|
 |
The Legal Line
By Ed Maldonado, Esq. |
Dear Legal Line:
I am part of a stored value company that has a variety of prepaid
cards including major credit card “branded” cards, our
own re-loadable PIN-based debit cards, and a few private label prepaid
gift and reward cards for small businesses. I worked with regulatory
compliance for a past employer that was a prepaid calling card company
and was asked to update my company’s compliance program for
stored value. After reviewing everything, I felt very uneasy because
there are so few clear guidelines of compliance. I read the pertinent
parts of newest version of the Patriot Act, the Money Service Business
rules, talked to others in the industry about their programs, and
reached the conclusion that no one really knows what stored value
compliance is and that it really varies from company to company.
Is this correct or is some unturned stone out there that answers
all of this? I would like to know more about stored value compliance
guidelines because it is quite confusing.
SVCLynn
Dear SVCLynn:
I agree with you that there is no central source of guidelines for
Stored Value Card Compliance. Complicating this situation is that
both federal and state regulation may apply depending upon the nature
of your Stored Value services and precisely how they work. You seem
to be focusing on federal issues in your e-mail (the Patriot Act
and Money Service Business regulation) so I will address these for
this discussion. However, be aware that state regulation does exist,
and you should also be mindful of it and the states in which you
sell your Stored Value Cards when either reviewing or updating a
compliance program. This is a matter where obtaining legal counsel
knowledgeable in Stored Value and Money Service Businesses arena
is a must for you and your company in being compliant, and I suggest
you do so.
As for your question, let’s begin with defining your Stored
Value Cards (SVCs) for regulatory purposes. Generally Stored Value
services utilize one of two types of systems: 1.) Open-Loop Systems,
and 2.) Closed-Loop Systems. Regulation tends to follow the type
of system in defining the requirements for registration, reporting,
and disclosures. Examples of some Open-Loop Systems are Credit Card
“Branded” Stored Value Cards with a signature-based
format of SVC using a Credit Card’s proprietary network, as
well as ATM or POS; Non-Credit Card PIN-based SVC using only POS
and ATM networks; and consumer-funded or re-loadable SVC using a
provider’s own SVC processing or network. In all these formats,
consumers have financial interaction with SVC to load and reload
value on the SVC, or dedicate monies from the SVC to be used for
a particular purpose. Ergo: “Open-Loop System”. Much
of the federal regulation that applies to stored value traditional
falls over these types of Open-Loop systems.
Closed-Loop Systems, on the other hand, are much like what they
sound to be. The SVC is loaded with a set value and the consumer
utilizes that value until the amount is fully consumed. Examples
of some Closed-Loop Systems are Prepaid Gift Cards, Prepaid Phone
Cards, and Discount Cards. Because of the fixed value associated
with the SVC, Closed-Loop systems tend to have more implication
of state regulation related to consumers. Particular to Prepaid
Gift Cards and Discount Cards are state issues of escheat laws and
maintenance fees on consumer funds prepaid.
Now from your e-mail it sounds as if your company’s SVCs are
a combination of Open-Loop SVC systems and Closed-Loop SVC systems.
As for federal regulation of Open-Loop SVC systems, Title III of
the Patriot Act is the cornerstone for disclosure and suspicious
transaction reporting and compliance programs. The Act itself incorporates
several prior laws and reinforces the requirements of financial
institutions and those engaging in financial transactions with the
public. Included are the International Money Laundering Abatement
and Anti-Financing Act of 2001, Bank Secrecy Act and Money Laundering
Act of 1986. The thrust of the Patriot Act requires financial institutions
and other parties engaging in financial transactions to compare
its customers with lists of suspected terrorists periodically released
by the Office of Foreign Asset Control and notify OFAC of it a transaction
appears suspicious. The Act requires financial institutions to implement
an adequate self-reporting compliance program involving a myriad
of issues which can include: verifying customer identification,
filing Reports to OFACC, creating and retaining records, responding
to law enforcement requests, maintaining a compliance officer, conducting
ongoing compliance training of employees and having an independent
audit to test and review the compliance program.
While the Act requires reporting and compliance, the substance of
what this involves is found in the International Money Laundering
Abatement and Anti-Financing Act of 2001, the Bank Secrecy Act and
the Money Laundering Act of 1986. Here arises your concern about
Money Service Business requirements. The Bank Secrecy Act is found
at 12 USC § 1951, and requires financial institutions defined
in 31 USC § 5312 (a)(2) and “Money Service Businesses”
defined by the Secrecy Act, to register, disclose agents and report
suspicious activity. Per this statute, an MSB must register with
the Department of Treasury in addition to any applicable state licensure.
Registration renewal is required if more than 10% of the voting
power or equity interests change during the life of the registration
or a 50% increase of a MSB’s registered agents at any given
time. New businesses have a 180-day window to file and registration
remains valid for two years. An MSB must also keep on file on a
designated IRS Computing Center a list of all agents, which is then
shared with the Department of Financial Crime Enforcement of the
Treasury Department. The Bank Secrecy Act also requires that MSBs
file a Suspicious Activity Report-Money Service Businesses (SAR-MSB)
within 30 days of discovery of “any suspicious transaction
relevant to a possible violation of law or regulation.” Such
suspicious activity includes: Currency Transfer Report within 15
days of more than 10K cash-in or cash-out or by the same customer
on the same business day; Cash Purchases of $3,000.00 to $10,000.00
treated and reported as one purchase when it occurred at the same
time or on the same day; money “transfers” of $3,000.00
or more or a transaction or a pattern of transactions which involves
$2,000.00 or more.
Perhaps the biggest stick for SVC providers in ensuring compliance
is the Money Laundering Suppression Act of 1994, wherein states
are authorized and required to promulgate civil and criminal penalties
for MSB who fail to comply with the currency reporting requirements
of the federal Bank Secrecy Act. At present more that 44 states
have enacted laws regarding “sale of payment instruments”
and “money transmission”. So this is a point were state
and federal regulation reinforce one another regarding compliance.
This is why having a solid compliance program in place is so important.
It also brings us back to your question – “what are
my requirements and the right guidelines to compliance”. The
answer is that it really does vary from company to company depending
upon your SVC services, the way it transacts, and the total amounts
that may be available for the consumers “on-demand”
use at any given time. To all of these, I reiterate that seeking
legal counsel is important as to getting it right because there
is no “cookie cutter” compliance package. SVC regulatory
compliance must be tailored to your particular business. I know
it is not the answer you were looking for but I hope this response
helps in understanding the way SVCs are generally handled from a
regulatory perspective.
Good Luck and Success in the Industry.
Do you have questions for Legal Line? Send them to legalline@prepaid-press.com.
 |
|
| |
|
|
