Ottawa releases new bank fraud & data sharing rules proposal

The federal government has published proposed rules on bank fraud prevention and consumer-driven banking as it moves to implement new financial sector legislation.

The fraud proposals would require banks to obtain express consent before enabling electronic funds transfer functions such as wire transfers. They would also specify which account functions consumers can turn off, how quickly banks must process requests to change transaction limits, and what fraud information they must collect and report to the Financial Consumer Agency of Canada.

Amendments to the Bank Act adopted through Bill C-15, which received royal assent on Thursday, March 26, are also proposed. Those changes require banks to maintain policies and procedures to detect and prevent consumer-targeted fraud and reduce its effects on customers.

Separate draft regulations on consumer-driven banking have also been published for consultation. They are intended to support the launch of the Consumer-Driven Banking Act and establish operating rules for a framework that would allow consumers and businesses to share financial data with approved providers.

The proposals come amid rising reported fraud losses in Canada. Data from the Canadian Anti-Fraud Centre show Canadians lost more than CAD $704 million to fraud in 2025, while reported losses since 2022 have exceeded CAD $2.4 billion.

Authorities say only five to 10 per cent of scams are reported, suggesting the recorded figures may understate the scale of consumer harm.

Under the proposed fraud rules, banks would face clearer obligations around account settings that can expose customers to scams or unauthorised transfers. The measures focus on customer consent, consumer control over certain banking functions, and standardised reporting to the federal consumer watchdog.

The consumer-driven banking regulations would further define requirements for the scope of data sharing, accreditation, national security, liability, duties for participating institutions and accredited third-party providers, assessment fees, and violations.

The government stated that the framework is designed to replace screen scraping, a practice in which consumers share their banking credentials so that third-party services can access account information. About nine million Canadians currently share financial data this way, according to the finance department, exposing them to security, liability, and privacy risks.

Under the new model, data sharing would move to an interface system. The Bank of Canada would oversee compliance with the Act and the proposed regulations, including supervision of participating entities, accredited third-party service providers, the technical standards body, and the external complaints body.

The central bank would also maintain a public registry of participating entities and accredited third-party service providers.

The consumer-driven banking regulations would take effect in stages. Accreditation would come first, followed within a year of final publication by requirements covering common rules and assessment fees. The timing for different products and services would be set later.