.png)
On February 17, 2026, the Bank of Canada did something it had never done before under the newly enacted Retail Payment Activities Act. It issued an immediate compliance order against XTM Inc., ordering the company and its affiliated entities, including the AnyDay platform, to cease all payment activity, effective immediately.
There was no advance notice, no wind-down period, no grace period for users to move their funds. It all just stopped.
For the businesses and gig workers who depended on AnyDay for earned wage access and payroll, the impact was immediate and disruptive. Funds they expected to receive never arrived, and programs that had been running smoothly were frozen overnight.
While it's tempting to treat this as one company's problem, there's a broader lesson here and a question that every business running a payment program should be asking: do you know how your payment provider is actually holding your money?
The answer to that question, it turns out, determines a lot about what happens when things go sideways.
The Problem Wasn't the Product: What Actually Happened at XTM?
To understand why the Bank of Canada took such an unusual step, it helps to understand what XTM actually was.
XTM operated as a Money Services Business (MSB), a category of financial company regulated in Canada primarily by FINTRAC, focused on anti-money laundering and fraud prevention. Through its AnyDay platform, XTM offered earned wage access and prepaid card products targeting gig workers and hourly employees who needed faster access to their pay.
The business model made sense on paper. Workers don't want to wait two weeks for a paycheck, and employers want a simple way to offer that benefit. XTM sat in the middle and facilitated it.
The problem wasn't the product. It was the structure underneath it.
The Bank of Canada's compliance order cited serious concerns that XTM had failed to safeguard client funds, and that allowing the company to continue operating could be "prejudicial to the public's interest." In regulatory terms, that's a signal that waiting posed a real risk to real people.
What does "failure to safeguard funds" mean in practice? Public reporting and the Bank of Canada’s compliance order pointed to concerns around how client funds were safeguarded within XTM’s program structure, and whether those arrangements met the expectations set out under the RPAA.
While specific program structures can vary, the situation highlights a broader point: the way funds are held, whether directly by a provider or through banking partners, has real implications when regulators intervene.
The Bank of Canada didn't issue a warning or open an investigation. It issued an immediate stop order, the kind of action regulators reserve for situations where waiting would cause real harm. That should give any company using a payment program provider pause, especially if you've never asked how your funds are actually being held.
The Real Difference: How Payment Providers Hold Money
Most businesses evaluating a payments partner focus on the obvious things: features, pricing, integration complexity, customer support. Many never think to ask what kind of regulated entity they're working with, and what that means for their funds.
As the XTM situation demonstrated, it's a question worth asking.
There are two fundamentally different models in the payments industry, and the distinction is worth understanding.
Money Services Businesses (MSBs)
Many payment providers in Canada operate as Money Services Businesses (MSBs), registered with FINTRAC and primarily regulated for anti-money laundering and financial crime compliance.
MSB registration is an important part of the regulatory landscape, but it does not, on its own, define how client funds are held or safeguarded. Those details depend on how a provider structures its banking relationships, account models, and operational controls.
In practice, this means that two providers with similar-looking products can have very different approaches to fund custody and risk management behind the scenes.
Payment Services Providers (PSPs)
Under the Retail Payment Activities Act, companies performing payment functions are also subject to oversight by the Bank of Canada as payment service providers (PSPs).
This framework focuses on how payment activities are conducted, including operational risk management and the safeguarding of end-user funds. Importantly, PSP designation applies based on the activities performed, meaning a provider may be subject to both FINTRAC and Bank of Canada oversight at the same time.
What ultimately matters is not the label, but how a provider structures the movement and custody of funds within that regulatory environment.
MSB vs. PSP: A Quick Comparison
MSB PSP
Regulated by FINTRAC Bank of Canada (RPAA)
Holds client funds? Yes, directly No, held at licensed bank partners
Fund segregation required? Not Structurally Yes, through banking partner
Your Funds Are Only as Safe as Your Provider
If your payment program depends on a provider’s internal fund management structure, you are, whether you realize it or not, exposed to how that structure performs under stress.
By contrast, models built on regulated banking custody separate client funds from the provider’s operating risk, creating an additional layer of protection that persists even if the provider itself faces disruption.
Your workers' wages, your disbursements, and your client funds are only as safe as the company holding them.
With a PSP model, that risk is structurally removed. You're working with a technology partner that plugs into regulated banking infrastructure, not one that acts as the financial institution itself. That separation is the point.
Questions You Should Be Asking Your Payment Provider
Most payment providers aren't on the verge of a compliance order, so the XTM situation isn't a reason to panic. But it is a useful prompt to ask some basic questions about how your funds are actually protected.
If you're running a payment program, or evaluating providers, whether for payroll, disbursements, earned wage access, incentives, or anything else, here are five questions worth getting clear answers to:
- Are client funds held at federally regulated financial institutions? This is the foundational question, and the answer should be an unequivocal yes. The provider should also be able to tell you exactly which institution and under what arrangement.
- Are client funds segregated from the provider's operating capital? A provider that commingles client funds with their own operating accounts is one whose financial health is directly tied to the safety of your money, a risk you shouldn't have to take.
- What happens to my program if you face a regulatory action or insolvency? It's an uncomfortable question, but ask it anyway. A well-structured provider should have a clear answer, and that answer should not be that your funds are at risk too.
- Are you registered and compliant under the Retail Payment Activities Act? PSP registration under the RPAA is a meaningful signal. It means the Bank of Canada has oversight of how that provider manages operational risk and safeguards funds, not just whether they're checking AML boxes.
- What does your banking partnership structure look like? Who are the licensed institutions behind your platform? How are funds actually held and moved? A reputable provider should be able to walk you through this without hesitation.
None of these should be gotcha questions. Any serious payment provider should welcome them and have straightforward answers. If the responses are vague or evasive, that's a red flag worth paying attention to.
The XTM order is a reminder that in payments, the structural details, fund custody, regulatory framework, banking partnerships, are not fine print. They determine whether your program keeps running when something unexpected happens.
Structure First: How Berkeley Approaches Payments Infrastructure
Berkeley operates as a payments infrastructure platform, the technology and integration layer that sits between your company and the banking system. We're not a bank and we're not trying to be. What we are is a PSP built from the ground up to work with fully licensed banking partners, not around them.
In practice, that means:
- Client funds are held at regulated financial institutions. When money moves through Berkeley's platform, whether that's a payroll disbursement, a prepaid card load, or a mass payout, it's held at our banking partners, not on Berkeley's balance sheet. That separation is how our platform is built.
- Compliance is part of our infrastructure. Berkeley's platform includes built-in AML/KYC frameworks, immutable transaction ledgers, spend controls, and audit trails, the foundational features that enterprise clients, financial institutions, and government programs should require before putting their name on a payment program.
- We're registered under the Retail Payment Activities Act. The same regulatory framework the Bank of Canada used to issue the XTM order is the framework Berkeley operates under. That reflects how our platform is structured and what kind of oversight we're accountable to.
- Speed and safety aren't a tradeoff. One persistent myth in payments is that moving fast means accepting more risk. Berkeley's platform is designed to disprove that. We power real-time disbursements, instant card issuance, and mass payouts at scale, all running on banking infrastructure that meets the compliance requirements of the most risk-sensitive businesses and organizations.
The companies looking to move off platforms like AnyDay aren't just looking for a replacement. They're looking for a provider they can trust to still be running, and running cleanly, in two, five, and ten years. The features might look similar across providers. It's the underlying structure that makes the real difference.
Ready to Make the Move? Here's What to Expect
If your program has been disrupted by the XTM order, or if this situation has prompted a harder look at your current payment infrastructure, the natural next question is: how complicated is it to switch?
Migrating a payment program takes real planning. There are cardholder accounts to transition, banking integrations to set up, and compliance documentation to work through. Anyone who tells you it's a one or two day process is underselling the complexity.
What Berkeley offers is a structured onboarding process built on significant experience bringing payment programs across from other providers, or standing them up from scratch. A few things that make the transition more manageable than you might expect:
- A single integration point. Rather than stitching together multiple vendors for card issuance, money movement, compliance, and reporting, Berkeley consolidates all of that into one platform, reducing integration burden significantly compared to building or migrating to a multi-vendor stack.
- White-label flexibility. If your program is client-facing or worker-facing with your brand on it, that doesn't have to change. Berkeley's platform is built to sit behind your brand, not in front of it.
- Dedicated implementation support. We don't hand you API documentation and wish you luck. Implementation is a supported process with Berkeley's team involved from scoping through go-live.
The disruption caused by the XTM order is real, and we don't want to minimize it. But if it prompts your organization to move to infrastructure that's more structurally sound, that's a meaningful long-term win, even if the short-term transition is messy.
If you'd like to talk through your current setup and what a move to Berkeley could look like, get in touch with our team.
