery.
Under the current legislation, a bank would not be permitted to invest in Square, owing to the fact that Square’s business model includes both commercial and financial business lines. The proposed amendments would extend the scope of activities-related financial services in which federal financial institutions may engage to be consistent with an evolving market. This includes the ability of federally regulated financial institutions to undertake, invest in and refer to financial technology firms.
The proposed amendments would also provide the ability of federal regulated financial institutions to offer identification, authentication and verification services.
While the proposed amendments provide greater flexibility for innovation, I’d like to remind the committee this flexibility is bounded in the context of a world leading regulatory system known for its prudence and balanced approach. Federal financial institutions are required to meet a comprehensive set of legislative regulatory requirements and are subject to ongoing monitoring by federal financial sector agencies such as the Office of the Superintendent of Financial Institutions and the Financial Consumer Agency of Canada.
I’d also like to highlight what the proposed legislation does not do. It does not change the government’s long-standing policy framework wherein banks are limited in their ability to undertake the business of insurance.
While these amendments may have added, expanded or clarified certain powers of banks, they do not override the existing blanket prohibition in the Bank Act, which prevents banks from undertaking the business of insurance unless explicitly permitted. Theinsurance business regulations also explicitly prohibit a bank from indirectly providing an insurance company agent or broker with any information respecting a customer of the bank in Canada.
This prohibition on banks indirectly providing information would prevent banks from using their relationship with a third-party fintech to provide information to insurers.
Second, I would underline this legislation must also be read in the context of Canada’s existing federal and provincial privacy frameworks. Federally regulated financial institutions are, and remain subject to, the federal Personal Information Protection and Electronics Document Act, PIPEDA, which sets out rules for all private sector organizations regarding the collection, use and disclosure of personal information, including the requirement to obtain consumer consent.
The proposed amendments before the committee have been developed against this overall policy framework that has served Canadians well, with well-trusted financial institutions and strong regulators.
I would now like to turn very briefly to bank terms. Part 6, Division 16, of the budget implementation act amends the Bank Act in order to provide prudentially regulated deposit-taking institutions, such as credit unions, with the ability to use the terms “bank,” “banker” and “banking,” subject to disclosure requirements. As you may know, the Bank Act currently limits the use of “bank,” “banker” and “banking” to federally regulated banks.
These terminology rules exist so consumers know when they are dealing with a bank and when they are not. These rules also exist so consumers understand which jurisdiction is responsible for the regulation of a given institution, including any applicable deposit insurance protections. This distinction is especially important in times of financial stress.
Through our consultations, we heard the credit union industry is seeking greater flexibility to use the terms “bank,” “banker” and “banking.”
Such flexibility would help them to compete with banks to offer financial services in Canada. The government recognizes the credit union system is an important part of the Canadian economy and contributes to competition in financial services.
As such, the proposed amendments would allow credit unions and other prudentially regulated financial institutions, such as trust and loan companies, the flexibility to use the terms “bank,” “banker” and “banking” to describe their services. The proposed flexibility would be subject to certain disclosure regarding institutional identity and the applicable deposit insurance regime.
As an example, provided the required disclosures were made, a credit union would be permitted to refer to online banking service on its website or to invite prospective clients to bank with them in their advertising materials.
Consistent with the current rules and international best practices, only banks would be able to use bank terminology in names and identifying marks.
Other non-bank financial institutions, such as fintech firms and payday loan companies, would continue to be restricted from using bank terms in all circumstances.
The government is also proposing amendments to the Bank Act and the Office of the Superintendent of Financial Institutions Act that would provide the Superintendent of Financial Institutions with better calibrated and more flexible tools to enforce the rules around bank terminology.
Lastly, technical amendments are also proposed that would clarify certain provisions relating to the use of bank terms.
The Chair: Thank you very much, Mr. Brazeau.
[Translation]
Mr. Dussault: In conclusion, the latest amendments proposed in division 16 of part 6 concern the legislative sunset date in financial institution statutes. It is proposed that the sunset clauses of certain statutes governing financial institutions be extended by five years starting on the date of the Budget Implementation Act being sanctioned. Those amendments will help ensure that the financial sector framework continues to be reviewed regularly and that it remains effective and technically robust. The proposed amendments apply to the Bank Act, Insurance Companies Act and the Trust and Loan Companies Act.
Thank you. One of our members must leave early, but we will be happy to answer your questions.
[English]
The Chair: Thank you all very much for your presentations. We’re going to move questions now.
Senator Tannas: Thank you very much. We appreciate the clarity with which you laid out the issue of insurance and banks. I had asked a question of somebody around a scenario where there is a service being provided to the banks by a fintech. I was thinking of mortgage fulfillment, et cetera. I don’t know if you heard that question. That institution potentially could be offering insurance products, specifically title insurance. I think there’s an organization that exists and does that in Canada.
If that were the case and that institution was, either through commission, which I doubt it does, or through a reduced cost to the bank for the service, would that be legal, and would that change under this situation? If that were illegal, if that weren't allowed, there’s nothing that makes it allowed now.
Mr. Brazeau: That’s right. Section 416, which is a blanket prohibition, continues to apply, independent of the new flexibilities offered in the act and the accompanying regulations, as well. The insurance and banking regulations specify that, whether it be through direct or indirect means —
Senator Tannas: It could be three times removed; it doesn’t matter.
Mr. Brazeau: It doesn’t matter.
Senator Tannas: Good. Thank you.
You mentioned the sunset and the review of the financial system. Am I to understand the amendments we’re seeing here represent the completion of a five-year review and that, essentially, now, we’re restarting the clock for another five years on the sunset and reviews and so on? Is that correct?
Mr. Dussault: These amendments represent the key priorities arising out of the review. We are moving quickly on these amendments because this is what we heard from stakeholders were their priorities in terms of business needs.
The sunset date is renewed, as well, for five years. The last budget announced there would be subsequent amendments as part of what we call the 2019 review, including, possibly, changes to governance, prudential issues as well. These will be forthcoming.
Senator Tannas: I’m narrowing in on my little narrow interest in the insurance industry, where my expertise is. My understanding is that, in the 2019 review, earthquake, catastrophe, equity backstop or some financial mechanism so the industry isn’t ruined in a major earthquake is part of what’s coming next. Is that right? That has not been skipped over or anything else?
Mr. Dussault: It’s something we’re working on. In the last consultation paper we had for the 2019 review, we committed to working with stakeholder provinces on systemic risk in the earthquake area and the P&C industry. This is very much a priority.
Senator Tannas: That’s not going away.
Mr. Dussault: That’s not going away.
Senator Tannas: We’re not forgetting about that for five years. Good. Thank you very much.
Senator Ringuette: The Bank Act, the Insurance Companies Act and the Trust and Loan Companies Act, these three, within the status, the legislation, per se, there is a mandatory Parliament review. Unless we’ve changed the term and the definition of “Parliament,” Parliament is the House of Commons and the Senate. Why are you bypassing these obligations for Parliament to review these three acts you think you have the authority to do on your own and provide, within an omnibus budget bill, your own conclusion as to what should be changed in these three acts?
Mr. Dussault: Thank you, senator, for your question.
There has been, in financial sector legislation, what we call a sunset clause for a number of years, for more than 30 years, and the Bank Act even pre-dates those.
This is what leads to a review of financial institutions. In this case, our review started in 2016 with two consultation papers. We are now bringing what is the first phase of legislative proposals arising from our consultations and our engagement with stakeholders.
Senator Ringuette: Have you exchanged these consultation papers with both Houses of Parliament?
Mr. Dussault: The consultation papers are available online. They were sent to stakeholders. The submissions are online as well that we’ve received. We’d be happy to share copies of any of these documents with the committee.
Senator Ringuette: My basic question is the fact the obligation to review these three acts resides within Parliament — the acts, per se, not within the context of a budget bill.
Mr. Dussault: If Parliament doesn’t renew these statutes, the way the sunset clause is drafted, then financial institutions will no longer be able to operate under the financial institutions statutes. That’s what brings the issue to Parliament for review.
Senator Ringuette: My other line of questioning is very important. I’m reading subclause 316(5), which replaces paragraph 410(3)(c) and provides regulation-making authority to prescribe the circumstances in which banks may engage in the activities that relate to financial services and information processing and technology activities, “including the circumstances in which banks may collect, manipulate and transmit information under subparagraph (1)(c)(i).”
My question is: Before all these articles related to Division 16 within this budget bill, have you consulted with the Privacy Commissioner with respect to acquiring his comments with allowing all of these manipulations, transmitting and collecting of information from either bank, insurance company or fund?
Mr. Brazeau: Thank you for the question. It is an important on. A bit of context as well is —
Senator Ringuette: I think it’s a “yes” or “no”; we don’t need the context. The question is: With respect to all these clauses in Division 16 we have before us, have you consulted with the Privacy Commissioner to get his comments in regard to the Privacy Act the commissioner administers?
Mr. Brazeau: At the moment, the clause you specify in terms of the regulations, the regulations have yet to be drafted or consulted.
Senator Ringuette: We are looking at the legislation. We don’t have the regulations in front of us. My question was simple and clear. Did you consult with the Privacy Commissioner?
Mr. Brazeau: I don’t know that the commissioner himself or herself was specifically consulted. The privacy restrictions that exist, either in PIPEDA or the Privacy Act, continue to apply to institutions irrespective of these flexibilities that are offered. Banks would still have to seek consent from consumers if they wanted to share any information with any other party.
Senator Ringuette: If I may, I believe that because there’s not a clear answer to this very important question, we should have the Privacy Commissioner before us in regard to section 16.
The Chair: That’s a very good suggestion. Thank you very much, senator.
[Translation]
Senator Dagenais: I want to thank the witnesses for joining us. When banks share certain information on their clients with partners, they can do so without informing the clients. I think that is unacceptable, especially given the risk of hacking we have seen for a few years. Banks make clients sign an agreement when they open an account.
With so many amendments being made to regulations, why not take the client more into account and force financial institutions to obtain their clients’ authorization before they share certain personal information?
Mr. Brazeau: I will answer your question to the best of my ability. I think that some issues fall under the Department of Innovation, Science and Economic Development in the area of privacy.
We are very aware of the importance of privacy. The government recently announced a study to look into the merits of an “open banking” concept. That study focuses on privacy issues in particular and the consent clients must give for the information transfer to take place. That issue is at the heart of the study. We would be happy to come back to tell you more once the study is underway.
Senator Dagenais: Are there any other comments? Thank you, Mr. Brazeau.
[English]
Senator Wetston: I’m interested in the fintech environment. I know you are as well. I’m reading here where it suggests greater flexibility for financial institutions to undertake and leverage the broader fintech activities. I certainly support what fintechs are attempting to achieve on behalf of consumers. I’m more interested in what they achieve in lowering the costs of investing or participating in financial services than I am necessarily on what might be achieved for shareholders for the large institutions.
What do you have in mind when you are speaking about undertaking and leveraging broader fintech activities for the financial institutions? Let me assume you mean both banks and insurance companies; would that be fair?
Mr. Brazeau: Yes.
Senator Wetston: Federally regulated? Any comments on that?
Saskia Tolsma, Senior Economist, Financial Services Innovation, Financial Sector Policy Branch, Department of Finance Canada: Senator, there have been two policy drivers for our work as part of the fintech examination. At first we really heard from stakeholders there are impediments to financial institutions investing in fintechs and that is causing problems in the sector in terms of fintechs being able to access capital, able to grow their markets, Canadian fintechs potentially looking to move to other markets to grow their business.
Then throughout the course of the consultation we also increasingly heard from financial institutions that the financial sector is changing very rapidly, and there are increased opportunities for other major technology players to be innovating and offering services that might somewhat skirt different regulatory perimeters and offer services consumers are really looking for in a platform type environment. You can think of Amazon or Google -- many of the players in the financial sector think that is where the sector is going.
They indicated they are looking for broader flexibility to also position themselves to maintain their relationships with customers in this type of environment. Financial institutions have discussed with us the risks that other organizations, both national and international, have noticed with respect to the risks of disintermediation or unbundling of services.
These amendments are both responsive to trying to increase growth within the fintech sector in terms of increasing collaboration and partnership with individual fintechs and financial institutions and also ensuring Canadian financial institutions are well positioned to operate within a global financial system that’s changing rapidly along with rapidly changing demands of consumers.
Senator Wetston: I’m very supportive of the fact we have a very strong financial sector, banking sector, in Canada and probably insurance as well. I’m also a bit preoccupied with ensuring that competition is enabled in the sector for the benefit of Canadians.
Fintech has a lot of components to it, some good and maybe some more difficult to address, particularly when the environment for fintech is much less regulated. I know there’s a space for robo-advisors, online lending and cloud computing, and those types of services. Some of that is outside your space. We understand where that belongs, and some of it is regulated to some extent. I want to show you this article: Fintechs are a cyberdefence weak link, according to the Bank of Canada. You might have seen that in the Globe and Mail today. I took some interest and think it’s important for you to share with the committee your thoughts about the COO’s view of the risks associated with fintech firms, cloud computing and data provision that is not as regulated and raising those concerns in a Canadian context. Mr. Brazeau, if you have some thoughts about that?
Mr. Brazeau: Absolutely, that’s an important question and we are aware of the article. Both the Bank of Canada and OSFI are working with our federal financial sector players to increase cyberresiliency and that’s also happening at the HOA level, the heads of agency level. There is work under way to strengthen the cyberresiliency of Canada’s financial sector. OSFI also has guidelines in terms of outsourcing and cyberrisk which puts the burden on the federally regulated financial institutions to manage those relationships with outside players operating in the unregulated sphere.
In the context of our upcoming study on open banking, that’s an area where we’re seeing the current model where a lot of data is gained by screen scraping, which is a prevalent practice. You may know an app like Mint.com or others. You provide your username and password and their bots will use your credentials to access and scrape data from your account. Those bots are viewed by large financial institutions as cyber attacks. It is an unsecured method by which to gain information. In the context of open banking we’re looking at how we can secure information sharing to diminish that cyberresiliency risk. I think anytime you’re in the space of innovation there are new risks to be addressed. I think our concern is ensuring the regulatory framework addresses the risks while enabling innovation to go forward.
Senator Stewart Olsen: Thank you for being here; it’s quite informative.
I am concerned on the privacy issues, actually quite concerned. I hear new terms, cyberresiliency, and all of this. You had an interesting statement. You’re going to put the burden of the privacy issues on the federal financial institutions. Can elaborate on that?
I’m not meaning to put you in a bad situation, but is it perhaps because we’re not ready yet with the securities and with regulating fintechs — which seems to be something the open banking system is looking at — are we not putting the cart before the horse in opening up the banks and allowing them to transmit information to fintechs without the steps in place to provide the securities?
Mr. Brazeau: Thank you for the question.
I want to start by saying that even in the exchange of information as it happens now, and in the context of these new amendments, that exchange of information continues to be subject to Canada’s existing privacy legislation, and the protections that are inherent to those in that legislation.
The broader question of whether in the financial sector we should have specific privacy powers can be considered. I think in the context of the work we’re doing in open banking, we’re looking at whether there needs to be enhanced privacy rights in terms of the exchange of information.
This is an area with tremendous potential and fintechs have asked for this flexibility, because one of the biggest issues for fintech growth in Canada is access to capital. Having large regulated financial institutions be able to partner with them will provide them with that capital.
I think we will continue to manage the risks as we see them arising. I think we would be wary of wanting to take any steps that would limit the innovation potential the sector could offer.
Senator Stewart Olsen: I hear what you’re saying and I think it’s laudable, and certainly no one wants to stifle innovation, but I think we should be very cautious. People trust our banking system. They do. It’s well regulated. It’s an excellent system. When we move out into unregulated systems, I think there are some red flags.
As an aside, I would support Senator Ringuette. We need to talk to the Privacy Commissioner. Your answer was, everything is subject to our privacy laws as such. We need to know, are the privacy laws as such, do they cover this new, brave world we’re going into?
I realize that’s more of a statement than a question, but I wanted to share the concerns I have and am hearing.
Mr. Brazeau: Thank you for that. I think the question of privacy in this new world of increased data portability is a question the government is certainly attuned to. I know the minister of innovation, science and economic development and the department of innovation, science and economic development are looking at this issue in the context of reviews of our privacy frameworks, both the Privacy Act and PIPEDA. Those are questions that transcend the financial sector to other sectors as well.
Ms. Tolsma: If I may add, the provisions we have been referencing, the information processing and technology activities of banks, insurance companies and institutions covered under our statutes, date from 2001. The amendments before you just seek to take a more technologically agnostic approach. The existing provisions prescribed the type of technology to be used to undertake these activities, but these new amendments don’t fundamentally alter the type of activities that financial institutions can undertake with respect to the legislation.
I would also like to confirm that as part of the drafting of the amendments, our legal counsel consulted with legal counsel who are experts in the privacy law field. That consultation happened as part of the drafting process.
Senator Stewart Olsen: Thank you.
Senator Ringuette: Your comments bear in mind the security breach at Equifax and the number of Canadians whose private information was accessed. We find the only way that private information could be accessed is the Canadian banking system provided that information to this Equifax entity in the U.S., where our privacy law doesn’t apply.
It seems the question is going around and around in circles. There’s no legitimate, reassuring answer for Canadians out there in regard to their private information.
Madam, if you want to comment on the Equifax issue.
Ms. Tolsma: I think as a general context the Privacy Commissioner is alert to many of the issues you’ve highlighted. I understand their office is working to examine the existing privacy frameworks. This legislation is brought forward within the context of all existing legislation.
Senator Tannas: I think I’ve lost the plot. I just want to understand here.
What’s before us is a change in the law that would essentially allow banks to have ownership positions in fintechs, even if they don’t exclusively or almost exclusively do financial services. Period, full stop.
Again, we’ll get this in a confirmation from you. There’s nothing in here that is new that can’t already be done by banks with respect to the swapping around of our data. What’s happened here is a revelation that we’ve all realized — the light has gone on — that this is already going on and is perfectly legal, right?
In terms of what our job is here today, this is something for another day but it is something that, as a result of this, is highlighted. Have I got this right?
The Chair: Mr. Brazeau, did you wish to add something?
Mr. Brazeau: I was going to confirm that statement. As my colleague mentioned, the actual information sharing provisions have been in the act since 2001. What we’re doing is simply making the legislation more technology-neutral in those respects.
As I think we’ve discussed, the broader question of privacy and data portability is an important one that warrants discussion and one our department is apprised of in the context of our current study on open banking. It is a question the minister and Department of Innovation, Science and Economic Development are apprised of in terms of their review of the Privacy Act and PIPEDA.
The Chair: Thank you very much. That was a helpful exchange. I’ve spoken to the clerk and we will ask the Privacy Commissioner to come and share their views. That’s very helpful.
Senator Wallin: You’ve referenced, a couple of times, that information sharing has been allowed since 2001. Was that related to 9/11? Did something happen then that encouraged us to share to help get through the crisis?
Ms. Tolsma: I think, senator, the reforms in 2001 were really about adapting the framework so financial institutions could undertake data processing and IT-related activity.
Senator Wallin: It wasn’t about crisis?
Ms. Tolsma: No, it was about the business environment.
Senator Wallin: As a follow-up to the last four questions, maybe I missed it in your response to Senator Wetston, but do you proactively now work on regulations? We’re all reading the Globe and Mail and having our study on cybersecurity here at this committee, et cetera. Are you, amongst yourselves, regardless of what direction you’re getting, saying this is something we have to get a handle on and the faster we do it, the better? Are you doing that proactively?
Mr. Brazeau: We are doing that proactively. The broader mandate for cybersecurity lies with Public Safety. Specific to the financial sector there are a number of work streams underway, internal with government and international partners, in terms of looking at and strengthening cyber-resiliency in the financial sector.
Senator Wallin: What do we need to wait for, for you to put those forward?
Mr. Brazeau: I think those are ongoing discussions. We can certainly circle back with Public Safety. There are work streams the department doesn’t lead on those issues. Work streams in terms of what’s happening at the G7 and G20 are public.
Senator Wallin: I’m trying to figure out when we might next get the chance to look at this. Is it next budget or in the middle of the cycle? How does this work?
Mr. Brazeau: I can get back to you in terms of specifics.
Senator Moncion: For financial institutions?
Senator Wallin: Yes.
I have a separate but related question. It’s the question on the credit unions. As I’m sure you may be aware, we’ve taken a lot of testimony on this. I don’t want to sound pejorative, here, but can you assure us that the harassment element for credit unions has been alleviated with clause 352?
Mr. Brazeau: We have consulted closely with the sector, including the CCUA and others. Our view is we have stricken the correct balance in terms of their ability to use those terms. In my remarks, I also spoke to new tools for OSFI in terms of enforcing. Currently their tools are criminal in nature which is a blunt tool to use. The new tools will allow them to put out orders of compliance up to certain administrative monetary penalties. We think it’s clear the legislation that credit unions, including the Alberta Treasury Board and federal and provincial trust and loan companies, can use the flexibilities.
Senator Wallin: As long as the “b” is small, it works?
Mr. Brazeau: Disclosure, we think, is still an important component of these new permissions. We think Canadians need to continue to be aware of the type of institution they’re dealing with. But subject to these amendments passing, we will continue to work closely with the sector to see what is within the range.
The Chair: Mr. Brazeau, if you would be good enough to follow up with Senator Wallin’s request respecting the cybersecurity issue, that would be helpful on a timely basis as this committee is currently studying that.
Mr. Brazeau: Absolutely.
[Translation]
Senator Moncion: I would like to talk to you about cybersecurity. I worked in financial institutions for 38 years, and I know a lot about the security of computer and banking systems, as well as the information sharing taking place. When we talk about regulating the cybersecurity of financial institutions, given the costs associated with attacks, financial institutions are extremely careful about how they operate their computer system. They have very powerful systems that are verified every minute or every second because there are millions of attacks every second launched against those systems.
That is not an area of concern for me. I am more concerned by the work done when it comes to the people who launch those attacks. I hope that this is an area of focus for the federal government, the G7 and the G20 in terms of cyberattacks, and not financial institutions. I would like to hear your thoughts on that. Reassure me because you are getting involved in issues that do not concern you. I would like you to reassure me by confirming that you have a much broader view of the cybersecurity of financial institutions.
Mr. Brazeau: Thank you for the question. The government is working on two fronts. First, it wants to ensure that we are collaborating with financial institutions to make sure they are continuing to use very safe networks. I agree with you. There is also a risk in terms of reputation. That is why they invest a lot of money to ensure that their infrastructure is secure.
The government is also examining broader issues. I am not personally involved in the discussions on cybersecurity and the discussions held with Public Safety Canada, but it would be my pleasure to give you more details on what is happening in a more global sense in the cybersecurity file when I return to the committee.
Senator Moncion: Thank you.
[English]
The Chair: That would be helpful. Thank you.
Now, Mr. Brazeau, you have to go, I understand, just before the second round of questions.
Mr. Brazeau: I do.
The Chair: Thank you very much for your presentation. When you have to leave, you have to leave.
Senator Wetston: I’ll be brief. This is probably a question for Mr. Brazeau, but that’s okay.
I see this as a double-edged sword. I think you would know where I’m coming from. Fintechs will not thrive without data. If they don’t have data, they can’t innovate. We know the financial institutions have a lot of data. I think the challenge is to ensure they have the data but also the opportunity to innovate and deal with privacy protections. I know that’s nothing new to you and you’re thinking about it.
The second part is the EU is further ahead on this. You may not agree with what they’ve done and I’m not suggesting you would. They’re further ahead on fintech adaptation and privacy protection, from what I can see. I know you have studied that. Do you have any comments?
Ms. Tolsma: Thank you, senator.
We are alive to the issues you’ve outlined and the need to balance them. As Mr. Brazeau indicated, the government has announced its intent to study the merits of open banking and its possible benefit in Canada. As part of that, the department is undertaking work with partners such as the U.K., the EU and likely Australia with respect to their initiatives.
The need to balance access to data and the imperatives to structure an ecosystem that remains innovative and allows competition for third parties in a system that is sufficiently, safe, secure and endows the trust of those using it — their initiatives are seeking to balance those same issues.
We’re looking at them as world-leading examples, and we are looking to examine the implications of their initiatives, whether something similar could happen in Canada and how that could be adapted to the Canadian context, and drawing on their lessons learned. Absolutely.
[Translation]
Senator Ringuette: Mr. Dussault, please correct me if I have misunderstood your earlier comments, but I thought you said that, as part of your bureaucratic vision of the three statutes, including the Bank Act, you will soon make other recommendations. Did I understand correctly?
Mr. Dussault: Yes, you understood correctly, senator. Thank you for your question. The government announced in the latest budget that it would propose priority amendments in the four areas you are considering today and that other amendments to statutes would be proposed in subsequent legislative vehicles. The government has identified certain areas where consultations have already been held — for example, the governance of financial institutions. We generally follow amendments made to the Canada Corporations Act, so those amendments will have to be looked at in the context of financial institution statutes.
We are also especially focused on maintaining the strength of our prudential legislative framework. So there are legislative amendments to consider in that respect, but in very specific areas that are separate from what you are studying today.
[English]
Senator Ringuette: Then we’re faced with another issue in regard to our status as senators. Within this bill, you are saying that not only will we not review these three acts in 2019, as we should, we’re saying that we’re going to be able to review only five years after enacting this bill. Meanwhile, the bureaucracy of the Department of Finance Canada, will continue to do a review.
As a parliamentarian and wanting to serve highly my obligation, why are you substituting my obligation as a parliamentarian for your work in the bureaucracy of Finance?
Mr. Dussault: Thank you, senator. Let me clarify. We are presenting in this bill four amendments in four priority areas that reflect what we heard from stakeholders and from consultations. Now the government is committed to presenting subsequent legislative amendments to legislation as well that would go to Parliament in other targeted areas. The areas mentioned in the budget were governance and prudential measures, and parliamentarians will see these measures.
Senator Ringuette: Our mandate is to completely review these bills, not to have bits and pieces coming from your review.
The Chair: Thank you, Senator Ringuette.
Senator Stewart Olsen: You made the statement that Canadians will be asked whether banks can share their information before they do. Are you planning any kind of education to Canadians, because this is a big change? I seriously do not think Canadians think or even are aware that banks will be sharing their information with Google, fintechs — with whomever. That’s my preoccupation.
How many Canadians do you think will sign that piece of paper in the bank that banks can go ahead and share that info?
Senator Ringuette: Without reading the fine print.
The Chair: Is that a rhetorical question?
Senator Stewart Olsen: No, that’s a question.
Ms. Tolsma: Again, the Innovation, Science and Economic Development Canada is the lead on Canada’s privacy framework. The privacy framework stipulates consumer consent is required for all private-sector collection, use and disclosure of personal information. It is required to identify the purposes for which the information is collected under a fair and lawful means.
Senator Stewart Olsen: I got you. Thank you.
The Chair: Thank you very much.
We will move on now to another panel to a study of Division 12, having to do with the Communications Security Establishment. I’m pleased to welcome, from the Communications Security Establishment, Scott Jones, Deputy Chief, IT Security; and from Public Safety Canada, Colleen Merchant, Director General, National Cyber Security Directorate. Also, from Shared Services Canada, we have Pankaj Sehgal, Assistant Deputy Minister, Cyber and IT Security.
Please proceed with your presentations, and then we’ll move to questions.
Scott Jones, Deputy Chief, IT Security, Communications Security Establishment: Mr. Chair and distinguished committee members, thank you for inviting me to speak alongside my colleagues, Colleen Merchant and Pankaj Sehgal.
As you know, cybersecurity was a significant element of Budget 2018. We are pleased to appear before you today to discuss how provisions in Bill C-74 will help implement these important measures, investments.
[Translation]
I will keep my comments brief, but I will take a few moments to provide you with an overview of the relevant provisions in the Budget Implementation Act, 2018. Division 12, part 6, of Bill C-74 provides for the transfer of employees to the Communications Security Establishment from Public Safety and Shared Services Canada for the purpose of establishing the Canadian Centre for Cyber Security. The centre was announced in budget 2018. These administrative provisions will ensure that we have the authority to move forward with the consolidation of the Centre for Cyber Security, bringing together the Government of Canada’s highly skilled cybersecurity workforce under one roof. As such, these provisions are critical to ensure the smooth implementation of the centre.
[English]
First, subclause 265(1) providesthat employees previously employed by the Canadian Cyber Incident Response Centre or CCIRC at Public Safety and the Security Operations Centre or SOC at Shared Services Canada become part of the CSE when this provision enters into force.
Subclauses 265(2) and 265(3) ensure when employees of Shared Services Canada and Public Safety are transferred to CSE, nothing changes in their employment status. Clauses 266(1) and 266(2) both provide for the transfer of information from the CCIRC and the SOC to CSE. Plainly stated, this provision will ensure that CCIRC and the SOC can bring the resources and data required to do their important cybersecurity work with them when they join the cyber centre.
This will ensure continuity in the work of CCIRC and the SOC.
Finally, clause 267 states these provisions come into force on a day set out by order of the Governor-in-Council.
[Translation]
The establishment of the Canadian Centre for Cyber Security is a milestone in cyber resilience in Canada. The consolidation of this workforce will provide leadership and clarity to stakeholders across government, international partners, academia, and the private sector, building a collaborative environment with the aim of tackling the biggest cyber challenges facing Canadians today. It will also lay a strong foundation to deliver on Canada’s new cybersecurity strategy.
[English]
Thank you for your interest, and we’re looking forward to answering any of your questions.
The Chair: Thank you, Mr. Jones.
Are there any other presentations? If not, let’s move to questions.
[Translation]
Senator Dagenais: Thank you to our guests. Can you tell us what the benefits of bringing together different security and cybersecurity organizations will be?
Mr. Jones: First, during the consultation period organized by Public Safety Canada, the private sector clearly indicated that the federal government’s leadership should be clear.
[English]
One of the difficult pieces was knowing which door to walk in. First, you’ll have a clear front door to come in for any operational cybersecurity matters. The second benefit is there is a certain amount of friction when you’re working between three different organizations, no matter what. We’ve really worked hard in place to overcome. Putting people together gives you that ability to move very quickly and respond as a cohesive team.
The third piece is we can now state with one single authoritative voice, guidance that’s very clear, all the way from citizens up to critical infrastructure and other levels of government. We bring the best of the federal government with one clear voice. It’s those three clear pieces that we’ll bring together with the cyber centre.
[Translation]
Senator Dagenais: So the goal is to avoid frictions between various security organizations. But who will be in charge of that new security organization? Will it be the Department of Public Safety or the Cyber Crime Centre?
[English]
Mr. Jones: CSE will remain as part of the ministry of national defence and report to the Minister of National Defence. With the Canadian centre for cybersecurity being underneath that, it will remain there. Of course, that doesn’t change the fact the Minister of Public Safety has broad responsibilities for critical infrastructure.
We continue to have a strong partnership with Public Safety. In fact, Public Safety is also the lead for strategic cybersecurity matters, for example, cybersecurity policy, et cetera and ensuring it aligns with the critical infrastructure.
One of the biggest challenges with anything to do with the word “cyber” is that it means everything at the same time. With it being such a horizontal issue, all departments have something to do with cybersecurity. If you’re a lead sector department, for example, Natural Resources Canada you have sector responsibility. We just heard from Finance or the Bank of Canada for that sector.
Cybersecurity is a team sport. This is about getting the protection team, the defence team on one playing field so we can work together and then support the other areas.
[Translation]
Senator Dagenais: Thank you very much, Mr. Jones.
[English]
Senator Stewart Olsen: Thank you for being here. What we’re talking about with security, with banking information, citizens banking information, I won’t ask you for your opinion on the safety because that’s probably not fair. But has it been talked about in your department? All of these new changes to acts and budgets, where people’s privacy and security will be, will that come to your department as they are being proposed and worked on? Is there a plan in place for them to bring, say, a change to the Banking Act or a change to information availability? Do you see that in your mandate?
Mr. Jones: The way we’ve worked is try to provide information to all sectors in terms of a general level of cyberresilience and cyberinformation to improve privacy and overall cybersecurity protections.
In terms of specific changes, there are various forms for consultation within the government. I wouldn’t see it as an explicit check in terms of the legislative boundary. That tends to follow a very strict process. Certainly we are looking to work with all sectors, including within and outside the government, and building on some of the strong work Public Safety has led over the last few years in terms of increasing the resilience of cybersecurity.
Senator Stewart Olsen: Will people have to come to you or will you take the initiative and oversee what’s happening in government?
Mr. Jones: I think we’re looking to do both. For the defence of government, this will be the place in terms of blocking, of protecting the government, providing advice and guidance. That doesn’t alleviate the government itself from, as you’re building IT systems, thinking of cybersecurity. It’s a collective responsibility. This will not absolve, for example, my friends at Shared Services Canada will still have to ensure cybersecurity is built in as they’re bringing forward any new programs. There’s a critical role there, same as in the private sector.
In terms of advice and guidance, best practices and threats, we would look to be both proactive but also encourage people to ask us any questions preoccupying their thoughts so we can be as proactive as we can. They know their environment the best. It’s going to be have to be a tight collaboration.
Senator Tkachuk: I’m going to jump one step.
The social insurance number used to be the way you kept your secure accounts with the government. It was only used only by government at one time. Then all of a sudden real estate agents started asking for it and people who want to rent an apartment, and now everybody has your social insurance number.
Is anything secure anymore? I feel that nothing is private, that everything is public. I think it’s just too easy to get into medical records. How confident are you that Revenue Canada is secure? I have no confidence in it at all.
Mr. Jones: I think there are a lot of people who have said that we’re in the post-privacy era. I’m not sure I’m willing to cede my privacy quite yet.
One of the key things is we have to ask a lot of questions about how our data is being used. One of the trends is Canadians tend to voluntarily relinquish their information; for example, that social insurance number when you’re looking to rent an apartment so they can do a credit check. Is there a better way? I think that’s what industry is starting to wake up to.
One of the challenges we face now is it’s very much seen that as cloud computing rises, as we see more consolidation, the line in the security community is identity is the new perimeter. You can’t ring a fence of protections around a computer system inside a data centre and inside a building. It’s very much about how you identify yourself. That is a challenge.
The Government of Canada have worked hard to increase security, cybersecurity and resiliency. Specific departments have made some incredible investments. I know, certainly amongst my Five Eyes allies, we’re looked on with envy in terms of the investments we’ve made and the progress we’ve made with the consolidation under Shared Services Canada as very much one of the leaders in terms of protecting the government and taking it seriously.
The fact is cyber evolves quickly and we can never rest on our laurels. We try to challenge ourselves. I feel the Government of Canada has taken it quite seriously and is investing. I have proof. I have numbers that show the successful exploitation has significantly dropped in the last seven years.
Senator Tkachuk: When I phone Revenue Canada, no one wants to really talk to you. When you phone Revenue Canada, it’s all about going here, and then you go somewhere and you find out you’re in the wrong place and you have to start over again and the phone rings. Then they say, “If you really want help, why don’t you go to this website.”
People are led to websites. I don’t think websites are secure. That is my feeling. I can’t see it. I suppose other people think that they are. I think the more government uses technology, the more exposure they have, the more possibility it will all be gone some day is what I’m getting at. I think that’s where we’re going. I don’t think there’s a way to stop it. I know you feel secure about it, but everybody always felt secure about bank records and credit card records, and all of that has been totally destroyed. It doesn’t happen anymore. I’m very concerned. I just don’t know if we can do anything about it.
Mr. Jones: I think there are quite a few things. Certainly we’ve been caught in a technological shift where cybersecurity and the impacts on privacy weren’t completely well understood in the private sector, et cetera, in the race to implement new features and new ways of interacting. We’re seeing the industry in general taking a step back and saying, “How do we protect? How do we protect information in the cloud?”
One of the things that I’ll say, and I agree with you, senator, it’s very clear there will be breaches. No matter how good your system is, with enough time and money you can always get into the system.
Technology is like encryption. It can protect the data when it’s sitting somewhere. Even if you get it, it’s encrypted so you can’t read it. We have deployed technology and methods to protect information so that even if you do get in, it’s gibberish.
I think there’s a lot of new technology. There’s a lot of advancements in the industry that can help better secure the information. It’s one of those areas where you always have to be vigilant and have to make sure you’re protecting what’s really important.
Senator Tkachuk: You use the word “cloud,” which is a great word to use from whatever marketing guy thought it up. It is just stored in another computer.
Mr. Jones: Exactly.
Senator Tkachuk: I understand the cloud has wonderful opportunities for shared information. For example, people can get copies of X-rays and all of those beautiful things. Why urge people to share their pictures in the cloud? Why don’t they just put it on a small hard drive on their own computer and save it in case their computer goes down, which is the only reason you’re doing it anyway?
People are promoting it and government does nothing about it. There’s no information out there saying, to be secure, don’t do this; to be secure, this is the way you save information. What you want public, you’ll have to decide, but once you do that it can be public. People are putting up their baby pictures and everything. I find it insane. But you’re promoting it that way.
Mr. Jones: I’m probably stepping a bit into the Privacy Commissioner’s space here. I'd better be careful.
Senator Tkachuk: That’s okay.
Mr. Jones: I think the key thing is it’s very much about being informed and making an informed decision. You’re right, when people are posting that information, they’re sharing it openly, they’re using some of these shared services, and we’re not making people aware, or the services are purposefully hiding the fact they’re collecting this information for another purpose. There is nothing free in this world. I think that’s something where we seem to be willing, for a small amount of storage and an email address, to give away an awful lot of our private information. There needs to be more discussion around that.
In terms of the hardcore cybersecurity protections from external hackers and things like that, there are a lot of security measures the cloud brings that scale, and because you have scale, when you upgrade you never get behind.
A few years ago, every compromise from the government was because we didn’t do the top 4 of the top 10 actions, one of which was patch and update your systems. Cloud takes care of those types of things. For organizations that aren’t IT and don’t have a large IT enterprise, it can save them from that.
But you’re right, if you put bad IT in the cloud, it’s still bad IT. If you put bad security in the cloud, it’s still terrible security. If you choose to surrender private information and hand it over to a private company, you’ve done that. I think that’s part of the awareness that needs to be brought up for ordinary Canadians.
Senator Ringuette: I want to thank you, Mr. Jones, because you’re probably the most candid person who can explain to us in layman's terms the cybersecurity threat and what you’re doing about it. I wish they would send you on a tour across the country to talk to our citizens.
When you mention providing for government cybersecurity expertise and recommendations, does that include Crown corporations and government institutions? There are a few schedules of them. When you say “government,” does that include the whole gamut of Crown corporations and government institutions?
Mr. Jones: In the context of the Canadian Centre for Cybersecurity, it would be all of those entities plus the private sector and down to general citizens in terms of providing advice and guidance.
Today, CSE makes all our advice available on our website. General security advice, policies and what you can do about, for example, password advice or securing your telephones, things like that. We make advice available on our website for those types of things. We try to tweet it out and a few other things.
Senator Ringuette: I still believe you should physically go on a cross-country tour, but that’s another issue.
Mr. Jones: I’m a little concerned that now, in terms of being very courageous, I’m in the “yes, minister context.” The issue is we have to get that information out in practical terms. Your point is right on.
Senator Wetston: Sorry, I was late. I have your statement. You’ve been here before. We appreciate you coming back again. The information you provided was very helpful for our study on cybersecurity.
We’re well aware of setting up the centre and the budget, and there has been lots of discussion about it. We may have even chatted about it last time. I can’t remember.
I’m interested in what’s going on internationally and how you feel the centre will dialogue. You mentioned it at the end of your remarks. These threats are obviously not just domestic, and we know that.
How are you going about what you are able to do internationally with respect to this space? It will obviously allow both the centre to succeed in its objectives and protect institutions and Canadians with respect to the additional objectives and money that’s being spent on this.
Mr. Jones: Thank you. I think we actually are quite advanced in the international realm. For example, if I start with the Canadian Cyber Incident Response Centre, they have an active network with computer emergency response teams from across the world. I think Colleen probably knows the exact number; I’d be afraid to put it on record from my memory. They actually have a lot of ability to share information but also to ask for assistance if we’re seeing incidents.
When you go into the general international business community, we’re working with the larger corporations in terms of how we can share information and provide unique advice, all with the goal, frankly, of working with Canadian corporations to boost their security and the safety of the information we hold.
Then you have our traditional allies in the intelligence community. The Five Eyes are very important but we need to expand beyond that. My organization runs a few different programs. For example, we have the Common Criteria program. That’s with 26 or 27 nations from around the world to talk about how we can make products better from the start. Cybersecurity is baked in and then that needs to expand.
As we look to partner with and support our colleagues in law enforcement, whom I’m remiss in not mentioning — law enforcement is actually a very effective measure. We need to support our friends in the RCMP and the other jurisdictions in being able to respond to cybercrime.
Senator Wetston: I know this is really focused on the budgets committed to the centre for cybersecurity and how you’re going to transfer employees, et cetera. It was clear to me in our last discussion with regard to cybersecurity, it came out that one of the concerns was cybersecurity is very much a defensive strategy. It should be more offensive. Not offensive in that way, but more offence. There have to be some hockey players who represent what I’m trying to say.
Would the centre and what you’re attempting to do with the centre, with the co-operation and collaboration with your international colleagues, allow for developing standards that would have more of those attributes rather than just patch, or develop the tools that you need as a defensive strategy?
Mr. Jones: I think it starts with building resilience and having better products better secured from the beginning. That would be something we could do internationally.
Then you go into the defensive measures, as you said. If you’re playing and every shot is coming at you, eventually something is getting through.
Then there are the more proactive measures you can take but it’s still on your network. When you get into the countermeasures and more of the online activity, it’s starting to move into the realm of the Bill C-59 that’s proposed under that legislation and as part of the CSE Act with things like defensive cyberoperations, where you’d be able to more proactively defend. That’s something still before the house; it just got referred back from committee.
I think that’s one of the aspects of adding more tools into the toolbox. It’s not a cure-all. The best is to increase resilience so you’re a harder target which means every time you increase resilience you eliminate a whole class of less sophisticated actors.
That’s really got to be the goal if only the most sophisticated can attack, then they have to make a decision: Is it worth the expense? If we start to talk in those terms and increase our resiliency, then you can look at when you need to do something in the more active end of the spectrum. I think that’s key.
Senator Wetston: It might be worthwhile for organized crime but not for hackers just attempting to disrupt the system.
Mr. Jones: Potentially, yes.
The Chair: Thank you very much for the presentation. This was very helpful to us. I appreciate all three of you being here.
We’re now going to deal with division 19, having to do with the Canada Pension Plan. I’m pleased to welcome, from the Department of Finance Canada, Galen Countryman, Director General, Federal-Provincial Relations Division. From Employment and Social Development Canada, we have Marianna Giordano, Director, CPP Policy and Legislation. And from the Canada Revenue Agency, we welcome Danielle Héroux, Director, CPP/EI Rulings Division.
Let’s have some presentations and we’ll move to questions.
[Translation]
Marianna Giordano, Director, CPP Policy and Legislation, Employment and Social Development Canada: Bill C-74 proposes amendments to the Canada Pension Plan pursuant to the agreement in principle unanimously concluded by Canada’s finance ministers in December 2017.
Those amendments do away with the reduction of the pension for young survivors and set the death benefit amount to $2,500 for all eligible contributors. That will mainly benefit low and modest income families. In addition, the amendments provide for a top-up disability benefit for disabled individuals under the age of 65 who are receiving a retirement benefit.
The bill also implements allocation mechanisms to protect benefits as part of enhancements to the Canada Pension Plan for persons with a disability and for parents whose earnings decrease when they take time off work to take care of young children.
In addition, this bill maintains the transferability between the Canada Pension Plan and the Quebec Pension Plan in the wake of enhancements made to the latter. It also authorizes regulation-making to support the viability of enhancements to the Canada Pension Plan.
[English]
These amendments will provide additional support to Canadians and their families and will be especially beneficial to women as they are more likely to reduce their work to care for young children, wed at a young age or collect a disability pension.
In addition, integrating the Canada Pension Plan and the Quebec Pension Plan enhancement ensures the full portability of enhanced benefits across Canada and all workers.
As well Canadians can rest assured the fully enhanced CPP will remain well funded over time, providing them with benefits they can count on.
I’m happy to answer any questions you may have.
The Chair: Is anyone else making a presentation?
Ms. Giordano: No.
The Chair: Thank you very much.
Senator Wetston: I want to thank you for coming. I want to understand the approach you’re taking with regard to the $2,500 death benefit amount. I take it that’s a flat rate of payment and it’s not indexed to inflation. Is it not indexed to inflation or is it indexed to inflation?
Ms. Giordano: It’s not indexed to inflation.
Senator Wetston: Why not?
Ms. Giordano: Unfortunately, a meaningful increase of the maximum death benefit — if we were to increase it to inflation — would be quite expensive and would increase the contribution rate above the legislated contribution rate of today.
Senator Wetston: But it was higher at one point, was it not? Pre-1997, it was around $3,000 and something.
Have we run out of money?
Ms. Giordano: Pre-1987, the death benefit was ten per cent of the year’s maximum pensionable earnings. Every year, the death benefit increased with the year’s maximum pensionable earnings. In 1997, the government took measures to get the CPP back on track because it was in a difficult financial state. We went from pay-as-you-go program to a partially funded program. A lot of measures were reduced and benefits were changed in order to keep the program afloat. We also increased the contribution rate for a number of years. For about six years, it went up quite steeply to ensure the program was afloat. The whole package was put forward at this time with no increase in contribution rates.
Senator Wetston: I see. That’s the trade off here, as I understand what you’re saying.
Ms. Giordano: Right. It’s a balance of priorities.
Mr. Countryman: I’ll add one more piece. The change we’re making to the death benefit will benefit those with the lowest income because, right now, it is a percentage, up to six months. It will bring it to a flat rate. Those in the very low-income range will benefit from the measure. It’s a small, modest measure, but they will benefit.
Senator Wetston: What is the low-income range? Do you know the number?
Ms. Giordano: Right now, the benefit is six months of someone’s retirement pension, up to a maximum of $2,500. For those who are under, it will bring them up to $2,500.
Senator Wetston: So they benefit from that. My last question — and you probably won’t be able to answer this — why is the CPP death benefit treated as taxable income? You just can’t win, can you?
Senator Wallin: Thank you. That’s an excellent question.
Ms. Giordano: All CPP benefits are treated as taxable income. When you contribute to the CPP, you get a tax exemption. When you get the benefits, they are taxable.
Senator Wetston: I’m not going to say anything because, if I did, it would be tongue in cheek, and you wouldn’t appreciate it.
The Chair: Good try.
Senator Tkachuk: Did the Canada Pension Plan just buy a piece of property from Bombardier?
Ms. Giordano: That would be the Canada Pension Plan Investment Board, which is an arm’s-length agency. I couldn’t tell you exactly what their investment portfolio is at this time. We don’t manage their investments.
Senator Tkachuk: Maybe we could have them here to talk about that, someone who could answer those questions.
The Chair: We can take that away to steering for consideration.
Senator Wallin: To fund the death benefit, is that what you mean?
Senator Tkachuk: Yes.
The Chair: We’ll take that away, and steering will consider that, senator.
Senator Tkachuk: Okay. Thank you.
The Chair: You were so clear and succinct and to the point that you’ve answered the questions. Thank you very much for being here.
(The committee adjourned.)