A focused course, tailored for you
The Merchant Acquirer Compliance Manager's Card-Brand and Money-Transmitter Evidence Playbook
A working method for the compliance manager who has to keep PCI DSS, Nacha, OFAC, state MTL, and card-brand mandates audit-ready inside one merchant acquirer at the same time.
Five regulators and rule-setters want overlapping evidence from the same control set, and the compliance manager seat is the only place in a US merchant acquirer where all five examiner cycles land in the same quarter.
Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.
Why this course
Inside a US merchant acquirer the compliance manager carries PCI DSS scope and QSA readiness, Nacha operating rules including the WEB-debit and account-validation amendments, Visa and Mastercard registration and mandate cycles, OFAC sanctions screening and 314(a) responses, FFIEC BSA/AML expectations, state money-transmitter license examiner cycles across forty-plus jurisdictions, Reg E error-resolution timelines, and CFPB supervisory letter responses. Every one of those bodies asks for evidence that overlaps the others: the same OFAC screening logs feed BSA/AML exams and state MTL exams, the same access-control records feed PCI DSS and Reg E error-resolution audits, the same vendor-risk reviews feed card-brand mandates and FFIEC TPRM expectations. The failure mode is having one evidence binder per regulator, maintained by a different team, refreshed at different cadences, with different field definitions. When the QSA arrives for the v4 ROC interview, the PCI binder is current but the OFAC screening sample it asks for sits in the BSA team's SharePoint at a different cut-off date. When the state MTL examiner asks for transaction-monitoring rule changes since last exam, the AML team's tracker shows them but the card-brand registration team made independent rule changes that never made it to the same tracker. The compliance manager spends two weeks per exam reconciling answers across teams that all believed they were giving the right answer. The course teaches how to collapse that into one evidence library with one source of truth per artefact, mapped once to every framework that asks for it, so the next QSA, the next state examiner, the next Nacha rules-compliance attestation and the next card-brand mandate filing all pull from the same shelf without rebuild.
What you walk away with
- Map PCI DSS v4 sub-requirements, Nacha operating rules, OFAC screening logs, FFIEC BSA/AML expectations and state MTL examiner request lines to one shared set of artefacts with named owners and refresh cadence.
- Run a QSA-readiness rehearsal four weeks before the ROC interview that surfaces every gap the QSA will find, in the same order the QSA will ask, with sample evidence already pulled.
- Produce a single examiner-ready evidence pack that answers any of the five regulator types from the same source files, refreshed on one cadence rather than five.
- Reduce the post-exam reconciliation work to under three days by closing the field-definition gaps between the AML, IT-risk, card-brand registration and state-MTL trackers before the exam, not after.
- Carry one written compliance manager's playbook into the next examiner cycle, the next QSA, the next Nacha rules-change effective date and the next card-brand mandate filing, so the answer to each one is already drafted before the request lands.
The 12 modules
How this addresses your situation
Specific modules that map to what you said you are dealing with.
What you get with this course
- Twelve written modules covering the regulator map, the evidence library, the rehearsal scripts and the standing playbook.
- Downloadable artefact templates for the single evidence library, the regulator map, the mandate calendar, the field-definition glossary and the examiner-response templates.
- Worked examples for a QSA-readiness rehearsal, a Nacha rules-compliance attestation, a state MTL examiner response, an OFAC screening evidence pack, and a card-brand registration filing pulled from the same source files.
- The hand-built implementation playbook delivered alongside course access, scoped to a US merchant acquirer compliance manager's specific examiner mix (PCI, Nacha, OFAC, FFIEC BSA/AML, state MTL across the licensed states, Visa and Mastercard registrations, Reg E, CFPB).
- Thirty-day money-back if the course does not change how the next examiner cycle runs.
What you will have in hand by Day 1, Week 1, Month 1
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.
Week one: regulator map for your specific licensed-state footprint, card-brand registrations and processor relationships.
Week two and three: evidence library structure built, artefact owners named, refresh cadence agreed across the AML, IT-risk, card-brand registration and state-MTL teams.
Week four to six: QSA-readiness rehearsal run against the upcoming ROC cycle, Nacha rules-compliance attestation evidence prepared from the same library, state MTL standing response pack drafted.
Ongoing: the written playbook stays on the desk through every examiner cycle for the next twelve months, with the mandate calendar and field-definition glossary feeding every new request.
Before and after
Five regulator and rule-setter cycles run on five trackers owned by four teams with four different cadences, four field-definition standards and no shared evidence library. Every exam starts with two weeks of reconciliation between the AML team, the IT-risk team, the card-brand registration team and the state-MTL team. The QSA finds gaps the team thought were closed because the access-control evidence the BSA file pointed to was at a different cut-off than the PCI binder. The compliance manager spends most of the quarter chasing answers across teams instead of running the seat.
One evidence library, one artefact per control, named owners, one refresh cadence per artefact type, one mapping table that takes any incoming examiner request line and points at the right file already on file. The QSA-readiness rehearsal four weeks out surfaces the gaps in the order the QSA will ask. The state MTL examiner gets the same evidence pack the Nacha rules-compliance attestation drew from. The chief compliance officer reads the single status sheet on Monday morning and the seat is visibly run.
What happens if you do not address this
The merchant acquirer compliance manager seat absorbs additional regulator pressure every cycle: PCI DSS v4 customised approach and targeted risk analysis defences, expanded Nacha account-validation expectations, more frequent state MTL exams as CSBS coordination tightens, OFAC enforcement against payments firms, and more aggressive card-brand registration reviews. Without a single evidence library, each new request is a fresh fire drill across teams, and the gaps the QSA finds in one ROC interview become the gaps the state examiner finds in the next on-site. The cost is not just the findings; it is the credibility of the compliance function at the executive level, and the personal cost of running the seat reactively while the next regulator cycle is already on the calendar.
Who it is for
A compliance manager inside a US merchant acquirer, payment facilitator, or ISO who reports into the head of compliance or chief compliance officer, owns or co-owns PCI DSS attestation, Nacha rules compliance, OFAC sanctions screening, state money-transmitter license examiner relationships, and at least one card-brand registration. Typically holds CRCM, CAMS, CISA, PCIP or similar credential, has been in payments compliance three to ten years, sits across a compliance team of four to twenty, and is the single point of contact for the QSA and at least one state regulator. Manages a calendar where the next examiner request, the next mandate effective date, and the next QSA touchpoint are all visible at once.
How it arrives
Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access. Scoped to a US merchant acquirer compliance manager's specific examiner and rule-setter mix.
Time investment. Twelve to sixteen hours across the twelve modules, plus another twenty to thirty hours building the single evidence library against your actual artefacts. The QSA-readiness rehearsal and the standing playbook compress what is currently two weeks of reconciliation per exam into roughly three days, so the investment recovers itself inside one examiner cycle.
Why $199 is the right number
A QSA pre-assessment from a Big 4 or PCI specialist firm answers PCI readiness for one cycle at twenty-five to seventy-five thousand dollars and leaves Nacha, OFAC, state MTL and card-brand registration untouched. A CAMS or CRCM credential refresh teaches the framework knowledge but does not build the evidence library. A GRC platform implementation answers tracking and workflow but does not solve the field-definition reconciliation between the AML, IT-risk, card-brand and state-MTL trackers. The 199 USD course is the working method the compliance manager keeps on the desk; the playbook is hand-built against your specific examiner mix. Buy it alongside the QSA pre-assessment, not instead of it.
FAQ
30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.