Ask a Canadian financial regulator what it is doing about a new consumer risk and you will usually hear a recital of process: what it is studying, consulting on, watching. Ask the same question in London, Sydney or Washington and you are more likely to hear about a named initiative, a public timeline and a deliverable. That gap is not about talent. It is about design. And in Canada, that design is a choice.
Consumers pay for it.
Canada’s regulatory architecture produces delay almost by instinct. It divides authority, diffuses responsibility and rewards caution long after a risk is obvious. When a problem crosses sectors, institutions or jurisdictions, the system slows down. No one quite owns the file. No one quite has to act. The machinery keeps moving, but consumers are left waiting.
Three features drive that result.
The first is jurisdiction. Canada has 13 provincial and territorial securities regulators, a federal banking framework and separate provincial insurance regulators. No single body owns a consumer issue that cuts across sectors. That fragmentation is made worse by provincialism — the habit of treating coordination as optional and turf as sacred. The cooperative capital markets initiative did not collapse because the case was weak. It collapsed because provinces would not give ground.
The second is capacity. A few regulators have the legal, technical and behavioural research depth to lead on complex files. Most do not. And when a file crosses boundaries, no mechanism reliably pulls the right agencies together. Each regulator works within its own walls, limited by mandate, resources and legal authority. The spaces between those walls — where many modern consumer harms now sit — are where the system is weakest.
The third is delegation. Self-regulatory organizations (SRO) are part of Canada’s model, and important regulatory functions have been handed to them. That was not an accident. It was a policy choice. But every added actor complicates accountability, and not every actor has the same priorities.
Consumer protection may appear in the mission statement, but it does not always sit at the centre of the agenda. Expecting SROs to lead cross-cutting consumer files is asking an industry-facing model to carry a consumer-protection burden it was not designed to carry.
Consumers have been paying for this structure for years. Binding authority for the Ombudsman for Banking Services and Investments was recommended in 2011. Fifteen years later, investors with legitimate complaints still have no binding remedy.
Segregated funds have long been sold as products similar to mutual funds while operating under materially weaker disclosure and conduct standards. Insurance regulators only began consulting in 2025 on narrowing that gap. Different file, same pattern: a risk is identified, the system absorbs it and years pass before anything resembling a response arrives. Consumers pay for the delay.
Firm conduct
AI is the latest example.
In the first three months of 2026, three peer jurisdictions opened consumer-facing AI files. Britain’s Financial Conduct Authority launched the Mills Review, a formal examination of what AI is doing to retail financial consumers. It is backed by an engagement paper that distinguishes between tools that explain, tools that advise and tools that act — and it asks what protections each requires.
The Australian Securities & Investments Commission named AI-driven consumer harm and AI-perimeter gaps among the 10 systemic risks facing its financial system. The U.S. Securities and Exchange Commission and Financial Industry Regulatory Authority each carved out sections of their 2026 oversight plans for AI’s effect on retail investors.
Canada saw AI too. But while peer regulators treated it as a consumer issue, Canada treated it as an issue of firm conduct. Its response was a notice telling firms that existing securities law still applied to AI. It covered disclosure, record-keeping and supervision.
It set out what firms should do when they use AI. It said almost nothing about how AI might reshape the consumer experience. That gap is telling. The Ontario Securities Commission has already spent years producing behavioural research on digital harms affecting retail investors. But Canada’s regulatory framework is structurally weak at connecting behavioural research, rule-making and emerging consumer risk in the same response. That failure is most damaging when a consumer problem crosses sectors or jurisdictions.
AI is moving through retail finance faster than Canada can rebuild the regulatory architecture it should have fixed years ago. That larger repair still matters. But it won’t arrive in time for this file.
What can arrive in time is a practical workaround under existing authority: a cross-sector mechanism on consumer-facing AI. The Ontario Securities Commission and the Financial Consumer Agency of Canada should co-chair it, with the Canadian Investment Regulatory Organization and the provincial insurance and securities regulators as standing participants.
Give it a 12-month mandate to produce a joint framework that does three things: identify the main consumer-facing AI uses in retail finance, assign regulatory responsibility where those uses cross sectors or jurisdictions and set out near-term supervisory and disclosure expectations for firms.
The pattern is familiar. We built a system that reacts late, fragments responsibility and confuses process with action. AI is moving too quickly to wait for the larger repair Canada still needs.
Fortunately, this file does not require governments to rebuild the framework before regulators can act together. They can coordinate now, clarify who is responsible for what and set near-term expectations under existing authority. On AI, regulators must stop hiding behind the architecture.