Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter

FDIC Supervisory Approach to Payment Processing Relationships With Merchant Customers That Engage in Higher-Risk Activities (Revised July 2014)

Summary: The FDIC is clarifying its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities. Facilitating payment processing for merchant customers engaged in higher-risk activities can pose risks to financial institutions; however, those that properly manage these relationships and risks are neither prohibited nor discouraged from providing payment processing services to customers operating in compliance with applicable law. 

Statement of Applicability to Institutions With Total Assets Under $1 Billion: This Financial Institution Letter applies to all FDIC-supervised banks and savings associations, including community institutions. 

Highlights: 

  • Financial institutions that provide payment processing services directly or indirectly for merchant customers engaged in higher-risk activities are expected to perform proper risk assessments, conduct due diligence to determine merchant customers are operating in accordance with applicable law, and maintain systems to monitor relationships over time.
  • Proper management of relationships with merchant customers engaged in higher-risk activities is essential. Financial institutions need to assure themselves that they are not facilitating fraudulent or other illegal activity. Institutions could be exposed to financial or legal risk should the legality of activities be challenged.
  • FDIC's examination focus is on assessing whether financial institutions are adequately overseeing activities and transactions they process and appropriately managing and mitigating risks. Financial institutions that have appropriate systems and controls will not be criticized for providing payment processing services to businesses operating in compliance with applicable law.

Continuation of FIL-43-2013 

Distribution: 
FDIC-Supervised Banks (Commercial and Savings) 

Suggested Routing: 
Board of Directors, Senior Executive Officers, Chief Credit Officer, Chief Information Technology Officer, 
Bank Secrecy Act Officer 

Note: 
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at http://www.fdic.gov/news/financial-institution-letters/2013/index.html

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html

Paper copies may be obtained via the FDIC's Public Information Center, 3501 Fairfax Drive, E 1002, Arlington, VA 22226 (877-275-3342 or 703 562 2200). 

Financial Institution Letters 
FIL-43-2013 
September 27, 2013 

FDIC Supervisory Approach to Payment Processing Relationships With Merchant Customers That Engage in Higher-Risk Activities 
 

The FDIC is issuing this letter to clarify its policy and supervisory approach related to facilitating payment processing 1services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities. Facilitating payment processing for merchant customers engaged in higher-risk activities can pose risks to financial institutions and requires due diligence and monitoring, as detailed in prior FDIC and interagency guidance and other information. 2Financial institutions that properly manage these relationships and risks are neither prohibited nor discouraged from providing payment processing services to customers operating in compliance with applicable federal and state law. 

The FDIC and other agency guidance indicate that financial institutions that provide payment processing services directly or indirectly for merchants engaged in higher-risk activities are expected to perform proper risk assessments, conduct due diligence sufficient to ascertain that the merchants are operating in accordance with applicable law, and maintain appropriate systems to monitor these relationships over time. The proper management of relationships with merchant customers engaged in higher-risk activities is essential. Financial institutions need to assure themselves that they are not facilitating fraudulent or other illegal activity. Institutions could be exposed to financial or legal risk should the legality of activities be challenged. 

The FDIC is aware that some payment processors or merchants may target institutions that are unfamiliar with the related risks or that lack proper due diligence or controls to manage these risks. Thus financial institutions that engage or plan to engage in these activities should review this guidance. The focus of FDIC examinations is to assess whether financial institutions are adequately overseeing activities and transactions they process and appropriately managing and mitigating related risks. Those that are operating with the appropriate systems and controls will not be criticized for providing payment processing services to businesses operating in compliance with applicable law. 


Additional Related Topics:

  • Guidance for Managing Third-Party Risk, FIL-44-2008;
  • Guidance on Payment Processor Relationships, FIL-127-2009;
  • Managing Risks in Third-Party Payment Processor Relationships, Supervisory Insights Journal, Summer 2011;
  • Payment Processor Relationships, Revised Guidance, FIL-3-2012;
  • FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual; and
  • FFIEC Information Technology Hand book, Retail Payments Systems Booklet.
  • 1

    Payments may be in the form of remotely created checks (also known as “Demand Drafts”), Automated Clearing House transactions, or similar methods.

  • 2

    FDIC guidance and other information on this topic includes:

FIL-43-2013
Attachment(s)

Last Updated: September 27, 2013