7 New Canada Banking Rules 2026: Canada is rolling out 7 new banking fraud protection rules that will fundamentally change how banks handle wire transfers, e-transfers, and suspicious account activity. The federal government pre-published these proposed Fraud Regulations in the Canada Gazette, Part I on June 27, 2026, operationalizing amendments made to the Bank Act through Bill C-15, which received Royal Assent on March 26, 2026. The rules are designed to close a major gap: Canadians currently have little control over features like wire transfers and Interac e-Transfers, which are often enabled by default on personal deposit accounts and can allow transactions of up to $50,000 without any extra layer of consent.
The timing matters. According to the Canadian Anti-Fraud Centre, Canadians lost more than $704 million to fraud in 2025 a figure regulators believe captures only 5 to 10 percent of actual losses nationwide. The new framework is scheduled to come into force on July 1, 2027, with a public comment period on the proposed regulations open until July 27, 2026. Below is a full breakdown of all 7 new rules, what they mean for your everyday banking, and the key dates you should have on your radar.

Canada’s New Banking Fraud Protection Rules Key Highlights
| Detail | Information |
|---|---|
| Legislation | Bill C-15 (Budget Implementation Act, 2025, No. 1) |
| Royal Assent date | March 26, 2026 |
| Regulations pre-published | June 27, 2026 (Canada Gazette, Part I) |
| Public comment period closes | July 27, 2026 |
| Regulations come into force | July 1, 2027 |
| First annual fraud data reporting period begins | January 1, 2028 |
| First annual FCAC fraud reports due | May 15, 2029 |
| 2025 reported fraud losses in Canada | Over $704 million (Canadian Anti-Fraud Centre) |
| Estimated actual fraud capture rate of CAFC data | Only 5–10% of true losses |
| Regulator enforcing the rules | Financial Consumer Agency of Canada (FCAC) |
| Maximum penalty per violation | Up to $10 million per violation |
| Estimated 10-year net benefit to Canadians | $2.3 billion |
7 New Canada Banking Rules 2026 Explained
Rule 1: Banks Must Get Your Express Consent Before Enabling Transfer Features
Banks will be required to obtain a customer’s express consent before enabling electronic funds transfer capabilities — including wire transfers and Interac e-Transfers — on personal deposit accounts. Historically, these features have often been switched on by default, meaning a fraudster who accessed an account could immediately use capabilities the account holder didn’t know were active.
Rule 2: You Can Disable Transfer Capabilities Entirely
If you don’t use wire transfers or large e-transfers, the new rules let you turn those capabilities off completely. This directly targets what regulators call the “unlocked door” problem — features that sit dormant on an account but remain fully usable by anyone who gains unauthorized access.
Rule 3: You Can Adjust Your Own Withdrawal and Transaction Limits
Consumers will gain the right to request changes to withdrawal and transaction limits tied to their accounts, giving individual account holders more direct control over how much money can move at once — a key defense against large, one-time fraudulent transfers.
Rule 4: Strict Timelines for Processing Your Limit-Change Requests
Once you request a change to your transaction limits, banks must act fast:
| Situation | Required Bank Response Time |
|---|---|
| Identity already verified | Without delay |
| Identity not yet verified | No later than the next business day |
This timing rule is meant to balance convenience with security, ensuring fraud-prevention requests aren’t stuck in processing limbo while an account remains vulnerable.
Rule 5: Banks Must Build Real Fraud Detection and Investigation Criteria
Banks are now required to establish formal criteria for investigating suspicious transactions and deciding whether to notify consumers about suspicious requests — such as attempts to activate transfer capabilities or raise transaction limits. This moves fraud detection from an informal, bank-by-bank practice to a standardized regulatory requirement.
Rule 6: Banks Must Determine Fraud Victim Status and Report Findings to Consumers
Under the new framework, banks take on a more active role: they must apply their fraud criteria to determine whether a consumer was actually a victim of fraud, assess whether a remedy is available, and communicate that determination directly to the affected consumer. Notably, the regulations don’t introduce new prescriptive rules about liability or remedies themselves — the focus is on process and transparency, not compensation guarantees.
Rule 7: Mandatory Annual Fraud Data Reporting to the FCAC
Banks must collect and report fraud-related data annually to the Financial Consumer Agency of Canada (FCAC), which will in turn submit a summary report to the Minister of Finance. The first annual reporting period begins January 1, 2028, with the first reports due by May 15, 2029. This is meant to fix a major blind spot: current CAFC figures likely represent only a small fraction of total fraud losses, making it difficult for regulators to design effective policy.
Why “Consumer-Targeted Fraud” Is Defined So Broadly
One important detail in the legislation is how consumer-targeted fraud itself is defined. It covers not just transactions a consumer never authorized, but also transactions that were technically authorized through coercion or deception — such as romance scams, investment scams, or online marketplace fraud where a victim is manipulated into approving a transfer themselves. This broader definition means the new rules aren’t limited to hacked accounts; they also apply to social-engineering scams where the victim unknowingly initiates the transaction.
Enforcement: What Happens If Banks Don’t Comply
| Enforcement Tool | Description |
|---|---|
| Warning letters | Initial notice of non-compliance |
| Undertakings to FCAC | Formal commitments to correct practices |
| Compliance agreements | Structured plans to fix ongoing violations |
| Notices of Violation | Formal regulatory citations |
| Administrative Monetary Penalties (AMPs) | Financial penalties for violations |
| Maximum penalty | Up to $10 million per violation |
What This Means for Canadian Consumers Right Now
It’s worth being clear about timing: these 7 rules are not yet in effect. They are proposed regulations in a public comment period, with the actual coming-into-force date set for July 1, 2027. In the meantime, Canadians can still take proactive steps:
- Ask your bank directly whether wire transfer or e-transfer capabilities are active on your account by default.
- Review your current transaction limits and ask whether they can be lowered now, ahead of the formal regulatory requirement.
- Watch for the finalized regulations, since implementation details for different products and services will be released once the rules are finalized.
- Stay alert to coercion-based scams, since the new definition of consumer-targeted fraud explicitly includes transactions you’re manipulated into approving yourself.
FAQs
Q1. Are these 7 new banking fraud rules already in effect?
No. They are proposed regulations published for a comment period ending July 27, 2026, with a July 1, 2027 coming-into-force date.
Q2. What law created these new fraud protection rules?
Bill C-15, the Budget Implementation Act, 2025, No. 1, which received Royal Assent on March 26, 2026, amended the Bank Act to create the legal framework.
Q3. Can I already turn off wire transfers on my account?
Some banks may allow this informally today, but the formal legal right to disable these features doesn’t take effect until the regulations are finalized and enforced.
Q4. How much fraud do Canadians currently lose per year?
The Canadian Anti-Fraud Centre reported over $704 million in losses in 2025, though regulators believe this reflects only a small share of the true total.
Q5. Who enforces these new rules?
The Financial Consumer Agency of Canada (FCAC) will supervise and enforce compliance, with penalties of up to $10 million per violation.
Q6. Does this cover scams where I authorize the transfer myself?
Yes. The definition of consumer-targeted fraud specifically includes transactions authorized through coercion or deception, such as romance or investment scams.

