# Maintaining PCI Compliance To stay PCI compliant, all users who store, process, or transmit credit card data—whether onboarded directly or through an ISV—must complete and sign a PCI compliance form each year. These forms are generated automatically, pre-filled with business data, at onboarding and each subsequent year. For ISVs, a new form is generated annually for each sub-merchant onboarded through their applications. ISVs are charged for any overdue forms for their sub-merchants and may choose to pass those charges onward using merchant Fee Profiles. Merchants must review and validate the compliance form within 90 days of its generation. If a compliance form remains unsigned for more than 90 days, the system applies an overdue compliance fee. A daily automated process checks for overdue forms and, using a 30-day look-back, issues a charge if a form has not been signed within the previous 30 days. The fee is applied for each 30-day period the form remains unsigned. Direct merchants are charged through their own Fee Profiles (if configured). Overdue compliance charges are visible in the **Application** > **Company Financials** tab. Applicable fees for merchants are displayed in their Fee Profiles (if configured). Notifications regarding overdue forms and potential upcoming fees are sent monthly. The system processes fee charges daily at midnight Eastern Time. All users should be aware of these fee mechanisms and the need to promptly complete PCI compliance forms to avoid recurring charges. Manual uploads of signed forms are not supported. Signing must be completed directly through the [Finix Dashboard](#completing-compliance-forms-using-the-dashboard) or [API](#completing-compliance-forms-using-the-api). Refer to our guide on [Managing PCI Compliance](/guides/managing-operations/security-compliance/managing-pci-compliance) to learn how to complete PCI compliance forms. ## How to Stay Compliant To maintain PCI compliance: 1. **Annually review and sign your PCI compliance form:** A new, pre-filled form is generated at onboarding and every year after. 2. **Complete the form within 90 days:** You must sign and attest to the form via the Finix dashboard or API—manual uploads are not allowed. 3. **Monitor notifications:** Watch for email or dashboard alerts about pending or overdue forms. 4. **Avoid overdue fees:** Unsigned forms after 90 days trigger monthly fees until signed. 5. **For ISVs:** Track your sub-merchants’ compliance and address any overdue forms promptly. ## Viewing the Overdue Fee Amount The overdue fee is applied to the company's Cost Profile. *To view the overdue fee amount*: 1. Log in to your [Finix Dashboard](https://finix.payments-dashboard.com/Login). 2. Expand the **Settings** menu in the left-navigation and click **Company**. - The **Company** page displays. 3. Click the **Company Financials** tab. 4. Click the **Cost Profile** tab. 5. Scroll down to the **PCI SAQ Compliance Forms** section. - You will see a **Per Overdue Compliance Form Fee**. br ## Assigning Fees to Merchants You can assign the Overdue PCI Compliance Form Fee to merchants using Fee Profiles. *To apply the overdue fee to a Fee Profile*: 1. From the left navigation, click **Merchants** to expand the menu. 2. Click **Merchant Accounts**. - The **Merchant Accounts** screen displays a list of merchants. 3. Click a merchant to open the merchant details page. 4. Click the **Merchant Fee Profile** tab. - If a Fee Profile is already applied to the merchant, you can click **Edit** to edit the Fee Profile applied to the merchant (if permission is granted): - If the merchant is not assigned a Fee Profile, by default, the Fee Profile below has been inherited from the Fee Profile applied to the application. You have the option to **Apply Standard Fee Profile for Direct Merchants** or **Create a Custom Fee Profile**. 5. Select the desired option and click **Save and Continue** until you arrive at the **ACH & Additional** tab. 6. On the **ACH & Additional** tab, set an amount for the **Overdue PCI Compliance Form Fee**. 7. Click **Save and Continue** and submit the updated Fee Profile. - On the merchant details page, under **Value Added Services**, the **Overdue PCI Compliance Form Fee** will be displayed. All merchants that share the same Fee Profile are now subject to the fee.