Evidence of meeting #44 for Industry and Technology in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was institutions.

A recording is available from Parliament.

On the agenda

Members speaking

Before the committee

Corrigall-Brown  General Counsel, British Columbia Securities Commission
Paterson  Chief Executive Officer, Plurilock Security Inc.
Pinto  Chief Delivery Officer, Payments Canada
Lynam  Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police
Quinn  President, Canadian Association of Retired Persons
Smith  Vice-President, Risk and Decision Science, Wealthsimple

11 a.m.

Liberal

The Chair Liberal Ben Carr

Good morning, colleagues. We're going to get going here. I'm asking staff and others who are engaged in conversations to keep the noise level down, please.

Colleagues, we're continuing our study on fraud. This is now the third meeting that we have had on this topic here at the industry committee.

Witnesses in the room, I will remind you that if your earpiece is plugged in but not on your ear, to please ensure that it's on the sticker in front of you to protect the health and well-being of our interpreters.

I can also confirm that we've completed all the visual and audio tests.

We have two witnesses joining us virtually today in addition to one in the room. From the British Columbia Securities Commission, we have Sarah Corrigall-Brown, general counsel.

I do understand, Ms. Corrigall-Brown, that in the wee hours of the British Columbia morning, you were very accommodating of the necessity for us to get all of our tests done, so we want to thank you off the top for your co-operation in that regard.

From Payments Canada, we have Jude Pinto, chief delivery officer, who is here in the room with us today, and from Plurilock Security, we have Ian Paterson, chief executive officer.

Witnesses, you'll each have up to five minutes for introductory remarks, at which point we will turn to colleagues around the table for questions and answers.

With that, Ms. Corrigall-Brown, I will turn the floor over to you for up to five minutes for your introductory remarks.

Sarah Corrigall-Brown General Counsel, British Columbia Securities Commission

Dear Chair and members of the committee, thank you very much for the invitation to be with you and to contribute to your important study regarding financial fraud and scams in Canada.

My name is Sarah Corrigall-Brown. I'm the general counsel of the B.C. Securities Commission. I'm joining you virtually today from Vancouver.

The scourge of financial fraud has been around for a long time, but in the past decade and especially since the pandemic, it has spread and intensified like a mutated virus that is many times more contagious and virulent than ever before. We are very pleased to see the actions the federal government is taking to address fraud, including the government's intention to launch a new financial crimes agency.

The B.C. Securities Commission and Canada's securities regulators, which keep watch over the country's investment markets and contribute to the integrity of Canada's financial system, have been on the front lines of this battle. Securities regulators have a mandate to protect investors from fraudulent, manipulative and misleading practices. We see the exponential growth of financial fraud as one of the greatest threats to investors today.

Prevention and detection of fraud is essential, but combatting fraud also requires strong and effective enforcement. Today, I want to talk to you about one aspect of Canadian law that is undermining our enforcement efforts.

When fraudsters are located in Canada, securities regulators like the BCSC take formal action through administrative tribunal proceedings. These tribunals, which are composed of recognized experts in securities law and bound by rules of procedural fairness, have the power to exclude lawbreakers from the investment market and to impose financial penalties on them. Those penalties sometimes reach into the millions. They are key to deterring further misconduct by the lawbreakers themselves, but they also deter misconduct by others who might be tempted to defraud unsuspecting investors. For those penalties to have deterrent power, however, it is not enough for our tribunals to hand down legal orders. We need to be able to collect sanctions; otherwise, they are penalties in name only.

There are many obstacles that lawbreakers can exploit to block our collection efforts. One of them is a federal law, which is the Bankruptcy and Insolvency Act, or the BIA. The BIA is designed to enable the financial rehabilitation of honest but unfortunate debtors and give them a fresh start by releasing them from their debts upon discharge from bankruptcy. The BIA does this well, and Canada's securities regulators wholeheartedly support that objective.

However, the BIA treats the penalties imposed by securities regulators for egregious misconduct the same as consumer debt. This means people who have been penalized for significant market misconduct can have their penalties erased through the bankruptcy process. These are people whose debts result from their own predatory behaviour toward other Canadians and who are seeking to avoid paying those debts. When they do this, it undermines Canadian securities regulators' efforts to enforce the law and protect investors from fraud.

To pick one example from Alberta, Saileshwar Narayan admitted to committing fraud in mortgage financial schemes in which investors lost $4 million. One month after the Alberta Securities Commission ordered him to pay a $300,000 administrative penalty, he entered bankruptcy and was discharged from bankruptcy 10 months later. The penalty was erased, and the ASC collected only $6,300 toward Narayan's debt.

We believe examples like this undermine confidence in the ability of the Canadian regulatory regime to hold fraudsters accountable for their actions. This undermines the foundation of honesty and fairness that we all expect of Canada's markets. We also believe they fly in the face of the federal government's laudable crackdown on financial crime. There is, however, a fix.

The BIA has a list of debts that Parliament has decided should not be extinguished in a bankruptcy. We and all other Canadian securities regulators ask that Parliament add to this list the financial sanctions imposed by Canadian securities regulators for the most egregious types of market misconduct: fraud, market manipulation and misrepresentation.

We have spoken about this request with ISED officials and have made submissions to the House finance committee and the Department of Finance. The Government of B.C. and all securities regulators across Canada support this request. It is also supported by a range of organizations, including the investor advocacy group FAIR Canada, the Consumers Council of Canada, CFA Societies Canada and the Canadian Association of Retired Persons.

Making this change to the BIA would have no impact on the honest but unfortunate debtors that the BIA aims to serve, and it would impose no additional burden on the bankruptcy courts that ably carry out the BIA's crucial mission. It would reconcile provincial securities law and federal bankruptcy law that, in this particular respect, are working at cross-purposes.

It would also serve a more practical imperative. As Canada seeks to become as economically competitive and resilient as possible, we must ensure that our market is seen as honest and fair, and therefore a safe place to invest. A crucial component of that effort is strong and effective enforcement to hold individuals accountable when they harm our market through fraud, market manipulation and misrepresentation.

I ask that you consider our proposed amendment to the BIA as a meaningful way to support strong enforcement and enhance the fight against financial fraud in Canada.

Thank you again for your time today. I welcome any questions.

The Chair Liberal Ben Carr

Thank you very much.

I'm going to turn the floor now to you, Mr. Paterson. You have up to five minutes for your introductory remarks, sir.

Ian Paterson Chief Executive Officer, Plurilock Security Inc.

Thank you, Chair and members of the committee, for the invitation.

My name is Ian L. Paterson. I'm the CEO of Plurilock, a Canadian cybersecurity company. For 10 years, I've built and patented systems that verify who people are and delivered cybersecurity for government agencies and businesses. I'm here as an operator with a practical view of why fraud works and what would slow it down.

I'll offer three recommendations to combat the fraud that's hurting everyday Canadians, but first I'll start with a story.

A grandfather gets a phone call. He hears his grandson's voice: He's been in a car accident and needs money right now. The grandfather drives to the bank, gets the funds and hands a money order to a stranger who showed up in person to collect it. Only later, when the family compared notes, did the truth come out. The grandson was fine. The voice was a deepfake. It was a fraud.

That's one story. I have many, as I think most Canadians do.

Canadians reported $704 million in losses to the anti-fraud centre in 2025, which was the worst year on record. The RCMP estimates that only 5% to 10% of fraud ever gets reported, which means the real cost to the Canadian economy runs into the billions.

What do we do? In cybersecurity, we talk about prevention as “left of boom” and response as “right of boom”.

First, on left of boom, prevention comes down to identity.

Fraud works because we still verify people with things that are easy to fake: phone numbers, text messages, passwords and, now, voices. Back in 2019, I wrote in The Globe and Mail that my video game provider had better security than my bank. Seven years later, not much has changed, and deepfakes and voice cloning are letting bad guys automate and scale their attacks.

The fix is stronger identity that everyday Canadians can trust. When your telco, your bank or your government reaches out, it should come over a channel that can't easily be spoofed, like a push notification from a smart phone app. When you sign into a service, it should be with credentials that can't easily be phished, like pass-keys, which no one could read over the phone to a criminal. When it's human to human, the answer is resilience. Criminals can fake a phone number and a familiar voice, so hang up, call back a number you know and ask about shared context like, “What did Aunt Bertha bring to Christmas dinner last year?”

Cheap habits beat expensive technology. That grandfather in the story wasn't careless. He did what all of us were taught to do: trust the voice on the line. That's what has to change, and it's fixable.

Government should go first. Every Canadian knows about the fake CRA calls. If the CRA and agencies like it used channels that can't easily be spoofed, they'd end one of the most common scams in the country and set the standard for everyone else.

Second, on right of boom, response comes down to coordination.

When the victim, the bank, the phone company and the criminal sit in different jurisdictions, the first question is always, who owns the file? Our police officers are some of the most mission-driven people I know, but too often the local police agency that ends up with the file doesn't have the training, tools or mandate to chase this kind of crime, and that police detachment has to weigh a $5,000 scam against an armed robbery down the street. The criminals count on that weakness and exploit it.

We have a start with the national cybercrime coordination centre, but its role is to support. The investigating still falls to individual officers. Canada needs a national response that leads these cases, not just supports them: one that cuts across jurisdictional boundaries and brings banks and telecoms to the table with privacy built in and a mandate to chase these crimes whatever the dollar amount.

Third, Canada cannot tackle these issues on its own. Some of the biggest operations originate outside the country. In the Indo-Pacific, scam compounds run at industrial scale, often staffed by trafficked workers targeting Canadians. We need to invest more in international assistance to help dismantle these networks at the source, before they reach Canadians.

Fraud is an identity problem, a coordination problem and a test of our resilience. Every day, Canadians are being electronically mugged by criminals who've turned this into an industry, one that runs on the seams in our system. Those seams are ours to close.

Thank you. I look forward to your questions.

The Chair Liberal Ben Carr

Thank you, Mr. Paterson.

Mr. Pinto, I'll turn the floor over to you now, sir, for up to five minutes.

Jude Pinto Chief Delivery Officer, Payments Canada

Thank you, Mr. Chair, and thank you all for the invitation to appear today.

As Payments Canada's chief delivery officer, I lead large-scale delivery programs, including Canada's real-time rail and its central fraud services. I have over 35 years of experience in transforming financial technology and operations.

Payments Canada owns and operates the critical national payments infrastructure—the systems, rules and standards that help keep Canada's economy moving. Established by the Canadian Payments Act, we are a national public-purpose organization that operates on a non-profit basis. Our board of directors is majority-independent, and the Minister of Finance is responsible for our enabling legislation.

Our systems, which are overseen by the Bank of Canada, include Lynx, Canada's high-value payment system, used by participants to clear and settle primarily wire payments and large-value payments; the automated clearing settlement system, ACSS, which clears and settles retail batch payments, like direct deposits and debits; and Canada's forthcoming real-time rail, which I will speak to in a moment.

In 2025, our system safely cleared and settled $103 trillion among institutions. Our vision is to enable prosperity, productivity and safety for Canada through trusted, world-class payments. Our legislated public policy objectives are to promote the efficiency, safety and soundness of our systems.

Our perspective on fraud requires a clarification on the unique role we play. Payments Canada's systems, rules and standards allow our system participants, including financial institutions, payment service providers and credit unions, to move funds safely between one another. We do not hold, have visibility to or manage any individual customer bank accounts, nor do we see any private data. However, as fraud threats evolve, we all have a role.

Our own research reinforces the rate at which fraud threats are growing. These threats are not evenly distributed across Canada's demographics, often targeting Canada's most vulnerable.

Fraud arises through multiple channels, sectors and parties. There's no single solution nor institution that can solve it in isolation. This is why Payments Canada strongly supports the Government of Canada's establishment of the financial crimes agency and its commitment to develop a national anti-fraud strategy.

Our consultation submission on that strategy emphasizes the need for purpose-driven data sharing across sectors; coordinated regulation and oversight to ensure fair, predictable outcomes across industries; and strengthened, collaborative consumer education.

Payments Canada is also an active member of the Canadian anti-scam coalition.

Our biggest contribution to the fight against fraud, and a centrepiece of Canada's payment infrastructure innovation, is Canada's real-time rail, or RTR, which is launching in Q4 of this year with centralized fraud services. Combined with broader access to our membership and systems, the RTR will enable competition, innovation, economic growth and financial inclusion by delivering instant, irrevocable payments, 24-7 availability and data-rich ISO 20022 messaging.

We have benefited from extensive engagement and learnings from other jurisdictions that have found that while new risks emerge, real-time transactions can be safe transactions.

No payment type is immune to fraud. That's why Canada will be the first to launch its national real-time payment system with mandatory fraud mitigation on day one.

These four requirements are, one, real-time fraud transaction scoring with network-level insights to inform fraud management and payment decisioning; two, a centralized intelligence platform that provides national reporting with aggregated fraud insights; three, a shared and centrally managed risk list to track and flag attributes of those involved in confirmed fraud; and, four, confirmation of payee capability, allowing individuals to verify the account identity of the recipient.

The RTR's use of the ISO 20022 messaging standard will unlock powerful new analytics, allowing participants to better track and disrupt complex fraud patterns. Further, the RTR is designed to facilitate compliance with anti-money laundering requirements for cross-border indicators.

Modernizing Canada's payment infrastructure is a nation-building exercise. Payments Canada is fully committed to supporting collaborative efforts to safeguard Canadians in this pivotal era for payments.

Thank you, and I look forward to your questions.

The Chair Liberal Ben Carr

Thank you very much, Mr. Pinto.

Colleagues, we will now turn to our round of questions.

Mr. Falk, the floor is yours for six minutes, sir.

11:15 a.m.

Conservative

Ted Falk Conservative Provencher, MB

Thank you very much, Mr. Chair.

Thank you to all of our witnesses for their testimony here.

Mr. Pinto, I would like to begin my questions with you. Your organization, Payments Canada, primarily deals with transactions between institutions.

11:15 a.m.

Chief Delivery Officer, Payments Canada

Jude Pinto

That's correct.

11:15 a.m.

Conservative

Ted Falk Conservative Provencher, MB

At what end of the transaction do you typically find instances of fraud?

11:15 a.m.

Chief Delivery Officer, Payments Canada

Jude Pinto

That's a great question.

If a transaction is split between the exchange of values between end consumers and businesses, that part we don't typically get involved in. Historically, the settlement between the sender and the receiving institution or bank is the part that we clear through Bank of Canada settlement accounts. That mix of exchange, clearing and settlement through Bank of Canada accounts with RTR actually gets combined; all three of those steps start happening in a subsecond transaction.

That's why it was important.... With regard to RTR, it's the first time we have purview into some of the origin of where fraud occurs. The discussions we've been hearing so far are generally at the exchange level.

11:15 a.m.

Conservative

Ted Falk Conservative Provencher, MB

You're very excited about RTR coming on later this year, and you believe that's going to assist you in minimizing and reporting real-time scams and fraud.

11:15 a.m.

Chief Delivery Officer, Payments Canada

11:15 a.m.

Conservative

Ted Falk Conservative Provencher, MB

Is there anything that can be done between now and then to mitigate some of the fraud that's happening in the system today?

11:20 a.m.

Chief Delivery Officer, Payments Canada

Jude Pinto

The answer globally is yes. From Payments Canada's purview, we currently operate Lynx and ACSS, and we're one quarter away from launching our first foray into fraud and the exchange layer of payments. That might be more the purview of the banks and institutions that are currently involved in the exchange of transactions today, versus Payments Canada, which is involved in the settlement.

11:20 a.m.

Conservative

Ted Falk Conservative Provencher, MB

Are you involved in all the settlements in Canada?

11:20 a.m.

Chief Delivery Officer, Payments Canada

11:20 a.m.

Conservative

Ted Falk Conservative Provencher, MB

Your organization participates—

11:20 a.m.

Chief Delivery Officer, Payments Canada

Jude Pinto

In fiat currency...?

11:20 a.m.

Conservative

Ted Falk Conservative Provencher, MB

Yes.

11:20 a.m.

Chief Delivery Officer, Payments Canada

11:20 a.m.

Conservative

Ted Falk Conservative Provencher, MB

Thank you for clarifying that.

Mr. Paterson, I'd also like to ask you some questions.

In your story of the grandfather being scammed.... At a previous committee meeting, we had testimony from Meta here. One of the questions we posed to Meta was on its level of accountability as the one providing the conduit or the medium through which scamming is happening. What degree of responsibility do you think the mediums should hold?

11:20 a.m.

Chief Executive Officer, Plurilock Security Inc.

Ian Paterson

When we're talking about fraud prevention, this is really a societal-level resiliency exercise that we have to go through. Certainly, technology platforms—be they social media platforms, banks, telcos, etc.—can all play a role. I don't think there's any one platform or any one provider that stands out to me as a bigger issue than the others.

The larger aspect to this problem is that there are certain habits, customs and practices that we, across society, have adopted, whether implicitly or explicitly. These are things like logging in with a password, trusting that a phone call that you get is coming from an authorized person and believing that the voice you hear belongs to that person. Those are actually the root causes of how some of this fraud is perpetrated. Those are the things I believe we need to address.

11:20 a.m.

Conservative

Ted Falk Conservative Provencher, MB

Some of the information that we had here at committee was that two-thirds of scams happen on Meta platforms. You don't believe that Meta has a responsibility in this aspect.

11:20 a.m.

Chief Executive Officer, Plurilock Security Inc.

Ian Paterson

All technology platforms have a responsibility, but I would also say that email and SMS messages carry a large chunk of scams as well. The reality, certainly from what I have seen over my career over the last 10 years, is that bad guys will adopt whatever is being used. If Meta is the most popular platform, that's where they're going to go, absolutely. If WhatsApp becomes the dominant communication platform, I fully believe that will become the number one platform they use.

I don't think it's any one company's responsibility. I do genuinely believe we can all play a leadership role in increasing the resiliency across society.