The criteria for how businesses determine whether their programs comply with, or are exempted from, the Financial Crimes Enforcement Network's (FinCEN) Final Rule as it pertains to the prepaid card industry, involve daily load limits on cards, identity verification at the POS, transaction monitoring and record keeping of suspicious transaction activity.
Chuck Rouse, Chairman at Card Compliant, segmented businesses' compliance responsibilities into seven categories, called the "Big Seven." They are:
2. Institute identity collection and verification practices.
3. Allow for Office of Foreign Assets Control list checks.
4. Submit currency transaction reports (CTRs) when appropriate.
5. Look for suspicious transaction activity and file suspicious activity reports (SARs) when necessary.
6. Document and retain certain data.
7. Register as a money services business (MSB) with FinCEN (or designate an entity associated with the business as the MSB).
But Rouse said that before businesses go "all in" on the Big Seven, they must first determine if programs are exempted from the regulations. FinCEN exempts closed-loop and open-loop domestic gift, promotional, payroll and government benefits cards. FinCEN does not exempt general purpose reloadable and travel cards. However, cross-over cards – high-dollar gift cards, "temporary/feeder" cards, closed- to open-loop cards, and domestic to international cards – can begin as exempt and end up not exempt.
Added to the above categories, card programs must satisfy two main, related requirements to qualify for exemption status. The first requirement is that cards cannot be loaded with more than $2,000 per day. And the second limit is that individuals cannot load more than $10,000 in total on cards per day. If these limits are not enforced on exempted card programs, FinCEN will fine businesses $5,000 per day every day they are noncompliant, otherwise the businesses are required to comply with the Big Seven, Rouse said.
Businesses that must comply with the Big Seven are obligated to file CTRs based on the above load limits. Transactions that go over the $2,000 and $10,000 caps must be reported via CTRs. Additionally, SARs are to be triggered when the caps are surpassed.
Rouse said businesses have to pay special attention to how they implement the $2,000 and $10,000 rules. For example, the regulators do not subtract card usage from daily load amounts. A card loaded with $2,000 in the morning, is used to spend $1,000 in the afternoon, then is loaded with $1,000 more later that day does not equal $2,000 in total load for that day. "The rule says that's $3,000 and you're over," Rouse said. "So you have to be careful."
The $10,000 rule can also be complicated. If a retailer sells cards from multiple programs, does the rule apply to the amount loaded separately on each, program-specific card or to the amount loaded across multiple cards? Rouse said FinCEN would aggregate $6,000 loaded on one branded card and $5,000 loaded on a differently branded card on the same day to equal $11,000, thereby breaking the $10,000 rule. "I don't agree that that should be," Rouse added.
Other scenarios can crop up. Business-to-business (B2B) card sales are exempt from the regulations, Rouse said. He asked how do programs distinguish between a person entering a store to buy $10,000 in gift cards for a particular business versus a person who purchases $10,000 in a standard business-to-consumer (B2C) transaction.
Work must be done to identify "whether it is B2B or B2C when they show up to buy the cards," Rouse said. "And what small amount of documentation should I keep and not keep so I can show all the sales I am doing over $10,000 in the aggregate were B2B sales and therefore exempt."
Implementing the data collection and identity verification requirements are also tricky. If program managers and retailers institute know your customer and customer identification protocols (known as KYC/CIP respectively) at the POS in a cumbersome fashion, customers will be driven away. Too many false positives – transactions declined for erroneous reasons, like mistakes when Social Security numbers are recorded – will cause consumer dissatisfaction, Rouse said.
Additionally, consumers can react negatively to having to supply personal information at the POS, especially Social Security numbers, according to Rouse. Card Compliant has identified "seven or eight" areas where false positives and false negatives can occur, he added. "It is a big problem everyone needs to deal with," he said.
Compounding the problem are potential discrepancies between state and federal statutes. In California, Social Security numbers cannot be collected. This raises the question of whether California will "have to give way to federal statute?" Rouse pointed out. The caveat is that FinCEN does not specify that Social Security numbers be collected, rather "identification numbers," Rouse noted, which suggests there is an alternative number that can be substituted for the Social Security number.
Another unknown is when FinCEN will make the MSB registration forms available. The forms were supposed to be ready in December 2011, Rouse said. But the date was pushed back to January 2012, which passed with the forms still unavailable. "We have been told they will be out soon and before [the deadline of] March 31 for registration for MSBs," he said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next