US federal financial regulatory agencies have issued guidelines concerning the applicability of the Customer Identification Program (CIP) rule to prepaid cards that banks issue.

The guidance applies to banks, savings associations, credit unions, and American branches and agencies of foreign banks. It states that every bank’s CIP should apply to the holders of certain prepaid cards that it issues and also to the holders of such prepaid cards purchased under arrangements with third-party programme managers that sell, distribute, promote or market the prepaid cards on the bank’s behalf. The guidance describes the circumstances in which, in accordance with the CIP rule, the bank should obtain information "sufficient to reasonably verify" the identity of the cardholder, at the very least obtaining his name, date of birth, address and an identifying number such as his Taxpayer Identification Number.

The agencies in question are the Federal Deposit Insurance Corporation, the Federal Reserve Board, the National Credit Union Administration, the Office of the Comptroller of the Currency and the Financial Crimes Enforcement Network.

Clarification for the CIP rule

The agencies' worry here is money-laundering control. In 2003, they collectively issued the CIP rule that requires every bank to obtain enough information to form a reasonable belief regarding the identity of each “customer” who wants to open a new “account.” The bank’s CIP must include risk-based procedures for verifying its customers’ identities insofar as they are reasonable and practicable. It especially requires banks to fulfil certain minimum requirements. The CIP must include identity verification procedures that say when and how the bank will verify the customer’s identity using documentary or non-documentary methods and the rule also has specific account record-keeping and notice requirements.

When mentioning these new guidelines the agencies mention the word 'clarification' over and over again, which suggests that they do not believe things to have been clear up until now. They say that certain prepaid cards that any bank issues should be subject to its CIP. In order to determine if CIP requirements apply to the purchasers of prepaid cards, the bank should first determine whether the issuance of a prepaid card to a purchaser results in the creation of an account; and if so, ascertain the identity of the bank’s customer.

The presence of an account

How to decide whether an account has been created? An “account” is defined in the CIP rule as “a formal banking relationship established to provide or engage in services, dealings, or other financial transactions, including a deposit account, a transaction or asset account, a credit account or other extension of credit.” An account also includes “a relationship established to provide a safety deposit box or other safekeeping services or to provide cash management, custodian, or trust services.”

An account does not include “products and services for which a formal banking relationship is not generally established with a person, such as cheque-cashing, wire transfers, or the sale of a cheque or money order. For CIP purposes, an account does not include any account that the bank uses to facilitate participation in an employee benefit plan established under the Employee Retirement Income Security Act 1974.

Things that might be equivalent to an account

A card-holder may reload his general-purpose prepaid cards (or another party might on his behalf) in a manner that is similar to the way in which funds can be added to a traditional deposit, asset, or transaction account. The agencies therefore believe (for what that is worth) that the issue of a general-purpose prepaid card with those features creates a formal banking relationship and is equivalent to opening an account for purposes of the CIP rule. By contrast, the issuance of a general purpose prepaid card that, according to the programme, cannot be reloaded by a cardholder or another party on behalf of the cardholder, does not establish an account for CIP purposes. Such cards do not bear the characteristics of typical deposit, transaction, or asset accounts because they do not permit the cardholders or other people on behalf of the cardholders to reload funds. This is why the agencies believe that these cards do not create formal banking relationships.

A general-purpose prepaid card may permit withdrawals in excess of the card balance and also may provide the card-holder with access to an overdraft line or an established line of credit in a situation similar to that of a lender/borrower or credit-card relationship. The agencies think that a card that permits either way of doing things constitutes a formal banking relationship with the issuing bank and is an account for purposes of the CIP rule.

General purpose prepaid cards may include features that permit the cardholder to make and receive payments or transfers by non-card means, such as by Automated Clearing House (ACH), wire, cheque or mobile phone message - activities that are also conducted through an account. The cardholder may even be able to pay a bill by logging on to the issuing bank’s website and initiating an ACH payment to the biller. A cardholder also may be permitted to make and receive payments using a repaid card, perhaps through a cardholder-to-cardholder transfer, a transfer to the cardholder’s savings account, or a transfer to another person’s transaction account at the issuing bank. If these features could result in the reloading of the general purpose prepaid card, then FinCEN and the other regulators want the card to be treated as an “account.”

Identifying the customer

Once an account has been established, the bank must identify the customer for the purposes of the CIP rule. Under that rule, a person who opens a new account is deemed a customer and the final CIP rule’s preamble explains that a bank need only verify the identity of the named accountholder.

When a general purpose prepaid card issued by a bank allows the cardholder to conduct transactions that evidence a formal banking relationship, such as by adding monetary value or accessing credit, the cardholder should be considered to have established an account with the bank for purposes of the CIP rule. The cardholder should be treated as the bank’s customer for purposes of the CIP rule, even if he is not the named accountholder but has obtained the card from an intermediary who uses a pooled account with the bank to fund bank-issued cards.

As a general rule, third-party programme managers should be treated as agents of the bank for purposes of the CIP rule, rather than as the bank’s customers. The preamble to the final CIP rule makes it clear that the rule does not affect a bank’s authority to contract for services to be performed by a third party either on or off the bank’s premises, nor does it alter the bank’s authority to use an agent to perform services on its behalf. However, as with any other activity performed on behalf of the bank, the bank ultimately is responsible for compliance with the requirements of the bank’s CIP rule as performed by that agent or other contracted third party.

Third-party programme managers may establish pooled accounts in their names for the purpose of holding funds “on behalf of” or “in trust for” cardholders or processing transactions on behalf of other issuing banks. However, the fact that these funds are held in a pooled account should not affect the status of the cardholder as a bank customer, assuming that the general purpose prepaid cardholder has established an account with the bank by making the card reloadable or activating its credit or overdraft features. In the case of non-reloadable general purpose prepaid cards without credit or overdraft features, or other prepaid cards that do not have the identified features that establish an account for purposes of the CIP rule, such as closed-loop prepaid cards, the third-party programme manager in whose name the pooled account has been established should be considered to be the only customer of the issuing bank and should be subject to requirements of the bank’s CIP policies and procedures. In these cases, the issuing bank need not “look through” the pooled account to verify the identity of each cardholder.