Legal Templates

Choosing and Using the Samples

Not every company offering cards needs every document here. Whether a sample applies hinges on factors like whether the cards are for consumers or businesses, whether the cards are prepaid, and others. To help you determine which ones apply, we’ve included brief pointers below.

These samples are made available by Lithic, Inc. under a Creative Commons Attribution-NoDerivs 4.0 International License: You can use the samples for card programs, but must obtain Lithic’s prior consent if you wish to publicly share any modified versions.

Legal Disclaimer

️ The following is not legal advice and should only be used as starting precedents and operational best practices.

Each product and company is unique, and you should consult with an experienced lawyer licensed in the relevant jurisdiction(s) to tailor the agreement as needed.

Lithic does not assume responsibility for the contents of, or the consequence of using, any version of these documents or any other document found on our website. Lithic’s legal team knows many fintech lawyers and we’re happy to point Lithic customers to recommendations.


Anti-Money Laundering & Sanctions Policy

The Bank Secrecy Act (BSA) requires banks to have anti-money laundering (AML) programs that include written policies and procedures, internal controls, a compliance officer, and other requirements. Read more about BSA and AML requirements.

When a bank works with a fintech, the bank passes its obligations on to the partner company. As a result, fintechs need to have BSA policies.

Download the Anti-Money Laundering & Sanctions policy template

Complaint Handling Policy

Fintechs should have complaint policies in place to ensure the company expediently handles customer needs. This helps the company spot issues it may not be aware of and reduces the risk that issues get escalated to a level that poses regulatory or litigation risk.

Download the Complaint Handling Policy template

Chargebacks and Disputes Policy

The Electronic Fund Transfer Act (EFTA) and Regulation E govern consumer electronic fund transfers, other than credit. Practically, Regulation E covers debit and prepaid card transactions. One of Regulation E’s key requirements is that companies need to respond to transaction disputes.

Regulation E does not apply to commercial cardholders or credit products. Accordingly, fintechs that offer consumer debit and prepaid cards should have a Regulation E Dispute Policy.

Download the Chargebacks and Disputes Policy template

Fair Lending Policy

Consumer and commercial lenders need to comply with fair lending laws, which generally prohibit credit discrimination based on race, gender, religion, and other protected attributes.

Download the Fair Lending Policy template

Marketing Policy

Consumer and commercial fintech companies should consider having marketing policies to ensure they’re not exposing themselves to regulatory or legal risk. Misleading materials or emails that don’t comply with CAN-SPAM, for example, can expose a company to scrutiny.

Download the Marketing Policy template

Red Flags Policy

The FTC’s Red Flags Rule requires banks and certain creditors to have programs to identify identity theft red flags. These obligations often get passed through to fintechs that partner with such banks and creditors.

Download the Red Flags Policy template

Servicing and Collections Policy

There are various federal and state laws that regulate how creditors can service and collect debt. Any consumer or commercial lender should have a collections and servicing policy to ensure they are compliant with these laws.

Download the Servicing and Collections Policy template

Privacy Policy

It’s best practice for consumer and commercial fintechs to have privacy policies, and such policies may be required under federal or state laws. The exact required contents of a policy depends on factors like where a company offers its products and whether it serves consumers.

Download the Privacy Policy template

UDAAP Policy

Unfair, deceptive, and abusive acts and practices (UDAAPs) rules apply to consumer financial services providers, and unfair and deceptive acts and practices (UDAPs) rules apply to both consumer and commercial financial services. These two are often grouped together under the “UDAAP” name.

These rules generally target misleading or manipulative conduct. Fintechs offering consumer products often have UDAAP policies, while fintechs offering commercial products often have UDAP policies.

Download the UDAAP Policy template

Cardholder and User Agreements

The type of agreement a company offering cards has with its cardholders depends on a few factors, such as:

  • Is the cardholder a consumer or a business?
  • Is the card prefunded (i.e., does the cardholder load funds into the program before a transaction is authorized)?

Consumer Prepaid Cardholder Agreement

Card programs should generally use a consumer prepaid cardholder agreement when the program issues prepaid cards and the cardholder is a consumer and the card falls under the Prepaid Rule (as is typical when a cardholder prefunds a program before a transaction is authorized). This sample is not meant for payroll cards or government benefit cards.

Download the Consumer Prepaid Cardholder Agreement template

Authorized User Agreement

In some card programs, the person using the card is an “authorized user,” or someone who is authorized to spend on the cardholders’ behalf. The prototypical example is a corporate spend card where employees are given cards to spend their employers’ funds for work purposes.

Download the Authorized User Agreement template

Consumer Prepaid Fee Disclosures

Consumer prepaid card programs need to provide both long and short-form disclosures to cardholders. These are both typically presented when a customer signs up and agrees to the cardholder agreement.

Download the Long-form Prepaid Disclosure template

The short-form disclosure is typically a portion of a full page, so the layout and font are smaller (see the CFPB’s guide to the short-form disclosure for an example).

Download the Short-form Prepaid Disclosure template

Ancillary Document Forms

Card programs often need a host of other legal documents to get up and running. Below are some of the key ones, and when they apply.

E-SIGN Agreement

Consumer card programs that wish to send communications to customers electronically generally must have their customers sign an E-SIGN Agreement.

Download the E-SIGN Agreement template here

ACH Authorization

If cardholders will fund a card program via ACH transfers from their bank account, the card issuer generally must obtain cardholders’ ACH authorization.

Download the ACH Authorization template

Coming Soon

We will be expanding this collection. If you want to receive alerts when we add a new template, you can sign up for notifications. If you have any questions/feedback, or if you'd like to contribute to the library, please contact us at [email protected].