Becoming a Payment Facilitator starts with one essential requirement: securing an acquiring bank sponsor. In the card network model, the key participants are the acquirer, the payment facilitator, and the sponsored merchant, and the acquirer remains responsible for the acts of both the PayFac and the sponsored merchants under the PayFac program framework. And that is why “sponsorship” is not a vendor handshake. It is a risk-bearing partnership that determines who can onboard merchants, who can receive and distribute settlement proceeds (where permitted), and how compliance is governed end-to-end.
What “sponsorship” means in practice (and why banks care)
A PayFac uses its relationship with an acquirer and a master merchant account concept to onboard small merchants as sub-merchants (sponsored merchants) and process payments under that umbrella, enabling faster onboarding and a more controlled merchant experience. Visa’s PayFac model describes that PayFacs may sign merchant acceptance contracts on behalf of an acquirer and may receive and distribute settlement proceeds from the acquirer on behalf of sponsored merchants, subject to the acquirer’s structure and applicable rules.
From a bank’s perspective, sponsorship matters because the acquirer carries network accountability. Visa’s framework explicitly states that acquirers are responsible for the acts of payment facilitators and sponsored merchants. That accountability translates into real governance expectations: underwriting standards, monitoring, reporting, and the ability to control downstream risk before it becomes a network or regulatory issue.
The three questions every acquiring bank is trying to answer
When you pitch an acquiring bank, you are really answering three risk questions.
1) Can you control who gets onboarded?
ETA’s guidance distinguishes “true” registered payment facilitators from companies that use the label loosely, and it frames traditional PayFacs as those registered with the card brands and operating with a direct agreement with a sponsor bank, performing key activities such as underwriting, boarding, and transaction monitoring. In other words, banks look for a PayFac that can prove it has enforceable onboarding and underwriting controls, not just a frictionless signup flow.
2) Can you manage ongoing portfolio risk at scale?
Visa’s Payment Facilitator and Marketplace Risk Guide focuses on identifying and managing operational, regulatory/compliance, credit settlement, and brand/reputation risk within the PayFac ecosystem, and it emphasizes acquirer responsibility in managing those risks. Banks will evaluate whether you can actually run ongoing monitoring and interventions like limits, reserves, or delayed funding when risk changes, because those are standard levers for risk mitigation in PayFac programs.
3) Can you prove security and compliance readiness?
The PCI Security Standards Council’s PayFac-focused PCI DSS materials highlight the importance of clearly defining responsibilities and maintaining compliance and security discipline as the PayFac model grows. For banks, PCI readiness is part of a broader view: “Can your platform withstand scrutiny, audits, and real incidents without breaking controls?”
How to find the right acquiring bank sponsor (without burning months)
Not every acquirer sponsors PayFacs in every category. You will save time by narrowing targets based on alignment rather than brand recognition.
Start with your “merchant thesis”
Banks sponsor business models, not buzzwords. ETA’s discussion of PayFac sub-models makes clear that “payment facilitation” spans a spectrum and that only some providers are registered PayFacs under card brand definitions and sponsorship. So your first step is to define your merchant thesis precisely:
- What verticals do you serve and which do you avoid?
- What are your typical ticket sizes and refund dynamics?
- What is the delivery timeline (instant, near-instant, or future delivery)? These details map directly to risk categories addressed in network risk frameworks.
And lead with controls, not projections
A bank expects to see the “how” before it cares about the “how big.” Visa’s PayFac model emphasizes the structure of sponsorship and responsibilities among the acquirer, PayFac, and sponsored merchants. ETA’s PayFac sub-model guidance similarly emphasizes underwriting and monitoring as core PayFac functions. So show your control environment early: onboarding checks, monitoring rules, exception handling, dispute operations, and escalation paths.
What to put in your bank-facing PayFac business plan
Think of your business plan as a bank’s internal “risk memo” in a format you control.
1) Program structure and roles
Include a plain-language diagram of who does what: acquirer, PayFac, and sponsored merchant. And call out the pieces Visa explicitly discusses in the PayFac model such as signing merchant acceptance contracts and handling settlement distribution where applicable. [usa.visa.com]
2) Underwriting and onboarding
ETA frames a traditional PayFac as performing underwriting, boarding, and transaction monitoring in-house. Your plan should specify: the data you collect at onboarding,
- how you score risk and when you escalate to manual review,
- and how you prevent prohibited merchant types from entering.
3) Monitoring and enforcement
Visa’s risk guide lays out the ecosystem risks PayFacs and acquirers must manage, including operational and compliance risk. Detail:
- monitoring cadence and alert triage,
- interventions you can apply (limits/reserves/delayed funding),
- and how you document decisions for audits and network inquiries.
4) Security and PCI responsibilities
PCI SSC materials stress the need to identify responsibilities clearly and maintain PCI DSS discipline in PayFac contexts. Document your security model, the scope of PCI obligations, and how you handle incidents and vendor risk.
5) Disputes, refunds, and consumer experience
PYMNTS’ PayFac decision guide describes PayFac responsibilities across merchant services, including disputes, chargebacks, refunds, and fraud/security controls. Banks will want to know that your operational plan can protect consumers and keep dispute ratios from creating network action.
What the sponsorship process looks like (step-by-step)
While each bank’s process varies, the gating steps are consistent.
- Fit check: Does your merchant thesis align with the bank’s risk appetite?
- Due diligence: The bank assesses your underwriting, monitoring, security, and governance against network expectations.
- Program terms: Reporting, audit rights, controls, and operational obligations are defined.
- Network enablement: The PayFac program structure is operationalized in accordance with the network framework.
And once you are live, oversight continues because the acquirer remains responsible for downstream acts under Visa’s PayFac framework.
Important note: ACH “sponsorship” is different from card PayFac sponsorship
Many PayFacs also move money via ACH for merchant payouts or settlement-related flows. When you do, you may fall into Nacha’s third-party categories such as Third-Party Service Provider (TPSP) or Third-Party Sender (TPS), depending on the agreements and how the entries are transmitted. Nacha explains that Third-Party Senders have defined obligations such as audits and risk assessments, and it clarifies nested TPS relationships and the chain of agreements. ETA also highlights that PayFacs must understand their classification under Nacha Rules when facilitating ACH transactions and that being designated a Third-Party Sender can trigger additional obligations like registration and audit requirements.
So if your PayFac program includes ACH, build that into your bank conversation early. And ensure your ACH role classification is correctly documented in your agreements and operating procedures.
Executive takeaway for CFOs and CEOs
The PayFac path is not “add payments.” It is “operate a regulated-like program under a bank’s sponsorship.” Visa’s model makes acquirer responsibility explicit, which is why banks underwrite your ability to control and monitor your downstream merchants, not just your growth story. ETA’s work on PayFac sub-models reinforces that a true PayFac performs underwriting, boarding, and monitoring and carries the corresponding operational burden. And if you are also using ACH for fund movement, Nacha’s third-party rules and ETA’s ACH guidance make it clear that your responsibilities depend on your role in the flow and your agreements.
And the good news is this: banks will sponsor strong programs. If you show a clear merchant thesis, mature controls, audit-ready reporting, and security discipline, you shift the discussion from “Should we sponsor you?” to “How do we scale this responsibly?”
Learn More
Visit How To Become a Payment Facilitator to learn more. Also, Usio recommends that you explore educational resources published by industry organizations such as the Electronic Transactions Association (ETA), Nacha, and PYMNTS. These organizations provide in‑depth guidance on PayFac models, bank sponsorship requirements, card network rules, and ACH obligations, helping fintechs and platforms understand the regulatory, operational, and risk considerations involved in launching and scaling a compliant PayFac program.
Sources
- Visa, Visa Payment Facilitator Model (PDF) [usa.visa.com]
- Visa, Payment Facilitator and Marketplace Risk Guide (PDF) [usa.visa.com]
- Electronic Transactions Association (ETA), Payment Facilitation Sub-Models and How to Classify Them [electran.org]
- ETA, Key Considerations for PayFacs in ACH Transactions [electran.org]
- Nacha, Third Parties in the ACH Network [nacha.org]
- Nacha, Third-Party Sender Roles and Responsibilities [nacha.org]
- PCI Security Standards Council, Payment Facilitators and PCI DSS Compliance (PDF) [pcisecurit…ndards.org]
- PYMNTS, How to PayFac Decision Guide (PDF) [pymnts.com]