Merchant Onboarding: Global Updates – September 2025

September brings major regulatory shifts shaping the future of merchant onboarding worldwide. From faster cross-border crime-fighting to Visa’s tougher fraud rules and the rise of stablecoins, these updates call for sharper due diligence and faster, smarter compliance.

• Global watchdogs unite to publish a practical handbook for faster cross-border cooperation against money laundering.
• Visa’s VAMP moves from advisory to enforcement, putting acquirers on the clock for consolidated fraud management. 
• The US GENIUS Act passes, setting the stage for stablecoins to challenge traditional payment rails. 

‍

Global

Regulation/Publication Name: Handbook on International Cooperation against Money Laundering

Effective Date: September 5, 2025 (Publication)

Issued By: FATF, Egmont Group, INTERPOL, UNODC

Summary:‍

The Handbook on International Cooperation against Money Laundering provides practical guidance to strengthen cross-border collaboration to tackle financial crime. It explains how criminals exploit gaps between national systems and introduces faster, more efficient approaches to international investigations. It includes tailored practical guides  for Financial Intelligence Units (FIUs), Law Enforcement Agencies (LEAs), and Prosecutors. 

Key Changes:

• Introduces informal cooperation mechanisms (secure messaging, direct exchanges, joint analysis) to complement traditional legal assistance.
• Provides actionable guidance for FIUs, law enforcement, and prosecutors to work together more effectively across borders.
• Highlights real-world case studies demonstrating the successful impact of international collaboration.
• Aims to address the consistent global weakness in investigating, prosecuting, and sanctioning money laundering.

What This Means for PSPs & Risk Teams:‍

This handbook signals a global push for more efficient cross-border financial crime enforcement. For PSPs, this means:

• National authorities will increasingly collaborate informally and in real time.
• Information requests may arrive faster than before, requiring quicker responses.
• Compliance processes will face higher scrutiny to keep pace with accelerated investigations.

Recommended Actions:

• Review internal procedures for responding to international requests to ensure they can accommodate faster, informal co-operation channels.
• Strengthen internal capabilities for rapid intelligence analysis and information sharing in a secure manner.
• Ensure your transaction monitoring and customer risk assessment systems are robust enough to identify complex, cross-border laundering schemes.

How OnBoard Helps:‍

OnBoard’s automated risk and compliance workflows are built for speed and accuracy, enabling your team to respond swiftly to intelligence requests. Its real-time scoring and smart decision engine help identify complex, cross-border activity in line with the handbook’s emphasis on faster cooperation. The API-driven architecture ensures secure, efficient data handling across jurisdictions, while the platform’s auditable reporting with integrity stamps provides the transparency and accountability expected by global authorities. Book a demo to see this live. 

Source: FATF

‍

Regulation Name: Visa Acquirer Monitoring Program (VAMP)

Effective Date: 1 October, 2025

Issued By: Visa

Summary:‍

We are now coming to the end of the six-month advisory period for the Visa Acquirer Monitoring Programme (VAMP). Full compliance becomes mandatory from 1 October, 2025. The programme consolidates fraud and dispute management into a single framework, focused on reducing enumeration attacks and aligning global thresholds for card-not-present transactions.

Key Changes:

• Global fraud thresholds for domestic and cross-border card-not-present transactions now apply.
• Enumeration monitoring introduced, using transaction volume and attack rate criteria.
• Consolidation of frameworks: five previous fraud and dispute programmes merged into one.
• Remediation simplified: one streamlined process replaces 38 separate procedures.

‍What This Means for Acquirers:‍

From 1 October 2025, payment providers must strengthen checks at the start of merchant onboarding to identify high-risk merchants before they begin processing. Ongoing monitoring is also required to detect when fraud levels rise and to respond quickly. Failure to meet these expectations can result in penalties and increased scrutiny from Visa. 

Recommended Actions:

• Conduct a final review of fraud controls and transaction monitoring systems to ensure they meet VAMP standards.
• Validate that processes for identifying and mitigating enumeration attacks are fully operational.
• Prepare for potential audits or reviews by Visa to assess compliance status.
• Ensure all reporting and dispute management workflows align with the consolidated programme requirements.

How OnBoard Helps:‍

OnBoard strengthens merchant onboarding with automated AML checks that identify high-risk merchants before approval. Its real-time scoring and decision engine track transactions to detect when fraud or enumeration risks rise. With audit-ready reporting, acquirers maintain transparency and can respond quickly to Visa oversight.

Source: Visa Acquirer Monitoring Program

‍

EMEA

‍United Kingdom

Regulation Name: A Streamlined Approach to Payment Systems Regulation (Consultation)

Effective Date: Legislation to follow post-consultation; consultation closes 20 October 2025

Issued By: HM Treasury

Summary:‍

HM Treasury is consulting on abolishing the PSR and consolidating its functions into the FCA to streamline oversight, reduce duplication, and deliver a clearer, more coherent framework that supports competition, innovation and growth in payments. The goal is a clearer, proportionate regime that reduces overlap, supports competition, and makes it easier for PSPs to work with a single regulator.. 

Key Changes:

• The PSR’s economic regulatory functions (including competition, innovation, and service-user objectives) will transfer to the FCA.
• The FCA will oversee designated payment systems and their participants (operators, infrastructure providers, and payment service providers) under a revised framework.
• A single access regime will replace the current dual provisions under the Payment Services Regulations 2017 and the Financial Services (Banking Reform) Act 2013.

What This Means for PSPs and Payment Firms:‍

With the FCA taking over from the PSR, PSPs will report to one regulator instead of two. This simplifies compliance but also means stricter, clearer rules on merchant access and participation. Onboarding checks, KYB, and fraud monitoring will need to be stronger, as FCA oversight will make gaps easier to detect.

‍Recommended Actions:

• Update merchant onboarding forms to capture more detail on merchant ownership, structure, and system access.
• Review fraud monitoring and access controls to ensure they meet potential FCA-led participation standards.
• Map reporting lines currently split between PSR and FCA, and prepare for streamlined FCA oversight.
• Submit feedback to HM Treasury by 20 October 2025 to help shape access and participation rules.

How OnBoard Helps:‍

OnBoard’s Smart Forms let PSPs update merchant onboarding forms quickly with customisable, drag-and-drop designs that are white-labelled and code-free. This reduces manual work and speeds up merchant approvals. Automated AML checks apply unlimited rules and workflows, giving stronger due diligence from the start. The decision engine with real-time scoring improves fraud monitoring and flags risks faster, supporting FCA expectations on access and participation.

Source: Financial Conduct Authority (FCA)

‍

United Arab Emirates 

Regulation Name: DFSA Annual Anti-Money Laundering Return

Effective Date: 30 September, 2025 (Submission Deadline)

Issued By: Dubai Financial Services Authority (DFSA)

Summary:‍

The DFSA has issued a reminder and an accompanying FAQ for the mandatory submission of the Annual AML Return by 30 September 2025. This underscores the regulator's heightened focus on the completeness and accuracy of filings. The FAQ provides critical clarifications to help firms, particularly those in fintech and merchant acquiring, correctly interpret the return's requirements, ensuring their underlying Customer Due Diligence (CDD) and risk assessment practices are robust and current.

Key Changes:

• The FAQ clarifies that the obligation to file applies to all authorised firms, even those with limited or no business activity during the reporting period.
• It explicitly states that 'advising on' or 'arranging' high-risk products/services must be reported, capturing indirect risk exposure.
• Definitions for key terms like 'suspended' and 'terminated' customer relationships are based on their dictionary meaning. 
• Guidance confirms that a firm's responses on country risk (e.g., proliferation financing) must be directly informed by its own Business AML Risk Assessment (BARA).

What This Means for PSPs & Fintechs:‍

The Dubai Financial Services Authority (DFSA) is shifting focus from box-ticking to the quality of AML frameworks behind the data you submit. For onboarding teams, this means:

• KYC and CIP records must be accurate and up to date, not just formally collected.
• Risk ratings used in onboarding must reflect current realities, especially post-pandemic.
• Weak or inconsistent data in submissions can now trigger penalties or regulatory scrutiny.

‍Recommended Actions:

• Verify that your MLRO’s contact details are correct on the DFSA ePortal to avoid missing regulatory notices.
• Review the DFSA’s FAQ to clarify service reporting and customer risk review requirements.
• Update your Business AML Risk Assessment (BARA) so that risk ratings directly drive onboarding responses.
• Confirm that all merchant CDD files have been reviewed and updated within the required reporting period (1 August 2024 to 31 July 2025).

‍How OnBoard Helps:‍

OnBoard directly supports compliance by automating and centralising the risk and compliance workflows that underpin an accurate AML Return. Its smart decision engines ensure KYC/CIP records are maintained and flagged for periodic review, while its configurable rules engine helps maintain consistent customer risk ratings. This creates an auditable trail of CDD activities, providing the data needed for timely and accurate submissions.

Source: Dubai Financial Services Authority

‍

Saudi Arabia

Regulation Name: SAMA Announcement on Google Pay & Alipay+ Integration

Effective Date: Google Pay live from 15 September, 2025; Alipay+ support by 2026

Issued By: Saudi Central Bank (SAMA)

Summary:‍

SAMA has launched Google Pay via the national Mada network and announced future support for Alipay+. This initiative is part of the Financial Sector Development Programme under Saudi Vision 2030, aimed at enhancing the digital payments ecosystem. For acquirers, it introduces new mobile payment methods for customers, requiring updates to onboarding and payment routing systems.

Key Changes:

• Google Pay is now live for Mada cardholders, allowing secure card management via Google Wallet.
• Support for Alipay+ and other global wallets is planned for 2026.
• Acquirers must enable their systems to onboard and route payments from these new digital wallet schemes.
• Point-of-sale (POS) integrations require updating to accept these payment methods.

What This Means for Merchant Acquirers:

Payment providers must adapt onboarding so it supports new wallet schemes. This means:

• Onboarding forms should dynamically adjust for merchants offering digital wallets, ensuring a smooth setup and customer experience.
• Compliance workflows must capture the extra details required to verify merchants for wallet transactions.

Recommended Actions:

• Update merchant onboarding to handle registrations for new digital wallet schemes.
• Ensure payment routing logic can process transactions from Google Pay and, Alipay+.
• Review and update POS terminal software and integrations.
• Develop educational materials for merchants on accepting and promoting these new payment methods.

How OnBoard Helps:‍

With OnBoard, acquirers can bring merchants onto new wallet schemes seamlessly. OnBoard verifies each merchant through automated KYB/KYC checks and applies workflow rules specific to digital wallet customers. Dynamic onboarding flows capture only the details that matter, while the decision engine scores risk in real-time. This ensures merchants are ready for wallet acceptance from the start, and acquirers can scale onboarding confidently as demand grows. Optimise your merchant onboarding journey, get in touch with our team.

Source: Saudi Press Agency

‍

America 

United States

Market Development: Walmart & Amazon Eye Stablecoins

Issued By: The Wall Street Journal

Summary:‍

Walmart and Amazon are exploring the launch of their own stablecoins or the acceptance of existing ones at checkout. This could allow them to bypass banks and card networks while cutting billions in annual fees. For merchants, it signals the arrival of lower-cost, programmable payments. For PSPs and acquirers, it raises immediate questions about future transaction volumes and revenue streams.

Key Developments:

• Walmart spends an estimated 3 to 5 billion dollars a year on card processing fees, giving it a strong incentive to seek lower cost alternatives.
• Stablecoins offer faster, lower-cost, and more transparent payments than traditional card networks.
• Amazon, Expedia, Uber, Stripe, Shopify, and several airlines are also reported to be considering stablecoin adoption.
• The GENIUS Act has reduced regulatory uncertainty, making large-scale enterprise adoption more likely.

What This Means for Payment Service Providers (PSPs):

• Stablecoin onboarding options: PSPs must update merchant onboarding to support stablecoin acceptance alongside traditional card payments.
• Enhanced compliance checks: AML, KYC, and KYB processes need to account for stablecoins requirements during merchant onboarding.
• Risk management: PSPs must monitor for new risks such as transaction volatility, fraud attempts, or misuse of retailer-issued stablecoins.

Recommended Actions:

• Update onboarding processes: Build stablecoin acceptance into merchant onboarding flows so PSPs can support large retailers and other merchants exploring this option.
• Integrate compliance controls: Expand AML, KYC, and KYB checks within onboarding to cover wallet verification and digital asset transactions.
• Enhance risk management: Incorporate stablecoin-specific risks such as fraud, misuse, or regulatory uncertainty into onboarding risk assessments.

How OnBoard Helps:‍

OnBoard gives PSPs the tools to adapt merchant onboarding for stablecoin adoption. Smart Forms let providers update onboarding flows instantly to include stablecoin payment options. Automated AML, KYC, and KYB workflows ensure merchants accepting digital assets are screened effectively. The decision engine with real-time scoring highlights stablecoin-related risks during onboarding without slowing approvals. Talk to us about applying this to your onboarding, book a demo. 

Source: Wellesley Hills Financial

‍

United States

Regulation Name: Executive Order on Prohibiting Politicised or Unlawful Debanking

Effective Date: 7 August, 2025 (within 180 days) 

Issued By: The White House

Summary:‍

This Executive Order prohibits US financial institutions from closing accounts or denying services based solely on 'reputational risk' or a customer's political or religious beliefs. All decisions must be based on objective, risk-based criteria such as fraud or financial crime indicators. Regulators have 180 days to remove “reputation risk” from supervisory guidance and 120 days to review financial institutions for past debanking practices, with fines possible for non-compliance. 

Key Changes:

• Banks and financial institutions can no longer cite 'reputational risk' as a primary reason for denying services or closing accounts.
• Denial reasons must be documented using clear, measurable risk indicators (e.g., fraud, financial crimes).
• Federal banking regulators must purge 'reputation risk' from official guidance and examination manuals.
• Regulators are required to investigate institutions for past debanking and enforce remedial actions.

What This Means for PSPs:

• Objective onboarding rules: PSPs must base all merchant account approvals or denials on documented, risk-based factors such as fraud or AML concerns.
• Greater transparency: Underwriting and onboarding teams must provide clear justification for declines instead of relying on vague “reputation risk” criteria.
• Regulatory exposure: PSPs should expect reviews of past onboarding decisions and be prepared to demonstrate consistent, compliant practices.

‍Recommended Actions:

• Audit onboarding policies: Review PSP onboarding and underwriting processes to confirm they rely only on measurable, objective risk factors.
• Revise denial procedures: Update internal workflows so all declines are supported by specific evidence, not subjective reputation concerns.
• Train risk teams: Ensure onboarding and compliance staff understand the new requirements and apply them consistently.
• Strengthen audit trails: Prepare for regulatory reviews by keeping clear, transparent records of every account decision.

How OnBoard Helps:‍

OnBoard’s smart decision engine automates compliance workflows using real-time scoring and objective rules, removing subjective judgement from onboarding. Its API-driven architecture automatically creates a clear audit trail for every approval or decline, making it simple to show compliance during reviews. And because everything runs in one place, your teams can onboard merchants quickly and confidently, without losing sight of compliance. 

Source: The White House

‍

Canada

Regulation Name: FINTRAC Updated Guidance on Verifying Identities and Keeping Records (for Money Services Businesses)

Effective Date: 9 September, 2025

Issued by: Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)

Summary:‍

FINTRAC has tightened its customer identity rules, raising penalties for non-compliance under the Strong Borders Act (Bill C-59). The changes directly impact how PSPs onboard merchants, particularly Money Services Businesses (MSBs). Onboarding teams must apply stricter due diligence and record-keeping, especially when assessing higher risk sectors such as remittance, foreign exchange, and virtual currency.

Key Changes:

• Onboarding thresholds tightened: Identity verification must occur at lower levels:
  • ‍$1,000 for EFTs, remittances, and virtual currency transfers.‍
  • $3,000 for foreign exchange, cheque cashing, and negotiable instruments.‍
  • $10,000 for large cash or large virtual currency transactions (24-hour rule applies).

• Explicit requirements to verify beneficiary identities for international EFTs and virtual currency remittances of $1,000 or more.
• Broader onboarding scope: Crowdfunding platforms, transport services, and acquirer services for private ATMs are now explicitly covered.
• Clearer exceptions: Public bodies and large corporations may be exempt, but onboarding teams must apply risk-based scrutiny where exposure is higher.

What This Means for PSPs and Onboarding Teams:‍

Merchant onboarding for MSBs now demands enhanced CDD, especially in high-risk sectors like remittances and forex. Teams must integrate real-time identity checks, sanctions screening, and ongoing monitoring into workflows to avoid severe fines under the new penalty structure.

Recommended Actions:

• Review and update onboarding workflows to include automated digital ID verification and sanctions screening via API integrations for high-risk merchants.
• Train staff on new transaction thresholds and record-keeping requirements.
• Implement systems to flag and review business relationships, particularly for MSBs and entities in virtual currency services in real-time.
• Keep audit-ready onboarding records: Record all verification steps, exceptions, and declines to demonstrate compliance to FINTRAC.

How OnBoard Helps:‍

OnBoard lets PSPs configure onboarding flows so that identity checks are applied upfront and tailored to risk levels. With Smart Forms, PSPs can require enhanced verification for high-risk industries like remittances, foreign exchange, or virtual currency, while applying simplified workflows for lower-risk entities. Automated KYB/KYC checks run in the background to ensure that every merchant is screened against FINTRAC’s thresholds in real-time. The decision engine with real-time scoring further adjusts onboarding paths based on a merchant’s risk profile. Get a tailored demo and explore it for yourself.

Source: FINTRAC

‍

APAC

Australia

Regulation Name: Anti-Money Laundering and Counter-Terrorism Financing Rules 2025

Effective Date: 31 March, 2026 (current entities); 1 July, 2026 (Tranche 2 sectors)

Issued By: Australian Transaction Reports and Analysis Centre (AUSTRAC)

Summary:‍

Australia’s new AML/CTF Rules, tabled in Parliament on 29 August, 2025, introduce a modernised, risk-based framework aligned with global standards. The reforms roll out in stages: existing reporting entities must comply by 31 March 2026, while newly regulated sectors (including real estate, legal, accounting, and virtual assets) begin enrollment starting 1 July 2026.

Key Changes:

• Risk-based, modernised framework: AUSTRAC says the Rules are designed to help businesses assess and mitigate ML/TF risk and modernise laws to global best practice. 
• Expands regulated sectors (Tranche 2) to include real estate, legal, accounting, trust services, precious metals/stones, and virtual assets.
• Maintains existing threshold and suspicious matter reporting rules until 2029.
• Splits rules into two instruments: general obligations and class exemptions.

What This Means for Acquirers and Payment Service Providers:‍

PSPs and acquirers must:

• Apply stronger risk checks at merchant onboarding
• Monitor merchant behaviour and ownership continuously
• Use technology for CDD, sanctions screening and transaction monitoring
• Ensure suspicious matter reports are filed on time, as AUSTRAC’s recent penalty against Revolut shows delays will not be tolerated

Recommended Actions:

• Begin pilot testing updated AML systems now to allow time for refinement.
• Enhance merchant onboarding workflows with dynamic risk scoring and ongoing monitoring capabilities.
• Ensure transaction monitoring and screening tools are calibrated to new risk-based requirements.
• Review and document risk assessment methodologies ahead of the March 2026 deadline.

How OnBoard Helps:‍

OnBoard’s automated KYB and KYC run in real time to verify merchants against AUSTRAC’s thresholds, while the decision engine adjusts onboarding paths based on risk profiles. Smart Forms also let you configure onboarding flows so high risk industries face enhanced identity checks while lower risk merchants move through simplified steps.Every action is logged through an API driven audit trail, giving you full transparency and helping you demonstrate timely reporting and compliance. Discover how it works. Book your live demo. 

Source: AUSTRAC