The payment processing industry is best known for its rapid innovation. While it all started with promising technological advancements and evolving consumer expectations, now the modern financial sector has bound us to faster, more secure, and more convenient payment solutions.
However, trustworthy transactions and the best possible customer experience aren’t the only challenges businesses face today. Payment processors must align with various Anti-Money Laundering (AML) requirements. That means they must have a clear understanding of the necessary measures to prevent themselves from being exploited for money laundering and other financial crimes.
What is a Payment Processor?
A payment processor is a service or company that handles the electronic transfer of funds between a buyer and a seller during a financial transaction. PayPal is a famous example of a payment processor.
It enables other businesses to accept credit cards, recurring payments and e-checks without the need to open a separate merchant account. A payment processor handles payment data between the merchants who use them and their financial institutions. A third-party payment processor is also called a gateway that manages the transactions between buyers and sellers.
Third-party payment processors simplify the payment process by handling technical complexities, security measures, and financial transactions. They act as intermediaries between merchants and customers to enable efficient payment transactions.
How Do Third-Party Payment Processors Work?
Payment processors operate by acquiring credit or debit card information from a merchant’s payment gateway. This information is then verified with the bank to obtain authorization. If the payment is authorized, the payment processor informs the customer’s institution to wire the funds to the merchant’s account.
Here’s how the payment processor works step-by-step:
- Collecting payment data. When a customer makes a purchase, the payment processor collects the necessary payment information, such as credit card details or bank account numbers. This information is then securely transmitted to the payment processor’s system.
- Authorizing the transaction. The payment processor performs a series of checks and verifications to ensure the validity and security of the transaction. This includes verifying the customer’s payment details, conducting fraud prevention checks, and authorizing that the customer has sufficient funds or credit available for the transaction.
- Wiring the money. Once the transaction is approved, the payment processor transfers the funds from the customer’s account to the merchant’s account. This transfer can happen in real-time or on a scheduled basis, depending on the payment processor’s policies and the payment method used.
What’s the Difference Between Third-Party Processors and Merchant Account Providers?
Both third-party processors and merchant account providers provide various payment services to businesses. However, there are areas where they have the most significant differences, particularly when it comes to ease of use, integration, access to funds, and rate flexibility.
Third-party processors provide more straightforward solutions with pre-existing payment infrastructure. In the meantime, merchant account providers typically offer greater customization options. But different from payment processors, which work as intermediaries, merchant account providers offer dedicated accounts to businesses for processing payments. These accounts are usually established with financial institutions or acquiring banks.
Both third-party processors and merchant account providers have their benefits. Businesses must assess their requirements, compliance obligations, and desired level of control to choose the best solution for their specific case.
What to Consider When Choosing a Third-Party Payment Processor?
When selecting a third-party payment processor, there are several factors to consider. We go into more detail below:
It’s essential to ensure that the payment processor follows industry-standard security practices and complies with relevant regulations, such as the Payment Card Industry Data Security Standard (PCI DSS). A reputable payment processor also offers robust encryption and fraud prevention mechanisms to safeguard sensitive customer data. Don’t forget to check the processor’s track record for handling security breaches and their responsiveness in addressing any incidents.
Compatibility and Integration
Check whether the payment processor supports the payment methods used by your target customers, such as credit cards, bank transfers, or digital wallets. Consider the processor’s scalability and flexibility to accommodate your business growth and any future expansion plans. Assess their fees and pricing structure, including transaction fees and any additional costs, to ensure they align with your budget and business model.
When we talk about security, we can’t forget anti-money laundering (AML) compliance. While certain jurisdictions do not oblige third-party payment processors to follow AML regulations, these measures help prevent unwanted risks, such as data breaches or other fraudulent activities. Selecting a third-party payment processor that prioritizes AML compliance is crucial for long-term business success.
AML compliance not only ensures a seamless audit process but also protects your organization by preventing financial losses resulting from financial crime. By choosing a payment processor that emphasizes AML compliance, you can safeguard your business, maintain a strong reputation, and achieve sustainable growth.
What are the Global AML Requirements for Payment Processors?
With the introduction of new laws by regulators worldwide, payment processors are increasingly obligated to comply with AML requirements across multiple jurisdictions. These expanding obligations raise a higher level of warning that even non-regulated payment processors should adapt their practices. This way, they can prevent reputational damage, penalties, and revenue loss.
The most important rules in AML requirements are the five pillars. The Five pillars of AML Compliance serve as the main guidelines for companies who want to build an effective AML compliance program. They include:
- Appointing a compliance officer.
- Developing internal policies.
- Conducting employee training.
- Ensuring independent testing and auditing.
- Deploying in-depth risk assessment.
AML regulations are dynamic, with the most recent compliance pillar being added in 2018. This factor puts pressure on companies that must ensure their AML compliance remains up-to-date.
Below, we look into AML compliance requirements according to different countries.
EU AML Requirements
In the European Union, payment processors are considered regulated institutions. They are required to follow the Payment Services Directive and the two AML Directives that are directed at payment service providers:
- Payment Services Directive 2 (PSD2) focuses on stronger customer identification.
- The 6th AML directive (6AMLD) introduced new advancements to the previous directive, 5AMLD, which also proposed specific measures for payment providers, such as customer due diligence (CDD) processes. The directive also introduced stricter regulations for anonymous prepaid cards to prevent their misuse in money laundering.
US AML Requirements
In the US, the Bank Secrecy Act (BSA) doesn’t impose AML requirements on payment processors. Despite that, the Federal Financial Institutions Examination Council highlights that payment processors carry higher risks of money laundering and fraud if they lack a reliable method to verify customer identities and business practices of their merchant clients.
Furthermore, the ENABLERS Act, a bill currently progressing through the federal legislative process, incorporates payment processors as part of its efforts to strengthen the fight against money laundering. Although not currently mandated by law, payment processors operating in the US should follow compliance practices that align with those of regulated financial institutions.
Canada AML Requirements
In Canada, the Financial Transactions and Reports Analysis Center of Canada (FINTRAC) is responsible for regulating payment processors. That means money service businesses or foreign money services must comply with the country’s electronic fund-transferring obligations.
On April 27, 2022, FINTRAC changed its reporting requirement for payment processors. This adjustment involved merchant servicing and payment processing providers. According to the law, they are now regulated and must comply with the same electronic fund transfer obligations.
Best AML Practices for Payment Processors
Automated workflows, effective merchant risk management, and KYC processes play crucial roles in helping payment processors ensure Anti-Money Laundering (AML) compliance. Here’s a short list with examples:
Know Your Customer (KYC)
KYC processes are essential for verifying the identity of customers and understanding their behavioral patterns to detect any suspicious activities. Payment processors can employ advanced technologies, such as automated identity verification software, to streamline KYC when onboarding a new merchant.
Payment processors can use automated KYC checks to verify the merchant’s identity, business registration, and ownership structure. Ongoing KYC processes involve monitoring transaction patterns to identify any deviations or unusual behavior that may indicate money laundering or other illicit activities.
Automated AML Workflows
Integrating automated workflows allows payment processors to streamline their AML compliance processes, drastically reducing the risk of human error and increasing efficiency. For example, when a suspicious transaction is flagged during the AML Screening process, an automated workflow can trigger a series of predefined steps, such as generating an alert, initiating an investigation, and notifying relevant parties.
This ensures that suspicious activities are promptly addressed and reported to the appropriate authorities. Another example is the PEP and Sanctions Screening process. For example, an automated PEP screening tool can check customer information against comprehensive databases that contain the profiles of known PEPs. If a match is found, the tool can generate an alert, prompting further investigation and enhanced due diligence (EDD).
Robust Merchant Risk Management
Payment processors need to assess the risk associated with their merchants to identify potential AML vulnerabilities. By implementing robust merchant risk management processes, they can easily determine the risk factors associated with each merchant, such as their business type, transaction volume, or geographic location. For instance, a payment processor may assign a higher risk score to a merchant operating in a high-risk industry, such as online gambling or cryptocurrency, prompting closer monitoring.
Automated AML Compliance Tools for Payment Processors
AML compliance practices are much more than tools created for preventing illicit activities. When done right, they can benefit your onboarding process and help control costs. However, it can be a challenge to strike a balance between efficient onboarding and maintaining security. To achieve that, payment processors must switch to an automated compliance workflow.