Page 32 - GS210601
P. 32
Education
AML requirements for merchant accounts
It turns out that, from an AML perspective, opening a
merchant account with a processor or acquiring bank is
not different from opening a regular checking account. In-
deed, a MID works a lot like a checking account, but with
a very specific and narrow purpose: to acquire funds from
Legal ease: payment cards and settle them to the owner of the MID.
Every person or business that opens a bank account or
MID must be screened by the bank opening the account
against SDN lists as well as other filters set out in the ap-
plicable AML program. The account-holder (for example,
merchant) must also be monitored throughout their re-
lationship with the institution and may be the subject of
suspension, termination, SAR filings or other actions by
the institution depending on their activity.
AML for ISOs AML responsibility in merchant processing
By Adam Atlas Technically, the primary legal responsibility in conven-
Attorney at Law tional credit and debit card payment processing rests with
the acquiring bank. However, as readers of The Green Sheet
know, acquiring banks outsource much of their operation-
oney laundering is the illegal activity of con- al functions to processors, ISOs, payfacs and other agents.
cealing the origins of money or crypto and
facilitating its flow through legitimate banks,
M payment processors or crypto businesses. That outsourcing often includes imposing obligations on
Terrorists, drug dealers, fraudsters and other criminals agents to collect merchant IDs, verify IDs against SDN
lists, monitor merchants for suspicious activity and assist
are always looking for ways to inject their ill-gotten or
ill-purposed funds into the legitimate financial and crypto in providing information that could support the filing of
a SAR.
ecosystem.
The purpose of this article is to give ISOs and processors That's the technical answer. In the real world, all partici-
an entry-level understanding and appreciation of the im- pants in the payment processing marketplace have an ob-
ligation to participate in AML; that is what regulators and
portance of money laundering controls and where ISOs fit
into the fight against financial crime. Bear with me, as I banks expect.
must include some acronyms and legal jargon.
To be precise, when a payment facilitator (payfac) opens a
Pursuant to the Bank Secrecy Act (BSA), the U.S. Depart- bank account through which they settle merchant settle-
ment of the Treasury Financial Crimes Enforcement Net- ment funds, in addition to the AML requirements of the
sponsoring bank, the bank where the payfac is banking
work (FinCEN) regulates anti-money laundering (AML)
standards for U.S. financial institutions, and the Office of will usually require the payfac to submit its AML program
and possibly even share the report of an external auditor
Foreign Asset Control (OFAC) publishes lists of persons
who are prohibited by law from being served by U.S. fi- attesting to the effectiveness of the AML program.
nancial or other businesses (Specially Designated Nation-
als – SDNs). There was a time when processors could turn a blind eye
to the activities of their merchants. That time is over. A
handful of Federal Trade Commission cases where proces-
All U.S. banks (including acquiring and issuing banks) sors and ISOs have been held liable for the bad acts of their
must comply with the standards and other requirements
set by FinCEN, OFAC and other federal and state regula- merchant clients has forever changed the liability of pro-
cessors and ISOs and prevents them from benefiting from
tory agencies. They must operate pursuant to a BSA-com-
pliant anti-money laundering program (AML Program), the ignorance of the goings-on of their merchants.
which is an institution-specific set of rules and procedures
by which the institution will comply with the BSA. This principle has migrated into AML as acquirers and
the banks serving payfacs impose real AML screening
and monitoring obligations on entities that had not previ-
Where the institution has identified suspicious activity ously had them. If a merchant is boarded without being
on the part of an account-holder (for example, processing
for fraudulent merchants), the institution may file a suspi- screened and monitored pursuant to an AML program,
someone is not doing their job.
cious activity report (SAR) with FinCEN. FinCEN shares
SARs with law enforcement to help them catch criminals.
32
