By Alan Gahtan and Jeff Graham - June 1997
Technology is facilitating the creation of new approaches to service delivery and permitting the introduction of new electronic products. For example, a number of major Canadian financial institutions are now offering financial products and services through the Internet. In many cases, their competitors are scrambling to catch up.
Some financial institutions view the Internet as an alternative product delivery channel. For others, including the new Citizens Bank of Canada, a subsidiary of Vancouver Savings Credit Union and ING Direct, the trust company subsidiary of ING Bank (Netherlands), the Internet is a primary delivery channel. No proprietary software or private communication network is necessary. Customers can use industry standard Web browser software and must arrange their own access to the Internet through an Internet service provider.
The conduct of financial transactions through the Internet is not likely to displace other more traditional channels anytime soon. However, financial institutions appear to be drawn by two factors. The first is the lower transaction costs associated with transactions conducted electronically as opposed to their branch networks. The second attraction is the demographics of customers who are interested in using the Internet to access financial services. One American study projected that with respect to the banking industry, each Internet customer is likely to be 50-250% more profitable than the average banking customer.
At the same time a number of financial institutions are testing electronic money or "E-money" systems. Canada’s use of direct payment cards indicates a propensity on the part of Canadians towards the acceptance of new financial technology. The speed with which debit cards have taken hold in Canada suggests that electronic cash or stored value cards will achieve rapid acceptance in Canada.
The objective of this article is to highlight some of the issues facing financial institutions and financial institution regulators in connection with the provision of financial services through the Internet and the establishment of e-money plans.
THE INTERNET AND FINANCIAL SERVICES
International
The increasing use of the Internet by international financial institutions raises unique challenges for Canadian financial services policy makers and regulators. To begin with, Canada has made certain commitments in international trade agreements with respect to the regulation of cross border trade in financial services. For example, under the North American Free Trade Agreement, Canada has agreed to not adopt any new measures restricting cross border trade in financial service by cross border service providers of another party, except for prudential reasons.
Currently, under Part XII of the Bank Act, no foreign financial institution can carry on banking activities, i.e., regulated financial services activities, in Canada without establishing a physical presence in Canada. If the institution is seeking to carry on commercial banking activities, it must generally establish a Canadian financial institution or provincially regulated securities entity. In the case of a foreign insurance company, the options are to establish a branch of the foreign company or a Canadian insurance company subsidiary.
There is little certainty around what it means for a foreign financial institution to be carrying on financial services activities in Canada. Finding the boundary between what is or is not permitted under Canadian law is being debated currently. For example, recently, it has been reported that a major US commercial bank, Wells Fargo Bank, has indicated that it would like to offer commercial banking products to small and medium-sized Canadian companies over the Internet. Traditionally, if most or all of the activities were performed outside of Canada, an institution would not be found to be undertaking banking activities in Canada. The proposed Wells Fargo activities will be different. While the financial institution is not in Canada, the customer and its financial service requirements are in Canada. Funds or other products or services will be delivered in Canada presumably by Wells Fargo or an agent. It is hard to see how these types of activities do not constitute the undertaking of banking activities in Canada.
Domestic
The advent of Internet delivery of financial services also brings into sharper focus the different powers which Canadian financial institutions have domestically, compared to those which they enjoy internationally. Outside of Canada, Canadian financial institutions may carry on business, conduct their affairs and exercise their powers to the extent and in the manner that the laws of the foreign jurisdiction permit. However, the differences in powers may require some accommodation in the design of Internet delivery of financial services to both Canadians and non-Canadians to ensure legislative restrictions applicable to Canadians are respected.
At the same time, some of the existing restrictions may be overcome by the Internet delivery of financial goods and services. For example, the Internet raises the possibility that the constraints placed on Canadian deposit-taking institutions with respect to the sale of insurance will become less relevant. For example, since an Internet Web site is not a "branch" of a bank, trust company or credit union (hereafter referred to as a "deposit-taking institution"), the deposit-taking institution is free to promote an insurance company agent or broker affiliate of the deposit-taking institution or an insurance policy of such insurance company, agent or broker affiliate. These activities would be prohibited if conducted through a branch.
Further, information gathered over the Internet regarding insurance can be directed to the insurance affiliate without violating the current prohibition in banking, trust company and credit union legislation against transmission of bank customer information to the insurance affiliate of such institution. Finally, the prohibition against shared or adjacent bank insurance affiliate premises is not applicable to the Internet site of a deposit-taking institution and its insurance affiliate.
It may also be true that a Canadian financial institution will find it difficult to avoid compliance with the requirements of all provinces, not merely the provinces in which it has a physical presence. The offer of products and services over the Internet will signal their availability to all Canadians, unless efforts are made to limit them to specific jurisdictions. Imposing such limitations may create negative publicity for the institution. There are provincial registration issues for securities entities, trust companies and insurance companies, in particular, but also for banks depending on the nature of the product/service offering (i.e., securities). In addition, there is the need to ensure compliance with the various provincial consumer protection requirements.
Account Creation and Documentation
The Problem of Authentication
Financial institutions, both domestic and international, venturing on the Internet have had to figure out how to deal with the increased risk of operating in this new environment. The lack of face-to-face contact and the inability to utilize magnetic-stripped cards with secure ATM networks make it difficult to authenticate instructions from customers. Many financial institutions have responded by modifying their operation of account agreements to shift such risks onto their customers.
In the future, such risks may be reduced through increased use of digital signatures. Digital signatures involve the use of cryptographic systems that can be used to verify that a particular message was "signed" by a person in possession of a "private key" without actually disclosing what that private key is. Authentication of the sender may be "guaranteed" by "certification authorities". In fact, subject to regulatory constraints, financial institutions may make ideal certification authorities.
Already, a number of jurisdictions in the US, including Utah and Florida, have passed legislation recognizing these digital signatures as the equivalent of manual signatures. California recognizes digital signatures in communications with public entities. Approximately half a dozen other states have digital signature legislation that is pending.
A number of European states, including Germany, Denmark and Sweden, are at various stages in the process of enacting digital signature legislation. The International Chamber of Commerce has produced a draft Uniform International Authentication and Certification Practices (UIACP) aimed at determining authentication practices in general, including digital signatures.
Electronic Contracts
Some financial institutions have also begun experimenting with the use of electronic contracts formed through "click-through" or "Web-wrap" agreements. For instance, First Union, a US bank, offers an on-line application for a home equity loan. Part of the application procedure includes a notification of certain terms and conditions. To complete the process, applicants must click on a button marked "I understand and accept the above terms and conditions". A similar procedure is used by Bank of Montreal to process on-line applications for MasterCard products.
The use of such on-line contracts requires consideration of the extent to which such conduct by an applicant can legally constitute "acceptance" and of various writing and signature requirements applicable to certain types of transactions.
In some cases, amendments to legislation may be required to more appropriately deal with on-line transactions. For instance, in Ontario, the Consumer Reporting Act provides that no person shall request or obtain a consumer report, in certain circumstances, unless that person first gives written notice of the fact to the consumer.
The Act also provides that where a person proposes to extend credit to a consumer and a consumer report containing credit information only is being or may be referred to in connection with the transaction, the person shall give notice of the fact to the consumer in writing at the time of the application for credit, or if the application is made orally, orally at the time of the application for credit.
The Act does not set out what constitutes "written notice". It is not clear whether this would include notification through the viewing of a Web page. Since the Act permits verbal notification at the time of the application for credit where such application is made orally, it seems reasonable to amend such legislation to provide for similar treatment of electronic transactions.
The underlying policy objectives for implementing many statute of frauds type requirements may be satisfied by electronic notice. In some jurisdictions, evidence of an electronic transmission, including tangible written text produced by computer retrieval, is sufficient to satisfy "in writing" requirements. Courts have also held telexes, telegrams and facsimiles as being sufficient to satisfy "in writing" requirements.
Web Sites
Obtaining a "domain name" is typically the first step in setting up a Web site. Many well-known business entities, including a number of Canadian financial institutions, are finding that a domain name corresponding to their corporate name or trade-marks may have already been registered by other parties who are requesting payment of "consulting fees" in order to transfer use of such names. In many cases, some business entities have found it less expensive to pay such blackmail money than to engage in a protracted legal battle.
The development of a Web site or an Internet banking service for a financial institution can be an expensive undertaking. In most cases, this will involve contracting for the services of software and Web developers. Use of a Web development agreement is important to ensure that costs can be better managed and that ownership issues can be properly addressed. Unless an assignment of copyright is obtained, clients of such developers may find that they do not acquire any ownership rights in the materials being developed or that such materials may be relicensed to a competitor. Confidentiality obligations must also be addressed.
Web hosting agreements have not been as important an issue. Most financial institutions offering or intending to offer Internet banking services host their Web servers on their own premises rather than through the facilities of a third party Web hosting service provider. This is done for security reasons and to allow connectivity with the financial institution’s transaction processing system.
Web sites should be reviewed by appropriate legal advisors. Even material previously reviewed for use in other media needs to be reviewed again with the nature of the Internet in mind. Increased competition and the ability to update materials almost instantaneously will likely mean shorter new product development cycles and possibly an increased level of innovation. Legal advisors will be under increasing pressure to provide quicker turn around time.
Content placed on a Web site must also be kept up-to-date. A US airline was fined US$14,000 for failing to remove expired fare information. Stale interest rate information and/or mutual fund pricing can also subject a financial institution to potential liability.
A well drafted and comprehensive legal notices and disclaimer page is important. However, the inclusion of such a page, linked from the "home page" of a financial institution’s Web site, is not sufficient. Due to the "hypertext" nature of the Web, a visitor may go directly to a specific page on a Web site without having gone through the "home page". This can occur due to a link from another Web site or as a result of a search conducted on an Internet search engine. It is, therefore, advisable that links be placed from all pages on the Web site or at least all significant pages.
It should be noted that some countries do not provide copyright protection unless a work is marked in a certain way. It may, therefore, be advisable to mark the Web site as a whole, as well as each significant work placed on the Web site.
Other Internet Issues
Registration
The delivery of financial products and services over the Internet will require regulators, particularly provincial securities and insurance regulators, to redraw the lines between activity which requires registration and that which does not. Provincial securities and insurance statutes typically define registrable conduct broadly to include solicitations and advertising with respect to products and services.
There is evidence that regulators are beginning to address the special challenge of the Internet. Recently, the Securities Commission of British Columbia issued a notice advising that if an Internet communication was not intended to be directed at a resident of B.C., a disclaimer to that effect should be included at the beginning of the communication. A similar approach seems to be the preference of other securities administrators. The North America Securities Administrators Association Inc. has adopted a resolution encouraging states to exempt offers of securities made on the Internet if the offer indicates that the securities are not offered to residents in a particular state and the offer is not specifically directed to any person by or on behalf of the issuer of securities.
Money Laundering
Until the authentication issue is resolved, as discussed above, compliance with the Proceeds of Crime (Money Laundering) Act may prove difficult for financial institutions. Under the Regulations to the Act, a financial institution has an obligation to authenticate the identity of its customer. In addition, the Regulations require a signature card to be created. It would appear that the existing regulatory regime for money laundering does not yet contemplate adequately the role that the Internet will play in the delivery of financial services.
Internet Use Policies
In conjunction with initiatives to provide customers with access to services through the Internet, many financial institutions are also providing their employees with Internet access. Misuse of such facilities by employees can subject these entities to potential liability or at the very least create a public relations problem. The use of an Internet use policy can be an effective tool for reducing such risks.
In order to be effective, such a policy should be formalized as a corporate policy and communicated throughout the organization. The policy should specify permitted and prohibited uses of the Internet and the implications of non-compliance. If monitoring of Internet access by employees is to be conducted, then this should also be documented and communicated to all concerned parties.
ELECTRONIC MONEY
Another area of growing interest to financial institutions is electronic cash.
Electronic cash or "E-money" may take the form of stored value smart cards (such as Mondex and VISA Cash). Many of the major players are involved with field trials. These are forms of multi-purpose cards or open systems in which a card can be used to buy goods or services from several providers or transfer e-money from one cardholder to another cardholder.
Electronic cash may also take the form of the more private "digital money" variety. These are forms of single purpose or closed systems where the card can be used to purchase the goods or services from one supplier or a limited number of services.
Advances in cryptography, specifically public key encryption, developed in the 1970's, has made it possible to use electronic data as a representation of real currency. No signature, PINs or other verification is required to utilize such digital currency.
The extent of risk to be assumed by financial institutions engaging in electronic cash transactions will depend on whether the provisions of any consumer protection legislation apply to limit the consumers liability. If none apply, then the rights and liabilities of the issuer and consumer will be primarily determined by their contractual agreements entered into at the start of the relationship and general common law principles.
Governments have a number of concerns related to the use of E-money. Anonymous card-to-card systems, or those digital money systems that utilize numbers only and provide a high level of privacy, could be used to facilitate money laundering. Many attributes of such systems are similar to those associated with the use of cash. However, electronic data is easier to conceal and smuggle across borders than cash.
Some governments have programs that require banks to detect, detain and report international funds transfers from designated "blocked entities" to assist the confiscation of funds from certain countries, entities or individuals. E-money may be used to defeat such programs.
Further, the growth of E-money may also undercut government monetary policy. Digital money could circulate outside the central banking system and therefore would become untraceable and unmeasurable. As such, it would undermine the historic control of central banks over the money supply.
E-money would likely not be held to constitute "legal tender" because it is not a medium of exchange that is authorized, adopted or backed by the government. E-money is only backed by the issuer’s promise to pay. E-money may, however, constitute "money" because parties are free to make contracts based on a medium of exchange of their choosing.
There is currently no legislation specifically applicable to E-money as a payment mechanism. If E-money is issued by entities other than financial institutions, the current system of regulation and protection may not apply.
An E-money issuer that holds money from a customer pending transfer to a third party following the customer’s use of the E-money may be deemed to be engaged in the business of taking deposits and therefore a regulated financial service. However, an E-money scheme that does not require the issuer to hold any funds on behalf of the customer for transfer to a third party might not be deemed to be engaged in the business of regulated financial services.
Finally, the failure of an E-money issuer could undermine public confidence in E-money systems, cause a run on such systems, and have a detrimental affect on the traditional financial system.
In response, regulators are considering various regulatory options. These include establishing a regulatory authority to designate that certain E-money arrangements should be subject to government oversight. The regulatory scheme that would be imposed as a result of designation could involve a requirement that E-money issuers be separately regulated entities with limits on investment powers, closely supervised, hold paper currency in escrow accounts to ensure stability and/or have guarantees from sponsors. Or, there could be a less intrusive form of regulation based on disclosure.
Related Sources: Canadian Legal Resources | Cyberlaw Encyclopedia | Entrepreneur Resources | Canadian Technology | Precedents | Alan Gahtan
© 2005 Alan M. Gahtan. All Rights
Reserved | Use is subject to these Legal
Terms
Disclaimer: Not all materials may be applicable in your jurisdiction. Not intended to be a
substitute for professional advice. No implied endorsement of, or affiliation with, any
linked sites. Path to individual pages may change - please link to home page only.
Linking Info