Government of Canada / Gouvernement du Canada
Symbol of the Government of Canada

Search

Retail Payment Activities Regulations (SOR/2023-229)

Regulations are current to 2024-10-30

Safeguarding of Funds (continued)

The following provision is not in force.

Marginal note:Safeguarding-of-funds framework

  • The following provision is not in force.

    15 (1) A payment service provider that holds end-user funds must establish, implement and maintain a written safeguarding-of-funds framework that conforms to subsections (2) to (5) for the purpose of ensuring that

    • The following provision is not in force.

      (a) end users have reliable access without delay to the end-user funds that are being held by the payment service provider; and

    • The following provision is not in force.

      (b) if an event referred to in subsection 14(3) occurs in respect of the payment service provider, those end-user funds, or proceeds of the insurance or guarantee referred to in paragraph 20(1)(c) of the Act, are paid to end users as soon as feasible.

  • The following provision is not in force.

    Marginal note:Contents

    (2) The safeguarding-of-funds framework must describe the payment service provider’s systems, policies, processes, procedures, controls and other means for meeting the objectives referred to in subsection (1), including

    • The following provision is not in force.

      (a) those in relation to the payment service provider’s use of liquidity arrangements and its holding of end-user funds in the form of secure and liquid assets;

    • The following provision is not in force.

      (b) a requirement to keep a ledger, which is to be identified and classified as an asset in accordance with paragraph 5(1)(e), that sets out

      • (i) the name and contact information of each end user whose funds are held by the payment service provider, and

      • (ii) the amount of funds belonging to each of those end users that is held by the payment service provider at the end of each day; and

    • The following provision is not in force.

      (c) in respect of the objective referred to in paragraph (1)(b),

      • (i) the means by which it will be ensured that the insolvency or bankruptcy administrator or trustee or other person appointed to carry out insolvency proceedings as defined in subsection 14(4), or the insurance or guarantee provider, as the case may be, is able to

        • (A) access all relevant records or documentation in relation to end-user funds,

        • (B) contact end users as soon as feasible, and

        • (C) identify any errors or deficiencies in the payment service provider’s ledger of end-user funds and address any shortfall in the funds to be returned to each end user,

      • (ii) the procedures to be followed to return funds to end users, and

      • (iii) the role of any of the payment service provider’s agents, mandataries or third-party service providers in facilitating the execution of the tasks referred to in subparagraphs (i) and (ii).

  • The following provision is not in force.

    Marginal note:Legal risks and operational risks

    (3) The safeguarding-of-funds framework must identify legal risks and operational risks that could hinder the meeting of the objectives referred to in subsection (1) and the means of mitigating those risks, including having regard to

    • The following provision is not in force.

      (a) the jurisdictions in which the payment service provider, its end users, the providers of the accounts in which it holds end-user funds and, if applicable, its insurance or guarantee providers are located;

    • The following provision is not in force.

      (b) the identity of the payment service provider’s account providers and, if applicable, its insurance or guarantee providers;

    • The following provision is not in force.

      (c) the terms of the payment service provider’s trust arrangements with its end users, if applicable; and

    • The following provision is not in force.

      (d) the terms of the payment service provider’s insurance policies or guarantees, if applicable.

  • The following provision is not in force.

    Marginal note:Identification of senior officer

    (4) The safeguarding-of-funds framework must, unless the payment service provider is an individual, identify a senior officer who is responsible for overseeing the payment service provider’s practices for safeguarding end-user funds and for ensuring the payment service provider’s compliance with sections 13 to 17 of these Regulations and subsection 20(1) of the Act.

  • The following provision is not in force.

    Marginal note:Approval

    (5) The safeguarding-of-funds framework must be approved

    • The following provision is not in force.

      (a) by the senior officer, if any, at least once a year and following each material change that is made to the framework; and

    • The following provision is not in force.

      (b) by the payment service provider’s board of directors, if any, at least once a year.

  • The following provision is not in force.

    Marginal note:Review of framework

    (6) The payment service provider must review, at the following times, the safeguarding-of-funds framework to ensure the framework’s conformity with subsections (2) to (5) and its effectiveness at meeting the objectives referred to in subsection (1):

    • The following provision is not in force.

      (a) at least once a year;

    • The following provision is not in force.

      (b) after any change to the means, among those set out in paragraphs 20(1)(a) to (c) of the Act, by which the payment service provider safeguards end-user funds; and

    • The following provision is not in force.

      (c) after any of the following changes, if they could reasonably be expected to have a material impact on the manner in which end-user funds are safeguarded:

      • (i) the opening or closure of any account in which the payment service provider holds end-user funds,

      • (ii) a change in the entity that provides any account in which the payment service provider holds end-user funds,

      • (iii) a change to the terms of the account agreement in respect of any account in which the payment service provider holds end-user funds, or

      • (iv) in the case of a payment service provider that holds funds in accordance with paragraph 20(1)(c) of the Act, a change in its insurance or guarantee providers or to the terms of the insurance policy or guarantee.

  • The following provision is not in force.

    Marginal note:Record

    (7) The payment service provider must, in respect of each review, keep a record of the date on which it is conducted and its scope, methodology and findings.

  • The following provision is not in force.

    Marginal note:Report and approval

    (8) The payment service provider must ensure that the findings of each review are reported to the senior officer referred to in subsection (4), if any, for their approval.

The following provision is not in force.

Marginal note:Evaluation of insolvency protection

  • The following provision is not in force.

    16 (1) A payment service provider referred to in subsection 20(1) of the Act must take measures to ensure the identification of any instance, as soon as feasible after it occurs, in which the end-user funds held by the payment service provider — or equivalent proceeds from any insurance or guarantee referred to in paragraph 20(1)(c) of the Act — would not have been payable to end users had an event referred to in subsection 14(3) of these Regulations occurred.

  • The following provision is not in force.

    Marginal note:Obligations

    (2) The payment service provider must, immediately after identifying such an instance, investigate its root cause and, as soon as feasible, take the necessary measures to prevent similar instances from recurring.

The following provision is not in force.

Marginal note:Independent review

  • The following provision is not in force.

    17 (1) A payment service provider referred to in subsection 20(1) of the Act must ensure that, at least once every three years, a sufficiently skilled individual who has had no role in establishing, implementing or maintaining the safeguarding-of-funds framework, in taking the measures referred to subsection 16(1) or in identifying the instances referred to in that subsection carries out an independent review of the payment service provider’s compliance with subsection 20(1) of the Act and sections 13 to 16 of these Regulations.

  • The following provision is not in force.

    Marginal note:Record

    (2) The payment service provider must obtain a record that sets out the independent reviewer’s name — or, if they carried out the review on behalf of an entity other than the payment service provider, that entity’s name — and the date of the review and describes the review’s scope, methodology and findings.

  • The following provision is not in force.

    Marginal note:Report

    (3) The payment service provider must report any gaps and vulnerabilities that are identified by the independent review, and any measures being taken to address them, to the senior officer referred to in subsection 15(4), if any.

Annual Report

The following provision is not in force.

Marginal note:Submission

  • The following provision is not in force.

    18 (1) For the purpose of section 21 of the Act, a payment service provider that performs retail payment activities in a calendar year must submit the annual report in respect of that year no later than March 31 of the following year.

  • The following provision is not in force.

    Marginal note:Form and manner

    (2) The report must be submitted using the electronic system provided for that purpose by the Bank.

The following provision is not in force.

Marginal note:Contents

  • The following provision is not in force.

    19 (1) For the purpose of paragraph 21(a) of the Act, the prescribed information consists of

    • The following provision is not in force.

      (a) a description of any changes made to the payment service provider’s risk management and incident response framework during the reporting year and the payment service provider’s plans for the framework’s maintenance and implementation;

    • The following provision is not in force.

      (b) a description of the objectives referred to in paragraph 5(1)(a) and the targets and indicators referred to in paragraph 5(1)(b);

    • The following provision is not in force.

      (c) a description of the means by which the payment service provider carried out any assessments referred to in paragraph 5(3)(a) during the reporting year;

    • The following provision is not in force.

      (d) a description of the manner in which the payment service provider carried out any assessments referred to in paragraph 5(4)(c) during the reporting year, including the criteria used;

    • The following provision is not in force.

      (e) a description of the human and financial resources for implementing and maintaining the risk management and incident response framework that were available to the payment service provider during the reporting year;

    • The following provision is not in force.

      (f) a description of roles and responsibilities allocated by the payment service provider in respect of the implementation and maintenance of their risk management and incident response framework during the reporting year;

    • The following provision is not in force.

      (g) a description of the payment service provider’s operational risks in respect of the reporting year, their potential causes and the manner in which they were identified;

    • The following provision is not in force.

      (h) a description of the manner in which the payment service provider classified any assets and business processes for the purpose of paragraph 5(1)(e) during the reporting year;

    • The following provision is not in force.

      (i) a description of the systems, policies, procedures, processes, controls and other means referred to in paragraphs 5(1)(g) and (h) and subsection 5(5) that the payment service provider had in place during the reporting year;

    • The following provision is not in force.

      (j) a description of the plans referred to in paragraphs 5(1)(i) and (j) and the manner in which those plans were maintained and implemented during the reporting year;

    • The following provision is not in force.

      (k) a description of the means by which the payment service provider obtained the approvals required under subsection 5(6) during the reporting year;

    • The following provision is not in force.

      (l) a description of the means by which the payment service provider ensured the availability of its risk management and incident response framework and of the precautions that it took to prevent the unauthorized deletion, destruction or amendment of the framework, as required by section 6, during the reporting year;

    • The following provision is not in force.

      (m) a description of the information and training that the payment service provider ensured was provided under section 7 during the reporting year;

    • The following provision is not in force.

      (n) a description of all reviews under section 8, testing under section 9 and independent reviews under section 10 that the payment service provider carried out or ensured were carried out during the reporting year, as well as a description of the payment service provider’s testing methodology referred to in subsection 9(1); and

    • The following provision is not in force.

      (o) a description of any incidents that the payment service provider experienced during the reporting year.

  • The following provision is not in force.

    Marginal note:Accounts, insurance and guarantees

    (2) For the purpose of paragraph 21(b) of the Act, the prescribed information consists of

    • The following provision is not in force.

      (a) information on any entity that has provided the payment service provider with an account referred to in subsection 20(1) of the Act, including the entity’s name and the name of the regulator responsible for supervising the entity with respect to its adherence to the standards referred to in section 13 of these Regulations;

    • The following provision is not in force.

      (b) the name of any other payment service provider through which the payment service provider has obtained the use of an account referred to in subsection 20(1) of the Act;

    • The following provision is not in force.

      (c) information on any entity that has provided the payment service provider with the insurance or guarantee referred to in paragraph 20(1)(c) of the Act, including the entity’s name and the name of the regulator responsible for supervising the entity with respect to its adherence to the standards referred to in section 14(1)(a) of these Regulations; and

    • The following provision is not in force.

      (d) a description of the terms of any insurance or guarantee referred to in paragraph 20(1)(c) of the Act that the payment service provider holds.

  • The following provision is not in force.

    Marginal note:Holding of end-user funds

    (3) For the purpose of paragraph 21(c) of the Act, the prescribed information consists of

    • The following provision is not in force.

      (a) a description of all of the means, among those set out in paragraphs 20(1)(a) to (c) of the Act, by which the payment service provider safeguards end-user funds and, if applicable, a description of the payment service provider’s trust arrangement with its end users;

    • The following provision is not in force.

      (b) a description of the payment service provider’s safeguarding-of-funds framework referred to in section 15;

    • The following provision is not in force.

      (c) a description of any instance referred to in subsection 16(1) that was identified during the reporting year, its root cause and any measures taken to prevent similar instances from recurring; and

    • The following provision is not in force.

      (d) a description of any independent review that was conducted under section 17 during the reporting year, including the date on which it was conducted, its scope and the name that is set out in the record referred to in subsection 17(2).

  • The following provision is not in force.

    Marginal note:Other information

    (4) For the purpose of paragraph 21(d) of the Act, the prescribed information consists of

    • The following provision is not in force.

      (a) in the case of a payment service provider that has a place of business in Canada,

      • (i) information establishing the payment service provider’s ubiquity and interconnectedness, including

        • (A) the maximum value, expressed in Canadian dollars, of end-user funds that the payment service provider held at any time during the reporting year for each of the following categories of end users:

          • (I) all end users, and

          • (II) end users in Canada,

        • (B) for each month of the reporting year,

          • (I) the average value, expressed in Canadian dollars, of the end-user funds that the payment service provider held at the end of each day for all end users,

          • (II) the average value, expressed in Canadian dollars, of the end-user funds that the payment service provider held at the end of each day for end users in Canada,

          • (III) the average value of the end-user funds, broken down by currency and expressed in that currency, that the payment service provider held at the end of each day for all end users,

          • (IV) the average value of the end-user funds, broken down by currency and expressed in that currency, that the payment service provider held at the end of each day for end users in Canada,

          • (V) the number of electronic funds transfers in relation to which the payment service provider performed a retail payment activity,

          • (VI) the number of electronic funds transfers in relation to which the payment service provider performed a retail payment activity for end users in Canada,

          • (VII) the number of electronic funds transfers, broken down by currency, in relation to which the payment service provider performed a retail payment activity,

          • (VIII) the number of electronic funds transfers, broken down by currency, in relation to which the payment service provider performed a retail payment activity for end users in Canada,

          • (IX) the total value, expressed in Canadian dollars, of all electronic funds transfers in relation to which the payment service provider performed a retail payment activity,

          • (X) the total value, expressed in Canadian dollars, of all electronic funds transfers in relation to which the payment service provider performed a retail payment activity for end users in Canada,

          • (XI) the total value, broken down by the currency in which the electronic funds transfers are made and expressed in that currency, of all electronic funds transfers in relation to which the payment service provider performed a retail payment activity, and

          • (XII) the total value, broken down by the currency in which the electronic funds transfers are made and expressed in that currency, of all electronic funds transfers in relation to which the payment service provider performed a retail payment activity for end users in Canada,

        • (C) the number of end users and end users in Canada for which the payment service provider performed a retail payment activity during the reporting year, and

        • (D) the number of other payment service providers for which the payment service provider performed a retail payment activity during the reporting year and, of those, the number that have a place of business in Canada, and

      • (ii) if the payment service provider holds end-user funds other than in accordance with subsection 20(1) of the Act, information establishing that those end-user funds are deposits accepted by the payment service provider that are insured or guaranteed under an Act of the province in which they are held;

    • The following provision is not in force.

      (b) in the case of a payment service provider that does not have a place of business in Canada, information establishing the payment service provider’s ubiquity and interconnectedness in Canada, including the information referred to in

      • (i) subclauses (a)(i)(A)(II) and (B)(II), (IV), (VI), (VIII), (X) and (XII),

      • (ii) clause (a)(i)(C), in relation only to the payment service provider’s end users in Canada, and

      • (iii) clause (a)(i)(D), in relation only to other payment service providers that have a place of business in Canada;

    • The following provision is not in force.

      (c) a description of any significant change referred to in subsection 22(1) of the Act that was made by the payment service provider during the reporting year and any retail payment activity that the payment service provider began or ceased to perform during that year;

    • The following provision is not in force.

      (d) a description of any change to the payment service provider’s use of third-party service providers during the reporting year;

    • The following provision is not in force.

      (e) a description of any change to the payment service provider’s use of agents or mandataries during the reporting year;

    • The following provision is not in force.

      (f) a description of the payment service provider’s record-keeping practices during the reporting year; and

    • The following provision is not in force.

      (g) a description of the payment service provider’s financial metrics for the reporting year, including its revenues, gross profits or losses, operating profits or losses, assets, liabilities and equity.

  • The following provision is not in force.

    Marginal note:Definition of reporting year

    (5) In this section, reporting year means the calendar year in respect of which an annual report is submitted.

Table of Contents

 

Date modified: