Canada is clearing the path for open banking, also known as Consumer-Driven Banking.

We expect the federal government’s upcoming budget will clarify outstanding framework elements, introduce legislative amendments, and firmly establish Canada on the path to Consumer-Driven Banking.

Once open banking is in full swing, we'll see benefits like improved ease of banking, customer autonomy, and new ways to drive economic growth. But we also predict a larger, looming set of risks that banks can’t afford to leave unaddressed. Data privacy, customer relationships, and institutional reputation are all at stake without the right preparation.

And this is true for all financial institutions. Canada’s largest financial institutions are close, but all financial institutions must consider the full extent of the preparation required:  

Deloitte’s banking leaders have weighed in on the potential outcomes of the federal government’s latest movements on open banking.

Here are five new realities we see for banks in this new era:

1. Trust will be significantly more difficult to achieve

Open banking has the potential to balloon the banking ecosystem over time: it introduces new partners to the mix, and sets the stage for them to conduct financial activities for customers with their express consent as seen in other jurisdictions.  

Which begs the question:

Do you trust your banking counterparts? Although they must meet consistent standards to participate in open banking, there is still an opportunity for risk in the chain.

With everything connected, banks cannot look at every player equally in the ecosystem because their fraud management practices, data security processes, and history of fraud incidents are not equal.

They’ll need measures to assess risk across different kinds of transactions and other institutions.

In the same vein: do your customers trust you?

Cross-branch and cross-institutional data sharing will make customer banking more convenient. But they need to feel secure in sharing their data.

Any incident or data breach will leave lasting impressions; and incidents are almost as bad as radio silence. Banks must keep conversations open with their customers, regularly ask for feedback, and share education around financial crime.

Fraud is already underreported in Canada (only 10%, or $646 million, according to the Anti-Fraud Centre).¹ Global banking fraud figures are estimated to surpass $45 billion in 2025, with an average cost of $4.3 million per incident.²

2. The onus has never been greater on banks to protect their customers.

Financial institutions have always had an obligation to protect their customers and detect suspicious activity.

Over the years, Canadian regulators have stepped up their efforts to improve the overall safety, reliability and protection of the payment ecosystem. They have done this through initiatives like Bank of Canada’s Retail Payment Activities Act for payments service providers (PSPs) and the Office of the Superintendent of Financial Institution’s (OSFI’s) B-10 Guideline for external parties.

But with upcoming legislative changes in the Banking Act, this obligation will become even more pronounced:

“As a first step, the government will introduce legislative amendments requiring banks to have policies to prevent and address fraud, while giving consumers more control over their bank accounts.”³

The government is putting the onus on financial institutions to take responsibility for their customers’ data and privacy in an era where customers will be able to direct their banks to share their data with third parties.

Why? Because the open banking era has significantly broadened the universe of risk. We predict that upcoming legislative changes will require further upgraded protocols on security, data privacy, and fraud management to enable different types of API requests to minimize risk while enabling innovation.  

Fraudulent activity in financial services rose by 21% from 2024 to 2025, driven by AI-powered scams and synthetic identities targeting open banking channels and digital accounts.⁴

3. Banks need to adopt a more comprehensive perception of risk

Banking leaders may use probabilities to justify an investment (or lack of investment). For example, it might cost $1 million to address a risk with a perceived low probability.

Is the trade-off worth it? Previous schools of thought might assume it isn’t. This is a conversation that happens daily in the boardroom, and the answer isn’t always clear. But what is clear with open banking is that it’s time to re-evaluate the trade-off question and calculations. The reality is that banks can’t afford to not be proactive when the risks have multiplied.  

4. Banks will have access to abundant new data to beef up their security

Open banking will give fraudsters more entry points to information and new ways to perpetuate fraud. But it’ll also give financial institutions abundantly more access to customer, transactional, and behavioural data to inform their security protocols and fraud alerts.

New data access will allow banks to consistently analyze transactions and customer patterns to quickly identify anomalies.

But to make the most of this data, banks need to level up their tech to work for them. This might include leveraging AI to identify suspicious patterns, or investing in data analytics platforms to aggregate insights.

5. Cross-organizational partnerships are the new line of defence

Cross-sector and cross-organizational data sharing can prevent millions in fraud losses. This opportunity calls on financial institutions to engage each other, and cross-organizationally with telecom companies, data platforms, law enforcement, regulators, and fintechs through formal partnerships, joint investigations and structured intelligence sharing.

We can look to the Canadian Anti-Scam Coalition for an example of collaboration to improve security.⁵ About 50 organizations currently participate in an anti-scam alliance to collaborate and reduce the threats of fraud.

If a fraud event occurs and one institution has identified it, there needs to be a mechanism to alert other organizations to quickly address it, and prevent it from spreading and repeating.

We’re advising our clients to collaborate across financial institutions and other organizations to develop joint protocols, implement rapid communication systems, and contribute to shared threat intelligence databases.

How Deloitte can help

Deloitte has a network of specialists with deep, intimate knowledge of all the fields intersecting in the open banking era: fraud and anti-money laundering (AML), digital transformation, data analytics, and banking.

We’re your trusted advisors, helping you navigate every intricacy during these new shifts in the sector.

We help financial institutions assess their organization’s readiness across people, processes, and technologies, while pinpointing gaps in their security framework.

Beyond this assessment, we guide clients through a structured action that may include:

• Documenting and designing new security processes
• Identifying and onboarding new talent
• Procuring and integrating new technologies
• Aligning frameworks with the new reality of risk

Secure your organization in the open banking era

Open banking has put a new microscope on trust, responsibility, and risk in the banking world. Bottom line? You can’t enjoy the benefits of open banking without protecting your organization (and your customers) from the new risks that come with it.

Ready to secure your institution? Connect with a Deloitte leader today to thrive in the open banking era.