On March 21, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the National Credit Union Administration and the Financial Crimes Enforcement Network (collectively, the “regulators”) issued new guidance related to the application of customer identification (CIP) program requirements to prepaid card customers. The regulators issued the guidance in connection with their authority under Section 326 of the US Patriot Act.
The guidance affects banks, savings associations, credit unions and branches of foreign banks and includes those prepaid cards that are marketed and managed by third-party program managers. The guidance requires the application of a CIP program to any prepaid card sold that is deemed by the regulators to be an “account” because it has any of the following characteristics: (1) the card can access a credit feature (e.g., a credit line); (2) the card has overdraft capability; or (3) the card has the ability to be reloaded with funds. If a prepaid card is deemed to be an account, the issuing bank (either directly or through its agent) is required to obtain the customer’s name, date of birth and address, and is responsible for verifying the information provided by such customer.
Prepaid cards that cannot be reloaded by the customer or another party are not deemed to be “accounts” by the regulators and are therefore not subject to the CIP requirements. Additionally, if a card is sold that is not activated with any of the three characteristics described above, it is not an “account” until such characteristic has been activated.
In cases where cards do not have any of the three characteristics noted above, any program manager involved in the prepaid card program would be deemed to be the bank’s customer and CIP requirements would apply to the vetting of the program manager as a customer of the issuing bank.
The guidance also sets forth contractual provisions that issuing banks should have in place with their prepaid card program managers, including an outline of each party’s CIP obligations and the ability to inspect and receive information collected by such third party in connection with the issuing bank’s CIP obligations.