Canada’s proposed Consumer-Driven Banking Regulations: What do we know?
Canada has moved its open banking file from policy language into proposed regulation. The federal government has published draft Consumer-Driven Banking Regulations, with a 60-day comment period, to support implementation of the Consumer-Driven Banking Act.
Spencer Merrick·updated June 30, 2026

Accreditation becomes the first gate
The Department of Finance Canada says the regulations would come into force in a staggered approach, beginning with accreditation. That sequencing matters. Before consumer-permissioned data sharing can operate at scale, the state is defining who is allowed inside the framework and under what evidence standard.
The proposed regulations, published in the Canada Gazette, set out four “pathways of accreditation” tied to applicant entity type. Applicants would have to submit requested material to the Bank of Canada. Entities that do not meet the requirements would not be able to participate in the framework. Banks that are mandated to participate would not be subject to the accreditation process.
This is a structural choice, not a procedural footnote. In practical terms, the framework separates incumbent data holders from third-party participants seeking access. That may reduce ambiguity, but it also makes accreditation the main compliance bottleneck for fintechs and BaaS-adjacent firms. Access to bank data becomes a regulated permission, not an API commercial negotiation dressed up as innovation.
The regime is aimed at screen scraping and fraud risk
The Consumer-Driven Banking Act received royal assent in March. According to the government’s stated rationale, it is intended to promote financial sector competition, establish secure and efficient financial data sharing, and address risks posed by screen scraping.
That last point is the operational core. Screen scraping has long functioned as an informal workaround where formal data-sharing rails are absent or commercially blocked. It also creates obvious governance problems: credential handling, auditability, revocation, and liability allocation are harder to control when access is mediated through customer login capture rather than standardized consented data flows.
The open banking proposal was released alongside proposed regulations aimed at consumer-targeted fraud, as part of broader work on a National Anti-Fraud Strategy. Finance Minister François-Philippe Champagne framed the package as an attempt to make financial systems secure while strengthening resilience, competition and industry partnerships.
The wording is conventional. The compliance implication is less soft. Any firm building account aggregation, personal financial management, credit underwriting, payment initiation-adjacent flows, or embedded finance products in Canada should assume that informal access models will face increasing scrutiny once a supervised alternative exists.
Fintechs get a path, but not a free pass
Industry reaction cited in the source material focuses on whether accreditation will be workable for smaller firms. Mark Sam of Major Street Advisory called the proposals “balanced,” pointing to a streamlined path for entities already registered under the Retail Payment Activities Act. Ivan Koparan, also of Major Street Advisory, said the accelerated process for RPAA-registered firms could help adoption and avoid the slow uptake seen in Australia, where accreditation burden was cited as a drag.
Carrie Forbes of Rockstar Advisory noted that credit unions would participate on an opt-in basis. Those that do join would apply under a lighter pathway reflecting their existing regulatory standing, including a declaration of security compliance rather than starting from scratch. Fintechs, by contrast, would face a more comprehensive process, including proof of Canadian presence, insurance coverage, baseline security controls, and an integrity and good-character policy for key personnel.
FDATA executive director Steve Boms said the organization will review the fintech accreditation requirements, with attention to whether small fintechs can offer services and tools to Canadians on terms comparable to larger firms.
That is the point to watch during the comment period. A framework can be pro-competition in statutory language and still produce concentration if accreditation costs, insurance expectations, documentation demands, or security controls are calibrated for larger balance sheets. Canada’s proposal appears to recognize different entity types. Whether that becomes proportional supervision or just tiered paperwork remains unresolved. For embedded finance operators, the hidden liability is simple: access architecture is becoming a regulated dependency, and the cheapest integration path may no longer be the safest one.