Financial technology and the insurance industry: what's ahead

Stuart Carruthers and Andrew Cunningham - 

Late last month, the International Association of Insurance Supervisors (IAIS) released FinTech Developments in the Insurance Industry ("the Report"), an interesting, thoughtful and important analysis of how the growth of FinTech (financial technology) - which has thus far focused mainly on banking and capital markets - is likely to affect the insurance industry. Referring to insurance-focused FinTech as "InsurTech", the 45-page Report considered:

  • innovation drivers in the insurance sector;
  • current InsurTech innovations;
  • the existing InsurTech sector (start-ups, financing, relationships with traditional insurers, etc.);future scenarios and their likely impact on insurance industry supervision; and
  • the effects of Distributed Ledger Technology (DLT) such as blockchain and Big Data.

The Report should be required reading for insurers, FinTech businesses and regulators racing to prepare for the challenges and exploit the opportunities of the InsurTech era. In an article published recently in our Insurance Law Update, we summarize some of the analysis and key findings of the IAIS Report. Click here to read the full article.

Cybersecurity: What Should a Board of Directors focus on?

In this, the second in our series of posts on the duties of Canadian directors and officers, Vanessa Coiteux and Tania Djerrahian discuss some of the key issues that directors need to focus on in the rapidly developing area of cybersecurity. The article considers some of the cybersecurity concerns expressed by securities regulators and proxy firms as well as some of the considerations that should go into an effective cybersecurity strategy.

Most companies today depend on networks, computers and the Internet to help manage their business. While digital technology has many benefits, it also has the disadvantage of exposing companies to cybersecurity breaches. Historically, many viewed the risks associated with cybersecurity as risks to be entirely managed by a company’s information technology (IT) department. However, given the number of companies in various industries that have experienced cyber-attacks in recent years, and the serious consequences of many of those attacks, boards of directors may, depending on the facts and circumstances surrounding their company,  consider elevating such risks to enterprise-wide risks (as was the case for financial risks following the Enron scandal). As will be discussed below, there are a number of reasons why boards of directors of public companies may want to oversee the management of cyber risks and a number of practical ways of doing so.

Continue Reading...

Capital Crowdfunding in Canada: Recent developments (Part 1)

Pierre Fournier-Simard -

The recent arrival of the KickStarter platform in Canada serves as a reminder that some interesting developments in the regulation of “crowdfunding” have been occurring in the last several months. This article focuses on the exemption granted to MaRS VX by the Ontario Securities Commission, which recently authorized the very first capital crowdfunding platform in Canada.

Crowdfunding is a way of financing a project or business by pooling small financial contributions obtained through Web platforms (such as La Ruche in the Quebec City region) and making use of social media for advertising and solicitation. A person seeking financing can present the project to the “crowd” using the Web platform and request small contributions from a large number of individuals, thereby raising a sizable sum.

Continue Reading...

Many business concerns remain following revisions to anti-spam regulations

David Elder -

Much-anticipated revisions to the originally proposed Electronic Commerce Protection Regulations provide some useful clarifications and additional exemptions with respect to Canada’s Anti-Spam Law (CASL), but many concerns remain with respect to the potential over-reach of the not-yet-in-force law and the unnecessary and burdensome financial and administrative obligations that it may impose on legitimate business activity.

In fact, while the revised Regulations do respond to some of the concerns raised with respect to the previously proposed regulations – and indeed, the Act as a whole - the new Regulations may be more notable for what they don’t include than for what they do cover. 

Continue Reading...

CRTC guidance on check-boxes for e-marketing likely to tick off business community

David Elder -

Although the date on which Canada’s Anti-Spam Legislation (CASL) may come into force is uncertain, the CRTC has issued two bulletins that provide guidance as to how to comply with the new law, once proclaimed in force.

But while some of the new guidance is helpful, other provisions will likely create significant operational concerns for businesses.

The Commission is the body charged with oversight and enforcement of most provisions of the new law, including the core provisions respecting commercial electronic messages (CEMs), alteration of transmission data and the installation of computer programs.  In addition, the CRTC has the power to make regulations under the Act with respect to certain matters.

Continue Reading...

Ontario's Bill 96 proposes amendments to the Electronic Commerce Act directed at using electronic signatures in real estate transactions

On May 17, 2012, Bill 96, An Act to amend the Electronic Commerce Act, 2000, was introduced to amend Ontario’s Electronic Commerce Act  (Act) with respect to real estate transactions. Currently in the First Reading stage, the Bill:

  1. removes the current exclusions from the application of the Act:
    1. documents of title; and
    2. land transfer documents - “documents, including agreements of purchase and sale, that create or transfer interests in land and require registration to be effective against third parties”; and
  2. requires documents related to real estate transactions to be subject to the reliability requirements for electronic signatures pursuant to s.11(3) of the Act

ICANN publishes applications for new generic top-level domain names

Justine Whitehead and Anne MacIsaac -

On June 13, 2012, the Internet Corporation for Assigned Names and Numbers (ICANN) published a list of the 1,930 applications for new generic Top-Level Domain Names (gTLDs) it had received during its recent January to May 2012 application period. The influx of applications was due to new rules approved in June 2011 by ICANN, the body which oversees the registration and coordination of the Internet’s system of unique domain names. The rules transform naming conventions for Internet Web sites by removing restrictions on allowable suffixes for domain names. Currently, Web site domain names end in either a country code (such as .ca or .uk) or in one of only twenty-two gTLDs, such as “.com” or “.org”.  Now organizations can apply to register any character string as a gTLD. This will allow companies to register their brands as gTLDs or to select other unique domain names for marketing purposes, drastically increasing the number of available domains. Applications were received from sixty countries, including sixty-six requests to register geographic names as gTLDs, and 116 requests for strings in non-Roman characters (called Internationalized Domain Names, or IDNs), such as Chinese, Arabic, and Cyrillic.

ICANN will consider a number of factors when reviewing the applications. For example, they will evaluate whether a proposed gTLD is confusingly similar to an existing gTLD, to a reserved character string or to another proposed gTLD; whether it is a geographic name requiring government support; and whether it contributes to domain name system (DNS) instability. They will also look at whether the applicant possesses adequate technical, operational and financial resources with respect to the registry services they will be required to provide.

Continue Reading...

Canadian Bankers Association charges ahead on mobile wallets

On May 14, 2012, the Canadian Bankers Association (CBA) published a set of voluntary guidelines to govern Canada’s emerging mobile payments marketplace. The guidelines, titled the Canadian NFC Mobile Payments Reference Model, establish a series of recommendations on mobile phone payment functionality, security features and the logistics of processing near field communication (NFC) payments, also known as “tap-and-go” technology.

Continue Reading...

2011 in Review - Top 10 Technology & IP Law Developments

The arrival of 2012 marked the end of a year filled with numerous developments in technology and IP law. Taking a cue from the Canadian Communications Law blog, we’ve decided that this would be an excellent time to reflect on the past year and review some of its more notable developments. To that end, we’ve put together a list of the top 10 technology and IP law developments from the past year.

Without further ado, here are our picks for the top 10:

  1. Court of Appeal recognizes reasonable expectation of privacy in contents of work computer - In R. v. Cole, a teacher discovered with nude images of a student on his work laptop was found by the Ontario Court of Appeal to have a reasonable expectation of privacy with respect to his personal files on that laptop.
     
  2. No liability for defamation for basic hyperlinks, says Supreme Court - In a decision that came as a relief to bloggers, tweeters, webpage owners and other providers and hosts of internet content, the Supreme Court of Canada clarified in Crookes v. Newton that merely providing hyperlinks to defamatory content will not lead to liability for defamation.
Continue Reading...

Government launches Anti-Spam website, but where's the beef?

David Elder -

As the expected proclamation in force of Canada’s Anti-Spam Legislation nears, the Government recently announced the launch of a new “Fight Spam” website; however, the site currently provides only a high-level overview of the new law, rather than a detailed compliance guide for businesses.

Likely, there will continue to be some uncertainty with respect to the practical application of the new law to specific business scenarios, until the CRTC, the Competition Bureau and the Office of the Privacy Commissioner have had an opportunity to actually apply the law, hopefully providing some guidance to the business community through the ongoing publication of decision summaries or guidelines.

The new website appears to be intended to offer plain-language guidance to consumers and businesses with respect to the general requirements of the new law, offering overviews of the main provisions of the statute and the bodies charged with its enforcement.  The site also includes a series of Frequently Asked Questions, advice as to how individuals and businesses can protect themselves against spam and other electronic threats and links to other resources, such as tips from the Office of Consumer Affairs on how users can recognize and protect themselves against phishing and spyware.

Continue Reading...

Cloud computing and Canadian federally regulated financial institutions

Wesley Ng and Stuart Carruthers  -

Cloud computing has grown significantly in the last few years. A Gartner Executive Program survey of more than 2,000 Chief Information Officers (CIOs), representing 50 countries and 38 industries, found that cloud computing is the number one technology priority for 2011. Fully 43% of the CIOs expected that a majority of their IT will be running “in the cloud” within four years. In its updated June 2011 forecast of Information Technology spending, Gartner stated that cloud computing expenditures are likely to rise by 16-20% per year through 2015, representing 4% of global IT spending by the end of that period. Richard Gordon, research vice president at Gartner, noted that expenditures for cloud computing services grew four times faster than overall IT spending.

Continue Reading...

Hacker faces prison sentence for theft of online poker chips

The BBC recently reported that an IT professional is facing a lengthy jail sentence after pleading guilty to stealing millions of dollars worth of online currency. The defendant was apparently able to hack into the system of popular online gaming firm Zynga, and take about $12 million worth of poker chips. The case is notable in that the court appears to have recognized the value, as property, of virtual currency. Undoubtedly, this will be a developing area of law as more companies begin transacting in similar forms of virtual currency.

What won't be under the tree this year: spam

David Elder

The Canadian government’s anti-spam bill, Bill C-28, moved quickly through Parliament this fall, receiving Royal Assent on December 15th, just before Parliament rose for its holiday season break.  Though not yet available at press time, the final version of the bill will be available soon at the Parliamentary Website. Industry Canada indicated, in an eMail message to interested parties, that it anticipates that the new law will come into force in six to eight months.

Continue Reading...

PCI Security Standards Council Releases Version 2.0 of the PCI Data Security Standard and Payment Application Data Security Standard

On October 28, 2010, the PCI Security Standards Council released version 2.0 of the PCI Data Security Standard (DDS) and the Payment Application Data Security Standards (PA-DSS) reflecting input from the Council’s global stakeholders.  This latest version, effective January 1, 2011, is designed to provide greater clarity and flexibility to facilitate improved understanding of the requirements and eased implementation for merchants.  A summary of the changes can be found here.  The standards, detailed summary of changes and supporting documentation can be found here.

The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the DSS, PIN Transaction Security (PTS) requirements and the PA-DSS.

Code of Conduct for the credit and debit card industry in Canada

The Code of Conduct for the Credit and Debit Card Industry seeks to promote transparency and fairness for merchants and consumers.

The Code of Conduct for the Credit and Debit Card Industry which came into effect on August 16, 2010 aims to increase transparency and fairness for both merchants and consumers who use credit and debit cards. Applicable to credit and debit systems and their participants, payment networks that choose to adopt the Code will be subject to monitoring by the Financial Consumer Agency of Canada to ensure compliance.

Continue Reading...

Federal Government launches Task Force for the Payments System Review

On June 18, 2010, Canada’s Minister of Finance announced the launch of the Task Force for the Payments System Review. The Minister of Finance announced that the Task Force’s mandate is to review:

  1. the safety, soundness and  efficiency of the payments system;
  2. whether there is sufficient innovation in the payments system;
  3. the competitive landscape;
  4. whether businesses and consumers are being well served by payments system providers; and
  5. whether current payments system oversight mechanisms remain appropriate.
Continue Reading...

New legislation proposed for the regulation of payment card systems

On March 29, 2010, Bill C-9 was tabled in the House of Commons of Canada for its first reading. Part 12 of Bill C-9 provides for the enactment of the Payment Card Networks Act (the PCN Act) - legislation which has the purpose of regulating national payment card networks and the commercial practices of payment card network operators. Among other things, the PCN Act confers a number of regulation-making powers upon the federal government. 

Part 12 of Bill C-9 also makes related amendments to the Financial Consumer Agency of Canada Act (the FCAC Act) to expand the mandate of the Financial Consumer Agency of Canada so that it may supervise payment card network operators to determine whether they are in compliance with the provisions of the PCN Act and its regulations and monitor the implementation of voluntary codes of conduct. Under the amended FCAC Act, payment card network operators can face penalties up to $200,000 for failure to comply with the PCN Act or its regulations.

Draft Code of Conduct for the Credit and Debit Card Industry

A proposed Code of Conduct for the Credit and Debit Card Industry was released by the Federal Government of Canada today for a 60 day comment period. Its purpose is to improve merchant cost-transparency and allow merchants to provide flexible pricing options to consumers. It is proposing to accomplish this by allowing merchants to provide discounts depending on what cards consumers use, and by allowing merchants to cancel contracts without penalty after a fee change.

Enforceability of browsewrap agreements called into question

The United States District Court (Eastern District of New York) released its decision in Hines v. Overstock.com today, which held that a browsewrap agreement that was only available by scrolling to the bottom of the website is not enforceable.

The terms and conditions of Overstock.com, governing all online customer purchases, are contained in a link at the bottom Overstock’s homepage. The notice that “Entering this Site will constitute your acceptance of these Terms and Conditions” was only available within the terms and conditions.

Ms. Hines was not prompted to or advised of the terms and conditions and could not see the link to them without scrolling down to the bottom of the screen, an action that was not necessary to complete her purchase. As a result, the court held that the terms and conditions of Overtock.com’s site were not enforceable.

Canada introduces anti-spam legislation

On April 24, 2009, the Canadian government introduced Bill C-27, which would establish the Electronic Commerce Protection Act (ECPA) and make significant consequential amendments to other federal legislation, including Canada's Competition Act, Telecommunications Act and Personal Information Protection and Electronic Documents Act (PIPEDA).

Continue Reading...