Company Profile

FinCEN’s Proposed Prepaid Access Rule: Its Impact on Product Development

Click here to download this article as a PDF.



On June 28, 2010, the Financial Crimes Enforcement Network (“FinCEN”) issued its much-anticipated proposed rule addressing prepaid cards and stored-value (the “Proposed Rule”). [1]  FinCEN is seeking to amend its regulations, which implement the Bank Secrecy Act (“BSA”) relating to money services businesses (“MSBs”) in an effort to bring non-bank entities in the prepaid sector under regulatory treatment that is more consistent with traditional financial institutions.

This article analyzes significant regulatory and business issues raised by the Proposed Rule and the views of the industry as reflected in the comment letters sent in response to FinCEN’s Proposed Rule. This piece also examines the impact that a final rule issued by FinCEN could have on the development of prepaid card products and their substantive regulation at the federal and state levels.

FinCEN had been considering the coverage of stored-value devices and prepaid cards under the BSA for a number of years as the market for these products developed and grew. Then, in 2009, Congress included a provision in the Credit Card Accountability, Responsibility and Disclosure Act (the “CARD Act”) that instructed FinCEN to develop and issue regulations to address these stored-value products and related BSA issues.

FinCEN’s stated goal is to close regulatory loopholes that make prepaid access potentially vulnerable to money laundering and terrorist financing. The Proposed Rule, if finally adopted as proposed, would subject certain non-bank card program managers and certain closed-loop prepaid card programs to direct regulation under the BSA for the first time.

Over the two-month comment period, FinCEN has received more than 40 comment letters from consumers, governmental authorities, trade associations, prepaid card issuers, card program mangers and retailers. These comment letters raise significant concerns with the requirements of the Proposed Rule as written and argue for a final rule that varies substantially from the version proposed. FinCEN is currently vetting the comment letters and possible changes to the Proposed Rule internally and with various agencies before publishing the final rule. There has been no announced release date for the final rule.

FinCEN’s Proposed Rule is under consideration at a key point in the development of the business and overall regulatory structure of the prepaid card industry. On the regulatory and political front, with the passage of the Dodd-Frank Act in 2010 and the CARD Act in 2009, the regulatory regime for consumer protections for prepaid cards is under scrutiny at the Federal Reserve, and soon, the new Consumer Financial Protection Bureau (“CFPB”), which will have extensive jurisdiction of consumer protections for prepaid cards. In particular, the Federal Reserve Board issued a new regulation in 2010 that brings certain gift cards within the direct jurisdiction of the consumer protections under Regulation E and imposes requirements relating to fee disclosures and expiration dates for such products.

While the Proposed Rule is not a consumer protection rule, the definitions and classifications that FinCEN makes as to the different types of card programs (“open-loop” versus “closed-loop,” “reloadable” and “non-reloadable”) have the potential to impact how other regulators (such as the Federal Reserve, CFPB and state banking departments) view prepaid card products in the context of consumer protections. For example, regulators may determine that it is more appropriate to impose a higher level of consumer protections or fee restrictions on open-loop prepaid card programs compared to closed-loop prepaid programs. On the law enforcement front, there have been high-profile examples of the potential risks that prepaid cards pose for money laundering and criminal activities. For example, newspapers have reported that the assassins in the Dubai murder of a Hamas political leader used general purpose (open-loop) prepaid cards issued by a U.S. financial institution to make payments at the hotels where the murder took place. [2]  

At the same time, the overall size of the prepaid card market is booming. In the Federal Reserve Board 2010 Payments Study, the Federal Reserve estimated that the total number of prepaid transactions in 2009 was 6 billion, up from 3.3 billion in 2006, with an average annual growth rate of 21 percent. This number reflects both open-loop, general-use prepaid card and closed-loop/merchant-only prepaid card transactions. [3]

I. Proposed Regulation of Non-Bank Program Managers and Closed-Loop Programs


A. “Prepaid Access” and the Regulation of “Providers of Prepaid Access”

Under the Proposed Rule, the term “prepaid access” would replace the term “stored-value” that is currently used in the BSA regulations. FinCEN believes that the term “prepaid access” better reflects common usage today, as the “stored-value” terminology suggests the value is stored on the card or device itself, which is frequently not the case. The term “prepaid access” in the Proposed Rule is defined as an “electronic device or vehicle, such as a card, plate, code, number, electronic serial number, mobile identification number, personal identification number, or other instrument that provides a portal to funds or the value of funds that have been paid in advance and can be retrievable and transferable at some point in the future.” FinCEN intends that this new definition be broad enough to encompass most prepaid products today, while remaining sufficiently flexible to encompass new technologies in a rapidly evolving area.

The Proposed Rule does not seek to change or alter the regulatory requirements that are currently applicable to financial institutions that act as issuers of prepaid access or stored-value. Today, banks and other financial institutions that issue prepaid access/stored-value must comply with the BSA. The Proposed Rule would also seek to regulate non-bank program managers or operators for the prepaid access programs (called “providers of prepaid access”) as money services businesses and impose anti-money laundering program (“AML”) requirements upon them.
Accordingly, the Proposed Rule sets forth a new definition of “Provider of Prepaid Access,” which includes a person or entity in the transaction chain that has “principal oversight and control over” the prepaid access program. There is no bright line test or safe-harbor under the Proposed Rule for determining whether an entity does or does not “exercise principal oversight and control.” Instead, it is a facts and circumstances test. Activities that would indicate ”principal oversight and control” include: (i) organizing the prepaid program; (ii) setting the terms and determining that the terms have not been exceeded; (iii) determining the other businesses that will participate in the transaction chain underlying the prepaid access, possibly including the issuing bank, the payment processor or the distributor; (iv) controlling or directing the appropriate party to initiate, freeze or terminate prepaid access; and (v) engaging in activity that demonstrates oversight and control of transactions.

Under the Proposed Rule, an entity that is deemed to be a provider of prepaid access would be required to register with FinCEN as an MSB, as well as maintain AML programs, report certain currency transactions, maintain certain records and file reports on suspicious transactions. In FinCEN’s view, the provider of prepaid access is the entity in the best position to fulfill these requirements because it is likely to have business relationships with most or all of the other participants in the prepaid access transaction chain.

While the Proposed Rule would subject new entities to registration and AML compliance programs required under the BSA, the Proposed Rule would not remove or lessen the existing compliance responsibilities on any other company or financial institution that is already subject to the BSA as a result of its participation in the prepaid card program. For example, if a prepaid card program has a national bank as the card issuer, the national bank, as a “financial institution” under the BSA, would be required to apply its own BSA compliance program to the customers of, and transactions with, the prepaid card accounts. This compliance obligation on the national bank would continue even if there is a program manager for the same card program that qualifies as a “provider of prepaid access” and which itself has an AML compliance program applicable to the cardholders and card transactions.

A number of industry commenters indicated the potentially duplicative and overlapping regulatory requirements for the same prepaid card program are unnecessary and burdensome. Some commenters recommended that FinCEN’s final rule should exclude from coverage any prepaid card program that has a U.S. bank as the card issuer. These commenters point out that the issuing bank is already required to apply its AML compliance program to the prepaid card program and to include contractual provisions with its service providers to assist the issuing bank in its regulatory compliance responsibilities. Moreover, the federal bank regulatory agencies have existing authority under the Bank Service Company Act to examine the activities of these third-party service providers. Certain commenters noted that FinCEN is underestimating the effective role that card issuers play in the structuring of prepaid card programs and the establishment of controls on sellers and program managers. Commenters argue that these card issuers have the experience in applying AML programs to prepaid card holders, and FinCEN should build on this existing structure rather than seeking to cover new entities.

Other commenters suggest that the final rule should expressly permit the parties involved in a prepaid card offering (such as the card issuer, processor and program manager) to allocate regulatory responsibility amongst themselves so as to avoid duplication and overlap of compliance efforts.  The contractual allocation of compliance responsibility likely will not be viewed positively by FinCEN, since absent a detailed contractual analysis, it will be impossible for FinCEN to discern which entity is responsible for regulatory compliance and which entity has the requisite records regarding card transactions.
B. Treatment of Closed-Loop Prepaid Access Programs

Under the current BSA regulatory regime, FinCEN has not sought to regulate closed-loop prepaid card programs under the BSA. Similarly, the state banking departments generally have not sought to regulate the issuance and operation of closed-loop prepaid cards under state money transmission laws. The regulators appropriately have viewed merchant-run closed-loop programs as not constituting the transmission of funds from one person to another. Rather, the prepaid cards in a closed-loop program represent the pre-payment by the cardholder for goods or services from the merchant.

However, a clear or uniform categorization of which prepaid card programs constitute “closed-loop” versus “open-loop” is absent at both the federal and state level. In fact, there is no definition of closed-loop stored-value or prepaid cards under the current BSA regulations. Similarly, the states either have no such definition under their money transmitter laws, or they have definitions that are not uniform. For example, California recently revised its money transmission statute to regulate, among other activities, the issuance of stored-value. The California statute excludes from the definition of stored-value “any stored-value that is only redeemable by the issuer for goods or services provided by the issuer or its affiliate, except to the extent required by applicable law to be redeemable in cash for its cash value.” [4] Note how this exclusion from regulation is limited to stored-value cards that are redeemed by the issuer for goods, and it does not (at least by its expressed terms) address prepaid cards that are usable at affiliated merchants or in shopping malls.

Under the Proposed Rule, “closed-loop prepaid access” is defined as prepaid access to funds or the value of funds that is limited to a defined merchant or location (or a set of locations), such as a specific retailer or retail chain, a college campus or a subway system. A card program that comes within this definition of “closed-loop prepaid access” would not be subject to registration, as well as other reporting and recordkeeping requirements under the BSA. However, if a closed-loop prepaid access program has features that allow it to be used internationally or used for person-to-person payments, the program would cease to qualify for an exception under the Proposed Rule. Card programs with either one of these two features would be subject to the same MSB registration and AML compliance requirements applicable to open-loop, general use prepaid cards.

1. Application of Proposed Rule to Hybrid Closed-Loop Programs

Deciding which card programs are closed-loop and which are open-loop has become more complicated over the last decade, as closed-loop programs have evolved significantly. There are still many “single merchant” specific card programs that are clearly closed-loop. However, there are now a growing number of prepaid card programs that operate with attributes of closed-loop programs but have additional card acceptance at a limited range of merchants associated by location, brands or ownership. These hybrid closed prepaid cards represent some of the faster growing prepaid card types and have very attractive features to the cardholders, as well as to the participating businesses. Examples of these hybrid closed-loop card programs include:

(a) college campus cards, where the cardholder can use the card at college stores, as well as merchants that are located on or near the college campus;

(b) subway/transit cards, where the cards can be used both for transit and to purchase coffee/newspapers from vendors in the subway system;

(c) shopping mall cards, where the cardholder can use the card to make purchases from any merchant located in the shopping mall;

(d) online marketplace cards, where there are a range of merchants located on a separate online shopping mall or marketplace, controlled by a single operator, and the card can be used for any merchant within that online marketplace; and

(e) amusement parks and sports venues, where the card can be used at many different merchants and vendors that are located within a single amusement park/sports venue.


Under the Proposed Rule, the definition of closed-loop prepaid access encompasses at least some of the above hybrid prepaid programs. The text of the proposed rule states that closed-loop includes prepaid access to funds that can be used “only in transactions involving a defined merchant or location (or a set of locations) such as a specific retailer or retail chain, a college campus, or a subway system.” One could argue that this definition intends to include card programs that involve more than one legal merchant, since the rule refers to a defined merchant “or location” (or a set of locations). A “defined location” could include a shopping mall or even an online marketplace. FinCEN has specifically requested comment as to whether there are certain types of closed-loop programs that should be covered under the rule.

The retail industry commenters almost universally view FinCEN’s proposed definition of “closed-loop” as potentially too narrow and not clearly including the full range of closed-loop card products in the market today. For example, commenters from the online electronic gaming industry requested clearer guidance that closed-loop prepaid access would include a program that allows consumers to access electronic games from multiple merchants through a single gaming portal. Similarly, retailers and restaurants that operate under different brand-names and separate operating subsidiaries as part of larger retail/restaurant holding companies sought clarification that a single prepaid card that is usable at any location within the merchant group is viewed as a closed-loop card program.

In all of these cases, the comment letters point out that deeming such programs as closed-loop presents no increased risk of money laundering or terrorist financing. For these hybrid cards, there are operational limitations on the number of merchants that the consumer can access with the prepaid card, and the cards cannot be used to obtain cash. Similarly, the commenters point out that there is a substantial risk that covering these programs will impose unnecessary compliance costs on retailers. Coverage of these card programs also could cause retailers to restructure their card programs to limit the ability of consumers to use the prepaid cards at a wider range of affiliated/associated merchants.

2. Transfers of Value Within Closed-Loop

As noted above, the potential for closed-loop programs to fall within a regulated category is of significant concern to retailers.  Under the Proposed Rule, if an otherwise exempt closed-loop card program allows for “transfers between or among users of prepaid access within a prepaid program,” the closed-loop card program would no longer be exempt from the MSB registration and AML requirements. A number of retailers commented in support of allowing closed-loop programs to provide at least certain types of value transfer functionality without losing exempt status as a closed-loop card program, exempt from the AML compliance requirements of the final rule. Commenters were concerned that this prohibition on value transfer for exempt closed-loop programs would prohibit cardholders from easily combining balances from multiple cards into a single online stored-value account or prevent cardholders transferring value from multiple low-dollar cards onto a single higher-dollar card. Without this functionality for exempt closed-loop programs, cardholders could find it hard to use low dollars that remain on a single card. In addition, some users would not be able to aggregate smaller gift cards to make a single large purchase from a retailer.

3. International Usage of Closed-Loop Cards

Over the last decade, closed-loop prepaid card programs have added new features. With the growth of the Internet, closed-loop prepaid cards can be redeemed in the context of online shopping, not just at physical stores located in the domestic United States. As a result, a person located outside of the United States can use a prepaid card to make a purchase over the Internet that is shipped either domestically or internationally.

Under the Proposed Rule, if an otherwise exempt closed-loop program allows for “funds or value to be transmitted internationally,” the card program would no longer be exempt from the MSB registration and AML requirements. It is not clear from the Proposed Rule whether any use of the card in an international environment would cause a closed-loop program to lose its exemption. For example, is the international transmission of value concept limited to a card that can be used outside of the United States at a merchant location, or does it apply to holders of a card that use the Internet from a location outside of the United States to purchase goods from U.S. retailers?

Commenting retailers felt strongly that many, if not all, international usages of prepaid cards should be permitted. For example, retailers want clarification that the use of a prepaid card from a foreign location to make a purchase from a U.S.-based merchant is not viewed as international card use. The issuance of the card took place in the United States and the product was purchased from a retailer located in the United States, although shipped to a foreign address. These transactions are not viewed by the retailers as increasing any risk of money laundering compared to a wholly-domestic transaction. Requiring a retailer to prohibit access to its Internet store for its exempt closed-loop cards would be difficult to implement operationally and would deny consumers the card payment functionality that they desire.

II. Potential Impact on States’ Application of Money Transmitter Laws to Participants in Prepaid Card Programs 


It is very likely that the regulatory categories and coverage choices that FinCEN makes in its final rule to regulate or exempt certain prepaid card programs and program participants will have a secondary impact on how state governmental authorities regulate such programs and participants.

A. Regulation of Program Managers as Money Transmitters at the State Level

Under state law today, the regulation of participants in prepaid card programs varies from state to state. Banks have traditionally relied on their status as federal- or state-chartered entities to take the position that the state money transmitter laws do not require banks, or any persons acting as service providers for such banks to be licensed as money transmitters. With some exceptions, most of the states have not sought to require service providers to bank issuers to obtain money transmitter licenses for the data processing and card program support functions that the program manager provides in support of the bank’s prepaid card program. The rationale for this approach is: (i) the bank, as a regulated entity, applies its AML program to the card issuance and transactions, and the bank already complies with the reporting and monitoring requirements under the BSA; and (ii) the bank’s financial strength and FDIC-insured status provides sufficient protection for cardholders against loss of funds associated with potential issuer financial failure. The program contracts between the issuing bank and the program managers generally recognize that the program manager must provide information and records to assist the bank in fulfilling the bank’s regulatory obligations, and that the program manager is subject to examination and review by the issuing bank’s regulators. Typically, there also are operational aspects of the card programs to ensure that the issuing bank, and not the program manager, controls the funds that are associated with the prepaid cards.

If FinCEN’s final rule requires that card program managers who meet the definition of “provider of prepaid access” register as an MSB and have direct regulatory compliance responsibility for AML program compliance requirements, we believe it is more likely that more states will seek to require these providers of prepaid programs to register as money transmitters, even if these program managers are not the issuers of the prepaid cards, and even if there is a federal/state chartered bank acting as the issuer of the card. While the comment letters filed by the state regulators did not express any intent to regulate these entities as money transmitters, they did support the creation of this MSB classification at the federal level.
Once a federal regulatory scheme is in place that has defined terms and analysis for determining which program managers should be classified as providers of prepaid access, this regulatory structure could act as a roadmap for states to amend their statutes, regulations or interpretations to require these entities to seek state licenses. The state licensing process for a money transmitter is substantially more burdensome than registration as a MSB at the federal level. State licensing requires a financial review of the applicant company, the posting of bonds, minimum capital requirement and numerous reporting and operational requirements.

B. Regulation of Closed-loop Programs as “Money Transmission” at the State Level
As discussed above, there is no uniform definition as to what constitutes closed-loop prepaid card programs such that the issuer of the prepaid card would not be subject to potential regulation as a money transmitter at the state level. A recent amendment to California’s money transmitter laws discussed earlier in this article is the most recent attempt to legislatively define those merchant prepaid cards that are not subject to state money transmission regulation. It is possible that if FinCEN requires some types of closed-loop programs to register as MSBs, at least some of the states will track FinCEN’s categorizations of closed-loop/open-loop in determining which card programs are subject to licensing as money transmitters.

III. Conclusion


With the pending release of a final rule that may impose new BSA compliance obligations on prepaid cards, FinCEN could impact the manner in which prepaid cards are operated and regulated for the foreseeable future. The impact of the final rule could extend beyond the stated requirements of having to comply with the BSA itself. Wide coverage of closed-loop programs will result in issuers dropping features that have value to both consumers and merchants. Coverage of new entities, such as card program managers, will increase costs of card programs and impose a potentially duplicative and burdensome regulatory structure. The FinCEN final rule will without a doubt have a dramatic impact on the future development of the prepaid card industry.

Click here to download this article as a PDF.


[1]  75 Fed. Reg. 36589 (June 28, 2010).

[2]  “Hamas Killing Shines Light on Payoneer, Prepaid Cards,” Wall Street Journal (April 7, 2010).
[3] 2010 Federal Reserve Payments Study, available at:

[4]  Cal. Financial Code Section 1803(v). California Assembly Bill No. 2789, enacted September 30, 2010.


New PYMNTS Report: The CFO’s Guide To Digitizing B2B Payments – August 2020 

The CFO’s Guide To Digitizing B2B Payments, a PYMNTS and Comdata collaboration, examines how companies are updating their AP approaches to protect their cash flows, support their vendors and enable their financial departments to operate remotely.

1 Comment