Picture of courthouse columns

Compliance is Key

Payment processing is receiving a great deal of scrutiny in today's regulatory landscape. That's why the TPPPA designed the Compliance Management Certification Program to help distinguish responsible third-party payment processors and banks.


The TPPPA Compliance Management System (CMS) is a set of model policies tailored to the specific compliance requirements of TPPPA bank and processors members and are designed to address the oversight of relevant regulatory agencies, including FDIC, OCC, FRB, CFPB, and FinCEN.

Processor Module

Contains policies that address the holistic compliance requirements that payment and payroll processors must adhere to in order to keep themselves and their banks' in compliance, including:

  • Compliance Management System Policy
  • Consumer Protection
    • UDAAP
    • Regulation E
    • Consumer Complaints
    • Compliance with Telephone Consumer Protection Act
    • Compliance with the Fair Debt Collection Practices Act
    • Compliance with Restore Online Shoppers' Confidence Act
  • ACH
  • Data Security

Bank Module

A single policy designed to address third party-payment processing as a distinct product or program, which integrates with existing bank policies and borrows from existing disciplines such as:

  • Product/Program Management
  • Board Oversight and Committee Structure
  • Third Party or Vendor Management
  • Credit Approval and Review Process
  • Risk Rating, Collateral and Loss Reserves
Certified by TPPPA

Annual Certification Audits

The TPPPA Processor and Bank CMS Certification Audits are preformed through the TPPPA by accredited payment professionals. If a processor would like the audit report in the form of a SSAE 16 SOC1 type audit report, they may utilize our audit partner, KirkpatrickPrice, who will include the TPPPA CMS control framework in the audit.

Successful completion of the certification audits will result in certification by the TPPPA.