On June 21, 2010, the Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking (Proposed Rule) that would significantly expand the anti-money laundering (AML) obligations of certain parties engaged in the provision of prepaid products and services. The Proposed Rule, "Amendment to the Bank Secrecy Act Regulations—Definitions and Other Regulations Relating to Prepaid Access," would amend current Bank Secrecy Act (BSA) regulations for money services businesses (MSBs) providing and selling stored value, now renamed "prepaid access." Specifically, the Proposed Rule would require providers and sellers of prepaid access, as those terms are defined, to verify the identities of persons obtaining prepaid access under a prepaid program, retain certain transactional records, and file Suspicious Activity Reports (SARs). Providers of prepaid access would also be required to register with FinCEN.

When FinCEN crafted the initial MSB rules in 1997, the prepaid industry existed only in an early development stage, and FinCEN did not want to stifle innovation. As a result, the BSA rules exempt issuers, sellers, and redeemers of stored value from registering as MSBs with FinCEN and filing SARs, although other requirements apply. Now that this industry is more mature, FinCEN has determined that it is increasingly vulnerable to illicit activity, in part because prepaid access is easily transportable and, in some cases, can be loaded from a number of different locations. The Proposed Rule seeks to apply BSA regulatory treatment to non-bank providers and sellers of prepaid access that is more in line with the BSA requirements applicable to other financial institutions.

Importantly, the Proposed Rule would not apply to prepaid access providers or sellers that are banks or persons registered with, or regulated or examined by, the SEC or CFTC, nor would it apply to persons that supply prepaid access, but not as part of a "prepaid program" (as defined below).

Providers and Sellers of Prepaid Access

FinCEN has redefined several key MSB concepts in the Proposed Rule. First, FinCEN has concluded that "stored value" is not an appropriate term for these payment products because the value is not generally stored on a card or chip, but rather is stored in an account or balance that is accessed electronically through the card or alternative device. The Proposed Rule would substitute the term "prepaid access" for "stored value," defining "prepaid access" as an:

electronic device or vehicle ... that provides a portal to funds or the value of funds that have been paid in advance and can be retrievable and transferable at some point in the future.

Second, FinCEN considers that "issuers" and "redeemers" are no longer useful as focal points for BSA regulatory efforts. Rather, the Proposed Rule focuses on "providers" and "sellers" of prepaid access and makes them distinct MSB categories.

The Proposed Rule defines a "provider of prepaid access" as the person with "principal oversight and control over one or more prepaid programs." FinCEN views the "provider of prepaid access" as the entity in the best position to handle AML compliance, by virtue of their control and superior information, and thus the party that should bear the bulk of the AML burden. Whether a person exercises principal oversight and control is to be determined based on the facts and circumstances, including whether the person organizes or sets the terms and conditions of the prepaid program, selects the other businesses participating in the transaction chain, or controls or directs a party to initiate, freeze, or terminate prepaid access. FinCEN cautions that identifying the provider should not be an arbitrary decision by the program participant, and states that, "ultimately, there is a party who must be in the dominant position to harmonize the duties and responsibilities of the other participants." In all cases, there must be a provider of prepaid access for each prepaid program.

The Proposed Rule would also apply to "sellers of prepaid access," which are defined as those persons that:

receive funds ... in exchange for providing prepaid access as part of a prepaid program directly to the person that provided the funds, or to a third party as directed by that person.

According to FinCEN, sellers are second in importance only to "providers" of prepaid access because they alone have face-to-face dealings with the purchaser, making them privy to information unavailable elsewhere in the transaction chain. Where the roles of "provider" and "seller" overlap in the same prepaid program, the party affected must adhere to the more expansive regulatory obligations applicable to "providers" under the Proposed Rule.

The Proposed Rule defines both "providers" and "sellers" of prepaid access in reference to a "prepaid program." In a significant departure from current regulations, "prepaid programs" may include certain open- as well as closed-loop programs. A "prepaid program" is any arrangement under which a person provides a form of prepaid access, unless:

(A) the prepaid access is limited to one of the following:

• Payment of benefits, incentives, wages, or salaries (e.g., payroll cards);
  
  
• Payment of government benefits such as unemployment, child support, and disaster assistance;
  
  
• Disbursements from pre-tax flexible spending accounts for health care and dependent care expenses;
  
  
• A program that provides prepaid access to funds not to exceed $1,000 maximum value that can be initially loaded on the device, associated with the device at any given time, or that can be withdrawn from the prepaid access device on a single day;
  
  
• A program that only provides "closed-loop prepaid access," defined as access to funds that can be used only in transactions involving a defined merchant, location, or set of locations, such as a specific retailer or chain, a college campus, or a subway system; and

(B) it does not permit funds or value to be transmitted internationally (e.g., by using the prepaid access product internationally); person-to-person or other transfers between users of a prepaid program; or (unless it qualifies as closed-loop prepaid access) the ability to load value from other non-depository sources onto the prepaid access.

The Proposed Rule thus appears to codify what we understand is generally FinCEN's position in broadly interpreting "closed-loop" to include "semi-closed loop" systems such as campus card programs (which may contrast with treatment under State money transmitter laws). At the same time, however, the introduction of exceptions such as international acceptance and person-to-person transfers to the "closed-loop" definition would seem to represent a narrowing in the scope of this term as it is used for purposes of determining whether there is a "prepaid program."

New Requirements Under the Proposed Rule

Under the Proposed Rule, providers and sellers of prepaid access under a prepaid program would be subject to a number of new BSA requirements. They would no longer be exempt from the requirement mandating that MSBs file SARs. The SAR rule requires that MSBs report transactions of at least $2,000 attempted or conducted by, at, or through the MSB if the MSB knows, suspects, or has reason to suspect that the transaction involves illegally-derived funds or is intended to conceal illegally-derived funds as part of a plan to evade federal law; is designed to evade BSA reporting requirements; serves no business or apparent lawful purpose; or involves the MSB to facilitate criminal activity. Other suspicious activity could be voluntarily reported by the MSB. Providers and sellers of prepaid access, like other MSBs, would also be subject to the Currency Transaction Reporting requirements for cash and currency transactions of more than $10,000.

The Proposed Rule also would require providers and sellers of prepaid access under a prepaid program to implement AML programs, to the extent they are not already doing so under current BSA rules. These AML programs would need to include procedures to verify the identity of a customer of a prepaid program and retain for five years the customer's identifying information, including name, date of birth, address, and identification number. FinCEN notes that many providers and sellers currently maintain AML programs under which they collect and retain customer identification information as part of their contractual obligations with bank partners.

Providers of prepaid access have additional requirements. Under the Proposed Rule, they would be required to maintain for five years transaction records generated in the ordinary course of business by the payment processor or other entity facilitating transaction processing. FinCEN anticipates that these records would reflect the type, amount, location, and time of the transaction, along with other unique identifiers. Providers would also be required to register with FinCEN and to identify each prepaid program for which they provide prepaid access. Sellers of prepaid access would not have to register with FinCEN because they act as agents on behalf of providers of prepaid access, and generally agents of MSBs do not have to register with FinCEN.

Public Comments Solicited

FinCEN is seeking public comment on several aspects of the Proposed Rule, including whether the proposed terms "prepaid access" and "provider of prepaid access" offer the most meaningful description of stored value products; the exclusions from the definition of "prepaid access program"; the rationale for more limited regulation of closed-loop prepaid access; and the burden of retaining a mandatory set of customer identification records. Written comments must be submitted within 30 days of the Proposed Rule's publication in the Federal Register. FinCEN intends to address international transport of prepaid access further in a future rulemaking proposal.