The Bank Secrecy Act (“BSA”), also known as the Currency and Foreign Transactions Reporting Act, was enacted in 1970 to prevent money laundering. The BSA has been supplemented over the years and now covers a wide range of activities that may result in the occurrence, or enable the occurrence, of money laundering activities, terrorist financing and tax evasion. In 2011, final rules were adopted to apply the provisions of the BSA to the sale, issuance, redemption, or international transport of stored value, including stored value cards and gift cards (the “Final Rule”). These arrangements are generally referred to as “prepaid access”. Providers and sellers of prepaid access should evaluate their policies to determine the application of the Final Rules.
Three types of prepaid access arrangements; however, are exempt, those that: (1) provide closed loop prepaid access to funds not to exceed $2,000 maximum value on any single day; (2) provide prepaid access solely to funds provided by a government agency; or (3) provide prepaid access solely to funds from certain pre-tax flexible spending arrangements for health care or dependent care expenses or from Health Reimbursement Arrangements for health care expenses. The Final Rule also proves an exclusion for open-loop prepaid access that does not exceed $1,000 maximum value on any day, but only if the prepaid access cannot (1) be used internationally, (2) allow transfers of value from person to person within the arrangement (including, transfers through resellers), or (3) be reloaded from a non-depository source. Re-loads made through retail store transactions (e.g. check or credit card) wire transfers originating at a money service business (“MSB”) or checks payable to a payee other than the provider of prepaid access all constitute reloads by a non-depository source.
As may be apparent from the above exclusions, the application of the BSA is highly dependent on whether the virtual items at issue are part of a “closed-loop” system or an “open-loop” system. Closed-loop systems have no connection to the real economy; these virtual items can only be used within the virtual architecture and have no outside surrender value. Closed-loop systems are generally very low risk in terms of money laundering schemes and are, with certain exceptions, generally not regulated. Gift cards and stored value that can only be utilized within a single retail environment for merchandise or service would generally be considered part of a “closed-loop” system. Conversely open-loop systems connect two end-parties who typically would not have a direct relationship. Gift cards or stored value that are convertible to currency or may be transferred to another party are open-loop and are therefore subject to the BSA requirements.
Assuming none of the exceptions above apply, different rules apply depending on whether the participant in the program is defined as a provider or seller of prepaid access.
A “provider of prepaid access” is defined as “the participant within a prepaid program that agrees to serve as the principal conduit for access to information from its fellow program participants”. The Final Rule requires the participants in each prepaid program to contractually agree which participant will serve as the “provider”. This designated “provider” is required to register as an MSB and comply with recordkeeping requirement related to customer identifying information and transactions, implement an effective anti-money laundering program (“AML”), file suspicious activity reports (“SAR”) and maintain records of transactions for five years. Absent an agreement by the participants, FinCEN has the authority to determine the identity of the provider of the prepaid access. FinCEN utilizes five criteria points in making this determination which are designed to identify the participant that exercises principal oversight and control over a prepaid program (control includes organizing the program and setting the terms and conditions). If the issuer is a bank, then neither the bank nor any of the participants will be required to register as an MSB.
A “seller of prepaid access” is defined as any person that receives funds or the value of funds in exchange for an initial loading or subsequent loading of prepaid access. Sellers of prepaid access cards are not required to register as an MSB, but they must still maintain an AML program and file SARs if: (1) the product offered is covered by the Final Rule and can be used without a later activation process that includes customer identification; or (2) if the product sold (regardless of whether it is offered under a prepaid program) provides a portal to funds that exceed $10,000 to any person during a single day. Resellers must also register as MSBs if the prepaid access can be utilized prior to determining a customer’s identity. If the issuer is a bank, a seller is not relieved from compliance under the Final Rule.
Business to business bulk sales of prepaid access are not subject to the $10,000 per person per day rule if the business that is acquiring the prepaid access cards is not the end-user/customer. All retail merchants who sell prepaid access including those that sell their own gift cards and those that resell a 3rd party’s gift cards should implement policies and procedures to prevent the sale of 10k or more of prepaid access to a single customer in a day. Retailers are advised to consider typical customers, locations and volume of prepaid access sales in developing policies and procedures reasonably adapted to prevent the sale of $10,000 or more to one person per day.