The Retail Payment Activities Act (RPAA) is a new framework established under the Canadian Payments Act to supervise Payment Service Providers (PSPs) nationwide. The Bank of Canada will oversee PSPs involved in retail payments to handle security and operational risks, protect customer funds, and build trust in Canada's payment system. The RPAA also offers a pathway for PSPs to join Payments Canada and use Canada's Real-Time Rail payment system once membership criteria are updated in the Canadian Payments Act.
Does this apply to you?
RPAA will be required for businesses that perform any of the following activities:
Most Money Services Businesses (MSB) in Canada are falling under RPAA Act and Require Registration. Self assessment Tools available at: https://bankofcanada.ca1.qualtrics.com/jfe/form/SV_57pPc0Jh8DGO8aa
The RPAA imposes substantial penalties for non-compliance, with fines ranging up to CAD 1 million for serious offenses and up to CAD 10 million for the most severe violations.
RPAA Pre - Planning
RPAA Application
Representation with the Bank of Canada
Documentation Support
RPAA Risk Management and Incident Response
Contact us
RPAA Pre - Planning
RPAA Application
Representation with the Bank of Canada
Documentation Support
Business Continuity and Resilience
RPAA Risk Management and Incident Response
RPAA Risk Management and Incident Response Implementation
Contact us
AML Incubator can assist you with your RPAA Registration, assessment and guide you throughout the process. If you are unsure as to whether or not your MSB requires registration, please contact us for a free consultation.
We will Review your existing framework to ensure you have everything necessary to begin the registration process. This includes identifying all key deficiencies
We will handle the registration process in its entirety and ensure that all documentation is provided and all other requirements are met
We will be the main point of contact for your company when it comes to communicating and working with the Bank of Canada. We manage the entire registration and communicate all expectations as the process evolves
We will use a known approved framework to ensure you have everything necessary to begin the registration process. This includes identifying all required documentation development, and assistance with preparing that documentation. We will consult your business in what is needed to meet the requirements presented by the Bank of Canada and provide you with advice on how to meet those requirements ****
We will provide you with a complete framework on Operational Risk Management, Incident Response and Notification, Help Safeguarding End-user Funds, and the Notice of significant change or new activity.
We will work with you to implement this framework, and teach your team how to utilize this framework to meet the requirements presented by the Bank of Canada
We will ensure that all required documentation is accurate, readily accessible, and securely stored. This not only supports compliance with the RPAA but also prepares your organization for any regulatory inquiries or audits. Please see below for detailed information about the documentation required.
Develop policies that outline procedures for maintaining operations during disruptions.
Document protocols for protecting systems against unauthorized access and attacks.
Implement policies to prevent, detect, and respond to fraudulent activities.
Establish guidelines for handling and securing data to ensure privacy and compliance.
Create documentation for IT infrastructure management and technology deployment.
Outline HR policies covering recruitment, training, and employee conduct
Document procedures for designing and implementing effective business processes
Develop guidelines for creating and launching products that meet customer needs and regulatory requirements.
Establish a framework for managing organizational changes smoothly
Implement policies to ensure the safety of personnel and the security of physical assets
Document procedures for managing third-party relationships and risks