A looming election. Mass AI integration. The next crypto boom. The year ahead promises to be one of both progress and uncertainty for Canada’s financial services industry, as Ottawa endeavors to move the regulatory ball forward against a shifting technological and political landscape.

Amid this backdrop, questions around priorities and timelines remain open. Will policymakers accelerate reforms to keep pace with global competitors, or will political transitions slow momentum? Can industry strike the right balance between its fervent embrace of innovation and their duty—both legal and ethical—to protect Canadian consumers?

No matter what 2025 has in store, businesses must remain agile, ready to respond to opportunity and risk alike, as Canada works to solidify its role as a modern, future-focused leader in financial services.

Bracing for political headwinds

With a prorogued Parliament, a Liberal Party leadership race underway and a spring election likely to follow, Canada’s political arena is poised for significant shifts this year. A change in power could spell setbacks for important—and already overdue—initiatives like open banking, as well as thwart progress on AI and privacy legislation. Pierre Poilievre’s Conservatives, which currently hold a commanding lead in the polls, are likely to delay making their own policy priorities known until their opponent is determined.

South of the border, Trump’s second term is expected to bring a wave of deregulation in the banking, finance, and crypto sectors, raising questions about whether Canadian entrepreneurs might choose to launch their ventures in the U.S. to take advantage of this climate. The broader implications for the tech sector remain uncertain, but the Trump administration has the potential to shape cross-border opportunities and challenges in profound ways.

Can regulators keep pace with AI adoption?

From fraud detection to customer-facing chatbots, financial service providers have embraced the AI age with passion and determination. While this will only accelerate in the months ahead, how Canada plans to regulate AI remains an open conversation.

The recent prorogation of Parliament has put an end to Bill C-27, and with it the proposed Artificial Intelligence and Data Act, resetting Ottawa’s progress on developing an AI law of general application. With Canada’s future legislative agenda in question, financial regulators, as well as other market participants, continue to fill the void with AI-related reports and guidance.

Both the Office of the Superintended of Financial Institutions and the Financial Consumer Agency of Canada have been vocal advocates for a responsible approach to AI adoption for regulated entities. In September 2024, they co-published a report emphasizing the need for financial institutions to maintain adaptable risk and control frameworks to manage AI-related threats effectively. Such threats, the report notes, include the rise of malicious actors who harness AI themselves to execute cyber attacks with ever greater sophistication.

The Canadian Securities Administrators (CSA), meanwhile, have taken positive steps to address the use of AI in capital markets. A December 2024 Staff Notice and Consultation contained specific guidance addressing the use of AI systems that may directly affect registerable services, such as stock trading, as well as AI-related disclosures in regulatory applications and filings. This comes on the heels of earlier CSA guidance cautioning issuers about the growing “AI-washing” trend, whereby companies overstate or misrepresent their use of AI technologies to entice investors.

In the months ahead, expect regulators to engage with market participants actively and frequently as they continue to assess AI’s potential impact across the financial sector.

Open banking: Down but not out

Open banking began its journey in Canada seven years ago, and by 2024, it seemed we were on the verge of finally implementing a framework to launch it. Parliament even passed part one of the legislation while preparing for part two. However, with an election on the horizon, open banking has been delayed once again.

Its future in Canada is not entirely bleak, however, as all political parties have previously indicated support for open banking. With much of the work on this operation being conducted by public servantswho will continue to push forward in spite of political turbulence—a new government will have the opportunity to build on the progress made so far and quickly implement its own legislation if it chooses to do so.

Compliance countdown for Payment Service Providers

The Retail Payment Services Act (RPAA) launched last year, with the Bank of Canada as a regulator. Under this Act, eligible payment service providers (PSP) were required to apply for registration with the Bank last November, and must now bring themselves into compliance with a suite of new regulatory guidance by September 2025. Consequently, this year promises to be a busy one for PSPs.

Notably, the regime has a high level of transparency, with the Bank publishing a list of applicants, refusals and registered PSPs. It will also be publishing information about violations, although it remains to be seen what kind of a regulator the Bank of Canada will be.

Ottawa’s goal? A stronger, safer, and more reliable Canadian payments ecosystem for consumers and industry alike. Eventually, registered PSPs will be able to participate directly in Canada’s Real-Time Rail. These developments will give PSPs confidence to expand their offerings and give rise to ambitious new partnerships and collaborations with banks.

Updated standards for payment cards

Last year the Financial Consumer Agency of Canada updated its Code of Conduct for the Payment Card Industry, giving merchants stronger protections amid a rapidly evolving payments climate. Affecting participants in the debit and credit card industryincluding card issuers, card networks, acquirers, payment processors, payment facilitators, payment aggregators and othersthe updated Code came into effect partly in October 2024, with the balance of the changes taking effect on April 30, 2025.

The changes expand the Code’s application to more payment card industry intermediaries and provide greater security, cost certainty and flexibility for merchants using payment card services. Businesses that are involved in the payment card industry will need to continue to implement these changes through 2025.

AML/ATF reforms: Canada’s framework in focus

Before the prorogation of Parliament, Canada was gearing up for its 2025-26 Financial Action Task Force (FATF) mutual evaluation by proposing significant amendments to its anti-money laundering and anti-terrorist financing (AML/ATF) framework. These amendments were in line with various FATF recommendations, such as expanding the scope of regulated entities, enhancing transparency, and modernizing information sharing. The proposals also included stricter penalties for non-compliance and new criminal offences for providing false information.

As Canada gears up for an election, however, the future direction of these efforts is now uncertain. While efforts to enhance Canada’s AML/ATF legal framework have historically garnered non-partisan support, it remains to be seen how much a new government might want to reshape these initiatives. Regardless of the election outcome, FINTRAC is expected to proceed with modernizing its operations this year, using existing funding to integrate new technology-driven tools and educational products for reporting entities.

Cracking down on illicit funds: New Criminal Code amendments target money laundering

In September 2024, amendments to the Criminal Code introduced expanded powers to help authorities combat money laundering more effectively. These changes enable law enforcement to:

  • Compel financial institutions to keep accounts open that are suspected of involvement in money laundering, allowing authorities to monitor ongoing activity within those accounts. This measure aims to prevent investigations from being obstructed when financial institutions choose to de-risk account holders
  • Widen access to digital asset warrants and restraint orders, making it easier to seize or restrain digital currency suspected of being the proceeds of crime

These enhanced tools are expected to be used aggressively by police this year as Canada works to demonstrate to the United States and other nations that it is not a safe haven for illicit funds. Financial institutions should prepare for increased scrutiny and ensure robust compliance measures are in place.

Real-Time Rail prepares for testing

Canada’s Real-Time Rail (RTR) system, led by Payments Canada, is set to revolutionize the national payment infrastructure with real-time, always-on, data-rich payment capabilities. Despite delays encountered to date, Payments Canada has remained vocal about its commitment to launching RTR. In keeping with this spirit of determination and following the completion of the exchange and clearing components, 2025 will focus on testingwith industry testing slated for 2026.

Driven by a collaborative effort, dubbed “Team Canada,” the RTR will enable registered PSPs to offer a range of innovative services, while a centralized fraud utility will address evolving risks, once it becomes operational. Opening the door to bold new opportunities for businesses and consumers, the RTR promises to transform Canada's payments ecosystem, in keeping with national interests. This ongoing effort is led by Payments Canada and we anticipate that it will continue apace regardless of the upcoming election.

Digital Loonie? Not so fast

The proliferation of Bitcoin and cryptocurrency has galvanized central banks around the world to explore the possibility of creating their own government-issued digital coin. The Bank of Canada has followed suit. Described as the “Digital Canadian Dollar” project, over the past four years the Bank of Canada has undertaken significant research towards understanding the implications of a “central bank digital currency” (or CBDC) that can be used in day-to-day transactions by retail consumers instead of fiat cash.

However, in September 2024, the Bank of Canada stated that it would be scaling down its work on a retail CBDC, shifting its focus instead to broader payments system research and policy development. It’s unlikely that changes in the federal political landscape will materially impact the Bank’s shift from CBDC to broader payments modernization in the near term.

Clarity for stablecoins?

Stablecoins, a type of cryptocurrency with value linked to an asset like the U.S. dollar or gold, are regulated primarily by the CSA as a form of security or derivative. Only registered “crypto asset trading platforms” are permitted by the CSA to trade stablecoins (which it refers to as “value referenced crypto assets” or “VRCAs”). Further, the CSA only allows the trading of VRCAs where the asset issuer has signed an express undertaking to be subject to the CSA’s regulatory jurisdiction. To date, only one VRCA, the U.S.-dollar-backed “USDC,” is legally available for trading in Canada under this framework.

Securities regulators asserting jurisdiction over VRCAs diverge from the regulatory approach taken by many other jurisdictions, which assess VRCAs as payment instruments placing them within the purview of banking and prudential regulators charged with overseeing various forms of “e-money.” Over the past few years, the crypto and digital asset industry in Canada has called for Parliament to enact special purpose stablecoin legislation, which is simultaneously being called for in the U.S. Can greater clarity around stablecoins arise in the present Canadian political environment, or will this issue continue to slip in priority, keeping Canada out of step on the international stage?

Keeping up with privacy

For Canadian financial service providers, managing sensitive customer data comes with increasing regulatory scrutiny. As we enter 2025, various changes to privacy and cyber security laws are slowly reshaping the legislative playing field. At the federal level, ongoing privacy reforms have been stalled with the prorogation of Parliament, which has permanently shelved Bill C-27. However, recent and upcoming changes to provincial laws and regulations continue to redefine privacy rules for businesses.

Québec's Private Sector Act, for instance, introduced the right to data portability, requiring institutions to enable individuals to transfer their data in a structured, machine-readable format—an effort that demands costly and time-consuming standardization across systems but a right that will be required to support the launch of open banking in Canada. Beginning January 1, 2025, organizations in Québec must also maintain an anonymization register, documenting how data is anonymized, the methods used, and any re-identification risk assessments.

Effective April 23, 2025, Québec Regulation respecting the management and reporting of information security incidents will add further compliance requirements for financial institutions and credit assessment agents in Québec. This includes developing a comprehensive incident management policy that addresses detection, assessment, and response, extending these measures to third-party processors, and reporting significant incidents to the Autorité des marchés financiers (AMF) within 24 hours.

Elsewhere, Alberta is reviewing its Personal Information Protection Act (PIPA), with potential updates expected in 2025, and OSFI’s evolving approach to financial institutions regulation adds new lenses to familiar topics like privacy and data security. OSFI’s ongoing focus on integrity and security and operational risk management and resilience may require OSFI-regulated institutions to re-examine existing compliance measures.

Questions? We have answers

Our team members are available to help stakeholders assess the effects of these proposed changes and industry trends, and provide answers and insights with respect to their adoption and implementation.

Please feel free to contact the authors or a member of our FSxT or Financial Services Regulation groups to learn more.