I am Canadian. I’ve worked in the Financial industry for about 20 years (either directly or adjacent to it in roles like auditing). I am an IT guy.
Here’s some more examples / clarifications of it: pretty well all of Canada’s ATMs run on Windows. When questioned about why, companies that provide those systems state that its a requirement from Payments Canada.
Most Financial Institutions use USA-tied backend banking systems – there’s 1-2 “Canadian” providers, but they’re very niche (hence the note about BC’s situation, BC being the western most province in Canada). Companies like FISERV (USA) expanded into Canada a few decades ago – their initial entry to the market failed due to them not caring about differences between Canadian and US financial products. They didn’t bother porting anything, treating things like the US “401k” logic as basically the same as Canada’s RRSPs doesn’t work, and lead to massive problems for many FIs – problems that sank a couple. So they bought out a Canadian product that was called DNA (which ran on Oracle). FISERV is one of the dominant players in the Canadian market.
Canada’s Central1 Credit Union, the trade association / service provider for their Credit Unions, recently bailed on hosting in-country online banking services, after having screwed up their implementation of the ISO20022 really really badly. They ‘sold’ that whole segment of their business off to an Indian Headquartered company which hosts its products in Microsoft’s cloud, uses developers from the UAE, and has only like 1-2 security staff in Canada (so all your security events are definitely going elsewhere). Adding to this, at the start of Central1’s mismanagement of online banking, they had 2 geodistant datacenters on either side of the country – but they hired a US Banker to run their IT department, and he put all their internal stuff (beyond just the online banking) into the cloud, turfing their internal systems. Oh, and in terms of it continuing in this direction even with the turmoil – since 2025, Central has shifted their backend online cheque processing, one of the last items outstanding, into Microsoft’s cloud. So even if you’re using a small credit union in a tiny community, if you write a cheque, you’re reliant on USA cloud infrastructure.
BC’s provincial financial regulators, the BC FSA, put out an RFP about a decade ago noting some serious gaps in their IT framework – the RFP was amazing to read, as it noted things like software that had been EOL for almost a decade, which they admitted they couldn’t support properly, because they’d basically fired most of their IT staff. The RFP was a total “front”/box-checking exercise though, as they’d already chosen who they were going with – the RFP lasted only a brief time, and was tailored to ensure a specific vendor would win (issued June 17, 155 pages of specifications/environment description background, submission deadline July 31 – vendor work startingQ4. A turn around speed unheard of in govt, if they were doing any due diligence). The result was that the BC FSA moved all of its IT ecosystem stuff into Microsoft’s cloud. The industry submits member/customer personal information directly into a site that’s hosted on Microsoft’s cloud – even uses generic Microsoft cloud login infra. So a huge portion of FI customer data is exposed through the regulators of the industry.
I am Canadian. I’ve worked in the Financial industry for about 20 years (either directly or adjacent to it in roles like auditing). I am an IT guy.
Here’s some more examples / clarifications of it: pretty well all of Canada’s ATMs run on Windows. When questioned about why, companies that provide those systems state that its a requirement from Payments Canada.
Most Financial Institutions use USA-tied backend banking systems – there’s 1-2 “Canadian” providers, but they’re very niche (hence the note about BC’s situation, BC being the western most province in Canada). Companies like FISERV (USA) expanded into Canada a few decades ago – their initial entry to the market failed due to them not caring about differences between Canadian and US financial products. They didn’t bother porting anything, treating things like the US “401k” logic as basically the same as Canada’s RRSPs doesn’t work, and lead to massive problems for many FIs – problems that sank a couple. So they bought out a Canadian product that was called DNA (which ran on Oracle). FISERV is one of the dominant players in the Canadian market.
Canada’s Central1 Credit Union, the trade association / service provider for their Credit Unions, recently bailed on hosting in-country online banking services, after having screwed up their implementation of the ISO20022 really really badly. They ‘sold’ that whole segment of their business off to an Indian Headquartered company which hosts its products in Microsoft’s cloud, uses developers from the UAE, and has only like 1-2 security staff in Canada (so all your security events are definitely going elsewhere). Adding to this, at the start of Central1’s mismanagement of online banking, they had 2 geodistant datacenters on either side of the country – but they hired a US Banker to run their IT department, and he put all their internal stuff (beyond just the online banking) into the cloud, turfing their internal systems. Oh, and in terms of it continuing in this direction even with the turmoil – since 2025, Central has shifted their backend online cheque processing, one of the last items outstanding, into Microsoft’s cloud. So even if you’re using a small credit union in a tiny community, if you write a cheque, you’re reliant on USA cloud infrastructure.
BC’s provincial financial regulators, the BC FSA, put out an RFP about a decade ago noting some serious gaps in their IT framework – the RFP was amazing to read, as it noted things like software that had been EOL for almost a decade, which they admitted they couldn’t support properly, because they’d basically fired most of their IT staff. The RFP was a total “front”/box-checking exercise though, as they’d already chosen who they were going with – the RFP lasted only a brief time, and was tailored to ensure a specific vendor would win (issued June 17, 155 pages of specifications/environment description background, submission deadline July 31 – vendor work startingQ4. A turn around speed unheard of in govt, if they were doing any due diligence). The result was that the BC FSA moved all of its IT ecosystem stuff into Microsoft’s cloud. The industry submits member/customer personal information directly into a site that’s hosted on Microsoft’s cloud – even uses generic Microsoft cloud login infra. So a huge portion of FI customer data is exposed through the regulators of the industry.