KYC for Payment Processors: Surviving Card Network and Bank Diligence
Payment processors and PayFacs face KYC pressure from card networks, sponsor banks and FinCEN at the same time. Here is how to satisfy all three.
Payment processors, payment facilitators (PayFacs) and acquirers operate in a high-trust environment with three regulators looking over their shoulder: FinCEN through the BSA framework, card networks through their rulebooks, and sponsor banks through contractual oversight.
This guide explains what KYC and KYB obligations apply, what the practical sub-merchant onboarding workflow looks like, and what diligence questions to be ready for from both Visa/Mastercard and your sponsor.
The Regulatory Stack
BSA/AML obligations apply if you are a covered financial institution or operate as an MSB. Card network rules — Visa GBPP, Mastercard BRAM — overlay merchant due diligence requirements. The sponsor bank consolidates everything into a contract you must satisfy continuously.
Sub-Merchant Onboarding KYB
Verify the legal entity, beneficial ownership down to the network-required threshold (often 25%, sometimes lower), the principal control person and the business model. Match against MATCH list and other merchant prohibition databases.
Prohibited and Restricted MCCs
Maintain a documented list of prohibited and restricted Merchant Category Codes with senior approval required for any exception. Networks audit this regularly.
Underwriting and Risk Tiering
Sub-merchants must be underwritten — financials, expected volume, average ticket, chargeback history — and tiered into risk buckets. High-risk tiers receive enhanced monitoring, reserves and shorter review cycles.
Ongoing Monitoring
Monitor transactions for unusual volume, fraud rate, chargeback rate, refund rate and prohibited content. Networks publish thresholds (e.g. excessive chargeback programs) that trigger fines if breached.
Sponsor Bank Diligence
Expect quarterly reporting on portfolio metrics, sub-merchant samples, escalation logs and any network notifications. Sponsor banks have lost their own licenses over weak processor oversight — they will not tolerate gaps.
Common Findings and Remediation
Top findings: weak beneficial ownership evidence, missing MATCH checks, inconsistent underwriting documentation, slow chargeback response. Build evidence quality into the workflow from day one — retrofitting it is painful.
Key Takeaways
- Three regulators apply at once — FinCEN, networks, sponsor bank.
- Sub-merchant KYB is the core control; treat it as a product.
- Risk tiering drives reserves and monitoring intensity.
- Sponsor banks lose licenses over processor gaps — they will be strict.
Related Verification Services
Verify business registration, status, and good standing.
Identify individuals with 25%+ ownership.
Configure rules for suspicious activity detection.
Screen against US Treasury sanctions lists.
Frequently Asked Questions
Do PayFacs need money transmitter licenses?
Generally no in the US under the PayFac model, but state-level views are evolving. Check your model with counsel.
What is the MATCH list?
Mastercard's database of terminated merchants. Onboarding a MATCH-listed entity is prohibited absent strong justification.
How fast must sub-merchant onboarding complete?
Industry baseline is sub-24-hour for low-risk MCCs. High-risk merchants take longer due to enhanced underwriting.
Who owns chargeback monitoring — the processor or the merchant?
Both. Processors monitor portfolio-wide; merchants manage their own representment. Networks fine the processor for portfolio-level breaches.
Do networks require beneficial ownership at 25% or lower?
Generally 25%, but networks and sponsor banks frequently require 10% for high-risk verticals.
Launching or scaling a PayFac?
We deliver sub-merchant KYB, underwriting workflows and sponsor-bank-ready reporting — built for network audits from day one.