§Why CasetextPricing

Financial Crimes Enforcement Network Releases Proposed Rule Applying Bank Secrecy Act Regulations to Non-Bank Issuers of Prepaid Access Products

By Sidley Austin LLP
Jul 7, 2010

Financial Institutions Regulatory Update

To view this Sidley Update as a PDF, click here.

On June 21, 2010, the Financial Crimes Enforcement Network (“FinCen”) released a proposed rule (“Proposed Rule”) that would revise Bank Secrecy Act (“BSA”) requirements currently applicable to money services businesses (“MSBs”) with regard to stored value products and services. Intended to address “regulatory gaps that have resulted from the proliferation of prepaid innovations over the last ten years and their increasing use as an accepted payment method,” the Proposed Rule would rename “stored value” as “prepaid access,” and replace requirements currently applicable to “issuers” and “sellers or redeemers” of stored value with requirements applicable to “providers” and “sellers” of prepaid access. The Proposed Rule would require prepaid access providers to register as MSBs for the first time, and would impose on both prepaid access providers and sellers anti-money laundering (“AML”) program requirements, suspicious activity reporting obligations (from which stored value transactions are currently exempt) and expanded customer and transaction recordkeeping requirements, including new requirements to gather name, date of birth, address, and identification number and verify identity for covered products. The Proposed Rule would not establish new requirements or change existing BSA requirements applicable either to banks or to entities regulated by the Securities and Exchange Commission (“SEC”) or the Commodity Futures Trading Commission (“CFTC”).

FinCEN is seeking comment on all aspects of the Proposed Rule, including 15 specific questions, which are summarized below. The proposal was published in the Federal Register (75 Fed. Reg. 36589) on June 28, 2010. Comments are due on or before July 28, 2010.

Prepaid Access

The Proposed Rule would replace the term “stored value” used in the current rule with the term “prepaid access,” to denote the fact that the value to which the payment device gives access remains in an account, and is not “stored” on the card. Specifically, the Proposed Rule broadly defines “prepaid access” as “[e]lectronic device or vehicle, such as a card, plate, code, number, electronic serial number, mobile identification number, personal identification number, or other instrument that provides a portal to funds or the value of funds that have been paid in advance and can be retrievable and transferable at some point in the future.” FinCEN indicates that it does not intend the change in terminology to effect a change in coverage, but to describe the product more accurately and in a way that is technologically neutral, so as to provide the “regulatory elasticity” to survive future technological advancements. The expansive language captures a variety of “virtual” account forms, but is not intended to affect use of credit cards or debit cards.

Providers of Prepaid Access

The Proposed Rule would impose the full panoply of BSA requirements on the entity identified as a “provider of prepaid access,” which is defined as “the person with principal oversight and control over one or more prepaid programs.” Whether an entity is the “provider” for purposes of the Proposed Rule is a facts and circumstances determination, and “no single act or duty alone will be determinative.” The Proposed Rule provides a non-exclusive list of five activities that may be indicative of principal oversight and control:

  • organizing the prepaid program (initiation and establishment);
  • setting the terms and conditions of the program and determining that the terms have not been exceeded (e.g., sales locations, fees);
  • determining the other businesses that will participate in the transaction chain, which may include the issuing bank, the payment processor or the distributor;
  • controlling or directing the appropriate party to initiate, freeze or terminate prepaid access (ability to affect movement of funds between parties and/or entities); and
  • engaging in activity that demonstrates oversight and control of the transactions.

FinCEN identifies the following additional indicators of the entity that is acting in a principal role: (1) the party in whose name the prepaid program is marketed to the public; (2) the party who a reasonable person would identify as the principal decision-maker; (3) the party to whom the issuing bank looks as its principal representative in protecting its network relationship and its brand integrity; (4) the party who determines the method of distribution and sales strategy; and (5) the party with the expertise recognized by others, particularly the issuing bank, to bring together the appropriate parties to deliver a successful program.

Every prepaid access program would have a provider responsible for BSA compliance. However, finding that existing regulatory requirements applicable to banks satisfy the policy goals underlying the rulemaking, and that “[g]enerally . . . such bank-driven prepaid programs are not prevalent within the payments industry,” bank issuers (as well as SEC- and CFTC- registered entities) cannot be the provider under the Proposed Rule. Accordingly, these entities, which are excluded from the definition of MSBs under the current rule, would continue to be excluded.

This approach to the regulation of prepaid providers raises a number of issues that may be subject to comment from the industry, including (1) the misperception of the bank role in, and control over, key aspects of bank-issued prepaid programs, (2) the question whether there is always a “provider” other than the bank issuer and retail seller, both of which are intended to be excluded from the definition of “provider of prepaid access,” and (3) ambiguities in the identification of the “provider of prepaid access” making it difficult for the industry to determine in practice who will be covered by the Proposed Rule.

Sellers of Prepaid Access

The Rule defines a “seller of prepaid access” as “any person that receives funds or the value of funds in exchange for providing prepaid access as part of a prepaid program directly to the person that provided the funds or value, or to a third party as directed by that person.” The term thus includes all retail sellers of prepaid access products or services, unless all of the seller’s prepaid access products or services fall within exemptions to the definition of prepaid programs (discussed below). The Rule would treat the seller as an agent under the MSB rules, and not require the seller of prepaid access to register as an MSB. But as the party with face-to-face purchaser contact, and therefore the ability to capture unique information in the course of completing the transaction, a seller would be subject to suspicious activity report (“SAR”) requirements, AML program, customer verification and customer information and transaction recordkeeping requirements, which are described below.

Exemptions

The Proposed Rule would exempt the prepaid access products or services listed below from coverage under the Proposed Rule:

  • prepaid access cards with a value of $1000 or less, where (1) the maximum value is visible on the product; (2) the initial load limit does not exceed $1000; (3) the balance at any point during the lifecycle of the prepaid access cannot exceed $1000; and (4) the daily withdrawal limit cannot exceed $1000;
  • closed-loop access products;
  • payment of benefits, incentives, wages or salaries through payroll cards or other such electronic devices for similar purposes;
  • payment of government benefits such as unemployment, child support, and disaster assistance through electronic devices; and
  • disbursement of reimbursement funds from pre-tax flexible spending accounts for health care and dependent care expenses.

However, if any of the following three conditions apply, the exemptions will not be available: (1) funds or value may be transmitted internationally (a potential issue even for closed-loop retailer cards that can be used at stores outside the U.S., or that may be used internationally on the internet); (2) transfers are permitted between or among users within a prepaid program, such as person-to-person transfers (a potential issue for certain products such as “teen cards”); or (3) the product (other than a closed-loop product) provides ability to load monetary value from other non-depository sources (a potential issue for many retail sale programs).

BSA Requirements

Issuers and sellers or redeemers of stored value are required under current regulations to file Currency Transaction Reports (“CTRs”) and to establish written AML programs (if they transact amounts greater than $1000 per person per day), but are not required to register as MSBs or to file SARs. The Proposed Rule would revise the BSA regulatory regime to impose the following requirements on providers and sellers of prepaid access:

  • MSB Registration. Providers would be required to register with FinCEN as MSBs. Sellers would be treated as agents of the provider, and would not themselves be required to register.
  • SARs. Providers and sellers of prepaid access would be subject to suspicious activity reporting requirements.
  • Transactional recordkeeping. Providers of prepaid access would be required to retain for five years transactional records “generated in the ordinary course of business” by the payment processor or other entity involved in transaction processing. These records would reflect (1) the type of transaction (e.g., ATM withdrawal, point-of-sale purchase), (2) the amount and location of the transaction, (3) the date and time of transaction and (4) any other unique identifiers related to transactions. To meet this requirement, the provider of prepaid access would need to establish recordkeeping requirements, either internally or on the part of a third-party entity. FinCEN may require maintenance of all records in a central location.
  • Customer information recordkeeping. Provider and seller would have to verify the identity of a customer of a prepaid program and retain for five years customer identifying information, including name, date of birth, address, and identification number. It is unclear whether this requirement could be met at the time a temporary card is registered with a general purpose reloadable program so that the information could be gathered through the registration process rather than at the time a temporary card is sold at a retailer.
  • AML Program. Both providers and sellers would be subject to AML program requirements commensurate with their activities. The provider of prepaid access would be required to develop an AML program that corresponds to its role as the “centralized point in the chain for relevant information,” including (1) internal policies and procedures that contemplate the collection and processing of information to be used for the evaluation, completion and submission of SARs and CTRs, filing reports, creating and retaining records and responding to law enforcement requests; and (2) training programs for other industry members with whom it contracts for prepaid support services. Provider and seller AML programs would need to include policies and procedures sufficient for complying with the verification of customer identity and recordkeeping of customer identifying information mentioned above.

International Transportation of Prepaid Access

For purposes of future rulemakings, FinCEN seeks comment on the risks posed by international transport of prepaid access and the types of transactions that are particularly vulnerable to money laundering, terrorist financing and other illicit transactions through the financial system. Section 503 of the Credit Card Accountability Responsibility and Disclosure Act of 2009 (“CARD Act”) authorized Treasury to establish reporting requirements with respect to stored value pursuant to 31 U.S.C. 5316, which requires persons transporting or shipping currency and monetary instruments across the U.S. border in an aggregate amount over $10,000 to report of such transportation or shipment. Presently there is no similar requirement to report the transportation of prepaid access products across the border.

Future Rulemakings

FinCen indicates that it anticipates future rulemakings on particular aspects of the operation of the prepaid industry, such as the areas of obligations of payment networks and financial transparency at the borders, but that it would phase in any additional requirements.

Questions for Public Comment

FinCEN invites public comment on all aspects of the proposal, including 15 specific questions, which are summarized below:

  1. whether the terms “prepaid access” and “provider of prepaid access” provide the best description of the product(s);
  2. any aspect of the international transport of prepaid access to be considered for a future reporting requirement;
  3. imposing separate stand-alone BSA obligations on each party along the transaction chain, instead of designation of a single, central “provider”;
  4. whether to require aggregation of different MSB services in determining whether $1000 definitional thresholds have been met;
  5. whether and how FinCEN should reconsider its existing interpretation regarding closed-loop gift cards, even if limited solely to domestic use;
  6. particular aspects of the prepaid access sector that FinCEN should consider in deciding whether and how to delegate examination authority with respect to providers of prepaid access;
  7. any other areas (in addition to reporting requirements for international transport of prepaid access) in need of consideration for future rulemaking;
  8. the extent to which there are SEC- or CFTC-regulated or examined entities that are actively engaged in the prepaid access industry in such a way as to approach the equivalent of a provider or seller of prepaid access;
  9. guidance and clarification in FinCEN’s description of participants in the prepaid access chain;
  10. the need to institute additional safeguards and/or conditions prior to excluding prepaid access to payroll funds from the full extent of BSA responsibilities, such as methods to ensure the company and employees are legitimate;
  11. merits and vulnerabilities of exclusion from regulation for prepaid access with $1000 threshold dollar limit;
  12. how FinCEN registration Form 107 can be updated to accommodate identifying information about the component entities involved in a prepaid program;
  13. value of customer information capture and five-year retention requirement;
  14. merits of incorporating a risk-based assessment of necessary information variables as compared to imposing a mandatory set of customer information verification and retention requirements; and
  15. whether the requirements specified in the Proposed Rule vary from the contractual AML and customer identification requirements that currently are imposed on providers of prepaid access (and through them, on sellers of prepaid access) by the bank that issues the prepaid access by the payment network.

If you have questions about any of these items, please contact your regular Sidley Austin LLP contact or David E. Teitelbaum (+1.202.736.8683, dteitelbaum@sidley.com), Joel D. Feinberg (+1.202.736.8743, jfeinberg@sidley.com) or Susan White Haag (+1.202.736.8014, shaag@sidley.com).

The Financial Institutions Regulatory Practice of Sidley Austin LLP

The Financial Institutions Regulatory Practice group offers counseling, transaction and litigation services to depository and nondepository financial institutions and their holding companies. Our lawyers assist domestic and non-U.S. financial institutions and their holding companies, and electronic payment systems, as well as securities, insurance, finance, mortgage and other diversified financial services companies. We represent financial services clients before the U.S. Department of the Treasury, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and state bank regulatory agencies. In addition, we represent clients before the United States Supreme Court, the federal courts of appeal, federal district courts and state courts.

To receive future copies of the Financial Institutions Regulatory Update via email, please click here.

This Sidley Update has been prepared by Sidley Austin LLP for informational purposes only and does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers.

Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212.839.5300 and One South Dearborn, Chicago, IL 60603, 312.853.7000. Prior results do not guarantee a similar outcome.