Interview with Ryan Toland: RPAA Registration Alone = Non-Compliance

RPAA Compliance is Now — Ensure Your Company is Protected

As of September 7, 2025, all Money Services Businesses (MSBs) and Payment Service Providers (PSPs) operating in Canada must comply with the Retail Payment Activities Act (RPAA).

With over 1,600 registered RPAA applicants now listed by the Bank of Canada, many MSBs and PSPs are discovering that registration alone does not ensure compliance. Companies need to have fully developed, implemented, and maintained RPAA compliance programs — and the penalties for non-compliance are significant, with fines reaching up to $1 million for serious violations and $10 million for very serious violations.

To understand what this means for Canadian payment companies, we talked with Ryan Toland, Chief Compliance Officer at Neopay Global, about the regulatory environment, the ongoing challenges faced by MSBs and PSPs, and how Neopay Global’s Turnkey RPAA Compliance Program helps businesses stay compliant and protected.

Ryan Toland is an experienced compliance professional with over 25 years of developing, implementing, and overseeing compliance programs in the financial and corporate industries. Prior to joining Neopay Global, he held senior compliance positions at Deloitte, MGM Resorts International, and Marriott International. He is a Certified Anti-Money Laundering Professional (CAMP) and Certified Fraud Examiner (CFE), with substantial knowledge of regulatory frameworks such as RPAA, AML/BSA, FINTRAC, data privacy, and IT governance.

Q1. Ryan, now that the RPAA compliance deadline has passed, what does this mean for MSBs and PSPs?

The RPAA enforcement phase is officially underway. Every MSB and PSP operating in Canada must now have a fully implemented RPAA Compliance Program that aligns with the Bank of Canada’s requirements.

Unfortunately, many firms stopped at registration — and that’s a critical mistake. Registration alone does not make you compliant. The Bank of Canada expects evidence of active governance, documented procedures, risk assessments, and training programs in place.

The penalties for non-compliance are severe. We’re talking about multi-million-dollar fines — up to $1 million for serious breaches and $10 million for very serious ones. Firms that fail to act could face not only financial losses but also long-term reputational damage.

Q2. Why is RPAA compliance so important for the payments industry?

The RPAA was created to protect consumers, promote stability, and ensure accountability across the payments ecosystem. It’s designed to prevent misuse of financial systems and ensure providers have robust risk management, oversight, and operational integrity.

But beyond just meeting regulatory requirements, compliance under the RPAA serves as a business advantage. Companies that show strong compliance programs earn more trust from banks, partners, and investors. It indicates they operate responsibly and are prepared for sustainable growth.

In short — compliance protects both your business and your reputation.

Q3. Many firms are still catching up. What challenges are you seeing post-deadline?

That’s true — many firms are still working to close gaps. Some underestimated what’s needed to go from registration to full implementation.

We’re seeing recurring issues in areas like:

• Conducting a full RPAA compliance gap analysis to confirm readiness.
• Managing Bank of Canada reporting and documentation requirements.
• Implementing transaction monitoring and AML procedures aligned with RPAA standards.
• Delivering comprehensive employee training.
• Establishing clear vendor management and data security frameworks.

In other words, firms are still building the infrastructure needed to sustain compliance over time — not just achieve it once.

Q4. How does Neopay Global’s Turnkey RPAA Compliance Program help?

We developed our Turnkey RPAA Compliance Program to make full compliance achievable for MSBs and PSPs — whether they’re starting from scratch or enhancing what’s already in place.

The program includes:

• RPAA Compliance Gap Analysis to identify and address deficiencies.
• Bank of Canada registration and reporting support.
• RPAA employee training programs tailored to staff roles and risks.
• Development of company-specific RPAA policies and procedures.
• Implementation of AML and transaction monitoring controls.
• Guidance on vendor management and data security obligations.

Our goal is to simplify the process and give businesses the tools, documentation, and assurance they need to remain compliant and audit-ready — without the stress or resource strain of building everything internally.

Q5. What’s your main message to firms that have yet to take action?

Don’t make a multi-million-dollar RPAA non-compliance mistake by ignoring your program obligations. Registration was the first step — but it’s not enough.

Firms must now demonstrate that they have operational compliance frameworks in place. That means training staff, documenting controls, and reporting accurately. The Bank of Canada will expect evidence, not intent.

At Neopay Global, we’re here to help businesses get there — quickly, effectively, and with confidence.

Partnering with Neopay Global = RPAA Compliance

The RPAA marks a significant change in Canada’s regulation for MSBs and PSPs. Avoid costly fines and keep your company compliant by adopting Neopay Global’s Turnkey RPAA Compliance Program.

Contact Ryan Toland, Chief Compliance Officer, at ryant@neopayglobal.com or reach us here to learn how we can help safeguard your organization’s compliance requirements.