prepaid cards - uba conference...where do they come from? prepaid cards are typically bought at...
TRANSCRIPT
PREPAID CARDSBY DARLIA FOGARTY, DIRECTOR OF COMPLIANCE AND COO
KNOWLEDGE. CLARITY. RELIABILITY.
www.compliancealliance.com
(888) 353-3933
PREPAID CARDS
Prepaid products are consumer accounts typically loaded with funds by a consumer
or by a third party, such as an employer.
The products are used to:
Make Payments
Store Funds
Get Cast at ATM
Receive Direct Deposits
Send Funds to Other Consumers
WHERE DO THEY COME FROM?
Prepaid cards are typically bought at retail stores or online.
Banks are now entering the prepaid market with products such as Chase Liquid and
Bank of America’s CashPay Card.
Prepaids are often offered as a means of receiving payroll, government benefits, and
tax refunds.
ARE THEY REALLY THAT POPULAR?
Paid products are among the fastest growing types of consumer financial products in
the United States.
The CFPB stated that total dollar value loaded onto general purpose reloadable
cards was expected to be $100 billion in 2014.
SO WHAT ARE THE REGULATORS DOING ABOUT IT?
The CFPB issued a proposal in 2014 to create and enforce strong federal protections
for prepaid cards.
The proposal would require banks and issuers to:
Limit the loss to consumers when funds are stolen or cards are lost;
Investigate and resolving errors;
Provide easy and free access to account information;
Adhere to credit card protections if a credit product is offered in conjunction with a prepaid
account;
Implement Know Before You Owe prepaid disclosures providing the consumer with clear
information about the costs and risks of the product.
WHO DOES THAT PROPOSAL AFFECT?
The proposal applies to a broader class of businesses beyond just banks.
The proposal covers:
Traditional Plastic Prepaid Cards (general purpose reloadable cards);
Mobile and other electronic prepaid accounts that can store funds;
Payroll Cards;
Government Benefit Cards uses to distribute unemployment, child support, pension, student
financial aid, tax refunds, etc.
Peer-to-Peer Payment Products
WHAT ARE THEY TRYINGN TO ACCOMPLISH?
Consumers are using prepaids in place of checking accounts.
Some have switched because they are not creditworthy enough for a checking
account, had bad experiences with overdrafts with checking accounts, or feel like the
“government is watching”.
What the new rule is attempting is to extend the same protections to these cards as
would be provided to checking account customers.
ACCESS TO INFORMATION
Under the proposal, issuers would be required to provide periodic statements or
make account information easily accessible online and for free – similar to online
banking access.
Periodic statements will be required under Regulation E just like for checking
accounts.
The consumer will be allowed to see account balances and a history of their
transactions and fees.
ERROR RESOLUTION RIGHTS
The proposal will require issuers to work with consumer who encounter erros with
their account.
Financial institutions will be required to investigate errors that consumer report on
registered accounts and to resolve those errors in a timely manner.
Provisional credit will be required if the investigation is not resolved within a certain
amount of time.
FRAUD AND LOST CARD PROTECTION
The proposal will protect consumer against unauthorized, erroneous, or fraudulent
withdrawals or purchases – same as provided on their credit and debit cards.
If consumers lose their prepaid card or find erroneous or fraudulent charges on their
prepaid account, the rule would limit their responsibility for transactions they did not
authorize and create a timely method for them to get their money back.
As long as the consumer promptly notifies their financial institution, the consumer’s
responsibility for unauthorized charges would be limited to $50.
KNOW BEFORE YOU OWE
Standard, clear, easy to understand disclosures will be required for prepaids.
This includes:
Monthly fees;
Fee per purchase;
ATM withdrawal cost;
Fee to reload cash; etc.
The proposal requires a long form and short form.
The agreements will be publicly available to allow comparison shopping
WHERE CAN I SEE THE DISCLOSURE?
The CFPB published a model form of the disclosure. You can see it here:
Prepaid Model Sample Disclosure Form
CREDIT PROTECTIONS
Some of these prepaid cards are actually credit cards in disguise.
They allow consumer to spend more money than deposited and then the consumer
is charged exorbitant fees.
Now, similar protections will be applied to Prepaid as laid out in Regulation Z for
credit cards.
CREDIT PROTECTIONS CONT.
Ability to Repay: ensure the consumer can repay the debt before offering credit.
Monthly Billing Statement: Same monthly billing statement as credit card holders
receive
Reasonable time to Pay and Limits on Late Fees: must allow at least 21 days to repay
debt before charged a late fee
Limited Fee and Interest Charges: during the first year the credit account is open,
total fees are not allowed to exceed 25% of the credit limit. No rate changes unless
the cardholder paid late two consecutive times.
CREDIT PROTECTIONS CONT.
The proposal includes protections to ensure that the prepaid account and credit
products are clearly distinguished from each other:
Thirty-day waiting period: issuer must wait 30 days after a consumer registers the prepaid account
before they could formally offer credit.
Wall between prepaid funds and credit repayment: Prepaid companies cannot automatically demand
and take credit repayment when the card is next loaded with funds. Also, they cannot auto-draft
payment on the due date without permission. They also cannot take funds more frequently than a
calendar month.
DOES THIS ALL SOUND FAMILIAR?
Basically, all the proposal is trying to accomplish is to make the cards, and their
issuers, follow the same rules as banks do with their deposit accounts and credit
products.
A VENDOR IS OFFERING US THIS PRODUCT – SHOULD WE OFFER IT
TO OUR CUSTOMERS?
To stay competitive with the big banks (who are all offering a prepaid product),
sometimes you have to jump into some risky products.
Good news is: there is risk management guidance out there. Follow it, and you should
be ok.
Overall, you must ensure that the product fits in with the bank’s strategic goals and
risk appetite.
RISK MANAGEMENT GUIDELINES
At a minimum you should:
Create and implement policies and procedures governing the program including due diligence
process for selecting a vendor and an oversight process for that vendor.
Create and implement policies and procedures to ensure all disclosure to consumers about pricing,
fees, transaction limits, and other program requirements and restrictions are clearly outlined
Create and implement policies a robust audit and compliance functions to ensure ongoing
compliance with internal policies and all applicable laws and regulations
Create and implement policies parameters for reporting to the Board, to enable the Board to
periodically evaluate management’s effectiveness in executing the prepaid program and to
determine if the program is achieving state objectives.
OK, SO WHAT ABOUT BSA? SOUNDS LIKE A PRETTY EASY
WAY TO LAUNDER MONEY.
The Bank must have policies, procedures, and processes sufficient to manage the
related BSA/AML risks as required under the Bank Secrecy Act and other
implementing regulations.
Basic risk mitigation includes:
Conducting appropriate due diligence on any third-party service provider.
Conducting a risk assessment of the prepaid access product itself including product features and
how it is distributed and loaded.
Monitoring transaction conducted or attempted by, at or through the bank for unusual or
suspicious activity.
Product features and limits on usage.
BSA RISK MANAGEMENT
Ensure that the third party has an effective BSA/AML compliance program.
Conduct on-site audits of the third party.
Ensure that the product has limits or prohibitions on cash loads, access, or
redemption.
Ensure there are limits on the amounts of loads and number of loads/reloads (load
velocity limits)
Controls on co-mingle funds
Controls on number of cards purchased by one individual or number of cards on one
card account.
BSA RISK MANAGEMENT CONT
Ensure there a maximum dollar thresholds on ATM withdrawals and the number of
withdrawals within a specific time frame (ATM velocity limits)
Ensure there is a maximum dollar threshold on Point of Sale transactions, i.e. daily or
monthly (POS velocity limits)
Ensure there are limits or prohibitions on certain usage (merchant type) and on
geographic usage, such as outside the US
Ensure there are limits on aggregate card value.
CDD AND PREPAIDS
CDD may include:
Whether the source of funds is known and trusted (such as corporate or government loads vs.
loads by individuals)
The nature of the third parties’ businesses and the markets and customer bases served.
The information collected to identify and verify the holders identity.
The nature and duration of the bank’s relationship with third parties who are the source of funds in
the prepaid access program.
The company requesting payroll funding and the source of payroll funding.
The ability to monitor and track loads, transactions and velocity.
SUSPICIOUS ACTIVITY
The Bank’s program should include a system of internal controls to monitor, identify,
and report suspicious activity related to prepaid access programs.
The Bank should include protocols to regularly obtain transaction information from
processors or other third parties.
Monitoring systems should have the ability to:
Identify foreign activity;
Identify bulk purchase made by one individual
Identify multiple purchase made by related parties.
SUSPICIOUS ACTIVITY CONT
The Bank should also be monitoring for unusual activity patterns, such as:
Cash card loads followed immediately by withdrawals of the full amount from another location, or
Multiple unrelated funds transfers onto the prepaid access product such as in tax refund fraud
situations where multiple tax refunds are loaded onto one card.
SOME FRAUD INFORMATION
Fraud and money laundering are increasing for reloadable cards – they are more
attractive to fraudsters because the money can be accessed at an ATM despite the
KYC piece. Non-reloadable cards used to be the target because they could be
purchased anonymously, i.e. a gift card.
Prepaid accounts are being accessed by counterfeit cards to launder money.
Hackers are penetrating card management platform systems to steal card numbers
and change credit balance or limits.