Federal financial regulators have instructed credit unions and banks to extend procedures for collecting customer identification information to certain holders of prepaid cards.
Under the Patriot Act, financial institutions are required to ask for a customer's name, date of birth and address – as well as an identification number – before letting someone open an account. Institutions must also have procedures in place to verify that information.
The guidance requires issuers to consider prepaid card holders as their customers if their card manager uses an account or accounts at the CU or bank to offer functionality typical of a bank account, such as access to credit, overdraft or the ability to reload funds.
"[T]he money laundering and other financial crime risks faced by banks that issue prepaid cards and process prepaid card transactions require the implementation of strong and effective mitigating controls," the five agencies said in a joint guidance Monday. (They include the National Credit Union Administration, the Federal Reserve Board, the Federal Deposit Insurance Corp., the Financial Crimes Enforcement Network and the Office of the Comptroller of the Currency.
The agencies said in the joint letter that issuers and prepaid card companies have already worked to "mitigate" risks with controls like limits on card value and transfers, but "questions have arisen regarding the application of the [customer identification program] rule to prepaid cards issued by banks, including [for those] under arrangements with third-party program managers."
The letter said that third-party card program managers should be treated as agents of the bank for the purposes of the CIP rule, "rather than as the bank's customer." The institutions are also required to contractually enforce these requirements with third-party card companies.
