FINCEN’s Prepaid Access Rule and Compliance – Policies and Procedures

In the fall of 2011, the U.S. Treasury Department's Financial Crimes Unit (FINCEN) passed a rule that affects gift cards issued by retailers. The Prepaid Access Rule requires providers and sellers of "prepaid access" such as stored value cards, gift cards, and other prepaid products to develop and implement an anti-money laundering program ("AML"), file suspicious activity reports ("SARs"), comply with recordkeeping and data collection requirements, and respond to law enforcement requests.

Closed-loop prepaid access products, including phone cards, content cards and third party merchant cards are EXEMPT from the Prepaid Access Rule if the maximum daily load or reload is under $2,000 per product.

However, even if a retailer's closed-loop gift card is exempt, the Rule prohibits the retailers from selling gift cards in an amount exceeding $10,000 to any one person in any one day, unless the retailer has implemented reasonable policies and procedures to prevent such sales (including reloading) of $10,000 by a single person in a single day. If a retailer fails to develop these reasonable policies and procedures, the retailer will have to (1) implement an AML, (2) file SARs, and (3) collect consumer identifying information whenever the retailer sells a gift card.

Compliance

To comply with the Prepaid Access Rule, retailers should (1) limit the face amount of any single gift card to $2,000 and (2) create a Prepaid Access Policy ("Policy") that incorporates reasonable policies and procedures to prevent the sale of $10,000.00 of prepaid access to any one person in any one day.

We have several suggestions to bar a sale of $10,000 of prepaid access to any one person in any one day which we recommend implementing into a Policy, as follows:

  1. Evaluate, analyze, and document via an internal memo or manager's report, the current line of business, customer base, and prepaid access sales volume to determine the risk of money laundering. This step requires you to analyze your business and determine if your merchandise is the type of merchandise that has a high risk. For example, if you sell merchandise such as firearms and ammunition, you are high risk and probably need to have a more robust policy than a retailer who sells clothing for teenagers. On the other hand, if there is a secondary market for your product, where a purchaser can easily convert your product into cash, you have a high risk profile and must adopt more stringent requirements;
  2. Appoint a compliance officer to implement and oversee Policy;
  3. Create a maximum transaction limit for any payment tender form in an amount under $10,000 (for example, $7,000);
  4. Create and implement procedures that prevent "lane hopping," when one customer performs multiple transactions at different checkout points;
  5. Establish and implement transaction thresholds (in lieu of the maximum transaction limit) that would trigger the obligation to collect customer identification without restricting the amount of prepaid cards that a single consumer could purchase. For example, implement a policy that collects the name and address of a gift card purchaser who purchases gift cards in excess of $7,000 in a single day;
  6. Update training requirements for employees to cover new policies such as a transaction limit;
  7. Obtain Board approval or officer consent to the new Policy; and
  8. Implement changes and conduct independent audits on a periodic basis to determine effectiveness.

Creating a Policy based on these suggestions will comply with the Prepaid Access Rule. FINCEN does not require one specific policy, but the policy adopted must be reasonable. Therefore, the first step in the evaluation is to determine the risk money laundering poses to your gift card program. A thorough understanding of that risk is key in developing a reasonable Policy. Please contact us if you need help in drafting a policy.