Who Needs RPAA Registration in Canada, and Who May Be Exempt?

Artem Tkachenko 10 mins read

The Retail Payment Activities Act (RPAA) is a Canadian federal law that mandates the registration of payment service providers (PSPs) to ensure compliance with recognized standards on managing operational risks and safeguarding funds.

As a law firm specializing in fintech licensing, Legalaes has helped many fintech companies from all over the world with their money services business (MSB) registration with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). We also serve as the local compliance officer for overseas MSBs.

In this capacity, we have conducted many RPAA applicability assessments for our MSB clients. As such, we know the Bank of Canada’s PSP registration requirements, as well as the RPAA exemptions in Canada.

In this article, we provide an overview of the RPAA registration requirements and exemptions for everyone who’s asking, “Does my business need RPAA registration?”

Key Takeaways

  • The Retail Payment Activities Act is a federal law that regulates payment service providers (PSPs) in Canada.
  • Any payment service provider based in Canada or performing retail payment activities for end users and entities in Canada must register with the Bank of Canada.
  • Entities like banks, credit unions, insurance companies, trust companies, and loan companies are generally exempt from RPAA.

Table of Contents

Under the Retail Payment Activities Act, all PSPs based in Canada or international PSPs performing retail payment activities for users or entities in Canada must register with the Bank of Canada before they engage in these retail payment activities.

The law also says an existing PSP that is already registered under the RPAA regulatory framework must submit a new registration application if:

  • An individual or entity plans to acquire control of it.
  • It plans to make a change to comply with regulations.

What retail payment activities are covered? They are the activities that pertain to the following payment functions:

  • Providing or maintaining an electronic funds transfer (EFT) account for one or more end users.
  • Holding of funds on behalf of an end user until they are withdrawn by the end user or transferred to another individual or entity.
  • Initiating an EFT at the request of an end user.
  • Authorizing an EFT.
  • Transmitting, receiving, or facilitating an instruction related to an EFT.
  • Providing payment clearing or settlement services.

The above are general descriptions of the payment functions covered by RPAA. To understand how these functions translate to specific retail payment activities, contact Legalaes.

We’re a law firm specializing in fintech licensing services, and we help international clients with company formation in Canada as well as licensing and registration under various regulatory frameworks. Our clients rely on us for help in obtaining their MSB license in Canada and determining RPAA registration applicability.

Retail payment activities must be distinct services or business activities. In other words, the functions are the services you offer to customers to generate revenue and profit.

Thus, even if you initiate and authorize EFTs or hold funds for another entity, you’re not required to register under the RPAA regulatory framework if these activities are incidental to your business activities.

For example, if you are a construction company holding funds and transmitting, receiving, and facilitating EFTs on behalf of your subcontractors as part of your business operations, you don’t need to register under RPAA.

How about an electronic money institution (EMI) with an EMI license in another country (e.g., an EMI license in the UK or a money transmitter license in the United States) that plans to set up an equivalent company in Canada to provide the same retail payment services it offers in the UK or the USA?

In this second example, RPAA regulations say you must register with the Bank of Canada as a payment service provider.

To answer the question, “Does my business need RPAA registration?” review your business model and specific services.

You need to register with the Bank of Canada as a payment service provider if you offer retail payment services from Canada or to users and entities in Canada. The following are specific instances that may require an RPAA registration.

  • You are incorporating a PSP in Canada that plans to perform any of the retail payment activities related to RPAA-covered payment functions.
  • You are a PSP based outside Canada but directs retail payment activities or functions to individuals or entities that are in Canada.
  • You are a fintech with an existing MSB license and perform (or plan to add) one or more RPAA retail payment activities to your services or business activities.
  • You are an international fintech company with a forex license or crypto license providing one or more of the covered retail payment activities to users and entities in Canada.
  • You are a fintech company with a crypto license in Canada, and you’re offering EFTs in Canadian currency.

You need to submit a new application if:

  • You are taking over or acquiring control of an existing, RPAA-registered business.
  • You are an RPAA-registered business implementing a regulation-prescribed change in the way you operate or do business.

A company is exempt from the RPAA registration and regulatory requirements if its retail payment activities in Canada or its activities directed towards users and entities in Canada are only incidental to its business activities.

What are the other specific RPAA exemptions in Canada?

Exempt Retail Payment Activities

RPAA registration is not required if a company’s retail payment activities are:

  • EFTs made using instruments in a closed-loop system (e.g., gift cards, certificates and vouchers issued by a merchant or a non-payment service provider) that can be used only from that specific merchant or a specific group of merchants.
  • EFTs made to give effect to an eligible financial contract or a prescribed transaction related to securities.
  • EFTs made to enable cash withdrawals at an automatic teller machine (ATM).
  • EFTs performed using a system designated under Section 4 of the Payment Clearing and Settlement Act.
  • Internal transactions between affiliated entities, as long as the payment service provider is one of the affiliated entities and no other provider is involved in the transfer.
  • Prescribed by law or regulations.

Exempt Payment Service Providers

The RPAA regulatory framework does not apply to the following PSPs:

  • Banks, including authorized foreign banks (Section 2 of the Bank Act).
  • Financial associations regulated by a provincial Act or by the Cooperative Credit Associations Act, such as cooperative credit societies, savings and credit unions, des caisses populaires (member-owned, non-profit financial cooperatives), and central cooperative credit societies.
  • Insurance companies, trust companies, and loan companies regulated by federal or provincial Acts.
  • Her Majesty (or Her Majesty’s agent/mandatary) in right of a province, if they accept deposits transferable by order.
  • The Bank of Canada.
  • The Canadian Payments Association.
  • A prescribed individual or entity (e.g., Society for Worldwide Interbank Financial Telecommunication).
  • An individual or entity of a prescribed class.
  • The agents or mandataries of a registered payment service provider performing activities within the scope of their authority or mandate and included in the registered payment service provider’s list of agents and mandataries.  

Specific Provision Exemptions

The Governor of the Bank of Canada can exempt a payment service provider from any of the following RPAA provisions, their related regulations, and provisions made according to those related regulations:

  • Sections 17-22
  • Subsection 29(2)
  • Paragraphs a to e and g of subsection 48(1)
  • Paragraphs a to d and g of section 52
  • Section 59
  • Section 94
  • Section 95
  • Section 99

The Governor can order the exemption of a payment service provider from any of the above provisions and their regulations if they believe they are redundant. That is, if one or more provisions or regulations of other applicable federal or provincial Acts are substantially similar to these provisions and regulations.

To register, a PSP must submit an application to the Bank of Canada and pay the registration fee. The application must include the following information:

  • Basic information: The applicant’s name (and any operating names), address, and contact information.
  • Business structure: A description of how the provider is organized, including details about incorporation, affiliated entities, directors, managers, or owners.
  • Operational details: Declarations stating whether the applicant operates out of a dwelling-house, has a place of business in Canada, is registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), has applied for registration or is registered under a provincial Act regulating retail payment activities.
  • Representative details: If the provider does not have a place of business in Canada, the name and address of a local agent or mandatary authorized to accept legal notices.
  • Payment activities and number of end users: A description of the retail payment activities they perform or plan to perform, including the estimated volume and value of the activities, as well as the number of end users.
  • Safeguarding funds and risk management: Information about any end-user funds held, how those funds are safeguarded, and a description of the provider’s risk management and incident response framework.
  • Third parties and agents: A list of agents and mandataries performing activities on their behalf, and information about third-party service providers that have a material impact on the provider’s operational risks or safeguarding of funds.
Which businesses are generally captured by the RPAA?

The Retail Payment Activities Act (RPAA) generally captures any individual or non-bank entity performing payment functions as a service or business activity that is not incidental to another service. This includes entities with a place of business in Canada or those directing retail payment activities toward Canadians.

Are some PSPs exempt from registration?

Yes, several payment service providers (PSPs) are explicitly exempt from registration under the Retail Payment Activities Act (RPAA). These exemptions generally apply to entities already subject to comparable regulatory oversight or activities that pose lower systemic risk.

Exempt entities include:

  • SWIFT (Society for Worldwide Interbank Financial Telecommunication).
  • Banks and authorized foreign banks.
  • Federally or provincially regulated insurance companies, trust companies, loan companies, and financial institutions, including credit unions.
  • The Bank of Canada and the Canadian Payments Association.
  • Agents or mandataries of a registered PSP, provided they operate within their authority and are included in the registered PSP’s official list.
Can foreign companies fall within scope?

Yes, foreign payment service providers can fall within the scope of the Retail Payment Activities Act if they direct retail payment activities at individuals or entities in Canada. Even without a physical place of business in Canada, these entities must register and comply with the regulations if they perform payment functions for Canadian end users.

Non-resident payment service providers must designate an agent or mandatary in Canada authorized to accept legal notices and orders on their behalf.

What Situations May Trigger Increased Regulatory Scrutiny?

Changes in retail payment activities, operations, and ownership interests usually trigger a closer review. This is why a registered payment service provider must submit a new application with a change in ownership or control or with changes in operations and activities that can impact its operational risks and fund-safeguarding mechanisms.

The Bank of Canada focuses on three main triggers: national security, operational integrity, and financial safeguarding. The following can lead to a closer review of a PSP’s registration application:

  • Violations and information deficiencies: Scrutiny that can lead to a refusal or revocation of registration can be triggered if a provider provides false or misleading information, fails to provide requested information, or commits a serious violation.
  • National security concerns: The Minister of Finance has the authority to review an application for registration, refuse or revoke a registration, or impose specific conditions on a registration because of national security concerns.
  • Significant operational changes or new activities: A registered payment service provider must notify the Bank of Canada before performing a completely new retail payment activity or making a significant change that can impact its operational risks or the way end-user funds are safeguarded.
  • Acquisition of control: If an individual or entity plans to acquire control over a registered payment service provider, the provider must submit a brand-new application for registration before the acquisition can take effect.
  • Compliance verification: The Bank of Canada can direct a special audit of a payment service provider to verify compliance with the Act.
Where should companies start if they are unsure?

Companies that are unsure about who needs RPAA registration in Canada, the Bank of Canada’s PSP registration requirements, and RPAA registration exemptions should start with an RPAA applicability assessment conducted by a law firm that specializes in fintech licensing services in Canada. 

All payment service providers based in Canada, or PSPs performing retail payment activities directed at users or entities in Canada, are required to register under RPAA.

Does your fintech company need to register, or do you meet RPAA exemptions in Canada? Request an RPAA applicability assessment from Legalaes.

May also interest you

Discover more

Montana MSB Explained for Crypto and Payment Businesses

Montana has become one of the most attractive jurisdictions for crypto and payment businesses entering the U.S. market. Unlike every other U.S. state, Montana

Artem Tkachenko 5 mins read
Read more

What Documents Are Needed for a CASP Application? A Checklist of MiCA CASP Document Requirements

The Markets in Crypto-Assets (MiCA) Regulation, i.e., Regulation (EU) 2023/1114, requires crypto-asset service providers (CASPs) in the European Union to apply for authorization from

Artem Tkachenko 10 mins read
Read more

MiCA Business Plan Requirements: What Authorities Expect from CASP Applicants

Under the Markets in Crypto-Assets (MiCA) regulation, authorities expect crypto-asset service provider (CASP) applicants to demonstrate that their business is well-controlled and capable of

Artem Tkachenko 7 mins read
Read more

Contact Us

Our expert team is prepared to address your needs and ensure your projects are handled with the utmost efficiency and care

Phone: +372 602 8525 (request a call back or schedule a meeting)

Messengers:

Connect with our experts

    Connect with our experts using

    our chanels: Whatsapp Telegram WeChat or contact from below:

      Connect with our experts via WeChat

      Scan the QR code to continue in WeChat application
      Request a call back
      Schedule a call
      Back

      Enter phone number