CashNews.co
With the Retail Payment Activities Act (RPAA) set to
significantly reshape the regulation of payment service providers
in Canada, the time to prepare is now. Starting on November 1,
2024, all Payment Service Providers (PSPs) engaging in retail
payment activities in Canada will be required to register with the
Bank of Canada. This overview has been created specifically to help
you navigate these new requirements and ensure your organization is
ready.
Below, we break down who falls under the scope of the RPAA, what
compliance obligations PSPs must meet, and the critical
implementation timeline you need to follow. With fast-approaching
deadlines and stringent compliance expectations, it’s crucial
to understand what is required to avoid penalties and maintain
trust in Canada’s evolving retail payment landscape.
What is the Retail Payment Activities Act (RPAA)?
The RPAA introduces a robust framework for the supervision of
PSPs in Canada in 2024. This regime is designed to enhance the
security and integrity of retail payment systems, ensuring that
they operate safely and efficiently.
The regulator under the RPAA, the Bank of Canada, continues to
release guidance on the RPAA regime on its Retail Payments Supervision page including
various fictional case scenarios that reflect the Bank of
Canada’s interpretation of the RPAA’s requirements.
Watch our on-demand webinar to learn
more.
Who needs to register under the RPAA?
The RPAA requires PSPs to register with the Bank of Canada by
November 15, 2024 at the latest.
How does the RPAA define Payment Service Provider (PSP)?
The RPAA applies to a broad range of entities involved in retail
payment activities. The RPAA defines PSPs as individuals or
entities that perform one or more of the five payment functions
outlined in the RPAA. These functions include:
What is the geographic scope of the RPAA?
The RPAA covers PSPs with a place of business in Canada. It also
extends to those outside Canada that direct their services at
Canadian end users or perform retail payment activities for
them.
Which entities and activities are excluded from the RPAA?
Certain entities and activities are excluded from the RPAA’s
requirements. These include, among others, banks, credit unions,
insurance companies, and other entities already regulated under
federal or provincial financial institution statutes. Incidental
activities, securities related transactions, and internal and
closed loop transactions are among the list of activities that are
excluded from the application of the RPAA.
How do Payment Service Providers (PSPs) comply with the
RPAA?
Registered PSPs must adhere to stringent compliance requirements
aimed at mitigating operational risks and protecting end-user
funds. Key compliance obligations include:
- Operational risk management: PSPs must
establish a comprehensive framework to manage operational risks.
This includes:
- Identifying and assessing risks.
- Implementing controls to mitigate identified risks.
- Protecting assets and data.
- Developing and maintaining incident response plans.
- Incident response and reporting: PSPs are
required to report any incidents that have a material impact on end
users or other PSPs. This ensures transparency and allows for
timely corrective actions. - Safeguarding end-user funds: PSPs that hold
end-user funds must ensure these funds are adequately protected.
This can be achieved by:
- Holding funds in trust accounts.
- Using segregated accounts with insurance or a guarantee.
- Implementing measures to prevent unauthorized access or use of
funds.
- Mandatory reporting: PSPs must submit annual
reports to the Bank of Canada. These reports should detail the
PSP’s compliance with operational risk management and fund
safeguarding practices. This ongoing reporting ensures continuous
oversight and accountability.
What’s next?
The RPAA’s implementation is phased, with several critical
milestones approaching rapidly. PSPs must act swiftly to ensure
compliance with the new regulations:
Taking the necessary steps to comply with the RPAA will not only
help avoid potential penalties but also enhance the trust and
security of Canada’s retail payment systems. For more detailed
information, contact the authors or a member of our FSxT Group.
Read the original article on GowlingWLG.com
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.