Introduction
Pre-paid access
Providers of pre-paid access
Sellers of pre-paid access
Exemptions
Act requirements
International transportation of pre-paid access
Future rulemakings
Questions for public comment


Introduction

On June 21 2010 the Financial Crimes Enforcement Network (FinCEN) released a proposed rule that would revise the Bank Secrecy Act requirements currently applicable to money services businesses with regard to stored value products and services. Intended to address "regulatory gaps that have resulted from the proliferation of prepaid innovations over the last ten years and their increasing use as an accepted payment method", the proposed rule would rename 'stored value' as 'pre-paid access', and replace requirements currently applicable to issuers and sellers or redeemers of stored value with requirements applicable to providers and sellers of pre-paid access. The proposed rule would require pre-paid access providers to register as money services business for the first time and would impose on both pre-paid access providers and sellers:

  • anti-money laundering programme requirements;
  • suspicious activity reporting obligations (from which stored value transactions are currently exempt); and
  • expanded customer and transaction record-keeping requirements, including new requirements to gather name, date of birth, address and identification number and to verify identity for covered products.

The proposed rule would not establish new requirements or change existing Bank Secrecy Act requirements applicable to either banks or entities regulated by the Securities and Exchange Commission (SEC) or the Commodity Futures Trading Commission (CFTC).

FinCEN is seeking comment on all aspects of the proposed rule, including 15 specific questions, which are summarized below. The proposal was published in the Federal Register(1) on June 28 2010 and comments are due on or before July 28 2010.

Pre-paid access

The proposed rule would replace the term 'stored value' used in the current rule with the term 'pre-paid access' in order to denote the fact that the value to which the payment device gives access remains in an account and is not stored on the card. Specifically, the proposed rule broadly defines 'pre-paid access' as:

"[An e]lectronic device or vehicle, such as a card, plate, code, number, electronic serial number, mobile identification number, personal identification number, or other instrument that provides a portal to funds or the value of funds that have been paid in advance and can be retrievable and transferable at some point in the future."

FinCEN indicates that it intends the change in terminology not to effect a change in coverage, but rather to describe the product more accurately and in a way that is technologically neutral, so as to provide the "regulatory elasticity" to survive future technological advancements. The expansive language captures a variety of virtual account forms, but is not intended to affect use of credit cards or debit cards.

Providers of pre-paid access

The proposed rule would impose the full panoply of Bank Secrecy Act requirements on the entity identified as a 'provider of pre-paid access', which is defined as "the person with principal oversight and control over one or more prepaid programs". Whether an entity is the provider for the purposes of the proposed rule is a facts and circumstances determination, and "no single act or duty alone will be determinative." The proposed rule provides a non-exclusive list of five activities that may be indicative of principal oversight and control, as follows:

  • organizing the pre-paid programme (initiation and establishment);
  • setting the terms and conditions of the programme and determining that the terms have not been exceeded (eg, sales locations, fees);
  • determining the other businesses that will participate in the transaction chain, which may include the issuing bank, the payment processor or the distributor;
  • controlling or directing the appropriate party to initiate, freeze or terminate pre-paid access (the ability to affect movement of funds between parties and/or entities); and
  • engaging in activity that demonstrates oversight and control of the transactions.

FinCEN identifies the following additional indicators of the entity that is acting in a principal role:

  • the party in whose name the pre-paid programme is marketed to the public;
  • the party which a reasonable person would identify as the principal decision maker;
  • the party to which the issuing bank looks as its principal representative in protecting its network relationship and its brand integrity;
  • the party which determines the method of distribution and sales strategy; and
  • the party with the expertise recognized by others, particularly the issuing bank, to bring together the appropriate parties to deliver a successful programme.

Every pre-paid access programme would have a provider responsible for Bank Secrecy Act compliance. However, finding that existing regulatory requirements applicable to banks satisfy the policy goals underlying the rulemaking, and that generally "such bank-driven prepaid programs are not prevalent within the payments industry", bank issuers (as well as SEC and CFTC-registered entities) cannot be the provider under the proposed rule. Accordingly, these entities, which are excluded from the definition of 'money services businesses' under the current rule, would continue to be excluded.

This approach to the regulation of pre-paid providers raises a number of issues that may be subject to comment from the industry, including:

  • the misperception of the bank's role in, and control over, key aspects of bank-issued pre-paid programmes;
  • the question of whether there is always a provider other than the bank issuer and retail seller, both of which are intended to be excluded from the definition of a 'provider of pre-paid access'; and
  • ambiguities in the identification of the 'provider of pre-paid access', making it difficult for the industry to determine in practice who will be covered by the proposed rule.

Sellers of pre-paid access

The rule defines a 'seller of pre-paid access' as:

"any person that receives funds or the value of funds in exchange for providing prepaid access as part of a prepaid program directly to the person that provided the funds or value, or to a third party as directed by that person."

The term thus includes all retail sellers of pre-paid access products or services, unless all of the seller's pre-paid access products or services fall within exemptions to the definition of 'pre-paid programmes' (discussed below). The rule would treat the seller as an agent under the money services business rules, and not require the seller of pre-paid access to register as a money service business. However, as the party with face-to-face purchaser contact, and therefore the ability to capture unique information in the course of completing the transaction, a seller would be subject to requirements regarding suspicious activity reports, anti-money laundering programmes, customer verification and customer information and transaction recordkeeping requirements (described below).

Exemptions

The proposed rule would exempt the pre-paid access products or services listed below from coverage under the proposed rule:

  • pre-paid access cards with a value of $1,000 or less, where:
    • the maximum value is visible on the product;
    • the initial load limit does not exceed $1,000;
    • the balance at any point during the lifecyle of the pre-paid access cannot exceed $1,000; and
    • the daily withdrawal limit cannot exceed $1,000;
  • closed-loop access products;
  • payment of benefits, incentives, wages or salaries through payroll cards or other such electronic devices for similar purposes;
  • payment of government benefits such as unemployment, child support and disaster assistance through electronic devices; and
  • disbursement of reimbursement funds from pre-tax flexible spending accounts for healthcare and dependant care expenses.

However, if any of the following three conditions apply, the exemptions will not be available:

  • The funds or value may be transmitted internationally (a potential issue even for closed-loop retailer cards that can be used at stores outside the United States or that may be used internationally on the Internet).
  • Transfers are permitted between or among users within a pre-paid programme, such as person-to-person transfers (a potential issue for certain products such as teen cards); or
  • The product (other than a closed-loop product) provides ability to load monetary value from other non-depository sources (a potential issue for many retail sale programmes).

Act requirements

Issuers and sellers or redeemers of stored value are required under current regulations to file currency transaction reports and to establish written anti-money laundering programmes (if they transact amounts greater than $1,000 per person per day), but are not required to register as money services businesses or to file suspicious activity reports. The proposed rule would revise the Bank Secrecy Act regulatory regime to impose the following requirements on providers and sellers of pre-paid access.

Money services business registration
Providers would be required to register with FinCEN as money services businesses. Sellers would be treated as agents of the provider and would not themselves be required to register.

Suspicious activity reports
Providers and sellers of pre-paid access would be subject to suspicious activity reporting requirements.

Transactional recordkeeping
Providers of pre-paid access would be required to retain for five years transactional records "generated in the ordinary course of business" by the payment processor or other entity involved in transaction processing. These records would reflect:

  • the type of transaction (eg, automated teller machine withdrawal, point-of-sale purchase);
  • the amount and location of the transaction;
  • the date and time of transaction; and
  • any other unique identifiers related to transactions.

To meet this requirement, the provider of pre-paid access would need to establish record-keeping requirements, either internally or on the part of a third-party entity. FinCEN may require maintenance of all records in a central location.

Customer information record-keeping
The provider and seller would have to verify the identity of a customer of a pre-paid programme and to retain for five years customer identifying information, including name, date of birth, address and identification number. It is unclear whether this requirement could be met when a temporary card is registered with a general purpose reloadable programme so that the information could be gathered through the registration process rather than when a temporary card is sold at a retailer.

Anti-money laundering programme
Both providers and sellers would be subject to anti-money laundering programme requirements commensurate with their activities. The provider of pre-paid access would be required to develop an anti-money laundering programme that corresponds to its role as the "centralized point in the chain for relevant information", including: (i) internal policies and procedures that contemplate the collection and processing of information to be used for the evaluation, completion and submission of suspicious activity reports and currency transaction reports, filing reports, creating and retaining records and responding to law enforcement requests; and (ii) training programmes for other industry members with which it contracts for pre-paid support services. Provider and seller anti-money laundering programmes would need to include policies and procedures sufficient to comply with the verification of customer identity and record-keeping of customer identifying information mentioned above.

International transportation of pre-paid access

For purposes of future rulemakings, FinCEN seeks comment on the risks posed by international transport of pre-paid access and the types of transaction that are particularly vulnerable to money laundering, terrorist financing and other illicit transactions through the financial system. Section 503 of the Credit Card Accountability Responsibility and Disclosure Act of 2009 authorized the Treasury to establish reporting requirements with respect to stored value pursuant to 31 USC 5316, which requires persons transporting or shipping currency and monetary instruments across the US border in an aggregate amount over $10,000 to report of such transportation or shipment. Presently there is no similar requirement to report the transportation of pre-paid access products across the border.

Future rulemakings

FinCen indicates that it anticipates future rulemakings on particular aspects of the operation of the pre-paid industry, such as the areas of obligations of payment networks and financial transparency at the borders, but that it will phase in any additional requirements.

Questions for public comment

FinCEN invites public comment on all aspects of the proposal, including 15 specific questions, as follows:

  • whether the terms 'pre-paid access' and 'provider of pre-paid access' provide the best description of the product(s);
  • any aspect of the international transport of pre-paid access to be considered for a future reporting requirement;
  • imposing separate standalone Bank Secrecy Act obligations on each party along the transaction chain, instead of designating a single, central provider;
  • whether to require aggregation of different money services business services in determining whether the $1,000 definitional thresholds have been met;
  • whether and how FinCEN should reconsider its existing interpretation regarding closed-loop gift cards, even if limited solely to domestic use;
  • particular aspects of the pre-paid access sector that FinCEN should consider in deciding whether and how to delegate examination authority with respect to providers of pre-paid access;
  • any other areas (in addition to reporting requirements for international transport of pre-paid access) in need of consideration for future rulemaking;
  • the extent to which SEC or CFTC-regulated or examined entities that are actively engaged in the pre-paid access industry in such a way as to approach the equivalent of a provider or seller of pre-paid access;
  • guidance and clarification in FinCEN's description of participants in the pre-paid access chain;
  • the need to institute additional safeguards and/or conditions before excluding pre-paid access to payroll funds from the full extent of Bank Secrecy Act responsibilities, such as methods to ensure that the company and employees are legitimate;
  • merits and vulnerabilities of exclusion from regulation for pre-paid access with a $1,000 threshold dollar limit;
  • how FinCEN registration Form 107 can be updated to accommodate identifying information about the component entities involved in a pre-paid programme;
  • the value of the customer information capture and five-year retention requirement;
  • the merits of incorporating a risk-based assessment of necessary information variables, as compared to imposing a mandatory set of customer information verification and retention requirements; and
  • whether the requirements specified in the proposed rule vary from the contractual anti-money laundering and customer identification requirements that currently are imposed on providers of pre-paid access (and through them, on sellers of pre-paid access) by the bank that issues the pre-paid access by the payment network.

 

For further information on this topic please contact David E Teitelbaum, Joel D Feinberg or Susan White Haag at Sidley Austin LLP by telephone (+1 202 736 8000), fax (+1 202 736 8711) or email ([email protected], [email protected] or [email protected]).

Endnotes

(1) 75 Fed Reg 36589.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.