Payload, LLC

Compliance &
Underwriting Training

AML · KYC/KYB · Sanctions Screening · Underwriting Standards

Audience
UW, Risk & Compliance Roles
Est. Time
15 – 20 minutes
Passing Score
16 / 20  (80%)
Frequency
Annual
Section 1 of 4

Anti-Money Laundering (AML)

Policy basis: Payload AML Policy · Bank Secrecy Act · USA PATRIOT Act · PCMLTFA

What Is Money Laundering?

Money laundering is the process of making illegally obtained funds appear legitimate. It typically moves through three distinct stages:

StageNameWhat It Looks Like
1PlacementPlacing unlawful cash into the financial system via deposits, wire transfers, or payments.
2LayeringSeparating illegal proceeds from their source through complex financial transactions to obscure the trail.
3IntegrationReintroducing laundered funds through seemingly legitimate transactions — loans, invoices, property.

Payload's AML Obligations

As a payment facilitator, Payload is not classified as a money transmitter in the U.S., but has contractual obligations to maintain a good-faith AML program. In Canada, Payload is a registered money services business (MSB) with full PCMLTFA obligations.

Reporting Thresholds — Know These

ScenarioThreshold / Requirement
Suspicious Activity Report (SAR) — suspect identified$5,000 or more
Suspicious Activity Report (SAR) — no suspect identified$25,000 or more
SAR filing deadline30 calendar days from initial detection (60 days if no suspect; 90 days for continuing activity)
Currency Transaction Report (CTR)$10,000 or more in currency
Canada: Electronic Funds Transfer ReportInternational transfers of $10,000+ (aggregate within 24 hours)
AML record retention periodMinimum 5 years
📋
Key Rule
All employees must report suspected money laundering to the AML Compliance Person immediately. The AML Compliance Person is responsible for referral to service partners for SAR filing and for escalating to Senior Management.
🔒
Tipping-Off Is a Federal Crime
Once a SAR has been filed, is being prepared, or is under consideration, you may not disclose that fact to the subject of the report, the merchant, the cardholder, or any other unauthorized party. Disclosure of a SAR is a federal crime under 31 U.S.C. § 5318(g)(2). Equivalent prohibitions apply under Canadian law.

Internal Controls — What We Monitor

Section 2 of 4

Know Your Customer / Know Your Business

Policy basis: Payload Underwriting Policy & Procedure · FinCEN CDD Rule

The CDD Rule — Beneficial Ownership

Under the Customer Due Diligence (CDD) Rule of the Bank Secrecy Act, Payload must verify the identity of all owners, partners, or principal shareholders with 25% or more ownership before any account can be approved. For publicly traded companies, only a controller verification is required.

⚠️
Non-Negotiable Threshold
Any individual with 25% or greater ownership must be fully verified. This is a BSA requirement — it cannot be waived by any individual reviewer.

What Must Be Verified Before Approval

CategoryRequired VerificationPrimary Source
Business Entity (KYB)Legal name, state of incorporation, start date, Tax ID, address, phone, website, industryMiddesk
Owner / Controller (KYC)SSN, full name, date of birth, address, phone type, business associationMicrobilt, IPQS, Twilio
Bank AccountAccount holder name matches entity; account active and in good standing; routing number validatedPlaid, AVS/EarlyWarning
OFAC / SanctionsNo match on SDN list or targeted countriesMiddesk
MATCHNo match on Mastercard terminated merchant fileJPM's account boarding API
PEP / Adverse MediaNo politically exposed persons or adverse media flagsMiddesk

Automatic Denial Criteria

The following conditions require denial. They cannot be overridden at the standard reviewer level:

Phone Verification Standards

Phone type matters and is verified via IPQS and Twilio.

🚫
Not Permitted
VOIP numbers and prepaid phone numbers are not acceptable. A mobile or landline number must be confirmed and the carrier name must match the applicant's name.

Exception Approvals

If any required verification element cannot be completed, the account cannot be approved at the standard reviewer level. The case must be escalated to senior management with documented rationale.

📝
Documentation Is Mandatory
Every exception must be logged — what was missing, why approval is being recommended, and who authorized it. Verbal approvals without documentation do not satisfy this requirement.
Section 3 of 4

Sanctions Screening & Watchlist Monitoring

Policy basis: Payload Underwriting Policy — Merchant Screening Procedures

Screening Requirements

Every sub-merchant application must be screened before activation. Active accounts are rescreened monthly. Inactive accounts are rescreened before reactivation.

Screen TypeWhat It ChecksPrimary Vendor
OFAC / SDNOffice of Foreign Assets Control Specially Designated Nationals list and targeted countriesMiddesk
MATCHMastercard Member Alert to Control High-risk Merchants — terminated merchant fileJPM's account boarding API
PEPPolitically Exposed PersonsMiddesk
Adverse MediaNegative news and risk-categorized media associated with the business or its ownersMiddesk
Canadian SanctionsConsolidated Canadian sanctions lists (Canadian sub-merchants only)Middesk

When a Possible Match Is Flagged

Match Review Response Times

PriorityRequired Response TimeNote
SevereImmediate — 24/7Funds already blocked before manual review begins
Major1 – 2 business days
Urgent3 – 5 business days
Minor3 – 7 business days
🔒
All Screening Events Are Logged Automatically
The system records the vendor used, timestamp, data screened, and determination for every screening event — including who performed any manual review and what decision was made.
Section 4 of 4

Underwriting Standards & Documentation

Policy basis: Payload Underwriting Policy & Procedure

Risk Rating Standards

Every approved account must be assigned a risk rating that reflects the actual verification outcomes — not a default value.

RatingCriteriaApproval Requirement
LOWAll required verification elements confirmed. No flags or discrepancies.Primary reviewer may approve. Standard documentation required.
MEDIUMOne or more elements required additional follow-up or judgment to resolve.Secondary review required before approval. All steps documented.
HIGHSignificant flags present. Approval requires documented justification.Senior management sign-off required. Full exception documentation mandatory.

Required Documentation for Every Approved Account

Record Retention

Record TypeRetention Period
Underwriting recordsMinimum 5 years after merchant agreement terminates or expires
AML records (CTRs, SARs, exemption documentation)Minimum 5 years
🚨
Documentation Rule
If it is not documented, it did not happen. An approval with missing notes or unlinked documentation is not an acceptable completed record — regardless of the outcome of the review.
You've completed all four sections
Click Next to begin the 20-question assessment. You need 16/20 (80%) to pass. Take your time — re-read any section using the Back button before starting if needed.
Assessment 20 Questions · 80% to Pass

Compliance & Underwriting Assessment

Select one answer per question. All questions must be answered before submitting.

⚠️ Please answer all questions before submitting.
Final Step

Training Acknowledgment

Complete the form below to confirm your completion of this training.
I acknowledge that I have read, understood, and agree to adhere to the compliance policies and standards covered in this training, including Payload's AML Policy, KYC/KYB Procedures, Sanctions Screening requirements, and Underwriting Standards. I understand that failure to comply with these policies may result in disciplinary action.
🎓

Training Complete

You have successfully completed the Payload Compliance & Underwriting Training and passed the assessment.

Print this page or take a screenshot for your records. Submit this confirmation to your manager to complete the attestation in Thorough Pass.