Skip To Content

Financial services regulation in 2021: Back to business

Author(s): Victoria Graham, Elizabeth Sale, Lawrence E. Ritchie

Dec 13, 2021

After the tumult of 2020, 2021 was marked by a return to regulatory functions, as well as growth in key areas. While a full return to “normal” remains on the horizon, stop-gap and emergency measures began to make way in 2021 for renewed priorities for medium- and long-term planning. The message from regulators and industry alike is clear – normal or not, they are back to business. Below we highlight some of the notable developments from the past year.

Anti-money laundering

On June 1, 2021, major amendments to the regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) came into force, together with new and updated guidance from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). These changes effected a sizeable overhaul of the AML regulatory landscape in Canada and finalized the legislative and regulatory amendment process that began in 2019.

Key changes introduced in June include a number of new virtual currency obligations, such as requirements for reporting large virtual currency transactions and suspicious transactions pertaining to virtual currency. Additionally, new recordkeeping obligations were imposed, together with new requirements for casinos, financial entities and money services businesses to comply with the travel rule reporting requirement for virtual currency transfers.

The amendments also included new obligations to screen for and take certain measures with respect to politically exposed persons and heads of international organizations. Foreign money services businesses are now required to comply with the full suite of requirements under the PCMLTFA. Compliance obligations for financial entities in relation to prepaid payment products now align with other account-based obligations that financial entities already have, such as identity verification for account holders and account users, suspicious transaction reporting, recordkeeping, etc.

All entities with obligations under the PCMLTFA must now comply with beneficial ownership determination requirements. Amendments were also made to the requirements related to recordkeeping and reporting, the implementation of the 24-hour rule, business relationship screening, ongoing monitoring requirements and identification methods for know-your-client checks.

For additional details regarding these and other changes under the PCMLTFA as of June 1, 2021, please refer to our Client Guide that we published earlier in 2021 to help clients navigate the new regime. Further information regarding the impact of these rules as they apply to virtual currencies can be found in our article Decoding crypto – Providing regulatory clarity to cryptoasset businesses.

Also noteworthy in the AML space was the Government of Canada’s funding announcement for a new beneficial ownership registry for corporations in Canada. Additional details are included in our article White-collar defence: Increasing risks and enforcement activity

Meanwhile at the provincial level, on June 3, 2021, Québec passed Bill 78, An Act mainly to improve the transparency of enterprises, which makes beneficial ownership information available on Québec’s existing corporate registry.

Payments regulation activity picks up speed

Retail Payment Activities Act

The Retail Payment Activities Act (RPAA) was introduced in the federal budget bill released on April 19, 2021 and approved by Parliament on June 29, 2021. When it comes into force, the RPAA will represent a sea change in the payments sector, which to date has been lightly regulated in Canada outside banks and other regulated financial institutions.

The RPAA positions payments as a matter of federal jurisdiction. Its preamble states that it is in the national interest to address the national security risks posed by payment service providers (PSPs) and to mitigate operational risks and safeguard end-user funds. The RPAA will apply to retail payment activities performed by PSPs that have a place of business in Canada or that direct retail payments activities at individuals or entities in Canada, subject to key exclusions. Excluded from the new regime are entities whose payment functions are incidental to other services or business activities, regulated financial entities, prepaid payment products, ATM transactions, transfers made using designated systems, certain eligible financial contracts and securities transactions, and agents and mandataries of PSPs. 

Many steps are still required, including the adoption of regulations to implement the new statutory framework, as well as publication of regulatory guidance. At a minimum, the RPAA will require PSPs to register with the Bank of Canada, mitigate operational risks, safeguard user funds and notify the Bank of Canada of incidents with material impacts on end users, other PSPs or clearing houses. Additional information about the RPAA can be found in our Osler Update.

Payments modernization

As part of its ongoing payments modernization initiative, on September 1, 2021, Payments Canada announced the initial launch of Lynx, which replaces the Large Value Transfer System for clearing and settling high-value payments. Lynx processes large-value wire payments with real-time settlement and provides enhanced cybersecurity capabilities.

A second release of the Lynx system, currently slated for late 2022, will introduce the ISO 20022 global payments message standard for large-value payments. By adopting this standard, Lynx will support Canadian financial institutions’ compliance with the ISO 20022 global requirements which take effect in November 2022. Additionally, adopting the ISO 20022 messaging standard will allow for greater insight into cash management, reduction of manual processes and increased visibility into the value chain.

On September 28, 2021, Payments Canada announced that Citibank, N.A. had become a Lynx participant, along with the 16 other participating financial institutions that were part of the initial Lynx launch. Meanwhile, Peoples Trust was approved by Payments Canada to become a new direct clearer on Payments Canada’s retail batch system, the Automated Clearing Settlement System (ACSS).

Industry participants should watch closely in 2022 for the implementation of the new real-time payments system, Real-Time Rail (RTR). The RTR is a hallmark payments modernization project of Payments Canada. If RTR follows similar trends to Lynx, it may be that more participants could gain access to the system under a framework to be established under the RPAA.

Open banking

On August 4, 2021, the Advisory Committee on Open Banking (the Advisory Committee) released its Final Report, including 34 recommendations for the implementation of an open banking system in Canada together with an 18-month roadmap to implementation. The Final Report recommends common rules to ensure consumer protection with a focus on liability, privacy and security, an accreditation system for third-party service providers entering the open banking system and technical specifications to ensure safe and efficient data transfer.

To implement this framework, the Advisory Committee recommended a two-staged approach. The first stage sets a January 2023 target date for the initial rollout of a low-risk system with limited scope and functionality. It then leaves room to expand the scope following the initial implementation period.

Although a basic framework has now been recommended, many steps remain before the proposed open banking framework could be implemented in Canada. For further information about the Advisory Committee’s report, please see our Osler Update.


The explosive growth in the use of cryptocurrency and digital assets has enormous implications for the financial services industry. At this time, new regulation specifically targeting this space has been largely driven by the securities regulators (apart from AML, as discussed above). Learn more about cryptocurrency regulation can be found in our article Decoding crypto – Providing regulatory clarity to cryptoasset businesses.

We expect increasing pressure on more traditional financial regulation as this growth continues.

Federal Financial Consumer Protection Framework

After much anticipation, June 30, 2022 was fixed as the day the remainder of the Bank Act amendments comprising the new Financial Consumer Protection Framework (Framework) for banks and authorized foreign banks will finally come into force. Following that announcement, the Financial Consumer Protection Framework Regulations were published on August 18, 2021 and will come into force alongside the Framework. These regulations, as expected, largely prescribe details to fill the gaps left open by the Framework and incorporate the pre-existing consumer protection regulations. Additional information about the Framework can be found in our Osler Update.

OSFI guidelines and advisories

In August 2021, the Office of the Superintendent of Financial Institutions (OSFI) released a new Technology and Cyber Security Incident Reporting Advisory (Advisory), which prescribes requirements for federally regulated financial institutions to disclose and report technology and cybersecurity incidents to OSFI. The Advisory makes a number of dramatic departures from the previous advisory, including a different reporting period timeframe, lower reporting thresholds for technology or cybersecurity incidents and greater enforcement powers for OSFI.

In November 2021, OSFI published a Draft Guideline B-13 Technology and Cyber Risk Management, which includes a number of new requirements intended to promote and develop federally regulated financial institutions’ technology and cyber resilience. A three-month public consultation is seeking feedback regarding the clarity of the new requirements and the application of the new expectations to institutions of different sizes and scopes, among other categories.

Changes to Guideline B-10 Outsourcing of Business Activities, Functions and Processes are also forthcoming, and are expected to deal with the flow-down of risks to third parties during outsourcing arrangements. Taken together, these changes exemplify the trend in 2021 towards an increased focus on the operational risks that financial service providers face, and the measures they will be expected to take to address these operational risks.

OSFI also released several guidance updates in 2021. The Draft Pillar 3 Disclosure Guideline for Small and Medium-Sized Banks was released in August 2021 and will take effect November 1, 2022. The guideline will serve as a comprehensive guide to OSFI’s expectations for the Pillar 3 disclosure requirements for small and medium-sized banks. In July 2021, OSFI released Guideline E-4 Foreign Entities Operating in Canada on a Branch Basis. This guideline reflects new amendments to the location of records requirements in the Insurance Companies Act and the Bank Act. There is a six-month transition period for compliance with the guideline, which ends in January 2022.

OSFI also issued several guidance documents that will take effect November 1, 2022 or January 2023, depending on the institution’s fiscal year. These updates are intended to align with international standards. These include the Draft Capital Adequacy Requirements Guideline that makes a number of changes to capital targets, introduces new operational risk capital rules and provides for a reduction of credit risk capital requirements, among other changes. In addition, OSFI issued the Draft Leverage Requirements Guideline that applies a leverage ratio buffer to domestic systemically important banks and makes other changes to the leverage requirements. Finally, OSFI issued the Liquidity Adequacy Requirements Guideline that enhances the net cumulative cash flow requirements and changes certain reporting timelines. OSFI also proposed a new instrument that provides guidance for institutions using the Basel III Standardized Approach for Operational Risk in Canada. A Proposed Operational Risk Capital Data Management Expectations has been published as well, though no timeframe has been provided for its implementation.

Financial title protection regimes

The movement towards financial title protection continues to gain momentum following Ontario’s introduction of the Financial Professionals Title Protection Act in 2019 and Saskatchewan’s Financial Planners and Financial Advisors Act in 2020. In May 2021, the Financial Services Regulatory Authority of Ontario (FSRA) released for public consultation an updated proposed title protection framework for financial planners and advisors. The Financial and Consumer Affairs Authority of Saskatchewan followed Ontario’s lead shortly thereafter, releasing proposed regulations for public comment in July 2021. When the Ontario and Saskatchewan title protection regimes are operational, anyone who uses the titles  “Financial Planner,” “Financial Advisor” or specified similar titles in either jurisdiction will be required to hold appropriate credentials from a credentialling body approved by the regulator.

No in-force date has yet been announced for either the Ontario or Saskatchewan titling regimes, but the trend towards regulation of financial titles is apparent: New Brunswick has now also recently concluded its own public consultation regarding a framework for the protection of titles used by financial professionals as of October 25, 2021. Further information can be found in our blog post on, Movement towards financial title regulation expands across Canada.

Fair treatment of customers

FSRA issued a new fair treatment of customers in insurance approach (the Approach) which came into effect on January 1, 2021. The Approach adopts the joint guidance issued by the Canadian Council of Insurance Regulators and Canadian Insurance Services Regulatory Organizations to streamline the requirements for the fair treatment of customers for insurers and insurance intermediaries licensed in Ontario.

Under the Approach, Ontario insurers and insurance intermediaries are required to adhere to sound business practices; exemplify ethical, good-faith behaviour in dealings with customers; manage conflicts of interest; and manage outsourcing arrangements. They must also provide appropriate customer disclosures before and at the point of sale; provide accurate, clear and not misleading marketing; provide relevant advice taking into account the customer’s circumstances; handle and settle claims in a diligent and fair fashion; and protect personal information, among other requirements. Further details about the Approach are available in our blog post on, FSRA streamlines fair treatment of customers approach for insurance industry.

What’s next?

A key theme of financial services regulation in 2021 was the convergence of various different reforms and initiatives aimed at regulating discrete parts of the financial ecosystem that had been previously unregulated or lightly regulated. These include cryptocurrency, PSPs, foreign money services businesses and open banking. These reforms are being driven by the significant evolution of the financial services industry, particularly in the payments space. While these changes may subject industry participants to additional burdens and competing standards, expanded regulatory oversight over participants in the new ecosystem could also translate into enhanced opportunities to access new frameworks such as the Real-Time Rail. Certainly, there will be more to come in 2022.