All in One Finance Inc., a Canadian-based payment service provider, holds end-user funds in accordance with subsection 20(1) of the Retail Payment Activities Act (Canada) and the Retail Payment Activities Regulations (SOR/2023-229).
We ensure that accounts in which end-user funds are held are maintained with financial institutions subject to regulatory regimes that impose prudential and supervisory standards comparable to those applicable to Canadian financial institutions in respect of capital, liquidity, governance, supervision, and risk management.
End-user funds are safeguarded through segregation in designated safeguarding accounts and/or through insurance or guarantee arrangements in accordance with section 14 of the Regulations.
Below is a concise and actionable summary of the measures implemented to ensure that funds are safeguarded in line with the following objectives:
End-users will have reliable access without delay; in an insolvency event, funds or insurance proceeds must be paid to end-users as soon as feasible.
Below, we describe the legal requirements, measures implemented, and the governance arrangements and records maintained in accordance with the Retail Payment Activities Act (Canada).
Safeguarding Framework under the Retail Payment Activities Act and Regulations
The safeguarding framework has been established to meet the requirements of section 15 of the Regulations as outlined below:
1. Maintain a daily ledger identifying each end-user, including name, contact information, and the amount held for their benefit at the end of each day.
(Section 15(2)(b))
2. The following operational controls are implemented:
3. Insolvency readiness is established to ensure that an insolvency administrator or trustee, and any insurer, can access records, contact end-users promptly, identify and resolve ledger shortfalls, and return funds in accordance with documented procedures.
(Section 15(2)(c))
4. Senior officer is appointed to oversee safeguarding practices, ensuring compliance with sections 13 to 17 of these Regulations and subsection 20(1) of the Act.
(Section 15(4))
5. Formal approvals are in place: senior officer sign-off and board approval at least annually and after material changes.
(Section 15(5))
6. Review the framework at least annually and on specified triggers (account changes, insurance changes, changes to safeguarding method). Keep review records.
(Section 15(6))
7. An independent review is conducted at least once every three years by a qualified external auditor, in accordance with regulatory expectations.
8. Core Documentation Maintained:
- Insolvency playbook - access instructions for insolvency admin/insurer, communication templates to end-users, responsibilities matrix.
- Reporting trail - evidence of Bank notification, board meeting minutes, senior officer sign-offs.
Incident Management and Response Procedures
1. Detection of an incident (daily reconciliation, automated alert or audit).
2. Immediate escalation to the senior officer and risk management function.
3. Isolate cause (commingling, reconciliation error, insurer coverage gap, fraud).
4. Investigate & document root cause (section 16 of the Regulations requires immediate investigation).
5. Remediate — return funds where needed, draw on liquidity buffer, invoke insurer if applicable.
6. Report findings and measures to senior officer; update framework & controls.
7. Log & follow up until corrective measures are validated and closed. Maintain the incident record.
8. Use of reconciliation and control tools to identify any errors or deficiencies in the payment service provider’s ledger of end-user funds and address any shortfall in the funds to be returned to each end-user
9. Reconciliations: performed daily (operational control)
- Framework review: conducted at least annually (regulatory requirement)
- Approval by senior officer and board: at least annually and following any material change.
The following describes how we meet the safeguarding requirements for end-user funds under the Retail Payment Activities Regulations (SOR/2023-229)
The insurance/guarantee contracts state that proceeds are for the benefit of end-users and do not form part of our estate.
Proceeds are payable for the benefit of end-users as soon as feasible following an insolvency event as defined by the Regulations.
Coverage expressly survives our insolvency and any compromise, arrangement, restructuring or extinguishment of obligations to end-users.
Notification period - at least 30 days prior to any cancellation or termination of the insurance/guarantee; retain the evidence of such notification.
Insolvency readiness (Section 15(2)(c) & 14(3))
We maintain an insolvency book that enables an insolvency administrator, trustee, or insurer to access all relevant records related to end user funds.
We maintain current contact details and communication templates to contact end-users as soon as feasible after a triggering event.
We operate reconciliation and review procedures that allow identification of errors or deficiencies in the ledger and processes to address any shortfalls for each end-user.
We document and execute clear procedures for returning funds to end-users, including the roles of our agents, mandataries, and third-party service providers.
Risk identification and mitigation (Section 15(3))
Maintaining a safeguarding risk register that identifies legal and operational risks that could hinder the safeguarding objectives and defines mitigations.
The register considers the jurisdictions of our operations and end-users, our account providers and insurers/guarantors, and the terms of any trust arrangements and insurance/guarantee policies.
Insolvency protection (Section 16)
We monitor for any instance in which end user funds or insurance/guarantee proceeds would not have been payable to end-users had an insolvency event occurred and identify such instances as soon as feasible.
We have an obligation, upon identification, to immediately investigate the root causes and implement corrective measures to prevent recurrence; actions and outcomes will be documented accordingly