Underwriting Procedure.docx

Underwriting Procedure

Document information and change log

Document Information

Header

Information

Next review

Jun 30, 2025

Status

Initial Release

Regional scope & language

Territory of USA in English

Applies to entities

Give Corporation Inc.

Overall responsibility

Loraine Stewart, CCO

Approved by

Joshua Rowley, CEO; Aaron Miller, CRTO;  Michael Brinker, CBFO

Change log

Date

Version

Reason for version

June, 2024

1.0

Initial Release

February 6, 2025

1.1

Updated with a section on Merchant Executive Summary

March 5, 2025

1.2

PEP and OFAC escalation procedures have been merged into the Underwriting Procedure.

June 13, 2025

1.3

Updated with Post-Approval EDD Requests from Sponsor Bank

Aug 11, 2025

2.0

Annual Review


Gender And Entity Neutrality

The masculine form is used solely for the sake of better readability. It always refers to persons of any gender identity (m/f/diverse). This document uses the abbreviation “Give” for all legal entities and subsidiaries.

Table of Contents

Introduction        6

Customer Identification Program (“CIP”)        6

Additional Necessary Onboarding Information        6

Assign Merchant Category Code (“MCC”) and Customer Risk Profile        7

Customer Due Diligence (CDD)        7

Enhanced Due Diligence (EDD)(High Risk/Restricted)        9

EDD Package        9

Merchant Executive Summary        9

Restricted Merchants        10

Merchant Reserves        10

Dispute Reduction Strategy in Underwriting        10

Cardholder Refund Flow        10

Merchant Remediation Plan        11

Customer Request for Information (“RFI”)        11

Approval Process        11

Beneficial Ownership        15

Direct Ownership Versus Ultimate Beneficial Ownership        15

Beneficial Ownership Triggering Events        16

Change in ownership or business type location        17

Searches        18

MATCH Check        18

MATCH List Review Standard Operating Procedure (SOP)        18

Identification and Escalation of Issues        19

Identification and Verification        19

Account Changes        20

Red Flags        20

Colluding Merchants        20

New Merchant Bust-Out Schemes        20

Sales Draft Laundering or Factoring        20

Merchant Cash Advances        21

Merchant Credits        21

Telemarketing Scams        21

Escalation Process        21

Politically Exposed Person ("PEP") Escalations Procedures        21

Who is a PEP?        21

Risk Factors        22

Reg Flags        22

Responsibilities        22

Record Retention        22

OFAC Escalations Procedures        22

Risk Factors        22

OFAC Screening Methods        23

OFAC Licenses        23

Reg Flags        23

Responsibilities        23

Record Retention        23

Reporting        23

Periodic Review        24

Merchant Termination        25

Training        26

Role-specific training        26

Compliance        27

Record Retention        27

Exhibit A: Restricted Sub-merchant types Requiring Pre-Approval        27

Exhibit B: Restricted Sub-merchant Categories Requiring Pre-Approval        30

Exhibit C: Prohibited Sub-merchant types        31

Exhibit D: Prohibited Sub-merchant Categories        33

Introduction

These procedures provide the Underwriting team with the necessary knowledge to efficiently and effectively onboard our customers. This document aligns with the Sponsor’s policies, procedures and expectations. Additionally, there is guidance on how to conduct ongoing reviews and close an account.

Customer Identification Program (“CIP”)

From the Merchant Application the Underwriting Associate will collect the following information:

  • Name of Legal Entity (include Doing Business As “DBA”), Owner and Principal
  • Physical Address for Legal Entity, Owner and Principal
  • Date of Birth of Owner and Principal
  • Date Business Started
  • All Beneficial Owners information who hold > 10% ownership
  • Tax Identification Number (“TIN”), Social Security Number (“SSN”), Employer Identification Number (“EIN”) of entity, Owner and Principal
  • Business Type (Sole Proprietor, Corporation, Partnership, LLC, etc).

 

Soleproprietor - The owner must endorse the application and personal guarantee.

LLC, Private Corporation or Partnership - The owner (>10%) or controller (must be the same person) is required to endorse the application and personal guarantee.

Public Corporation - An officer must endorse the application. No personal guarantee is required. Articles of Incorporation or government issued license is required.

Non-profit - An officer must endorse the application. No personal guarantee is required. A 501c3 Certificate is required.

Government entity - An officer must endorse the application. No personal guarantee is required. Identifying paperwork or an IRS tax verification letter is required.

Additional Necessary Onboarding Information

  • Merchant Phone Number
  • URL/Website Address(es)
  • Email Address
  • DDA # (Checking account number)
  • ABA # (Bank routing number)
  • Processing method (Give only onboards ecommerce merchants)
  • Business State (Open or Closed)
  • If Closed, termination date

Assign Merchant Category Code (“MCC”) and Customer Risk Profile

The nature of business will determine the customer’s Merchant Category Code (“MCC”). The MCC will determine the customer’s risk level. The Underwriting Analyst will check the prohibited, prereview and preapproval lists to find out if the MCC is prohibited, or requires approval from the Sponsor before proceeding. (See Exhibits A, B, C).

  1. A Low Risk or Medium Risk MCC - Conduct Customer Due Diligence (“CDD”) on the customer.

  1. A Restricted or High Risk MCC - Conduct Customer Due Diligence (“CDD”) and Enhanced Due Diligence (“EDD”).

  1. Prohibited MCC - Decline the application.

Customer Due Diligence (CDD)

MATCH Check - A MATCH check is required on the principals and the merchant. An investigation will be conducted for a true MATCH result. The customer will not be onboarded until there is a reasonable explanation that there is no potential risk.

OFAC Screening - An OFAC screening will be conducted on the merchant, beneficial owner(s) and controller. Review the results of the OFAC check. Potential OFAC matches should be dispositioned as either false positive or a positive match. The senior Underwriting personnel will review dispositioned false positive matches as part of separation of duties. Potential matches that cannot not be cleared as a false positive, should be escalated to the Compliance team. The customer will not be onboarded for true OFAC matches.

Principal(s) Verification - Verify the individual’(s) identity by using an unexpired government issued document or using an industry recognized third party verifier.

Legal Entity Verification (Business Profile) - Verify the business’ identity by using an unexpired government issued document or using an industry recognized third party verifier.  

Beneficial Owner Verification - Verify the individual’(s) identity by using an unexpired government issued document or using an industry recognized third party verifier.  Upload all the beneficial owner(s) identification.

Politically Exposed Person (“PEP”) - Check if the customer has provided this information and verify using an industry recognized third party verifier.

Non-Resident Alien (“NRA”) - Check if the customer has provided this information and verify using an industry recognized third party verifier.

Negative News/Media - Conduct search using an industry recognized third party verifier. Determine if results are significant to escalate to the Compliance team or decline application.

Website Verification - Complete the website verification underwriting challenge by accessing the merchant website, and social media account, review products, services, and marketing materials to confirm the following:

  • On  the website and platforms, verify that the merchant’s name is consistent right through. The merchant’s name must be the URL if the merchant’s shopping cart is on a different website. Take a screenshot of the home page for the merchant’s profile.
  • Verify Card Brand full-color marks are present.
  • The products and or services must reflect the information on the merchant application.
  • The products and or services prices must be consistent with the merchant application.
  • The customer service contact information must be the same as on the merchant application.
  • If applicable, ensure the  proper disclosure of export or legal restrictions.
  • Confirm the Delivery/Shipping policy can be viewed and is consistent with the business model. Take screenshots for the merchant file.
  • Confirm the Return/Refund policy can be viewed and is consistent with the business model. Add copies to the merchant file.
  • Confirm the Privacy policy can be viewed and is consistent with the business model. Add copies to the merchant file.
  • Confirm the accepted currency is properly disclosed.
  • Ensure all links on the site only lead to products or services disclosed on the merchant application.

Bank Account Validation - Verify the customer’s bank account by using an industry recognized third party verifier.

Expected Activity Analysis - Review projected monthly sales volume, projected average ticket,and the high ticket amount.

All merchants must have a satisfactory personal and/or business credit history, unless there is an approval by a Senior Underwriting Officer. The exception should be included in the merchant’s profile. If necessary, the Underwriter may request additional documentation or implement restrictions for either or a combination of an applicant’s creditworthiness, financial condition, business model.

If the projected monthly bank volume exceeds $1,000,000 and there is no personal guarantee, obtain two (2) years of business financial statements or tax returns.

Unsatisfactory credit history include:

• Insufficient information to score (no credit score)

• Open bankruptcy

• Open foreclosure

• Unpaid tax liens

• Open judgments

• Unpaid charge-offs and/or collections (excluding medical up to $5,000) totaling greater than $500 cumulatively.

All findings must be carefully documented.

Enhanced Due Diligence (EDD)(High Risk/Restricted)

Enhanced Due Diligence is conducted on higher risk merchants. The EDD review includes a more thorough review of the merchant’s finances, prior processing history, billing and website practices, reputation, public record search, credit, and Fulfillment House Reference Checks.

EDD Package

All items listed on the EDD checklist are standard underwriting requirements for all restricted type merchants.

Merchant Executive Summary

Purpose
The Merchant Executive Summary should be used for merchants on the restricted list that require Enhanced Due Diligence (“EDD”). This summary serves as a risk assessment tool to support approvals and document underwriting decisions. It helps underwriting teams provide a well-documented rationale when processing high-risk or restricted merchants.

Usage
Underwriters must complete the Merchant Executive Summary when evaluating merchants that fall under restricted categories. The summary incorporates findings from the EDD process to support underwriting decisions. For example, if a merchant is categorized under a restricted industry such as CBD oil sales, underwriters will verify applicable EDD requirements, document compliance, and include the findings in the Merchant Executive Summary to justify approval.

Responsibilities

  • Underwriting Associates are responsible for preparing the Merchant Executive Summary for restricted merchants.
  • Underwriting Associates must ensure all required EDD documentation is collected and verified before submission for approval.
  • The Underwriting Director will review and sign off on merchant approvals recommendations.

Restricted Merchants

Restricted merchants are higher risk and may only be onboarded after a  meticulous review and knowledge of enhanced risk monitoring until the risk is eliminated. Instances such as an approved restricted merchant type will require a merchant reserves to mitigate the risk.  

Merchant Reserves

In deciding the merchant reserves, the following industry factors will be considered, the business model, return percentages, chargeback percentages, and anticipated volume. Unapproved exceptions must be relieved within 30 days. If the exceptions cannot be resolved within 30 days then either a merchant reserves needs to be implemented or terminate the relationship.  Exceptions include:

• Missing or positive OFAC result

• Prohibited merchant category

• Merchant volume or risk exposure exceeds ISO(s) underwriting approval thresholds.

• Suspected identity theft

Dispute Reduction Strategy in Underwriting

Cardholder Refund Flow

Ensure that each merchant’s receipt clearly displays:

  • The merchant’s full business address, and
  • Refund options that allow the cardholder to initiate the refund process directly from the receipt.

Refund instructions must be simple, accessible, and easy to understand, without requiring the cardholder to contact a third party.

 

Merchant Remediation Plan

When necessary, we may require the merchant to provide a Remediation Plan outlining corrective actions to reduce disputes and prevent potential chargebacks.

Customer Request for Information (“RFI”)

During the review anomalies and discrepancies may require further explanation. The Underwriter may request additional information or clarification from the merchant by using the merchant notification option in the platform.  The account will be restricted until the merchant responds.

Approval Process

1. Initial Underwriting

  • Customer Identification Program (CIP):

        In the approval process the Senior Underwriter:

  • Collects the customer’s identification details.
  • Verifies the authenticity of the identification documents using a verification process which may include third-party verification services.
  • Ensures that the customer does not appear on any relevant regulatory or restricted watchlists, such as OFAC, PEP, MATCH.
  • Assigning Merchant Category Code (MCC):

The Senior Underwriter:

  • Verifies the appropriate MCC is assigned based on the type of business.

2. Customer Due Diligence (CDD)

  • Basic CDD:

The Senior Underwriter:

  • Verifies the business registration details using official government or regulatory websites.
  • Confirms the business address and contact details through reliable sources.
  • Checks for adverse media or negative news on the business and its principal(s).
  • Enhanced Due Diligence (EDD):

For high-risk customers, the Senior Underwriter:

  • Conducts a deeper investigation which may include:
  • Comprehensive background checks on the business owners and key executives.
  • Reviews the business’s financial and prior processing statements and banking history.
  • Confirms investigation of previous legal or regulatory issues.

3. Escalation and Reporting

The Senior Underwriter:

  • Escalation:
  • If any red flags or concerns arise during CIP or CDD, the underwriter escalates these findings to the compliance team.
  • Any anomalies or discrepancies identified during this review are escalated appropriately, including checks against MATCH, OFAC, and negative news sources. Additionally, requests for clarity from the customer are made to address any unresolved questions or anomalies.
  • The underwriter uses an escalation form to document the issues and provides detailed information about the concerns.
  • Reporting:
  • The underwriter documents all findings, actions taken, and decisions made during the underwriting process.
  • The underwriter ensures that the documentation is thorough and provides a clear audit trail for future reference.

4. Approval Threshold

  • Determining Approval Readiness:
  • After completing CIP and CDD (including any necessary EDD), the underwriter evaluates if the completed application meets the predefined approval criteria.
  • The underwriter marks the application as ready for peer review if it meets the threshold.

5. Peer Review and Approval

  • Assignment to Peer:

The application is then assigned to another underwriter (peer) for an independent review.

  • Re-evaluation:

The peer underwriter reviews the entire application from the beginning, re-checking all steps performed by the initial underwriter.

The peer underwriter verifies that all CIP and CDD procedures were followed correctly and thoroughly.

  • Cross-Verification:

The peer underwriter may conduct additional checks or verifications if necessary.

The peer underwriter ensures that all compliance requirements are met and that the risk assessment is accurate.

  • Further Checks:

If there are discrepancies or additional checks required, the peer underwriter completes these before making a final decision.

The peer underwriter communicates any issues back to the initial underwriter for resolution if needed.

6. Approval Decision

  • Approval:
  • If the peer underwriter confirms that all requirements are met and there are no unresolved issues, the peer underwriter approves the application.
  • The peer underwriter documents the approval decision and any relevant notes.

  • Approval for merchants that need approval by Sponsor (restricted, high risk MCCs and PEP confirmed)

The Underwriter has the authority to fully underwrite and provide initial approval (after cross-checking with the Senior Underwriter) for merchants not meeting the requirements of the Credit Authority Approval Thresholds. These thresholds are designed to ensure that merchant accounts with higher risk potential receive appropriate Underwriter and/or Bank level exception approval before processing can begin. The Underwriter should provide recommendations for initial approval or declination.

Merchants receiving initial approval or declination will be reported to the Sponsor on a daily basis within the New Merchant Approval Report. It is the responsibility of the compliance team to provide the Sponsor with this report.

The Sponsor will review the list for any information that might raise concerns. Examples of such information include, but are not limited to:

  • Merchants considered high-risk according to Card Brand regulations;
  • Merchants needing registration with one or more Card Brands;  
  • Merchants exceeding Give Corporation's signing authority threshold;
  • Merchants previously closed by the Bank;
  • Merchants suspected of selling potentially illegal goods or services.

7. Final Documentation

  • Comprehensive Documentation:
  • The underwriter ensures that all steps, decisions, and actions taken are documented in detail.
  • The underwriter maintains a clear and thorough record in the underwriting system.

8. Ongoing Monitoring

  • Continuous Monitoring:
  • After approval, the Risk Manager ensures that the merchant’s activities are continuously monitored for compliance with all regulations.
  • The Risk Manager uses automated tools and manual reviews to detect any unusual or suspicious activities.
  • The Risk Manager periodically reviews the merchant’s account and transactions to ensure ongoing compliance and to identify any new risks.

9. Post-Approval EDD Requests from Sponsor Bank

In cases where the Sponsor Bank or acquiring partner submits additional Enhanced Due Diligence (EDD) questions after a merchant has been approved, the following process will apply:

  • The Compliance Team will receive and review the inquiry from the Sponsor.
  • If the request relates to risk category updates, MCC reassignment, or EDD clarifications, the Compliance Team will notify the Underwriting Team.
  • The Underwriting Team is responsible for evaluating the request and responding directly to the Sponsor.
  • The Compliance Team will also notify the acquirer that Underwriting will follow up accordingly to complete the process.

Beneficial Ownership

Beneficial Ownership certification is part of customer onboarding. The beneficial ownership information is collected on GiveSync on the customer’s Beneficial Ownership section.  The following are exempt from beneficial ownership certification on GiveSync:

• Sole Proprietorships

• Unincorporated Associations

• Natural Persons

• Trusts - Other than Statutory

• Government Agency

• Banks

• US Government

• Listed Companies

• Exchange or Clearing Agencies

• Bank Holding Company

• Registered Public Accounting Firm

• Foreign Person

• Registered Investment Company

• State Regulated Insurance Company

The following do not need beneficial owners only the controlling individuals information:

• Non Profits

• Charities

 

Direct Ownership Versus Ultimate Beneficial Ownership

Relating to Beneficial Ownership a direct owner directly owns the entity or owns at least 10% of the entity. A direct owner could be an individual or another entity.

An Ultimate Beneficial Owner (“UBO”) is an individual who indirectly owns the entity(ies). This could be through one or several entities.

Beneficial Ownership Triggering Events

Beneficial Ownership information should be collected at onboarding for a new account (Merchant ID). The following are events that will trigger collecting and verifying the beneficial ownership information.

• Adding a New Merchant Location

• Beneficial Owner Changes

• Known Death of a Beneficial Owner

• Change in Address, Phone Number, Business Name, etc.

• Change in Account Signers

• Known Sale of a Company

• Processing Changes

• Risk Events

• Data Compromises

• Significant or Unexplained Activity

• Periodic Reviews

• Visa/MasterCard Registration Changes

Change in ownership or business type location

For merchants that experience a change in name, address, additional locations, ownership or a change in business type (e.g., from brick-and-mortar to e-commerce), the Underwriter must review the new owners and new location for adherence to Credit, MATCH, and OFAC policies listed above. The steps for onboarding a new merchant should be followed. All documentation must be current at the time of review.

Additionally, the Underwriter must:

  • Complete a new application.
  • Obtain and review updated business licenses and permits.
  • Verify the new ownership structure with legal documents such as Articles of Incorporation or Partnership Agreements.
  • Request and examine recent financial statements and tax returns for the new owners.
  • Confirm the physical address and contact information for the new business location
  • Confirm the new location is the same entity..
  • Ensure that the new business type aligns with the merchant application and industry standards.
  • Obtain proof of insurance that reflects the new business type and location.
  • Obtain projected volume for the new location.

If any of these documents are not provided by default, the Underwriter is obliged to request them. All findings, including any discrepancies or additional information provided, must be thoroughly documented.

Searches

MATCH Check

The Members Alert to Control High Risk (“MATCH”) list is maintained by the card brands for businesses and principals terminated by acquirers for the following reasons:

  • Counterfeit cards,
  • Excessive fraud,
  • Excessive chargebacks,
  • Other high risk business practices.

 Further investigation will be required for merchants/principals on the MATCH list for clarity. A decision to onboard will only be made if there is no potential risk exposure.

MATCH List Review Standard Operating Procedure (SOP)

This section outlines the standard process for reviewing and responding to a MATCH list alert involving a merchant or a related party (e.g., officer or director) during the underwriting process.

The SOP is initiated when a MATCH list alert is returned during screening of a merchant or any related individual (e.g., principal, beneficial owner, controller, or director).

Step 1: Request Explanation

  • The Underwriting Team must contact the individual listed and request a written explanation, including:
  • The nature and date of the event that triggered the MATCH listing.
  • Whether it relates to prior merchant activity, personal data breach, or other context.
  • Any steps taken since the incident (e.g., credit monitoring, account closures).

Step 2: Request Supporting Documentation

  • Request one or more of the following to support the explanation
  • A credit report showing no recent adverse activity.
  • A notification letter or email from the third-party agency.
  • Any other relevant documentation (e.g., identity theft affidavit, police report, data breach notice).

For Step 1 and Step 2: To contact and request information the underwriting Team should use the MATCH List Attestation - TEMPLATE.

Step 3: Internal Review

  • The Compliance or Senior Underwriting personnel will:
  • Review the explanation and documentation for consistency.
  • Confirm the MATCH alert is not tied to past merchant fraud, chargebacks, or regulatory violations.
  • Assess residual risk and determine whether onboarding can proceed.

Step 4: Prepare Compliance Memo

  • Prepare an internal Compliance Memo summarizing the review outcome, including:
  • Summary of merchant-provided explanation.
  • Compliance findings and determination.
  • Statement of risk assessment.
  • File the memo in the merchant’s underwriting profile.
  • If the merchant is approved, attach the memo to the MATCH task record in the platform.
  • The Compliance Team should use the MATCH List DD Memo – Template.

Step 5: File Documentation

  • Store all collected evidence, explanation, credit reports, and the memo in the merchant’s underwriting file.
  • Ensure clear documentation of decision-making in case of external review by sponsor banks or card brands.

Identification and Escalation of Issues

Identification and Verification

During the due diligence process, it is crucial to thoroughly identify and evaluate any potential issues that may arise. This includes screening against various databases and watchlists such as MATCH (Member Alert to Control High-Risk Merchants), OFAC (Office of Foreign Assets Control), and lists of Politically Exposed Persons (PEPs) and Non-Resident Aliens (NRAs). Each of these categories represents specific risks that require careful attention.

  1. MATCH Screening
  1. Verify that the entity or individual is not listed on the MATCH database.
  2. Note any flags for high-risk merchants, indicating prior fraudulent or risky behavior.
  1. OFAC Compliance
  1. Check the entity or individual against the OFAC sanctions list.
  2. Ensure compliance by verifying no business is conducted with countries, individuals, or entities involved in terrorism, narcotics trafficking, or other illegal activities.
  1. PEP Identification
  1. Identify if any key individuals are Politically Exposed Persons.
  2. Conduct additional scrutiny due to the higher risk of corruption or bribery associated with their political positions.
  1. NRA Considerations
  1. Identify any Non-Resident Aliens involved.
  2. Assess additional risks due to foreign jurisdiction and potential lack of transparency.

Account Changes

Account changes and its ownership will be verified. Verification methods include uploading bank statements, bank confirmation and verified third party subscription. Account changes will verify the CIP and CDD/EDD changes.

Red Flags

Red flags are indicators to review thoroughly and when necessary escalate to the Compliance team.

Colluding Merchants

This involves forced transactions without a code. Collusion between the merchant, and or its employees who knowingly process transactions on reported lost, or stolen credit cards. These merchants do not fight push back on the forced transactions. 

New Merchant Bust-Out Schemes

A new fake business is set up. The merchant opens several merchant accounts with various banks at a time to process as many transactions within a short period. The processed transactions are from fraudulent credit cards. No goods or services are rendered. Once the merchant receives the funds they are gone.

Sales Draft Laundering or Factoring

A fraudster posing as a merchant asks an unsuspecting or financially distressed merchant if they can deposit sales drafts in their account for a percentage of the proceeds. This fraudulent activity will continue for a short time. Resulting in the merchant not having enough funds to cover the chargebacks.

Merchant Cash Advances

A merchant uses their own credit card for a purchase, usually a large even dollar transaction. However, no goods or services are exchanged. The activity is conducted to fund the merchant’s account because usually these merchants have financial difficulties.

Merchant Credits

Someone fraudulently makes a credit return on their credit or debit card. However, there is no return of goods to match the credit. This is similar to the fraudulent merchant cash advance scam.  The credit is either used to offset the credit card balance or withdrawn as cash from an Automated Teller Machine (“ATM”).

Telemarketing Scams

Individual customers make a purchase from a telemarketer. The price of the product is usually much lower than the price the customer is charged.  The customer is charged repeatedly either monthly, same day or within a short period of time.

Escalation Process

Upon identifying any issues in the aforementioned areas, promptly escalate them to the compliance teams. The escalation should include:

  • A detailed report of the findings
  • Potential risks
  • Recommended actions

The compliance team will:

  1. Review the escalated issues.
  2. Determine if further due diligence is necessary.
  3. Request additional information if required.
  4. Implement specific risk mitigation measures if necessary.

This process ensures that all concerns are addressed appropriately and that the entity or individual meets all regulatory and compliance standards before proceeding with the business relationship.

Politically Exposed Person ("PEP") Escalations Procedures

Who is a PEP?

A Politically Exposed Person is a foreign individual who is in an influential public position or is a close family member or close associate of the influential public figure. The time out of the influential public position should be considered for former PEPs.

Currently, Give Corporation (“Give”) is only doing business with domestic customers. However, these procedures exist should Give determine a customer is a PEP.

Risk Factors

PEPs present varying risks. Higher risk PEPs require Enhanced Due Diligence and consistent monitoring to better understand the nature and purpose of the accounts and relationship. The following are risk factors to be aware:

  • Access to funds that may be proceeds of corruption and illegal activity.
  • Nonresident aliens
  • Vendors
  • Embassy, Foreign Consulate, and Foreign Mission Accounts

Reg Flags

  • Large amount of funds from a government entity.
  • Transactions that are not consistent with the stated nature of business
  • Transactions involving Embassy, Foreign Consulate, and Foreign Mission Accounts
  • Transactions involving foreign entities

Responsibilities

It is everyone’s responsibility to escalate potential PEPs to the Compliance Team.

The Compliance Team will review the potential PEP and determine if they are truly PEPs. The Compliance Team is responsible for maintaining a PEP record log. Ongoing monitoring and Enhanced Due Diligence will be conducted on the PEPs on record. The Compliance Team will enforce the requirements outlined in this procedure.

Record Retention

PEP records will be kept on file for five (5) years after accounts are closed.  

OFAC Escalations Procedures

Risk Factors

The following parties, products and services have higher OFAC risks.

  • Nonresident aliens
  • Concentration/Settlement Accounts
  • Vendors
  • Automated Clearing House(“ACH”)

OFAC Screening Methods

OFAC screenings will be conducted using OFAC website search. The third party vendor will ensure its lists are timely updated when there are updates to the varying lists. OFAC screening will be conducted on new accounts prior to any transactions being conducted with the exception of the initial deposit. OFAC screening will also be conducted on customers, employees and third party vendors periodically.

OFAC Licenses

OFAC Licenses are permission granted for certain prohibited OFAC transitions if it does not undermine the OFAC sanction program. There are two (2) types of OFAC Licenses, general licenses and specific licenses.

Reg Flags

  • Name variations close to name matches
  • Partial name matches
  • Partial name of the designee’s location
  • Partial matches

Responsibilities

It is everyone’s responsibility to escalate potential OFAC hits and OFAC Licenses to the Compliance Team.

The Compliance Team will review the potential OFAC hits and determine if they are true hits. The compliance team is responsible for following the necessary regulatory requirements of documenting, blocking or rejecting, reviewing OFAC Licenses and contacting OFAC. If necessary, the transaction will be reported to OFAC within the (10) days of the occurrence. The total amount of blocked transactions including interests as of June 30 will be reported to OFAC by September 30 of each year. The Compliance Team will enforce the requirements outlined in this procedure.

Record Retention

OFAC records including licenses will be kept on file for five (5) years after the relationship is closed or five (5) years after the release of the blocked property.  

Reporting

The underwriting reporting process ensures comprehensive oversight and regulatory compliance through detailed documentation and analysis. This includes the creation of the New Merchant Approval Report, which identifies and reviews new merchants, particularly those with restricted and high-risk merchant category codes (MCCs) requiring prior approval before onboarding.

Enhanced due diligence (EDD) procedures are documented to highlight any escalations related to MATCH, OFAC, PEPs, NRAs, and negative news sources.

Additionally, the preparation of Suspicious Activity Reports (SARs) for any suspected violations ensures potential risks are thoroughly investigated and reported. All findings and resolutions are meticulously recorded to provide a clear and transparent audit trail for final approval decisions.

Suspicious activity identified during the underwriting process must be immediately reported to the Sponsor.

  • Positive OFAC match
  • Identify theft
  • Any other activity that is deemed to be suspicious

It is the responsibility of the compliance team to ensure the SAR report is provided to the Sponsor.

  1. New Merchant Approval Report (includes restricted & high risk MCCs that need prior-approval to onboarding)
  2. SAR - Suspicious Activity Report (Suspect Violation Report)
  1. SAR Overview Report:

https://docs.google.com/spreadsheets/d/1QxzXVsMUoswwwyDABZunSpkn_1txN2CdwmZtG84oW5I/edit?usp=sharing

  1. Specific SAR Template

https://docs.google.com/document/d/12yL2qLxiWprj3ELcZh8GNgScIgNA1k9IUWg7NiiJLOA/edit?usp=sharing

Periodic Review

Periodic reviews are conducted to evaluate accounts designated as higher risk based on product/service delivery methods, industry sales volume, and/or operating integrity. The goal is to assess financial worthiness through ongoing reviews of current financial statements, tax returns, bank references, trade lines, personal credit history of owners, website reviews, etc., to ensure the merchant can continue operations and meet their obligations to customers.

For mail order/telephone order (MOTO) merchants, where at least 40% of transactions are via mail or telephone, the XY team must monitor the following periodically, but no less than annually:

  • Verify the merchant's phone number
  • Obtain and review copies of shipping, billing, cancellation, and return policies, or the completed MOTO form
  • Obtain and review copies of relevant materials, including catalogs and brochures
  • Verify the customer service address

For e-commerce merchants, where at least 40% of transactions are via the Web, Give Corporation must review the following periodically, but no less than annually. Give Corporation may outsource this function to a vendor specializing in merchant web content monitoring. Give Corporation will monitor web content reports to stay aware of any website violations.

  • Confirm the merchant is using a PCI-compliant payment gateway to accept credit card transactions
  • Access the merchant's website to confirm the following:
  • Verify that the merchant name appears consistently throughout the website. If the shopping cart is a separate website, its URL must contain the company name
  • Add a copy of the home page and add it to the merchant file
  • Ensure full-color Card Brand marks are present
  • Confirm that the description of products and/or services remains consistent with the merchant application
  • Confirm that the pricing of products and/or services remains consistent with the merchant application
  • Confirm customer service contact information is accurate
  • Ensure any export or legal restrictions are properly disclosed, if applicable
  • Confirm that the delivery/shipping policy is present and aligned with the business model. Add copies to the merchant file
  • Confirm that the return/refund policy is present and aligned with the business model. Add copies to the merchant file
  • Confirm that the privacy policy is present and aligned with the business model. Add copies to the merchant file
  • Confirm that the accepted transaction currency is properly disclosed
  • Confirm that all links within the site do not lead to products or services not disclosed on the merchant application

Merchant Termination

There may be instances where a merchant's relationship will be terminated. When terminating a merchant relationship, the following steps will be taken:

  • Send the merchant a Letter of Termination.
  • Suspend the merchant’s processing capabilities.
  • If applicable, add merchant and principals to MATCH.

The following are reasons (but not exhaustive) to terminate a merchant relationship:

• Bank and/or its ISO(s) adds merchant category to the prohibited merchant list

• Merchant involved in deceptive practices or scams

• Collusive merchant

• Confirmed bust-out merchant

• Laundering of sales drafts

• Consistently exceeds processing thresholds

• Excessive chargeback activity

• Processing of counterfeit transactions

• Processing of unauthorized transactions

• Confirmed fraudulent activity

• Card Brand mandated closure

• Increased loss exposure

• Violation of merchant agreement

• Violation of Card Brand operations and/or rules

• Sale of illegal product and/or services

• Industry trends indicate business method may pose additional risk/loss exposure

Training

Each employee must complete required training. Failure to do so may result in disciplinary actions. Below are some of the training materials that are available to equip the Underwriting Team.

Role-specific training

Anti-Money Laundering (AML) / Bank Secrecy Act (BSA): Training on detecting and reporting suspicious activities.

Know Your Business (KYB): Procedures and best practices for business identification and due diligence.

Know Your Customer (KYC): Procedures and best practices for customer identification and due diligence.

Beneficial Ownership: Methods for calculating ownership percentages and practical steps, tools and software for verification

Office of Foreign Assets Control (OFAC): Understanding and complying with OFAC sanctions programs

Risk Assessment and Management: Techniques for evaluating and managing risk in underwriting.

Corporate Training: 

Anti-bribery/Corruption: Train underwriters to detect and prevent bribery and corruption by evaluating applicant integrity, business practices, and compliance with laws.

UDAAP: Ensure underwriters identify and prevent unfair, deceptive, or abusive practices by assessing product terms, marketing practices, and customer disclosures for fairness.

Conflict of Interests: Train underwriters to identify and manage conflicts of interest, ensuring transparency and impartiality in decision-making.

Bankruptcy: Educate underwriters on handling bankruptcy cases by evaluating financial history, recovery efforts, and current financial stability of applicants.

Compliance

Merchant Agreement

Record Retention

All information related to the underwriting process must be retained for at least five (5) years after the account is closed.

Exhibit A: Restricted Sub-merchant types Requiring Pre-Approval

Sub-merchant types requiring team pre-approval by sponsor bank

  • Signed merchant application/agreement with all fields completed
  • Executive Summary (written description detailing business practices)
  • Signed merchant attestation, where noted
  • Proper MCC Designation
  • Beneficial Ownership Certification
  • MATCH
  • OFAC
  • Credit
  • Proof of ownership of the business
  • Site Survey
  • Voided check/signed bank letter
  • Merchant Profile Analysis or MOTO form (if card not present)
  • Website Review Checklist (if ecommerce)
  • 3 months of previous processing statements
  • Processing Analysis (to include Ratio of both # and $ Chargebacks and Refunds)
  • Business Financial Documentation (examples below)
  • Business bank statements
  • Business tax returns
  • Business balance sheets
  • Business profit and loss statement
  • As with any merchant account request, the underwriting review process may uncover additional requirements
  • not already identified within this guide. Bank staff will work with ISO staff to obtain any additional
  • information/documentation that will assist in the underwriting review process.

Note: According to card brand Discover, MCC 5723 (Guns and ammunition shops, firearms and ammunition merchants) is only permitted in states California, Colorado, and New York, legally required. These relevant merchants need to be designated with MCC 5723 by May 1, 2025.

Direct sales of Guns and ammunition shops, firearms and ammunition merchants to consumers is prohibited.

Exhibit B: Restricted Sub-merchant Categories Requiring Pre-Approval

Merchants listed in this category may be considered by Chesapeake Bank for approval. Merchants require enhanced due diligence. Additional pricing may apply.

  • Hemp-derived CBD products (no ingestible products permitted to include food or dietary supplements)
  • Certified Charitable Crowd Funding
  • Cloud Based Storage (no Cyberlocker merchants)
  • Card Present Firearm, Firearms Parts, Ammunition and Accessory Sales
  • CNP Business to Business Firearms, Firearms Parts, Ammunition and Accessory Sales
  • Debt Relief
  • Debt Collection (debt is in collectible status)
  • Direct and affiliate marketing of merchants associated with the Marijuana business
  • Direct and indirect sale of drug related paraphernalia and accessories
  • Hemp – Seeds, Oils, Cultivation (products must contain less than 0.3% THC)
  • Internet Providers
  • Medical and Dental Device Sales (Counterfeit and Expired are Prohibited)
  • Medical Plan Discount
  • Merchants appearing on MATCH
  • Merchants that request to modify the terms of their agreement
  • Mobile Payment Application/Providers/Developers
  • Multilevel Marketing - no physical product (must have 3 or more years good processing history)
  • Multilevel Marketing - physical product only
  • Multilevel Marketing - physical product only - affiliate marketing (must relate to physical product)
  • Search Engine Optimization (SEO) services
  • Short Term Consumer Lending
  • Supplements (also known as Nutraceuticals)
  • Tech Support (greater than 3 years history)
  • Telemedicine Services (as an ancillary service to routine office visits- cannot be the primary means of patient interaction)
  • Timeshare Sales (straight sales only)
  • Deferred Delivery Merchants as defined by MC rule

Exhibit C: Prohibited Sub-merchant types

Merchants listed in this category will not be considered for approval.

  • 5122 Drug, Drug Proprietaries, and Druggist Sundries - CNP
  • 5816 Digital Goods - Games for transactions involving skilled game wagering (for example: daily fantasy sports) - CNP
  • 5912 Drug Stores and Pharmacies - CNP
  • 5962 Direct Marketing - Travel Related Arrangements Services - CNP
  • 5966 Direct Marketing - Outbound Telemarketing Merchant - CNP
  • 5967 Direct Marketing - Inbound Teleservices Merchant - CNP
  • 5993 CNP Tobacco (to include ecigarette/vape products and accessories)
  • 7273 Dating and Escort Services - CNP
  • 7995 Betting (to include Lottery Tickets, Casino Gaming Chips, Off-Track Betting, and Wagers at Race Tracks)- CNP
  • Affiliate Marketing, Lead Generation (to include those within MLM)
  • Any product that contains Marijuana, THC
  • Any products, ingredients, distributors, etc. red flagged by LegitScript
  • Any substance deemed to be illegal and/or brand damaging - Synthetics, Kratom, Kava Kava, 'Shrooms, Bath Salts, etc.
  • Child pornography, beastiality, rape, non-consensual mutilation (by way of products, services, marketing material or
  • CNP Adult Content Video
  • CNP Direct to Consumer Firearms, Firearms Parts, Ammunition and Accessory Sales
  • Counterfeit Products of any kind
  • Credit Repair
  • Cryptocurrency
  • Cyberlockers (entity that facilitates access to remote digital file storage and sharing services)
  • Debt/Credit Counseling
  • Debt Collection (debt is not in collectible status)
  • Direct and Affiliate Get Rich Quick Schemes (to include within MLM)
  • Direct sale of Marijuana (MMJ), medical or otherwise
  • Fake Id's, Gov't Docs.
  • Gambling
  • Games of Skill, Games of Chance, Fantasy Sports, Daily Fantasy Sports, etc.
  • Government Lottery
  • High Risk Securities Merchants
  • Ingestible Hemp Products
  • Inhalants
  • Jammers
  • Money Service Business (MSB) and/or Money Transmitter Merchants
  • Mugshot removal
  • Multilevel Marketing - no physical product (less than 3 years processing history)
  • Negative Option
  • Online Auctions
  • Payday Lenders
  • Stored Value Card and/or Gift Card Resellers
  • Tech Support (less than 3 years history)
  • Telemedicine as Primary Service (medical offices/providers whose primary form of patient interaction is managed in a virtual setting)
  • Timeshare exit, deed/title transfer related services

Exhibit D: Prohibited Sub-merchant Categories

The following are Prohibited Categories. These are general categories, not all prohibited categories are represented in the following:

Affiliate Marketing

Affiliate Marketing merchants are generally responsible for directing consumers to merchant websites for purchases. The affiliate is then paid a "per click", "per sign-up", "per purchase" commission. Consumer activity is tracked and may ultimately be shared with/sold to other affiliates. This merchant vertical is known to be associated with a high

level of consumer harm. Any merchant whose primary business practice falls within this category is prohibited.

Lead Generation

Lead Generation merchants use consumer facing methods to gather contact information from consumers. These leads are then shared

with/sold to merchants operating in the industry for which the consumer is seeking to transact business. This merchant vertical is known to be associated with a high level of consumer harm. Any merchant whose

primary business practice falls within this category is prohibited.

Credit Repair

Merchants in this vertical market to consumers who are seeking to repair their creditworthiness. Credit repair companies are known to be associated with a high level of consumer harm by falsely promising to improve scores or remove negative information on a credit report. Any merchant operating in this vertical is prohibited.

Debt/Credit Counseling

Organizations that advise consumers on managing money and debt. Counselors should be properly trained and hold appropriate certification where required.

Debt Collection - debt not in

collectible status

Merchants attempting to recover uncollectible debt are prohibited. Uncollectible debt may be described as one or more of the following:

  • Debt acquired where the source/terms cannot be confirmed
  • Debt in default or otherwise considered "bad"
  • Debt associated or targeted at a specific demographic race, gender, age group and/or ethnicity.

Telemedicine as Primary Service

The focus of this category are medical facilities and/or professionals that provide services in a primarily non-face-to-face environment. Due to the various stringent regulatory and card brand requirements associated with this industry the vertical is considered prohibited.

Timeshare exit, deed/title

transfer related services

Any timeshare related service that is not associated with a straight sale of property ownership is considered prohibited.

 
Note:

Note: According to card brand Discover, MCC 5723 (Guns and ammunition shops, firearms and ammunition merchants) is only permitted in states California, Colorado, and New York, legally required. These relevant merchants need to be designated with MCC 5723 by May 1, 2025.

Direct sales of Guns and ammunition shops, firearms and ammunition merchants to consumers is prohibited. 

The information contained herein is intended to provide a general overview of the Company’s policies and procedures relating to compliance with this Policy and does not constitute legal advice or a complete description of the laws and regulations relating to this Policy. The Company has made every effort to ensure the accuracy and completeness of this Policy.  This document is intended to provide guidance to employees of Company on how to comply with applicable laws and regulations related to this Policy. Employees should consult with the Legal or Compliance Department if they have any questions about the Policy or how to comply with it. Company reserves the right to modify or update this Policy at any time without notice. Employees are responsible for reviewing the Policy on a regular basis to ensure that they are aware of any changes. This Policy applies to all employees of Company, regardless of their position or location unless stated otherwise in the Policy. Employees are responsible for complying with the Policy and for reporting any suspected violations to their respective supervisor, the Legal Department, AMLCO or respective recipient of such violation as outlined in this Policy.

Copyright © GiveCorporation Inc. All Rights Reserved