Interagency Guidance to Issuing Banks on Applying CIP Requirements to Prepaid Cards
The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency and U.S. Department of the Treasury’s Financial Crimes Enforcement Network (collectively, the “agencies”) published Interagency Guidance to Issuing Banks on Applying Customer Identification Program Requirements to Holders of Prepaid Cards. The guidance clarifies prepaid card customer identification program (CIP) requirements, including those cards sold and distributed by third-party program managers but issued by the bank and for which the bank processes transactions, as well as cards that are used to provide employee wages and health care and government benefits. The guidance refers specifically to prepaid cards, but the agencies explain that it also applies to other prepaid access products that meet the guidance’s criteria, including products offered through mobile phones. According to the guidance, a bank should apply its CIP to the holders of certain prepaid cards issued by the bank by, first, determining whether an account is created and, second, identifying the customer.
Is It an Account?
For CIP purposes, an account is created if a prepaid card provides the cardholder with the ability to reload funds or to access credit or overdraft features. The agencies believe that a prepaid card that may be reloaded bears the characteristics of a typical deposit, transaction or asset account and gives rise to a formal banking relationship. Similarly, a prepaid card that permits withdrawals in excess of the card balance or provides the cardholder with access to an overdraft line or an established line of credit similar to a lender/borrower or credit card relationship constitutes a formal banking relationship.
Who Is the Customer?
Depending on the nature of the prepaid card program, the customer could be either the cardholder or the third-party program manager. Generally, when an account has been created, the cardholder should be treated as the bank’s customer for purposes of CIP requirements, even if the cardholder is not the named accountholder because the cardholder received the card from a third party that uses a pooled bank account to fund the cards. The agencies explain that in this case, a third-party program manager is treated as an agent of the issuing bank, rather than as the bank’s customer. For prepaid products that do not meet the criteria described in the guidance as establishing an account, the agencies note that the program manager that is the named accountholder on the pooled account should be considered the bank’s only customer for the purposes of the CIP policies and procedures.
The guidance includes some additional considerations for cards sold and distributed by third-party program managers for payroll and health and government benefit purposes:
- Payroll cards. If the employer (or the employer’s agent) is the only person that may deposit funds into the payroll card account, the employer should be considered the bank’s customer for CIP purposes, and the bank need not apply its CIP to each employee. Alternatively, if the employee is permitted to access credit through the payroll card or reload the payroll card account from sources other than the employer, the employee should be the customer and the bank should apply its CIP to the employee.
- Government benefits cards. If the government benefits card program permits only government funds to be loaded onto the card and does not provide access to credit, no customer relationship is established between the bank and the cardholder for CIP purposes. Further, the bank that issues a government benefits card does not have to apply its CIP to the government agency establishing the benefits card account. If, however, the card allows non-government funds to be loaded onto the card or provides access to credit, then a customer relationship is established and the bank should apply its CIP to the cardholder.
- Health benefits cards. These cards are used to access funds in a health savings account (HSA) or accounts established as part of a flexible spending arrangement (FSA) or health reimbursement arrangement (HRA). Although the employer may contribute to an HSA, the employee establishes the account and is therefore the issuing bank’s customer for CIP purposes. FSAs and HRAs are established by the employer and funded by either voluntary withholdings from the employee’s salary or through direct employer contributions. Because no one other than the employer (or employer’s agent) establishes, makes deposits into and distributes funds from the FSA or HRA, the employer should be the issuing bank’s customer for CIP purposes.
Additionally, the guidance reiterates the bank’s responsibility to enter into well-constructed, enforceable contracts with third-party program managers that clearly address each party’s expectations, duties, rights and obligations for CIP requirements.
This advisory is published by Alston & Bird LLP’s Financial Services & Products practice area to provide a summary of significant developments to our clients and friends. It is intended to be informational and does not constitute legal advice regarding any specific situation. This material may also be considered attorney advertising under court rules of certain jurisdictions.