e-2748 (Consumer protection)

The Government of Canada takes the issue of cyber crime and financial fraud seriously. Canadians deserve protection from fraudulent activity, which is why the government has taken a series of steps to combat these issues.

In 2018, the Government of Canada launched a comprehensive National Cyber Security Strategy and invested over half a billion dollars to bolster the safety of Canadians and Canadian businesses online. The Strategy strengthens both how we combat cybercrimes and how we defend against them. It consolidates federal cyber operations into the Canadian Centre for Cyber Security. The Centre defends against cyber threat actors that target Canadian businesses, including federally or provincially regulated financial institutions, for their consumer data, financial information, and payment systems. Efforts to address cyber crime have been further bolstered by the Cybercrime Coordination Unit within the Royal Canadian Mounted Police, which provides a national cybercrime reporting mechanism for Canadians – including incidents related to data breaches or financial fraud.

The Government also recognizes the importance of transparency around the breadth and frequency of data breaches and the resulting fraud from such activities within Canada. On November 1, 2018, all businesses, including banks, became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act. Organizations are required to inform the Office of the Privacy Commissioner of any breach of security safeguards involving personal information that may pose a real risk of significant harm to individuals.  In November 2020, the Government tabled Bill C-11, the Digital Charter Implementation Act, 2020, which would significantly strengthen the privacy framework through a new Consumer Privacy Protection Act.

The Office of the Superintendent of Financial Institutions (OSFI) is also taking actions to contribute to sound industry practices on cyber security. In September 2020, OSFI released a discussion paper on technology and related risks. In addition to explaining OSFI’s evolving role in cyber security, existing guidance, and supervisory work, this paper shares OSFI’s recent actions to contribute to cyber security. These include industry bulletins that share information, and OSFI’s observations, on emerging technology issues, including strong authentication practices. These bulletins complement OSFI’s regulatory guidance and support sound risk outcomes at federally regulated financial institutions and pension plans.

To increase consumer awareness of fraud, the Financial Consumer Agency of Canada, Competition Bureau and the Canadian Anti-Fraud Centre have conducted a public awareness campaign to promote the Fraud Prevention Month in March for the past 15 years. The organizations have produced a number of information products related to fraud, which are accessible on their respective websites, as well as through various social media platforms.

The Financial Consumer Agency of Canada also monitors banks to ensure they comply with codes of conducts and public commitments, including related to fraud prevention. In July 2019, for instance, the Canadian banking industry adopted a code of conduct to guide banks in their delivery of services to Canada’s seniors. The Code consists of seven principles, including that banks mitigate potential financial harm to seniors and provide appropriate training to their staff, which includes information on fraud and scams.