Banks Must Get Consent for Transfers
Canada Gazette, Part I, Volume 160, Number 26: Regulations Amending the Financial Consumer Protection Framework Regulations
REGULATORY IMPACT ANALYSIS STATEMENT
Key facts
- Published
- June 27, 2026
- Comment deadline
- July 27, 2026
- Effective date
- July 1, 2027
Summary#
This is a proposed set of changes to the Financial Consumer Protection Framework Regulations published by the Department of Finance on June 27, 2026. The changes would make banks ask customers for express consent before turning on electronic transfer features (like Interac e-Transfers, wire transfers and global money transfers), let customers turn those features off, and require banks to collect and report detailed fraud data to the Financial Consumer Agency of Canada (FCAC). The proposal is not law yet; if finalized the rules are planned to come into force on July 1, 2027.
What it does#
- Requires banks (those covered by the Bank Act) to get a customer’s express consent before enabling any electronic funds-transfer capability (examples named include Interac e-Transfers, wire transfers, global money transfers). Certain things are excluded, such as transfers between accounts the same person owns at the same bank, ATM withdrawals, card payments, pre-authorized debits and direct bill payments.
- Lets customers disable those same electronic transfer capabilities at any time. Banks must tell customers about these options when an account is opened.
- Sets how quickly a bank must increase a withdrawal/transfer limit after a customer asks:
- take effect immediately if the bank has verified the customer’s identity;
- take effect the following business day if the bank has not verified identity (the rule uses one business day).
- Requires banks to have written policies and procedures for investigating suspicious transactions and for deciding when to notify customers about suspicious requests. Banks must review these policies at least once a year.
- Forces banks to collect and report a set list of fraud-related data to the FCAC annually in a form the Commissioner accepts. For each fraud instance (confirmed or alleged) they must report items such as:
- date bank became aware; whether attempted or completed; whether confirmed by the bank;
- the fraud type and tactic used; the communication method; the transaction method;
- amount lost (or sought), amount reimbursed (if any);
- whether the transaction was unauthorized or was authorized under coercion/deception;
- whether the bank delayed or stopped the transaction;
- victim details in grouped form: age range, gender, and first three characters of postal code.
- Sets reporting timelines: banks must file annual reports within 135 days of year-end; FCAC must compile and send a confidential annual summary to the Minister of Finance by September 30 following the reporting year.
- Transitional timing: banks would not have to submit their first annual fraud report until May 15, 2029, covering the period January 1 to December 31, 2028.
Who's affected#
- Everyday bank customers who hold personal deposit accounts. People who do not use certain transfer features may be able to turn those features off for extra protection.
- Banks and authorized foreign banks regulated under the Bank Act — the proposal estimates about 79 institutions would be covered.
- The Financial Consumer Agency of Canada (FCAC), which would receive the new data and supervise compliance.
- The Department of Finance, which will receive FCAC’s annual summary and use the data for policy work.
- The proposal says small businesses using personal deposit accounts were not expected to be significantly affected; the government’s analysis treated the measure as mainly consumer-focused.
Why it matters#
- Fraud is rising. The Canada Anti‑Fraud Centre reported $704 million in losses in 2025, but authorities say that figure likely captures only 5 to 10 per cent of real losses because many victims do not report fraud. Better rules and data aim to close that gap.
- Practical effect for consumers: you could choose to turn off high‑value online transfer features on your account or require extra verification before such features are enabled. That makes it harder for a fraudster who gains access to an account to move large sums quickly.
- Practical effect for banks and the regulator: banks will need to change systems, train staff, and send annual fraud reports to FCAC. The government’s cost‑benefit work estimates monetized benefits of about $2.9 billion and monetized costs of about $611 million (present value) over a 10‑year period, for a net benefit of roughly $2.3 billion — though these are modelled estimates that depend on reporting and behavior assumptions.
- Trade‑offs: the rules aim to reduce fraud losses, but they can add friction (for example, needing ID checks or waiting a business day for limit increases) that may slow legitimate time‑sensitive transactions. The proposal balances those frictions against expected reductions in theft and better data for future policy decisions.
Key topics
Source: Canada Gazette