PREPAID ACCESS GARNERS REGULATORY ATTENTION
By: Sean P. Mahoney
Bank regulators are paying more attention to the role of banks in the prepaid card industry as evidenced by their new guidance on the applicability of know your customer requirements and proposed regulations on record-keeping with respect to master deposit accounts for prepaid cards and other products utilizing “pass-through” deposit insurance.
The Interagency Guidance to Issuing Banks on Applying Customer Identification Program Requirements to Holders of Prepaid Cards, issued by regulatory agencies[1] on March 21, 2016, provides a framework to determine whether or not a bank must apply its customer information program to holders of prepaid products for which the bank is the issuer. The guidance states that such an obligation arises with respect to products that allow the purchaser of the prepaid product to add additional value to, or “reload,” the product, or when the product allows for extensions of credit when the stored value balance is overdrawn. This is good news. The guidance provides needed clarity. But it will likely not have much of an impact as bank issuers of covered products typically require an activation process during which the bank applies its customer identification program. Further, the regulatory agencies have long held banks responsible for compliance with anti-money laundering laws in connection with stored value products issued by a bank.
The proposed regulations on pass-through deposit insurance[2], if and when adopted, will likely have a much greater impact. Pass-through deposit insurance extends FDIC deposit insurance coverage on a master account held by a product sponsor to the beneficial owners, or purchasers of the product.[3] Thus, for example, prepaid cards can be insured by FDIC deposit insurance up to applicable limits, creating a viable alternative to traditional bank accounts.[4] But to enjoy the benefits of pass-through deposit insurance coverage, the identity and related information about the users of the product must be ascertainable either from the deposit account records of the bank or from records maintained, in good faith and in the regular course of business, by the depositor or by some person or entity that has undertaken to maintain such records for the depositor.[5]
The proposed regulations would amplify the record-keeping aspects for pass-through deposit insurance for banks that have more than two million deposit accounts (a “covered bank”) by requiring the covered bank holding the deposit to be able to identify the beneficial owners of the deposit (e.g., holders of prepaid access cards or devices), through discrete data points, within twenty-four hours.[6] This would require covered banks to not only implement enhancements to their own information technology platforms, but to also require third parties that process transactions or hold records identifying beneficial owners to do the same. These record keeping systems would be subjected to annual testing. Covered banks would be allowed two years after enactment of final regulations to come into compliance, unless the covered bank has poor examination ratings or low capital levels, in which case implementation could be accelerated.
While neither development appears monumental as a legal matter — although the information technology aspects associated with record-keeping for pass-through deposit insurance will be significant — they do indicate that regulators are paying attention to the role of prepaid access in our financial system. The legal underpinnings of prepaid access could, in turn, be applied to future products and services that are functional equivalents. One can only expect the level of regulation in this area to increase.
Notes:
[1] The agencies were the Federal Deposit Insurance Corporation (“FDIC”), Board of Governors of the Federal Reserve System, National Credit Union Administration, Office of the Comptroller of the Currency, and Financial Crimes Enforcement Network (FInCEN).
[2] 81 Fed. Reg. 10026 (February 26, 2016).
[3] 12 Code Fed. Regs. § 330.7(a).
[4] FDIC General Counsel’s Opinion No. 8, 74 Fed. Reg. 67155 (November 13, 2008).
[5] 12 Code Fed. Regs. § 330.5(b)(2).
[6] 81 Fed. Reg. 10050-51.