FinCEN issued an advisory to financial institutions to provide guidance on filing Suspicious Activity Reports on third-party payment processors’ activities. Non-bank or third-party payment processors are defined as “financial institution customers that provide payment processing services to merchants and other business entities, typically initiating transactions on behalf of merchant clients that do not have a direct relationship with the Payment Processor’s financial institution.” The advisory notes that the recent increase in certain criminal activity has highlighted the potential risks that third-party payment processors present to the payment system, for example, money laundering. The advisory provides a list of suspicious activities usually associated with third-party payment processors engaged in improper or illegal activity, including, but not limited to, fraud, multiple accounts at financial institutions and elevated rates of return of debit transactions due to unauthorized transactions.
FinCEN suggests that as part of their due diligence, financial institutions determine whether (1) external investigations or legal actions are pending against a third-party payment processor or its principals, and (2) the third party payment processor has obtained all necessary state licenses, registrations and approvals. Additionally, when reporting suspicious activity involving a third-party payment processor, financial institutions should (1) check the appropriate box on the SAR form to indicate the type of suspicious activity, and (2) include the term “payment processor” in both the narrative and subject occupation portions of the SAR.