Pre-paid access providers
Sellers of pre-paid access
Pre-paid programmes and exclusions
Bank Secrecy Act requirements
On July 29 2011 the Financial Crimes Enforcement Network (FinCEN) published a final rule that revises the Bank Secrecy Act requirements currently applicable to money services businesses with regard to stored value products and services. FinCEN published the Notice of Proposed Rulemaking on June 28 2010 and received 76 comment letters in response. In the final rule, FinCEN indicates that it used the information provided in the comment letters to inform its final decisions. FinCEN's stated goal for the final rule is to address regulatory gaps that have resulted from the proliferation over the past 12 years of pre-paid innovations that increase the potential for using pre-paid access to further money laundering, terrorist financing and other illicit transactions. FinCEN believes that the pre-paid access market has matured and now warrants, at a minimum, regulation commensurate with other money services businesses.
The final rule renames 'stored value' as 'pre-paid access' and creates two new categories of money services business – providers of pre-paid access and sellers of pre-paid access. The final rule requires providers of pre-paid access to register as money services businesses for the first time, and imposes on both providers and sellers of pre-paid access suspicious activity report obligations, anti-money laundering programme requirements, customer identification requirements and customer record-keeping requirements. The final rule also imposes transaction record-keeping requirements on providers of pre-paid access. The final rule does not establish new requirements or change existing Bank Secrecy Act requirements applicable either to banks or to entities regulated by the Securities and Exchange Commission or the Commodity Futures Trading Commission. The final rule becomes effective on September 27 2011. The requirement for providers of pre-paid access to register with FinCEN becomes effective on January 29 2012.
The final rule renames 'stored value' as 'pre-paid access' without narrowing or broadening the meaning of the term, but recognises that value is not stored on the card. Specifically, the final rule defines 'pre-paid access' as:
"[a]ccess to funds or the value of funds that have been paid in advance and can be retrieved or transferred at some point in the future through an electronic device or vehicle, such as a card, code, electronic serial number, mobile identification number, or personal identification number."
The key parts of the definition are as follows:
- Funds have been paid in advance; and
- Those funds can be retrieved or transferred in the future.
FinCEN indicates that it believes that the definition has the necessary regulatory elasticity to survive future technological advancements.
The final rule imposes the full panoply of Bank Secrecy Act requirements on the entity identified as the 'provider of pre-paid access'. The final rule allows the participants in a pre-paid programme to determine which party among them will serve as the provider of pre-paid access. Specifically, a 'provider of pre-paid access' is:
"the participant within a prepaid program that agrees to serve as the principal conduit for access to information from its fellow program participants. The participants in each prepaid access program must determine a single participant within the prepaid program to serve as the provider of prepaid access."
If one of the participants in a pre-paid access programme has failed to register as the provider of pre-paid access, then the provider of pre-paid access is the person with principal oversight and control over the pre-paid programme, as determined by FinCEN. The final rule provides the following non-exclusive list of five activities that indicate principal oversight and control:
- organising the pre-paid programme;
- setting the terms and conditions of the pre-paid programme and determining that the terms have not been exceeded;
- determining the other businesses that will participate in the pre-paid programme, which may include the issuing bank, the payment processor or the distributor;
- controlling or directing the appropriate party to initiate, freeze or terminate pre-paid access; and
- engaging in activity that demonstrates oversight and control of the pre-paid programme.
In the final rule, FinCEN adopts a more limited definition of 'seller of pre-paid access' than in the proposed rule. FinCEN indicates that it has adopted a targeted approach to regulating sellers of pre-paid access, focusing on those sales of pre-paid access whose inherent features or high dollar amounts pose heightened money laundering risks. A 'seller of pre-paid access' is defined as:
"[a]ny person that receives funds or the value of funds in exchange for an initial loading or subsequent loading of prepaid access if that person (i) sells prepaid access offered under a prepaid program that can be used before verification of customer identification…; or (ii) sells prepaid access (including closed loop prepaid access) to funds that exceed $10,000 to any person during any one day, and has not implemented policies and procedures reasonably adapted to prevent such a sale."
In the first part of the definition, if the pre-paid access is sold under an arrangement that fits into one of the exemptions from the term 'pre-paid programme', or if the customer must go through the identification process before the card is activated, then there is no seller of pre-paid access.
The final rule treats the seller as an agent under the money services business rules and does not require the seller to register as a money services business. However, as the party with face-to-face purchaser contact, and therefore the ability to capture unique information in the course of completing the transaction, a seller of pre-paid access is subject to various Bank Secrecy Act requirements.
Pre-paid programmes and exclusions
The final rule defines a 'pre-paid programme' as "an arrangement under which one or more persons acting together provide(s) prepaid access" and offers several exemptions. Specifically, an arrangement is not a pre-paid programme if it involves only the following:
- closed-loop pre-paid access devices that have a maximum value of $2,000 or less on any day;
- pre-paid access to funds provided by a federal, state, local, territory and insular possession or tribal government agency;
- pre-paid access to funds from a pre-tax flexible spending account for healthcare and dependent care expenses or from a health reimbursement arrangement as defined in the Internal Revenue Code for healthcare expenses; or
- pre-paid access to employment benefits, incentives, wages or salaries, or pre-paid access with a maximum value of $1,000 or less at all times, if in either case the pre-paid access device does not permit:
- funds or value to be transmitted internationally;
- transfers between or among users within a pre-paid programme, such as person to person transfers; or
- loading additional funds or value from a non-depository source, such as a retail reload location.
FinCEN explains that the healthcare-related exemption does not include health savings accounts, because such accounts allow commingling of health and non-health related funds, and do not contain the strict limitations inherent in health reimbursement arrangements. In addition, FinCEN clarifies that funds are deemed to be transmitted internationally if the merchant or automated teller machine (ATM) is located outside of the United States, irrespective of whether transactions are conducted in person (eg, internet transactions).
Under current regulations, issuers and sellers or redeemers of stored value are required to file currency transaction reports and to establish written anti-money laundering programmes (if they transact amounts greater than $1,000 per person per day), but are not required to register as money services businesses, file suspicious activity reports or perform customer identification. The final rule revises the Bank Secrecy Act's regulatory regime to impose the following requirements on providers and sellers of pre-paid access:
- Money services business registration - providers of pre-paid access are required to register with FinCEN as money services businesses and identify in the registration each pre-paid programme for which they are the provider of pre-paid access. Sellers of pre-paid access are treated as agents of the providers and are not themselves required to register. Compliance with the requirement that a complete list of pre-paid programmes be submitted with the registration will necessitate a change to FinCEN Form 107. Accordingly, compliance with the registration requirement is not needed until January 29 2012.
- Suspicious activity reports - providers and sellers of pre-paid access are subject to report requirements.
- Customer identification and record keeping - providers and sellers of pre-paid access must, as part of their anti-money laundering programme, establish procedures to verify the identity of a person obtaining pre-paid access under a pre-paid programme and obtain identifying information, including name, date of birth, address and identification number. Providers of pre-paid access must retain access to identifying information for five years after the last use of the pre-paid access device or vehicle. Sellers of pre-paid access must retain identifying information for five years from the date of sale of the pre-paid access device or vehicle. If both the provider and seller of pre-paid access are required to collect identifying information, they may agree on which entity will collect the information.
- Transactional reporting - providers of pre-paid access are required to maintain access for five years to transactional records generated in the ordinary course of business that would be needed to reconstruct pre-paid access activation, loads, reloads, purchases, withdrawals, transfers and other pre-paid-related transactions. These records would routinely reflect:
- the type of transaction (eg, ATM withdrawals or point-of-sale purchase);
- the amount and location of transaction;
- the date and time of transaction; and
- any other unique identifiers related to the transaction.
The records need not be kept in any particular format, but must be easily accessible and retrievable upon the appropriate request of FinCEN, law enforcement or judicial order.
For further information on this topic please contact David Teitelbaum, Joel Feinberg or Ming-Hsuan Elders at Sidley Austin LLP by telephone (+1 202 736 8600), fax (+1 202 736 8711) or email ([email protected], [email protected] or [email protected]).