Red Flags and Best Practices to Avoid FTC and CFPB Crosshairs

Regulatory bodies such as the FTC and CFPB are targeting payments processing now more than ever. They view the processors as essentially personal guarantors for the merchants they process. As such, it is important to be aware of and model your business around avoiding the existential threats posed by those investigations and prosecutions.

A few red flags to be aware of:

1. Merchants in high-risk activities like outgoing telemarketing, remote created checks and payment orders.
2. Merchants with (extensive) criminal or regulatory histories and backgrounds.
3. Deficient merchant applications; be on the lookout for merchant applications with vague or nonexistent business descriptions.
4. Merchants with multiple accounts. This can lead to or just be indicative of load bearing to spread out the frequency of chargebacks and other activity. While in our personal lives we see several reasons for carrying multiple bank accounts, the regulatory bodies such as FTC and CFPB have indicated that they don’t think there is a single legitimate reason for a merchant to carry more than one processing account.
5. Merchants with questionable finances, i.e., low credit scores or a great number or amount of debts.
6. Any questionable merchant marketing materials. Look closely at merchant websites and keep an eye out for inconsistent statements and confusing websites. For example, if a merchant website says “free trial” but when you follow the link it is a $30/month service, heightened scrutiny is needed.
7. Shell companies, straw owners and fictitious owners.
8. Merchants with high transaction rates.
9. Merchants with high chargebacks or cancelations.
10. Merchant activity that is inconsistent with expectations or with the merchant’s history of transactions.
11. Merchants with high complaint levels. This could be complaints from banks or various other sources such as the better business bureau.
12. Discrepancies with transactions. For example, where the dates or amounts don’t add up.

Some best practices for managing compliance include:

1. Strong culture of compliance. This starts at the top with the board of directors and flows down to all employees. It includes implementing policies, procedures and extensive training on an ongoing basis. Stay up to date and require continuing employee education programs.
2. Sufficient personnel and technological resources to manage and monitor compliance.
3. Record-keeping. This is extremely important, be diligent and even over the top on this aspect of your compliance.
4. Strong onboarding process. This includes thorough review, including KYC/identity verification, prior legal actions, business and operations models, websites and marketing content, consumer complaints, OFAC checks, credit risk and underwriting checks.
5. Ongoing monitoring and regulatory risk assessments.
6. Immediately suspending and terminating bad actors.
7. If you do get caught in the crosshairs of a regulatory body like the FTC or the CFPB call an attorney that specializes in defense immediately. A thorough and strategic response could be the best investment you’ll ever make. And preserve your response materials.