Tuesday, March 22, 2016

Prepaid cards are covered by customer information programs

By Richard A. Roth, J.D.

Banks issuing general purpose prepaid cards that have the features of bank accounts must apply their customer information programs to their customers, according to interagency guidance issued by the banking regulatory agencies and the Financial Crimes Enforcement Network. This requirement applies to cards sold or marketed by third parties, even if the third party operates the card program, the guidance makes explicit. According to the agencies, CIP rules must be applied due to the vulnerability of prepaid cards for money laundering and other financial crimes (FIL-21-2016, SR 16-7, OCC 2016-10).

The key to determining whether a bank’s CIP applies to a prepaid card is determining whether an account has been created at the bank. Under the guidance, there are two criteria. An account has been created if:
  1. the card can be reloaded, either by the cardholder or by a third party; or
  2. the card offers access to credit or overdraft protection.
Who’s the customer? A bank’s CIP requires the bank to acquire and verify information about the identity of the customer, the guidance says. However, the cardholder and the customer are not necessarily the same. Who is the customer—the person about whom information is required—depends on whether the cardholder can reload the card or has access to credit.

The guidance outlines the requirements for several different, common prepaid cards. According to the agencies:

General purpose prepaid cards—If the cardholder can reload the card or gain access to credit features, the cardholder is the customer. A third-party program manager is the bank’s agent, not its customer.

Payroll cards—If only the employer can add value to the card, the employer is the customer and the bank’s CIP should be applied to the employer. It is not necessary to apply the CIP to each employee unless an employee can add value to the card or gain access to credit, even if the bank maintains a subaccount for each individual employee.

Government benefit cards—If only government benefits can be added to the card and there is no access to credit, the cardholder is not the bank’s customer. Moreover, since government agencies are not considered to be customers under the CIP rule, the bank has no CIP duties.

Health benefit cards—How a bank’s CIP should be applied to health benefit cards, which are used by employers to cover medical care costs of employees or their dependents, depends on whether the card applies to a Health Savings Account, Flexible Spending Arrangement, or Health Reimbursement Arrangement. An HSA account is established by the employee and both the employee and employer can add value, so the employee is the bank’s customer. On the other hand, in the case of an FSA or HRA card, the employer establishes the account, loads value, and makes payments, so the employer is the bank’s customer for purposes of the CIP.

For more information about customer information program requirements, subscribe to the Banking and Finance Law Daily.