PayFac Sanctions Implementation

Last Updated: 2025-12-28 Status: Complete

This page covers PayFac-specific implementation considerations for sanctions screening.

Your sponsor bank will impose sanctions screening requirements as part of the partnership agreement.

Standard Requirements

Sanctions screening of all merchants before onboarding
UBO screening (all beneficial owners)
Ongoing monitoring of merchant base
Immediate reporting of true matches
Periodic attestations of compliance
Right to audit your screening processes

Card Network Rules References

Mastercard Rules:

Rule 1.2: Payment facilitator eligibility requirements
Rule 7.6.5: Payment facilitator compliance obligations

Visa Requirements: Similar obligations under Visa Payment Facilitator program rules.

When to Escalate

Immediate escalation required:

True match to SDN list
Potential match with unclear determination
Geographic transaction patterns suggesting sanctions evasion
Merchant requests to process for high-risk jurisdictions
Any uncertainty about sanctions compliance

Escalation Process

Document the issue thoroughly
Notify designated sponsor bank contact
Provide all screening evidence
Await sponsor bank guidance before proceeding
Document sponsor bank response
Implement directed actions

Why This Matters

Sponsor bank has ultimate liability for PayFac transactions
Facilitating payment for sanctioned party = strict liability for sponsor bank
Even domestic transactions to sanctioned parties are prohibited
Sponsor bank may terminate PayFac relationship for violations

Domestic Transactions Are NOT Exempt

Common Misconception

"We only process domestic U.S. transactions, so sanctions don't apply."

Reality

OFAC sanctions apply to:

U.S. persons (individuals and entities)
Transactions involving U.S. jurisdiction
Including purely domestic transactions

Example Violation

U.S. merchant processes payment for U.S. customer
Customer is on SDN list
Transaction is prohibited even though both parties are domestic
PayFac and sponsor bank can both face penalties

Key Point

Sanctions screening is required regardless of:

Transaction geography
Merchant location
Customer location
Payment method
Transaction amount

Sub-Merchant Transaction Monitoring

Beyond onboarding screening, monitor transactions for suspicious patterns.

Geographic Red Flags

Transactions originating from sanctioned countries
IP addresses from high-risk jurisdictions
Shipping addresses to prohibited regions
Customer billing addresses in sanctioned territories

Pattern Red Flags

Unusual transaction volumes to/from high-risk countries
Multiple small transactions to avoid detection
Rapid changes in transaction geography
Merchant business model inconsistent with transaction patterns

Recommended Approach

Implementation Recommendations

Real-time geographic screening of all transactions
Automated alerts for high-risk jurisdictions
Investigation workflow for flagged transactions
Merchant communication and remediation process

Compliance Program Elements

Required Components

Written Policies & Procedures
- Sanctions screening methodology
- Match review process
- Escalation procedures
- Documentation requirements
Risk Assessment
- Annual sanctions risk assessment
- Merchant portfolio analysis
- Geographic risk evaluation
- Product/service risk review
Training
- Annual sanctions training for all staff
- Specialized training for compliance team
- Documentation of training completion
Independent Testing
- Annual independent audit
- Testing of screening effectiveness
- Sample transaction review
- Report to sponsor bank
Designated Compliance Officer
- Named individual with sanctions responsibility
- Authority to block transactions
- Direct reporting to senior management

Documentation Requirements

For Every Screening Decision

Date/time of screening
Parties screened (names, aliases)
Lists checked
Match results (including scores)
Disposition decision
Reviewer (if manual)
Supporting documentation

For True Matches

All standard documentation plus:
OFAC notifications
SAR filings
Sponsor bank communications
Blocked property reports
Legal consultations

Retention Period

10 years (as of March 21, 2025)

Sanctions Screening Overview - Core concepts
True Match Procedures - When you find a match
Operations - Screening frequency and processes
Enforcement Actions - Recent OFAC cases

Sponsor Bank Requirements​

Standard Requirements​

Card Network Rules References​

Escalation to Sponsor Bank​

Escalation Process​

Why This Matters​

Domestic Transactions Are NOT Exempt​

Common Misconception​

Reality​

Example Violation​

Key Point​

Sub-Merchant Transaction Monitoring​

Geographic Red Flags​

Pattern Red Flags​

Recommended Approach​

Implementation Recommendations​

Compliance Program Elements​

Required Components​

Documentation Requirements​

For Every Screening Decision​

For True Matches​

Retention Period​

Related Topics​

Sponsor Bank Requirements