On July 29, 2011, the Financial Crimes Enforcement Network (“FinCEN”) published a final rule to amend the Bank Secrecy Act (“BSA”) regulations applicable to Money Services Businesses (“MSB”) with respect to stored value or “prepaid access” (“Final Rule” or “Rule”).1 The Rule’s effective date is September 27, 2011. The compliance deadline for 31 C.F.R. § 1022.380 (registration of money services businesses) is January 29, 2012.

COVERAGE OF “PREPAID PROGRAMS”

Section 1010.100(ff)(4)(iii) defines a “prepaid program” as an “arrangement under which one or more persons acting together provide(s) prepaid access.” Under the Rule, “prepaid access” is defined as “access to funds or the value of funds that have been paid in advance and can be retrieved or transferred at some point in the future through an electronic device or vehicle, such as a card, code, electronic serial number, mobile identification number, or personal identification number.” Exempted, however, from the definition of prepaid program are prepaid arrangements in which:  

  • The prepaid arrangement provides closed-loop prepaid access2 to funds not to exceed $2,000 maximum value that can be associated with the prepaid access device or vehicle on any day (this exemption is valid even if the prepaid access permits international use, person-to-person transfers within the prepaid arrangement or loading from non-depository sources);
  • The prepaid arrangement provides prepaid access solely to funds provided by a federal, state, local, territory and insular possession, or tribal government agency (this exemption also is valid even if the prepaid access permits international use, person-to-person transfers within the prepaid arrangement or loading from non-depository sources);
  • The prepaid arrangement provides prepaid access solely to funds from pre-tax flexible spending arrangements for health care and dependent care expenses, or from Health Reimbursement Arrangements for health care expenses (again, this exemption is valid even if the prepaid access permits international use, person-to-person transfers within the prepaid arrangement or loading from non-depository sources;
  • The prepaid arrangement provides prepaid access solely to employment benefits, incentives, wages or salaries and does not permit: (i) funds or value to be transmitted internationally; (ii) transfers between or among users of prepaid access within the prepaid program; or (iii) loading additional funds or the value of funds from non-depository sources;3 or
  • The prepaid arrangement provides prepaid access to funds not to exceed $1,000 maximum value and from which no more than $1,000 maximum value can be initially or subsequently loaded, used, or withdrawn on any day through a device or vehicle, and that does not permit (i) funds or value to be transmitted internationally; (ii) transfers between or among users of prepaid access within the prepaid program; or (iii) loading additional funds or the value of funds from non-depository sources.  

“PROVIDERS” AND “SELLERS” OF PREPAID ACCESS

Provider of Prepaid Access

Designation of a Provider of Prepaid Access

Section 1010.100(ff)(4)(i) defines a “provider of prepaid access” as “the participant within a prepaid program that agrees to serve as the principal conduit for access to information from its fellow program participants.”4 Specifically, the Rule provides that the participants in each prepaid program must determine a single participant within the prepaid program to serve as the provider of prepaid access. In order to determine the single participant within the prepaid program that will serve as the provider of prepaid access, each of the participants within a prepaid program must contractually agree who among the group will be designated the provider of prepaid access. Under this approach, the designated provider of prepaid access is responsible for managing the prepaid program in a way that complies with regulatory requirements.

If, however, the participants in a prepaid program fail to designate a provider of prepaid access, FinCEN will determine the identity of the provider of prepaid access through the application of five criteria points. Specifically, these five criteria points are designed to pinpoint the entity with the oversight and control necessary to be deemed a provider of prepaid access. While FinCEN recognizes that each of the five criteria points may not be present in any single participant, the supplementary information to the Final Rule provides that these criteria “may be helpful to weigh and assess the totality of the factors against the characteristics of the various program participants in reaching a regulatory determination.” The Final Rule identifies the following criteria for indicating principal oversight and control of the prepaid program in the absence of a contractually appointed provider of prepaid access:  

  • What entity organized the prepaid program;
  • What entity sets the terms and conditions of the prepaid program and determines that the terms have not been exceeded;
  • What entity determines the other businesses that will participate in the prepaid program, which may include the issuing bank, the payment processor or the distributor;
  • What entity controls or directs the appropriate party to initiate, freeze or terminate prepaid access; and
  • What entity engages in activity that demonstrates oversight and control of the prepaid program.

Obligations of a Provider of Prepaid Access as an MSB

Registration as an MSBNon-bank providers of prepaid access are required to register as an MSB with FinCEN5 and are subject to BSA regulations, including the maintenance of an anti-money laundering (“AML”) program, the filing of suspicious activity reports, and the recordkeeping and customer identification requirements described below. On the other hand, if a bank issuer is designated the provider of prepaid access, then neither the bank nor any other participants in that particular prepaid program will be required to register with FinCEN.6 This exemption for banks does not, however, exempt bank-issued prepaid access or the other participants (e.g., sellers of prepaid access) in that particular prepaid program from their obligations specified in the Final Rule. For example, in a prepaid program in which a bank issues the prepaid access and a retailer sells the prepaid access, the retailer would still be deemed a seller of prepaid access and would be subject to the obligations of a seller of prepaid access.

AML Program—A provider of prepaid access must: (i) establish procedures to verify the identity of a person who obtains prepaid access under a prepaid program and obtain identifying information concerning that person, including name, date of birth, address and identification number; and (ii) retain access to such identifying information for five years after the last use of the prepaid access device.7  

Suspicious Activity Reporting—A provider of prepaid access must file with the Treasury Department a report, to the extent and in the manner required under Section 1022.320, of any suspicious transactions relevant to a possible violation of law or regulation.8

Recordkeeping—A provider of prepaid access must maintain access to transaction records for a period of five years that are generated in the ordinary course of business and that would be needed to reconstruct prepaid access activation, loads, reloads, purchases, withdrawals, transfers, or other prepaid-related transactions.9

Seller of Prepaid Access

Under Section 1010.100(ff)(4)(7), a “seller of prepaid access” is defined as any person that receives funds or the value of funds in exchange for an initial loading or subsequent loading of prepaid access if that person triggers coverage under (i) or (ii) below because it either:  

  1. Sells prepaid access offered under a prepaid program that can be used before verification of customer identification under Section 1022.210(d)(1)(iv).
    • For example, if a business sells closed-loop prepaid access to funds that exceed $2,000 on an individual access device or vehicle, then such business would be a “seller of prepaid access.” Similarly, if a business were to sell prepaid access to funds from which more than $1,000 can be initially or subsequently loaded, used or withdrawn, then such business would be a “seller of prepaid access.
    • Also, if a business sells immediately usable prepaid access that is open loop, it should not be regulated as a “seller of prepaid access” if at the time of the sale, and before the collection of customer identification material, the prepaid access does not permit: (i) access to funds in excess of $1,000; (ii) international use or person-to-person transfers; or (iii) additional loading of the cards at non-depository sources.
  2. Sells prepaid access (including closed-loop prepaid access) to funds that exceed $10,000 to any person during any one day and has not implemented policies and procedures reasonably adapted to prevent such a sale.
    • Coverage as a seller of prepaid access based on selling access to funds that exceed $10,000 to any person during any day can be triggered by the sale of any “prepaid access” regardless of whether such prepaid access is part of a covered “prepaid program.” For example, even if a business sells closed-loop cards in which the prepaid access is not to exceed $2,000 and, therefore, is not considered part of a covered “prepaid program,” the business still would need to have in place “policies and procedures reasonably adapted to prevent” a sale of prepaid access exceeding $10,000.

Obligations of a Seller of Prepaid Access as an MSB

AML Program—A seller of prepaid access must: (i) establish procedures to verify the identity of a person who obtains prepaid access under a prepaid program and obtain identifying information concerning such a person, including name, date of birth, address and identification number; and (ii) retain such identifying information for five years from the date of the sale of the prepaid access device or vehicle.10

Suspicious Activity Reporting—A seller of prepaid access must file with the Treasury Department a report, to the extent and in the manner required under Section 1022.320, of any suspicious transactions relevant to a possible violation of law or regulation.11