Overview: This Implementations resource explains boarding form definitions and requirements.

To provide a frictionless and expedited merchant onboarding experience, the following information and fields must be provided, completed, or assigned by each respective Platform, as described. 

Application/Sign-up Form Requirements

Beneficial Ownership Requirements – Platform to require and pass all application required data fields in compliance with FinCEN’s Beneficial Ownership Information which includes:

  1. Ownership Prong Info – personal info on all Owners with 25% or more ownership interest

  2. Control Prong Info – personal info on the individual with controlling/significant responsibility

Beneficial Owner Mandate

EXPAND

The US Department of the Treasury FinCEN (Financial Crimes Enforcement Network), has issued final rules under the Bank Secrecy Act to clarify and strengthen customer due diligence requirements for financial institutions.  Payrix is not a covered financial institution as defined by the regulation, however, Payrix’ Sponsor Banks are covered financial institutions and have therefore cascaded the Customer Due Diligence (“CDD”) Rule to Payrix prior to opening a merchant account.

 The CDD Rule, which amends Bank Secrecy Act regulations, aims to improve financial transparency and prevent criminals and terrorists from misusing companies to disguise their illicit activities and launder their ill-gotten gains. The CDD Rule clarifies and strengthens customer due diligence requirements for U.S. banks, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in Commodities. The CDD Rule requires these covered financial institutions identify and verify the identity of the natural persons (known as beneficial owners) of legal entity customers who own, control, and profit from companies when those companies open accounts. The CDD Rule has four core requirements. It requires covered financial institutions to establish and maintain written policies and procedures that are reasonably designed to:

  1. identify and verify the identity of customers

  2. identify and verify the identity of the beneficial owners of companies opening accounts

  3. understand the nature and purpose of customer relationships to develop customer risk profiles

  4. conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information

 With respect to the requirement to obtain “beneficial ownership” information, financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity. This is referred to as the two-prong approach. As noted, Beneficial Ownership has 2 prongs: an “ownership prong” and a “control prong.” With limited exceptions (see “Variants and Exceptions” section below), Payrix must perform due diligence on each of the following 2 types of individuals associated with merchant accounts.  

  1. Beneficial Owner(s) (“ownership prong”):
    Each individual, if any, who, directly or indirectly , through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a merchant. A drill-down through several layers of legal entities may be needed to determine each individual that meets this threshold.

At minimum, the following information about the individual(s) must be collected, verified and screened:

  1. Legal name

  2. Date of birth

  3. Address

  4. Social security number (SSN) [For non-U.S. persons without an SSN or ITIN, their foreign passport number and country of issuance or similar identification] 

Individual with Significant Responsibility (“control prong”):

An individual with significant responsibility for managing the merchant and/or significant responsibility to enter the company contractually with Payrix, such as an executive officer or senior manager (e.g., Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, Treasurer, or any other individual who regularly performs similar functions). At minimum, the following information about the individual must be collected, verified and screened:

  1. Legal name

  2. Date of birth

  3. Address (residential or business street address)

  4. Social Security Number (SSN) [For non-U.S. persons without an SSN or ITIN, their foregin passport number and country of issuance or similar identification]

  5. Title

Note:

  1. At times, the same individual could fulfill 2 or more of the roles above.

  2. A merchant may have as few as zero or as many as four individuals who fulfill the ownership prong, but at least one individual is required under the control prong.

  3. Beneficial Owners are sometimes referred to as “Ultimate Beneficial Owners” (UBOs).

  4. The full 9-digit SSN is required for a U.S. person.

  5. For non-U.S. persons without a U.S. SSN or Individual Taxpayer Identification Number (ITIN), obtain a current, non-expired foreign passport number and country of issuance, alien identification card number, or reference number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photo or similar safeguard.

  6. The collection of the % beneficial ownership of each individual representing the “ownership prong” (Beneficial Owners with 25%+ ownership) is required by Payrix

  7. If a non-statutory business trust directly or indirectly owns 25% or more of a legal entity, the trustee(s) is deemed the Beneficial Owner.

Variants and Exceptions

The following types of merchants are subject to alternate requirements, as described below:

  1. Sole Proprietors

  2. Nonprofits

  3. Excluded Legal Entities (e.g., government entities, certain publicly traded corporations, financial institutions)

  4. Firearms Merchants (see compliance guide here for requirements).

 A. Sole Proprietors

The following information about the sole proprietor must be collected, verified and

OFAC/MATCH screened:

  1. Legal name

  2. Date of birth

  3. Residential Address

  4. Social Security Number (SSN) [For non

 B. Nonprofits

Nonprofit corporations or similar entities such as charitable, not-for-profit, nonstock, or public benefit corporations that have filed organizational documents with the appropriate state authority are excluded from the “ownership prong” (only) requirements.

  1. Legal name

  2. Date of birth

  3. Address (residential or business street address)

  4. Social Security Number (SSN) [For non

 C. Excluded Legal Entities

Certain legal entities that are subject to significant regulatory oversight are excluded from BOTH the “ownership prong” (Beneficial Owners with 25%+ ownership) and “control prong” (Individual with Significant Responsibility) requirements. “Excluded Legal Entities” include:

  1. U.S. government entities

  2. U.S. publicly traded corporations (and their wholly owned subsidiaries) that are

listed on the New York, American, or NASDAQ stock exchanges (only)

  1. Regulated U.S. financial institutions, including their holding companies

  2. U.S. state regulated insurance companies

  3. Public accounting firms registered under section 10 2 of the Sarbanes-Oxley Act

Entity or Business Type

Information Required On

Data Required

Notes

Sole Proprietorship (one single owner)

  • Sole Owner

  • Full Name

  • Physical Address (no PO Box)

  • SSN

  • DOB

Sole Proprietorships can only have one owner

Partnership, Limited Liability Company

  • Any Owner with 25% or more

  • Full Name

It is possible for an owner to also satisfy the obligation of Controlling Authority in the business

Private Corporation

ownership interest, and controlling authority (only one individual required)

  • Physical Address (no PO Box)

  • SSN

  • DOB

  • % of Ownership

  • Title

Tax Exempt (e.g. NPO, Political Campaign)

  • Controlling Authority (only one controlling authority required)

  • Full Name

  • Physical Address (no PO Box)

  • SSN

  • DOB

  • Title

Tax Exempt entities must be grated tax exempt status from the IRS via a 501(c)(2)(3) form

Government Entity

  • Controlling Authority (only one individual required)

  • Full Name

  • Title

  • Business Address

  • DOB (optional)

  • SSN (optional/not required)

Applies to Federal, State, and Local

Publicly Held Companies (US Only)

  • Controlling Authority (only one

  • Full Name

  • Title

  • Business Address

  • DOB (optional)

  • SSN (optional/not required)

A US Publicly Traded entity that trades on a US Stock Exchange such as the Nasdaq or NYSE. Underwriting must capture the Company’s Ticket Symbol

Federal or State Regulated Financial Institutions

  • Controlling Authority (only one individual required)

  • Full Name

  • Title

  • Business Address

  • DOB (optional)

A Corporation Entity type, whether Public or Private, can also be a Financial Institution. If the FI is regulated by a Federal o State regulator, the entity is exempt from providing personal details (example: full name and title)

Non-Federal or Non-State Regulated Financial Institution

  • Any Owner with 25% or more ownership interest, and controlling authority (only one individual required)

  • Full Name

  • Physical Address (no PO Box)

  • SSN

  • DOB

  • % of Ownership

  • Title

If the Financial Institution is not regulated by a Federal or State Regulator, all KYC/CIP data elements must be obtained.

Terms and Conditions – Platform to pass/provide the merchant’s accepted Terms and Conditions attributes to include the following: 

  1. Terms & Conditions Version

  2. the Terms and Conditions Date Accepted

  3. the Terms and Conditions Time Accepted

Merchant IP Address – Platform to pass/provide the merchant’s IP Address in the “T&C IP Accepted” field   

Bank Account Validation – Platform to facilitate the merchant’s Bank Account validation via the following options:

Merchant Website – Platform to pass/provide the merchant’s website link.  If the merchant will be processing online transactions, the Platform must pass/provide the website link used to process the online transactions.  Platform websites or generic websites used for multiple merchants are not permitted.     

Payment Parameters – Platform to pass/provide the merchant’s expected processing parameters to include the following:

  1. Annual Processing Volume

  2. Average Transaction Amount  

MCC Assignment – Platform to pass/provide the merchant’s Merchant Category Code (MCC) based on the merchant’s actual processing activity and to implement a Quality Control (“QC”) process to ensure the most accurate MCC Code is selected.  If a merchant processes transactions not covered by a single MCC assignment, an additional MID(s) set up may be required

 

Other Requirements

Cardholder Verification – Platform to integrate its referred merchants to prompt for the entry of AVS and CVV fields (for applicable merchants/transactions)   

Transaction IP Address – Platform to pass/provide the cardholder’s IP address with all transactions  

Transaction Processing Method – Platform to confirm the transaction processing method as outlined below and if processing via the API Platform to pass the ThreatMetrix (TMX) session ID for merchant boarding and for transaction processing

  • Payfields

  • Terminals

  • API – Requires Platform to pass TMX session ID

PCI Compliance (Platform) – Platform to provide an up-to-date PCI AOC document if responsible/involved in passing/touching/housing cardholder data 

PCI Compliance (Merchant) – Platform to request and provide PCI status on referred merchants level 3 or above (processing 20,000 transactions or more annually).  

Screenshots of Application Process – Platform to capture screenshots of all pages to the Application/Sign-up process and provide them to Payrix

Final Visual Walkthrough of the sign-up process – Platform to provide Payrix Risk with a visual walkthrough of the sign-up process.  To be scheduled prior to the launch of merchant submissions.