Payment Processors and Their AML Requirements

Payment processors are an essential part of the modern financial system, enabling trustworthy transactions between businesses and customers worldwide. However, like other financial services, payment processors are vulnerable to money laundering (ML)—and regulators are taking notice. Just last year, German regulator BaFin paused onboarding of new customers by Unzer E-Com, a payment processor, due to insufficient precautions against ML and terrorist financing (TF).

To stay away from regulatory penalties and maintain trust with clients, payment processors need to understand the measures they should take against ML and other crimes. This means understanding both local and global AML requirements, which  may differ from one jurisdiction to another. 

Read on to see how payment processors can handle all things anti-fraud and compliance.

How a third-party payment processor works

A third-party payment processor (or payment gateway) is a business that manages the bankcard transaction process to facilitate online transactions between buyers and sellers. 

Payment processors work by obtaining bank card information, which is then cross-checked with the bank for authorization. If authorization is granted, the payment processor subsequently informs the user’s institution and greenlights the wiring of the funds to the merchant’s account.

Examples of third party payment processors include PayPal, Stripe and Square.

Third-party processors vs. merchant account providers

Unlike payment processors, which are intermediaries, merchant account providers offer businesses dedicated accounts to process payments. These accounts are typically established with acquiring banks or financial institutions.

Both third-party processors and merchant account providers have their advantages, depending on the needs of a given business.  

Third-party processors offer simplicity, ready-made infrastructure, and ease of use, while merchant account providers offer more control and customization options. Businesses should evaluate their requirements, transaction volume, compliance needs, and desired level of control before choosing the most appropriate solution.

Third-party payment processor checklist

Before choosing a third-party payment processor, ensure that it offers the following features: 

1. Security. A top priority for any payment processor is to ensure secure transactions. The processor should have robust security measures in place, such as encryption protocols, fraud detection systems, and internal testing procedures.
2. AML compliance. Security is intertwined with anti-money laundering (AML) compliance. However, in certain jurisdictions, third-party payment processors are not yet required to comply with AML rules. A responsible processor would still have AML measures in place, given the general vulnerability of processors to money laundering and other financial crimes.
3. Multiple payment options. The best payment processors offer a wide range of payment options to meet customer needs. This may include credit and debit cards, digital wallets (Apple Pay), bank transfers, and alternative payment methods (cryptocurrencies).
4. Easy integration and mobile-friendly solutions. Payment processors should easily integrate with a merchant’s website and be user-friendly. This means clear documentation, API, plugins, and developer support. Given the growth  of mobile e-commerce, payment processors should also offer mobile-friendly solutions, such as a mobile SDK for easy integration into mobile apps.
5. Transparent pricing. Payment processors should have transparent pricing with clear fee schedules.
6. Global reach. If merchants have an international customer base, it’s critical that their payment processor supports multiple currencies and international payment capabilities.
7. Reliable customer support. Merchants need responsive and professional customer support to promptly handle any issues or answer questions regarding transactions.
8. Reporting and analytics. A reliable payment processor should provide reporting tools and insights. This includes access to detailed transaction reports, analytics, and real-time data to track and analyze sales, customer behavior, and payment trends.

AML requirements for payment processors

Payment processing regulations vary depending on the jurisdiction.

For example, in the EU, third-party processors are considered AML-regulated institutions and therefore must follow the Anti-Money Laundering Directives (AMLD) and the Payment Services Directive (PSD2). 

In the US, the Bank Secrecy Act (BSA) generally does not oblige payment gateways to follow AML regulations. However, the Federal Financial Institutions Examination Council states that: “Payment processors pose greater money laundering and fraud risk if they do not have an effective means of verifying their merchant clients’ identities and business practices. Risks are heightened when the processor does not perform adequate due diligence on the merchants for which they are originating payments.”

As AML regulations tighten worldwide, payment processors may soon have to fully comply with AML laws in multiple jurisdictions. Processors that neglect AML and due diligence requirements face penalties, reputational damage, and lost clients. Therefore, it’s highly recommended that payment processors follow fundamental AML rules, even if they are not yet required to do so. This includes: 

• Customer Due Diligence, including Sanctions Screening
• Appointing a money-laundering compliance officer (MLCO)
• Employee training
• Ongoing review of internal practices
• Transaction Monitoring.

By adhering to AML regulations, payment processors would contribute to the integrity of the financial system and help prevent financial crime. Compliance with AML requirements also builds trust with merchants, buyers, and regulators, demonstrating a commitment to responsible financial practices.

FAQ

• What is a third party payment processor?

  A third-party payment processor provides merchants with the ability to accept online payments without a merchant account.

• What is an example of third party payment?

  PayPal is the most well-known payment processor.

• Are payment processors regulated?

  In a lot of jurisdictions, including the US, payment processors are not yet subject to AML regulations.

• What are the risks of third-party payment processors?

  Third-party payment processors are considered vulnerable to money laundering, and are therefore recommended to take AML measures.