Advanced Fraud Academy
Track 5: Operations & Compliance Lesson 1 of 6
~9 min read
What you'll learn
  • What a Positive Pay disclosure has to cover
  • How to divide responsibility between the FI and the business client
  • The team you need to write a defensible disclosure
  • Why plain language is a compliance asset, not a risk

Disclosures done right

Educational note

This lesson is educational, not legal advice. Every FI should have its disclosures reviewed by qualified legal counsel for compliance with applicable law.

Disclosures aren't fine print. They're the operating agreement.

A Positive Pay disclosure tells your business clients how the service protects them, what they're responsible for, and where your FI's liability begins and ends. Done well, it prevents disputes. Done poorly, it creates them.

What the disclosure has to cover.

The basics. Define Positive Pay, Payee Positive Pay, and Reverse Positive Pay in plain terms. State the benefits and, just as importantly, the limits — including the fact that the service only works if the business client sends accurate, timely data.

Business client responsibilities. Spell out what the client must do: send accurate issued check files, submit data on time, place stop payment orders correctly. They need to understand their role in preventing fraud.

Financial institution responsibilities. Clarify what your FI handles and where your liability stops.

Exceptions. Explain what an exception is, the client's decision options (pay or return), and the default that applies if they don't respond in time.

Timing. Lay out cutoff times for submitting data and making decisions, and what happens if a deadline is missed.

Liability. State clearly what happens if an item is wrongfully dishonored or improperly paid. No ambiguity.

Divide responsibility clearly.

The recurring source of Positive Pay disputes is unclear responsibility. The disclosure has to draw a clean line: the business client is responsible for the accuracy and timeliness of the data they send and the decisions they make; the FI is responsible for matching and processing per the agreed terms. Ambiguity in that division is where disputes live.

The team you need.

A defensible disclosure isn't written by one person. Bring together legal and compliance (to keep it airtight and aligned with regulators), treasury management (who knows how the service actually works), IT and operations (who keep it grounded in what your systems can do), and risk management (who understand the fraud scenarios). Marketing and communications can help make the language clear.

Plain language is a compliance asset.

Write the disclosure like you're onboarding a new business client, not like you're drafting a contract. Clear language reduces confusion, reduces disputes, and builds trust. A disclosure nobody can understand isn't protecting anyone.

Do this

Pull your current Positive Pay disclosure and check it against the six required sections above. Note every gap and take the list to your compliance team.

What's next.

Lesson 5.2 goes deep on the operational settings the disclosure references: defaults, cutoffs, and SLAs.

Self-check

3 quick questions

What's the recurring source of Positive Pay disputes?
A Pricing
B Unclear division of responsibility between the FI and the business client
C Too many exceptions
D Slow vendors
Correct. Ambiguity about who is responsible for what is where disputes live. The disclosure's job is to draw that line cleanly.
Not quite. Unclear division of responsibility between the FI and the business client is the recurring source of disputes. The disclosure must draw that line.
Who should be involved in writing a defensible disclosure?
A Just legal
B Legal, compliance, treasury, IT, operations, and risk management
C Just the TMO
D Just the vendor
Correct. Legal keeps it airtight. Treasury knows how the service works. IT knows what the systems can do. Risk knows the fraud scenarios. All are needed.
Not quite. A defensible disclosure requires legal, compliance, treasury management, IT, operations, and risk management — not just one of those groups.
Why is plain language a compliance asset?
A It's required by law to be simple
B It's faster to write
C It reduces confusion and disputes and builds trust
D It impresses examiners
Correct. A disclosure nobody can understand doesn't protect anyone — and it creates the confusion that leads to disputes.
Not quite. Plain language reduces confusion, reduces disputes, and builds trust. A disclosure nobody understands isn't protecting anyone.
← PreviousTrack 5 overview Next lesson →Default decisions, cutoffs, and SLAs