12 C.F.R. § 233.6
(b) Due diligence. If a non-exempt participant in a designated payment system establishes and implements procedures for due diligence of its commercial customer accounts or commercial customer relationships in order to comply, in whole or in part, with the requirements of this regulation, those due diligence procedures will be deemed to be reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions if the procedures include the steps set out in paragraphs (b)(1), (b)(2), and (b)(3) of this section and subject to paragraph (b)(4) of this section.
(2) Based on its due diligence, the participant makes a determination regarding the risk the commercial customer presents of engaging in an Internet gambling business and follows either paragraph (b)(2)(i) or (b)(2)(ii) of this section.
(ii) The participant cannot determine that the commercial customer presents a minimal risk of engaging in an Internet gambling business, in which case it obtains the documentation in either paragraph (b)(2)(ii)(A) or (b)(2)(ii)(B) of this section—
(B) If the commercial customer does engage in an Internet gambling business, each of the following—
(1) Evidence of legal authority to engage in the Internet gambling business, such as—
(i) A copy of the commercial customer's license that expressly authorizes the customer to engage in the Internet gambling business issued by the appropriate State or Tribal authority or, if the commercial customer does not have such a license, a reasoned legal opinion that demonstrates that the commercial customer's Internet gambling business does not involve restricted transactions; and
(ii) A written commitment by the commercial customer to notify the participant of any changes in its legal authority to engage in its Internet gambling business.
(2) A third-party certification that the commercial customer's systems for engaging in the Internet gambling business are reasonably designed to ensure that the commercial customer's Internet gambling business will remain within the licensed or otherwise lawful limits, including with respect to age and location verification.
(4) With respect to the determination in paragraph (b)(2)(i) of this section, participants may deem the following commercial customers to present a minimal risk of engaging in an Internet gambling business—
(c) Automated clearing house system examples.
(1) The policies and procedures of the originating depository financial institution and any third party processor in an ACH debit transaction, and the receiving depository financial institution and any third party processor in an ACH credit transaction, are deemed to be reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions if they—
(iii) Include procedures to be followed with respect to a commercial customer if the originating depository financial institution or third-party processor has actual knowledge that its commercial customer has originated restricted transactions as ACH debit transactions or if the receiving depository financial institution or third-party processor has actual knowledge that its commercial customer has received restricted transactions as ACH credit transactions, such as procedures that address—
(d) Card system examples. The policies and procedures of a card system operator, a merchant acquirer, third-party processor, or a card issuer, are deemed to be reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions, if the policies and procedures—
(1) Provide for either—
(i) Methods to conduct due diligence—
(ii) Implementation of a code system, such as transaction codes and merchant/business category codes, that are required to accompany the authorization request for a transaction, including—
(B) Procedures for ongoing monitoring or testing by the card system operator to detect potential restricted transactions, including—
(1) Conducting testing to ascertain whether transaction authorization requests are coded correctly; and
(2) Monitoring and analyzing payment patterns to detect suspicious payment volumes from a merchant customer; and
(2) For the card system operator, merchant acquirer, or third-party processor, include procedures to be followed when the participant has actual knowledge that a merchant has received restricted transactions through the card system, such as—
(e) Check collection system examples.
(1) The policies and procedures of a depositary bank are deemed to be reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions, if they—
(iii) Include procedures to be followed if the depositary bank has actual knowledge that a commercial customer of the depositary bank has deposited checks that are restricted transactions, such as procedures that address—
(f) Money transmitting business examples. The policies and procedures of an operator of a money transmitting business are deemed to be reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions if they—
(4) Include procedures when the operator has actual knowledge that a commercial customer of the operator has received restricted transactions through the money transmitting business, that address—
(g) Wire transfer system examples. The policies and procedures of the beneficiary's bank in a wire transfer are deemed to be reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions if they—
(3) Include procedures to be followed if the beneficiary's bank obtains actual knowledge that a commercial customer of the bank has received restricted transactions through the wire transfer system, such as procedures that address