Regulatory compliance guidelinesPrivate preview
Learn about the requirements and guidelines for regulatory compliance.
To offer and promote Stripe Capital to your users, your platform’s marketing and user interfaces must adhere to the following regulatory compliance guidelines. These guidelines can help your platform and users (connected accounts) navigate the financial regulations applicable to Capital.
Caution
These guidelines aren’t legal advice. Platforms using Capital must seek their own legal advice in respect to product branding and use of the product to offer financial services.
Compliance checklist
Ensure you’ve completed the following checklist prior to launching your programme:
Managing complaints
To create a responsive and equitable complaints handling process, you must detail and distribute clear pathways to where your customers can report complaints. Complaints are an important and mandatory part of the compliance system for financial services products. We regard complaints as any expressions of dissatisfaction about our organisation, products and services, policies, employees, and contracted partners.
If your customer contacts your support team with a complaint regarding the Stripe Capital product, direct them to Stripe Servicing (capital-support@stripe.com). Stripe Servicing will handle any complaints received by your customers, and you must forward any Stripe Capital complaints your platform directly receives back to Stripe (capital-support@stripe.com).
Complaints reporting template
In summary:
- A complaint is any expression of dissatisfaction about our organisation, products and services, policies, employees, and contracted partners.
- An executive complaint is (i) any Complaint from a regulatory authority (such as a federal agency, a state agency, or a court with jurisdiction over Stripe or the relevant Bank Partner) and (ii) any other person (including individuals and legal entities) threatening material litigation.
- You must provide a clear pathway for your customers to file a complaint
- You must report all Stripe Capital complaints your platform receives directly to Stripe
CAN-SPAM Act
The CAN-SPAM Act regulates marketing activity conducted by email.
- An email is deemed a commercial message, subject to the CAN-SPAM act, if the primary purpose of the email is to convey a commercial advertisement, or to promote a product or service.
- A transactional email is an email sent to a customer that has a primary purpose relating to a particular transaction or relationship between you and the customer (e.g. loan terms and conditions). The CAN-SPAM Act imposes more rigorous requirements on commercial email messages, as compared with transactional messages. Transactional messages are not subject to most of the requirements of the CAN-SPAM Act. If a message contains both transactional content and commercial content, the CAN-SPAM Act’s commercial email requirements may apply, if the message’s primary purpose may be considered to be commercial.
To facilitate compliance with the CAN-SPAM Act, any employee or staff using or having access to your email systems and resources for marketing must adhere to the following requirements:
- Misleading Header Information: Any email message, whether commercial or transactional, must not contain: (i) false or misleading header information; (ii) a “from” line that does not accurately identify any person (individual or business) who initiated the message; and (iii) inaccurate or misleading identification of a protected computer used to initiate the message for purposes of disguising its origin.
- Deceptive Subject Headings: Any commercial email message must not contain deceptive subject headings. For example, a deceptive subject heading is one that would be likely to mislead the recipient about a material fact regarding the message’s contents or subject matter.
- Opt-out Mechanism: You must provide your customers with the ability to opt out of receiving future commercial messages, and you must honour customer requests to opt out within ten days. You cannot require a user to pay a fee or provide information other than an email address to opt out.
- Advertisement Identification: Any commercial email message must contain clear and conspicuous identification that the message is an advertisement or solicitation.
- Physical Address Disclosure: Any commercial email message must disclose a valid physical address of the sender.
Caution
Failure to comply with CAN-SPAM could result in hefty fines for every single violation.
In summary:
- Subject lines must not contradict email body copy
- The sender or “from” email address can’t be confusing or misleading
- Email disclosures MUST include a physical business address
- Email disclosures must clearly identify the message as an advertisement
- There MUST be a clear and conspicuous opt-out link
- Email opt-outs must be honoured within 10 days
Testimonials
If you use a testimonial or endorsement to advertise Stripe products to your customers, you must consider the following:
- The person giving a testimonial must be a real person and a real user of the service or product they’re talking about.
- You must have their written permission to use their quote, and save this written documentation in a place that can be easily accessed during audits. You must also update this permission every 24 months.
- Product benefits, costs, or features in any quotes must be verifiable and true to what most users can expect to experience when using the product or service.
- If you have paid someone for their quote, or given them anything of value, you must put a disclaimer near the quote that says the following:
- “This includes even paid actors, if their scripting makes it sound like they’re giving a personal testimonial.”
UDAP and correct messaging
Federal regulation prohibits unfair and deceptive acts or practices (UDAP). To avoid UDAP violations, you must think of the end user first when developing and deploying any marketing materials.
Make sure that marketing materials use clear messaging that fully explains product features, costs, benefits, and limitations. Don’t leave out key terms or fees, and don’t advertise product uses or features that aren’t true.
Do | Don’t |
---|---|
Only use statements about products that are true, accurate, and aligned with how users engage with the products. | Don’t leave out key information from marketing content. If the information is likely to affect whether someone uses the product, then it’s “key.” |
If you make claims that require additional data to support them, or if an end user needs to know more details to know how a certain claim is true, you must:
| Make exaggerated claims that are hard to prove. Don’t make absolute statements that are disproved by a single exception. For example, “number 1”, “every”, “only”, “all”, “never”, “always”. |
Clearly explain all qualifying limitations and requirements needed by end users to get the product or features that you’ve advertised. | Don’t advertise features or programmes that only a few applicants actually qualify for. |
All disclosures must meet a “clear and conspicuous” standard:
| Don’t make disclosures hard to read. |
Disclosures used to explain or modify a claim must be ‘tied’ to the claim they’re explaining.
| Don’t bury disclosures in other non-key disclosures or footnotes. |
Disclose all account fees, costs, benefits, and terms as part of onboarding before your end users take out a product. | Don’t advertise products as “free” if you’re charging fees. |
Make sure all images used are properly licensed and that you can document this fact. | Don’t use images, formatting, or copy that implies products are endorsed by, or affiliated with, government entities or celebrities. |
Recordkeeping
In order to demonstrate your adherence to the requirements listed above, we ask you to keep thorough records of all marketing materials, customer data, account information, and other disclosures you make to customers for at least 5 years. The following is a list of records you should keep, and examples of what could constitute as a record.
Record Type | Example form |
---|---|
Product UX | Screenshots of all deployed versions of the product UX, include application flow, customer dashboard, support pages, etc. |
Marketing | Inventory of all marketing copy deployed, Email distribution lists and targeting, used Email solicitation opt-out lists (including timestamps of user opt-outs), and adherence to opt-out requests |
Customer communications and complaints | Email interactions or documentation developed in the course of resolving complaints |