|
Financial Institution Letters
| FDIC Supervisory Approach to Payment Processing Relationships With Merchant Customers That Engage in Higher-Risk Activities (Revised July 2014) |
FIL-43-2013
September 27, 2013 |
Printable Format:
FIL-43-2013 - PDF (PDF Help)
| Summary:
|
The FDIC is clarifying its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities. Facilitating payment processing for merchant customers engaged in higher-risk activities can pose risks to financial institutions; however, those that properly manage these relationships and risks are neither prohibited nor discouraged from providing payment processing services to customers operating in compliance with applicable law.
Statement of Applicability to Institutions With Total Assets Under $1 Billion: This Financial Institution Letter applies to all FDIC-supervised banks and savings associations, including community institutions.
|
Highlights:
-
Financial institutions that provide payment processing services directly or indirectly for merchant customers engaged in higher-risk activities are expected to perform proper risk assessments, conduct due diligence to determine merchant customers are operating in accordance with applicable law, and maintain systems to monitor relationships over time.
-
Proper management of relationships with merchant customers engaged in higher-risk activities is essential. Financial institutions need to assure themselves that they are not facilitating fraudulent or other illegal activity. Institutions could be exposed to financial or legal risk should the legality of activities be challenged.
-
FDIC's examination focus is on assessing whether financial institutions are adequately overseeing activities and transactions they process and appropriately managing and mitigating risks. Financial institutions that have appropriate systems and controls will not be criticized for providing payment processing services to businesses operating in compliance with applicable law.
Continuation of FIL-43-2013
Distribution:
FDIC-Supervised Banks (Commercial and Savings)
Suggested Routing:
Board of Directors, Senior Executive Officers, Chief Credit Officer, Chief Information Technology Officer,
Bank Secrecy Act Officer
Related Topics:
Guidance for Managing Third-Party Risk, FIL-44-2008;
Guidance on Payment Processor Relationships, FIL-127-2009;
Managing Risks in Third-Party Payment Processor Relationships, Supervisory Insights Journal, Summer 2011;
Payment Processor Relationships, Revised Guidance, FIL-3-2012;
FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual; and
FFIEC Information Technology Hand book, Retail Payments Systems Booklet.
Attachment:
FDIC Supervisory Approach to Payment Processing Relationships With Merchant Customers That Engage in Higher-Risk Activities
Contact:
Michael Benardo, Section Chief, Division of Risk Management Supervision at MBenardo@FDIC.gov or 703-254-0450; Surge Sen, Section Chief, Division of Depositor and Consumer Protection at SSen@FDIC.gov or 202-898-6699.
Note:
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at http://www.fdic.gov/news/news/financial/2013/index.html.
To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.
Paper copies may be obtained via the FDIC's Public Information Center, 3501 Fairfax Drive, E 1002, Arlington, VA 22226 (877-275-3342 or 703 562 2200).
|
Financial Institution Letters
FIL-43-2013
September 27, 2013 |
FDIC Supervisory Approach to Payment Processing Relationships With Merchant Customers That Engage in Higher-Risk Activities
The FDIC is issuing this letter to clarify its policy and supervisory approach related to facilitating payment processing1 services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities. Facilitating payment processing for merchant customers engaged in higher-risk activities can pose risks to financial institutions and requires due diligence and monitoring, as detailed in prior FDIC and interagency guidance and other information.2 Financial institutions that properly manage these relationships and risks are neither prohibited nor discouraged from providing payment processing services to customers operating in compliance with applicable federal and state law.
The FDIC and other agency guidance indicate that financial institutions that provide payment processing services directly or indirectly for merchants engaged in higher-risk activities are expected to perform proper risk assessments, conduct due diligence sufficient to ascertain that the merchants are operating in accordance with applicable law, and maintain appropriate systems to monitor these relationships over time. The proper management of relationships with merchant customers engaged in higher-risk activities is essential. Financial institutions need to assure themselves that they are not facilitating fraudulent or other illegal activity. Institutions could be exposed to financial or legal risk should the legality of activities be challenged.
The FDIC is aware that some payment processors or merchants may target institutions that are unfamiliar with the related risks or that lack proper due diligence or controls to manage these risks. Thus financial institutions that engage or plan to engage in these activities should review this guidance. The focus of FDIC examinations is to assess whether financial institutions are adequately overseeing activities and transactions they process and appropriately managing and mitigating related risks. Those that are operating with the appropriate systems and controls will not be criticized for providing payment processing services to businesses operating in compliance with applicable law.
1Payments may be in the form of remotely created checks (also known as “Demand Drafts”), Automated Clearing House transactions, or similar methods.
2FDIC guidance and other information on this topic includes:
|
|
