Crypto services under the supervision of the Bank of Canada: where is the line between innovation and payment activity? | Manimama

Get a free consultation

After filling out the form, we will help you choose a company, licence, account, and legal support. Leave a contact for communication.

We do not share your data with third parties

Crypto services under the supervision of the Bank of Canada: where is the line between innovation and payment activity?

light

​In a previous article, we discussed the updated MSB authorization process. After obtaining it, many cryptocurrency clients ask whether they should also apply to the Bank of Canada for a PSP (Payment Service Provider) licence.

The Bank of Canada has published examples clarifying when a PSP application is required.

This article reviews those cases to highlight which activities require a Bank of Canada application and which fall outside RPAA requirements.

The Bank of Canada’s case studies guide crypto businesses, exchanges, and fintechs in operating within the legal framework by showing when crypto activity becomes a regulated payment service. This helps companies avoid compliance pitfalls.

Crypto-to-Crypto Exchange Without Fiat

Let’s start with a simple example. Company A runs a platform that allows users to exchange one cryptocurrency for another — and nothing more. Each client goes through the standard KYC process, creates an account, and receives a wallet where they can store their digital assets. Importantly, this wallet is strictly for cryptocurrencies only: the company doesn’t handle Canadian dollars, foreign currencies, or any other fiat instruments.

When users decide to trade, they place an order — for example, to buy Bitcoin with Ether or vice versa. Once another user accepts the offer, Company A records the trade internally and adjusts the balances in both wallets accordingly. The process looks and feels similar to a financial transaction, but there’s a key distinction: no fiat money ever moves.

That difference is crucial. The Bank of Canada finds that, despite Company A’s payment-like actions, these are not EFTs under the RPAA, as all transactions remain within cryptocurrency—no fiat, foreign currency, or “prescribed units” are involved.

Therefore, Company A’s activities don’t qualify as retail payment activities, and PSP registration is not required.

If your company only conducts crypto-to-crypto transactions, PSP registration likely isn’t required. However, firms must still comply with MSB, AML/KYC, and crypto custody obligations.

When Crypto Meets Fiat, and the Line Blurs

Now the picture becomes more complex. Company B, unlike the purely crypto-focused Company A, operates as a centralized exchange that handles both cryptocurrencies and fiat money — specifically Canadian dollars and foreign currencies.

Clients of Company B can buy and sell cryptocurrencies directly using fiat currency. However, the platform does not allow users to transfer Canadian dollars or other currencies between accounts. In essence, it’s an exchange environment, not a payment system. Moreover, because Company B allows clients to trade crypto without immediate delivery of assets to external wallets, its activities may also fall under provincial or territorial securities legislation, adding another layer of regulation.

Just like in the first case, customers must pass KYC verification and create an account. But here, their wallet can hold both cryptocurrencies and fiat balances. To fund the account, the client transfers money to Company B’s bank account, where customer funds are pooled together, and the company updates its internal ledger to credit the customer’s wallet with the corresponding CAD or foreign currency amount.

When a user decides to buy cryptocurrency, they log in, choose the amount and price in fiat, and Company B checks the balance, authorizes the trade, debits the fiat wallet, and credits the crypto wallet. From a technical perspective, this process involves several payment functions, including providing and maintaining accounts, holding client funds, initiating and authorizing electronic funds transfers (EFTs), and processing related instructions.

However, the Bank of Canada states these payment functions only support buying and selling cryptocurrency—not standalone payment services. Company B does not generate revenue or market itself as a PSP; therefore, customers view it as an exchange only.

For this reason, the Bank concludes that these activities are incidental to its core business and are therefore excluded from PSP registration requirements under the Retail Payment Activities Act (RPAA). The regulator also notes that certain statutory exclusions — such as paragraph 6(b) of the RPAA, which covers prescribed securities-related transactions or eligible financial contracts — further support this conclusion.

When Crypto Steps Into the Payment System

The third example takes us beyond exchanges and into the world where crypto meets traditional payments head-on. Company C, a virtual currency exchange, has introduced an open-loop prepaid card backed by cryptocurrencies. To make this work, the company sets up and maintains payment accounts for its users, while its banking partner, Bank Z, issues the prepaid cards directly linked to those accounts.

Here’s how it functions in practice. When a user makes a purchase with their prepaid card, the payment authorization request flows through the card network to Company C. The company verifies that the purchase amount doesn’t exceed the current fiat value of the cryptocurrencies held in the customer’s wallet and, if the balance is sufficient, authorizes the transaction. Company C then adjusts its internal ledger — debiting the user’s crypto account and crediting its own — and instructs Bank Z to debit its own bank account and release the corresponding funds to the cardholder.

Unlike previous examples, the Bank of Canada notes that Company C’s payment functions are not incidental. The card program has its own revenue stream, is marketed as a payment service, and allows spending in Canadian or foreign currencies, classifying it as a payment product.

For that reason, Company C’s prepaid card business does fall under the Retail Payment Activities Act (RPAA). The exclusions found in paragraph 6(b) of the RPAA — which cover transactions linked to securities or eligible financial contracts (meaning certain financial instruments defined in law) — do not apply here. Payments made with these cards are ordinary retail transactions, not derivatives or securities purchases.

When Everything Stays in Cash

Finally, we reach the most traditional scenario — one that predates both fintech and crypto. Company D is a retail business in Canada offering in-person currency exchange services. Customers walk into its office with cash in hand, request an exchange between Canadian dollars and foreign currencies, and the transaction is completed on the spot.

The process is straightforward: Company D quotes an exchange rate, the customer provides cash, and receives cash back in another currency. No accounts are created, no transfers are initiated, and no electronic systems move funds. In other words, there’s no electronic funds transfer (EFT) at any stage of the operation.

Since all transactions occur in physical cash, Company D performs no payment functions within the meaning of the Retail Payment Activities Act (RPAA). Provided the company doesn’t engage in any other form of electronic payment activity, it is not considered a Payment Service Provider (PSP) and does not need to register with the Bank of Canada.

In essence, Company D represents the clear end of the regulatory spectrum: purely physical, cash-based exchanges remain outside RPAA oversight, even if they involve foreign currencies.

Drawing from these case studies, the regulatory threshold becomes clear: not every company interacting with cryptocurrencies is performing a ‘payment service’ under the Retail Payment Activities Act (RPAA).

When transactions occur entirely within the crypto ecosystem (as with Company A), or when payment-like actions merely support crypto trading (Company B), the activity generally falls outside the PSP registration framework. However, once a company begins to integrate cryptocurrency into real-world payment instruments, such as prepaid cards (Company C), it enters the regulatory perimeter and becomes subject to Bank of Canada oversight. At the other extreme, cash-only exchanges (Company D) remain completely untouched by the RPAA, as no electronic transfers occur.

For businesses operating in Canada’s rapidly evolving digital-asset sector, these distinctions aren’t academic—they define whether you must register as a Payment Service Provider, design new compliance frameworks, and maintain ongoing regulatory reporting. In practice, the message is straightforward: the closer your crypto service resembles a traditional currency, the more likely it is to be regulated as such.

If your company operates with digital assets or payment instruments and you’re unsure whether your activities fall under the Retail Payment Activities Act, our team at Manimama will assist you in making that determination. We provide comprehensive legal and compliance consultations, assess your specific business model, and guide you through the PSP registration process or confirm that it’s not required in your case.

The content of this article is intended to provide a general guide to the subject matter, not to be considered as a legal consultation.

Tags

Chat

Ready to create your future?
Let's begin

Share your vision. We'll create a legal framework tailored to bring it to life

Payment services

Payment services

Crypto licenses

Tokenization

MiCa regulation

Company formation

Send Request
send
Telegram send
Your global legal partner
for crypto & fintech success

Connect with our experts

By clicking the button, I confirm that I have read the privacy policy and consent to the collection and processing of my personal data in accordance with the GDPR rules.