Underwriting Policy .docx

Underwriting Policy and Procedure

Document information and change log

Document Information

Header

Information

Next review

August 29, 2025

Status

Update

Regional scope & language

Territory of USA in English

Applies to entities

GiveCorporation Inc.

Overall responsibility

Loraine Stewart, CCO

Approved by

Joshua Rowley, CEO; Aaron Miller, CRTO; Michael Brinker, CBFO

Change log

Date

Version

Reason for version

Sep 1, 2017

1.0

Initial Release

Sep 1, 2018

2.0

Annual Review

Sep 1, 2019

3.0

Annual Review

Sep 1, 2020

4.0

Annual Review

Sep 1, 2021

5.0

Annual Review & Updates Anti-Money Laundering Act of 2020

Sep 1, 2022

6.0

Annual Review

Aug 19, 2023

7.0

Annual Review & Updates PCI Level 1 4.0 & DSS 4

August 29, 2024

8.0

Annual Review; separate Policy and Procedure

August 11, 2025

9.0

Annual Review


Gender And Entity Neutrality

The masculine form is used solely for the sake of better readability. It always refers to persons of any gender identity (m/f/diverse). This document uses the abbreviation “Give” for all legal entities and subsidiaries.

Table of contents

Definitions for terms and acronyms used throughout Underwriting Policy and Procedure        6

Introduction        7

The Underwriting Process        7

General Eligibility Requirements        7

Merchant Application        8

Customer Identification Program (“CIP”) and Documentation Collection        8

There are some entities that are exempt from beneficial ownership information. Please see the list below:        9

When the Merchant is Owned by Another Entity        9

Beneficial Ownership Triggers        9

Assign Merchant Category Code (“MCC”) and Customer Risk Profile        10

Customer Due Diligence        10

Mastercard Alert To Control High-risk Merchants (“MATCH”)        11

Office of Foreign Assets Control (“OFAC”)        11

Politically Exposed Persons (“PEP”)        11

Non - Resident Aliens (“NRA”)        11

Negative News search        12

Enhanced Due Diligence        12

Escalations        12

Onboarding Exceptions        12

Customer Request for Information (RFI”)        13

Underwriting Decision        13

Underwriting Approval        13

Underwriting Denial        13

Roles        13

Underwriting Director        13

Underwriting Executive        14

Underwriting Associate        14

Approval Process        15

Adding a Merchant to MATCH        19

Company longevity and financial stability        19

Industry        20

Billing Method        20

Account Changes        20

Financial Analysis (if necessary)        21

PCI Requirements        21

Reserves and Personal Guarantees        21

Contract Negotiation        21

Ongoing Monitoring Process        22

Risk Mitigation        22

Periodic Review        22

Fraud and Identity Theft        25

Purpose        25

Scope        25

Definitions        25

Prevention        25

Detection        25

Red Flags        26

Documentation Red Flags        26

Personal Information Red Flags        26

Account Activity Red Flags        26

Suspicious Actions        26

Alerts, Notifications, and Complaints        27

Online/Technology Red Flags        27

Application Red Flags        27

Response and Mitigation        27

Training        27

Policy Violations        28

Review and Updates        28

Reporting        28

Compliance        28

Merchant Monitoring        28

URL Monitoring        29

Internal Exception Report Monitoring        29

Law Enforcement / Complaints        30

Exception Review Guidelines        30

Further Procedures        31

Handling Non-compliance        31

Communication        31

Appeals Process        32

Merchant Bankruptcy        33

Overview        33

Definition of Bankruptcy Proceedings        33

Monitoring and Risk Mitigation        33

Legal Compliance and Operational Handling        33

Sub-Merchant Bankruptcy        33

Training and Communication        34

Technology and Data Security        34

Confidentiality        34

Training        34

Review        34

Recordkeeping        34

Exceptions to Policy        35

Exhibit A: Restricted Sub-merchant types Requiring Pre-Approval        36

Exhibit B: Restricted Sub-merchant Categories Requiring Pre-Approval        38

Merchants listed in this category may be considered by Chesapeake Bank for approval. Merchants require enhanced due diligence. Additional pricing may apply.        38

● Hemp-derived CBD products (no ingestible products permitted to include food or dietary supplements)        38

● Certified Charitable Crowd Funding        38

● Cloud Based Storage (no Cyberlocker merchants)        38

● Card Present Firearm, Firearms Parts, Ammunition and Accessory Sales        38

● CNP Business to Business Firearms, Firearms Parts, Ammunition and Accessory Sales        38

● Debt Relief        38

● Debt Collection (debt is in collectible status)        38

● Direct and affiliate marketing of merchants associated with the Marijuana business        38

● Direct and indirect sale of drug related paraphernalia and accessories        38

● Hemp – Seeds, Oils, Cultivation (products must contain less than 0.3% THC)        38

● Internet Providers        38

● Medical and Dental Device Sales (Counterfeit and Expired are Prohibited)        38

● Medical Plan Discount        38

● Merchants appearing on MATCH        38

● Merchants that request to modify the terms of their agreement        38

● Mobile Payment Application/Providers/Developers        38

● Multilevel Marketing - no physical product (must have 3 or more years good processing history)        38

● Multilevel Marketing - physical product only        38

● Multilevel Marketing - physical product only - affiliate marketing (must relate to physical product)        38

● Search Engine Optimization (SEO) services        38

● Short Term Consumer Lending        38

● Supplements (also known as Nutraceuticals)        38

● Tech Support (greater than 3 years history)        38

● Telemedicine Services (as an ancillary service to routine office visits- cannot be the primary means of patient interaction)        38

● Timeshare Sales (straight sales only)        38

● Deferred Delivery Merchants as defined by MC rule        38

Exhibit C: Prohibited Sub-merchant types        39

Exhibit D: Prohibited Sub-merchant Categories        41

Attachment A – Current Compliance Officer        43

Definitions for terms and acronyms used throughout Underwriting Policy and Procedure

ABA #

Bank routing number

AML

Anti-Money Laundering Policy

BSA

Bank Secrecy Act

CIP

Customer Identification Program

Company

The term is expressly intended to designate Give Corporation Inc.

Customer

An entity or individual who has an account(s) either with Give Corporation or with a sub-merchant of Give Corporation.

DDA #

Checking account number

EDD

Enhanced Due Diligence

Give

The term is expressly intended to designate Give Corporation Inc.

KYB

Know Your Business

KYC

Know Your Customer

MCC

Merchant Category Code

MID

Merchant identification number

OFAC

Office of Foreign Assets Control of the U.S. Department of Treasury

PCI DSS

Payment Card Industry Data Security Standard

Sponsors

Diverse sponsor banks and acquirers

SSN

Social Security Number

Sub-Merchant

Merchant customer that processes payments either directly through the payment facilitator's account at a sponsor bank or through a payment processor.

TIN

Tax Identification Number

Introduction

As a payment facilitator, Give engages in various payments-related activities for sub-merchant customers (“sub-merchants”, “customers”, or “merchants”). Proper underwriting is paramount for Give as it serves as the foundation for managing risk, maintaining financial stability, and safeguarding against fraudulent activities. Through a diligent and thorough underwriting process, Give can assess the suitability of potential merchants, ensuring alignment with regulatory requirements and mitigating potential losses. By carefully evaluating factors such as validity of supplied information from the merchant application, transaction history, chargeback history, and financial stability, the underwriting process enables Give to make informed decisions, establish mutually beneficial partnerships, and create a secure payment ecosystem. Effective underwriting not only protects Give’s interests but also fosters trust among merchants, customers, and stakeholders, ultimately contributing to Give’s long-term success and reputation in the payment processing industry.

The Underwriting Process

Give has established an underwriting standard criteria based on Give’s risk tolerance and compliance requirements. In addition, we also consider other factors such as expected merchant transaction history and volume, chargeback history, and financial history.  Give may implement additional procedures for certain higher risk industry verticals, which will include specific underwriting and diligence requirements based on industry vertical.  

General Eligibility Requirements

To qualify for a Give account the applicant must meet the following criteria:

  • Signed and completed application
  • Applicant age ≥ 18 years
  • Passes AML/OFAC/Negative News checks
  • Validated Underwriting and Due Diligence
  • Passes Mastercard Alert To Control High-risk Merchants (“MATCH”) list check
  • Business does not engage in illegal activity
  • Business does not operate in a prohibited MCC.
  • Verified US bank account matching the name of the individual or business

Give’s restricted and prohibited merchant list is set forth in Exhibit C and pre-approval and pre-review are set forth in Exhibits A and B.

Merchant Application 

Give has developed a merchant application based on the criteria above. The merchant application form captures essential information about the business including details like company name, address, contact information, IRS recognition, website, social media, expected volume, OFAC (Office of Foreign Assets Control) review, years in operation, and products/services offered.

Customer Identification Program (“CIP”) and Documentation Collection

Merchant provides information to complete the Customer Identification Program (“CIP”) which includes documentation for Underwriting to assess the validity of the merchant’s eligibility. More specifically, the following are the requirements for the CIP:

  • Name of Legal Entity, Primary Account Holder, (Personal Guarantor / Managerial Authority)
  • Physical Address for Legal Entity, Primary Account Holder
  • Date of Birth of Primary Account Holder
  • Date Business Started
  • All Beneficial Owners information who hold(s) >= 10% ownership
  • Tax Identification Number (“TIN”), Social Security Number (“SSN”), Employer Identification Number (“EIN”)
  • Bank Account (DDA)
  • Merchant Info (Business Description (Nature of Business), Website, Location, Expected Activity - Annual Sales Volume, Avg. Ticket, High Ticket Amount).

The necessary documents to satisfy the CIP may include Unexpired Government Issued Identification, Selfie, Articles of Incorporation, Secretary of State Filing, Bank Statements, Business Licenses, Doing Business As documents(“DBA”), 990 form, IRS Letter of Determination, Proof of Name Change or Fiscal Sponsor, Financial Statements, Tax Returns, and any other supporting documents specific to the merchant's industry.

In addition to the above-mentioned, the following are also required from each merchant prior to opening an account:

  • Phone Number
  • URL/Website Address(es)
  • Email Address
  • Number on PayFac Platform
  • Number on Vantiv System (Only applies if boarding with Vantiv)
  • Billing Descriptor; will be assigned Give’s PayFac 3 digit leading prefix and *, then name
  • Type of Business (Corporation, Partnership, LLC, Sole Proprietor, Non-Profit)
  • DDA # (Checking account number)
  • ABA # (Bank routing number)
  • Business State (Open or Closed)
  • If Closed, termination date

There are some entities that are exempt from beneficial ownership information. Please see the list below:

• Sole Proprietorships

• Unincorporated Associations

• Natural Persons

• Trusts - Other than Statutory

• Government Agency

• Banks

• US Government

• Listed Companies

• Exchange or Clearing Agencies

• Bank Holding Company

• Registered Public Accounting Firm

• Foreign Person

• Registered Investment Company

• State Regulated Insurance Company

The following do not need beneficial owners only the controlling individuals information is required:

• Non Profits

• Charities

When the Merchant is Owned by Another Entity

A direct owner could be an individual or another entity. The Ultimate Beneficial Owner (“UBO”) is the individual who indirectly owns the entity(ies). This could be through one or several entities. The UBO is determined by the percentage ownership in each entity.

Beneficial Ownership Triggers

Beneficial Ownership information is collected at onboarding. Below are additional events when beneficial ownership information will be collected:

• Adding a New Merchant Location

• Beneficial Owner Changes

• Known Death of a Beneficial Owner

• Change in Address, Phone Number, Business Name, etc.

• Change in Account Signers

• Known Sale of a Company

• Processing Changes

• Risk Events

• Data Compromises

• Significant or Unexplained Activity

• Periodic Reviews

• Visa/MasterCard Registration Change

Assign Merchant Category Code (“MCC”) and Customer Risk Profile

The Underwriting Analyst will check the prohibited, prereview and preapproval lists to find out if the MCC is prohibited, or requires approval from the Sponsor before proceeding. If neither the merchant or the principals have a high risk MCC, then the customer will be assigned a low risk rating. If the merchant and the principal have a combination of low and higher risk factors such as being a NRA, PEP, the customer will be assigned a medium risk rating.

  • Determine Prohibited, Restricted, High Risk or Normal/Low Risk
  • Low Risk - CDD
  • Restricted/High Risk - CDD/EDD
  • Prohibited - Declined

Restricted List merchants will require Enhanced Due Diligence prior to being approved.

Customer Due Diligence

With the provided information from the merchant, Underwriting then performs a thorough background check on the merchant and its Principals. This may involve verifying the business's legal status, reviewing credit reports, conducting online research, and checking for any adverse legal or regulatory actions.

As part of the onboarding process, Give will collect and verify the information required by its AML / BSA Policy for each merchant, which includes collection and verification of customer identification, customer due diligence, and OFAC checks.  The Underwriter will collect the following information from the provided information to conduct due diligence on the merchant and principals:

  • Mastercard Alert To Control High-risk Merchants (“MATCH”) check
  • Office of Foreign Assets Control (“OFAC”) check
  • Principal(s) Verification
  • Legal Entity (Business Profile) Verification
  • Beneficial Owner Identification. Upload all the beneficial owner(s) identification.
  • Politically Exposed Persons (“PEP”) check
  • Non-Resident Alien (NRA) check
  • Negative News/Media check
  • Website Review verification (Products and Services, Marketing Materials Social Media etc.)
  • Validation of Bank Account
  • Expected Activity (Annual Sales Volume, Avg. Ticket, High Ticket Amount)

Mastercard Alert To Control High-risk Merchants (“MATCH”)

Part of the merchant due diligence process is to determine if the merchant is on MATCH. If the merchant is on MATCH, Give will not approve the merchant without written approval from the Sponsor. The Underwriting Analyst will escalate positive MATCH results to the Compliance team. Any changes to the merchant requires due diligence including a check on MATCH. A MATCH check is also included when the merchant’s risk level is elevated and annually. The Compliance Team will notify the Sponsor. A merchant or principal on the MATCH can only be onboarded after an investigation indicates there is no risk exposure.

Office of Foreign Assets Control (“OFAC”)

The Underwriting Analyst will conduct an OFAC check on the merchant, beneficial owner(s) and controller.. Possible matches should first be cleared by the Underwriting Executive. If the Underwriting Executive is unable to clear the possible OFAC, the customer should be escalated to the Underwriting Director and the Compliance team.  Please escalate customer using  (Escalation Form). Give will not open accounts for  parties confirmed to be on the OFAC list. Applications for parties confirmed on the OFAC list will be declined and the Sponsor will be notified.

Politically Exposed Persons (“PEP”)

Politically Exposed Persons (PEP) Screening will be conducted for both a natural person who holds or has held a high-ranking, influential or important public office either domestically or internationally. PEPs will be rated high risk. PEP screening will be conducted on:

  • Individuals
  • Immediate family members
  • Known close associates
  • Ownership in businesses.  

Note: If the customer is a PEP please escalate the customer to the Compliance team using the (Escalation Form).

Non - Resident Aliens (“NRA”)

Included in the underwriting challenge is a question which asks the customer if they are a U.S. resident. Non - Resident Aliens pose a higher risk since it is harder to verify their source of funds, and source of wealth, be from a country of heightened risk, use higher risk products and services.

Note: If the customer is a NRA please escalate the customer to the Compliance team using the (Escalation Form).

Negative News search

The Underwriter will conduct a Negative News search using Google. Negative news results that involve money laundering, fraud or will pose a reputation risk to Give and should be escalated to the Compliance team using the  (Escalation Form).

Enhanced Due Diligence

Higher risk MCCs will require Enhanced Due Diligence. The following additional requests may be found through provided information or merchant’s website:

  • Financial Review (Financial Statements, Source of Funds, Source of Wealth for Individuals)
  • Prior Processing History
  • Billing and Website Practices
  • Reputation Review
  • Public Record Search (Better Business Bureau, Consumer Complaint Board)
  • Credit Checks / Credit Investigation
  • Fulfillment house reference checks
  • MCC Specific
  • Example: 8398: Non Profit check 501c3 status with IRS non profit database

Escalations

Positive matches from due diligence (MATCH, OFAC, PEP, NRA and Negative News) must be escalated to the Compliance team at kateryna@givecorporation.com or loraine@givecorporation.com. The Compliance team will  escalate a positive MATCH, OFAC hits and suspicious activity  results to the Sponsor. Additionally, unusual activity, red flags of any other concerns must be escalated to the Compliance team.

Onboarding Exceptions

In rare circumstances, an exception may be approved by Senior Management. The approval will be conditional until the exception can be resolved within a 30 day period. If the exception cannot be resolved within 30 days, the merchant may be terminated or a merchant reserve implemented, The following are a list of exceptions but not comprehensive:

• Missing or positive OFAC result

• Prohibited merchant category

• Merchant volume or risk exposure exceeds Give’s underwriting approval thresholds.

• Suspected identity theft

Customer Request for Information (RFI”)

At any point during the underwriting process, the Underwriter may request clarity from the customer for anomalies or questions. The Underwriter will type the question in the corresponding notification box for that challenge. The Underwriter may also compose a question in  the general Notify Merchant dialogue section. A restriction will be imposed for non response.

Underwriting Decision

Based on the Underwriting Policies and Procedures, the Underwriting Department makes a determination for each merchant application. The Underwriting Department determines whether to approve, decline, or request additional information from the merchant. The Compliance Department ensures the Underwriting department is constantly adhering to the corporation’s established underwriting guidelines.     

Underwriting Approval

After undergoing the Underwriting process, the customer is submitted to the Underwriting Executive for approval. The Underwriter would have collected the necessary information, determined the customer’s risk level, conducted due diligence, reviewed the customer’s financial eligibility and determined the customer should be approved for an account with Give.  In certain instances, guarantor information will be required.

Underwriting Denial

A positive MATCH and or OFAC result will result in denying the customer’s application for an account at Give. Other reasons for denial include unusual activity, incomplete information, fraud, negative news that poses a reputational risk to Give.

Roles

Underwriting Director

  • Strategic Oversight

Guides the strategic direction and ensures operational excellence within the underwriting department, aligning processes with both regulatory demands and the company’s risk tolerance.

  • Team Management and Development

Oversees the underwriting team, comprising both Executives and Associates, fostering their growth through training, mentoring, and performance assessments. Regular audits and reviews are conducted to confirm adherence to established underwriting protocols.

  • Risk Management and Compliance

Supervises compliance with all regulations and underwriting policies by monitoring team activities. Maintains metrics on Underwriting Executive (UWE) approval rates and the ratios of approved to suspended merchants, alongside tracking Underwriting Associate (UWA) challenges and the quality and rate of merchant approvals.

  • High-Risk Decisions

Engages directly in the evaluation of high-risk merchant profiles using detailed data analysis and robust assessment tools.

  • Innovation and Improvement

Works with IT and software development teams to enhance the capabilities of underwriting software, ensuring they stay current with the latest risk assessment methodologies and regulatory standards.

  • Escalation

Escalates any issues related to AML/BSA/OFAC to the Compliance Team when necessary.

Underwriting Executive

  • Decision Authority

Has the ultimate authority to approve or decline merchant applications after a comprehensive analysis of the merchant’s risk profile, business model, financial health, and compliance with AML/BSA regulations.

  • Verification

Verifies merchant information, checks for logical inconsistencies, and validates documentation to justify merchant approval or decline.

  • Risk Assessment

Conducts in-depth reviews of a merchant’s background, financial statements, and business operations to effectively assess risk levels.

  • Policy Adherence and Documentation

Ensures that all decisions comply with established policies and maintains detailed documentation for audit and compliance purposes.

Underwriting Associate

  • Missing Documents Request

The Underwriting Associate (UWA) is responsible for obtaining any documents that a merchant has not yet provided.

  • Information Verification

Verifies merchant information according to the underwriting process set by the Director of Underwriting. Checks documents and information against public records, scrutinizes for discrepancies or red flags, and uses underwriting challenges incorporated into the platform.

  • Screening

Utilizes third-party tools for preliminary assessments or to gather additional information necessary for verifying a merchant.

  • Escalation

Escalates potential high-risk profiles to the UWE or Director of Underwriting for further evaluation.

  • Compliance and Assistance: Assists the UWE in ensuring that all merchant applications meet the company’s underwriting criteria, AML/BSA policies, and other regulatory requirements.

Approval Process

  • Initial Application Submission and Customer Identification Program (“CIP”)

Merchants submit their applications along with required documents and information via the company’s online platform for initial application submission.

  • Assign Merchant Category Code (“MCC”) and Customer Risk Profile

Determine if prior approval from the Sponsor is necessary to onboard the merchant. (Please refer to Exhibit A and Exhibit B). The Underwriting Analyst checks the prohibited, prereview and preapproval lists to determine if the MCC is prohibited, or requires approval from the Sponsor prior to opening the account. Based on the risk factors of the merchant and the principals,  the customer may be assigned a medium risk rating. Underwriting may assign risk score/ratings to determine the level of risk monitoring associated with onboarding the merchant.

  • Preliminary Screening and Customer Due Diligence by Underwriting Associate (UWA)

The Underwriting Associate (UWA) reaches out to the merchant to request any documents that are missing. Underwriting then evaluates the merchant's risk profile based on the information gathered. The Underwriting Associate (UWA) verifies the accuracy of submitted information against public records and checks for any discrepancies or red flags using underwriting challenges. Underwriting evaluates factors like fraud vulnerabilities, financial stability, industry reputation, and compliance with applicable regulations. Give shall review each sub-merchant application and confirm that the MCC code assigned matches the sub-merchant’s business activities.

The UWA may  utilize third-party tools for further risk assessment, and any suspicions or inconsistencies trigger additional verification steps.

  • Determine the merchant's monthly processing volume and average ticket size.
  • The Underwriter may check the merchant's credit history. Instead of the customer meeting a minimum credit score, Give will hold the merchant’s pending transactions longer to avoid chargebacks.
  • Review previous processing history for chargebacks, if available.
  • Ensure that the merchant's business type is not on the prohibited list.
  • Due Diligence

Prior to approval, Underwriting conducts further due diligence (if necessary)  to verify the accuracy of the provided information. This may involve contacting references or a bank branch representative, conducting site visits, and verifying compliance with relevant industry regulations, such as Know Your Business/Customer (KYB/C) and Anti-Money Laundering (AML) requirements.

  • Enhanced Due Diligence

Give will perform the following additional underwriting and EDD (as well as any additional diligence required by any industry specific procedures or sponsor bank requests) for sub-merchants that are classified as High Risk or are judged by Give underwriting to undergo such procedures.

  • Confirm that the sub-merchant has executed a valid agreement with Give. Give contractually requires that the sub-merchant:
  • Is the entity contracting with the consumer for the sale of goods and services.
  • That the sub-merchant will not submit any illegal transactions into the payments systems.
  • That the sub-merchant’s business complies with applicable law and network requirements.
  • That the sub-merchant has not opened multiple processing accounts without having provided information sufficient to demonstrate that such additional processing accounts are necessary for legitimate business.
  • Validate the following:
  • That the sub-merchant has submitted a complete, signed, and accurate application.
  • That the CIP data collected from the applicant meets the minimum requirements.
  • Verification of the business checking account provided.
  • That the sub-merchant’s principal place of business is located in the United States or Sponsor’s area of license.
  • Perform a credit and risk exposure evaluation of each merchant based on an assessment of factors:
  • Settlement - general risk verticals will settle net of fees to the merchant, limiting financial exposure.
  • Estimated transaction volume will be used to establish transaction thresholds and velocity limits that will trigger further review of transactions prior to settlement
  • Dispute or refund experience will be used to determine if reserves are required of the sub-merchant.
  • Merchants with non-delivery exposure are considered high risk and will be covered by additional processes.
  • Perform analysis to determine the financials reflect:
  • The nature of business.
  • The number of locations..  
  • For e-commerce merchants, identify all URLs used by a sub-merchant and document the following validations:
  • The website name matches that of the sub-merchant
  • The sub-merchant’s customer service number and email address is included on the website
  • The products sold on the website are consistent with the MCC assigned to the sub-merchant
  • The website discloses a refund/cancellation policy
  • The website discloses shipping and delivery policies
  • Visa brand mark in full color to indicate Visa card acceptance, as specified in the Visa Product Brand Standards
  • Complete description of the goods or services offered
  • Customer service contact, including email address or telephone number
  • Address of the merchant’s permanent establishment, including the merchant outlet country during the checkout process
  • Transaction currency (e.g., U.S. dollars, Canadian dollars)
  • Export restrictions (if known)
  • Delivery policy
  • Consumer data privacy policy
  • Security capabilities and policy for transmission of payment card details
  • Terms and conditions of a promotion, if restricted
  • Terms & Conditions are listed on the website
  • Negative Option billing is part of merchants daily practice
  • Recurring billing is part of merchant’s daily practice
  • Products/Services listed with pricing
  • Membership of any type
  • Merchant is the registered owner of the website
  • “About Us” or “Our Company” information
  • Prior Processing History – Give will collect and review documentation concerning the sub-merchant’s prior processing history for purposes of understanding the sub-merchant’s business and any prior processing anomalies or processor changes.  
  • Customer Billing, Website Practices – Give will review a sub-merchant’s billing and website practices, including:
  • Billing Terms / Negative Option Sales practices
  • Website and Marketing Material Reviews
  • Site Visits – If required by a Sponsor, Give will conduct a physical site inspection of a sub-merchant’s physical premises. Alternatively, if permitted by a Sponsor, and depending on the circumstances, Give may verify a sub-merchant’s physical premises through a review of reputable and licensed online data sources/services or other third party (e.g., Google Earth, D&B, Lexis/Nexis). The primary intent is to determine that the location is a valid business operation consistent with the business type described and the projected sales volume presented in the account application.
  • Reputation Review – Give will perform a reputation review of sub-merchant and its principals through online resources (e.g., social media activity, Lexis Nexis, Google, Better Business Bureau) to evaluate any complaints against the sub-merchant or other information involving allegations of unfair, deceptive, or harmful conduct against consumers by the sub-merchant, and other such negative reports.
  • Public Record Searches – Give will review public records for any lawsuits filed by or against the sub-merchant and its principals, and for any federal and state law enforcement activity (FTC, CFPB, state attorney general, etc.). These materials may be reviewed to determine whether the sub-merchant’s products or services are as described in the application and whether the sub-merchant may be engaged in activity that is unfair, deceptive, or otherwise harmful to consumers.
  • Background Checks – If required by Sponsor, Give will conduct a background check (including credit report) on the sub-merchant and its principals, with proper authorization from the sub-merchant and principals. Give will conduct credit reports and handle any adverse action notices in compliance with the Fair Credit Reporting Act and Equal Credit Opportunity Act, as applicable.
  • Detailed Risk Assessment by Underwriting Executive (UWE)

A pre-verified application is escalated by the Underwriting Associate (UWA) to the Underwriting Executive (UWE) for a double-check or a more thorough examination of the merchant’s financial health, business model, and risk profile.

The UWE uses comprehensive data analysis tools to assess the overall risk associated with the merchant and ensures all information is validated and compliant with all regulations.

  • Decision Making

Based on the analysis, the UWE has the authority to either approve or decline the application. This decision is made by established underwriting policies, and all decisions are documented thoroughly to support the rationale behind the approval or rejection of each application.

  • Final Documentation and Compliance Check

After a decision is made, the UWE ensures that all decision-related documentation is maintained accurately for future audits and compliance checks.

  • Review and Strategic Oversight by Director of Underwriting

The Director of Underwriting periodically reviews approval rates, ratios of approved to suspended merchants, and the overall quality and rate of merchant approvals to ensure operational excellence.

The Director of Underwriting ensures that all policies and procedures are adhered to and regularly updated as per regulatory changes.

  • Escalation and Resolution of High-Risk or Disputed Cases

In cases involving OFAC, high-risk profiles, disputes, or merchants to be added to MATCH the case is escalated to the Director of Underwriting.

The Director works with the Compliance Team to resolve issues related to compliance  regulations.

Adding a Merchant to MATCH

Payment Facilitators are unable to directly add merchants to MATCH. Once it has been discovered that a merchant has been involved in the list of activities below, Give will notify the Sponsor bank to have the merchant, its principal owners and added to MATCH. The Sponsor will add the merchant to MATCH.

  • The merchant was convicted of credit or debit card fraud.
  • Merchant submitted excessive counterfeit transactions.
  • Merchant submitted excessive transactions unauthorized by cardholders.
  • Merchant submitted transactions representing sales of goods or services generated by another merchant (transaction laundering).
  • An excessive number of disputes or fraud advices (TC40) received due to merchant’s business practices or procedures.
  • Visa or MasterCard identified the merchant as suspected of fraudulent activity, or Visa disqualified the merchant from participating in the Visa program.
  • Give determined that serious merchant violations of the merchant agreement may result in increased loss exposure.

(Taken from Visa Global Acquirer Risk Standards).  

Company longevity and financial stability

Give will consider how long a merchant has been in business, their financial wherewithal, and profitability. Here are a few variables that elevate risk: being new, expecting large volumes with minimal financial resources (e.g. requesting to process $1,000,000 in credit card volume with $10,000 in the bank), being unprofitable, having a high debt to equity ratio, a high burn rate and a high percentage of deferred revenue. None of these variables prohibit a business from getting a merchant account, they just elevate risk.

Another factor Give looks at in conjunction with the company information is the business principals' credit worthiness. Because of the similarity in risk to a line of credit, providers will generally request a personal guarantee (especially if the business is less than 2 years old) from the business owner to try and prevent bad behavior. This can be waived if financials are provided and determined adequate to mitigate the risk.

Industry

Some industries present more risk than others. The industry risk profiles are well grounded in decades of processing history by millions of merchants. For example, restaurants, one of the lowest risk merchant categories, may have an industry average loss ratio of less than 1 basis point (100 basis points is equal to 1%). That means for a group of restaurants processing $1,000,000, the merchant account provider can expect losses of less than $100. Conversely, for the travel industry, the average loss ratio may be 10x higher. Give will comply with the guidelines provided by Give’s sponsor banks for all types of sub-merchant risk categories, partially outlined in Exhibit A, B and C.

Billing Method

How a merchant accepts payment can increase or decrease the risk of their business. Accepting payments in advance increases risk; the farther in advance payment is accepted, the higher the risk. If a merchant sells annual subscriptions, for example, and then goes out of business during month 5, there's 7 months of financial liability for the merchant account provider. The same applies to merchants who sell a product that is guaranteed for a year, or a service that is available for a year. Therefore, merchant account providers will want to ensure the merchant's financial strength and previous processing history in order to approve this billing method.

On the other hand, accepting payments after the service has been provided can greatly reduce the risk on an account. A good example of this is a merchant that bills for their monthly service at month's end.

Some merchants, such as advertisers, accept payment on retainer. This allows customers to put money into an account with the merchant, who gradually deducts their fees from that account as their services are provided. Since there is no expiration date on when that money may be used, the risk is similar to annual billing.

Account Changes

Only the merchant can make updates to the merchant’s profile. One signer may use their authenticated login credentials to make and authorize account changes. Account changes will be verified also with the ownership. Give's platform monitors each account to detect unusual activity and changes. A log of who made the updates and the time the changes were made will be captured in Give’s platform and available for review. Changes to the merchant will trigger a notification to verify CIP, CDD/EDD, OFAC and MATCH.  Significant changes such as name, address, additional locations, ownership will trigger a new merchant application.

Financial Analysis (if necessary) 

Review the merchant's financial statements, bank statements, and tax returns to assess their financial health and stability. Look for potential fraud indicators, sudden increases of revenue, expense or balance sheet accounts.

PCI Requirements

Give mandates that sub-merchants act in accordance with security policies designed to keep merchant data safe.

  • Give requires sensitive data to be encrypted using industry-standard methods when stored on disk or transmitted over public networks.
  • Give controls access to sensitive data, application data, and cryptographic keys.
  • Two-factor authentication and strong password controls are required for administrative access to systems.
  • Security systems and processes are tested on a regular basis by qualified internal and external teams.
  • Access to secure services and data is strictly logged, and audit logs are reviewed regularly.
  • Security policies and procedures are carefully documented and reviewed on a regular basis.
  • Detailed incident response plans have been prepared to ensure proper protection of data in an emergency.

Give provides PCI education through online documentation and customer support is available to sub-merchants upon request.

Reserves and Personal Guarantees

Give may require the merchant to provide a reserve to cover potential risk as with a merchant on the restricted list, which reserve shall be maintained at Sponsor. Give will determine whether a personal guarantee is required. In lieu of creditworthiness, Give will hold the merchant’s pending transactions longer to avoid chargeback. If it is determined that the merchant’s risk is increasing during an investigation, a reserve may be necessary or adjustment to the existing reserve.

Contract Negotiation

If the merchant meets all underwriting requirements, Give may negotiate contractual terms and pricing with the merchant. Give will define the services to be provided, fee structure, contract duration, termination clauses, and any additional provisions specific to the merchant's needs.

The Card Networks require sub-merchants that exceed certain thresholds in annual Network transactions to enter into direct agreement with the Sponsor. Give will coordinate with its Sponsors to implement contractual provisions and processes to ensure that when a sub-merchant exceeds a Network threshold that the merchant enters into a direct agreement with the Sponsor.

Ongoing Monitoring Process

  • On-going review of chargeback ratios.
  • On-going review of merchant's processing volume.
  • On-going review and verification of the merchant's business standing, licenses and online profiles.
  • If necessary: Conduct Merchant Customer interviews regarding Merchants business practices.

Once a merchant is onboarded, Underwriting will continually coordinate with the Risk Department and the Compliance Department, which has established a system for ongoing monitoring and review of the merchant's activities. The Risk Department regularly reviews merchant transaction data, chargeback rates, and any changes in the merchant's business operations. Underwriting will still monitor the merchant’s compliance with contractual obligations, and promptly address any concerns or violations that arise, per the request of the Risk and Compliance Departments.

Give will work with its Sponsors to assign each sub-merchant an individual merchant identification number (“MID”).

Risk Mitigation 

Give has developed risk mitigation strategies to protect Give’s interests through the implementation of proprietary fraud prevention tools, including but not limited to: setting transaction limits, closely monitoring high-risk merchants, real time assessment of each individual transaction, etc. Give has established a chargeback monitoring process and maintains open lines of communication with the merchant (and its customers) processing partners and acquiring bank partners to address any chargeback issues, should they occur.

Periodic Review 

In tandem with the Compliance Department and Risk Department, Underwriting conducts on-going reviews of Give’s merchant portfolio to ensure ongoing compliance and risk management. The Underwriting Department also regularly reassesses the merchant's risk profile, beneficial ownership, financial stability and fraud potential. In addition, the Underwriting Department updates the underwriting criteria and processes based on industry trends, regulatory changes, and assessment and analytics of merchant history.

Through this approach, Give effectively underwrites merchants while managing risk, ensuring compliance, and fostering a healthy merchant portfolio.

Once a merchant is boarded, Give will perform periodic reviews of merchant accounts to confirm that the merchant’s information and Give’s underwriting and diligence of the merchant remains up-to-date and accurate.

Status

Action

Standard merchants

On an annual basis, Give will confirm the following:

  • That the data it has collected for the merchant is up-to-date, including the data on Beneficial Owners
  • All URLs used by a merchant
  • Perform a credit and risk exposure evaluation (which may include assessing financial risk by reviewing a merchant's transaction volume, chargebacks, returns, etc., or depending on the industry vertical or merchant category, financial statements)

Higher Risk merchants

On a quarterly basis, Give will confirm the following:

  • All information required for Standard merchants as noted above
  • Review the merchant’s billing and website practices
  • Perform a reputation review of merchant and its principals
  • Review public records for any lawsuits filed by or against the merchant and its principals, and for any federal and state law enforcement activity (FTC, CFPB, state attorney general, etc.)

Portfolio Reviews

Give will review its portfolio of merchants on a quarterly basis, reviewing transaction volumes, dispute and refund activity to identify any areas of risk.  

Changes to merchants

If at any time Give identifies any changes to a merchant account that may indicate potential risk exposure, such change shall be reviewed and a determination made as to any additional compliance requirements that may be needed to manage any additional risk. Examples of diligence that should be performed in the event of changes include:

Change

Action

Business type change

Re-underwrite the entity as a new merchant as set forth in this Policy.

Check against OFAC list.

Additional Outlets or Locations

  • Obtain a new merchant Agreement and underwrite the outlet or location as a new merchant unless all of the following are true:
  • The legal name matches the lead account.
  • The TIN/SSN matches the lead account
  • The method of acceptance is the same as the lead account (retail/MOTO/ecommerce).
  • Same business principal(s) are involved.
  • DDA and routing number match the lead account. If not, a new voided check or DDA verification must be obtained and submitted.
  • Additional processing volume added will not cause a merchant relationship, in aggregate, to exceed an established risk/volume level.
  • Business activity and MCC are the same as previously underwritten.

Name or DBA change

Obtain documentation substantiating change.

Check new name against MATCH and OFAC list.

Material ownership change

Re-underwrite entity as set forth in this Policy if new beneficial owner.

Check new name against MATCH and OFAC list.

Authorized Representative Change

Confirm the individual’s authority to provide instructions, such as review of a Corporate Resolution, Articles of Organization, official Board of Director meeting minutes and/or other similar appropriate documentation.

Check new name against MATCH and OFAC list.

Descriptor change

Research and document significant differences between business name and descriptor.

Phone and address change

Verify

Website URL change

Review for consistency with business, and perform diligence on the new URL as required at new customer onboarding.

DDA change

Obtain signed, written request from owner or other authorized signer.

Obtain copy of voided check (must match merchant name) and/or validate ownership using the Giact or other similar service.

MCC

Re-underwrite new products or services that are being offered.

If Give discovers that it has erroneously boarded or provided Services to a Prohibited merchant in violation of a contractual obligation with a Sponsor, Give will notify such Sponsor and take action in coordination with the Sponsor’s direction, which may include suspension of Services to or termination of the merchant, as may be appropriate. If Give determines it has provided Services to a Restricted merchant as a Standard merchant or that a Standard merchant has altered its business model in a manner that results in it being a Restricted merchant, the Chief Risk Officer shall determine whether to (i) re-underwrite the merchant, including Enhanced Due Diligence and, if appropriate, maintain the relationship; or (ii) terminate the relationship.

Fraud and Identity Theft

Purpose

To define the measures and processes in place to prevent, detect, and respond to fraud and identity theft incidents that may affect our clients, customers, employees, and company operations.

Fraud and Identity Theft Policy is a robust framework designed in alignment with the Red Flags Rule, as mandated by Section 114 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act).

Scope

This policy applies to all employees, contractors, and third parties who have access to company-controlled data and systems.

Definitions

Identity Theft

The fraudulent acquisition and use of a person's private identifying information, usually for financial gain.

Red Flag

A pattern, practice, or specific activity that indicates the possible existence of identity theft.

Prevention

Ensure that all customer and employee personal identifying information is securely stored and transmitted.

Limit access to personal identifying information to authorized individuals.

Regularly update and patch systems and software to address security vulnerabilities.

Give continuously refines its strategies based on feedback from incidents to strengthen defenses against future threats.

Detection

Monitor transactions and account activity for signs of unauthorized or suspicious activity.

Train employees to recognize 'Red Flags' of identity theft and fraud.

Conduct regular audits and assessments of operational processes for potential vulnerabilities.

Red Flags

Documentation Red Flags

  • Forged, altered, or fake documents.
  • Photocopied or clearly reprinted documents.
  • Inconsistencies between different identification documents provided.
  • The photograph or physical description on the identification is not consistent with the appearance of the applicant or customer presenting the identification.
  • Documents with missing or altered information.
  • Other Document Inconsistencies Suggesting Fraud: Any other signs on the documents that may indicate tampering, such as irregular fonts, improper seals, or unusual formatting that differs from standard issued documents.

Personal Information Red Flags

  • Discrepancies between the information provided and the information on file.
  • Multiple application submissions within a short timeframe, especially with slight variations in personal information.
  • Inconsistent spelling of the person's name.
  • Addresses, phone numbers, or other personal details that match other applications or accounts.
  • Social Security Number (SSN) listed as deceased on the Death Master File.
  • Incomplete or fictitious addresses, such as a P.O. Box address without a street address or phone numbers that are invalid.

Account Activity Red Flags

  • Unexpected or unexplainable account activity.
  • High volume of transactions within a short timeframe.
  • Large wire transfers to foreign countries, especially if the account hasn't historically made international transfers.
  • Frequent address changes in conjunction with other suspicious activities.
  • Use of different addresses for billing and shipping.

Suspicious Actions

  • Avoiding face-to-face interaction when that's the norm (e.g., avoiding coming to the bank branch).
  • Being evasive or providing false information when asked for personal details.
  • Making a flurry of purchases in a short time, especially if they're high value.
  • Quickly maxing out a credit card without making any repayments.
  • Shortly after receiving notification of a change of address, new credit card accounts are requested.
  • Accounts that are inactive for a long time and suddenly become active without a plausible explanation.
  • Mail sent to the customer returned repeatedly as undeliverable although transactions continue to be conducted.

Alerts, Notifications, and Complaints

  • Customer reporting unauthorized transactions.
  • Alerts from Identity Theft Victims and Law Enforcement: Receives direct notifications from individuals who have been victims of identity theft or from law enforcement agencies, alerting to unauthorized or fraudulent activities observed on accounts.
  • Reports of Fraudulent Account Openings: Notification received from customers, businesses, or law enforcement that an account has been fraudulently opened under someone else’s identity, indicating potential involvement in identity theft schemes.
  • Receiving credit freeze or fraud alert messages from credit reporting agencies.
  • Mail sent to the customer that is returned repeatedly as undeliverable despite ongoing transactions on an active account.

Online/Technology Red Flags

  • Unusual IP addresses or geolocations that don't align with the user's stated address.
  • Rapid changes of online account-related information, such as password or email address changes.
  • Accessing accounts from devices or browsers never or rarely used before.
  • Invalid or bounced email address used to make purchases
  • Many subsequent declines with different credit cards
  • IP Spoofing detected

Application Red Flags

  • Applying for credit immediately after receiving a credit inquiry.
  • Recent, multiple inquiries on a credit report.

The presence of one or more of these Red Flags doesn't necessarily confirm identity theft or fraud but signals the need for further investigation. It's essential to provide regular training for employees, especially those in customer-facing roles, to recognize and respond to these signs appropriately.

Response and Mitigation

If potential fraud or identity theft is detected, immediately escalate to the designated Incident Response Team.

Notify affected individuals as required by law or as deemed appropriate based on the incident.

Work with law enforcement as necessary.

Take corrective action to prevent future incidents, which might include changing operational processes, enhancing security measures, or providing additional training.

Training

All new employees will receive training on this policy as part of their orientation.

All employees will receive annual refresher training on recognizing and responding to indicators of fraud and identity theft.

Policy Violations

Violations of this policy can result in disciplinary action, up to and including termination of employment.

Review and Updates

This policy will be reviewed annually or as required by changes in business operations or relevant laws and regulations.

Give annually reviews its practices to adapt to new threats and technological advancements in identity theft prevention.

Reporting

Employees and associates are encouraged to report any suspicious activities or concerns regarding potential fraud or identity theft incidents.

Compliance

  • Compliance Department: The Compliance Department at Give is tasked with managing and overseeing the implementation of the Fraud and Identity Theft Policy.
  • Senior Management Oversight: Annual reports detailing the program's effectiveness and compliance are presented to senior management at Give.
  • Regulatory Alignment: Give ensures that all policy aspects comply with applicable legal and regulatory requirements, safeguarding customer information and adhering to legal obligations.

Merchant Monitoring

Give will monitor each merchant account in order to detect unusual or unacceptable trends in such merchants’ processing activity, evaluate inquiries from cardholders relating to such merchant, and when appropriate, suspend or terminate the merchant account.  Additionally, Give will monitor each merchant for compliance with Network Rules.

The objective of the monitoring program is to ensure merchants are processing only bona fide transactions as contemplated in the application submitted for the account. The monitoring program is intended to identify any substantial change in transaction processing patterns as compared to projected or actual historical processing patterns, change in business operations or business model of the merchant.

Give will document all events requiring exception reporting and/or escalation in a merchant relationship record including, at minimum: the reason for the review, all activities performed, supporting documentation obtained to substantiate the activity, and any required approvals or adverse actions taken.

URL Monitoring

Give shall use a third party software vendor to conduct ongoing screening of merchant URLs on a monthly basis. Any exceptions reported must be reviewed.

Internal Exception Report Monitoring

Give will track merchant activities and red flags, including exception reports, using automated software programs. This monitoring is aimed at identifying suspicious activity, including monitoring for unusual size, volume, pattern, or types of transactions. In general, suspicious activity refers to activities or transactions that give rise to the knowledge or reasonable suspicion that a merchant is engaged in money laundering, terrorist financing, fraudulent, or other unlawful behavior, or that the merchant presents a credit, financial, or reputation risk.

Examples of Data that may be Tracked

Examples of Daily Reports Generated

  • Volume variances
  • Average ticket variances
  • Large transactions
  • Recurring dollar amounts/recurring cardholders
  • Chargebacks and refunds / Dispute and fraud advice
  • Foreign card transactions/Cross border sales
  • Transactions outside the service area of the merchant
  • Retrievals
  • Authorizations
  • Keyed vs. Scanned
  • Cardholder concentration
  • Sudden or unusual changes in transaction velocity
  • High occurrences of transactions with rounded sales draft amounts
  • Transactions from the same card in a short time frame
  • Unusual credit voucher activity (credit vouchers without offsetting sales)
  • Force transaction activity including unauthorized transactions of transactions with unusual (identical, missing or potentially fictitious) authorization codes
  • New and inactive merchant transaction activity
  • Dormant or low processing merchants that have sudden velocity spike
  • Negative or net-zero balance batch deposits
  • Situations where there are a significant number of low-value transactions compared to the merchant’s average transactions value
  • Average elapsed time between the authorization and settlement for a transaction
  • Merchants which the acquirer has reason to believe are engaged in transaction laundering
  • Daily Reconciliation Summary
  • Merchant Summary Report
  • Merchant History (identifies volume and avg sale deviations)
  • Authorization Exception Reports
  • Sale without Authorization (Forced Transaction) Report
  • Authorization Detail Report
  • Chargeback Detail Report
  • ACH Return Report

Law Enforcement / Complaints

If any CIDs, subpoenas, inquiries, or consumer or other complaints regarding a merchant, Give shall review the merchant’s file in light of the request and perform a risk assessment on whether Give should continue processing for the merchant or suspend or terminate the merchant. In making any such determination, Give shall take into account credit, legal, and regulatory risks.

Exception Review Guidelines

The following guidelines provide guidance on how exceptions or other red flags may be investigated and cleared as part of the monitoring process, and as appropriate based on the circumstances:

  • All exceptions are reviewed for escalation
  • Exceptions shall be prioritized so higher-risk merchant relationships or activities are reviewed first
  • Exceptions shall be reviewed against existing underwriting information to understand initial merchant relationship expectations
  • Review previous reviews, if any, relating to the merchant relationship or activity
  • Contact merchant to clarify/understand operational issues
  • Update documentation and database on investigation results and resolution steps

In particular, in the event that a merchant experiences chargebacks that exceed Network thresholds, Give may review the reasons for such chargebacks and work with the merchant to remedy any identified issues that may be causing such chargebacks; provided that no such changes shall be made for the purpose of masking any identified unlawful, deceptive, or fraudulent merchant practices or artificially reducing chargeback levels. Give must place any merchant with excessive chargebacks on a watch list and implement a remedial plan with clear and transparent standards for completion and date of completion.

Based on the findings of any investigation, Give will determine and document the appropriate action, if any, which may include:

  • Acceptable, no further action warranted
  • Acceptable, ongoing monitoring required
  • New/additional collateral necessary to maintain relationship
  • Contact merchant, explain problem and educate
  • Change of terms and instruct merchant to modify operating procedures
  • Suspension of processing (adverse action notice must be sent)
  • Termination/cancellation of account (adverse action notice must be sent)
  • Contact law enforcement/government agency, if applicable

The Give Risk / Fraud Analyst will document the result of its review and investigation including decisions and subsequent actions.

Further Procedures

Handling Non-compliance 

In the event that a merchant is found to be non-compliant, Give has established a comprehensive framework to address such situations. The company is committed to taking appropriate actions to mitigate risks and ensure adherence to underwriting and procedures.

Additional Scrutiny and Potential Account Holds:

Merchants found to be non-compliant will be subject to additional scrutiny. Give will conduct a thorough review of the merchant’s account, transactions, and associated activities to identify any potential risks or violations. During this period, the merchant’s account may be placed on hold to prevent further non-compliant activities.

Increased Processing Fees:

Non-compliance may result in increased processing fees for the customer. Give reserves the right to adjust the processing fees based on the severity and frequency of non-compliant activities. The purpose of this measure is to incentivize compliance and cover any additional costs incurred due to increased monitoring and oversight.

Termination of Processing Services in Severe Cases:

In severe cases of non-compliance, Give may terminate its processing services for the merchant. This decision will be made after careful consideration of various factors, including but not limited to the nature and extent of non-compliance, potential risks to Give’s reputation and legal obligations. Termination of processing services will be communicated to the merchant in writing followed by a termination process.

Communication

Give reserves the right to either promptly inform merchants about any changes to their account status or decide to do these after the action on their account was conducted. This includes changes related to account approvals, restrictions, holds, increased fees or terminations. The company will use appropriate communication channels, such as email or secure messaging platforms, to notify customers in a timely manner.

Appeals Process 

Give understands the importance of providing merchants with an opportunity to appeal decisions made by the company. While Give acknowledges the right of merchants to appeal, it is important to note that the final decision rests solely with the Company. The appeals process is designed to ensure fairness, transparency, and accountability in all decision-making processes.

  1. Submission of Appeals: Merchants who wish to appeal a decision made by Give must submit a formal appeal in writing within 5 business days of receipt of such decision. The appeal should clearly state the reasons for disagreement with the decision and provide any supporting documentation or evidence.

  1. Review and Evaluation: Upon receipt of an appeal, Give will initiate a thorough review and evaluation process. The appeal will be carefully examined by the AMLCO ((the current AMLCO is identified in Attachment A) and an individual of the underwriting team who was not involved in the original decision-making process. This ensures an unbiased assessment of the appeal.

  1. Consideration of New Information: Give will consider any new information or evidence provided by the merchant during the appeals process. This includes additional documentation, explanations, or any other relevant details that were not previously considered.

  1. Decision on Appeal: After a comprehensive review and evaluation, Give will make a final decision on the appeal. The decision will be communicated to the merchant in writing, but reserving the rights to whether outlining the reasons for upholding or overturning the original decision is given. The decision made by Give is final and binding.

  1. Timeliness and Communication: Give is committed to ensuring that the appeals process is conducted in a timely manner. Merchants will be kept informed about the progress of their appeal and provided with regular updates on the status of their case.

Give recognizes that the appeals process plays a crucial role in maintaining trust and fostering positive relationships with its merchants. By establishing a fair and transparent appeals process, Give aims to address any concerns or disagreements while upholding its commitment to regulatory compliance and risk management.

Merchant Bankruptcy

Overview

This chapter outlines procedures and policies to be followed in the event of financial distress or bankruptcy of Give’s sub-merchants. The primary aim is to ensure the safeguarding of funds, the continuity of operations, and the minimization of disruptions to all stakeholders involved.

Definition of Bankruptcy Proceedings

Under this policy, "Bankruptcy Proceeding" encompasses:

  • The initiation by or against Give or any of its sub-merchants of any bankruptcy, receivership, insolvency, reorganization, dissolution, liquidation, or any similar legal process.
  • The institution of such proceedings against a party that are not dismissed within sixty (60) days.
  • Any assignment made for the benefit of creditors, or any offer of settlement, extension, or composition made to creditors generally.
  • The appointment of a trustee, conservator, receiver, or similar fiduciary for Give or a significant portion of its assets.

Monitoring and Risk Mitigation

  • Financial Distress Indicators: Give conducts regular audits and performance reviews to monitor for financial distress, such as unusual chargeback rates or compliance failures.
  • Reserve Funds and Escrow: Give establishes reserve funds and escrow accounts as per financial covenants and performance metrics to mitigate bankruptcy risks.

Legal Compliance and Operational Handling

  • Compliance Updates: Give regularly updates this policy to comply with the latest bankruptcy laws and regulations.
  • Coordination with Legal Counsel: Give involves legal counsel in all bankruptcy proceedings to ensure actions are compliant with legal standards and court orders.

Sub-Merchant Bankruptcy

  • Handling of Funds: Upon notification of a sub-merchant's bankruptcy, Give reviews the status of held funds. Give complies with bankruptcy laws to return these funds, disburse them to lawful claimants, or hold them as required.
  • Liabilities and Chargebacks: Give manages liabilities and chargebacks according to merchant agreements and the directives of the bankruptcy court, including establishing reserves for potential disputes.

Training and Communication

  • Staff Training: Give ensures that staff involved in financial monitoring and bankruptcy management are trained regularly on updated practices and legal requirements.
  • Stakeholder Communication: Give maintains clear communication protocols to inform all stakeholders during a bankruptcy process, prioritizing public relations integrity.

Technology and Data Security

  • Automated Monitoring Tools: Give utilizes analytics tools for proactive monitoring and detection of financial distress signals.
  • Data Protection: Give upholds stringent data protection measures throughout the bankruptcy process.

This approach allows Give to comprehensively manage bankruptcy risks, adhere to legal compliance, and effectively communicate, all aimed at protecting Give's financial stability and safeguarding the interests of its sub-merchants and their customers.

Confidentiality

All merchant data is treated as confidential and is only accessible to authorized personnel who require access to perform their duties. All data handling will be conducted in compliance with applicable laws and regulations. To further enhance the security of merchant data, Give employs industry-standard encryption technologies to protect data both in transit and at rest.

Training

Give will conduct annual training sessions for all employees, covering all relevant policies and procedures. These training sessions will include updates on compliance requirements to ensure that employees are up-to-date with the latest regulations and industry best practices.

Review

These policies and procedures will be reviewed annually or as required by changes in regulatory requirements or business needs.

Recordkeeping

All records necessary to evidence Give’s compliance with this Policy must be maintained according to regulatory requirements, in some instances a minimum of five years, and in the case of Give’s CIP records, five years after the account has been closed. Give shall create files for each sub-merchant in which it maintains documentation and records evidencing compliance with the Procedures, including, but not limited to, copies of executed Agreements, data and information, and evidence of CIP verification, underwriting, and monitoring. For further detailed guidelines on recordkeeping and retention, refer to AML/BSA Policy.

Exceptions to Policy

The Chief Risk Officer has the authority to grant exceptions to this Policy after careful consideration of any applicable laws and regulations, business risk(s), and any applicable contractual requirements. Under no circumstances shall any exception be approved that would cause the Company to be out of compliance with applicable law, card network rules, or Sponsor contractual requirements. Any exception that is approved must be authorized in writing by the Chief Risk Officer and must include a description of the reason for the exception as well as other relevant information. Only requests for specific exceptions may be considered; requests for blanket exceptions will not be permitted.

Exhibit A: Restricted Sub-merchant types Requiring Pre-Approval

Sub-merchant types requiring team pre-approval by sponsor bank

  • Signed merchant application/agreement with all fields completed
  • Executive Summary (written description detailing business practices)
  • Signed merchant attestation, where noted
  • Proper MCC Designation
  • Beneficial Ownership Certification
  • MATCH
  • OFAC
  • Credit
  • Proof of ownership of the business
  • Site Survey
  • Voided check/signed bank letter
  • Merchant Profile Analysis or MOTO form (if card not present)
  • Website Review Checklist (if ecommerce)
  • 3 months of previous processing statements
  • Processing Analysis (to include Ratio of both # and $ Chargebacks and Refunds)
  • Business Financial Documentation (examples below)
  • Business bank statements
  • Business tax returns
  • Business balance sheets
  • Business profit and loss statement
  • As with any merchant account request, the underwriting review process may uncover additional requirements
  • not already identified within this guide. Bank staff will work with ISO staff to obtain any additional
  • information/documentation that will assist in the underwriting review process.

Note: According to card brand Discover, MCC 5723 (Guns and ammunition shops, firearms and ammunition merchants) is only permitted in states California, Colorado, and New York, legally required. These relevant merchants need to be designated with MCC 5723 by May 1, 2025.

Direct sales of Guns and ammunition shops, firearms and ammunition merchants to consumers is prohibited.

Exhibit B: Restricted Sub-merchant Categories Requiring Pre-Approval

Merchants listed in this category may be considered by Chesapeake Bank for approval. Merchants require enhanced due diligence. Additional pricing may apply.

  • Hemp-derived CBD products (no ingestible products permitted to include food or dietary supplements)

  • Certified Charitable Crowd Funding

  • Cloud Based Storage (no Cyberlocker merchants)

  • Card Present Firearm, Firearms Parts, Ammunition and Accessory Sales

  • CNP Business to Business Firearms, Firearms Parts, Ammunition and Accessory Sales

  • Debt Relief

  • Debt Collection (debt is in collectible status)

  • Direct and affiliate marketing of merchants associated with the Marijuana business

  • Direct and indirect sale of drug related paraphernalia and accessories

  • Hemp – Seeds, Oils, Cultivation (products must contain less than 0.3% THC)

  • Internet Providers

  • Medical and Dental Device Sales (Counterfeit and Expired are Prohibited)

  • Medical Plan Discount

  • Merchants appearing on MATCH

  • Merchants that request to modify the terms of their agreement

  • Mobile Payment Application/Providers/Developers

  • Multilevel Marketing - no physical product (must have 3 or more years good processing history)

  • Multilevel Marketing - physical product only

  • Multilevel Marketing - physical product only - affiliate marketing (must relate to physical product)

  • Search Engine Optimization (SEO) services

  • Short Term Consumer Lending

  • Supplements (also known as Nutraceuticals)

  • Tech Support (greater than 3 years history)

  • Telemedicine Services (as an ancillary service to routine office visits- cannot be the primary means of patient interaction)

  • Timeshare Sales (straight sales only)

  • Deferred Delivery Merchants as defined by MC rule

Exhibit C: Prohibited Sub-merchant types

Merchants listed in this category will not be considered for approval.

  • 5122 Drug, Drug Proprietaries, and Druggist Sundries - CNP
  • 5816 Digital Goods - Games for transactions involving skilled game wagering (for example: daily fantasy sports) - CNP
  • 5912 Drug Stores and Pharmacies - CNP
  • 5962 Direct Marketing - Travel Related Arrangements Services - CNP
  • 5966 Direct Marketing - Outbound Telemarketing Merchant - CNP
  • 5967 Direct Marketing - Inbound Teleservices Merchant - CNP
  • 5993 CNP Tobacco (to include ecigarette/vape products and accessories)
  • 7273 Dating and Escort Services - CNP
  • 7995 Betting (to include Lottery Tickets, Casino Gaming Chips, Off-Track Betting, and Wagers at Race Tracks)- CNP
  • Affiliate Marketing, Lead Generation (to include those within MLM)
  • Any product that contains Marijuana, THC
  • Any products, ingredients, distributors, etc. red flagged by LegitScript
  • Any substance deemed to be illegal and/or brand damaging - Synthetics, Kratom, Kava Kava, 'Shrooms, Bath Salts, etc.
  • Child pornography, beastiality, rape, non-consensual mutilation (by way of products, services, marketing material or
  • CNP Adult Content Video
  • CNP Direct to Consumer Firearms, Firearms Parts, Ammunition and Accessory Sales
  • Counterfeit Products of any kind
  • Credit Repair
  • Cryptocurrency
  • Cyberlockers (entity that facilitates access to remote digital file storage and sharing services)
  • Debt/Credit Counseling
  • Debt Collection (debt is not in collectible status)
  • Direct and Affiliate Get Rich Quick Schemes (to include within MLM)
  • Direct sale of Marijuana (MMJ), medical or otherwise
  • Fake Id's, Gov't Docs.
  • Gambling
  • Games of Skill, Games of Chance, Fantasy Sports, Daily Fantasy Sports, etc.
  • Government Lottery
  • High Risk Securities Merchants
  • Ingestible Hemp Products
  • Inhalants
  • Jammers
  • Money Service Business (MSB) and/or Money Transmitter Merchants
  • Mugshot removal
  • Multilevel Marketing - no physical product (less than 3 years processing history)
  • Negative Option
  • Online Auctions
  • Payday Lenders
  • Stored Value Card and/or Gift Card Resellers
  • Tech Support (less than 3 years history)
  • Telemedicine as Primary Service (medical offices/providers whose primary form of patient interaction is managed in a virtual setting)
  • Timeshare exit, deed/title transfer related services

Exhibit D: Prohibited Sub-merchant Categories

The following are Prohibited Categories. These are general categories, not all prohibited categories are represented in the following:

Affiliate Marketing

Affiliate Marketing merchants are generally responsible for directing consumers to merchant websites for purchases. The affiliate is then paid a "per click", "per sign-up", "per purchase" commission. Consumer activity is tracked and may ultimately be shared with/sold to other affiliates. This merchant vertical is known to be associated with a high

level of consumer harm. Any merchant whose primary business practice falls within this category is prohibited.

Lead Generation

Lead Generation merchants use consumer facing methods to gather contact information from consumers. These leads are then shared

with/sold to merchants operating in the industry for which the consumer is seeking to transact business. This merchant vertical is known to be associated with a high level of consumer harm. Any merchant whose

primary business practice falls within this category is prohibited.

Credit Repair

Merchants in this vertical market to consumers who are seeking to repair their creditworthiness. Credit repair companies are known to be associated with a high level of consumer harm by falsely promising to improve scores or remove negative information on a credit report. Any merchant operating in this vertical is prohibited.

Debt/Credit Counseling

Organizations that advise consumers on managing money and debt. Counselors should be properly trained and hold appropriate certification where required.

Debt Collection - debt not in

collectible status

Merchants attempting to recover uncollectible debt are prohibited. Uncollectible debt may be described as one or more of the following:

  • Debt acquired where the source/terms cannot be confirmed
  • Debt in default or otherwise considered "bad"
  • Debt associated or targeted at a specific demographic race, gender, age group and/or ethnicity.

Telemedicine as Primary Service

The focus of this category are medical facilities and/or professionals that provide services in a primarily non-face-to-face environment. Due to the various stringent regulatory and card brand requirements associated with this industry the vertical is considered prohibited.

Timeshare exit, deed/title

transfer related services

Any timeshare related service that is not associated with a straight sale of property ownership is considered prohibited.

 
Note:

Note: According to card brand Discover, MCC 5723 (Guns and ammunition shops, firearms and ammunition merchants) is only permitted in states California, Colorado, and New York, legally required. These relevant merchants need to be designated with MCC 5723 by May 1, 2025.

Direct sales of Guns and ammunition shops, firearms and ammunition merchants to consumers is prohibited. 

Attachment A – Current Compliance Officer

Loraine Stewart is the Company’s designated Chief Compliance Officer.

Email: loraine@givecorporation.com 

Phone: (800) 913-0163 x5

Aaron Miller is the Company’s designated Chief Risk Officer.

Email: aaron@givecorporation.com 

Phone: (800) 913-0163 x4

The information contained herein is intended to provide a general overview of the Company’s policies and procedures relating to compliance with this Policy and does not constitute legal advice or a complete description of the laws and regulations relating to this Policy. The Company has made every effort to ensure the accuracy and completeness of this Policy.  This document is intended to provide guidance to employees of Company on how to comply with applicable laws and regulations related to this Policy. Employees should consult with the Legal or Compliance Department if they have any questions about the Policy or how to comply with it. Company reserves the right to modify or update this Policy at any time without notice. Employees are responsible for reviewing the Policy on a regular basis to ensure that they are aware of any changes. This Policy applies to all employees of Company, regardless of their position or location unless stated otherwise in the Policy. Employees are responsible for complying with the Policy and for reporting any suspected violations to their respective supervisor, the Legal Department, AMLCO or respective recipient of such violation as outlined in this Policy.

Copyright © GiveCorporation Inc. All Rights Reserved