Federal Agencies Issue Guidance on Prepaid CIP
Federal financial institution regulatory agencies on March 21 issued guidance clarifying the applicability of the Customer Identification Program (CIP) rule to prepaid cards issued by banks. The guidance notes that banks would only need to collect CIP information on employers for payroll and health care benefit card programs, unless funds can be loaded by means other than employer distributions, including credit.
The guidance applies to banks, savings associations, credit unions, and U.S. branches and agencies of foreign banks. The guidance clarifies that a bank’s CIP should apply to the holders of certain prepaid cards issued by the institution as well as holders of such prepaid cards purchased under arrangements with third-party program managers that sell, distribute, promote or market the prepaid cards on the bank’s behalf.
According to the guidance, the CIP rule, set forth in Section 326 of the USA PATRIOT Act, requires a bank to obtain information sufficient to form a reasonable belief regarding the identity of each “customer,” including, at a minimum, obtaining the customer’s name, date of birth, address, and tax identification number and to establish risk-based procedures to verify the identity of new customers. To determine if CIP requirements apply to purchasers of prepaid cards, the guidance provides that an issuing bank should first determine whether the issuance of a prepaid card results in the creation of an “account;” and if so, the bank should then ascertain the identity of the holder of that card. The guidance notes that an “account” is created when a customer exercises the ability to reload funds onto the prepaid card or accesses the prepaid card’s credit or overdraft features. Accordingly, the guidance states that general purpose prepaid cards should be treated as an “account” if the product provides the issuing bank’s customer with the ability to 1) reload funds or 2) access credit or overdraft features.
What’s more, the guidance includes specific provisions relating to payroll cards that may be a change from standard practice. Specifically, the guidance notes that if an employer, or its agent, is the only person that can deposit funds to a payroll card account, then the employer would be considered the bank’s customer for purposes of the CIP rule. In this instance, an issuing bank would not need to apply CIP to each employee, even if there were subaccounts attributable to each employee. By contrast, if an employee is allowed to access credit through the payroll card or to reload it from sources other than the employer, the employee is the bank’s “customer” and the bank should apply CIP accordingly.
Finally, the Guidance reiterates the fact that a bank is responsible for entering into well-constructed, enforceable contracts with third-party program managers and also makes it clear that the bank ultimately is responsible for compliance with the requirements of the bank’s CIP rule as performed by that agent or other contracted third party.
Agencies issuing the guidance include the Federal Deposit Insurance Corporation, Federal Reserve Board, National Credit Union Administration, Office of the Comptroller of the Currency, and Financial Crimes Enforcement Network.