Publication date: October 16, 2024
This supervisory policy provides an overview of annual reporting requirements and clarifies how the Bank of Canada expects payment service providers to comply with those requirements.
Introduction
Payment service providers (PSPs) that perform retail payment activities must submit an annual report to the Bank of Canada in accordance with the requirements set out in the Retail Payment Activities Act (RPAA) and the Retail Payment Activities Regulations (RPAR).
Context
To meet the obligation in section 21 of the RPAA of submitting an annual report, PSPs are to complete and submit the Bank’s annual report form available in the PSP Connect portal.
- When completed, the annual report form provides the Bank with information about a PSP’s retail payment activities and compliance with its obligations under the RPAA and RPAR.
- The Bank will use the information collected through the annual report form to support its risk-based approach to retail payments supervision and to meet its mandate under the RPAA.
- Where necessary, after a PSP submits its annual report form, the Bank may seek additional information from the PSP about the PSP’s level of compliance with its obligations under the RPAA and RPAR.
Annual reporting to the Bank
A PSP must submit its completed annual report form to the Bank by March 31 each year. Through the form, the PSP provides information from the previous calendar year, except for financial metrics where the PSP is required to submit its most recent details based on the PSP’s financial year-end date.
The annual report form will be made available before the reporting deadline (March 31) to give PSPs ample time to complete the form.
The annual report form asks specific questions related to the PSP’s compliance with the RPAA and RPAR, including in the areas of:
- operational risk management and incident response framework (see the guidelines on operational risk management and incident response framework for additional information)
- holding and safeguarding of end-user funds (see the guidelines on safeguarding end-user fund for additional information)
- ubiquity and interconnectedness (see the policy on reporting of retail payment activities metrics for additional information)
- changes to its retail payment activities (see the guidelines on significant change or new activity notification for additional information)
- record-keeping practices (see the policy on record keeping for additional information)
- financial metrics
- any other information the Bank requires for its supervision of PSPs
These questions are based on the requirements of section 21 of the RPAA. Regulatory requirements and the Bank's risk management expectations are set out in the RPAA, RPAR and supervisory guidance; the Bank expects PSPs to familiarize themselves with these requirements and expectations by reviewing these documents. PSPs are also expected to confirm and update their registration information through the annual reporting form.
The annual report form may change from year to year. If the Bank intends to make changes to the questions, additional information about those changes and any relevant instructions will be provided.
As set out in section 61 of the RPAA, an individual or entity must not provide false or misleading information to the Bank. This applies to, among other things, information included in a PSP’s responses in the annual report form.