Government of Canada / Gouvernement du Canada
Symbol of the Government of Canada

Search

Retail Payment Activities Regulations (SOR/2023-229)

Regulations are current to 2024-06-19

Safeguarding of Funds (continued)

The following provision is not in force.

Marginal note:Evaluation of insolvency protection

  • The following provision is not in force.

    16 (1) A payment service provider referred to in subsection 20(1) of the Act must take measures to ensure the identification of any instance, as soon as feasible after it occurs, in which the end-user funds held by the payment service provider — or equivalent proceeds from any insurance or guarantee referred to in paragraph 20(1)(c) of the Act — would not have been payable to end users had an event referred to in subsection 14(3) of these Regulations occurred.

  • The following provision is not in force.

    Marginal note:Obligations

    (2) The payment service provider must, immediately after identifying such an instance, investigate its root cause and, as soon as feasible, take the necessary measures to prevent similar instances from recurring.

The following provision is not in force.

Marginal note:Independent review

  • The following provision is not in force.

    17 (1) A payment service provider referred to in subsection 20(1) of the Act must ensure that, at least once every three years, a sufficiently skilled individual who has had no role in establishing, implementing or maintaining the safeguarding-of-funds framework, in taking the measures referred to subsection 16(1) or in identifying the instances referred to in that subsection carries out an independent review of the payment service provider’s compliance with subsection 20(1) of the Act and sections 13 to 16 of these Regulations.

  • The following provision is not in force.

    Marginal note:Record

    (2) The payment service provider must obtain a record that sets out the independent reviewer’s name — or, if they carried out the review on behalf of an entity other than the payment service provider, that entity’s name — and the date of the review and describes the review’s scope, methodology and findings.

  • The following provision is not in force.

    Marginal note:Report

    (3) The payment service provider must report any gaps and vulnerabilities that are identified by the independent review, and any measures being taken to address them, to the senior officer referred to in subsection 15(4), if any.

Annual Report

The following provision is not in force.

Marginal note:Submission

  • The following provision is not in force.

    18 (1) For the purpose of section 21 of the Act, a payment service provider that performs retail payment activities in a calendar year must submit the annual report in respect of that year no later than March 31 of the following year.

  • The following provision is not in force.

    Marginal note:Form and manner

    (2) The report must be submitted using the electronic system provided for that purpose by the Bank.

The following provision is not in force.

Marginal note:Contents

  • The following provision is not in force.

    19 (1) For the purpose of paragraph 21(a) of the Act, the prescribed information consists of

    • The following provision is not in force.

      (a) a description of any changes made to the payment service provider’s risk management and incident response framework during the reporting year and the payment service provider’s plans for the framework’s maintenance and implementation;

    • The following provision is not in force.

      (b) a description of the objectives referred to in paragraph 5(1)(a) and the targets and indicators referred to in paragraph 5(1)(b);

    • The following provision is not in force.

      (c) a description of the means by which the payment service provider carried out any assessments referred to in paragraph 5(3)(a) during the reporting year;

    • The following provision is not in force.

      (d) a description of the manner in which the payment service provider carried out any assessments referred to in paragraph 5(4)(c) during the reporting year, including the criteria used;

    • The following provision is not in force.

      (e) a description of the human and financial resources for implementing and maintaining the risk management and incident response framework that were available to the payment service provider during the reporting year;

    • The following provision is not in force.

      (f) a description of roles and responsibilities allocated by the payment service provider in respect of the implementation and maintenance of their risk management and incident response framework during the reporting year;

    • The following provision is not in force.

      (g) a description of the payment service provider’s operational risks in respect of the reporting year, their potential causes and the manner in which they were identified;

    • The following provision is not in force.

      (h) a description of the manner in which the payment service provider classified any assets and business processes for the purpose of paragraph 5(1)(e) during the reporting year;

    • The following provision is not in force.

      (i) a description of the systems, policies, procedures, processes, controls and other means referred to in paragraphs 5(1)(g) and (h) and subsection 5(5) that the payment service provider had in place during the reporting year;

    • The following provision is not in force.

      (j) a description of the plans referred to in paragraphs 5(1)(i) and (j) and the manner in which those plans were maintained and implemented during the reporting year;

    • The following provision is not in force.

      (k) a description of the means by which the payment service provider obtained the approvals required under subsection 5(6) during the reporting year;

    • The following provision is not in force.

      (l) a description of the means by which the payment service provider ensured the availability of its risk management and incident response framework and of the precautions that it took to prevent the unauthorized deletion, destruction or amendment of the framework, as required by section 6, during the reporting year;

    • The following provision is not in force.

      (m) a description of the information and training that the payment service provider ensured was provided under section 7 during the reporting year;

    • The following provision is not in force.

      (n) a description of all reviews under section 8, testing under section 9 and independent reviews under section 10 that the payment service provider carried out or ensured were carried out during the reporting year, as well as a description of the payment service provider’s testing methodology referred to in subsection 9(1); and

    • The following provision is not in force.

      (o) a description of any incidents that the payment service provider experienced during the reporting year.

  • The following provision is not in force.

    Marginal note:Accounts, insurance and guarantees

    (2) For the purpose of paragraph 21(b) of the Act, the prescribed information consists of

    • The following provision is not in force.

      (a) information on any entity that has provided the payment service provider with an account referred to in subsection 20(1) of the Act, including the entity’s name and the name of the regulator responsible for supervising the entity with respect to its adherence to the standards referred to in section 13 of these Regulations;

    • The following provision is not in force.

      (b) the name of any other payment service provider through which the payment service provider has obtained the use of an account referred to in subsection 20(1) of the Act;

    • The following provision is not in force.

      (c) information on any entity that has provided the payment service provider with the insurance or guarantee referred to in paragraph 20(1)(c) of the Act, including the entity’s name and the name of the regulator responsible for supervising the entity with respect to its adherence to the standards referred to in section 14(1)(a) of these Regulations; and

    • The following provision is not in force.

      (d) a description of the terms of any insurance or guarantee referred to in paragraph 20(1)(c) of the Act that the payment service provider holds.

  • The following provision is not in force.

    Marginal note:Holding of end-user funds

    (3) For the purpose of paragraph 21(c) of the Act, the prescribed information consists of

    • The following provision is not in force.

      (a) a description of all of the means, among those set out in paragraphs 20(1)(a) to (c) of the Act, by which the payment service provider safeguards end-user funds and, if applicable, a description of the payment service provider’s trust arrangement with its end users;

    • The following provision is not in force.

      (b) a description of the payment service provider’s safeguarding-of-funds framework referred to in section 15;

    • The following provision is not in force.

      (c) a description of any instance referred to in subsection 16(1) that was identified during the reporting year, its root cause and any measures taken to prevent similar instances from recurring; and

    • The following provision is not in force.

      (d) a description of any independent review that was conducted under section 17 during the reporting year, including the date on which it was conducted, its scope and the name that is set out in the record referred to in subsection 17(2).

  • The following provision is not in force.

    Marginal note:Other information

    (4) For the purpose of paragraph 21(d) of the Act, the prescribed information consists of

    • The following provision is not in force.

      (a) in the case of a payment service provider that has a place of business in Canada,

      • (i) information establishing the payment service provider’s ubiquity and interconnectedness, including

        • (A) the maximum value, expressed in Canadian dollars, of end-user funds that the payment service provider held at any time during the reporting year for each of the following categories of end users:

          • (I) all end users, and

          • (II) end users in Canada,

        • (B) for each month of the reporting year,

          • (I) the average value, expressed in Canadian dollars, of the end-user funds that the payment service provider held at the end of each day for all end users,

          • (II) the average value, expressed in Canadian dollars, of the end-user funds that the payment service provider held at the end of each day for end users in Canada,

          • (III) the average value of the end-user funds, broken down by currency and expressed in that currency, that the payment service provider held at the end of each day for all end users,

          • (IV) the average value of the end-user funds, broken down by currency and expressed in that currency, that the payment service provider held at the end of each day for end users in Canada,

          • (V) the number of electronic funds transfers in relation to which the payment service provider performed a retail payment activity,

          • (VI) the number of electronic funds transfers in relation to which the payment service provider performed a retail payment activity for end users in Canada,

          • (VII) the number of electronic funds transfers, broken down by currency, in relation to which the payment service provider performed a retail payment activity,

          • (VIII) the number of electronic funds transfers, broken down by currency, in relation to which the payment service provider performed a retail payment activity for end users in Canada,

          • (IX) the total value, expressed in Canadian dollars, of all electronic funds transfers in relation to which the payment service provider performed a retail payment activity,

          • (X) the total value, expressed in Canadian dollars, of all electronic funds transfers in relation to which the payment service provider performed a retail payment activity for end users in Canada,

          • (XI) the total value, broken down by the currency in which the electronic funds transfers are made and expressed in that currency, of all electronic funds transfers in relation to which the payment service provider performed a retail payment activity, and

          • (XII) the total value, broken down by the currency in which the electronic funds transfers are made and expressed in that currency, of all electronic funds transfers in relation to which the payment service provider performed a retail payment activity for end users in Canada,

        • (C) the number of end users and end users in Canada for which the payment service provider performed a retail payment activity during the reporting year, and

        • (D) the number of other payment service providers for which the payment service provider performed a retail payment activity during the reporting year and, of those, the number that have a place of business in Canada, and

      • (ii) if the payment service provider holds end-user funds other than in accordance with subsection 20(1) of the Act, information establishing that those end-user funds are deposits accepted by the payment service provider that are insured or guaranteed under an Act of the province in which they are held;

    • The following provision is not in force.

      (b) in the case of a payment service provider that does not have a place of business in Canada, information establishing the payment service provider’s ubiquity and interconnectedness in Canada, including the information referred to in

      • (i) subclauses (a)(i)(A)(II) and (B)(II), (IV), (VI), (VIII), (X) and (XII),

      • (ii) clause (a)(i)(C), in relation only to the payment service provider’s end users in Canada, and

      • (iii) clause (a)(i)(D), in relation only to other payment service providers that have a place of business in Canada;

    • The following provision is not in force.

      (c) a description of any significant change referred to in subsection 22(1) of the Act that was made by the payment service provider during the reporting year and any retail payment activity that the payment service provider began or ceased to perform during that year;

    • The following provision is not in force.

      (d) a description of any change to the payment service provider’s use of third-party service providers during the reporting year;

    • The following provision is not in force.

      (e) a description of any change to the payment service provider’s use of agents or mandataries during the reporting year;

    • The following provision is not in force.

      (f) a description of the payment service provider’s record-keeping practices during the reporting year; and

    • The following provision is not in force.

      (g) a description of the payment service provider’s financial metrics for the reporting year, including its revenues, gross profits or losses, operating profits or losses, assets, liabilities and equity.

  • The following provision is not in force.

    Marginal note:Definition of reporting year

    (5) In this section, reporting year means the calendar year in respect of which an annual report is submitted.

Significant Change or New Activity

The following provision is not in force.

Marginal note:Notice to Bank

  • The following provision is not in force.

    20 (1) The notice referred to in subsection 22(1) of the Act must

    • The following provision is not in force.

      (a) be given to the Bank at least five business days before the day on which the payment service provider makes a significant change in the way it performs a retail payment activity or the day on which it performs a new retail payment activity;

    • The following provision is not in force.

      (b) be submitted using the electronic system provided for that purpose by the Bank; and

    • The following provision is not in force.

      (c) include

      • (i) the payment service provider’s name,

      • (ii) the name, phone number and email address of an individual who may be contacted regarding the significant change or new activity,

      • (iii) a description of the change or new activity to be performed,

      • (iv) the reason for the change or new activity,

      • (v) the date on which the change is to be made or the new activity is first to be performed,

      • (vi) the payment service provider’s assessment of the effect that the change or new activity will have on its operational risks and on the manner in which end-user funds are safeguarded, both during and following implementation of the change or new activity,

      • (vii) a list and summary of all of the payment service provider’s documentation, including in relation to its risk management and incident response framework, that has been amended or created to reflect the change or new activity, and

      • (viii) if the payment service provider has senior officers, an indication that the change or new activity has been approved by a senior officer.

  • The following provision is not in force.

    Marginal note:Definition of business day

    (2) For the purpose of paragraph (1)(a), business day means a business day of the Bank.

Table of Contents

 

Date modified: