THE STANDING SENATE COMMITTEE ON BANKING, COMMERCE AND THE ECONOMY
EVIDENCE
OTTAWA, Wednesday, December 10, 2025
The Standing Senate Committee on Banking, Commerce and the Economy met with videoconference this day at 2:01 p.m. [ET] to study the subject matter of those elements contained in Divisions 4, 9, 10, 11, 12, 13, 14, 15, 16, 17, 22, 23, 37, 39, 43, and 45 of Part 5 of Bill C-15, An Act to implement certain provisions of the budget tabled in Parliament on November 4, 2025.
Senator Clément Gignac (Chair) in the chair.
[Translation]
The Chair: Good afternoon, colleagues. My name is Clément Gignac. I am a senator from Quebec and chair of the Standing Senate Committee on Banking, Commerce and the Economy. I extend my welcome to all of you, both those who are in the room with us and those listening to us online at sencanada.ca. First, I will ask my colleagues to introduce themselves.
[English]
Senator Varone: Toni Varone, Ontario.
Senator Yussuff: Hassan Yussuff, Ontario.
Senator C. Deacon: Colin Deacon, Nova Scotia.
[Translation]
Senator Surette: Allister Surette from Nova Scotia; I am replacing Senator McBean.
[English]
Senator Wallin: Pamela Wallin, Saskatchewan.
[Translation]
The Chair: Thank you, colleagues.
We continue today the prestudy of Bill C-15. Our committee received an Order of Reference requesting that we examine and report on the subject matter of those elements contained in Divisions 4, 9 to 17, 22, 23, 37, 39, 43 and 45 of Part 5 of Bill C-15, An Act to implement certain provisions of the budget tabled in Parliament on November 4, 2025.
Today’s meeting will be divided into three panels, followed by a subsequent meeting of two panels. We first begin with two witnesses representing the Bank of Canada, here to discuss Divisions 9 and 45 of the bill. I welcome Ron Morrow, Executive Director, Payments, Supervision and Oversight, and Ms. Anne Butler, Managing Director, Supervision Department.
I believe you have opening remarks. You have the floor.
Ron Morrow, Executive Director, Payments, Supervision and Oversight, Bank of Canada: Thank you very much, Mr. Chair and distinguished members of the committee, good day.
[English]
Thank you for inviting us to be here today to talk about two new responsibilities for the Bank of Canada, which were proposed in last month’s federal budget: implementing consumer-driven banking and regulating stablecoins.
Let me start by saying that the fundamental role of the Bank of Canada is to maintain trust in the monetary system. Safe and reliable monetary systems support the efficiency of every economy. They are a pillar of trust and stability that support economic and financial well-being.
Consumer-driven banking, also known as open banking, is a system that enables consumers and businesses to share their financial data with approved service providers of their choice. Giving Canadians greater control over their financial data opens the door to new financial products and greater choice between providers.
[Translation]
Consumers would also have access to more customized and cheaper products and services. In order for this innovation to serve the public, it must be secure, stable and reliable.
[English]
Specifically, it must address risks related to the security of financial data, national security, consent and liability.
Budget 2025 proposes that supervision of the open banking regime be given to the Bank of Canada. Specifically, the budget taps the bank to develop a secure framework that would establish a path to entry for financial service providers through an accreditation regime. The framework would also establish baseline rules for participants to address all of the risks I just outlined.
This would leverage the capabilities the bank developed when we took on the registration and supervision of retail payment service providers. This includes working closely with industry stakeholders and financial service providers, which would be a vital part of our playbook to bring open banking to Canadian consumers and businesses.
While the federal budget was tabled just over a month ago, we’ve already started to lay the groundwork. Our colleagues at the Financial Consumer Agency of Canada and the Department of Finance Canada are being very helpful in passing along their knowledge so that we can move quickly to take on this new role, should Bill C-15 come into force.
[Translation]
Let’s now turn to the other proposed new area of responsibility for the bank: the regulation of stable cryptocurrencies. As with the open banking system, we need to identify and mitigate the risks to the public, our businesses, our economy and our financial system.
[English]
The goal is to ensure that Canadians can leverage the innovation of stablecoins and do so safely. It’s important for Canada to have its own regulatory framework for stablecoins. In Budget 2025, the government announced its intentions to do just that, with the Bank of Canada as the regulator. The draft legislation lays out the core elements of the framework. The proposed stablecoin act will regulate stablecoin issuers, and retail payment legislation would be amended so that it applies to stablecoin payments.
The framework would require issuers to go through a rigorous approval process and satisfy stringent prudential and operational requirements. Approved entities would then be subject to ongoing supervision and oversight by the Bank of Canada.
In closing, with the passage of Bill C-15, we would work in close consultation with a wide range of stakeholders and the Department of Finance to develop robust, made-in-Canada approaches to open banking and stablecoin regulations. And we would do so in a way that achieves the twin goals of fostering innovation and competition in financial services and preserving the stability of our monetary system.
Thank you very much. My colleague Anne Butler and I would be very happy to respond to your questions.
The Chair: Thank you for your opening remarks.
Colleagues, we have 40 minutes left. What I propose is maybe five minutes each for the first round, and we will probably have time for a second round. We will start with our deputy chair, Senator Varone.
Senator Varone: I’m going to start with Division 9, and it includes the definition of “authentication information.” Over the years, it started with passwords, and then the passwords had to include eight letters and an ampersand or something that was different, followed up with a password and then two-factor authentication. Then that was abandoned, and now it’s Face ID with something else. And every bank is different.
From a consumer perspective, has there been any thought in regulating what is a password and what are the optimum methodologies that keep consumers safe but, by the same token, aren’t a burden to remember what it is that you’ve got to remember? Personally, I’ve been caught in situations where the 10 different passwords I use are no longer working, and it takes an hour and a half to reset everything, and you just wonder whether the burden is worth the security. Are there other things that can be regulated as we are changing this to protect consumers but also assist them?
The Chair: Just a reminder to my colleagues that our guests are more focused on Divisions 9 and 45 [Technical difficulties].
But feel free to answer, if you want to answer that question.
Mr. Morrow: I would be happy to respond. I’m not aware of any initiatives that have been undertaken to try to harmonize or come up with or develop a best practice around passwords and authentication. It could exist. I’m just not aware of it.
But I do know that with the consumer-driven banking approach, when a consumer wants to authorize a service provider to access their banking information, they would give their consent explicitly to the financial service provider. They would then be directed to the portal for the financial institution where the information is coming in from. They would enter their credentials, and that would authorize the sharing of the information.
The only comfort I can give in this instance is it’s not a new set of passwords. It’s the existing set of passwords that consumers already have for accessing their banking information which would be used in this instance.
Senator Varone: And you think that is sufficient for an open banking platform?
Mr. Morrow: I think it’s sufficient. Banks take the security of their banking systems very seriously. They put a lot of thought into the required level of authentication that they require to be able to verify that someone logging into a bank account is indeed the authorized party to access that account. So I think it’s sufficient for these purposes. But I think your underlying point is well taken that it would be helpful from a consumer point of view if there were a more streamlined or common process for this type of thing.
Senator C. Deacon: Really nice to see you, Ms. Butler and Mr. Morrow. I want to start by asking you to recap a bit of what you’ve done over the last three or four years with the Retail Payment Activities Act, or RPAA. I think it establishes for the committee the credentials that the bank has established as a regulator in this newly emerging space and your knowledge of the groups in this space.
Mr. Morrow: Thank you very much.
Senator C. Deacon: And I’ll just add: It was extremely well received by the regulated bodies, which are the groups that were going to be regulated under the RPAA.
Mr. Morrow: Thank you very much, Senator Deacon. We just recently went live in September. We actually formally started supervising payment service providers. About 1,500 payment service providers have registered to be regulated by the Bank of Canada. Those registrations are being processed. There are actually 700.
Anne Butler, Managing Director, Supervision Department, Bank of Canada: Just under 700.
Mr. Morrow: Just under 700 have been fully registered with us and have passed the national security screening. But to get to that point, as the regulations were being developed for this regime, we set up some consultative bodies with the industry. We had ideas of what we thought the regulations should look like and how they should function. It was a great opportunity for us to get feedback in terms of: “We understand what you’re trying to achieve with these regulations — please don’t do it this way; do it this way instead. And that will work much better for the industry and give you the outcome you’re hoping for.” So it was very constructive from that point of view.
The good news is when we look ahead to our new responsibilities — especially consumer-driven banking — there has already been a lot of consultation that has taken place. The Department of Finance has heard from many, many people on this. We’re in the process of learning from them, but I would expect we will need to be equally consultative as we think through regulations for open banking and stablecoins.
Senator C. Deacon: Thank you for that. That background is useful for the committee to have.
On open banking, we had the opportunity to speak with the Senior Deputy Governor of the Bank of Canada when she was here with the Governor of the Bank of Canada a few weeks ago, and she indicated that the bank very much understood that there may be a lot of overlap between registered companies looking to be part of the RPAA, part of open banking or consumer-driven banking and part of stablecoins. Can you speak a little bit to how you see yourself handling that transition to two additional areas of oversight and trying to enable innovators to continue to innovate while keeping Canadians safe?
Mr. Morrow: Yes, absolutely. As we take on these two new mandates, one of the advantages we’ll have is we’re going to be able to leverage our resources that we have in place right now for our mandate to oversee payment service providers — resources both in the sense of technology as well as in the sense of people — to help us bring these new mandates to life. There is overlap between the payment service provider universe and the entities that are very interested in becoming active participants in open banking. So we’ll be working with our colleagues at the Department of Finance as we think through the accreditation process in particular. If you are a registered payment service provider, you have already passed the national security test, so there is no need to redo that over again. If you are a payment service provider, you do have requirements around managing operational risk and cyber risk and security. There may or may not be some additional work you have to do to demonstrate that you are compliant with that.
We will be doing the same thing with banks and with credit unions that choose to apply. Probably the biggest lift will be for third-party service providers that aren’t currently regulated because they wouldn’t have gone through a national security screening, for example. So there will be more work required. But our job is to determine how best we can streamline this work to not make people redo what they’ve already done and then get them into the regime as quickly and as efficiently as possible.
Senator C. Deacon: Are you looking to use external accreditation bodies or groups to help in vetting new entrants into the regulatory regime?
Mr. Morrow: That’s something we’ll be talking to our colleagues at the Department of Finance about as we think through the regulations. I mean, there are accreditations out there. I worry about bombarding the committee with acronyms, but there’s SOC 2 accreditation and NIST accreditation. There are industry standards out there for security where you can be audited by a third party and be certified that you are operating in a manner that is consistent with that. I think we would be wise to see what we can do to leverage all of that, again, to make the process as easy as possible for people who have been certified and who have done the work to get into the regime as quickly as possible.
Senator Wallin: I just want to follow up on some discussions we had yesterday. I think what we have seen in the budget documents and the approach of this government is the creation of an awful lot of bureaucracy to oversee different things, such as defence, housing or whatever it may be.
Here we’ve got you coming into the business of regulating, but we also have 13 provincial and territorial securities commissions, some much more mature than others, like Ontario which has been around. This also starts to include the Office of the Superintendent of Financial Institutions, or OSFI, and the Financial Transactions and Reports Analysis Centre of Canada, or FINTRAC, and all the others you’ve noticed. It’s almost like we’re going to have to have something to oversee how the bureaucracy is talking to the bureaucracy about this. What do you see as a concern here?
Ms. Butler: Thank you, senator. One of the challenges in the Canadian environment always has been how to manage federal and provincial jurisdiction in financial services. It is something that has been a challenge and an opportunity for a long time, and there are very mature functions in place for the interaction and the collaboration in that space. As an example, the Bank of Canada is already engaged in our oversight function in collaborating with the securities commissions in the overseeing of systemically important financial market infrastructures, for instance, and we do that nationally. We also do that internationally when the standards are being set for both financial market infrastructures and securities regulation. I think there is some really strong muscle to rely on in terms of how we work together moving forward, and it will take very strong collaboration across the provinces and nationally for this regime to be successful.
Senator Wallin: I think that’s the issue, which is there actually isn’t a national regulator, although Ontario often operates that way. You are going to have to deal with that because there is no body that can directly negotiate with you. The association is not a regulator, right?
Ms. Butler: The association is an association of national securities regulators. We do have memorandums of understanding with the active regulators that are involved with the entities that we oversee jointly. That’s a great model for us to build on going forward. We would be continuing to collaborate with that or similar models going forward to manage the overlap, yes.
Senator Wallin: How do you see the division of labour when it comes to the use by a consumer of stablecoins?
Ms. Butler: Stablecoins are such an interesting new asset for us because it is brand new technology. The purpose of the legislation before you today is to cover the stablecoin as it’s being issued because the stablecoin, as it’s being issued, has to have certain features that are making it safe and sound for the end user: Canadians. Will it be equal to a dollar when you go to cash it in? Do you have the assets to back it to keep it safe? That’s a critical first step in the use of a stablecoin.
The other space that we, the bank, will have a remit over is the use of that stablecoin in payments. If it’s being used for payments, it should be subject to the same types of regulation that other payment service providers are subject to in this country.
With the securities regulators, Canada already has quite a mature approach to crypto-currency supervision or regulation when they’re being used as securities. It’s really the use of that coin and whether it’s being used inside a securities book or being used for payments. That would be the main differentiator between the legislation at the provincial level and the legislation that is before you today.
Senator Wallin: But a lot is left here to work out in the regs.
Ms. Butler: That is very true. There is heavy lifting to be done in the regulations, and I would not want to understate the significance of the work that needs to be done there.
Senator Wallin: We’ll talk again, then. Thanks.
Senator Yussuff: Thank you for being here. Open banking is really trying to stimulate more competition in the banking sector in this country. What is the bank using as a measurement to ensure that becomes the reality, because there will be some regulatory burden that those who want to operate in open banking will have to comply with. I understand the necessity of that. We want to be safe and sound so that consumers are protected. At the same time, if we can’t improve the competition within the federal sphere of regulation around banking, then we haven’t accomplished very much at the end of the day. How does the bank see that, and what are the measurements you might use to say we have accomplished this goal?
Mr. Morrow: I think the success of the open banking regime in terms of bringing greater competition to Canadian financial services will depend on how many entities actually sign up and start offering these services to Canadians.
Our job is to make sure that we’re as rigorous as we have to be to ensure that this operates safely, but no more than that. It has to be an efficient regime, which is why we need to think through how to streamline banks that are already prudentially regulated by OSFI and have demonstrated their ability to manage data safely, and you can see there is a more streamlined approach there. There are similar responsibilities for payment service providers under the Retail Payment Activities Act which we oversee. Again, you can see something more streamlined there.
It is our job, and success will be: The measure there is how many entities we get in and if we have struck the right balance in ensuring Canadians can be safe in using open banking but we’re also not overly burdensome with our regulations.
Senator Yussuff: Like everything else, does the bank plan to issue annual or semi-annual reports on how the system is functioning, who is involved in it and, more importantly, how it is also protecting consumers whom we want to have confidence in regarding how they use the system?
Mr. Morrow: That’s a very good question. Off the top of my head, I would say yes. In our oversight of financial market infrastructures, we have an annual report that we put out, which talks about that oversight function. We will have something similar for our supervision of payment service providers. I would see some level of reporting required here for open banking and for stablecoins as well. What that looks like or how it functions is something that we’re going to have to talk to the Department of Finance about. That’s an issue that we’ll have to sort out, but I would expect us to have some level of public reporting on this.
Senator Yussuff: In the context of consumer confidence, we know this because they demonstrate it, to a large extent, with their use of the banking system: They recognize where they put their money is safe, and they’re told constantly that their deposit is protected by an insurance scheme across the country. How would we be able to articulate that in a way that builds confidence for consumers that this is something new and we want them to have confidence? For the consumers to hear and learn that, I think the bank needs to be engaged in that process so that they’re getting it directly from you rather than from somebody else.
Mr. Morrow: Yes, absolutely. We’ll be happy to provide that assurance. The legislation also provides for what I think is referred to as a sign or signage within the regime. Just as the Canada Deposit Insurance Corporation, or CDIC, has a particular logo that is on websites to demonstrate that CDIC insurance is available, there will also be a similar logo attached to the open banking regime so that consumers can see that the institution they’re dealing with is registered and approved.
Senator Ringuette: My first question is: How will you make sure that Canadian consumer financial data remains in Canada? How will you ensure that?
Mr. Morrow: Under the legislation, if I’m not mistaken, we’re responsible for making sure that the information is appropriately safeguarded. In the regulations, it will lay out what’s required and what the financial institutions need to do to demonstrate that they’re safely managing that data. There is a national security aspect to the regime as well that will look at the participants in the regime and what their data residency policies and approaches are. So there are a number of measures in the legislation to try to achieve the end of making sure that Canadians’ data is appropriately safeguarded.
Senator Ringuette: That’s not the question I asked. I asked where the provisions are that will ensure that Canadians’ financial data remains in Canada. For me, that is central in regard to consumer confidence. It’s that and the oversight from one of your partners who was here before you.
You’re starting a new slate of institutions within the Canadian market, which will be under your responsibility. There are three paths. I understand that. There are the federal institutions that are already under OSFI as well as the provincial institutions, the co-operatives and so forth, and then you will have fintech. Fintech will be the new player in the system. Where in the legislation does it say that Canadians’ financial data will reside in Canada? The oversight can only be done when it resides in Canada. It cannot be done if it resides in Germany or France or Great Britain or the U.S.A. That is central if you want to build consumer confidence in this new system.
Mr. Morrow: To directly answer your question, I am not aware of any data residency requirements in the legislation as it stands right now. There could well be data residency requirements that are developed as part of the regulations —
Senator Ringuette: It will be too late. If you don’t have the power in the legislation to do that, the regulation won’t enable you to ask for it.
Mr. Morrow: I think both the regulatory-making process as well as the national security screening that will be done by Canada’s national security agencies can allow for forcing data residency requirements within the act, but that’s something that we and the Department of Finance are going to have to develop. We’re relatively new to this file. I don’t have any further background on that, but your point is well taken. I think the provisions are there to be able to enforce data residency, but we’ll have to work with our Department of Finance colleagues to see how they manifest themselves in the final form of the regulations and what goes into the national security checks.
Senator Ringuette: I think this committee is providing a good voice for the citizens of Canada in regard to this new system.
There is also a provision to repeal the position of the senior deputy commissioner of the Financial Consumer Agency of Canada. Can you explain the link?
Mr. Morrow: Sure. In a previous incarnation of this legislation, the Financial Consumer Agency of Canada, or FCAC, was going to oversee the implementation of consumer-driven banking. In that legislation, it provided for a new position within FCAC — the senior deputy commissioner — to lead the open banking file. Since FCAC no longer has that responsibility, they don’t need the senior deputy commissioner. With that responsibility moving over to the Bank of Canada, between myself, my colleague Anne Butler, the senior deputy governor and the governor, we have plenty of senior oversight as part of this regime, so it wasn’t required to be transferred over as part of that transfer of responsibilities.
Senator Ringuette: That position is completely abolished? It’s not moving elsewhere?
Mr. Morrow: To my knowledge, no.
Senator Ringuette: Thank you.
The Chair: Data residency is a source of concern for this committee — for many of my colleagues and me — so this is something that we will probably have a strong observation about in our pre-study.
[Translation]
Senator Henkel: I would like to ask a question on Division 9.
Division 9 requires express consent to share data but says nothing about whether that consent is truly free and informed. How will financial institutions be able to verify that consumers are not acting under familial, economic, or technological pressure when they authorize the transfer of this data?
Additionally, do you believe the law should better define what is really meant by voluntary consent in the open banking system?
[English]
Mr. Morrow: Thank you very much, senator, for your question.
I understand the concern you’re expressing in terms of someone who’s been tricked or intimidated into providing their consent. To my knowledge, there are no provisions in the legislation or the regulations around that. It relies on people. Just as anyone signing into their bank account is typing in something and you don’t know the circumstances surrounding that, it would also work the same way with this regime.
You’re correct in pointing out that it’s a potential challenge associated with the regime as crafted.
[Translation]
Senator Henkel: Thank you very much for highlighting this. Do you think it is possible to find solutions to this? I am thinking of elderly people and, as I said, family and economic pressures. There is a real risk that this information will be passed on by force.
How could banking institutions find a way to protect this segment of society? It does not matter whether it’s an elderly person or someone else; anyone can find themselves in such a situation.
[English]
Mr. Morrow: That is a very good question. I think that’s something we’re going to have to take up with our colleagues at the Department of Finance as we think through the next level of regulations and how to implement this regime.
Your point is well taken.
Senator Fridhandler: I’m sorry I missed your introductory remarks, so I apologize if I’m going over ground that’s been covered.
It’s a very minor point, but I just want to mention that proposed section 19 of Division 45, which enacts the stablecoin act, requires:
An applicant must notify the Bank of any change to any information that was provided to the Bank, within the time and in the manner . . . .
It’s a pretty low bar for getting in the weeds on everything, and I’m not sure whether the intention is “any” or “any significant” or “material.” But “any change” is a pretty low bar, so I just want to flag for the record that I think it’s a bit tight.
Ms. Butler: Thank you very much for the question.
That section, actually, very much mirrors the legislation that we have in place now with the Retail Payment Activities Act, so I would expect through regulation and through guidance from the bank, we would give direction in terms of what are the types of information that are material that need to be resubmitted.
The forms are created, for instance in the Retail Payment Activities Act oversight, for that purpose. The purpose is so that we can keep track of changes that are, of course, material to our oversight or to national security. That is definitely a piece of work that will have to be done with the regulations and guidance drafting in the months to come, should the legislation proceed.
Senator Fridhandler: As a lawyer, I think that the framework that you operate under doesn’t give you the latitude of materiality or significance when it says “any,” so I flag that for you in that framework.
Ms. Butler: Thank you very much.
Senator Fridhandler: In the same vein, I want to go back to data sovereignty as well. I don’t buy that this will be dealt with in the regulations or it will be dealt with here or there, because I think it’s a matter for the government to ensure in the framework legislation that there be protection for consumers in Canada or for Canadians generally. If it’s not required by the legislation, then it becomes optional.
Yes, it’s good regulation, but I don’t think the government should leave it for subsequent — I think the framework requires that.
I don’t know whether you want to comment on that.
Ms. Butler: Well, I would agree. It’s an issue we should be taking back to the Department of Finance and talking to them about because it’s an important one that’s been raised by the committee.
Senator Fridhandler: Lastly, on hybrid jurisdiction, I don’t like the he-said-she-said, such as “They’re responsible, not me.”
In the legislation, proposed section 3 says that the distribution of a stablecoin doesn’t constitute dealing in securities.
Proposed section 10 says:
This Act applies only in respect of a stablecoin that has or could reasonably be expected to have interprovincial or international applications.
It’s where I see it coming more than constitutionally under federal control.
Then lastly, proposed section 30, in my view, covers off what securities regulators would do. Proposed section 30 is basically a disclosure section, and it says, “An issuer must not communicate or otherwise provide false or misleading information to the public.”
That’s what securities regulators kind of do.
My suggestion to you is that hybrid authority is not a good idea here. This should fall wholly within the control of the Bank of Canada in all respects relative to stablecoins.
I welcome advice from securities regulators who have experience, but I don’t welcome shared jurisdiction.
Your comments?
Ms. Butler: Thank you. It’s obviously a very tricky issue managing the overlapping jurisdiction between securities regulators and the Bank of Canada in this legislation. I did speak about that briefly earlier.
The purpose here is to try to make sure that we are protecting the creation of an asset that is intended to act like money, which is what the Bank of Canada’s role is in overseeing it being used as a payment within payment systems. It is really important that we not leave a gap between the Bank of Canada’s oversight and the oversight of securities regulators.
The Bank of Canada is not an expert in the regulation of securities, so there will be a need to find a collaborative way to manage that risk because it’s not being used as a security when it’s being used as a payment.
Senator Fridhandler: I don’t think you should be calling this a security. The legislation says it’s not, and I don’t think you should accede to the suggestion that it’s a security.
Sorry, I interrupted you, Mr. Morrow.
Mr. Morrow: Not at all. Quite honestly, I completely understand the point you’re making, but this is going to be the purview of our colleagues at the Department of Justice Canada, who are experts on constitutional matters, to sort out where it is. We’re happy to play the role that the government has given us. If there’s scope for it to be broadened or work better, we’re open to that.
It’s the role of our colleagues at the Department of Finance Canada and the Department of Justice Canada to figure out the right way to draft this in a way that respects constitutional roles.
Senator Fridhandler: You have to operate the system in the end and have some clear authorities on what you’re doing. Thank you.
The Chair: Thank you, Senator Fridhandler, for highlighting this part, because it’s a question.
When a stablecoin is for payment and linked to currency, at the end of the day, is it a security or is it a currency? That’s my question, and we’re trying to figure that out.
As a former minister from Quebec, I will refrain from talking about this possible duplication between both, but I think the point is well taken.
Senator C. Deacon: Thanks for the clarity of answers so far; I really appreciate that. I’m wondering where your thinking is at in terms of the potential for stablecoin to present an opportunity to be a payment rail in and of itself, and that could change efforts in other parts of government, particularly in our slow-moving Payments Canada Real-Time Rail challenge.
What thoughts do you have that the option exists for us — and we have the ability as a country — to get a very modern real-time payment rail, by whatever means, which is secure, safe and efficient for the country? Does that flexibility exist in the legislation in Division 45, from your perspective?
Mr. Morrow: From my perspective, the stablecoin legislation will enable the safe creation and usage of stablecoins within Canada. I think we are entering a period where, as the Real-Time Rail is launched and goes live next year, we will be in a situation where the conventional payment system and the Real-Time Rail — which operates 24-7 and provides instant payments for Canadians — as well as stablecoins, perhaps tokenized deposits and perhaps tokenized money market securities will all compete with each other and try to see what use cases they’re well suited to and how they can reduce costs or increase speed and efficiency in payments for Canadians.
It’s unclear to me how that live experimentation will run its course.
Our job at the bank, whether it’s through our oversight of Payments Canada’s Real-Time Rail or stablecoins, is to make sure the payment options we oversee are safe and secure. We’ll let people decide the best way for them to move their money.
Senator C. Deacon: Thanks very much. I’m glad to hear you say that the Real-Time Rail will become live in 2026. I’ve heard others say it, but thank you.
Senator Varone: This is on Division 9 and touches on the theme of language or information that is being held. Under “Objects of the Bank,” proposed section 8 entitled “Personal information” states:
The Bank may collect any personal information that the Bank considers necessary for carrying out its objects under this Act.
That’s a wide berth. It’s not “any relevant,” just the word “any.” Then when you juxtapose that with Senator Henkel’s questions and Senator Ringuette’s questions, it becomes all that much more worrisome. Through regulation, do you expect to tamper that down from the word “any” to “any justifiable personal information” that needs to be shared with the bank? How do you deal with that?
Mr. Morrow: It’s a fair point that, perhaps, it is broad wording in the legislation. Certainly, our intent is to only request relevant information for us to be able to undertake our roles.
In terms of that information, as you can appreciate, if a consumer is going to trust an open banking service provider with their sensitive banking and personal financial information, the regime needs to ensure that the open banking participant is a safe and stable actor which, as part of a broader measure, can lead to fit and proper tests on executives and boards within these in order to make sure that they’re legitimate, well-meaning organizations with no links to crime or anything else so that we can be assured that they pass the bar.
But your point is taken that it’s very broad language in the legislation.
Senator Ringuette: I have a quick question just to assure, at least myself, in regard to open banking, particularly fintech. In addition to stablecoins, which I honestly believe is a currency — it shouldn’t be a security — how will you ensure that both of these entities report to FINTRAC, as the other financial institutions do?
Mr. Morrow: Right now, any payment service providers that provide payment services are required to be members of FINTRAC and are subject to know-your-customer and anti-money laundering, or AML, restrictions. We share information under the Retail Payment Activities Act with FINTRAC. We can share with them who our entities are, and they can share with us who theirs are so that we can make sure there’s no gap between those two lists.
Senator Ringuette: The stablecoins and new fintechs that will be entering the system will be subject to compliance with FINTRAC?
Mr. Morrow: The stablecoin —
Senator Ringuette: I don’t see that in the —
Mr. Morrow: The trading of stablecoins right now is subject to that. Today, any crypto-currency exchange must report to FINTRAC any and all transactions, so that would apply to stablecoin transactions as well.
When it comes to open banking, depending on the nature of the institution, if they are providing financial services or moving people’s money, they would also be subject to FINTRAC registration and reporting.
Senator Ringuette: Thank you.
[Translation]
The Chair: I would like to thank Mr. Morrow and Ms. Butler for their testimony. I believe I speak for many of my colleagues when I say that we are reassured by the fact that the Bank of Canada will exercise this mandate with regard to the open banking system. Thank you for taking the time to explain this to us.
Welcome back for our second panel as we continue the prestudy of Bill C-15.
With us today are four representatives from the Office of the Superintendent of Financial Institutions. You have been invited to appear to discuss Divisions 9 to 17. Welcome, and I hope I will pronounce your names correctly.
We have Ms. Theresa Hinz, Executive Director, Policy and Risk Response; Mr. Yasir Syed, Managing Director, Approvals Division, Ms. Jordana Heaton, Managing Director, National Security and Anti-Money Laundering Policy, and Mr. Ryan Cassidy, Director, Legislative Affairs.
Welcome. I would invite you to begin with your opening remarks, which will be followed by questions from our senators. Please go ahead.
[English]
Theresa Hinz, Executive Director, Policy and Risk Response, Office of the Superintendent of Financial Institutions: Good afternoon. Lovely weather today. Thank you for having us.
Chair and honourable senators, thank you for the invitation to appear in support of your study of Bill C-15. The Office of the Superintendent of Financial Institutions, or OSFI, always appreciates the opportunity to appear before the committee and discuss subjects that affect Canada’s financial sector, including some of the measures proposed in Bill C-15. We are pleased to be available today to assist the committee with the study of this bill.
As always, OSFI stands to act on government legislation, building a strong and healthy financial system that works for Canada and Canadians. Thank you, and we look forward to your questions.
The Chair: Thank you. As usual, colleagues, we have about 40 minutes for this exchange.
Senator Varone: Welcome, panel. I asked this question previously in terms of the language of one of the sections. In Division 9, under “Objects of the Bank,” proposed section 8 states:
The Bank may collect any personal information that the Bank considers necessary for carrying out its objects under this Act.
But when you juxtapose the language “any” — which is a pretty wide berth in terms of what they can ask a consumer for — with the guardrail in proposed section 12, as it relates to the business of insurance, it states:
Nothing in this Act affects any restriction imposed under the Bank Act on banks with respect to the sharing of information about a consumer with an insurance company . . . .
You have a guardrail there with respect to cross-selling, but I’m concerned about tied selling and opportunities where you can ask any information of any consumer and then leave them there with respect to — I’m trying to find the right word without being nasty. You want a mortgage, but they want to sell you insurance, they want to sell you a credit card and they want to give you a car loan, and it’s all tied together because you’ve given them all that personal information. Where do the guardrails come in with respect to OSFI in keeping the consumer safe and protected?
Ms. Hinz: Thank you for the question. Just to clarify, Division 9 with respect to open banking is what you’re referring to? With respect to the open banking legislation, I see our colleagues were here earlier. And when they reference the bank, I believe it’s the Bank of Canada, which will be overseeing the legislation. It will be for them to make determinations with respect to the regulations and the applicability of the legislation.
Senator Varone: Can you explain that further because I didn’t understand that?
Ms. Hinz: When it references the bank, it’s the Bank of Canada that will make the determination with respect to the provisions of that legislation.
Senator Varone: What about oversight of tied selling of the banking community?
Ms. Hinz: From what I’m understanding with respect to that provision, which is with respect to data sharing under the open banking regime, that will be the Bank of Canada.
Senator Varone: Okay. Isn’t OSFI the regulator of banks?
Ms. Hinz: We’re the regulator of banks, but we’re not regulating the open banking framework, unless I’m misunderstanding.
Senator Wallin: In this case, you don’t regulate the Bank of Canada, even though they will be the regulator of stablecoins, et cetera?
Ms. Hinz: That’s correct.
Senator Wallin: And they’ll become a financial institution in a way they aren’t generally?
Ms. Hinz: In Division 9, with respect to open banking, it will be the Bank of Canada that will administer that legislation, and OSFI will not have a role with that.
Senator Wallin: When would your role kick in, if other financial institutions began to offer other products similar to a stablecoin?
Ms. Hinz: Sorry, I might be confused. I thought we were talking about open banking. Stablecoins would be something different.
Senator Wallin: I just put this question to the Bank of Canada people. We now have a lot of hands on this file: the Bank of Canada and OSFI and the banks and FINTRAC, and there are whole new bureaucracies being created here, so I’m just trying to sort out what the relationship is. You’re not dealing with the open banking framework?
Ms. Hinz: I can help you clarify.
Senator Wallin: Just tell us what it is you’re here to talk about.
Ms. Hinz: The open banking regime, which is Division 9, is the Bank of Canada. They will be regulating the exchange of data information with respect to the entities that are accredited under that legislation. That legislation provides that.
For the banks that we regulate and our financial institutions — the banks, the insurance companies and the trust and loan companies — some will be participating entities in the open banking regime. We only regulate with respect to prudentially. That regime will be entirely the Bank of Canada. Nevertheless, with respect to the institutions that we regulate, what we will be concerned with — whether they’re dealing with open banking or stablecoins — is that they have the correct risk management policies and procedures to be able to be operating in these frameworks.
Senator Wallin: So it’s only the banks that take this on?
Ms. Hinz: Yes. From what I’m understanding, with respect to the legislation, because it is the Bank of Canada’s legislation, we will have certain of our financial institutions that will automatically be participating entities. That’s largely the six large banks in Canada. Other entities can elect to participate, but there is an accreditation process that they will have to go through.
Senator Wallin: I’m going to leave it at that for now and perhaps come back. Thanks.
Senator C. Deacon: I’m going to ask you a question about data sovereignty because it’s been a question around the table. My understanding is that currently our banks are not required to maintain all of their consumer financial data in Canada. There is a global movement of that data and global storage of that data, and they are subject to the Personal Information Protection and Electronic Documents Act, or PIPEDA, and the rules under PIPEDA, but the requirement is not absolute in having sovereign data storage. If you could, please just speak to that for a second because I think it’s useful for the committee to understand that there’s no change currently. There probably should be a change to move toward more sovereign data — that’s what Canadians are asking for — but currently that’s not the case with our banks.
Ms. Hinz: I can say a couple of things about that. Currently, you are correct. If it were to become legislated, that would be the Department of Finance that would legislate it. Nevertheless, what OSFI does with respect to the management of customer data is we have guidelines that set expectations for institutions with respect to how they manage their data that they collect from customers as well as outsourcing.
With respect to the institutions having visibility on outsourcing, it’s about understanding whom their third-party partners are, not just most immediately but throughout the chain of third parties. That is how OSFI manages that requirement today.
Senator C. Deacon: I just thought it would be useful for my colleagues to have that clarification because there was a missing link there that was perhaps having them think differently about open banking rather than what we are dealing with right now.
In terms of Division 17, I’ve got a couple of questions. I may have to go to the second round to get it all in.
There’s an anti-competitive element to the innovations that are coming forward. If you’re a credit union, you’re already a federally regulated credit union. Smaller credit unions can merge with you, but it is still no easier for smaller credit unions to gain that federal accreditation. I think, too, that Innovation Federal Credit Union was seven or eight years in the process, and I think about how we can have, perhaps, a staged approach to make it a more pro-competitive movement.
We have credit unions that need to merge. They need to be under stronger regulation, and regulation allows them to grow between jurisdictions because their return on equity, or ROE, is just too low to be able to keep up with technology. They just don’t make enough money.
How do you see yourselves dealing, ultimately, with the fact that this one change is somewhat anti-competitive and doesn’t allow for a faster track — a secure track — for smaller credit unions?
Ms. Hinz: Thank you. This is a very important concern and preoccupation of the Office of the Superintendent of Financial Institutions, or OSFI, obviously, because we have admitted certain credit unions into the federal framework.
There are two things I would say to that: First, the legislation will be more helpful in permitting credit unions to come into the federal system more quickly. Second, we are also looking at our own internal procedures and policies to make it more flexible and adaptable to their situation to bring them in.
Maybe I’ll turn to my colleague Yasir Syed, who heads up the licensing department at OSFI, and he can share a few details on that.
Yasir Syed, Managing Director, Approvals Division, Office of the Superintendent of Financial Institutions: I think it’s a great question, senator, and it’s something that OSFI is certainly looking at actively right now: our internal processes and what is within OSFI’s remit in terms of the approvals process.
These approvals processes are usually lengthy. They are complex, and that largely relates to the complexity of the application and the nature of the prudential review that OSFI is mandated through Parliament to conduct.
Having said that, granted that our credit union continuance guide is old — and we’ve acknowledged this — in today’s environment, we need to ensure that it’s still fit for purpose and that we are being agile and adaptable in our approach.
What we’re going to start looking at — and I think more will come over time — is there are different phases in this process. There is the pre-application phase where we’ve heard feedback from the industry that takes time. We’re looking at ways that we can streamline that, focusing on the right risks, rightsizing our prudential reviews and focusing on those risks that are key for entry and only those, as well as being more transparent to the industry in terms of our internal service standards and our expectations of the industry in terms of information requirements, which evolve over time.
We’re really looking at it holistically, acknowledging that, yes, in this environment, there is a desire, and we’re seeing more and more credit unions considering federal continuance, and they want a pathway that is clear, streamlined and much more transparent.
In that regard, there is certainly more that we can do at OSFI and that we’re looking at right now in terms of our process going forward.
Senator C. Deacon: Thank you very much.
Senator Fridhandler: I heard your explanation on OSFI’s role relative to open banking, but I was trying to figure out if it was at all embedded in the legislation. The only reference I can find to OSFI is in proposed section 75 where there is a requirement of an annual report by the bank to the minister. Then it goes on to say:
The Bank must consult the Superintendent of Financial Institutions before providing the Minister with advice or information that relates to a federal financial institution.
What does that mean? It looks like it goes beyond the report, but I’m not quite sure what the OSFI role is there.
Ms. Hinz: It would definitely be a question for the Department of Finance Canada with respect to the specific policy intent, but what I understand that provision to mean, as I mentioned earlier, is that certain of our banks — so it’s the large banks — are automatically part of the open banking system. They are institutions that will have to share their information, if a customer asks, with accredited entities.
That provision references that if it were any of the institutions that OSFI regulates that are referenced in the report, there would have to be, obviously, informing of the superintendent that the report references our entities.
Senator Fridhandler: In another vein, back to data sovereignty and risk management, do you not consider that data which doesn’t reside in Canada permanently and is shared extraterritorially to be a risk that you should impose conditions on?
Ms. Hinz: Obviously, these are very important questions and issues, but as a prudential regulator, OSFI’s concern is with respect to the risk management practices that our institutions have with respect to data. If, in fact, as a nation, we want to manage the control of data differently, that would ultimately be for Parliament and the Department of Finance Canada to decide.
Senator Fridhandler: More along the lines of risk management, I’m trying to also understand: It’s the Bank of Canada that deals with the accreditation of participants in the open banking system, and there are a lot of risks relative to the conditions and the types of participants you might have.
Do you have any role in consultation with the Bank of Canada on the risk issues that might exist relative to participants through the accreditation process?
Ms. Hinz: That would have been a very good question for, obviously, the bank, but what I can say is that I know the legislation actually provides for an advisory committee.
I don’t know the details yet of that advisory committee for the bank in establishing the open banking framework. I don’t know if OSFI will be a participant, but I am certain, through our very close collaboration with the bank, there will be different discussions as they develop the open banking framework.
The other thing I would mention — and maybe my colleagues from the bank mentioned this — is that they already have a lot of experience in risk management as the regulator of financial market infrastructures, or FMIs, as well as now with retail payment, and I think this is probably part of the reason for the bundling of the Bank of Canada also having open banking and stablecoins.
They do have that expertise, and it is definitely growing with these new legislative responsibilities.
Senator Fridhandler: Thank you.
[Translation]
Senator Henkel: I have a question on Division 14 and which refers to the stress test.
Division 14 expands your mandate at the expense of integrity, national security and external threats. Could you confirm that these new threats will be integrated into your stress tests, for example, scenarios involving major fraud, foreign interference or technological service failure?
[English]
Ms. Hinz: The integrity and security provisions are new provisions that were implemented two years ago, so our mandate was changed by the Department of Finance. As part of that work currently, we do have policies and procedures that we expect institutions to adhere to in creating their risk management frameworks around integrity and security. They are very much focused on cyber issues, governance issues and compliance issues.
What happens is we supervise the institutions on an annual basis to assess how they are constructing those policies as well as adhering to them. We also have a legislative requirement to report to the minister with respect to those institutions.
I’ll just ask my colleague Jordana Heaton if she would like to add anything.
[Translation]
Jordana Heaton, Managing Director, National Security and Anti-Money Laundering Policy, Office of the Superintendent of Financial Institutions: With regard to stress testing specifically, there is no real link between the two. In general, when dealing with issues related to policies maintaining the integrity and security of financial institutions, we examine all issues, such as financial interference. Fraud and money laundering are among the risks included in our mandate with respect to the integrity and security of financial institutions.
Senator Henkel: Earlier, I asked representatives from the Bank of Canada my next question, but I am going to ask you as well, because I would like to hear your perspective. Please do not refer me back to the Bank of Canada; I would really like to hear your own response on the “solution side,” because it really is a giant black hole.
In Division 9, which requires consent, it says “express” — obviously, with regard to sharing data. This section says nothing about it being truly free and informed consent.
How will financial institutions verify that consumers have not been subject to any pressure, whether familial, economic, or technological?
When the transmission of this data is authorized, how can a bank apply protective measures when a consumer is in distress? Is there anything in place? If not, what do you suggest?
[English]
Ms. Hinz: You’re right; my response would be that it will be for the Bank of Canada — that is a consumer protection element.
What I can say, though, is with respect to OSFI as a prudential regulator, which is very different from the angle of consumer protection, as I mentioned before, we do have guidelines. For example, we have our guideline with respect to third parties and how third parties engage with the bank as well as potentially with consumers, and there are certain provisions that require the institutions to adhere to certain expectations.
But specifically, as to what we would think of that provision as a prudential regulator, I would not be able to answer.
[Translation]
Senator Henkel: Would you agree to say that there is nothing in the legislation as it is currently drafted to stipulate that consumers must be protected?
[English]
Ms. Hinz: I think like in all these legislations, when it’s in operation, we start seeing areas that need more improvement. It will be for the Department of Finance, ultimately, to be addressing any of those gaps as the legislation gets rolled out and becomes operational.
Senator Henkel: Would you be willing to waive that, too, in your recommendations for the next round?
Ms. Hinz: As we said, we all work very closely together: the Department of Finance, the bank and FCAC. And these discussions do regularly arise.
Senator Henkel: Thank you.
Senator Yussuff: I have a couple of questions and I hope you don’t tell me to go ask the bank about this. Under Division 10, there is obviously a recommendation to extend this period for trust and loan companies, banks and insurance companies for another seven years. What’s the rationale for the extension?
Ms. Hinz: I won’t send you to the bank. That’s the sunset clause. That is the sunset clause that has been basically extended from what it was before, and the policy decision is actually from the Department of Finance. Nevertheless, we have a lot of experience with the sunset clause. Maybe I will turn to my colleague Ryan Cassidy who can say a little bit more about how it works in operations and what it actually means for everyday legislation.
Ryan Cassidy, Director, Legislative Affairs, Office of the Superintendent of Financial Institutions: Thank you. With the sunset clause, it’s moving from, say, five years to seven years for these legislative reviews, but we have regular opportunities to propose amendments in the context of annual budgets or other legislative vehicles. Where we have concerns — or I’ll just call them urgent requests for amendments — we liaise with our colleagues at the Department of Finance to present those proposals, whether it’s in the context of one of these five-year or seven-year reviews or whenever they arise.
Senator Yussuff: Does this lead to Parliament needing to do a comprehensive review of the legislation? Because obviously you’re sunsetting something, but you realized you have to extend it a bit longer because the review hasn’t taken place around the legislation that governs the sector. Would that be the conclusion I should draw from all of this?
Ms. Hinz: From the experience that I have, what the sunset clause does is drive a very comprehensive review of the statutes every seven years. But as Ryan Cassidy mentioned, a lot can happen in between. A good example is we received a new mandate — the integrity and security mandate — two years ago outside of that regular cycle. So there are other venues to update the legislation when it’s necessary or when Parliament or the Department of Finance believes that it should occur at a certain time. Certainly, the Department of Finance can give more on the policy reasons as to why. Typically, the sunset clause is just a hard-wiring in the legislation of a requirement to consider the legislation at a certain period of time.
Senator Ringuette: On that as a follow-up, the review is to be done by both houses of Parliament. That’s the review of the legislation every five years. Our mandate has gone from five years to seven years in this legislation. It’s not your review that you go through with the Department of Finance; it’s our review and our parliamentary obligation to review the legislation.
That being said, we had the Canadian Bankers Association here, and I asked a question in regard to ATM machines. Who is responsible for ATM machines? And they said it’s how they’re linked to the network. Okay. Do you supervise the networks that your chartered banks are linked to?
Ms. Hinz: It depends. The Bank of Canada supervises the payment system. I’m not sure I entirely understand the question, but the actual ATM machines are a bank responsibility. The different networking such as Interac would be the responsibility of Payments Canada or the Bank of Canada.
Senator Ringuette: Where lies your responsibilities in regard to your supervisory role and the role that the banks have with the ATM machines, whether it’s theirs or a third-party provider? Where does it lie? The security measures in regard to financial consumers — and I gave an example. A few weeks ago, a person from my area had her Interac card stolen and, boom, an ATM machine in Quebec, which was 400 miles away, gave out $1,000 in cash without a PIN number.
When you supervise a bank, and that’s including my perspective, the network that they deal with is part of their system. So what do you do in regard to these ATM machines?
Ms. Hinz: I would like to actually speak to some of my experts with respect to cybertechnology and then come back with a more complete answer. But generally in those circumstances — and some of it would be consumer protection which would actually be with FCAC and what would happen — an ATM machine and any systems linked to it would be part of the bank’s oversight of third-party management.
Senator Ringuette: Would that be part of the chartered banks that you supervise?
Ms. Hinz: Part of their third-party management. But some of those systems, in terms of the interlinkages of payments, are actually regulated by Payments Canada, depending on what it is, or the Bank of Canada.
To provide you a complete answer, if you would like, I can speak to our specialists and come back to you.
Senator Ringuette: Absolutely. I think you should send the answer to the clerk of our committee.
I have one last quick question. Canada has the Canada Deposit Insurance Corporation Act. You make sure that the deposits are secure so that not too much money is provided from the federal government through this act. How will the new entities have access to this Canada deposit insurance? It is very important for Canadians, particularly low-income Canadians, that they have some protection and satisfaction because if a financial entity goes under or sideways, there is at least a basic amount of their deposit that is guaranteed.
Ms. Hinz: Just to clarify, when you say “new entities,” do you mean new entities with respect to open banking?
Senator Ringuette: Yes, and I guess I should have asked that question to the Bank of Canada, but the chartered banks that you supervise and the insurance companies are all going to get into this scheme through some type of subsidy. There is RBC banking, RBC insurance and RBC mortgages. They all have different entities, and I suppose they’re going to create another new entity. But you will have your hands on that because it’s going to be part of the whole. That’s what I’m asking.
Ms. Hinz: They would have to have deposit insurance. If you’re taking deposits in Canada and if you’re taking in consumers’ money, that would be a deposit and it would be covered by deposit insurance. The fintechs are not able to take deposits.
The Chair: The previous question regarding your responsibility was because we received the Canadian Bankers Association and we were not really satisfied with the answer we got. It’s not their fault, and at the end of the day, a lot of Canadians are screwed up by this. We’re just trying to figure out how we can improve the system.
Colleagues, that completes the first round.
In addition, I have a question from my colleague Senator Loffreda, who is unfortunately unable to be with us, but it will be my question on behalf of Senator Loffreda, a former vice-chairman at the Royal Bank of Canada, so I think he knows what he’s talking about. Bill C-15 significantly expands oversight over crypto-assets and stablecoin issuers. What specific prudential requirements — capital, liquidity, governance and security — does OSFI anticipate imposing to ensure that these entities do not introduce unacceptable risk into the Canadian financial system? I think we have to learn a lesson from what happened in the U.S., possibly during the great financial crisis and the domino effect. Any thoughts regarding this question?
Ms. Hinz: There are a few things I can say. It’s still an area that is being worked through in legislation. As you know, we have the stablecoin legislation that is in Bill C-15. I’m not sure if the Bank of Canada has been here to discuss that specifically. In that legislation, with respect to stablecoins — with stablecoins being a digital representation of fiat money — there are requirements for reserves with respect to the reserves, specifically how they have to manage the reserves and how they have to protect the reserves.
The Chair: My concern is when you have companies that offer some dividends on stablecoins, so I’m trying to understand if they have some leverage and the domino effect. We will see.
Senator C. Deacon: Looking between Divisions 14 and 16, with Division 14 relating directly to OSFI and Division 16 relating to FCAC, in regard to the annual reporting of fraud from the banks, this is a question I’ve asked the superintendent, but I really want to get to the fact that you have the Integrity and Security Guideline that you spoke about earlier. How is it possible to fulfill that without regular information from our banks on the incidents of fraud in a way that we have confidence in the numbers? Right now, the Toronto Police Service reports roughly $400 million of fraud just in Toronto last year, and the Canadian Anti-Fraud Centre said it’s around $600 million for the whole country. I don’t think it’s all happening in Toronto. This is an international crisis. How do we balance right now — and you’ll hear on the part of this committee, if you go back — the very insufficient, once-a-year reporting? But it’s not to OSFI who is responsible for the Integrity and Security Guideline. This is foundational to integrity and security. I’m wanting to get a sense of how we can move this ahead as a committee because we’re not satisfied with what we’re seeing.
Ms. Hinz: I understand the concern. The integrity and security mandate that we have is really linked to the prudential soundness of the institutions. The fraud components — and I don’t know if FCAC has actually come before the Senate. Obviously, it would be for the Department of Finance because they create the legislation, but it would also be for FCAC to potentially have enhanced reporting requirements.
Senator C. Deacon: The problem is there are two different arms — two different regulators — but you’ve got a core responsibility here and you’re not being given the information directly. And it’s not regularly reported, where you can’t see the trends and the incidents or see growth or shrinkage. I just don’t know how you fulfill that guideline, which includes issues related to fraud and inappropriate activities of that nature.
Again, I don’t know how you do your job without it.
Ms. Heaton: Perhaps if I can try, regardless of this reporting requirement and its frequency, OSFI has a fairly significant ability to require information from the institutions it supervises. It’s provided to us under our confidentiality regime, which is outlined in the Office of the Superintendent of Financial Institutions Act. For the integrity and security mandate, we have done a significant amount of data collection with most of our reporting entities regarding the wide area of possible risk factors that included where their data is kept, which is an issue you brought up, as well as their satisfactoriness of policies and procedures and things like that. We included that in our annual report to the minister, and we have the ability to keep following up on that in individual exams or areas of particular notice.
In terms of OSFI’s access to data about integrity and security risks that wind up having a prudential impact on the integrity and security of the financial institution, which is how our mandate is worded, we do have a very good availability of information.
Senator C. Deacon: I think you’ll hear from this committee that we’re very concerned that consumers have access to that information because we should be able to make an informed choice about where we want to put our money and ensure we’re being protected because we’re not today as it relates to fraud. Thank you.
Senator Fridhandler: I’m singing from the same song sheet as Senator Deacon. I don’t know if I can add much other than to understand that when you talk about your prudential oversight of financial institutions, it doesn’t tie back to consumer protection. It ties back to institutional integrity and not an ultimate concern in your mandate that we have banks that are properly protected relative to their interface with consumers.
Ms. Hinz: Yes, in short. At OSFI, our mandate is really the safety and soundness of the financial institution: the risk management practices and how they govern their operations and their affairs. At the Financial Consumer Agency of Canada, or FCAC, of which they have provisions in the Bank Act, their mandate is exclusively with respect to the protection of consumers like, for instance, in fraud, disclosure requirements and how they’re treated by the institutions. That is the remit of FCAC.
Senator Fridhandler: I heard from Ms. Heaton that you are satisfied that you get sufficient information relative to incidents of fraud and the magnitude of fraud, and you don’t need any more legislative assistance to ensure if the prudential elements of the bank are impacted. We have concerns about what is in here, and we don’t think it satisfies anyone’s need to know about incidents of fraud, magnitude, place of occurrence, et cetera.
Ms. Heaton: I would be happy to restate the remark. I was replying to Senator Deacon’s comment that it’s not shared with OSFI, and OSFI would not be available. I wanted to assure the individuals that OSFI has legal mechanisms by which it can require information from financial institutions where that information is relevant to our prudential mandate.
Thus, if we were looking in integrity and security, typically we would look at: What is your exposure to a risk? What is the policy and procedure you have to manage that risk? And are they adequate between them? That is exactly how our mandate is stated.
If someone is in an excessive level and they are not keeping with the right cybersecurity measures and they do not have a compliance program that looks at money laundering, or ML, risks — if you don’t have those two things — then probably fraud is getting into a deficient state as well. When those deficiencies arise, that is where our prudential mandate kicks in, and we have some intervention authorities.
We can say, “You are not at the cybersecurity level that you need to be at for your risk exposure. Please address this. You have an enhanced risk per active.”
That’s how ours functions, but it is very institutionally focused, and I understand the committee’s concern with the consumer focus.
The Chair: Thank you for being precise about your mandate. I think when we resume our work after the holidays, probably the Financial Consumer Agency of Canada will be invited and the Ombudsman for Banking Services and Investments as well probably, but we’ll talk about that tomorrow.
Senator Yussuff: I’ll come back to Division 17. Making the system faster and more efficient for credit unions to become federal, I think, will bring in more competition for consumers as well as for the credit unions, which are locally driven organizations. They can also follow their members. If they move from one part of the country, they can still provide services to them.
When the superintendent was here, he said that within a year, you should be making this a reality. In terms of what you’ve been given as a mandate and the preparatory work you’re doing, do you think you will be there within a year?
Ms. Hinz: The short answer is yes. We’re very actively at work.
Senator Yussuff: If we schedule a meeting a year from now and call you back here, your answer will be “yes”?
Ms. Hinz: Please do that. We like deadlines.
Mr. Syed: If I could add, I agree. We heard what the superintendent said, and this is a key priority for OSFI.
Generally speaking, as I mentioned previously, it’s been a while since we’ve looked at our processes. We have external guidance, as you’re aware, which is dated, and we’re going to be looking at everything. We are really keen on learning from past experiences as well. We have a few in the system, as you know, and it took time, and we want to learn from that, and we want to apply those learnings going forward.
I think in due course, we’ll be communicating more to the public in that regard.
Senator Yussuff: As a quick follow-up, given that credit unions are regulated under provincial jurisdiction, with regard to the sharing of information — in regard to the soundness of credit unions’ operations and reserves and all of that — is there a mechanism right now to ensure you’re satisfied with how that information will be provided to OSFI?
Because, obviously, it’s not your sphere. It’s regulations. The provincial government will have to tell you that. Is there collaboration among the regimes across the country to bring that into concert? If they choose to apply, you will have a better understanding of what the provincial regulator is telling you about that particular credit union, if they apply?
Ms. Hinz: In legislation, there’s no specific information-sharing requirement, but in practice, clearly, it’s very important that we’re collaborating very closely with the province in which the credit union is currently supervised.
Mr. Syed: Yes. We have regular conversations with our prudential supervisory counterparts. We could, if needed, enter into confidentiality agreements, too, in order to share specific information.
In this area, it is key for us to have that dialogue as we bring more into the federal system. I think that dialogue will just continue as we go along this journey in terms of federal continuance.
The Chair: Thank you, senator. We have to close.
Senator Yussuff: On the deposit insurance system, given they’re coming into federal jurisdiction, would that automatically apply to a credit union that is now federally regulated?
Ms. Hinz: Yes.
Senator Yussuff: It will? It’s as simple as that. Thank you.
The Chair: That closes this discussion. We want to thank all of you.
I understand, Ms. Hinz, that there will be a follow-up written answer to the clerk regarding the question from Senator Ringuette.
[Translation]
Welcome back for our third panel today, focusing on Division 43 of Part 5 for our prestudy of Bill C-15.
I wish to welcome our next witness, representing the Canada Climate Law Initiative, joining us via video conference. I would like to welcome Ms. Helen Tooze, Senior Policy Researcher.
Ms. Tooze, as you are appearing by video conference, should any challenges arise or you experience any technical issues, please advise us.
I would invite you to proceed with your opening remarks. Then we will proceed with questions. The floor is yours.
[English]
Helen Tooze, Senior Policy Researcher, Canada Climate Law Initiative: Thank you, Mr. Chair.
My name is Dr. Helen Tooze. I’m a Senior Policy Researcher at the Canada Climate Law Initiative, or CCLI.
CCLI was supportive of Bill C-59’s anti-greenwashing amendments to the Competition Act, which were introduced in June 2024. We acknowledge that the amendments led to unintended consequences, including several companies removing their climate-related disclosures due to real or perceived litigation risk. Nevertheless, we are concerned about the proposed amendments to this provision in Bill C-15.
In Bill C-15, the government proposes to remove from the Competition Act the requirement for businesses to substantiate their environmental benefit claims based on internationally recognized methodology.
From responses received for the Competition Bureau’s December 2024 draft greenwashing guidelines, there is evidence that the issue arising from the Bill C-59 amendments stems not from the need to substantiate, but from the requirement that the substantiation be made using internationally recognized methodologies.
As such, the removal of the need to substantiate using internationally recognized methodologies is a welcome advancement. However, the lack of methodological parameters creates uncertainty about how claims should be substantiated going forward.
Bill C-15 offers an important opportunity to address the issues arising from the Bill C-59 amendments. We suggest that some boundaries to the methodological requirements of substantiation be included whilst maintaining flexibility.
Specifically, the act should require claims to be substantiated using credible, robust and science-based methodologies which are appropriate for the claims being made. Being more flexible in how companies substantiate their environmental claims would still protect consumers from greenwashing whilst reducing the litigation risk that companies envisage under the current requirements; however, it is still important to establish a framework that defines the parameters for what constitutes an appropriate basis for adequate and proper substantiation.
Thank you. I’m happy to take your questions.
The Chair: Thank you.
Senator Varone: I have a simple question. Is a company name a contravention of substantiating in terms of greenwashing? I’ll give you an example. Green For Life, or GFL, is quite a substantial enterprise and moving across the country. They call themselves “Green For Life,” but they’re garbage pickup guys in Toronto. They have a litany of violations. All you have to do is Google them and they’re in contravention of every type — whether it be soil remediation, excessive dumping or selling illegal chemicals to other companies — but they keep the name Green For Life.
There’s a bunch of diesel fuel companies that now claim to be clean diesel because they incorporate biodiesel at 3% or 5%.
At what point in time does a name reflect what it is they do? Are we going backwards in terms of the substantiating aspect when it relates to corporate names?
Ms. Tooze: That’s a fantastic question and a tricky one.
In Canadian law, it would be difficult for me to say. I know from experience with Australian and U.K. law that even a branding or a logo could be perceived as greenwashing if it’s giving the wrong impression, if you will. I think there is a point to be made that a name could be greenwashing. It would need to be substantiated in some way.
We are looking at very broad claims that are also being made by companies, maybe not in their names but in other ways, such as “We were on track for net zero.” These broad claims need to be substantiated, so I don’t see why a name shouldn’t be substantiated as well.
Senator Varone: Thank you.
Senator Fridhandler: I’m a skeptic that this change to the greenwashing provision will advance consumer information. I think many companies that took their disclosure down based on the original greenwashing legislation will not be enticed to put any information back up, so you will have a void in information. I need to do my research on the ground, but if you have any information on that, I’d appreciate the relative reaction; I’m probably talking mostly about the energy industry in that regard.
You suggested that the phrase “adequate and proper substantiation” was not substantiation enough for you to see in the legislation. I believe that over time, to the extent that there are issues around that, the body of case law or decisions will develop so that it becomes clearer.
If you have a better approach — and you suggested you wanted to see more details — I’d ask that you provide us in writing what you believe needs to be added to this provision in the legislation so that you would be satisfied. Let me leave the first question with you. The second is just a request.
Ms. Tooze: Absolutely. I agree with your cynicism, shall we say, when it comes to the disclosures. Innovation, Science and Economic Development Canada is in agreement as well — I’ve had conversations with them — and they feel that Bill C-59 has been used as an excuse for certain companies not to disclose voluntarily.
I think there is some element where with certainty being provided, companies would be willing to open up disclosures. But again, we don’t know that for sure. There are energy companies that have said they will not disclose until Bill C-59 has been repealed completely. I can see your point there. I think we’re all trying to be a little positive and hopeful that this will make a substantive change, but we don’t know for sure. And I agree with you that there will still be certain sectors and companies that will choose not to disclose. That will fall on the investors, I would feel, to put pressure on those companies if they want to see those types of disclosures.
As for the request, I have sent through a letter that I sent to the finance minister — and I can send that directly to you, if you’d like — which details how those provisions would look in our minds. It would not be strict. We just want something put in place where it needs to be science-based, substantive or rigorous for the claims being made, if you will.
[Translation]
Senator Henkel: Welcome, Ms. Tooze, and congratulations on the work you are doing, which is extremely useful.
My question is on the role of private parties. Currently, several NGOs and businesses can challenge greenwashing before the Competition Tribunal. Section 43 would eliminate these private proceedings. Only the Competition Bureau would then be able to intervene. By removing these external channels, would we not be making it more difficult to challenge greenwashing, since it would depend entirely on the priorities and resources of a single body?
[English]
Ms. Tooze: Thank you, senator. That is a fantastic question.
CCLI itself doesn’t really take a stand on this. I have had several conversations with colleagues, especially within the academic realm, who feel there is a limiting of access to justice from removing private party right of actions.
I feel personally that the right of private party actions was not a huge element. The bureau acts as a gatekeeper for vexatious claims in a number of ways, which is a good position to have. I can understand that non-governmental organizations, or NGOs, would want to maybe bring claims directly, but they would still be faced with a tribunal needing to prove it’s in the public interest to do so.
From the work that I’ve done, I don’t personally feel that there is a huge problem with removing that except that it might make disclosures with regard to climate information more accessible and more open again.
[Translation]
Senator Henkel: Thank you. In your opinion, does the Competition Bureau have the necessary expertise and capacity, and does it have a sufficient mandate to effectively detect, analyze, and prosecute climate greenwashing in complex sectors such as mining, energy, and agri-food?
[English]
Ms. Tooze: That is a difficult question to answer. I don’t know the Competition Bureau on any level, and I wouldn’t want to speculate as to their expertise. I have spoken to several people within that realm, but I would not want to speculate on what their expertise is.
I would hope they would get additional expertise in, if needed, on an investigation. To me, that would make sense, but I wouldn’t want to speculate. Sorry, senator.
[Translation]
Senator Henkel: I understand. This is not a problem. It’s just that, now, the Competition Bureau is the one making all the decisions.
Does this office have sufficient power and expertise to take legal and private action today? We are removing access to referral to the courts. As for the regulatory and legal aspects, only this office has the right to decide whether a dispute will be dealt with legally or privately. That is my concern.
[English]
Ms. Tooze: Yes, it would fall directly on the bureau. I feel that my colleagues at the Competition Bureau do have the expertise to make those recommendations. They have been doing so for many years. They would be able to speak to the client who is bringing those claims as to what their concerns are. They have that expertise, and they would be able to bring those claims. It’s important because the tribunal could be really burdened, overly so, with vexatious claims or claims that don’t meet the standard that is necessary to move forward to the tribunal.
Senator Wallin: I just want to follow up on a statement. I think you said a couple of times that there are companies that have used Bill C-59 as an excuse not to disclose. Do you have evidence of that? Do you have companies in mind? Who are you referring to?
Ms. Tooze: Well, there is a lot of disagreement out in this sphere as to the level that companies are not disclosing because of Bill C-59. When I speak to investors, they are finding that the companies they invest in have retracted or withdrawn their climate-related disclosures. However, when speaking to other groups and organizations that deal with disclosures and tracking those disclosures, they are not finding that there is a significant problem.
There’s a little bit of a balance or a differentiation there. Specifically, we know that energy companies like Pathways Alliance have done so, and they’ve stated categorically that they have removed those disclosures because of Bill C-59, but there aren’t any —
Senator Wallin: That’s a separate issue. I’m not sure I get it. They have said it’s too difficult and too risky to meet the objectives of the legislation, so they have pulled back even basic advertising. Is that what you want to be the result?
Ms. Tooze: No, not at all. I won’t speak to the advertising perspective. The main problem is climate-related disclosures.
The Task Force on Climate-related Financial Disclosures, or TCFD, or sustainability reports don’t fall within the scope of securities regulators because it’s not mandatory according to securities regulators, so they end up in this little purgatory place, if you will, between the regulation of securities and whether those disclosures would then fall within the remit as advertising of Bill C-59 and the Competition Bureau. A lot of companies have withdrawn those climate-related sustainability disclosures on that basis.
Senator Wallin: Right, but this is a serious allegation you’re making that they’re trying to avoid the law somehow. I’m just looking for substantiation on that.
Ms. Tooze: Sorry, I would not want it to look like an allegation. Specifically, Innovation, Science and Economic Development Canada has come to me and said that they felt like they were using it as an excuse not to disclose. Personally, I don’t know, but I have had conversations with them.
Senator Wallin: That was what I was trying to get at. I raise it in part because governments have made claims about their net-zero status, which even climate groups that they fund have said are not true. Even former ministers have said they haven’t met their promises and their commitments under the Conference of the Parties, or COP, for example. Are they impacted at all?
Ms. Tooze: That’s a very good question.
Senator Wallin: Is government subject to the same rules?
Ms. Tooze: They should be if they’re not.
Senator Wallin: My question is: Are they?
Ms. Tooze: I don’t know is the honest answer.
Senator Wallin: Okay. The other question I wanted to follow up on is that you said you wanted all of this information to be substantiated according to internationally recognized methodology with credible and robust sources and for it to be rigorous, science-based, et cetera. Is there some international standard that meets all of those things that everybody has agreed on?
Ms. Tooze: Just to clarify, I am happy that the “internationally recognized methodology” requirement has been removed. The Canada Climate Law Initiative is very pleased with that. We are happy that the law is not as narrow as it was.
As to any particular kinds of methodologies, we don’t want the law to be so narrow that we’re setting a list. We would want methodologies that are provenly robust and credible. For example, you have the U.K. and Australia, specifically, which require that any kind of scientific papers be widely known, peer-reviewed and independent.
Please don’t misinterpret me. We don’t want very strict parameters on what methodologies can be used. We would just like a little bit of guidance or specificity as to what kind of methodologies should be used. We don’t want somebody making up a methodology of their own, putting it out there and using it to justify their claims. We would like the requirement that they are rigorously —
Senator Wallin: Does this something that you’re describing exist?
Ms. Tooze: Sure. There are standards. There are Canadian standards. There are disclosure standards like the Canadian Sustainability Disclosure Standards or the International Sustainability Standards Board standards. These are all standards for disclosure that are recognized.
Senator Wallin: I’ll leave it at that. Thank you.
The Chair: Thank you, senator. Before going to Senator Yussuff with his last question, this reminds me of a conversation from last year when we studied Bill C-59. I think it was with a representative from Pathways Alliance. I found their argument very interesting and relevant. I’m curious to hear your reaction. They expressed concern at that time regarding this internationally recognized methodology. When you go, for example in oil sands, with something very innovative, you have no benchmark or reference. These kinds of things are subject to killing innovation. I’m just curious to hear how you found their argument.
Ms. Tooze: Well, I agree. This is the point. I agree that when it comes to the law, there’s this lovely balance that you have to get right, especially when you’re drafting legislation, between legal certainty and being flexible enough to allow for unforeseen circumstances and changes to the law.
I feel that investors and the public require some kind of idea on what would be substantiation in terms of methodology. What are we looking for, and how does that look in the grand scheme of things? If there’s no public disclosure regarding what those substantiation methods look like and if there’s no framework, there’s just too much uncertainty for everybody. I feel that nobody really understood what internationally recognized methodologies were, so you can’t disclose and substantiate according to something you don’t understand.
I agree with the companies. I understand what the companies are looking for. I’m here not fighting against them. I want them to be able to disclose, and I want them to feel comfortable disclosing. That also falls with investors and the public. I want them to be able to understand the disclosures that they’re getting.
The Chair: Thank you for your answer. I think this debate is not over yet because it’s a trade-off between customer protection, public information and this innovation. If you think about oil sands, we have no benchmark worldwide, and they want to innovate. We will see.
Senator Yussuff: Thank you for being here as a witness.
Does this change leave a big void for Canadians to understand how they can look at a company’s responsibility and disclosure? Now they’re not going to know because there’s no reference.
Does this really create a challenge for investors in the country and consumers who are patronizing companies for a variety of reasons? Is this going to cause some undue harm because we don’t have a reference anymore that can help us guide companies in the right direction in their climate obligations but also equally allow the public to know this so that they can make wise decisions, whatever those decisions might be?
Ms. Tooze: Thank you for your question.
Yes, I agree 100%. When making decisions, consumers and investors require robust, comparable — which is important — and credible disclaimers and representations as well as disclosures. Without those boundaries to methodological requirements, consumers and investors face difficulty in determining how reliable claims are. Again, to use the example of our trading partners, the U.K. and Australia, they require all of the substantiation evidence to be publicly available to consumers and investors. I still worry that it will be too complex for some consumers and investors to understand, but at least it’s there for NGOs and other climate groups that understand it to drive it forward on consumers’ behalf and on investors’ behalf.
Senator Yussuff: In the short term, we’re guessing here because we don’t know what the government is thinking more broadly as to what is going to guide the country in regard to what will replace what is currently in the law.
I agree with you: If we don’t know what an international methodology is, I don’t know why we are even using it. Putting that aside, do you think this might now lead to some collaboration so that we can have a common substantiation definition that will help everybody in the context of how we look forward in regard to climate change disclosure?
Ms. Tooze: That would be lovely and ideal.
The issue would be different industries substantiating different claims while needing to use different methodologies. It’s very complex and technical. This is where we could use more of a guideline on what kinds of methodologies we are looking for. There are some that are recognized on some level — it doesn’t have to be international — but we do want emerging methodologies. That would be useful. We don’t want to stifle innovation on any methodologies coming forward.
It is a tricky balance between being flexible but also providing the certainty that we have to get. And having at least some framework that would allow for a standard form of substantiation or methodology for climate disclosures would be wonderful.
When it comes specifically to this issue, I can’t see there being one methodology that would fit all, unfortunately.
Senator Yussuff: Thank you kindly.
The Chair: We appreciate your last few answers, because I think we need this dialogue to continue. It’s not black and white. I referred to oil and gas, but I could refer to the aluminum industry as well when it comes to innovation and industry. If Canada wants to be a leader in innovation, this is very important for us.
Thank you for your testimony. I appreciate it very much.
Colleagues, we need to adjourn this meeting, but we will reconvene in 15 minutes. There are two different meetings. We will see you soon when we continue our study of Bill C-15.
(The committee adjourned.)