The agreement states that federal law requires Gusto, as a financial institution, to collect, verify, and monitor identity information for the Employer entity, each Administrator, and the designated signatory, including government-issued identification documents, taxpayer IDs, and business ownership documentation.
This analysis describes what Gusto's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes Gusto's Customer Identification Program obligations under the Bank Secrecy Act and FinCEN regulations, requiring collection of sensitive identity documentation from Employer entities and individual administrators. The data collected includes personally identifiable information for multiple individuals associated with the Employer Account.
The updated terms make explicit that requesting a background check through Gusto creates a legally binding agreement not just with Gusto but also incorporating terms from Gusto's payroll service and Checkr's service agreement. This means customers are committing to multiple overlapping sets of terms when they initiate a background check request. The change does not appear to alter the substantive rights or obligations, but rather clarifies their scope and binding nature in writing.
View change record →Developers integrating with Gusto's platform are now bound by mandatory arbitration and class action waiver provisions, meaning they cannot join or file class actions against Gusto and must resolve disputes through individual, binding arbitration. The updated terms also grant Gusto the right to modify, update, or discontinue developer tools at its sole discretion without notice or liability, which could disrupt integrations and require developers to absorb costs of upgrading to new versions. Developers should review Section 19 of the updated terms carefully before creating or maintaining integrations with Gusto's platform, and consider whether the arbitration and modification provisions align with their business and legal risk tolerance.
View change record →The updated terms now explicitly state that Employers waive the right to participate in class-action lawsuits and must pursue all claims against Gusto on an individual basis through binding arbitration. This means Employers can no longer join other users in collective legal action, even if many face identical problems with Gusto's service or billing. Individual arbitration typically costs more and produces less leverage for individual plaintiffs than class actions. You should review whether this dispute resolution requirement aligns with your business needs and consult legal counsel if you have concerns about waiving class-action rights.
View change record →This addition implements Anti-Money Laundering and Bank Secrecy Act compliance requirements, requiring extensive identity verification and ongoing monitoring of all administrators.
View full change record →The agreement requires Employers to provide full names, dates of birth, taxpayer IDs, business ownership documentation, and government-issued identification for the entity, administrators, and designated signatories as a condition of platform access. This information is collected and monitored in accordance with federal AML and anti-terrorism financing obligations.
How other platforms handle this
Advertisers who wish to run political advertising on Snapchat must complete Snap's political advertiser authorization process, comply with applicable election advertising laws, and include required disclosures identifying the funding source of political ads.
datasets: This field is used to indicate the datasets used to train the model. Each dataset should be listed as a separate item. If the dataset is available on the Hub, it should be linked to the dataset page.
You must clearly and conspicuously disclose to users of your Site that you may earn advertising fees from qualifying purchases made through Special Links on your Site. We require a specific disclosure: 'As an Amazon Associate I earn from qualifying purchases.'
Monitoring
Gusto has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"To help the government fight the funding of terrorism and money laundering activities, federal law requires financial institutions like Gusto to obtain, verify, record, and monitor information that identifies Employer's business entity, each Administrator authorized to access and/or manage the Employer Account, and Employer's designated responsible party... This information may include (but is not limited to) full name, address, date of birth, Employer taxpayer ID, telephone number, email address, business entity ownership documentation, and other information that will allow us to identify Employer, Employer's signatory, and/or Employer's Administrators ("Identification Information"). We may also require Employer to provide identifying documentation about Employer's business entity, Administrators and signatory, which may include passports, drivers licenses, or other government issued identification ("Identification Documents").— Excerpt from Gusto's Gusto Terms of Service
1. REGULATORY LANDSCAPE: This provision directly implicates the Bank Secrecy Act, FinCEN's Customer Due Diligence rules, and the USA PATRIOT Act requirements for financial institutions to implement Customer Identification Programs. The collection of beneficial ownership information also engages FinCEN's Beneficial Ownership Rule. Data protection obligations for the collected identity documentation may engage state privacy laws including CCPA for California-based administrators. 2. GOVERNANCE EXPOSURE: Medium. The requirement to provide government-issued identification for all administrators, including third-party accountant administrators, creates a data governance obligation for the Employer to ensure that sensitive personal data of individual administrators is handled appropriately both by Gusto and within the Employer's own HR and onboarding processes. 3. JURISDICTION FLAGS: California-based administrators whose personal information is collected under this provision may have CCPA rights with respect to that data, depending on whether Gusto treats administrator individuals as 'consumers' under the CCPA framework. Employers with EU-based administrators should assess whether GDPR applies to the collection of identification documents from those individuals. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations should review Gusto's Privacy Notice and Employer Data Processing Addendum to confirm how Identification Information and Identification Documents are stored, retained, and shared. Vendor risk assessments should evaluate Gusto's data security certifications relevant to storage of government-issued identification documents. 5. COMPLIANCE CONSIDERATIONS: HR and legal teams should ensure that Administrator onboarding processes include informed consent from individuals whose government-issued identification is collected and shared with Gusto. Data mapping exercises should capture the flow of administrator PII to Gusto as a third-party processor. Retention and deletion procedures for this category of sensitive data should be confirmed with Gusto.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes Gusto's Customer Identification Program obligations under the Bank Secrecy Act and FinCEN regulations, requiring collection of sensitive identity documentation from Employer entities and individual administrators. The data collected includes personally identifiable information for multiple individuals associated with the Employer Account.
The agreement requires Employers to provide full names, dates of birth, taxpayer IDs, business ownership documentation, and government-issued identification for the entity, administrators, and designated signatories as a condition of platform access. This information is collected and monitored in accordance with federal AML and anti-terrorism financing obligations.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Gusto.