Back to the main site
Back to the Standards Library

Consumer-Driven Banking (Open Banking Canada)

Owned by:

Government of Canada (via Department of Finance)

Canada’s framework, known as Consumer-Driven Banking, is a government-mandated open banking regime under development. It is intended to allow Canadians and small businesses to securely share financial data via APIs with accredited third parties. Consumer-Driven banking is a regulatory-driven initiative, underpinned by the Consumer-Driven  Banking Act. As of 2025, the regulator has not yet selected or defined a formal technical standard.  

In terms of industry adoption, the market has largely adopted the FDX API introduced in the U.S. The FDX API is an industry-led open finance / open banking standard in the U.S. and Canada, stewarded by the Financial Data Exchange (FDX), a private non-profit organization with over 150 members. It enables consumer-permissioned access to financial data (accounts, transactions, product information) via a common API specification. 

Although FDX has been recognized in the U.S. as a standard-setting body, it has not yet achieved any formal recognition in Canada, in spite of strong industry adoption. As the Consumer-Driven Banking regulatory efforts expand, they will move to formally select a standard and FDX is a likely choice.

Government of Canada (via Department of Finance), with oversight and enforcement by the Financial Consumer Agency of Canada (FCAC) under the new Consumer-Driven Banking Act.

Canada

  • Consumer control, explicit consent, transparency in what data is shared.

     

  • Time-bound consent, revocable, and clear to consumers.

     

  • Reciprocity: accredited participants will be required to allow data exchange under common rules.

     

  • A single technical standard will be selected for interoperability, with common rules on privacy, liability, security (i.e. FDX API).

     

  • Accreditation and oversight via FCAC, and a public participant registry.

None yet (framework is not yet fully live).

JSON

Not yet determined (future technical standard).

  • Banks above a certain size will be mandated to participate. 
  • Other federally regulated institutions, credit unions, etc., may opt in.
  • Accredited third parties (fintechs) will be allowed to request data under consumer permission.
  • Safe, consumer-driven data sharing

     

  • Common technical standard across the country

     

  • Reciprocity and interoperability

     

  • Oversight by FCAC, with accreditation, liability, security, privacy rules

     

  • Public registry of participants

     

  • Transparency, governance, consumer protections

Banking

  • Banking / financial accounts, transactions
  • Lending products (credit cards, lines of credit, mortgages) 
  • Investments and deposit products may also be included under phases 
  • Consent and permissioned data sharing
  • Authentication & authorization: expected to leverage OAuth2, OpenID Connect, FAPI (global best practices)

     

  • Encryption: use of TLS, secure transport

     

  • Token-based access, scope enforcement

     

  • Auditing, logging, monitoring, rate limiting

     

  • Incident management, oversight

     

  • Strong privacy, liability, and security obligations in common rules, based on a principle that liability follows the data
  • Once operational, FCAC will publish the standard, accreditation rules, registry, and public documentation
  • The government will develop educational resources for consumers and industry
  • The idea and consultation began many years earlier; “open banking” discussions have been ongoing since earlier finance consultations.
  • In the 2024 budget, the government committed to the framework, and the Consumer-Driven Banking Act was passed in June 2024.
  • In December 2024, the “Complete Framework” was published in the Fall Economic Statement, setting the path to implementation by 2026
  • FCAC will supervise, administer, enforce the framework.
  • Department of Finance retains policy and legislative authority.
  • A Senior Deputy Commissioner for Consumer-Driven Banking will be created at FCAC.
  • Common rules will include liability, privacy, security, national security, integrity obligations.
  • Will require robust infrastructure for periodic performance monitoring, logging, incident alerting

     

  • Providers and participants will likely be expected to meet SLAs, uptime, incident response standards (although this has yet to be determined)

     

  • Public reporting of metrics may be required (e.g. performance, success rates) in the future
  • Accreditation compliance, audits, oversight and enforcement via FCAC

     

  • Participants must follow common rules, reporting, logging, security requirements

     

  • Incident reporting obligations, liability provisions
  • Consumer-Driven Banking Act (2024) establishing the legal foundation.
  • Other enabling regulations and amendments to FCAC’s mandate and regulatory controls.
  • The Consumer-Driven Banking regulation is set to be clarified and expanded in 2026. 
Ozone API in partnership with Smart Data Foundry

We use cookies to personalize your experience. By using our website, you agree to the use of cookies as described in our cookie policy.

Accept all