Governance

FCAC's evolving conduct expectations: what they signal for portfolio sellers.

Recent FCAC guidance and provincial regulatory updates raise the floor on counterparty due diligence for institutional sellers. We walk through what changes in practice — and what to look for in an acquisition counterparty's governance posture.

Date February 2026 Reading time 10 min read By BureauFix governance team

← All insights

The Financial Consumer Agency of Canada's posture on consumer treatment by federally regulated entities and their disposition counterparties has evolved meaningfully over the past three years. The trajectory is clear: conduct expectations are tightening, counterparty due diligence is becoming more substantive, and the operational realities of consumer treatment in post-disposition portfolios are receiving direct regulatory attention. For institutional sellers — particularly federally regulated banks and the major insurers that operate consumer-credit arms — the practical implications are real.

What's actually changing

Three threads of regulatory development matter.

Consumer-treatment expectations

FCAC's framework on consumer treatment for federally regulated entities increasingly extends, through reasonable inference, to the disposition counterparties those entities engage. The argument is straightforward: if a federally regulated bank is accountable for the conduct standards applied to its consumers, that accountability does not end at the moment a portfolio transfers ownership. The bank remains accountable for whether the post-transfer consumer experience reflects standards consistent with its own.

In practice, this raises the bar on counterparty due diligence. Institutional sellers must satisfy themselves that the buy-side counterparty's conduct posture, operating-partner oversight and complaints handling are genuinely consistent with the seller's own standards — not as a soft preference, but as an operational requirement defensible inside the seller's internal control framework.

Vulnerability-handling expectations

FCAC and provincial regulators have been increasingly explicit about expectations for handling consumers in vulnerable circumstances. The concept of vulnerability has expanded from narrow definitions (specific medical, mental-health or financial-distress indicators) to a broader posture that recognises vulnerability as situational and dynamic. Operating-partner training, escalation pathways, and documented protocols for handling vulnerable customers are now expected to be substantive rather than nominal.

Data-handling expectations

The intersection of FCAC's consumer-protection posture and the federal Personal Information Protection and Electronic Documents Act (PIPEDA) — alongside the provincial overlay, particularly Quebec's Loi 25 — produces a meaningful tightening of expectations around how consumer data is handled across the disposition boundary. Counterparties who cannot demonstrate PIPEDA-aligned policies, controlled access, and tested security cannot meet the standard institutional sellers are increasingly being asked to evidence.

What this means for institutional sellers

The cumulative effect is that the bar on institutional counterparty selection is rising in real time. Five practical implications matter.

1. Counterparty due diligence becomes substantive

The historical posture — confirming that the buy-side has the relevant operating-partner licences, signing the documentation, transferring the data — is no longer sufficient. Substantive due diligence requires understanding the buy-side counterparty's conduct framework, its operating-partner oversight processes, its complaints data, its vulnerability protocols, its data-handling architecture, and its track record. This is not a procurement exercise; it is a governance review.

2. Documentation matters more

Internal control teams will increasingly expect counterparty selection decisions to be documented in the same way other significant operational arrangements are documented. The selection rationale, the due-diligence evidence, the ongoing oversight cadence, and the escalation pathways all need to be defensible. Counterparties who cannot support this documentation discipline make poor partners.

3. Ongoing oversight, not one-off selection

The expectation is shifting from one-off counterparty selection to ongoing oversight of counterparty conduct. This means scheduled performance reviews, documented complaints-rate monitoring, periodic conduct audits, and clear escalation pathways for breaches of agreed standards. Institutional buyers who can support this oversight cadence are becoming the only credible long-term counterparties.

4. Forward-flow contracts evolve

The contractual frameworks for forward-flow programmes are expanding to include explicit conduct standards, complaint-rate caps, vulnerability-handling protocols, and audit rights. Buy-side counterparties who can transact comfortably under these frameworks differ from those who cannot — and the difference is substantive.

5. The 'safe harbour' tightens

The historical implicit assumption that selling a portfolio fully transfers responsibility for post-transfer consumer treatment is being eroded. Institutional sellers retain reputational, brand and (in some interpretations) regulatory exposure to the conduct of their counterparties post-disposition. This realignment changes how counterparty selection should be approached.

Substantive due diligence requires understanding the buy-side counterparty's conduct framework, its operating-partner oversight, its complaints data, its vulnerability protocols, and its data-handling architecture. This is not a procurement exercise; it is a governance review.

What good looks like in counterparty conduct posture

From the perspective of a serious institutional seller conducting substantive due diligence, the elements of a credible counterparty conduct posture include the following.

A documented governance framework covering acquisition due diligence, regulated operations, consumer treatment, data protection and complaints handling — applied centrally rather than on a portfolio-by-portfolio basis.
Licensed operating-partner network with provincial collection-licensing verified continuously rather than at point of selection. Operating partners onboarded against documented criteria including conduct record, technology posture and financial standing.
Treatment standards calibrated to consumer-protection expectations — plain-language correspondence, affordability-led arrangements, transparent dispute handling, and clear signposting to free independent advice.
Vulnerability protocols embedded in operating-partner training, with documented escalation pathways and oversight by the counterparty's compliance team.
PIPEDA-aligned data handling with role-based access, controlled data-sharing across the operating-partner network, and tested security architecture.
Complaints handling with a published time-bound process, defined escalation routes (including to independent ombudsmen where applicable), and active use of complaints data to drive operational improvement.
Transparent reporting at a cadence that supports ongoing oversight, with the granularity required by the seller's internal control framework.

What sellers should be doing now

Three concrete recommendations for institutional sellers preparing for the next twelve months of disposition activity.

Audit your existing buy-side panel. The dispersion in conduct posture across the buy-side is wider than it has been in some time. Some counterparties have invested deliberately in raising their standards; others have not. The audit is not a procurement exercise — it is an institutional governance exercise.
Update your forward-flow contracts. Conduct standards, complaints-rate caps, vulnerability protocols and audit rights should all be explicit. Counterparties who push back on substantive provisions in these areas are signalling something important about their posture.
Establish ongoing oversight cadence. Counterparty selection is the start of the relationship, not the end. Scheduled reviews — typically quarterly for active forward-flow partners — supported by counterparty reporting that genuinely allows oversight, are now the institutional standard.

Closing

FCAC's evolving conduct expectations are not a sudden change — they reflect a multi-year trajectory that institutional sellers have been navigating with varying degrees of seriousness. The trajectory is clear, and the floor will continue to rise. Institutional sellers who treat this as an opportunity to strengthen their counterparty posture will find themselves with better long-term partnerships and better consumer-treatment outcomes.

BureauFix is built around a conviction that the institutional standard should be the floor of our operating discipline, not the ceiling. We welcome conversations with sellers who are conducting substantive due diligence on their buy-side panel.

Editorial draft — for review. This article is published as draft thought-leadership content for institutional review before final release. Specific market views, pricing posture and forward-looking statements should be reviewed by the BureauFix principal team and amended as appropriate before any external distribution.

Authored by

BureauFix governance team

Conduct & compliance

Related insights

Continue reading.

Quarterly outlookQ2 2026

Canadian short-term consumer credit: a Q2 2026 outlook for institutional sellers.

Charge-off rates across alternative-credit issuers continued to normalise through the first quarter, and forward-flow pricing is reflecting a more disciplined buy-side. We set out …

Operating perspectiveMarch 2026

Forward-flow versus spot: when each structure is the right answer.

Spot transactions and forward-flow programmes are not interchangeable — they serve different governance, treasury and operational needs. A practical framework for choosing between …

Operating perspectiveJanuary 2026

Operating-partner oversight: building a network you can defend in a board pack.

A regulated counterparty is only as strong as its weakest operating partner. Five oversight disciplines that distinguish institutional buyers from the rest of the field — and a sel…

A specific question? Speak to our team.

If a portfolio you are evaluating raises a specific question that this article does not address, our principal team is available for a confidential conversation under NDA.

Open a conversation

Direct dialogue with the principal team
Methodology briefings under NDA
Tailored sector views on request