Federal banking regulators and the Financial Crimes Enforcement Network (“FinCEN”) recently issued a guidebook (“Guideline”) for banks, thrifts, credit unions, and branches of foreign banks (“Banks”) to issue prepaid cards. The guidance explains the applicability of the Know Your Customer or Customer Identification Program regulations (“Regulations”) under Section 326 of the USA PATRIOT Act. The guidance, effective March 21, 2016, applies to card classes sold and distributed by banks or third parties that design, manage and operate prepaid card programs for banks. Failure to comply with this guidance may result in material adverse regulatory action, particularly in the event of a breach of anti-money laundering compliance requirements.
- A general-purpose, reloadable prepaid card program is considered an “account” with the issuing bank, and the cardholder is a “customer” of the bank under the regulations.
- Employee Payroll Card Scheme holders and Government Electronic Yield Transfer Card Scheme holders are not “customers” of the Bank under the Regulations unless the Bank Scheme provides credit or overdraft facilities to cardholders or allows cardholders to use the deposit to the card.
Prepaid cards are a recognized mainstream financial product used by individuals, private entities, and public entities. General-purpose prepaid cards can be used by multiple independent merchants and allow cardholders to use a variety of features, including traditionally using other features such as a check or debit card tied to a bank deposit account or credit card. These functions include cash withdrawals, bill payments, and transfers at ATMs.
These prepaid card features that attract customers also create risks for banks that issue prepaid cards and process prepaid card transactions. For example, the ease of access to prepaid cards, the ability to use prepaid cards anonymously, and the potential for relatively large amounts of funds to circulate through pools of integrated prepaid account funds expose prepaid cards to money laundering and other crimes.
Controls imposed by thrifts and the prepaid card industry, such as limits on card value and the frequency and number of allowed transfers, as well as due diligence on third parties and cardholders, reduce the risks posed by prepaid cards. This guide explains the regulations and suggests additional steps to comply with them:
- Similar to how funds are added to a traditional deposit, fund, or transaction account, the issuance of a general-purpose prepaid card that is repeatedly recharged by the cardholder or another party on behalf of the cardholder establishes a formal banking relationship and is equivalent to the account opening.
- If a card can be used for cardless transfers through self-service clearinghouses, wire transfers, checks, mobile phones, or cardholder-to-cardholder transfers, or to another cardholder’s account with the bank, and can As with general-purpose prepaid cards, cards that offer these transfer functions are considered bank accounts.
- A prepaid card that does not have any reloadable or credit functions will not establish an account opening relationship with the bank unless those functions or features are actively activated by the cardholder.
- Even if the cardholder is not the nominee account holder, as long as the cardholder has obtained the card from a third party using the bank’s omnibus account for an in-card top-up, the cardholder should be considered a customer of the bank under the regulations.
- Payroll cards and health benefit cards (such as Medisave cards or cards with flexible spending arrangements) create a bank-free employer (non-individual employee)-customer relationship unless the individual employee is permitted to take credit through the card or receive payment from a non-employer The payroll card account is recharged repeatedly from other sources.
- Likewise, if a government-subsidized card (Electronic Yield Transfer Card) does not allow the beneficiary to deposit funds on the card that are not related to government programs and does not allow credit, no customer relationship will be created with the government entity or the beneficiary.
According to this guide, banks should carefully consider their prepaid card programs, especially their third-party and integrated prepaid card programs, and their know-your-customer regulatory procedures. At a minimum, a prepaid card program should:
- Established and overseen per the appropriate bank vendor management plan and the bank’s internal product approval and risk committee procedures.
- Identify third-party marketers and distribution channels used in the program. These considerations are beneficial in reducing not only AML compliance risks but also other bank regulatory policy risks, such as those on overdrafts and other short-term consumer loans.
- There is contractual documentation of the allocation of obligations and risks between the bank and its program managers and the need for proper record keeping. Any agency relationship described in this guide should be appropriately limited to avoid unanticipated liability by the bank or its scheme administrator.
- Requires compliance with applicable banking rules and programs, including regulations, guidelines, the Federal Deposit Insurance Corporation (FDIC) deposit insurance rules, and, where applicable, the Federal Financial Institutions Examination Board’s Information Technology Manual.
- Identify each party’s “know your customer” obligations.
- Ensuring the Bank’s right to transfer, store or otherwise have immediate access to all customer and account information held by third-party administrators. This information should also be retained by the FDIC deposit insurance rules to maintain as much FDIC insurance as possible. Particular attention should be paid to those pooled accounts, providing escrow deposit insurance to the extent possible.
- Allows banks to audit program managers and monitor their performance.
- Consider the Banking Services Corporations Act and (if applicable) allow the appropriate regulator to examine third-party scheme administrators.
- Consider the guidelines for mobile and online banking apps and items where prepaid cards only offer accessibility-based delivery.