On December 1, 2020, Canada's Office of the Privacy Commissioner (“OPC”) issued a report on a data security incident at the Quebec-based financial services firm Desjardins.  The Desjardins incident involved an insider at the firm who accessed, collected, and leaked the personal information of over 9.7 million customers and users from Canada and elsewhere during a two year period—a staggering amount of data over an extended period of time.   

While most startup founders would prefer not to pore over laws, regulations and interpretive materials to design a perfect product, it’s an essential exercise for those developing financial services solutions. For fintechs and the other finserv-related startups (e.g., regtech, suptech, etc.) understanding the regulatory obligations of customers and prospects will be core to your mission. In some cases, the process of interpretation and analysis might be a heavy lift involving expert outside counsel, lobbying efforts, and specialized consulting services.