Risk appetite refers to the level and types of risk that a financial institution, acquirer, or payment provider is willing to accept in its merchant portfolio. It serves as a strategic boundary, guiding decisions on merchant onboarding, underwriting policies, and ongoing portfolio management.

‍

In the context of merchant acquiring, risk appetite determines:

• Which industries are acceptable (e.g., low-risk retail vs. high-risk sectors like gambling, crypto, or nutraceuticals)
  
• What risk thresholds are tolerated, such as projected chargeback ratios, fraud rates, or licensing requirements
  
• When additional controls are needed, like rolling reserves, transaction caps, or enhanced due diligence
  
  

Example Applications:

• An acquirer may define its risk appetite as excluding merchants in unlicensed gambling, or those with expected chargeback ratios above 1%.
  
• Another provider may accept high-risk verticals (e.g. CBD or adult content), but only under strict conditions such as proven licensing, higher fees, and close monitoring.
  
• Portfolio-level thresholds might be set, such as “no more than 10% of total volume should originate from high-risk categories.”
  
  

Why Risk Appetite Matters:

• Consistency: Helps underwriting teams make aligned, repeatable decisions especially in gray-area cases.
  
• Compliance: Ensures adherence to internal policies and regulatory expectations.
  
• Portfolio health: Prevents concentration of high-risk merchants that could expose the institution to reputational, financial, or legal risk.
  
• Scalability: Enables the institution to grow its merchant base while maintaining control over exposure.
  
  

Risk appetite is typically defined at the organizational level, shaped by factors like regulatory environment, leadership priorities, risk mitigation capabilities, and financial resilience. Risk managers regularly refer to it when reviewing exceptions, setting limits, or updating policy in response to emerging threats or market changes.

In summary, risk appetite is the threshold of acceptable exposure, and an effective merchant risk program is calibrated to operate within those boundaries balancing growth with long-term stability and compliance.

‍