The USA PATRIOT Act of 2001 significantly impacted the payment processing industry by broadening the scope of anti-money laundering (AML) regulations and strengthening the powers of financial regulators to address financial crimes.
Here's how payment processors have been affected:
1. Increased AML obligations
Expanded definition of "Financial Institutions": The Act expanded the definition of financial institutions covered by the Bank Secrecy Act (BSA) to include entities like money service businesses (MSBs), which often encompass payment processors.
Customer Due Diligence (CDD) and Know Your Customer (KYC): Payment processors, especially those acting as MSBs, are now required to establish robust CDD and KYC programs to verify the identities of their customers (both individuals and businesses) and assess their associated risks.
Transaction Monitoring: Payment processors are expected to implement systems and procedures for monitoring transactions for unusual or suspicious activity that could indicate money laundering or terrorist financing.
Suspicious Activity Reports (SARs): Financial institutions, including payment processors where applicable, must file SARs with the Financial Crimes Enforcement Network (FinCEN) when they detect suspicious transactions.
Enhanced Due Diligence (EDD): For high-risk customers or those involved in transactions with high-risk jurisdictions, payment processors may need to conduct Enhanced Due Diligence (EDD) measures to obtain a more thorough understanding of their activities.
2. Increased regulatory scrutiny and enforcement
Emphasis on Information Sharing: Section 314(b) of the Act encourages information sharing between financial institutions and law enforcement to deter and detect money laundering and terrorist financing, potentially involving payment processors in investigations.
Heightened Compliance Expectations: Even for those payment processors not directly regulated under the BSA, there's an increased expectation from traditional financial institutions (like banks) that they work with, to implement strong AML compliance programs to mitigate risks associated with their transactions.
Penalties for Non-Compliance: Failure to comply with applicable AML regulations can result in substantial civil and criminal penalties, including fines, legal action, and reputational damage for payment processors, according to Miller & Steiert, P.C. and Fenergo.
3. Operational and technological adaptations
Implementation of Robust Compliance Programs: Payment processors have had to invest in developing and implementing comprehensive AML compliance programs, including policies, procedures, and internal controls.
Adoption of Technology for Compliance: The Act indirectly spurred the growth of financial technology, such as AI-driven transaction monitoring and blockchain-based identity verification, to help payment processors streamline their compliance efforts.
Increased Costs of Compliance: Meeting AML compliance requirements can be costly for payment processors, necessitating investments in software, personnel, training, and audits.
In conclusion
The Patriot Act has fundamentally altered the operational landscape for payment processors by significantly strengthening anti-money laundering regulations and increasing the expectations for their role in combating financial crimes. This has led to greater compliance obligations, heightened scrutiny, and the need for significant investments in technology and expertise to ensure adherence to AML requirements.