This lively session explored the risks and opportunities of open banking in general and more specifically the open banking framework that is currently being discussed in Canada. The panel consisted of Elizabeth Fanjoy from CIBC, Abdi Hersi from Wealthsimple, and Professor Markos Zachariadis from The University of Manchester. Because the panel included representatives of both a large bank and a fintech company, the discussion reflected a range of views on how far Canada’s open banking framework should go, and how quickly it should be rolled out.

Professor Zachariadis began the session with a brief overview of the research he’s done on open banking to date, including a report done for GRI in 2020, and some of the discussions leading to a revised report that is due before the end of 2024. He stressed that other jurisdictions like the UK and Australia have already implemented open banking regimes, and that Canada can learn from their experience. One of the open questions for Canada’s framework is whether and when regulations will mandate the sharing of read-write APIs, which would allow a wide range of third-party transactions including payments, or just read-only APIs, which allows a customer to view their accounts across different institutions but not necessarily to move money around between them.

Hersi from Wealthsimple noted that while the implementation of open banking in Canada has been a complex process, many challenges can still be addressed even after the regulations have been rolled out. He noted that Canadian businesses want the convenience and flexibility that open banking (in a commercial banking context) offers, and might consider taking their business elsewhere to get it. Fanjoy focused on how exactly open banking might roll out in Canada, including questions like how provincially-regulated fintechs will be incorporated into a federal framework, who will be liable for the data being shared if something goes wrong, and where complaints will be directed. Both expressed concern about screen-scraping, a data sharing method that is already common, but not necessarily stable or secure.