Request a Demo

White Paper: Canada has a Rare Chance to get Open Finance Right. The Question is Whether it Takes it. 

Every country that has built an open finance framework has made one of two mistakes. 

The first is over-engineering. Australia’s Consumer Data Right launched in 2020 with a multi-tier accreditation system, overlapping compliance obligations, and a division of oversight responsibilities that created confusion at every level. By the end of 2023, 0.31% of Australian bank customers were actively using it. More than half of all data-sharing arrangements initiated under CDR had lapsed. The Australian government announced a reset last year, acknowledging that compliance costs had constrained uptake. It is a serious, well-intentioned framework that built a maze when it needed a road. 

The second mistake is under-engineering. The United States took a market-led approach – high adoption, real consumer benefit, and a liability structure that nobody agreed in advance. When something goes wrong in a US open finance chain today, three regulatory frameworks apply – GLBA, Reg E, interagency TPRM guidance – none of which were designed for multi-party consumer-directed data sharing. The ecosystem works, until it doesn’t. And when it doesn’t, nobody is certain who pays. 

Canada passed the Consumer-Driven Banking Act with Royal Assent last month. The Department of Finance and the Bank of Canada now have to design the implementing regulations. That decision will determine which failure mode Canada replicates – or whether it avoids both. 

What the CDB Act gets right 

The Act gives the Department of Finance and the Bank of Canada significant discretion in designing the accreditation system. That is the right call. Locking requirements into primary legislation means any recalibration requires legislative action. Canada has left room to move. 

The Act also contains provisions that echo OSFI’s Guideline B-10 on third-party risk management – requiring ongoing monitoring of third parties rather than point-in-time approval. That alignment, if implemented well, is the structural advantage Canada has over both Australia and the US at the moment of design. 

The tension to resolve 

Here is the problem. The CDB Act and OSFI B-10 currently pull in different directions. The CDB Act is designed to open data flows. B-10 gives banks risk management obligations broad enough to slow or resist those flows. Without clear guidance on how these frameworks interact, banks face genuine uncertainty – and that uncertainty will be used, as it has been in the US, to delay data sharing in the name of risk management that was never designed for this context. 

There is also the accreditation design question. The CDB Act provides for accreditation of banks, financial institutions, registered payment service providers, and third-party service providers. The Department and the Bank have to decide how that system works in practice. Get it wrong in one direction and you replicate Australia – a compliance burden that keeps smaller participants out and concentrates the ecosystem around incumbents who can absorb the cost. Get it wrong in the other direction and you replicate the US – adoption without accountability, and a liability gap that only becomes visible after something goes wrong. 

The underlying principle 

James C. Scott’s concept of legibility – the degree to which a complex system can be read by those who govern it – is the right frame for this problem. Regulators need to see the ecosystem. The pursuit of legibility through exhaustive upfront specification creates regulatory sludge. But abandoning legibility in favour of speed creates a different kind of risk – one that takes years to surface and is much harder to fix. 

The answer is not less legibility. It is legibility achieved through the right mechanisms – ones that make the ecosystem’s risk profile visible and actionable without front-loading the compliance burden onto the moment of entry. 

Canada has watched two cautionary tales play out in real time. The Consumer-Driven Banking Act is a strong foundation. What the Department of Finance and the Bank of Canada do with the implementing regulations will determine whether Canada builds something that works for consumers, institutions, and the open finance ecosystem that both depend on. 

Our full recommendations – on accreditation structure, the OSFI B-10 alignment question, and the infrastructure the market needs to build – are in the white paper. 

Download White Paper

Invela is building open finance risk management across three integrated layers: standardised Assessment; dynamic risk intelligence via the Invela Risk Indicator; and insurance-backed Warranty, which will provide the financial backstop, ensuring liability lands in the right place. Invela operates across Canada, the US and the UK.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Powered by  GDPR Cookie Compliance