Annual Reporting Under the RPAA: What PSPs Need to Know

Written By Mohit Gogna

As the Retail Payment Activities Act (RPAA) and its associated regulations (RPAR) unfold, annual reporting has become one of the cornerstone obligations for payment service providers (PSPs) operating in Canada. With the first report due March 31, 2026, it’s critical for PSPs to understand not only what must be reported, but how to prepare and submit a compliant report, with enough time and clarity to avoid oversights.

Whether you’re new to RPAA compliance or seeking to refine your internal processes, this post explains the requirements and illustrates how experienced compliance support can make the process smoother and more reliable.

Why Annual Reporting Matters

Under the RPAA, registered PSPs must submit an annual report to the Bank of Canada by March 31 of each year covering the previous calendar year. For the first reporting cycle, the 2025 calendar year report is due March 31, 2026.

This isn’t a simple box-checking exercise. The annual report is designed to ensure that PSPs are:

  • Managing operational risks responsibly

  • Properly documenting and handling incidents

  • Demonstrating control over retail payment activity metrics

  • Complying with their ongoing obligations under RPAA and RPAR

The Bank reviews annual reports to support its risk-based supervision of PSPs and to ensure confidence and stability in Canada’s retail payment ecosystem.

What the Annual Report Covers

The annual report form, accessible through the PSP Connect portal, covers key components of your PSP’s operations. Currently, it is organized into several core sections:

1. Operational Risk Management and Incident Response

You’ll describe your risk management framework and how it has been maintained throughout the year. This includes how risks are identified, assessed, and mitigated, as well as your incident response procedures and incident logs.

2. Safeguarding End-User Funds (If Applicable)

If you hold end-user funds, this section requires details about how those funds are safeguarded, including account providers, methods used (e.g., trust, insurance/guarantee), and controls in place.

3. Retail Payment Activity Metrics

This is where quantitative reporting is required. PSPs must provide figures for:

  • Maximum and average value of end-user funds held

  • Number and total value of electronic funds transfers (EFTs) facilitated

  • Number of distinct end users served

  • Number of other PSPs served

These metrics demonstrate your PSP’s ubiquity and interconnectedness within the payments ecosystem.

4. Changes to Retail Payment Activities

Report any significant changes you made during the year in how you perform retail payment activities, such as adding a service, changing a third-party provider, or adjusting operational processes.

5. Record-Keeping and Financial Metrics

You’ll confirm your record-keeping practices and provide basic financial information (revenue, expenses, equity). Financial metrics may be reported based on your most recent fiscal year, rather than calendar year.

How Strategic Compliance Support Makes a Difference

Preparing a robust annual report requires more than copying numbers into a form, it requires context, precision, documentation, and narrative clarity. That’s where professional compliance support can be a game-changer.

Here’s how Platino Consulting works with PSPs year-round:

Comprehensive Annual Report Preparation

We guide you through every section of the report, from operational risk descriptions to monthly EFT summaries, compiling data, interpreting regulatory expectations, and drafting responses that are clear, accurate, and compliant.

Alignment with Supervisory Expectations

We ensure your risk frameworks, incident logs, safeguarding documentation, and control narratives align with the Bank of Canada’s supervisory framework and guidance.

Data Collection and Metrics Reporting

We help you design or refine processes to track metrics (such as number/value of EFTs and end-user statistics) so you have accurate figures ready for reporting.

Quality Review and Confidence

Before submission, we conduct an internal compliance review to reduce errors and highlight potential gaps, minimizing the risk of follow-ups or corrective actions from regulators.

Ongoing Compliance Program Development

Beyond the annual report, we help you establish systems and policies that make compliance intuitive, including risk registers, vendor oversight, incident response frameworks, and documentation practices.

Peace of Mind Through Expert Support

The first annual reporting cycle under RPAA is a pivotal moment for PSPs, and it’s understandable that many organizations feel unsure where to begin. With deadlines approaching and detailed requirements to meet, expert support can provide confidence, clarity, and compliance assurance.

Rather than treating the annual report as a compliance burden, we help you see it as an opportunity to showcase strong operational practices, solid risk management, and good governance, which benefits both regulatory relationships and long-term business resilience.

If you’re preparing your first RPAA annual report, or want to improve how you manage and report operational data, we’re here to help.

Contact us today for a personalized annual report readiness assessment and tailored support that fits your PSP’s needs.

Mohit Gogna
Previous

What Is AML in Canada, What Triggers AML Checks & Is Canada a High-Risk Country?
Next

New AML Compliance Requirements for Canadian Financing & Leasing Companies — What You Must Know Before April 1, 2026