The requirements to obtain a required license or registration vary significantly according to the particular financial service and regulatory regime in question and the type of license or registration sought.

Banking and insurance

In reviewing an application for approval by a new entrant, OSFI assesses a wide range of factors, including ownership and financial strength, business plan, corporate structure, proposed activities, credit products and underwriting criteria, trading and investment strategy, information technology environment, risk management controls, integrity and security against threat actors, internal audit practices, regulatory compliance management, business continuity, and exit strategy. OSFI has published guidelines that set out its expectations and requirements for financial institutions seeking to be federally regulated (for example, Guideline E-4 Foreign Entities Operating in Canada on a Branch Basis published by OSFI in 2021).

While authorized foreign banks and foreign insurers are expected to maintain an establishment in Canada, certain branches under the Bank Act and Insurance Companies Act are exempted from the requirement to keep copies of certain records at the prescribed locations in Canada. In those circumstances, the branch must provide OSFI with immediate, direct, complete and ongoing access to the records that are stored outside Canada.

As reporting entities, banks and life insurers doing business in Canada must satisfy the obligations under the PCMLTFA, namely: reporting requirements, recordkeeping, client due diligence, and developing a comprehensive compliance program. The compliance program must include: appointment of an AML compliance officer, development of written AML compliance policies and procedures; a risk assessment of clients and their activity to decide on the level of ongoing client due diligence; development and maintenance of compliance training programs for employees, agents and other mandatories/attorneys; and carrying out biannual effectiveness reviews.

Given a greater reliance by financial institutions on technology systems and processes and the handling of customer data, regulators expect them to provide Service Organization Control (SOC) reports by external experts that attest to the financial institutions' internal management and controls relating to security, availability, processing integrity, confidentiality and privacy controls.

Securities and derivatives

Securities regulators assess the integrity as well as the experience and proficiency for the Canadian securities industry of prospective registrants. To be fit for registration as dealers or advisers in securities or derivatives, firms must satisfy the following requirements at a minimum:

1. Individuals must meet proficiency requirements as set out in part 3 of National Instrument 31-103.
2. Firms and individuals must conduct themselves with integrity, which includes honesty and good faith, particularly in dealing with clients; those who have a history of noncompliance with regulatory and legal requirements may be denied.
3. Firms must maintain solvency by meeting the capital and insurance requirements required to conduct their obligations on a daily basis.
4. Firms must develop a full compliance framework and a Policies and Procedures Manual, as well as client disclosures (e.g., account statements, trade confirmations, relationship disclosure information and annual fee and performance disclosures) and processes for know your product (KYP), know your client (KYC), suitability and managing conflicts of interest.

Similar to financial institutions, firms registered as dealers or advisers in securities are reporting entities under the PCMLTFA and are subject to the compliance obligations under the PCMLTFA discussed above.