Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter
Guidance on Payment Processor Relationships (Revised July 2014)
November 7, 2008
Notes
 
Summary: The FDIC is issuing the attached guidance that describes potential risks associated with relationships with entities that process payments for telemarketers and other merchant clients. These types of relationships pose a higher risk and require additional due diligence and close monitoring. This guidance outlines risk management principles for this type of higher-risk activity.

Highlights:
  • Account relationships with entities that process payments for telemarketers and other merchant clients could expose financial institutions to increased strategic, credit, compliance, transaction, and reputation risks.
  • Account relationships with these higher-risk entities require careful due diligence and monitoring as well as prudent and effective underwriting.
  • Payment processors pose greater money laundering and fraud risk if they do not have an effective means of verifying their merchant clients' identities and business practices.
  • A financial institution should assess its risk tolerance for this type of activity as part of its risk management program and develop policies and procedures that address due diligence, underwriting, and ongoing monitoring of high-risk payment processor relationships for suspicious activity.
  • Financial institutions should be alert to consumer complaints that suggest a payment processor's merchant clients are inappropriately obtaining personal account information.
  • Financial institutions should act promptly when they believe fraudulent or improper activities have occurred related to a payment processor.

Distribution:
FDIC-supervised Institutions

Suggested Routing:
Chief Executive Officer
Executive Officers
BSA Compliance Officer

Note:
FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/financial-institution-letters/2008/index.html .

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html .

Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).

Additional Related Topics:

  • Risk Management
  • FDIC Guidance for Managing Third-Party Risk (FIL 44-2008, June 2008)
  • FFIEC Handbook on Retail Payment Systems (March 2004)
  • FFIEC Handbook on Outsourcing Technology Services (June 2004)
  • FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual
FIL-127-2008
Attachments
Guidance on Payment Processor Relationships
Last Updated: November 7, 2008