Skip to content
Create account
 or
Sign in
The Stripe Docs logo
/
Create account
Sign in

Regulatory compliance guidelinesPrivate preview

Learn about the requirements and guidelines for regulatory compliance.

To offer and promote Stripe Capital to your users, your platform’s marketing and user interfaces must adhere to the following regulatory compliance guidelines. These guidelines can help your platform and users (connected accounts) navigate the financial regulations applicable to Capital.

Caution

These guidelines aren’t legal advice. Platforms using Capital must seek their own legal advice in respect to product branding and use of the product to offer financial services.

Compliance checklist

Ensure you’ve completed the following checklist prior to launching your program:

Managing complaints

To create a responsive and equitable complaints handling process, you must detail and distribute clear pathways to where your customers can report complaints. Complaints are an important and mandatory part of the compliance system for financial services products. We regard complaints as any expressions of dissatisfaction about our organization, products and services, policies, employees, and contracted partners.

If your customer contacts your support team with a complaint regarding the Stripe Capital product, direct them to Stripe Servicing (capital-support@stripe.com). Stripe Servicing will handle any complaints received by your customers, and you must forward any Stripe Capital complaints your platform directly receives back to Stripe (capital-support@stripe.com).

Complaints reporting template

In summary:

  • A complaint is any expression of dissatisfaction about our organization, products and services, policies, employees, and contracted partners.
  • An executive complaint is (i) any Complaint from a regulatory authority (such as a federal agency, a state agency, or a court with jurisdiction over Stripe or the relevant Bank Partner) and (ii) any other person (including individuals and legal entities) threatening material litigation.
  • You must provide a clear pathway for your customers to file a complaint
  • You must report all Stripe Capital complaints your platform receives directly to Stripe

CAN-SPAM Act

The CAN-SPAM Act regulates marketing activity conducted by email.

  • An email is deemed a commercial message, subject to the CAN-SPAM act, if the primary purpose of the email is to convey a commercial advertisement, or to promote a product or service.
  • A transactional email is an email sent to a customer that has a primary purpose relating to a particular transaction or relationship between you and the customer (e.g. loan terms and conditions). The CAN-SPAM Act imposes more rigorous requirements on commercial email messages, as compared with transactional messages. Transactional messages are not subject to most of the requirements of the CAN-SPAM Act. If a message contains both transactional content and commercial content, the CAN-SPAM Act’s commercial email requirements may apply, if the message’s primary purpose may be considered to be commercial.

To facilitate compliance with the CAN-SPAM Act, any employee or staff utilizing or having access to your email systems and resources for marketing must adhere to the following requirements:

  • Misleading Header Information: Any email message, whether commercial or transactional, must not contain: (i) false or misleading header information; (ii) a “from” line that does not accurately identify any person (individual or business) who initiated the message; and (iii) inaccurate or misleading identification of a protected computer used to initiate the message for purposes of disguising its origin.
  • Deceptive Subject Headings: Any commercial email message must not contain deceptive subject headings. For example, a deceptive subject heading is one that would be likely to mislead the recipient about a material fact regarding the message’s contents or subject matter.
  • Opt-out Mechanism: You must provide your customers with the ability to opt-out of receiving future commercial messages, and you must honor customer requests to opt-out within ten days. You cannot require a user to pay a fee or provide information other than an email address to opt-out.
  • Advertisement Identification: Any commercial email message must contain clear and conspicuous identification that the message is an advertisement or solicitation.
  • Physical Address Disclosure: Any commercial email message must disclose a valid physical address of the sender.

Caution

Failure to comply with CAN-SPAM could result in hefty fines for every single violation.

In summary:

  • Subject lines must not contradict email body copy
  • The sender or “from” email address can’t be confusing or misleading
  • Email disclosures MUST include a physical business address
  • Email disclosures must clearly identify the message as an advertisement
  • There MUST be a clear and conspicuous opt-out link
  • Email opt-outs must be honored within 10 days

Testimonials

If you use a testimonial or endorsement to advertise Stripe products to your customers, you must consider the following:

  • The person giving a testimonial must be a real person and a real user of the service or product they’re talking about.
  • You must have their written permission to use their quote, and save this written documentation in a place that can be easily accessed during audits. You must also update this permission every 24 months.
  • Product benefits, costs, or features in any quotes must be verifiable and true to what most users can expect to experience when using the product or service.
  • If you have paid someone for their quote, or given them anything of value, you must put a disclaimer near the quote that says the following:
    • “This includes even paid actors, if their scripting makes it sound like they’re giving a personal testimonial.”

UDAP and correct messaging

Federal regulation prohibits unfair and deceptive acts or practices (UDAP). To avoid UDAP violations, you must think of the end user first when developing and deploying any marketing materials.

Make sure that marketing materials use clear messaging that fully explains product features, costs, benefits, and limitations. Don’t leave out key terms or fees, and don’t advertise product uses or features that aren’t true.

DoDon’t
Only use statements about products that are true, accurate, and aligned with how users engage with the products.Don’t leave out key information from marketing content. If the information is likely to affect whether someone uses the product, then it’s “key."
If you make claims that require additional data to support them, or if an end user needs to know more details to know how a certain claim is true, you must:
  • Provide documented evidence.
  • Disclose that information.
Make exaggerated claims that are hard to prove. Don’t make absolute statements that are disproved by a single exception. For example, “number 1," “every," “only," “all," “never," “always."
Clearly explain all qualifying limitations and requirements needed by end users to get the product or features that you’ve advertised.Don’t advertise features or programs that only a few applicants actually qualify for.
All disclosures must meet a “clear and conspicuous” standard:
  • Font size must be large enough to read.
  • Font color must visibly contrast with the background.
  • Dynamic or video ads must have the disclosure on screen long enough to read.
Don’t make disclosures hard to read.
Disclosures used to explain or modify a claim must be ‘tied’ to the claim they’re explaining.
  • Use a hyperlink directly linking to the disclosure, or include the disclosure next to the claim in the copy itself.
  • Use reference text or symbols (for example, an asterisk) directly after the claim and before the disclosure language.
Don’t bury disclosures in other non-key disclosures or footnotes.
Disclose all account fees, costs, benefits, and terms as part of onboarding before your end users take out a product.Don’t advertise products as “free” if you’re charging fees.
Make sure all images used are properly licensed and that you can document this fact.Don’t use images, formatting, or copy that implies products are endorsed by, or affiliated with, government entities or celebrities.

Recordkeeping

In order to demonstrate your adherence to the requirements listed above, we ask that you keep thorough records of all marketing materials, customer data, account information, and other disclosures you make to customers for at least 5 years. The following is a list of records you should keep, and examples of what could constitute as a record.

Record TypeExample form
Product UXScreenshots of all deployed versions of the product UX, include application flow, customer dashboard, support pages, etc.
MarketingInventory of all marketing copy deployed, Email distribution listsmand targeting, used Email solicitation opt out lists (including timestamps of user opt outs), and adherence to opt-out requests
Customer communications and complaintsEmail interactions or documentation developed in the course of resolving complaints

See also

Was this page helpful?
YesNo
Need help? Contact Support.
Join our early access program.
Check out our product changelog.
Questions? Contact Sales.
Powered by Markdoc
On this page
Compliance checklist
Managing complaints
CAN-SPAM Act
Testimonials
UDAP and correct messaging
Recordkeeping
See also
Products Used
Capital