Payment Systems

AptPay on Compliance: Navigating Payment Industry Shifts

AptPay Compliance: Navigating Payment Industry Shifts

Regulatory changes are reshaping the payments industry landscape. Join us as we explore these pivotal updates with Lydia, AptPay’s Chief Compliance Officer.  

This engaging conversation is designed for professionals and businesses in the payments sector looking to grasp the nuances of the forthcoming regulatory shifts.  

Gear up for an enlightening session that promises to arm you with the knowledge to tackle these changes head-on. 

Ivonn: Hi everyone. I’m Ivonn Novikova, the marketing manager at AptPay. I’m here today with Lydia, our Chief Compliance Officer. Lydia, thank you so much for sitting with me to talk about an important topic, the upcoming changes in compliance within the payments industry. It’s great to have your insights on what’s ahead of us in the industry. Are you ready?   

Lydia: I’m ready. Thanks, Ivonn.  

Ivonn: Also, happy International Women’s Day to us.  

Lydia: Yeah. Wonderful.  

Ivonn: Okay, let’s start with our first question.  

Can you outline the major upcoming changes in compliance regulations affecting the payments industry?  

Lydia: So, the largest, impactful change this year is going to be the introduction of the Retail Payments Activity Act. Under that act, the Bank of Canada is going to start being responsible for supervising the payment service providers in Canada. So, the aim is to build confidence in the safety and reliability of their services while protecting end users from specific risks. 

Ivonn: Okay, within that landscape in mind, how do you foresee these changes impacting the day-to-day operations of businesses in the payment sector? 

Lydia: So, for PSPs (Payment service providers), the new regulations mean they’re going to need to comply with expectations around managing their operational risk as well as safeguarding their end users’ funds. So, PSPs, they’re going to need to track, and report mandated metrics regularly to the BOC as part of the new mandate. And for some PSPs, they’ll already have many of the requirements in place. However, there are a number of PSPs where the RPAA is going to impact how they carry out their business and the cost associated with those changes. 

Ivonn: Okay. Given these impacts, what strategies should companies in the payments industry adopt to stay ahead of these regulatory changes?  

Lydia: Um, so it’s a bit of a loaded question, but I think at the very least, every PSP should utilize a self-assessment tool.

It’s available on the BOC website: 

And what it’ll do is it’ll give PSPs a starting point. It’s also recommended that they get legal advice to determine if they’re captured under the regulation and if they’re in scope. PSPs should review the upcoming regulations, take inventory of what they already have in place, and identify the gaps that they have. They should ensure that all impacted departments and staff are aware of upcoming changes, develop strategies, you know, in order to be able to ensure that they can put the upcoming changes in place, including establishing benchmarks and timelines in line with those provided by the BOC on their website. And that makes sure they’re ensuring readiness and that there are no surprises when the regulations actually come into play. 

Ivonn: Thank you. Lydia. Also, can you discuss any specific challenges these upcoming compliance changes pose for small versus large payment providers?  

Lydia: Interestingly enough, the BOC is taking a little bit of a different approach than you would see from other regulators and what it’s going to do. It’s going to impact businesses in different ways. Not all businesses are created equal, and it won’t be a one-size-fits-all approach by the BOC. What they’ve stressed is that they’re going to take a risk-based approach that will focus on end users, impacts, and the efficiency of the payment service offered. So, this means the BOC’s level of supervisory actions will be guided by the level of risk each PSP brings to the community. So, you know, the better controls and operational controls and risk management you have in place. I think the less impact that these regulations are going to have on your overall day-to-day. 

Ivonn: Okay. Thank you. Are there any particular regions or markets that will be more significantly affected by these compliance changes?  

This could be crucial for companies operating internationally.  

Lydia: These impacts, these changes are going to impact all PSPs in Canada. And they’re also going to impact international businesses with end users in Canada. So, applicants who have a place of business in Canada must provide details of all retail payment activities within the scope of the RPAA. Applicants who do not have a place of business in Canada must provide information for retail payment activities performed within the scope of the RPAA for end users in Canada only, so there will be impacts. It will largely impact inside Canada, but you’re not getting away with it if you’re not in Canada and you have end users in Canada. 

Ivonn: How can companies ensure they are fostering a culture of compliance that aligns with these upcoming changes?  

Lydia: So, businesses in the payment space should be continually assessing risk and impacts to their business, whether it be, you know, new regulations, privacy issues, operational features, new products, and so on. Risk assessments allow businesses to, you know, assess what risk impact is on a financial, regulatory, operational, or reputational basis. And, you know, what that does is it allows them to assess whether they have the expertise that they need for their staff. Do they have sufficient resources? Do they have the tools? Are they building the tools to mitigate the risk? What are the gaps? What needs to be done to fill them? You know, the risk assessment provides a guideline and snapshot to show the progress and work carried out by the PSP to meet the requirements, including these new changes. It will have a huge impact using that method. 

Ivonn: Thank you. Lydia. We have very few questions left. What resources or tools do you recommend for staying informed and compliant with these evolving regulations?  I’m pretty sure our listeners would certainly appreciate some actionable advice.  

Lydia: So, as I mentioned earlier, PSPs should utilize the self-assessment tool available on the BOC website to see if the new regulations apply to them. They should also seek legal advice. I think that’s really important. While a little expensive, it makes sure it keeps you, you know, to determine whether or not these rules apply to you. And if they do apply to you, what’s the best way to implement them within your business using that legal framework. Also, you know, PSPs can subscribe to regulator newsletters, attend industry webinars or conferences, and connect with local compliance industry chapters and organizations. You know, these are really good places to connect with industry insiders, experienced compliance professionals who can answer questions or direct, you know, just to resources that can help them out. 

Ivonn:  Okay.  

Can you share any success stories or maybe case studies of companies that have effectively navigated similar compliance changes in the past?  

Lydia: So, I thought this question was kind of interesting because the, you know, the payments industry is continually evolving, right? Rules around privacy, operation, anti-money laundering, fraud, information, and technology. These always require constant scrutiny, upgrades, testing, and regulation changes. So, to go back to one specific or something that I can point to as a success, it’s continuing. You know, as long as your business stays within compliance and you are passing your audits, regulators aren’t coming to see you too often because, you know, that’s a good indication you’re doing good things. So, success is when your business is still going after you’ve been under this scrutiny, and you’ve been able to show that, you know, you’ve put all these things in place. And I get it, you know, like, in my experience, significant changes, they can seem daunting. But with the amount of information out there, the help available in the financial community, and the business’s strong commitment to keep compliant, success is almost guaranteed. 

Ivonn:  That totally makes sense. Thank you. Lydia.  

How should companies balance the need for innovation with the necessity of compliance in the context of these changes?  

Lydia: So, the BOC has been really clear about not wanting to stifle innovation in the payment space with these changes but stressed the need to ensure continuing confidence in Canada’s financial industry. So, I think what the new regulations do, they provide a framework that allows businesses to innovate while ensuring their customers’ information and funds are protected, which gives their customers more confidence in their product and only can help their business grow. 

Ivonn:  Okay.  

And what are the most common misconceptions about compliance in the payments industry that these changes might address or reinforce?  I love your smile already.  

Lydia: You know, it’s no secret compliance can have a heavy impact on day-to-day operations and cost to a business in the financial space, but businesses can promote their compliance as an asset. It provides the business with a secure and trustworthy product or service and in turn, you know, protects the integrity of Canada’s financial sector. And it just drives more business to your business to know that you’re you know, you’re in line, you’re serious about doing these things and being compliant. 

Ivonn:  And finally, I have the last question. In what ways can companies in the payments industry leverage these compliance changes as an opportunity for growth and competitive advantage?  

Lydia: And some businesses subject to these changes can leverage this as an opportunity to present to their customers how they protect their money. You know, fostering trust in the digital environment is going to be, you know, a key component to attract new business and maintain trust by customers and businesses alike. There have been examples of PSPs that have gone out of business and customers left without, you know, access to their funds because there weren’t protections in place to give the customer confidence in the product. So, these new regulations are going to change that. And we should see an uptick, you know, in the confidence of consumers, their interest in using more nontraditional methods to move their money and just, you know, confidence overall in the financial industry.  

Ivonn: Thank you, Lydia. Thank you again for sharing your expert insights and upcoming compliance changes in the payments industry.  

To our listeners, we hope this discussion guides you in navigating these changes effectively. Thank you for everyone tuning in. Stay compliant and stay ahead.  

Lydia: Thank you. Bye. 


Wrapping up our chat with Lydia from AptPay, it’s clear the payments industry is on the cusp of some major shifts.  

The Retail Payments Activity Act (RPAA) is set to redefine the playing field, putting the Bank of Canada in the umpire’s seat for overseeing payment service providers.  

This move isn’t just about ticking boxes; it’s about building a safer, more reliable ecosystem for users and businesses alike. 

Lydia’s insights shed light on the practical steps companies must take, from diving into self-assessments to getting the right legal advice.  

It’s not just the big players that need to listen up; these changes will touch every corner of the market, including international ventures with a stake in Canada. 

What stands out is the potential for these regulations to be more than just hurdles.  

They invite businesses to step up, innovate, and earn trust in a digital age.  

As we navigate these changes, staying informed, proactive, and collaborative will be key to turning compliance from a challenge into a cornerstone of success in the payments landscape. 


For those seeking further guidance or looking to connect with the financial community, resources like Outlier Canada and the ACAMS offer support and networking opportunities. Engaging with these platforms can provide additional insights and foster collaborations that enrich the payments ecosystem. 

As the industry moves forward, staying informed, proactive, and engaged with the community will be crucial.  

The links below offer a gateway to the resources mentioned, ensuring that businesses have the tools and knowledge needed to thrive in this new regulatory environment. 


Topics: #Payments #Compliance 



Tags: Compliance, Payments, RPAA