The definition in the FFIEC manual is:
Nonbank or third-party payment processors (processors) are bank customers that provide payment-processing services to merchants and other business entities. Traditionally, processors contracted primarily with retailers that had physical locations in order to process the retailersâ€™ transactions. These merchant transactions primarily included credit card payments but also covered automated clearing house (ACH) transactions, 221 remotely created checks (RCC),222 and debit and prepaid cards transactions. With the expansion of the Internet, retail borders have been eliminated. Processors now provide services to a variety of merchant accounts, including conventional retail and Internet-based establishments, prepaid travel, telemarketers, and Internet gaming enterprises. Third-party payment processors often use their commercial bank accounts to conduct payment processing for their merchant clients. For example, the processor may deposit into its account RCCs generated on behalf of a merchant client, or process ACH transactions on behalf of a merchant client. In either case, the bank does not have a direct relationship with
the merchant. The increased use of RCCs by processor customers also raises the risk of fraudulent payments being processed through the processorâ€™s bank account. The Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and Financial Crimes Enforcement Network (FinCEN) have issued guidance regarding the risks, including the BSA/AML risks, associated with banking third-party processors.223
So I think you could say your scenario fits this definition. But not all TPPP pose the same level of risk. After doing some due diligence you may determine that this entity is not higher-risk. Hopefully your BSA Program addresses the necessary due diligence, determining the risk rating and associated monitoring.