The FDIC recently issued Financial Institution Letter FIL-43-2013 entitled “FDIC Supervisory Approach to Payment Processing Relationships with Merchant Customers that Engage in Higher-Risk Activities.” The letter states that financial institutions providing payment processing services directly or indirectly to merchants engaged in “higher-risk” activities must perform appropriate due diligence to ensure that the merchants operate in accordance with applicable law. Such due diligence helps assure that the bank is not facilitating fraudulent or illegal activity.

Responding to congressional concerns about the FDIC’s supervisory approach, FDIC Chairman Martin Gruenberg sent a letter to Congress in which he described a range of merchants that were considered “higher risk businesses” and the focus of FDIC scrutiny, including online short-term lending, credit repair services, telemarketing, debt consolidation, online gaming, online tobacco and firearms sales, online pharmaceutical sales, and sweepstakes and magazine subscriptions. According to the letter, a bank’s relationships with companies that process payments on behalf of such higher risk businesses can pose significant risks for financial institutions in these areas because, ultimately, the bank can be held responsible for the transactions which it facilitates.

Following these events, the FDIC issued guidance regarding how banks should handle payment processors whose clients have a higher risk of involvement in illegal or fraudulent transactions. The guidance, which Chairman Gruenberg alluded to in his letter, advises banks to perform proper risk assessments and due diligence, properly manage their relationships with merchant customers engaged in higher-risk activities and maintain appropriate systems and controls.

While the FIL states that there is no intent to “discourage” financial institutions from offering these services as long as the third-party relationship is properly managed and adequate policies and procedures are in place, it leaves the possibility that banks will be held responsible for providing payments-both direct and indirect-to merchants not in compliance with all applicable laws.


A copy of the Gruenberg’s letter may be found here.

A copy of the Financial Institution Letter may be found here.

A copy of the guidance may be found here.

As first published in the NBPCA Government Update.