July 28, 2014
FDIC Clarifying Supervisory Approach to Institutions Establishing Account Relationships with Third-Party Payment Processors
The FDIC is clarifying its supervisory approach to institutions establishing account relationships with third-party payment processors (TPPPs). As part of its regular safety and soundness examination activities, the FDIC reviews and assesses the extent to which institutions having account relationships with TPPPs follow the outstanding guidance. FDIC guidance and an informational article contained lists of examples of merchant categories that had been associated by the payments industry with higher-risk activity when the guidance and article were released. The lists of examples of merchant categories have led to misunderstandings regarding the FDIC’s supervisory approach to TPPPs, creating the misperception that the listed examples of merchant categories were prohibited or discouraged. In fact, it is FDIC’s policy that insured institutions that properly manage customer relationships are neither prohibited nor discouraged from providing services to any customer operating in compliance with applicable law. Accordingly, the FDIC is clarifying its guidance to reinforce this approach, and as part of this clarification, the FDIC is removing the lists of examples of merchant categories from its official guidance and informational article.
Statement of Applicability to Institutions Under $1 Billion in Total Assets: This Financial Institution Letter applies to all FDIC-supervised institutions, including community banks, although its application is commensurate with size and risk.
- The focus of the FDIC’s supervisory approach to institutions establishing account relationships with TPPPs is to ensure institutions have adequate procedures for conducting due diligence, underwriting, and ongoing monitoring of these relationships. When an institution is following the outstanding guidance, it will not be criticized for establishing and maintaining relationships with TPPPs.
- The FDIC encourages insured depository institutions to serve their communities and recognizes the importance of services they provide. It is the FDIC’s policy that insured institutions that properly manage customer relationships are neither prohibited nor discouraged from providing services to any customer operating in compliance with applicable law.
- The FDIC is reissuing guidance (FIL-127-2008, Guidance on Payment Processor Relationships; FIL-3-2012, Payment Processor Relationships, Revised Guidance; and FIL-43-2013, FDIC Supervisory Approach to Payment Processing Relationships With Merchant Customers That Engage in Higher-Risk Activities) and an informational article, “Managing Risks in Third-Party Payment Processor Relationships,” Summer 2011, Supervisory Insights, to remove lists of examples of merchant categories.