About nine million Canadians currently share their online banking passwords with third-party apps to get help with budgeting, financial planning or doing taxes. The practice is called screen scraping and the federal Finance Department has warned it is a security risk. All but one of the country’s Big Six banks formally prohibit sharing passwords, but clients do it anyway because there has been no alternative.

The Consumer-Driven Banking Act, to take effect this year, will provide open banking and make screen scraping illegal. Consumers will be able to direct their bank to share specific financial data with authorized third parties through a secure portal (API). The choice will be stark for every financial technology company (fintech) that currently relies on customers to supply passwords to tap into its product: Become accredited under the new law or stop operating.

Canada’s big banks have a built-in advantage. They hold all their customers’ financial data and, until now, no one else could use it. The idea is to give fintechs secure, authorized access to that same data and more competitive financial products will follow. That is correct as far as it goes, but it doesn’t go far enough. Data access alone isn’t enough if the companies meant to use it can’t afford a way in.

Two countries with different results

A case in point is what happened in Australia, which launched its Consumer Data Right in 2020. Australia’s assistant treasurer subsequently said the idea needed a reset. Industry groups called for going back to the drawing board. The government ordered a strategic review.

The review showed that, by the end of 2023, just 0.31 per cent of bank customers had an active data-sharing arrangement. The banking........

© IRPP - Policy Options