• The Payment-Processor Problem
  • March 21, 2012
  • Law Firm: Jones Walker Waechter Poitevent Carrere Denegre L.L.P. - New Orleans Office
  • As the use of remotely created checks ("RCCs") and other new technology continues to increase in the financial industry, the FDIC is becoming increasingly concerned with institutions’ relationships with payment processors. A payment processor is a deposit customer of a financial institution that processes payments for third-party merchants. These payment processors may use their own deposit accounts at an institution for such transactions or may establish separate accounts for the individual merchants. Many financial institutions are attracted to these payment-processor relationships due to the potential for high volume or large deposits that they may bring.

    However, the FDIC recently warned institutions about the dangers of payment processors and establishing such relationships. In FIL-3-2012, the agency outlined specific risks associated with these accounts such as the potential for fraud and money laundering activities. The FIL highlighted the fact that an institution which fails to properly manage payment processor relationships may be viewed as facilitating fraudulent or unlawful activity and therefore liable for Unfair or Deceptive Practices ("UDAP") violations under the Federal Trade Commission Act.

    In this light, the FDIC provided institutions with suggested steps to help mitigate the risk factors associated with payment processor accounts. For example, institutions are encouraged to perform additional due diligence on the front-end by performing background checks on the payment processor customer, the principal owners, and even the merchant clients. Institutions should strongly consider passing on an account where the payment processor applicant turns out to be a “nested” or “aggregator” processor; that is, the applicant’s merchants are also payment processors themselves. On an ongoing basis, an institution should have heightened monitors and controls in place for payment processor accounts that look for signs such as higher rate of returns or charge backs and high levels of RCCs returned as unauthorized or due to insufficient funds. Such signs may be indicators of unauthorized or illegal activities.

    Implementing these controls and processes may be time-consuming and/or expensive. Further, payment processors often target community banks—who usually possess fewer resources—due to these institutions’ lack of infrastructure to manage such relationships. The added burdens that accompany payment processor customers may lead an institution to forego these accounts. However, if your institution wishes to add these accounts to its portfolio, or maintain a high current volume of such, be sure that you have sufficiently weighed the pros and cons of doing so.