Canada's Open Banking Rules Put Fintech Access Under a Bank of Canada Test

Canada has pre-published proposed Consumer-Driven Banking Regulations that would set the operating rules for accredited financial data sharing among banks, fintechs, payment service providers and third-party technology firms. The June 26 Department of Finance announcement and June 27 Canada Gazette publication matter because Canada's long-delayed open banking project is moving from framework language into accreditation, consent, security and service-standard requirements.

The practical market takeaway is that consumer-permissioned bank data access in Canada is becoming a regulated infrastructure business. That should reduce reliance on screen scraping over time, but it also raises the bar for fintechs that want direct access to bank data and may strengthen larger firms that can absorb compliance, cybersecurity and technical-standard costs.

What Changed

The Department of Finance said proposed Consumer-Driven Banking Regulations were pre-published for a 60-day comment period to support the coming into force of the Consumer-Driven Banking Act. The government framed the move as a step toward letting Canadians and businesses securely share financial data with approved service providers of their choice while increasing competition in financial services.

The same release also included separate fraud-prevention regulations for banks, but the open-banking piece is the fintech story. Finance Canada said the proposed Consumer-Driven Banking Regulations will come into force in stages, starting with accreditation and followed by common rules and assessment fees within one year of final publication. Further details on timing for specific products and services are still to come.

The Bank of Canada now describes itself as the administrator of the consumer-driven banking framework. Its role is to supervise participating financial institutions, credit unions, payment service providers, fintechs and third-party service providers, including standards for governance, risk management and operational resilience.

Why It Matters For Fintechs

Canada's open-banking debate has often been framed as a consumer convenience story: fewer passwords handed to apps, safer data sharing and more competition against incumbent banks. The proposed regulations make the harder business point visible. To participate, firms will need to satisfy accreditation, security, consent, reporting and technical-standard obligations.

That changes the economics for personal finance apps, cash-flow underwriting tools, small-business accounting platforms, digital lenders, payment service providers and embedded finance vendors. Data access may become more reliable and legally durable, but the cost of being inside the framework will not be zero.

Substance Law's summary of the proposal points to requirements including a place of business in Canada, insurance or comparable financial guarantees, cybersecurity safeguards, governance, complaint handling, technical standards compliance and consent-management procedures. It also notes that entities already registered under the Retail Payment Activities Act may benefit from a streamlined accreditation pathway, which matters because the Bank of Canada already supervises registered payment service providers under that regime.

The Screen-Scraping Tradeoff

The strongest case for the framework is that it creates a supervised alternative to screen scraping, where consumers give banking credentials to third-party services. Substance Law cites the government's estimate that roughly nine million Canadians currently rely on screen scraping to connect financial apps with bank accounts. That is a large enough base to make the transition commercially meaningful.

For consumers, safer data pipes should reduce credential-sharing risk and make permissions easier to revoke. For banks, standardized interfaces can reduce uncontrolled scraping traffic and clarify responsibility when data sharing goes wrong. For fintechs, the upside is dependable access to high-quality bank data. The downside is that a regulated API ecosystem can create gatekeeping if accreditation costs, insurance, security audits and technical work favor larger participants.

That is why the June 8 FDATA proposal is useful context. The trade association warned that smaller fintechs could be shut out if they must bear full accreditation and technical costs on their own, and proposed a sponsored fintech model where accredited aggregators or data intermediaries would support smaller customer-facing apps. That is an interested-party view, but it highlights the central market risk: a safer framework can still narrow competition if access is too expensive.

Who Gains Leverage

Large banks gain from a more controlled and standardized data-sharing environment. They will still face pressure to make consumer data portable, but the framework replaces ad hoc scraping with formal interfaces, documented consent and supervised participants. That gives banks a stronger basis to refuse or limit access by firms that do not meet the rules.

Scaled fintechs and payment service providers may also gain. Firms that already have compliance teams, Canadian operations, insurance, security programs and RPAA registration can turn regulatory readiness into a competitive advantage. Data aggregators may become more important if smaller apps need sponsored access or technical infrastructure to participate.

The pressure falls on smaller fintechs, early-stage apps and cross-border providers that want Canadian bank-data access without building a full local compliance stack. Their choices may be to seek accreditation directly, operate through a larger intermediary, limit Canadian features or wait until the final rules show whether lower-cost participation routes are available.

What Remains Unclear

The most important unknown is how the final rules will handle the boundary between safety and market access. A high accreditation bar can protect consumers and banks from weak data handlers. It can also make the framework less competitive if participation is practical only for large incumbents and well-funded intermediaries.

The final technical standard is another open question. The Bank of Canada says the Department of Finance is leading regulation development with its support, and the Gazette proposal is meant to clarify details of the Act. But operators still need final specifications, testing requirements, liability rules, service-level expectations and implementation dates before they can price the work.

The rollout is also conditional. Finance Canada says accreditation comes first, with common rules and assessment fees to follow within one year of final publication. That means readers should not treat the June 27 Gazette publication as an immediate consumer-product launch. It is a regulatory buildout milestone.

What To Watch Next

Watch the 60-day consultation period, which Substance Law says runs until August 26, 2026. The highest-signal comments will come from banks, data aggregators, fintech lenders, payment service providers, credit unions, accounting platforms and consumer advocates on accreditation cost, liability, service standards, consent renewal and sponsored-access models.

Watch the first accreditation wave after final publication. The practical measure of success is not the number of supportive statements, but which firms apply, whether smaller fintechs can participate, how quickly the Bank of Canada processes applications and whether registered payment service providers use any streamlined pathway.

Finally, watch whether screen-scraping volumes actually fall. If secure API access improves reliability without locking out smaller apps, Canada's framework could give consumers safer data portability and operators clearer rules. If participation concentrates around banks and a few large intermediaries, the market lesson will be narrower: open banking will have arrived, but with access shaped by compliance scale.