Oversight of National Retail Payments Systems – CPA Submission in Response to Finance Canada

Canadian Payments Association Submission in Response to Finance Canada

June 11, 2015

Note: This submission reflects the views of the Canadian Payments Association and not necessarily those of any one of its individual member institutions.

     1. Introduction & Context

Over the past few years, the Canadian Payments Association (CPA) has been working collaboratively with government, industry and stakeholders on changes to the governance of Canada’s payment system, including setting a new foundation for the CPA through amendments to its enabling legislation – the Canadian Payments Act (CP Act). Throughout this governance review, the CPA has expressed support for the risk-based oversight framework developed by government and certainly welcomes the opportunity to provide further input on a key component of this framework; oversight of national retail payment systems.

Part 1 of our submission provides a brief overview of the CPA and its role in retail payments and summarizes, at a high level, our views on how to balance oversight and innovation in the ‘ways we pay’.Part 2 of this submission addresses the specific questions posed by the government in its consultation paper.1

Role of the CPA

The CPA underpins the Canadian financial system and economy by providing safe, efficient and effective clearing and settlement of payments. As a public-purpose organization, we act in the best interests of the Canadian payments system.

The CPA establishes and operates the core national infrastructure that allows members2 to clear and settle payments made between their customers. Over the past three decades, the CPA has worked with its members, stakeholders and government to make a wide variety of innovative and convenient payment mechanisms available in Canada (e.g. wire payments, shared automated banking machine transactions, electronic funds transfers at the point-of-sale, on-line Internet payments from customer-accounts, pre-authorized debits (PADs), electronic bill payments and direct deposits).

In managing its systems and related operations, the CPA establishes a broad framework of by-laws, rules and standards that govern the daily inter-member exchange of payment items that clear and settle through CPA systems. This framework, which is developed in an open and transparent manner, defines the attributes of payment items acceptable for exchange, as well as the rights, responsibilities, recourse, liability and minimum security requirements for payments that clear through CPA systems such as PADs and debit card transactions.

Through dialogue, consultation, research, policy development and outreach, the CPA works to understand user needs and incorporate their interests into CPA by-laws, rules and standards, as well as its policy frameworks and best practices. For example, the CPA has been involved in developing:

  • Enhanced Pre-Authorized Debit (PAD) rules, providing greater flexibility for consumer redress and recourse, simplified and flexible PAD agreement forms, sample cancellation forms and mandatory disclosure requirements for PAD agreements;
  • Improved disclosure requirements and clearer liability structure and authorization requirements for pre-funded debit arrangements;
  • Incorporating requirements for debit transactions related to holding of funds in segregated accounts; and
  • Flexible rules governing cheque image exchange that enable the industry to offer remote deposit capture and that set out clear recourse provisions.

In developing rules that accommodate customer-facing payment products, the industry often looks to the CPA to play a role in ensuring that end-user protection is being considered.

High Level Summary of CPA Views

The CPA offers the following high level views on the oversight of national retail payment systems:

  • Establish an oversight framework for national retail payment systems in enabling legislation (similar to what has been done for prominent systems under the Payment Clearing and Settlement Act), setting out clear oversight objectives and desired outcomes. The oversight framework for systemic, prominent and national retail payment systems should come together in a way that efficiently promotes the public policy objectives and avoids undue duplication of oversight.
  • Identify an appropriate oversight authority(ies) with a system-wide view. To develop an effective oversight framework, the functions and risks within the national retail payment system must be identified and understood. Presently, there is no body that deeply understands how the retail payments market is evolving and the risks and interdependencies between and across individual payments systems or functions.
  • Once the functions and risks are understood and the high-level framework has been established, the government will be better positioned to identify the appropriate oversight measures. The oversight measures should be risk-based, determined by function, applied in a systematic and consistent manner and flexible to adapt to market developments.

With consumer protection gaps for retail payments being addressed by the oversight framework, the CPA will be better positioned to coordinate with members, stakeholders and public authorities to implement measures that are appropriate in the context of the CPA’s mandate. By way of illustration, if market conduct risk and subsequent mitigation measures are addressed through other arrangements that apply to all payments, the CPA could focus its rules, standards and/or guidelines on addressing system-wide operational and efficiency risks related to payments, clearing and settlement.

    2. Oversight of National Retail Payment Systems

2.1 Risks to Address

Are the risks identified posed by “national retail payment systems” comprehensive? Should other risks be included?

The CPA believes that the three broad categories of operational, market conduct and efficiency risks identified in the Consultation paper are comprehensive.

Risks are also posed by systems or providers that are multi-jurisdictional (e.g. payment services provided within Canada, but the funds or payment information is held outside of Canada). The CPA believes that these systems should fall within the scope of oversight and the government should consider how this can be achieved.

Are there other measures that should be considered to address these risks?

The list of oversight measures included as examples in the Consultation paper (e.g. transparency/disclosure rules, privacy guidelines, segregation of funds requirements) are viable options in Canada.

In our view, enabling legislation is needed to establish the framework for oversight of national retail payment systems (similar to what has been done for prominent systems under the PCSA), setting out clear oversight objectives and desired outcomes. The oversight framework for systemic, prominent and national retail payment systems should come together in a way that efficiently promotes the public policy objectives and avoids undue duplication of oversight.

While the objectives, authority and powers of oversight for national retail payment systems should be codified in legislation, the specific oversight measures should be implemented in more flexible tools or instruments (e.g. codes of conduct, oversight standards, principle-based rules etc.), which can be determined by the oversight body in consultation with the industry.

How should the Government balance the need to mitigate risks with the objectives to promote innovation and competition in the payments sector?

In our view, balance can be achieved by having a risk-based oversight framework, with the degree of oversight proportionate to the risks posed to the end-user. Oversight must be flexible to adapt to market developments and applied in a systematic manner across the payments landscape. To achieve this balance, the CPA encourages:

  • Transparency – Given the role and impact that governance and oversight have across the entire payments system, public authorities should be transparent about oversight goals and methods. An oversight framework with clear objectives and desired outcomes will enable financial institutions, payment service providers and other non-traditional providers of payment services such as telecom operators, social networks and information processors to offer users new payment methods and innovative financial products and services in ways that comply with oversight objectives and measures.
  • Delineation of Responsibility: There is more than one public authority that has an interest in the well-functioning of the payments system in Canada. Accordingly, a clear delineation of public sector responsibility for oversight, regulation and supervision is required. This includes identifying and empowering the appropriate oversight authorities for national retail payment systems. In addition, more substantive information is needed on how the oversight of systemic, prominent and national retail payment systems come together in a way that efficiently promotes the public policy objectives (e.g. interdependencies between the three categories).
  • Co-ordination of Oversight: Fostering cooperation and coordination with other public authorities (e.g. federal and/or provincial) that are responsible for oversight is essential to promote collaboration, avoid undue duplication and overlap and to minimize the compliance burden to payment systems and participants. A clear understanding of the objectives, implementation approach and boundaries of all three types of oversight (i.e. systemic, prominent, national retail payment systems) is necessary to ensure risks are being appropriately addressed and that there is a level playing field across the payments landscape (e.g. establish thresholds or criteria to determine movement across categories of systems).
  • Common Principle-based Rules, Standards or Guidelines: Where appropriate, rules, standards or guidelines should be principle-based, outlining minimum expectations above which market participants can innovate and compete based on quality, cost of service and on enhanced security and consumer protection features. For example, disclosure requirements for all providers around rights, responsibilities and recourse could provide end users with a better understanding of risks and what they can do if an issue arises.
  • Industry-Regulator Dialogue: Strong collaborative mechanisms that promote ongoing dialogue and engagement across all stakeholders in the retail payments marketplace are crucial for effective oversight and will enable the retail payments marketplace to function as optimally as possible. FinPay, which was explicitly designed as an industry-wide forum, is one such mechanism.

To ensure that customers making payments within a single financial institution benefit from the same protections provided to payments between institutions, should the application of CPA rules that protect customers be extended to “on-us” payments?

In our opinion, applying CPA rules to on-us transactions (i.e. payments made between clients of the same financial institution) will not achieve a functional approach to oversight of national retail payment systems (i.e. market participants engaged in the same activity are regulated alike). The oversight gap is larger than payments made within a single financial institution. A functional oversight framework developed to address the principal risks to users of national retail payment systems would by its very nature include on-us payments captured in this category of oversight. Such an approach would negate the need for “on-us” specific rules and avoid incremental imbalance in the market.

To be effective, the arrangements or measures implemented to address risks to end-users must be proportionate to the risk and applied in a systematic manner across the payments landscape. Similar payments should benefit from similar protections, whether on-us transactions or payments through non-financial institution service providers. There are many ways to promote effective oversight. For example, establishing minimum principle-based rules, standards and/or guidelines that are applied consistently across similar payment functions will help to address risks by providing users and service providers with a better understanding of their rights and responsibilities.

2.2 Perimeter of Oversight

Should oversight be based on a functional approach, where risks are assessed by payment activity and treated similarly regardless of the provider?

Yes, the CPA supports a functional and risk-based approach to oversight so that market participants engaged in the same payment activity are regulated alike. This approach, which has been adopted in other jurisdictions, enables the government to effectively and consistently address risks regardless of the provider that undertakes a particular function. It achieves transparency and will help to close gaps in end-user protections for both existing and emerging payment functions.

What payment functions or instruments should be brought within the scope of oversight?

We believe that the perimeter of oversight for national retail payments should be wide in scope so that the framework is flexible (i.e. a line of sight that does not preclude emerging payments). However, it is important to have a clear and defined scope of key functions that will fall under the purview of oversight. Payment authorization, initiation, transmission of funds, exchange of value, holding of funds, clearing and settling are examples of such functions. The degree of oversight, if any, will depend on the magnitude of risk.

The government should establish thresholds to determine when functions and/or emerging payment methods would be subject to oversight requirements. Thresholds should be quantitative in nature so it is clear to all existing and aspiring providers when requirements will need to be met. Recommendations for threshold categories are:

  • Individual transaction size maximum (e.g. ˃ $X): payment methods permitting transactions above the threshold would be included in the oversight framework.
  • Total volume and/or value of transactions (e.g. ˃ X transactions or $X of transaction value per year/month/day): payment methods exceeding this total volume and/or value of transactions would be included in the oversight framework.
  • Number of customers (e.g. client base ˃ X individuals): payment methods exceeding this total number of customers would be included in the oversight framework.

The use of thresholds could help achieve a balance between the need to mitigate risks with the objectives to promote innovation and competition in the payments sector. In developing such thresholds, the government must carefully consider how they might change over time and ensure there is a flexible, yet well publicized mechanism to review and change the thresholds.

Payment functions or methods that do not meet the defined thresholds would not be subject to oversight requirements (e.g. small closed-loop systems).

2.3 Oversight Measures and Implementation
What should be the key priority areas in developing oversight for retail payment systems?

In the context of oversight of national retail payment systems and the functions performed by financial institutions and service providers, determining priority is important. In our view, the key priority areas should be to:

  • Establish the oversight perimeterwith oversight measures proportional to the risks presented;
  • Clearly define the scope of functions that will fall under the purview of oversight;
  • Identify and address the key risks to end-users. Focus should be on the most important risks and the areas where risks are not currently being managed for existing and newer systems or payment methods. Addressing risks in relation to market conduct is a key priority to enable consumers to make appropriate choices; and
  • Identify the appropriate oversight authority.  An oversight body(ies) with a system-wide view can help achieve an appropriate balance between risk management and innovation.  The oversight body should have expertise in dealing with complex payments sector issues and should have the authority and capacity to monitor the industry for emerging players and risks.  Given its focus on market interests, with a broadened mandate and authority, the Financial Consumer Agency of Canada could be an example of an oversight authority for national retail payments systems.
  • Encourage standardization across the industry.  Standardizing minimum requirements based on function and level of risk is important.  In addition, the CPA believes that the adoption of ISO 20022 at the national retail payments system level should be carefully considered and adopted where appropriate.

Through what form of arrangement(s) should oversight be implemented (e.g., legislation, code of conduct)?

The CPA agrees that a combination of different arrangements would offer a superior outcome than could be achievable under a single arrangement. The CPA proposes that:

  • Legislation is needed to establish the framework for oversight of national retail payment systems (e.g. oversight objectives, authority and powers), similar to what has been done for systemically important and prominent systems under the PCSA.  In establishing the framework, the distinction between prominent and national retail systems (including the oversight objectives, implementation approach and boundaries) should be clearly defined.
  • While oversight can be implemented through a number of arrangements or measures (e.g. legislation, regulations, codes of conduct), it should be: (i) risk-based and applied in a systematic and consistent manner (i.e. not ad hoc) across the payments landscape; and (ii) flexible to adapt to market developments.  For example, codes of conduct, standards and/or guidelines are preferred over legislation or regulations.
  • Identifying an appropriate oversight authority or authorities with a system-wide view is recommended.

In the past, the government and industry have often looked to the CPA to play a role in ensuring end-user protection is addressed in its rules and standards. With consumer protection gaps for retail payments being addressed by the oversight framework, the CPA will be better positioned to coordinate with members, stakeholders and public authorities to implement arrangements or measures that are appropriate in the context of the CPA’s mandate. By way of illustration, if market conduct risk and subsequent mitigation measures are addressed through other arrangements that apply to all payments, the CPA could focus its rules, standards and/or guidelines on addressing system-wide operational and efficiency risks related to payments, clearing and settlement.

In closing, this is a very important time in the evolution of the payments system in Canada. We appreciate the openness and collaboration of the government during this review and look forward to working with the industry to ensure that Canada’s payments system responds to the needs of consumers and businesses and evolves to support the competiveness of the Canadian economy.

Footnotes

1Balancing Oversight and Innovation in the Ways We Pay: A Consultation Paper.
2All chartered banks operating in Canada, as well as the Bank of Canada, are required by law to be members of the CPA. Trust and loan companies, credit union centrals, and other deposit-taking institutions have been eligible for membership since the CPA’s inception in 1980. Life insurance companies, securities dealers, and qualified corporations on behalf of money market mutual funds have been eligible since 2001.