Merchant Onboarding: Global Updates – June 2025

This June, new rules have been shaking up how merchants get onboarded—bringing tighter fraud checks, clearer crypto guidelines, and stronger AML measures:

• Visa’s Acquirer Monitoring Programme (VAMP) cuts through the noise on card-not-present fraud, balancing risk with smoother approvals
• FATF’s refreshed Recommendation 16 boosts payment transparency and cracks down on illicit cross-border flows
• From New Zealand to Singapore, fresh AML rules and digital onboarding updates demand sharper compliance—and smarter workflows

Stay ahead by adapting your onboarding to these changes without slowing down your merchant journeys.

‍

Global

Regulation Name: Visa Acquirer Monitoring Program (VAMP) Update

Effective Date: June 1, 2025

Issued By: Visa Inc.

Summary: Visa is consolidating its fraud and dispute monitoring into a single metric—the Visa Acquirer Monitoring Programme (VAMP) ratio—specifically for card-not-present transactions. This streamlined approach enhances Visa’s ability to identify elevated risk and enforce programme thresholds through targeted controls and, where necessary, assessments. The aim is to strengthen ecosystem integrity while reducing unnecessary friction for acquirers and their merchants.

Key Changes:

• Single Risk Metric: Fraud and dispute incidents are now aggregated into a single, comprehensive ratio that measures these events against total settled transactions. 
• Performance Levels:
  
  • Above Standard: When the VAMP ratio reaches 0.5% (or 50 basis points).
  • Excessive: When it reaches 0.7% (70 basis points) or higher.
• Merchant-Specific Limits: Thresholds are customised by region, accounting for transaction volumes and fraud/dispute frequencies to prioritise monitoring and intervention in higher-risk segments.
• Enumeration Monitoring: Acquirers must vigilantly monitor for “enumeration” and take prompt action when predefined limits are breached.

What This Means for Acquirers and Merchants:

‍Teams need to continuously monitor fraud and dispute rates together and implement stronger controls to avoid penalties. Early detection and proactive risk management are key to protecting both customers and the payment network.

Recommended Actions:

• Track your combined fraud and dispute ratios in real-time.
• Implementing risk profiles and custom scoring to determine if your numbers are above or exceeding the thresholds.
• Eliminate manual errors in underwriting with intelligent workflow routing and exception-based management
• Stay audit ready with structured, traceable onboarding records that support fast reviews and escalations
• Work closely with Visa or your processor to stay aligned with the program’s requirements.

How OnBoard Helps:‍

OnBoard automates risk and compliance workflows, helping acquirers quickly identify and manage fraud and dispute risks. With smart decision engines and real-time scoring, it reduces errors and speeds up onboarding—keeping you compliant with VAMP while improving efficiency.

Source: Visa Corporate Fact Sheet (2025)

‍

Initiative Name: Revised Recommendation 16 on Payment Transparency

Published Date: 18 June 2025, Compliance Required by 2030

Issued By: Financial Action Task Force (FATF)

Summary: The FATF has revised Recommendation 16 to strengthen transparency in cross-border payments exceeding 1,000 USD/EUR. This update enhances the detection of financial crime and bolsters sanction enforcement. It aligns closely with the G20’s drive to make international payments quicker, more cost-effective, and more transparent—all while protecting customers through advanced fraud prevention measures.

Key Changes:

• Payment Transparency: Streamlined requirements for information in payment messages to clarify sender and receiver details globally.
• Technology Use: New mandates to employ technology to reduce fraud and errors.
• Financial Inclusion: FATF is working with industry and civil society to balance transparency with privacy and data protection.

What This Means for Cross-Border Payments:

‍Financial institutions and payment service providers will need to upgrade systems to capture and transmit enhanced payment data. This will improve crime detection but requires investment in compliance infrastructure and collaboration across borders. Maintaining customer privacy and promoting access to financial services remain key priorities.

Recommended Actions:

• Upgrade Payment Systems: Ensure ability to collect and store full originator and beneficiary data for audits.
• Implement Fraud Controls: Leverage new technology requirements to prevent errors and abuse.
• Align with Privacy Rules: Work with data protection officers to balance transparency with legal requirements.
• Engage Stakeholders: Collaborate with regulators, correspondent banks, and civil society groups to stay aligned on evolving expectations.

How OnBoard Helps:‍

Onboard supports PSPs and financial institutions with flexible, scalable compliance tools designed to handle enhanced payment transparency requirements while safeguarding user data. OnBoard streamlines data collection, real-time risk monitoring, and audit-ready reporting to ease FATF compliance.

Source: Financial Action Task Force

‍

EMEA

European Union

Initiative Name: Update to High-Risk Third-Country List

‍Published Date: 10 June 2025

‍Issued By: European Commission

Summary: The European Commission has revised its list of high-risk third countries with strategic deficiencies in anti-money laundering and countering the financing of terrorism (AML/CFT) frameworks. The update reflects ongoing efforts to align the EU’s financial system with global standards and ensure robust safeguards against illicit finance.

Key Changes:

• New Additions: Algeria, Angola, Côte d’Ivoire, Kenya, Laos, Lebanon, Monaco, Namibia, Nepal, and Venezuela have been added to the list of high-risk jurisdictions.
• Removals: Barbados, Gibraltar, Jamaica, Panama, the Philippines, Senegal, Uganda, and the United Arab Emirates have been delisted following demonstrated improvements in AML/CFT compliance.
• Enhanced Due Diligence: Obligated entities within the EU must now apply enhanced vigilance when conducting transactions involving the listed high-risk countries.

What This Means for EU-based Financial Institutions:

‍Firms must reassess their risk exposure and onboarding frameworks in light of these changes. Enhanced due diligence measures must be implemented in real-time for countries involved in the newly listed jurisdictions, while standard procedures may be resumed for delisted countries. Cross-border partnerships, correspondent relationships, and trade finance transactions may all be impacted.

Recommended Actions:

• Update Risk Registers: Incorporate new high-risk jurisdictions into merchant onboarding risk assessments and due diligence.
• Enhance Screening Protocols: Adjust onboarding workflows and ongoing due diligence systems to flag activity linked to listed countries.
• Engage Compliance Teams: Provide internal briefings and updated training to reflect the revised country list.
• Communicate with Stakeholders: Notify relevant clients, partners, and correspondent banks of revised compliance requirements.

How OnBoard Helps:‍

Onboard assists EU-regulated entities in maintaining AML/CFT compliance with unlimited risk profiles and scoring, real-time watchlist updates, and configurable due diligence workflows. Our tools help institutions accommodate for changing risk profiles, enabling no-touch merchant onboarding.

Source: European Commission

‍

Regulation Name: No Action Letter on the Interplay between PSD2/3 and MiCA

‍Published Date: 10 June 2025

‍Issued By: European Banking Authority (EBA)

Summary:
The European Banking Authority (EBA) issued a no-action letter clarifying how crypto-asset service providers (CASPs) handling electronic money tokens (EMTs) should be treated under PSD2 and MiCA regulations. For merchant onboarding teams, this removes key regulatory ambiguities when dealing with EMT-accepting or crypto-enabled merchants operating in the EU. The letter outlines a transitional period through 2 March 2026 where PSD2 authorisation is not required, while maintaining core risk and fraud compliance expectations.

Key Changes:

• Authorisation Deferred: CASPs dealing in EMTs will not require PSD2 authorisation until after 2 March 2026.
• Selective PSD2 Enforcement: NCAs are advised to deprioritise provisions on safeguarding, consumer disclosures, and open banking during the transition.
• Ongoing Risk Obligations: Strong customer authentication, fraud reporting, and own funds requirements remain applicable to custodial EMT wallets.
• Scope Clarification: Crypto-fiat and crypto-crypto exchanges, and EMT-based purchases of crypto-assets, are not considered payment services under PSD2.

What This Means for CASPs and Payment firms:

‍Onboarding teams must still apply real-time risk checks, verify MiCA authorisation status, assess EMT exposure, and enforce core controls like fraud monitoring and strong customer authentication to manage risk and meet ongoing regulatory expectations during the transition period.

Recommended Actions:

• Map PSD2 and MiCA Overlap: Identify which services require future PSD2 authorisation.
• Prepare for Streamlined Authorisation: Align existing MiCA documentation with anticipated PSD2 requirements.
• Maintain Critical Controls: Implement SCA and fraud monitoring for all EMT payment accounts.
• Monitor Scope Exemptions: Confirm if services qualify for exclusion from PSD2.

How OnBoard Helps:‍

OnBoard enables CASPs and financial institutions to embed flexible workflows directly into merchant application forms, allowing crypto-related merchants to be assessed dynamically based on their regulatory and risk profile. With real-time risk scoring and automated routing, applications are escalated or fast-tracked based on EMT exposure, while exception handling ensures high-risk cases receive the appropriate level of review to keep onboarding efficient, compliant, and audit ready.

Sources: European Banking Authority

‍

America

United States

Regulation Name: GENIUS Act – U.S. Stablecoin Oversight Framework

Enacted Date: 18 June 2025 (Pending House Approval)

Issued By: U.S. Senate

Summary:

The U.S. Senate has passed the GENIUS Act, marking the first time stablecoin legislation has cleared either Congressional chamber. With strong bipartisan backing (68-30), the bill lays out a national framework for the issuing, trading, and safeguarding of stablecoins. Setting the stage for much-needed regulatory clarity in the digital asset space. 

Given that around 97% of stablecoins are pegged to the U.S. dollar, the move could have global implications. Even European institutions are taking note, with France’s Société Générale now working on a dollar-backed stablecoin after its euro version struggled to gain traction. 

Key Changes:

• Clear Standards for Issuers: Establishes federal rules for “Permitted Payment Stablecoin Issuers,” while allowing state-regulated players to operate under consistent national guidelines.
• Backed by Reserves: Requires all stablecoins to be fully backed by U.S. dollars, with monthly audits to prove it. 
• Compliance Matters: Enforces KYC and AML rules across the board. 
• Institutional Pathways: Opens the door for entities like banks, fintechs, and large corporates (e.g., Walmart, Amazon) to issue stablecoins under a clear, regulated model

What This Means for Digital Payments:

This bill sends a strong message: stablecoins are here to stay. Financial institutions, fintechs, and tech firms now have a roadmap to bring compliant, asset-backed digital tokens to market.

Recommended Actions:

• Verify stablecoin issuer status: Confirm that merchants only use stablecoins issued by federally or state-approved entities.
• Adjust merchant risk scoring: Apply real-time and dynamic risk scoring during onboarding based on stablecoin usage, issuer status, and live risk indicators.
• Implement real-time KYC: Integrate global watchlists with existing systems to detect high-risk stablecoin exposure

How OnBoard Helps:

OnBoard brings all these capabilities together with real-time risk scoring, global watchlist screening, and automated onboarding workflows tailored to stablecoin-accepting merchants.

Source:  Payments Journal

‍‍

Initiative Name: Interagency Request for Information on Payment Fraud

Enacted Date: 16 June 2025 (Comments Due by 16 September 2025)

Issued By: Federal Deposit Insurance Corporation (FDIC) and Federal Reserve System

Summary: In response to rising concerns over payment fraud (particularly cheque-related scams) US federal banking regulators have issued a public Request for Information (RIF) to guide future policy and oversight. The effort reflects a growing urgency to modernise payment security while safeguarding consumer trust. This move supports both public and private sector entities in combatting fraudulent schemes across an increasingly fragmented financial ecosystem. 

Key Changes:

• Interagency Collaboration: Improved coordination across regulators, Reserve Banks, and private institutions to address payment system vulnerabilities. 
• Educational Outreach: Expanded fraud awareness campaigns targeting consumers, businesses, and financial service providers.
• Regulatory Framework: Enhanced supervision with a special emphasis on detecting and preventing cheque fraud.
• Data and Technology: Stronger fraud data collection, analytics, and information sharing between institutions.

What This Means for Financial Institutions:

Banks, credit unions, and payment providers should prepare for expanded oversight and potential new obligations around fraud detection, particularly for legacy instruments like paper cheques. Regulatory expectations are shifting toward faster incident reporting, cross-institutional data sharing, and greater consumer transparency. 

Recommended Actions:

• Review Internal Controls: Reassess existing processes related to cheque and payment fraud mitigation.
• Engage in Consultation: Submit comments to shape upcoming policy changes and share industry best practices.
• Adopt Smart Technologies: Consider the deployment of advanced analytics and machine learning to improve fraud detection. 
• Prepare for a Paperless Shift: With a federal mandate to eliminate paper cheques by September 2025, accelerate digital payment transformation strategies.

How OnBoard Can Help:

Onboard’s anti-fraud capabilities provide real-time monitoring that align with evolving US regulatory requirements. Its flexible API-driven architecture enables institutions to rapidly deploy fraud detection measures across multiple payment channels.

Source: Federal Deposit Insurance Corporation

‍

APAC

New Zealand

Regulation Name: Phase 3 AML/CFT Amendments

Enacted Date: 1 June 2025

Issued By: New Zealand Department of Internal Affairs (DIA)

Summary: New Zealand’s Phase 3 reforms to its AML/CFT framework bring substantial new responsibilities for reporting entities, sharpening the focus on customer risk assessment and the supervision of online commerce platforms. These updates underscore the government’s ongoing commitment to modernising financial crime controls, aligning with evolving international expectations.

Key Changes:

• Customer Risk-Rating: Customer Due Diligence (CDD) now requires a mandatory risk assessment at onboarding and on an ongoing basis.
• Online Marketplaces Regulated: Platforms facilitating online sales or auctions are explicitly brought within the AML/CFT regime.
• Record-Keeping and Monitoring: Enhanced obligations for documentation and risk review aligned with the customer’s risk level.

What This Means for Reporting Entities:

Firms must implement or upgrade systems to assign, record, and update customer risk ratings dynamically, ensuring adequate CDD and ongoing monitoring. Online marketplaces will need to develop AML/CFT compliance frameworks, including vetting sellers and monitoring transactions.

Recommended Actions:

• Enhance CDD Procedures: Embed customer risk-rating into onboarding workflows and periodic reviews.
• Update Compliance Programs: Ensure online platforms have AML/CFT policies that reflect their new status as reporting entities.
• Train Staff: Provide guidance on recognising high-risk customers and documenting risk assessments accurately.
• Review Record-Keeping: Align retention policies with DIA guidance on auditability and traceability.

How OnBoard Helps:

Onboard assists institutions in meeting Phase 3 requirements with dynamic risk profiling, real-time customer due diligence, and flexible record-keeping to streamline merchant onboarding. It supports unlimited risk profiles and scoring, accommodating both traditional and online business models.

Sources: New Zealand Department of Internal Affairs

‍

India

Regulation Name: Updated KYC Framework for Customer Onboarding

‍Effective Date: 12 June 2025

‍Issued By: Reserve Bank of India (RBI)

Summary: The Reserve Bank of India has revised its Know Your Customer (KYC) norms to broaden the scope of digital onboarding for individuals and entities. This aims to promote financial inclusion, ease account opening, and support fintech innovation across the country. The updated framework introduces three distinct modes of customer onboarding to improve accessibility and compliance flexibility.

Key Changes:

Onboarding Options: Institutions may now onboard customers via:

• Traditional face‑to‑face verification
• Non-face-to-face (NFTF) methods
• Video-based Customer Identification Process (V‑CIP)
• Regulatory Flexibility: The new framework simplifies KYC obligations for regulated entities, particularly digital-first firms and payment service providers.
• Fintech Enablement: Digital merchants and fintechs can now scale onboarding processes while remaining within a compliant structure.

What This Means for Merchant Onboarding in India:‍

Merchant onboarding workflows must be flexible enough to embed RBI-approved KYC methods like video, face-to-face, and remote verification directly into the journey. This shift enables faster onboarding at scale, but also demands stronger real-time risk management for non-face-to-face channels to protect against rising fraud. 

Recommended Actions:

• Update KYC Protocols: Review and revise onboarding workflows to incorporate V‑CIP and NFTF models.
• Enhance Legacy Verification Tools: Integrate secure video and digital verification technologies in line with RBI specifications.
• Ensure Compliance Monitoring: Track customer lifecycle to maintain ongoing KYC compliance across all modes.
• Educate Teams and Partners: Train staff and third-party partners on the updated KYC standards and procedures.

How OnBoard Helps:‍

Onboard’s platform supports this shift by enabling fully configurable onboarding workflows that seamlessly integrate video KYC, face-to-face, and remote verification options. With built-in real-time fraud detection, biometric checks, and intelligent risk scoring, it ensures fast, secure merchant onboarding across all RBI-compliant channels. 

Source: Economic Times (India)

‍

Singapore

Regulation Name: Digital Token Service Providers (DTSP) Regulatory Regime

‍Effective Date: 30 June 2025

‍Issued By: Monetary Authority of Singapore (MAS)

Summary: The Monetary Authority of Singapore (MAS) has clarified the scope and application of its regulatory regime for Digital Token Service Providers (DTSPs), in line with the Financial Services and Markets Act 2022. The move seeks to address elevated money laundering risks associated with cross-border token services and ensure a robust licensing framework that balances innovation with oversight.

Key Changes:

• Overseas-Only Providers: DTSPs offering digital payment token or capital markets token services solely to clients outside of Singapore will require licensing. However, licences will generally not be granted due to limited regulatory oversight and elevated risk exposure.
• Singapore-Facing Providers: DTSPs that serve customers within Singapore are already under MAS’ regulatory scope and may also operate cross-border under current licences.
• Excluded Tokens: Services related only to utility or governance tokens remain outside the purview of this regime and are unaffected.

Transition Period:
DTSPs operating solely for non-Singapore clients must cease such activities from 30 June 2025 if unlicensed. MAS has communicated this stance since 2022 and has engaged directly with potentially affected entities to support an orderly wind-down.

What This Means for Digital Asset Providers:

‍Digital asset providers must strengthen merchant onboarding by assessing token-related activity, applying tiered risk checks, and ensuring clear disclosures in applications. MAS’s clarified rules also require robust fraud prevention and transaction monitoring from the start of the onboarding process.

Recommended Actions:

• Map Client Base: Determine if your service reaches Singaporean users.
• Review Token Types: Classify offerings into payment, capital markets, or utility/governance tokens.
• Seek Guidance: Contact MAS (AMLCFT@mas.gov.sg) for clarification on scope and obligations.
• Cease Unlicensed Activities: Ensure discontinuation of high-risk, non-compliant cross-border services by the effective date.

How OnBoard Helps:‍

OnBoard equips payment providers and DTSPs by strengthening merchant onboarding with in-built risk controls that flag token-related risks early. Automated workflows route merchant applications based on their risk exposure, enabling faster approvals for low-risk merchants and deeper reviews where required. With real-time monitoring and ongoing due diligence, providers can proactively detect fraud, manage transactional risks. 

Source: Monetary Authority of Singapore