Guidance on Payment Processor Relationships
(Revised July 2014)
FIL-127-2008 November 7, 2008
The FDIC is issuing the attached guidance that describes potential risks associated with relationships with entities that process payments for telemarketers and other merchant clients. These types of relationships pose a higher risk and require additional due diligence and close monitoring. This guidance outlines risk management principles for this type of higher-risk activity.
Account relationships with entities that process payments for telemarketers and other merchant clients could expose financial institutions to increased strategic, credit, compliance, transaction, and reputation risks.
Account relationships with these higher-risk entities require careful due diligence and monitoring as well as prudent and effective underwriting.
Payment processors pose greater money laundering and fraud risk if they do not have an effective means of verifying their merchant clients' identities and business practices.
A financial institution should assess its risk tolerance for this type of activity as part of its risk management program and develop policies and procedures that address due diligence, underwriting, and ongoing monitoring of high-risk payment processor relationships for suspicious activity.
Financial institutions should be alert to consumer complaints that suggest a payment processor's merchant clients are inappropriately obtaining personal account information.
Financial institutions should act promptly when they believe fraudulent or improper activities have occurred related to a payment processor.