> it’s against the law for them to tip a customer off that their account is being or might be investigated for suspicious activity
What law do you think forbids this? In my experience running global payments through multiple rails, on an OFAC/risk ping you typically get a request for enhanced due diligence, which normally looks to the payee like “send me a picture of your drivers license”.
The most common result is that O Bin Laden (matching the OFAC list) is actually Oscar bin Laden; with further info you disambiguate the payee from the OFAC listed entity and are allowed to transact.
I have never encountered a reg that says you are obliged to ghost your customer.
While this is clearly "a thing", I would be a fine bottle of wine that the OP's issue is not one of those things, and is just some dumb algorithmic or overworked fraud prevention contractor problem.
I would bet that 99.9% of the Stripe (and Paypal) horror stories that get posted almost weekly are _not_ federal money laundering or terrorism financing investigations with legal secrecy provisions imposed on the payment processor.
edit: As I re-read the thread I see that I am thinking more of onboarding KYC, as opposed to this case which would be ongoing-activity investigation. So that would explain the difference in expectations here. Still interested in learning more about the regs for ongoing investigations if you have time to share!
The bit at 31 USC § 5318(g)(2)(A) under the title “Notification prohibited.” FinCEN has also promulgated confidentiality rules thereunder. I don’t have a pincite for that but I believe it’s tucked amongst their record keeping rules.
Unless you are a federal prosecutor, law enforcement officer, or bank executive that has actively worked on a Bank Secrecy Act case, I don't think you can authoritatively state that this sort of cowboy-style, "Move Fast and Break Things" way of blitz-scaling revenues while downscaling customer service favored by companies such as Stripe has ANYTHING to do with the Bank Secrecy Act.
If anything, I would bet that regulators would be concerned about the fact that companies such as Stripe have triggered a race to the bottom whereby underwriting has become an after-the-fact exercise that can severely damage and/or kill a high-growth SME. The old way, where you filled out a ton of paperwork, provided every bit of information possible about you and your business, and then went back and forth with a human to get approval, was a much more stable way to business. But alas, when you've got former bank governors on your payroll and political mega-PAC donors on your cap table, people don't scrutinize very much.
I am indeed more than qualified to “authoritatively state this”. Even by the ridiculous standards you’ve outlined. And I would be more than happy to take that bet.
So you’re stating that you have been involved in a situation in which a merchant account was frozen due to circumstances involving the Bank Secrecy Act? I just want to be completely certain that this is the assertion?
What law do you think forbids this? In my experience running global payments through multiple rails, on an OFAC/risk ping you typically get a request for enhanced due diligence, which normally looks to the payee like “send me a picture of your drivers license”.
The most common result is that O Bin Laden (matching the OFAC list) is actually Oscar bin Laden; with further info you disambiguate the payee from the OFAC listed entity and are allowed to transact.
I have never encountered a reg that says you are obliged to ghost your customer.