I Helped Build UK Open Banking - Here's What Canada Needs to Know
Canada is on a mandated path to introduce Open Banking to consumers. They follow in the footsteps of other jurisdictions which have already trodden this path. Here's a timeline which compares Canada's obligations to what has already happened in the UK.
This article is written from the perspective of Craig Greenhouse - one of the OG Open Banking UK consultants who helped shaped the specs. Craig has an active interest in the Canadian rollout, because his consultancy (Opendata Consult) is starting to work with Canadian fintechs. Back in 22/23 Craig spent several months as a solutions architect doing an Open Banking Pilot with CIBC.
tl:dr; Canadian Open Banking 2026 - Key Dates
- Late 2025 - Accreditation applications open
- Late 2025 / Early 2026 - Conformance & interoperability testing
- Early 2026 - Go-live for accredited participants
- Post-launch - Screen scraping phased out
What Canadian fintechs should copy from UK pioneers
- Early accreditation prep — UK TPPs that left governance/compliance too late missed the first wave.
- Security automation — invest in automated conformance/security tests so you can keep pace with spec updates.
- API-first architecture — abstract data ingestion so swapping OB/FDX payloads is trivial.
- Consumer trust UX — UK fintechs that nailed consent transparency grew faster.
Where Canada will feel different
- Regulator is in control (FCAC), not an industry-run body like OBIE — less wiggle room, more formal process.
- Data scope at launch is bigger, so you can design multi-product propositions from day one.
- Consent refresh period is longer, but UI obligations (dashboards) will be stricter.
- Transition from scraping will be faster — plan dual-running APIs/scraping before launch.
Readiness Checklist — Canada 2026 vs UK 2018
| Area | UK 2018 (OBIE) | Canada 2026 (Consumer-Driven Banking) | Key Takeaway for Canadian Fintechs |
|---|---|---|---|
|
|
Enrol with OBIE Directory as an AISP/PISP, authorised by FCA. Governance was centralised under CMA order. | Apply for FCAC accreditation (financial soundness, insurance, ISO-level security, governance roles). Accreditation ongoing with ability to revoke. | More regulator-heavy than early UK — Canadian fintechs must build compliance & governance frameworks before applying. |
| 2. Technical Standards | OBIE defined single API spec (UK OBIE v3.x+), payloads in JSON, FAPI security profile. | One national API standard, influenced by FDX + international OB. mTLS, certificate-bound tokens, FAPI-like profile expected. | Similar security model to UK — but payloads may differ; expect more FDX-style schemas than OBIE's. |
| 3. Security | mTLS between participants, eIDAS/OBWAC certificates for identification, FAPI baseline. | mTLS, certificate-bound tokens, strict encryption, likely ISO 27001-aligned ISMS. | UK experience with directory-issued certs will transfer — but Canada may require more cyber insurance & ongoing security attestations. |
| 4. Consent Management | OBIE mandated standard consent screens, revocable at any time, max 90 days without re-consent. | Explicit, granular consent; renewable at least every 12 months; revocable instantly. Consumer dashboard mandatory. | UK's 90-day refresh is stricter; Canada's 12-month is easier for retention but requires a visible consent dashboard. |
| 5. Liability Model | “Liability moves with the data” — banks liable pre-transfer, TPPs liable post-transfer. Detailed dispute resolution process. | Same principle. Rules baked into “common rules” under FCAC oversight. | Model is essentially the same — but Canada will have national rules, not bank-by-bank variations. |
| 6. Testing & Onboarding | OBIE conformance testing, functional tests, security penetration tests before going live. | Conformance testing phase expected late 2025 — will include security, functional, and interoperability checks. | UK onboarding process is a good rehearsal; Canadian fintechs should prep automated test harnesses early. |
| 7. Data Scope (Phase 1) | UK launched with current accounts, then expanded to credit cards, savings, mortgages. | Will launch with retail deposit accounts, loans, credit cards, investments. Insurance excluded initially. | Canada starts wider than UK Phase 1 — fintechs can launch richer services earlier. |
| 8. Screen Scraping Ban | Gradual — CMA banks discouraged it post-launch but many APIs coexisted with scraping for years. | Planned phase-out shortly after launch. | Transition window in Canada will likely be shorter — must be API-ready by go-live to avoid service disruption. |
| 9. Regulatory Body | OBIE (industry-run), FCA (regulatory oversight). | FCAC (regulatory), technical standards body under FCAC oversight. | Canada has regulator-controlled governance from day one — less room for industry-led improvisation. |
| 10. Commercial Model | API access free for mandated banks; optional participants often charge commercial fees. | API access free for mandated participants; opt-in players must comply with rules if they join. | Same “free data access” baseline, but Canadian rules will lock in free access nationally. |
Final Thoughtss
Canada's 2026 Open Banking launch is coming fast, and accreditation bottlenecks will hit hard. The fintechs that start building to the standard now — with governance, security, and consent UX ready — will own the first-mover advantage. I've seen how this plays out before, and I know the pitfalls. If you're a Canadian fintech leader, now is the moment to get moving.