Case scenarios about providers of services backed by cryptocurrencies

Publication date: October 2, 2024

These fictional case scenarios provide more details about the following payment functions performed in relation to cryptocurrencies: provision or maintenance of an account; holding of funds on behalf of an end user; initiation of an electronic funds transfer at the request of an end user; authorization of an electronic funds transfer or the transmission, reception or facilitation of an instruction in relation to an electronic funds transfer.

The examples provided are not a replacement for the Criteria for registering payment service providers supervisory policy, but rather they are meant to complement the policy. They should be read in conjunction with the policy.

These examples build off each other. We recommend reading them in the order they appear.

Case scenario: Crypto exchange dealing solely in cryptocurrency

Company A specialises in the exchange of cryptocurrencies. Its customers must each create an account and provide personal information as part of the know-your-customer (KYC) process. Once registered, customers can store cryptocurrencies in their wallet with Company A. Company A does not process, nor offer the ability for their clients to store, Canadian dollars or foreign currencies.

When Company A’s customers wish to exchange cryptocurrencies, they place an order to buy or sell a certain type of cryptocurrency in exchange for a given amount of another cryptocurrency. Whenever another customer indicates interest in accepting that order, Company A registers the transaction in its internal ledger and debits/credits the corresponding amount in the buyer and seller wallets.

In doing so, while Company A performs payment functions, none of these are related to an electronic funds transfer (EFT) that is made in Canadian dollars, a foreign currency or a prescribed unit. This is because all the services performed by Company A are in relation to cryptocurrencies, with no Canadian dollars or foreign currencies involved. Consequently, Company A does not perform any retail payment activity as that term is defined in the RPAA and does not need to register with the Bank of Canada as a payment service provider (PSP).

Case scenario: Centralized crypto exchange dealing in cryptocurrencies and Canadian dollars or foreign currencies

Company B is a Canada-based company that deals in cryptocurrencies. Unlike Company A, however, users can not only trade cryptocurrencies, but also buy and sell cryptocurrencies in exchange for Canadian dollars or foreign currencies. Users cannot, however, make transfers to other users in Canadian dollars or foreign currencies through the platform. Since Company B enables users to buy and sell cryptocurrencies without an obligation to immediately deliver those currencies to its clients’ external wallets, it is subject to provincial or territorial securities legislation.1

Company B’s onboarding process is similar to Company A’s: customers must create an account and provide personal information as part of the KYC process. Once registered, however, customers can store not only cryptocurrencies, but also Canadian dollars or foreign currencies, in their Company B wallet. In practice, to fund their account, a customer makes a fiat transfer to Company B’s bank account, where customer funds are pooled. Company B then updates their internal ledger to credit the customer’s wallet with the corresponding amount in Canadian dollars or foreign currencies.

When they wish to buy cryptocurrencies with Canadian dollars or foreign currencies, a customer logs into Company B’s interface and selects the amount of cryptocurrency they wish to buy for a certain price in fiat. Company B checks that the customer’s balance in their wallet in Canadian dollars or foreign currencies is equal to or greater than the price of the purchase and authorises the transaction. Company B then proceeds to debit the customer’s wallet in Canadian dollars or foreign currencies of that amount, and credit their cryptocurrency wallet.

By providing this service, Company B performs the following payment functions: providing and maintaining an account; holding funds on behalf of an end user; initiating an EFT; and authorizing an EFT or transmitting, receiving or facilitating an instruction in relation to an EFT.

In this case, however, Company B performs these payment functions only to directly support a non-payment activity. In other words, it performs these payment functions exclusively to facilitate the purchase or sale of cryptocurrencies and not as a distinct retail payment service. The payment activities performed by Company B do not generate incremental revenue and Company B does not market its services as being payments related. Further, clients of Company B see it as a cryptocurrency exchange rather than a PSP.

Based on these indicators, the payment functions Company B performs are generally incidental to its non-payment activities. In addition, the exclusions in paragraph 6(b) of the RPAA for prescribed transactions in relation to securities, and/or for transactions related to eligible financial contracts, apply to Company B’s activities. As a result, Company B does not need to register as a PSP with the Bank of Canada.

Case scenario: Company offering prepaid cards backed by cryptocurrencies

Company C is a virtual currency exchange that offers an open-loop prepaid card to its users. To do so, Company C sets up and maintains payment accounts for its users, and its partner financial institution, Bank Z, issues open-loop prepaid cards attached to these accounts.

Whenever a user initiates a payment through this prepaid card, a payment authorisation request is sent to Company C through the card network. Company C checks that the amount of the purchase is less than or equal to the current Canadian dollars or foreign currencies market value of cryptocurrencies held in the customer’s cryptocurrency wallet and authorises the transaction. Company C updates its internal ledger to debit the user’s virtual currency account and credit its own. Meanwhile, Company C instructs Bank Z to debit its own account and make corresponding funds available on the customer’s prepaid card.

Company C performs the following payment functions in the scope of the RPAA in relation to their cryptocurrency-backed prepaid card: providing and maintaining an account; and authorizing an EFT or transmitting, receiving or facilitating an instruction in relation to an EFT.

These payment functions are not performed incidentally by Company C, as Company C’s card service generates its own revenue stream in the form of interchange fees. Additionally, Company C advertises its card services, and users expect to be able to execute payment transactions in Canadian dollars or foreign currencies through the payment instruments offered by Company C.

Company C’s card offering is not affected by the exclusions in paragraph 6(b) of the RPAA. For those exclusions to apply, the payment functions in question must be in relation to a transaction that gives effect to an eligible financial contract (such as a derivative contract) or a prescribed transaction in relation to securities. Transactions made with Company C’s debit card are generally made for a broad range of payments, and not to acquire rights to cryptocurrencies in the nature of a securities or derivatives transaction. Company C’s other virtual currency exchange activities may nevertheless be excluded under paragraph 6(b) of the RPAA.

Consequently, Company C is a PSP under the RPAA and needs to register with the Bank of Canada, assuming it meets the other criteria for registration.

Fiat exchange in cash

Company D is a retail business located in Canada that provides exchange services in cash in Canadian dollars or foreign currencies.

Customers who wish to exchange fiat currencies may visit Company D’s location, where Company D quotes them an exchange rate. Customers must fund the exchange using cash, and the exchange happens immediately.

In doing so, Company D does not perform any payment function. Additionally, the whole transaction takes place in cash, which means there is no EFT involved.

Assuming that Company D does not perform any other payment function, it is not a PSP and does not need to register with the Bank of Canada.

Disclaimer

The case scenarios are illustrative examples reflecting the Bank of Canada’s interpretation of certain requirements set out in the Retail Payment Activities Act (RPAA). All names, facts and descriptions in these scenarios are entirely fictitious and do not reflect any real or actual individuals or entities.

Additionally, they do not represent legal advice and should not be used as a replacement for seeking such advice if an individual or entity is unsure about whether they are required to register with the Bank of Canada as a payment service provider. The nature of the products and services offered by each individual or entity will vary, as will the circumstances around offering these products and services. Therefore, any individual or entity that may be subject to the RPAA should assess their own situation on a case-by-case basis according to their own facts and circumstances. Any entity or individual that may be subject to the RPAA is ultimately responsible for determining whether they are required to register with the Bank.

The examples provided are not a replacement for the Criteria for registering payment service providers supervisory policy, but rather they are meant to complement the policy. They should be read in conjunction with the policy.

On this page
Table of contents