Key Takeaways
- Texas's MCA automatic debit prohibition law, effective since 2025, restricts how funders establish recurring payment mechanisms with merchants, but specific ACH structures may still comply.
- The law's language around "establishing a mechanism" for automatic debits creates ambiguity that funders must navigate through tighter bank verification and documentation workflows.
- Bank verification software for funders now needs to capture not just cash flow data but also payment authorization evidence and account control documentation for compliance purposes.
- Funders operating across state lines face a patchwork of MCA regulations, making standardized, auditable verification processes more critical than ever.
- AI-powered document extraction and secure applicant portals reduce compliance exposure by creating clear audit trails from the point of application intake.
Texas's MCA Debit Law Creates New Compliance Pressure for Funders
When Texas enacted its prohibition on automatic debits tied to merchant cash advance agreements, the industry braced for disruption. What followed has been more nuanced. The law, which took effect in 2025, doesn't outright ban MCA. Instead, it targets a specific mechanism: the automatic establishment of recurring debits from a recipient's bank account. That distinction matters enormously for funders evaluating their bank verification software for funders and payment collection infrastructure.
Recent industry discussion, including reporting from deBanked on ACH compliance strategies under the Texas law, suggests that certain ACH structures may still satisfy the statute's requirements. The key phrase centers on "establishing a mechanism for automatically debiting" an account, which some compliance advisors interpret as leaving room for individually authorized transactions rather than blanket recurring mandates.
For funders, though, the practical challenge isn't just legal interpretation. It's operational. Every deal originating from or involving a Texas-based merchant now requires stronger documentation of payment authorization, clearer bank account verification, and a more defensible audit trail. The compliance burden has shifted upstream, landing squarely on the intake and verification process. And that changes what funders need from their technology stack in 2026.
Why Payment Compliance Starts at Bank Verification
The Authorization Documentation Gap
Most MCA funders have historically treated bank verification as a credit underwriting function. You pull statements, analyze cash flow, estimate daily revenue, and decide whether the merchant can handle the repayment schedule. That workflow still matters. But the Texas law adds a second requirement: proving that the payment mechanism itself was properly authorized and that the merchant understood what they agreed to.
This is where many existing bank verification tools fall short. They're built to extract financial data, not to document the authorization chain. A funder facing a compliance challenge in Texas needs to show more than a merchant's average daily balance. They need timestamped proof that the merchant submitted their bank details voluntarily, that specific account information was verified against the actual documents provided, and that the payment terms were clearly disclosed before any debit was initiated.
Secure applicant upload portals, like the one built into Let's Submit, address this gap by creating a documented chain of custody. When a merchant uploads their bank statements through a dedicated link, the platform logs exactly what was submitted, when, and by whom. AI-powered extraction then pulls the relevant data while preserving the original documents as compliance artifacts. That combination of convenience and auditability is exactly what the Texas regulatory environment demands.
Moving Beyond Cash Flow to Account Control Verification
The subtler implication of the Texas law is that funders now need to verify more than cash flow patterns. They need to confirm account control: who owns the account, whether the signer on the MCA agreement matches the account holder, and whether there are any existing encumbrances or competing debits that might complicate compliance.
This level of verification goes beyond what a standard PDF statement review provides. It requires cross-referencing owner information extracted from bank documents against the business application itself, checking for consistency in names, EINs, and account numbers across multiple uploaded files. Purpose-built AI models trained specifically on financial documents handle this cross-referencing far more reliably than general-purpose tools. As we explored in our analysis of how purpose-built AI models outperform general LLMs in MCA document verification, domain-specific extraction catches inconsistencies that broader systems routinely miss.
For funders operating in Texas, or funding Texas-based merchants from out of state, these inconsistencies aren't just underwriting risks. They're compliance liabilities.
The Patchwork Problem: Multistate MCA Compliance
Texas isn't operating in a vacuum. California's AB2116 disclosure requirements have already pushed funders toward more transparent documentation practices. New York's disclosure law, Virginia's licensing framework, and ongoing rulemaking at the federal level through the Consumer Financial Protection Bureau all point in the same direction: more documentation, more transparency, more auditability.
Funders who treat each state's requirements as a separate compliance project end up with fragmented workflows, different processes for different deal geographies, and no consistent verification standard. The smarter approach is building a single, comprehensive intake and verification workflow that satisfies the most stringent requirements across all operating jurisdictions. If your process meets Texas and California standards, it almost certainly meets less restrictive states by default.
This is where standardized bank verification software becomes a strategic asset rather than just an operational tool. A platform that captures documents securely, extracts data with AI, logs every action in an audit trail, and stores original files alongside extracted data creates a compliance foundation that scales across jurisdictions without requiring custom workflows for each state.
Practical Steps for Funders Adapting to Texas Rules
The Texas law doesn't require funders to abandon the MCA model. It requires them to be more deliberate about how they establish payment mechanisms. Here's what that looks like in practice for your bank verification and intake workflow.
First, separate the authorization step from the underwriting step. Many funders bundle bank statement collection with ACH authorization into a single form or email exchange. Under the Texas framework, it's safer to treat these as distinct processes with distinct documentation. Collect and verify bank statements for underwriting purposes first. Then, once terms are established, obtain explicit, individually documented authorization for any payment mechanism. Your bank verification software should support this sequencing without adding friction for the merchant.
Second, verify account ownership independently. Don't rely solely on the merchant's self-reported information matching what appears on bank statements. Cross-reference against uploaded identification documents and business formation records. Let's Submit's AI extraction pulls owner details, business information, and financial data from multiple document types simultaneously, making this cross-referencing automatic rather than manual.
Third, maintain original documents alongside extracted data. AI extraction is powerful, but regulators don't audit algorithms. They audit records. Your platform should store the original uploaded PDF alongside every extracted data point, creating a verifiable link between what the merchant submitted and what your underwriting team acted on. This is a baseline requirement that many funders still overlook, and it matters far more in a state like Texas where the legal framework specifically scrutinizes how payment mechanisms were established.
Finally, build your audit trail from the first point of contact. The compliance paper trail shouldn't start when an underwriter opens a file. It should start when the merchant first receives an upload link or submits documents via email. Every timestamp, every document upload, every data extraction event becomes part of the compliance record. Platforms designed for asynchronous document collection inherently create this trail because the merchant interacts with the system directly rather than sending files through informal channels that leave no auditable record.
Why Async Verification Fits the Texas Compliance Model
The Texas law's emphasis on how mechanisms are "established" makes the method of document collection more legally significant than it used to be. When a broker forwards a merchant's bank statements pulled from an email thread, there's no verifiable chain showing the merchant intended those documents to authorize a specific payment arrangement. When a merchant uploads documents through a secure, dedicated portal with logged timestamps and clear terms of use, the authorization chain is far stronger.
Asynchronous bank verification, where the merchant interacts with the system on their own time through a secure link, naturally produces better compliance documentation than synchronous methods like phone-based verification or broker-mediated document collection. The merchant's direct engagement with the platform is itself a form of documented authorization.
This compliance advantage aligns with broader operational benefits. As our research into how broker-to-funder handoffs create fraud risk in MCA lending demonstrated, removing intermediaries from the document collection process reduces both fraud exposure and compliance risk. The Texas law amplifies this dynamic by making the provenance of bank documents and payment authorizations a legal concern, not just an operational preference.
For funders processing significant deal volume through Texas, the efficiency gains compound. Rather than manually documenting authorization chains for each deal, the platform handles it structurally. Every merchant who uploads through a Let's Submit link generates a complete, timestamped record without the funder's team doing any extra compliance work.
Frequently Asked Questions
Does Texas law ban merchant cash advance?
No. The Texas law does not ban merchant cash advance transactions outright. It prohibits the establishment of a mechanism for automatically debiting a recipient's account in connection with an MCA agreement, unless specific conditions are met. Funders can still operate in Texas, but they must structure payment collection methods carefully and document authorization explicitly. The distinction between blanket recurring debit mandates and individually authorized transactions is central to compliance under this statute.
How does bank verification software help with MCA compliance?
Bank verification software helps MCA funders comply with state regulations by creating documented, auditable records of every step in the document collection and verification process. When a platform captures timestamped uploads, extracts data with AI while preserving original documents, and logs all user interactions, it generates the compliance paper trail that regulators expect. In states like Texas and California, where MCA-specific disclosure and authorization rules apply, this audit trail can be the difference between a defensible process and a regulatory violation.
What should MCA funders change about their intake process for Texas?
Funders should separate bank statement collection from ACH authorization into distinct, documented steps. They should also verify account ownership independently by cross-referencing bank documents against identification and business formation records. Using a secure applicant upload portal rather than informal email exchanges creates stronger authorization documentation. Finally, funders should ensure their platform stores original documents alongside AI-extracted data so that every underwriting decision can be traced back to source material during a compliance review.
Can MCA funders outside Texas be affected by this law?
Yes. The Texas law applies to MCA transactions involving Texas-based merchants, regardless of where the funder is headquartered. If you fund deals with merchants located in Texas, the automatic debit restrictions apply to those transactions. This extraterritorial reach makes it essential for funders in all states to understand the Texas requirements and build intake processes that comply, especially if they process applications from merchants across multiple states.
Conclusion
The Texas MCA automatic debit law represents a turning point in how funders think about bank verification. What was once purely an underwriting function now carries direct compliance implications for payment authorization and regulatory defensibility. Funders who adapt their intake and verification workflows to meet these requirements won't just avoid legal exposure; they'll build processes that are more transparent, more auditable, and ultimately more scalable across the growing patchwork of state MCA regulations.
Let's Submit was built for exactly this kind of operational challenge. Secure applicant upload links, AI-powered document extraction, and complete audit trails from first contact to funding decision give funders the compliance foundation that the Texas law demands. Visit letssubmit.ca to see how asynchronous bank verification fits into your compliance workflow.