On January 19, 2021, several federal banking regulators including FinCEN, the Federal Reserve, the FDIC, NCUA, and the OCC jointly issued answers to several frequently asked questions (FAQs) regarding suspicious activity reports (SARs) and other anti-money laundering (AML) considerations for financial institutions covered by SAR rules.  As used below, the term “financial institution” includes money services businesses.

Importantly, the FAQs do not alter existing BSA/AML legal or regulatory requirements, nor do they establish new supervisory expectations.  Instead, they are intended to clarify the regulatory requirements related to SARs to assist financial institutions with their compliance obligations.
Continue Reading New Joint Regulatory FAQs Regarding Suspicious Activity Reporting and other AML Considerations

In light of the significant increase in chargebacks resulting from COVID-19, Visa, Mastercard and American Express recently issued guidance to assist acquirers, issuers, and merchants in navigating the dispute process. Below is a summary of that guidance. Visa On March 27, 2020, Visa released a bulletin titled “Managing Disputes Through COVID-19: Programs, Best Practices and FAQs to Help Clients” in which it provides guidance about managing and responding to disputes as a result of COVID-19.
Continue Reading Card Brand Guidance for Managing COVID-19 Related Chargebacks

The Taft Paytech & Payment Systems team has prepared the following tips for ISOs, processors, payment facilitators, ISVs, money services businesses, and banks in light of COVID-19 developments.

  • Review Termination Rights and Implications. Contracts often include a force majeure clause that excuses nonperformance when it is caused by unforeseen events beyond the control of the parties. An evaluation of whether the current circumstances qualify as a force majeure event should be conducted. If the contract does not contain such a provision, there may be other remedies if you are unable to perform.
    Continue Reading Legal Impacts of COVID-19 on the Payments Industry

Recent opinion provides welcome clarity on Oklahoma’s position on surcharge ban enforceability, relating to electronic payment processing

Judicial developments surrounding the legality of credit card surcharging have made keeping up with the latest news on this issue a challenge. Currently, there are several states with laws in place prohibiting surcharges. Merchants have challenged the constitutionality of these laws in court, sometimes with some confusing results.
Continue Reading Oklahoma AG: Surcharges OK

The Maryland legislature has passed legislation that, if signed by the Governor, will require merchant acquirers to revise their merchant applications and agreements. Under the proposed law, merchant services providers, financial institutions, independent sales organization (ISO’s), or any subsidiary or affiliate of those entities (“Credit Card Processors”) will be required to provide merchants with specific disclosures and notices clearly and conspicuously within the merchant agreement. We interpret this to include payment facilitators. There is also a cap on the fees or penalties that a Credit Card Processor can levy against a merchant for its cancellation of the merchant agreement.
Continue Reading Legislative Watch: New Merchant Agreement Requirements

The EU General Data Privacy Regulation (GDPR) was adopted in 2016 and went into effect on May 25, 2018. The GDPR is a framework regulation that is designed to provide a uniform regime to protect the privacy of an individual of the European Union (“data subject”) whose personal data is collected, stored, or processed.

The GDPR is extremely broad in scope. Accepting or processing payments may be classified as the collection and processing of personal data under the GDPR. As such, any company involved in processing payments from consumers should take steps to determine whether they or any of their business partners are collecting, storing, or processing personal information of a data subject.
Continue Reading GDPR Applicability to U.S. Merchants, Processors and Acquirers

Following closely on the heels of the EU’s General Data Protection Regulation (GDPR), California recently enacted its own consumer privacy law called the California Consumer Privacy Act of 2018 (CCPA).

The law, which requires protection of personal information of California residents, was passed in June and then amended in late September. Merchants and payment processors will be affected by the CCPA, even those that are not based in California. Businesses will need to think closely about what types of data they collect and how they store and transmit such data. They will also need to establish processes for dealing with consumer requests.
Continue Reading The California Consumer Privacy Act

On January 4, 2018, U.S. Attorney General Sessions formally rescinded guidance issued by the Department of Justice (DOJ) during the Obama administration related to the DOJ’s approach to the enforcement of state-legalized marijuana activity.   Sessions replaced the former guidance by issuing a memo (“Sessions Memo”) that instructs U.S. Attorneys to “follow the well-established principles that govern all federal prosecutions” when determining which marijuana activities to prosecute.
Continue Reading Marijuana Banking & Payments: The Impact of AG Sessions’ Recent Memo

A recent trend that we are encountering frequently is software and internet-based platform providers (“providers”) venturing into the world of payments—sometimes unwittingly. A typical scenario looks something like this: A provider develops a platform that assists merchants (such as hair salons, utility providers, or medical offices) accept electronic payments from the merchant’s customers. Most commonly, the providers’ software or technology offerings assist these merchant businesses with virtually every aspect of their operations. So it seems only natural for the providers to offer a payment solution through the platform.
Continue Reading Technology Platform Providers and the Risk of Money Transmission