FinCEN (the Financial Crimes Enforcement Network) and four other federal banking agencies want to make things perfectly clear when it comes to how requirements set forth in the USA Patriot Act are to be applied to prepaid cards. In response to what they called continuing concerns about the vulnerability of prepaid cards to criminal and terrorist abuse, FinCEN and the Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration, and Office of the Comptroller of the Currency last week issued interagency joint guidance clarifying bank obligations to identify prepaid card account-holders in line with “Customer Requirement Program” (CIP) mandates contained in the Act.
The guidance, according to FinCEN, is intended to remind banks that money laundering and other criminal risks related to prepaid cards “require the implementation of strong and effective mitigating controls.” Under its umbrella, banks “have a CIP obligation” with respect to their handling of individual cardholders who possess general-purpose prepaid cards with features that resemble a deposit account, regardless of whether the funds are held in a pooled account and whether funds are held in the bank or by a third-party acting on its behalf.
Additionally, the guidance stipulates that general-purpose prepaid cards be treated as accounts subject to the CIP requirements, provided that customers have the ability to reload funds or can access credit or overdraft features. According to the guidance, an account is not considered established until the feature is activated by cardholder registration. The guidance does not apply to non-reloadable prepaid cards, or to government benefit or payroll cards that cannot be reloaded by other sources. However, the guidance also holds that banks should still conduct CIP on program managers or other business entities that offer non-reloadable prepaid access to end-users; employees, except where the intermediary is a government agency, constitute an example.
Also included in the guidance is a specification of important provisions banks are advised to incorporate in their contracts with third-party prepaid program managers. Contracts should be configured to ensure that banks have access to CIP information collected by program managers, and to give banks and the financial agencies that created the guidance the right to audit these program managers.
The importance of drafting prepaid program agreements that clearly delineate each party’s obligations when it comes to anti-money laundering controls is yet another item highlighted in the guidance. So, too, is the critical need to avoid future compliance problems by specifying in detail banks’ and program managers’ obligations at the outset of their relationships, as well as by providing for audit rights to verify that such obligations are being performed.
Collecting identifying information through CIP is said to by the agencies to facilitate other applicable money-laundering controls. Whatever these applicable money-laundering controls may be, and whatever the contents of the guidance, the latter was a long time coming and should have an impact on curbing the use of prepaid cards for nefarious purposes.