FDIC Clarifies its Supervisory Approach to Payment Processor Relationships

The Federal Deposit Insurance Corporation (FDIC) recently released a letter clarifying its policy and supervisory approach for financial institutions that provide services to payment processors who, in turn, provide services to merchants engaged in high risk activities. In summary, the brief letter assures FDIC-supervised banks and savings associations that relationships with such payment processors are neither prohibited or discouraged as long as the financial institution conducts the risk assessments and due diligence necessary to determine that the processor’s merchants are operating their businesses in accordance with applicable law. The FDIC reminds financial institutions to remain engaged in the oversight of merchant activities as necessary to mitigate the risks and provide assurance to the financial institution that it is not supporting illegal or fraudulent activities. The third party processor chapter of the Bank Secrecy Act exam manual could serve as a useful resource for a financial institution to benchmark its policies and procedures.

The FDIC first addressed the issue of financial institution relationships with processor-clients in November 2008 and first focused on processors that process transactions for merchants engaged in high risk activities in its January 2012 guidance. In the January 2012 guidance, the FDIC prescribed heightened due diligence, monitoring and mitigation procedures for depository institutions banking third party payment processors. The Financial Crimes Enforcement Network (FinCEN) similarly issued guidance related to third party processor relationships in October 2012. In November 2012, as a result of a joint proceeding, FinCEN and the FDIC gave First Bank of Delaware the ultimate sanction of canceling its FDIC deposit insurance for repeated failures to adequately oversee the activities, and assess the risks, of its third party processor-clients and each processor’s merchants who, according to the Assessment, should have been considered at high risk for money laundering.

The September 27, 2013 FDIC letter can be viewed here.