Industry and Technology Committee on June 4th, 2026

Thank you very much.

Good morning.

I'm very grateful to the committee for giving us the opportunity to contribute to its work on financial fraud and scams in Canada.

My name is Anthony Ostler, and I'm the president and chief executive officer of the Canadian Bankers Association, or CBA. I'm joined today by Hartland Elcock, assistant general counsel and vice-president at the CBA.

The CBA represents more than 60 Canadian and foreign banks operating in Canada. It supports the adoption of public policies to maintain a strong and dynamic banking system capable of helping Canadians achieve their financial goals.

Addressing financial crime is a top priority for the CBA. As a board member of the International Banking Federation, IBFed, I saw first-hand at our November 2022 meeting in Sydney how Australia was responding through a growing cross-sector public-private approach. Cybercriminals were exploiting the digital connectivity accelerated during the pandemic, stealing from individuals and laundering proceeds, often supporting organized crime, bad actor nation-states and terrorism.

In 2023, Canada was continuing to see an increase in fraud and scams, while Australia began reducing them through its cross-sector program. By early 2024, it was clear that we should apply those lessons in Canada. Two years ago, the CBA brought together some 50 public and private sector partners, including regulators, financial institutions, telecommunications providers, law enforcement and digital platforms to create the Canadian anti-scam coalition. The coalition coordinates education, awareness and prevention efforts, including the development of a national taxonomy, a fraud detection pilot, and the ongoing Stand Against Scams campaign.

While I'm here today as head of the CBA, I also continue to chair the coalition's steering committee, now housed in the Canadian Cyber Threat Exchange.

The CBA has also provided comments to Finance Canada in support of a national anti-fraud strategy. We support a federal cross-sector approach to strengthen consumer protection and reinforce trust in Canada's digital economy, starting with the financial services, telecommunications and digital platform sectors. These sectors intersect across the fraud life cycle, and the Canadian anti-fraud centre has found that over 85% of fraud dollar losses can be traced back to telecom or digital channels. Coordinated action across sectors, alongside responsible consumer behaviour, is critical to reduce fraud-related harm to Canadians.

In January 2025, I became chair of the IBFed and launched a task force to share international best practices on fraud and scams. In March, I led an IBFed delegation to the United Nations-Interpol Global Fraud Summit in Vienna. Key outcomes included a call to action for countries and a global public-private partnership framework for institutions. Thirty-seven member states, including Canada, have endorsed the call to action, and the CBA, IBFed, governments, digital platforms, NGOs and other organizations have endorsed the framework. This international work continues through pilot projects to strengthen fraud protections.

As Australia's experience and the recent future of financial information sharing research show, cross-sector information sharing is essential. Supported by strong governance and privacy protective guardrails, this voluntary and conditional information sharing will allow Canada to fight fraud across its full life cycle.

Public awareness and education are also critical to an effective national anti-fraud strategy. They support earlier detection, better decisions, prevention and improved reporting. We encourage the government to further support the coalition's multi-sector Stand Against Scams campaign. A whole-of-government strategy can help organizations contribute their expertise, but roles and mandates across this system must be clearly defined. Better coordination among Canadian law enforcement at all levels and with international partners will require a clearer intelligence-informed operating model.

We also believe the Canadian anti-fraud centre should remain Canada's primary hub for fraud reporting and intelligence aggregation. As I have noted, the financial crime environment is evolving quickly, and the AML-ATF regime must keep pace. That is why we support the government's creation of a financial crimes agency, the FCA, which promises to help Canada's fight against complex financial crime. As it develops, the CBA supports the FCA's becoming the national operational lead on combatting financial crime, with a coordinating and priority-setting role to help guide the AML regime's continued evolution into a more risk-based, fit-for-purpose framework.

In closing, the CBA appreciates the opportunity to contribute to the committee's study. Canada's banks know first-hand the financial and emotional toll that fraud takes on their clients. Banks invest heavily in fraud prevention, cybersecurity training and client awareness, but no single organization or sector can successfully stem this tide. If we work together across government and sectors collaboratively to solve this threat, together we can protect Canadians, Canadian businesses and the economy.

We look forward to your questions.

I'll try to come in five seconds under that.

Thank you, Mr. Chair and members of the committee, for the opportunity to appear before you today on behalf of the Canadian Telecommunications Association.

Our association is dedicated to building a better future for Canadians through connectivity. Our members include telecommunications service providers, equipment manufacturers and other organizations that invest in, build, maintain and operate Canada's world-class telecommunications networks.

Fraud is a serious issue. It causes financial harm, undermines confidence in digital services and affects Canadians in every region of this country. The telecommunications industry takes this challenge seriously. Our members invest significant resources in fraud prevention and work continually to identify emerging threats, strengthen network protections, support law enforcement investigations and help educate Canadians about scams.

Measures taken to help Canadians include blocking certain types of calls; caller ID spoofing prevention tools, like do-not-originate programs and the implementation of STIR/SHAKEN technology; call trace-back capabilities to help identify the origins of scam calls; network-level analytics to identify and flag suspicious communications; spam reporting systems; identity and account protections; and ongoing collaboration with law enforcement and government agencies.

At the same time, it's important to recognize that fraud is an ecosystem-wide challenge. Telecommunications networks are often the pathway through which fraudulent communications travel, but they are typically not where the scams originate, where the fraudulent content is created or where financial losses ultimately occur. Today's fraudsters frequently use digital platforms to originate, optimize, amplify and execute scams or use over-the-top messaging applications to communicate with their intended victims. While telecommunications networks are used to deliver these communications, telecoms service providers generally do not see the content of these communications.

To use a common analogy, while telecoms providers deliver the envelope, they do not read the mail.

Telecommunications providers are also subject to legal obligations that limit their ability to interfere with communications. Section 36 of the Telecommunications Act prohibits telecoms providers from independently blocking communications without specific authority provided by the CRTC. This restriction is a fundamental element of Canada's net neutrality framework and exists to ensure that anti-fraud measures do not inadvertently block lawful traffic or interfere with critical communications.

Some of the previously mentioned measures taken by our sector to combat fraud were possible only after careful scrutiny by the CRTC, and only after the commission was satisfied that such measures would be effective, were in the public interest and would not negatively impact the delivery of legitimate traffic.

As the government develops its national anti-fraud strategy, we think it should focus on the following four priorities.

First, strengthen coordination and information sharing across sectors. Fraud prevention is most effective when telecommunications providers, financial institutions, digital platforms, government agencies and law enforcement work together and share information.

Second, strengthen international co-operation. Many, if not most, fraud operations originate outside Canada's borders, making cross-border collaboration essential.

Third, expand public awareness and education. Most fraud ultimately relies on social engineering. Helping Canadians recognize scams remains one of the most effective tools available.

Fourth, ensure that any new anti-fraud measures under consideration complement existing regulatory frameworks and avoid unnecessary duplication. Building on existing authorities, expertise and industry-led initiatives will help ensure that resources are directed toward preventing fraud rather than navigating overlapping compliance obligations.

In closing, the telecommunications industry is committed to being part of the solution. Our members will continue investing in network protections, collaborating with partners across sectors and supporting efforts to protect Canadians from fraud. We look forward to working with the government, regulators, law enforcement and other stakeholders to develop a national anti-fraud strategy that is practical and effective and reflects the shared responsibility required to address this evolving threat.

Thank you. I'd be pleased to answer your questions.

Chair and members of the committee, thank you for the opportunity to appear before you today.

My name is Carey Frey, and I serve as the chief security officer at Telus.

With over 21 million telecoms connections, we take seriously our responsibility not only to connect Canadians but to protect them.

I want to begin with a simple statement of fact. Fraud is now a central feature of our economy. It is highly organized, international in scope and growing at a rate that no individual sector or government can contain on its own.

While Telus fights fraud daily, I want to offer a story that illustrates the type of fraud Canada is contending with today and say that the only model to fight it with is collaboration between industry, law enforcement and government.

Last November, Telus received a tip about a suspicious text message hitting phones in Toronto. These messages had links designed to impersonate legitimate payment websites. We launched an investigation and found nothing. There was no record of these messages anywhere in our network logs. That absence itself was a clue. We suspected we were dealing with an SMS blaster, which is a piece of complex telecommunications equipment that mimics a legitimate cell tower and floods nearby phones with fraudulent text messages. It's a portable cyber-threat used by criminals to cause chaos and defraud unsuspecting victims. We had never seen an SMS blaster deployed in Canada before.

Eventually, it became clear that someone was driving this device around Toronto, moving through communities and targeting thousands of phones at a time. Industry reached out to Toronto police to report the text messages and also reported the unauthorized airwave use to the Department of Innovation, Science and Economic Development, or ISED. These reports kicked off a five-month investigation called Project Lighthouse.

Thanks to the information-sharing efforts between industry and law enforcement, three individuals were arrested and now face 44 charges. In total, these individuals are responsible for more than 13 million network disruptions.

While the criminals' primary objective was to commit fraud, their technology also doubles as a new and destructive type of pre-positioned cyber-threat. These devices can disrupt 911 calls, cause network outages and be used to launch cyber-attacks against critical infrastructure from inside Canada's borders. They can even be used to install malicious software on nearby smartphones. These new tools of international fraud create threats to Canadians beyond financial losses. We must locate and disable these technologies rather than merely shield our citizens from their criminal application.

Project Lighthouse succeeded not because of a new law but through sustained collaboration across major financial institutions, Canada's telecoms, three police forces and several federal agencies. We prevailed because we established trust, information sharing and the willingness to act among all partners. This is the model Canada that should pursue.

Canada already has much of what it needs to fight fraud more effectively. The Canadian anti-fraud centre, sector regulators, law enforcement agencies and the private sector coalitions are there. What is missing is a central coordinating force that ensures that the best tools and intelligence reach the people who need them. That is a role only the federal government can play, and it should establish itself in that role before reaching for new powers.

Project Lighthouse taught us four lessons that Parliament can implement to combat fraud.

First, we need to strengthen co-operation across industry and government as well as globally to disrupt fraud rings that abuse our digital platforms. Trying to block individual frauds becomes an endless and futile game of whack-a-mole against international crime. Most digital fraud against Canadians operates abroad, making strong international collaboration essential to stop it. Within Canada, the federal government is best positioned to lead fraud prevention, disruption and response efforts across the public and private sectors.

Second, telecommunications companies could block more fraudulent traffic on our networks, but today liability risk constrains what we can do. Safe harbour laws protecting good-faith anti-fraud actions would help protect Canadians at no additional cost to taxpayers.

Third, provide law enforcement with the explicit mandate and necessary resources to effectively apprehend fraud perpetrators and dismantle their technical apparatus.

Fourth and finally, Parliament should look at existing policies and how they unintentionally assist fraud. For instance, the CRTC's customer confidentiality regulations restrict cross-industry information-sharing. Another example is the CRTC's device unlocking rules, which currently make it easier for criminals to defraud Canadians of their smartphones, leaving them with significant debt and damaged credit scores.

To conclude, Telus sees ongoing fraud against our customers—and, frankly, against all Canadians—every day. It is growing, but it is beatable if we act with coordination and urgency. Telus is ready to be a partner in that effort.

I look forward to your questions. Thank you.

The unfortunate reality is that telephone calls and SMS messages can be impersonated. That is due to limitations in the security of the telecommunications infrastructure that was developed decades and decades ago and that we still rely on, at its very fundamental layers, all around the world.

Our industry has developed many new, secure protocols to prevent impersonation. However, every country in the world has to adopt those. Countries that don't adopt them provide a safe haven for criminals to route calls and SMS messages from those jurisdictions, which we then have to process into Canadian networks. We block the vast majority of those—probably over 99% of scam and impersonation telephone calls and SMS messages—yet some are still able to get through at a significant enough volume that it sustains an industry for scams.

Yes. That's correct.

I don't see a recommendation to prevent that. It is a reality of the telecommunications infrastructure globally. Options we could look at are communicating in different ways or, as I mentioned in my testimony, revisiting greater international collaboration on this question and seeking to upgrade networks in other countries around the world and have them shut down older versions of telecommunications infrastructure, which is the vulnerability that is sustaining much of this activity.

It would, yes. My concern overall is that the example you cited, which is one I'm certainly familiar with, is in a small minority of what is causing fraud at a large scale if we look at the total financial losses in the country. While that would be an important aspect to continue to focus on, there are many other examples of abuse of our digital platforms, not just telecommunications infrastructure but also hyperscaler cloud platforms and the applications on our mobile phones that fraudsters are also using to perpetrate these scams.

It is a fact that even if we take away the vulnerable portions of our global telecommunications infrastructure, they will simply pivot their activities 100% onto the digital platforms. We have to be very mindful of being holistic in our strategy.

No, I think I'll just add to what Mr. Frey said. Some of the tools that telecommunications providers in Canada and elsewhere in the world have adopted have been to target those types of things. In fact, with the CRTC, they implemented the STIR/SHAKEN technology, which helps verify the identity of callers but doesn't verify the purpose of the call. However, as was mentioned, if that technology is not adopted in the jurisdiction where a call has originated, for example, it doesn't provide that function.

There are also other programs that carriers have brought in, like do-not-originate programs. For example, if a bank has 1-800 numbers that they do not use for outbound calls—they're just for people to call into customer service—they can register that with telecoms, so that if a call purports to be coming from that number, it is automatically blocked.

There are different things that companies are doing, but as noted, once you close one loophole, fraudsters go to other things. What we're seeing a lot is on social media platforms, digital platforms and those types of things.

There are multiple elements to the progress of the coalition. A key thing to note is that the coalition is voluntary. Probably one of our biggest accomplishments was the launch of our education awareness campaign in fall 2025, called Stand Against Scams. The call to action for Stand Against Scams is “Stop. Check. Talk.”

That is to try to help Canadians get greater skills to better protect themselves. The reality is, if you talk about one type of scam vector or style of scam, the bad actors, as these guys have been saying, will change their route of doing it, so we're trying to help Canadians get better skills.

Additionally, we have developed a taxonomy of information sharing so that we can see what telecoms, banks, digital platforms and law enforcement would need, and so that we can have one version of the truth when and if we set up an information-sharing exchange on a formalized basis.

Finally, we've had a great partnership with the telecommunications industry from the point of view of doing a pilot. One of the large telecoms and a couple of my members are doing a pilot on information sharing, where they've identified meta-information around bad actors doing scams. What's interesting about that is they may find, let's say, a phone number that's been used fraudulently in a telecom, and then discover it's been used with a fake identity at a bank. Then they've been able to figure out that, okay, that person must be using that as a mule account. Then we can pause the account and that kind of stuff.

That pilot has been really quite interesting. We're leveraging the backbone of the telecom industry to facilitate securely sharing that information. It's not a sustainable solution. It's not automated. However, when the pilot participants compare the information, the networking effect of having multiple parties is quite significant. We're hoping to build upon that now that we have the taxonomy, and to move forward on information exchange on a more formal basis.

I think a critical element will then also be adding in the digital platforms from an information-exchanging perspective. The digital platforms have been members of the coalition since the beginning and have been key contributors to education awareness, including programs like Meta is doing now with the World Cup to try to stop people from being scammed. A special part of our campaign is around that.

We've really welcomed that investment from all sectors in the education awareness campaign, but I'd say there's more to do. That's why the opportunity to be at this committee and participate in this study is welcome.

Australia has reduced scams by 30% over the last three years. Our reported scam volumes have increased 32%. Since 2022, we're up 32%; they're down 30%. They're the only country that, over the last three years, has reduced scams. They've done that through a cross-sector program that is government-led. That has brought not just the sectors together, but also law enforcement and justice, through Crown attorneys and that sort of thing. There's a whole coordinated, integrated approach. That's done an amazing job of protecting Australian citizens. We'd like to do the same in Canada.

Very much so. If you think about financial crimes, scams and fraud are a subset of financial crime. The financial crime is connected to cybercrime. It's connected to money laundering. Of the people who are perpetrating these scams and fraud, 60% to 70% are outside the country. They need to get the money out. They're laundering the money. One of the easiest ways to do that is through crypto channels.

Most of the use cases for crypto are for financial crime of some form or other. That's why we need a financial crimes agency. Other large countries have them, such as Italy, the U.S. and the U.K. What we need is an agency that can coordinate with those agencies, if we think about the risks that are involved here. That would better enable us to disrupt these bad actors. We may not be able to take to jail the ones who are overseas, but if we can coordinate across countries and stop them from victimizing our citizens and businesses, then we're better able to protect them.