Gov't Relations Newsletter: Vol 14 Iss 2 - "Recap of Level Up Sessions Related to Gov't Rel. Topics"

Government Relations Newsletter: Vol 14, Issue 2

"Recap of Level Up Sessions Related to Government Relations Topics"

By: Members of the Government Relations Strategic Interest Group (SIG) This edition of the Government Relations Newsletter is being provided for those unable to attend Level Up 2026 or select individual sessions related to topics around federal and state government relations. This is a high-level recap of five sessions, including Translating Payments Regulation into Risk Decisions, Who’s Who in the ACH Network, Good Policy and Onboarding when Rules are Opaque, Merchant of Record, and Prediction Markets.

1. From Policy to Practice: Translating Payments Regulation into Risk Decisions

Speaker: Deron Hicks, Executive Leader, Global Payments and Member, APP Government Relations SIG
Speaker: Scott Talbott, Executive Vice President, Electronic Transaction Association and Member, APP Government Relations SIG
Moderator: Ellen Berge, Partner, Venable LLP, and Co-Chair APP Government Relations SIG

This discussion underscored how much the payments landscape is being shaped not just by formal rules, but by policy direction, enforcement posture, and political momentum. Across topics like interchange, digital assets, fraud, artificial intelligence (AI), and open banking, this panel focused on the issues getting the most attention in Washington D.C. and among the states and revealed a consistent theme emerging from today’s policy landscape: fragmentation is the new normal, particularly between federal and state regimes.

The panel first covered state-level interchange fee prevention laws and proposed legislation introducing operational and legal complexity in the payments industry. The panel then focused on expanding use cases for stablecoins and digital assets in payments, including the balance between innovation and regulatory expectations. The focus then turned to fraud policy and
increased expectations for upstream monitoring, information sharing, and action based on a “should have known” standard. The panel highlighted AI and privacy as two issues driven by state law activity that is raising the bar for transparency and fairness and requiring companies to justify how automated decisions are being made. The panel gave an update on open banking through frameworks like CFPB 1033 and Canada’s regime and discussed key unresolved issues around liability and data usage. Finally, the panel examined how liability is shifting and, in many cases, shifting upstream.

Ultimately, to navigate this changing policy landscape best, companies will need to treat policy signals as actionable inputs and build flexible, forward-looking risk frameworks around them.

2. Who’s Who in the ACH Network?

Speaker: Nicole Meisner, Partner, Taft Law and Member, APP Government Relations SIG

In the ACH network, correctly identifying the role each party plays in a transaction is not merely a technical exercise. It carries meaningful legal and compliance consequences. Key distinctions lie between the Originator (the party whose payment is actually being sent), the Third-Party Sender (an intermediary that steps into the transmission chain between the Originator and the ODFI when no direct origination agreement exists between those two parties), and the Third-Party Service Provider (an entity that performs any function related to an ACH entry on behalf of the ODFI, RDFI or Originator). Critically, a single company can function under each of these roles in different transactions. That means role classification must be done at the transaction level (including each leg of the transaction), not at the company level.

Misclassification of these roles can create significant unintended consequences. For example, a provider that inadvertently operates as an Originator for another party's payment, rather than transmitting entries for its own account, may find itself squarely within the definition of money transmission and facing state licensing obligations it had not anticipated. Similarly, a provider functioning as a Third-Party Sender but treated only as a Third-Party Service Provider may leave the origination agreement chain incomplete.

Accordingly, a disciplined role-mapping analysis, anchored in the agreement structure, the flow of funds, and the specific operational function performed, is essential to ensuring that ACH participants understand their obligations and avoid compliance pitfalls.

3. Supporting Good Policy and Onboarding Decisions When Rules are Opaque

Speaker: Gina Gioia, SVP Enterprise Risk Management, NorthAB, LLC
Speaker Felicia Short, VP Compliance, NorthAB, LLC
Speaker: Bennie Pennington, SVP Embedded Banking, KeyBank
Moderator: Dan Frechtling, SVP Product & Strategy, LegitScript

Success in high-risk regulatory environments—from ingestible CBD to digital assets—requires a shift from an implicit to an explicit compliance program that anticipates the speed of change and mediates inherent trade-offs. The transition from an implicit to an explicit compliance program, especially in the high-risk space, requires vetting challenges and evaluating the “gray” space ahead of market entry. By documenting expectations—such as regulatory requirements, known and perceived risks, merchant checklists and FAQs—organizations can reduce friction and ensure that high-risk verticals are boarded with a combination of speed, efficiency and integrity.

Key steps to consider:

1. 1. Establish an Explicit Regulatory Framework: Formalize a proactive program to
      manage the five critical trade-offs:
      1. Growth vs. Risk Control
      2. Customer Experience vs. Friction
      3. Speed vs. Certainty
      4. Global Consistency vs. Local Nuance
      5. Innovation vs. Regulatory Comfort
         
         
   2. Execute the Core Regulatory Formula: Implement the five essential pillars:
      1. Regulatory Mapping (laws, regulations, card brand rules)
      2. Impact Assessment
      3. Design and Decisioning, Regulatory Change Management (monitoring federal/state shifts and ground-level enforcement)
      4. Continuous Validation and Testing
      5. Ensure Localized Regulatory Dexterity: Develop a consistent compliance policy that is flexible enough to accommodate municipality-level restrictions and avoid being overly stringent in specific regions, ensuring a competitive edge while meeting local requirements.
         
         
   3. Prioritize Expertise and Consumer Focus: Keep customer protection paramount when developing policy. Define and document a stance on regulatory “gray spaces” to support innovation and engage consultants or outside counsel for specialized expertise.
2.  
   1. The following is additional detail regarding the five critical trade-offs referenced above:
      
      1. Growth vs. Risk Control: Scaling revenue increases exposure. Organizations must
      decide between slow rollouts or risk-tiered boarding to balance growth and stability.
      
      
   3. 2. Customer Experience vs. Friction: Necessary friction must be placed strategically. Design-phase controls can satisfy due diligence without causing customer abandonment.

3. Speed vs. Certainty: Rapid decisions reduce friction but risk oversight. Agility is
achieved through conditional approvals that allow boarding while verification
continues.

4. Global Consistency vs. Local Nuance: Broad programs often overlook local
requirements. Systems must adapt to regional codes and municipal restrictions to
remain compliant.

5. Innovation vs. Regulatory Comfort: Innovation often outpaces legislation. Mature
programs proactively define and document their stance on regulatory "gray spaces"

4. Merchant of Record: The Paddle Action

Speaker: Ellen Berge, Partner, Venable LLP, and Co-Chair APP Government Relations SIG
Speaker: Edward Marshall, Partner, Arnall Golden Gregory LLP and Member, APP Government Relations SIG

In this session, Ellen and Ed walked through the FTC’s recent enforcement action against Paddle.com, both a UK parent and a US subsidiary, for alleged violations of Section 5(a) of the FTC Act, the Telemarketing Sales Rule (TSR), and ROSCA.

The FTC’s core theory was that Paddle’s “merchant of record” (MoR) structure was a fiction: although Paddle held itself out as the “seller” on billing statements and handled chargeback resolution, it never took real possession of goods, took only “flash” title at the moment of sale, booked solely processing fees as revenue, and remitted proceeds to suppliers on a monthly cycle.
In the FTC’s view, that made Paddle an unregistered, nested high-risk payment facilitator (“payfac”) sitting beneath other payfacs and blending supplier traffic under a single merchant ID (MID) to obscure volumes above card-brand thresholds. Aggravating the structural concerns were the underwriting and monitoring practices the FTC highlighted, such as processing before KYC completion, tolerance of merchant chargeback ratios in the 1-3% range, reliance on chargeback-mitigation services as an “artificial” fix without addressing root causes, disregard of consumer complaints and negative reviews, and revenue-share arrangements to offload problematic suppliers to other providers.

The resultant Stipulated Order imposed a $5 million joint-and-several award against both Paddle defendants, and the injunctive relief provisions of the order were similarly impactful. Paddle is permanently banned from providing “Covered Services,” defined broadly to capture essentially any payment-enablement or resale function, to anyone selling tech support products or services
via telemarketing or security pop-ups, to most merchants on the Mastercard MATCH list, and to anyone operating as a payfac or covered services provider. The order also prohibits load balancing across MIDs or descriptors, the use of shell companies to open additional merchant accounts, and using prevented-chargeback services without also diagnosing the cause of elevated
chargebacks. The FTC further mandated prescriptive onboarding due diligence and risk-monitoring requirements, and the order layers on enhanced screening for “High-Risk Clients.”

As Ellen and Ed explained, the FTC is likely to continue scrutinizing the MoR model and is increasingly willing to treat MoRs as responsible for the conduct of their underlying suppliers — particularly when the MoR claims the “seller” designation.

5. Prediction Markets

Speaker: Jon Genovese, Regulatory Compliance & Government Affairs, Paysafe and Member, APP Government Relations SIG
Moderator: Chris Geron, Vice President, Elavon, and Co-Chair APP Government Relations SIG

Prediction markets are platforms where users trade contracts tied to the outcome of future events, such as elections, economic indicators, and sporting events. Contract prices fluctuate based on market demand and are commonly interpreted as the collective probability of a given outcome. Unlike traditional gambling, which relies on fixed odds established by a bookmaker, prediction markets operate through exchange-based, peer-to-peer trading and are often characterized as forecasting or financial instruments.

From late 2024 through 2025, prediction market operators secured significant legal wins against the Commodity Futures Trading Commission (CFTC), enabling federally registered platforms to list event contracts—including sports- and politics-related offerings—as regulated derivatives. These decisions generally favored the view that registered Designated Contract Markets fall
within the CFTC’s exclusive jurisdiction under the Commodity Exchange Act (CEA). In response, the CFTC has signaled a more accommodating regulatory posture rather than continued litigation. A central legal issue remains whether such contracts constitute prohibited “gaming” under the CEA.

Despite federal momentum, state regulators continue to challenge prediction markets as unlawful gambling. Nevada obtained a temporary restraining order blocking sports event contracts in March 2026. Arizona filed criminal charges against a prediction market operator for allegedly running an unlicensed gambling business. Massachusetts required a company to obtain a state
license for sports-related contracts, while several other states—including New York, New Jersey, Tennessee, Maryland, and Connecticut—have issued cease-and-desist letters. Utah and Indiana have also enacted legislation targeting event-based or judicial-outcome contracts.

Broader opposition has intensified. More than 39 state attorneys general have supported litigation against the CFTC’s preemption claims, and the Indian Gaming Association has threatened suit, asserting that prediction markets jeopardize tribal gaming revenues and exceed the agency’s statutory authority.

The regulatory outlook remains unsettled. Congress is considering legislation that would prohibit CFTC-registered entities from offering sports-related or casino-style contracts, thereby restoring greater authority to the states. With courts divided on federal preemption and state gaming authority, the issue is likely to reach the U.S. Supreme Court.