Learn why payment processors are vulnerable to money laundering and how they can ensure AML compliance, security, and customer trust
Payment processors are an essential part of the modern financial system, enabling trustworthy transactions between businesses and customers worldwide. However, like other financial services, payment processors are vulnerable to money laundering (ML)—and regulators are taking notice. Just last year, German regulator BaFin paused onboarding of new customers by Unzer E-Com, a payment processor, due to insufficient precautions against ML and terrorist financing (TF).
To stay away from regulatory penalties and maintain trust with clients, payment processors need to understand the measures they should take against ML and other crimes. This means understanding both local and global AML requirements, which may differ from one jurisdiction to another.
Read on to see how payment processors can handle all things anti-fraud and compliance.
A third-party payment processor (or payment gateway) is a business that manages the bankcard transaction process to facilitate online transactions between buyers and sellers.
Payment processors work by obtaining bank card information, which is then cross-checked with the bank for authorization. If authorization is granted, the payment processor subsequently informs the user’s institution and greenlights the wiring of the funds to the merchant’s account.
Examples of third party payment processors include PayPal, Stripe and Square.
Unlike payment processors, which are intermediaries, merchant account providers offer businesses dedicated accounts to process payments. These accounts are typically established with acquiring banks or financial institutions.
Both third-party processors and merchant account providers have their advantages, depending on the needs of a given business.
Third-party processors offer simplicity, ready-made infrastructure, and ease of use, while merchant account providers offer more control and customization options. Businesses should evaluate their requirements, transaction volume, compliance needs, and desired level of control before choosing the most appropriate solution.
Before choosing a third-party payment processor, ensure that it offers the following features:
Payment processing regulations vary depending on the jurisdiction.
For example, in the EU, third-party processors are considered AML-regulated institutions and therefore must follow the Anti-Money Laundering Directives (AMLD) and the Payment Services Directive (PSD2).
In the US, the Bank Secrecy Act (BSA) generally does not oblige payment gateways to follow AML regulations. However, the Federal Financial Institutions Examination Council states that: “Payment processors pose greater money laundering and fraud risk if they do not have an effective means of verifying their merchant clients’ identities and business practices. Risks are heightened when the processor does not perform adequate due diligence on the merchants for which they are originating payments.”
As AML regulations tighten worldwide, payment processors may soon have to fully comply with AML laws in multiple jurisdictions. Processors that neglect AML and due diligence requirements face penalties, reputational damage, and lost clients. Therefore, it’s highly recommended that payment processors follow fundamental AML rules, even if they are not yet required to do so. This includes:
By adhering to AML regulations, payment processors would contribute to the integrity of the financial system and help prevent financial crime. Compliance with AML requirements also builds trust with merchants, buyers, and regulators, demonstrating a commitment to responsible financial practices.
A third-party payment processor provides merchants with the ability to accept online payments without a merchant account.
PayPal is the most well-known payment processor.
In a lot of jurisdictions, including the US, payment processors are not yet subject to AML regulations.
Third-party payment processors are considered vulnerable to money laundering, and are therefore recommended to take AML measures.