FinCEN Issues Advisory on Risk Associated with Third-Party Payment Processors

The Financial Crimes Enforcement Network (FinCEN) has released an advisory providing guidance to financial institutions when filing suspicious activity reports (SARs) on activities related to third-party payment processors, another step designed to further the Department of Treasury’s efforts to protect against money laundering and terrorist financing.

Third-party payment processors, also referred to as non-bank payment processors, are financial institution customers that provide payment processing services to merchants and other business entities, typically initiating transactions on behalf of merchant clients that do not have a direct relationship with the payment processor’s financial institution. With the expansion of the internet, payment processors may now service a variety of domestic and international merchants, including conventional retail and Internet-based establishments, prepaid travel, and internet gaming enterprises.

Law enforcement has reported to FinCEN that recent increases in certain criminal activity have demonstrated that payment processors present a risk to the payment system by making it vulnerable to money laundering, identity theft, fraud schemes, and illicit transactions.

To help financial institutions mitigate this risk, FinCEN will hold an informational webinar in coordination with the Financial Fraud Enforcement Task Force (FFETF) Consumer Protection Working Group on Thursday, Oct. 25, 2012, to discuss third-party payment processors.

Many payment processors provide legitimate payment transactions for reputable merchant clients. The risk profile of such entities, however, can vary significantly depending on the composition of the customer base. For example, payment processors providing consumer transactions on behalf of telemarketing and Internet merchants may present a higher risk profile to a financial institution than would other businesses. Telemarketing and internet sales and RCC-related transactions tend to have relatively higher incidences of consumer fraud or potentially illegal activities.

Certain suspicious activity is often associated with payment processors that are engaged in improper or illegal conduct.

  • Fraud: High numbers of consumer complaints about payment processors and/or merchant clients, and particularly high numbers of returns or charge backs (aggregate or otherwise), suggest that the originating merchant may be engaged in unfair or deceptive practices or fraud.
  • Accounts at Multiple Financial Institutions: Payment processors engaged in suspicious activity often maintain accounts at more than one financial institution. Consolidation accounts can be used by payment processors to conceal high return or chargeback rates from originating financial institutions and regulators.
  • Money Laundering: Criminals are continually looking for ways to launder illicit proceeds, including the proceeds of consumer fraud. Payment Processors can be used by criminals to mask illegal or suspicious transactions and to launder proceeds of crime. In addition, payment processors have been used to place illegal funds directly into a financial institution using ACH credit transactions originating from foreign sources.
  • Enhanced Risk: There are potential risks associated with relationships with third-party entities, in particular foreign-located payment processors that process payments for telemarketers, online businesses, and other merchants.
  • Solicitation for Business: Payment processors engaged in suspicious activity have been known to solicit business relationships with distressed financial institutions in need of revenue and capital.
  • Elevated rate of return of debit transactions due to unauthorized transactions: Payment processors engaged in or complicit in suspicious activities may reflect a rate of return of debit items due to unauthorized transactions substantially higher than the average.

The guidance in the advisory is credit unions providing services to payment processors may find it necessary to update their anti-money laundering programs. Additionally, financial institutions may be required to file SARs if they know, suspect, or have reason to suspect that a Payment Processor has conducted a transaction involving funds derived from illegal activity, including, but not limited to, consumer fraud.

To assist law enforcement in investigating and prosecuting possible criminal activity involving payment processors, FinCEN requests that, when reporting suspicious activity, financial institutions (1) check the appropriate box on the SAR form to indicate the type of suspicious activity, and (2) include the term “Payment Processor” in both the narrative portion and the subject occupation portions of the SAR.


Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Around the NW, Events.