I am Canadian. I’ve worked in the Financial industry for about 20 years (either directly or adjacent to it in roles like auditing). I am an IT guy.
Here’s some more examples / clarifications of it: pretty well all of Canada’s ATMs run on Windows. When questioned about why, companies that provide those systems state that its a requirement from Payments Canada.
Most Financial Institutions use USA-tied backend banking systems – there’s 1-2 “Canadian” providers, but they’re very niche (hence the note about BC’s situation, BC being the western most province in Canada). Companies like FISERV (USA) expanded into Canada a few decades ago – their initial entry to the market failed due to them not caring about differences between Canadian and US financial products. They didn’t bother porting anything, treating things like the US “401k” logic as basically the same as Canada’s RRSPs doesn’t work, and lead to massive problems for many FIs – problems that sank a couple. So they bought out a Canadian product that was called DNA (which ran on Oracle). FISERV is one of the dominant players in the Canadian market.
Canada’s Central1 Credit Union, the trade association / service provider for their Credit Unions, recently bailed on hosting in-country online banking services, after having screwed up their implementation of the ISO20022 really really badly. They ‘sold’ that whole segment of their business off to an Indian Headquartered company which hosts its products in Microsoft’s cloud, uses developers from the UAE, and has only like 1-2 security staff in Canada (so all your security events are definitely going elsewhere). Adding to this, at the start of Central1’s mismanagement of online banking, they had 2 geodistant datacenters on either side of the country – but they hired a US Banker to run their IT department, and he put all their internal stuff (beyond just the online banking) into the cloud, turfing their internal systems. Oh, and in terms of it continuing in this direction even with the turmoil – since 2025, Central has shifted their backend online cheque processing, one of the last items outstanding, into Microsoft’s cloud. So even if you’re using a small credit union in a tiny community, if you write a cheque, you’re reliant on USA cloud infrastructure.
BC’s provincial financial regulators, the BC FSA, put out an RFP about a decade ago noting some serious gaps in their IT framework – the RFP was amazing to read, as it noted things like software that had been EOL for almost a decade, which they admitted they couldn’t support properly, because they’d basically fired most of their IT staff. The RFP was a total “front”/box-checking exercise though, as they’d already chosen who they were going with – the RFP lasted only a brief time, and was tailored to ensure a specific vendor would win (issued June 17, 155 pages of specifications/environment description background, submission deadline July 31 – vendor work startingQ4. A turn around speed unheard of in govt, if they were doing any due diligence). The result was that the BC FSA moved all of its IT ecosystem stuff into Microsoft’s cloud. The industry submits member/customer personal information directly into a site that’s hosted on Microsoft’s cloud – even uses generic Microsoft cloud login infra. So a huge portion of FI customer data is exposed through the regulators of the industry.
Bless you for responding sincerely, I appreciate that so much. I apologize if most of it has gone over my head but is there a movement to detach yourselves from the US?
I have been so in my own head lately and focused on my field of study that I almost feel like an alien. What does this mean in practical terms, how much is my data available to entities I’ve never heard of, can you tell me in practical terms what that means for me/the average person?
This is absolutely fascinating. Still a bit dense ngl lol. It will take me some time to work through, I feel bad I’m not giving your write-up the time it deserves. Wondering, what would be your ideal solution?
You basically wrote an entire essay for me and I’m half in love with you now. Talk my ear off about it anytime
Lots to unpack here. This is the big thing at the moment and I’d like to know what I can. Would you be willing to talk on the phone at some point? I’ve been going through something hard and I don’t want to cry about it, but I think it would help a lot if someone smart and passionate in a subject I know little about ranted at me. Not like a formal interview, just a talk
Not a problem. I was just thinking you’re an interesting person with a fount of information. Nothing wrong with not wanting to chat with a stranger. I’ll be around if you change your mind but no pressure ofc.
I’m in the US but I’ve been looking into educating myself more about financial institutions and that’s why I was so curious. Plus you sounded really well-informed and I’m very close to Canada geographically and thinking about moving there so I need to learn all I can before I make that decision.
I am Canadian. I’ve worked in the Financial industry for about 20 years (either directly or adjacent to it in roles like auditing). I am an IT guy.
Here’s some more examples / clarifications of it: pretty well all of Canada’s ATMs run on Windows. When questioned about why, companies that provide those systems state that its a requirement from Payments Canada.
Most Financial Institutions use USA-tied backend banking systems – there’s 1-2 “Canadian” providers, but they’re very niche (hence the note about BC’s situation, BC being the western most province in Canada). Companies like FISERV (USA) expanded into Canada a few decades ago – their initial entry to the market failed due to them not caring about differences between Canadian and US financial products. They didn’t bother porting anything, treating things like the US “401k” logic as basically the same as Canada’s RRSPs doesn’t work, and lead to massive problems for many FIs – problems that sank a couple. So they bought out a Canadian product that was called DNA (which ran on Oracle). FISERV is one of the dominant players in the Canadian market.
Canada’s Central1 Credit Union, the trade association / service provider for their Credit Unions, recently bailed on hosting in-country online banking services, after having screwed up their implementation of the ISO20022 really really badly. They ‘sold’ that whole segment of their business off to an Indian Headquartered company which hosts its products in Microsoft’s cloud, uses developers from the UAE, and has only like 1-2 security staff in Canada (so all your security events are definitely going elsewhere). Adding to this, at the start of Central1’s mismanagement of online banking, they had 2 geodistant datacenters on either side of the country – but they hired a US Banker to run their IT department, and he put all their internal stuff (beyond just the online banking) into the cloud, turfing their internal systems. Oh, and in terms of it continuing in this direction even with the turmoil – since 2025, Central has shifted their backend online cheque processing, one of the last items outstanding, into Microsoft’s cloud. So even if you’re using a small credit union in a tiny community, if you write a cheque, you’re reliant on USA cloud infrastructure.
BC’s provincial financial regulators, the BC FSA, put out an RFP about a decade ago noting some serious gaps in their IT framework – the RFP was amazing to read, as it noted things like software that had been EOL for almost a decade, which they admitted they couldn’t support properly, because they’d basically fired most of their IT staff. The RFP was a total “front”/box-checking exercise though, as they’d already chosen who they were going with – the RFP lasted only a brief time, and was tailored to ensure a specific vendor would win (issued June 17, 155 pages of specifications/environment description background, submission deadline July 31 – vendor work startingQ4. A turn around speed unheard of in govt, if they were doing any due diligence). The result was that the BC FSA moved all of its IT ecosystem stuff into Microsoft’s cloud. The industry submits member/customer personal information directly into a site that’s hosted on Microsoft’s cloud – even uses generic Microsoft cloud login infra. So a huge portion of FI customer data is exposed through the regulators of the industry.
Bless you for responding sincerely, I appreciate that so much. I apologize if most of it has gone over my head but is there a movement to detach yourselves from the US?
I have been so in my own head lately and focused on my field of study that I almost feel like an alien. What does this mean in practical terms, how much is my data available to entities I’ve never heard of, can you tell me in practical terms what that means for me/the average person?
deleted by creator
This is absolutely fascinating. Still a bit dense ngl lol. It will take me some time to work through, I feel bad I’m not giving your write-up the time it deserves. Wondering, what would be your ideal solution? You basically wrote an entire essay for me and I’m half in love with you now. Talk my ear off about it anytime
deleted by creator
deleted by creator
Lots to unpack here. This is the big thing at the moment and I’d like to know what I can. Would you be willing to talk on the phone at some point? I’ve been going through something hard and I don’t want to cry about it, but I think it would help a lot if someone smart and passionate in a subject I know little about ranted at me. Not like a formal interview, just a talk
deleted by creator
Not a problem. I was just thinking you’re an interesting person with a fount of information. Nothing wrong with not wanting to chat with a stranger. I’ll be around if you change your mind but no pressure ofc.
I’m in the US but I’ve been looking into educating myself more about financial institutions and that’s why I was so curious. Plus you sounded really well-informed and I’m very close to Canada geographically and thinking about moving there so I need to learn all I can before I make that decision.