Glenbrook’s Bryan Derman filed the following report after his participation in March 2007 on a panel titled “Hype or Reality – Anti-Money Laundering Risks from Prepaid Payment Products and What Can Be Done About Them” at the Spring Meeting of the American Bar Association’s Business Law Section in Washington, DC.
Watching the AML Risk in Prepaid Cards
I had the opportunity to speak on a panel at last week’s Spring Meeting of the American Bar Association’s Business Law Section in Washington, DC. The panel was entitled, “Hype or Reality – Anti-Money Laundering Risks from Prepaid Payment Products and What Can Be Done About Them” and featured speakers from both government and the banking/payments industry giving their perspectives on where the risks may lie and what can be done to manage them.
+1 (203) 227 3687
The AML risk in prepaid card has been discussed for some time, particularly with the advent of general use, open loop, cash loadable prepaid cards. However, the topic gained significant attention beginning last fall with the publication of an assessment by the National Drug Intelligence Center entitled “Prepaid Stored Value Cards: A Potential Alternative to Traditional Money Laundering Methods” (PDF), along with a useful response (PDF) drafted by the Network Branded Prepaid Card Association.
While the initial assessment probably did not full appreciate the risk-control capabilities and voluntary actions already taken by the prepaid industry, it did provide a reminder of the scale of the money laundering problems generated by illegal drug trafficking and potential for poorly-controlled prepaid cards to assist those who engage in such activities.
I thought that my fellow panelists on the industry side did an impressive job of both explaining where the true risks lie (anonymous cards, cash loading, ATM access, etc.) and what steps can be, and have been, implemented to mitigate the risks.
But perhaps more interesting to me were the comments of the panelists from the government – Courtney Linn of the Justice Department and Don Semesky of the Drug Enforcement Agency. Among their key points were:
- At least in legal circles, there seems to be some ambiguity about where the responsibility technically lies for aspects of AML and Patriot Act provisions among banks, processors, card associations and retailers
- Value stored on prepaid cards does not trigger the currency reporting requirements associated with transporting large amounts of cash over a national border
- There are anonymous, reloadable prepaid cards issued overseas with far fewer requirements than would be encountered in the US (my Google search turned up some interesting offers, which I chose not to pursue)
- DEA seized approximately $600 million in laundered cash last year (out of an estimated $60 billion spent by Americans on illegal drugs), but no suspicious hoards of prepaid cards
- Still, the government regards it as very difficult to keep pace with advances in financial technology; mobile payments could prove to be a bigger problem than prepaid cards give their potential to initiative international funds transfers.
I left the session feeling comforted, particularly by the absence (so far) of any real world cases where prepaid cards have been implicated in major money laundering schemes (most everyone acknowledges that they probably are involved in minor instances of laundering by local drug operatives within the US). Industry participants should be proud of their efforts and record to date but remain vigilant in the face of a clever, ruthless adversary with $60 billion that needs to cross the border.
My prepared comments follow below.
Comments of Bryan Derman, Glenbrook Partners
American Bar Association, Section of Business Law, Spring Meeting
Panel: “Hype or Reality – Anti-Money Laundering Risks from Prepaid Payment Products and What Can Be Done About Them”
March 15, 2007
The most important thing anyone ever told me about this area of payments is that “there is no such thing as a prepaid card”. By that he meant that a prepaid card is not a single, homogeneous product like a credit card or check. Their recent popularity derives largely from their flexibility and the fact that they can be tailored to achieve different kinds of performance. When we design prepaid programs, we are invariably doing so with specific applications in mind that could vary from a gift certificate, to a travelers check, to a healthcare spending account, to a corporate bonus payment, and ultimately, but only sometimes, to a near-replacement for a bank account.
These applications have different requirements that significantly affect the economics of those products. The product attributes that go along with any particular use case for a prepaid card also dramatically affect its risk characteristics in an area like Anti-Money Laundering. Some of the most important questions to ask about a product from an AML perspective are:
- Is the card going to permit cash withdrawal from ATMs? — Some cards need to – like payroll and travel cards – but most probably do not
- Will the card be reloadable? Some cards are intended to be durable and it may be legitimate or necessary to enable reloads, such as with a payroll card or some incentive/commission products
- If it is reloadable, or even if not, what methods of loading value to the card will be permitted, and how much value will the card be allowed to hold? There are legitimate reasons to allow certain kinds of cards to be loaded using cash, but many or even most cards will funded using existing bank accounts that can be tracked.
In a way, one of the most powerful features of these cards is the ability to set limits and conditions on the kinds of variables I just mentioned. These control features permit the issuer of a prepaid card to make prudent trade-offs between customer convenience and risk control. That’s a trade-offs bankers are accustomed to making on a daily basis, even outside the regulatory arena. Many bank policies are designed to strike a balance between consumer ease-of-use and the bank’s own costs in terms of fraud and credit losses. That’s why, for example, normal debit cards usually have daily limitations on the amount of cash they can withdraw, even though they draw funds from fully-vetted and highly-regulated bank accounts.
An important concept in banking today is the idea of setting risk policies adaptively; that is, to set the burden of risk management procedures so they are in proportion to the riskiness of a given transaction. In practical terms, we are trying to see how we can keep things simple for customers who are transacting in a normal, acceptable pattern, while focusing our scrutiny and safeguards on those who are engaging in higher risk activities or behaving outside normal patterns. The same kind of thinking needs to be applied to AML compliance.
It seems the same kind of thinking applies to prepaid cards and AML risks and we are increasingly seeing it applied in this space. A law-abiding consumer who prefers not to maintain a traditional bank account, will typically tolerate a process that requires him to register his card and verify his identity if he is seeking a durable payment instrument that will provide considerable convenience and savings compared to dealing in the cash economy. These individuals are often seeking a better way to accomplish the everyday economic tasks that many of us take for granted – keeping their money in a safe place, easily buying household goods, paying bills without running all over town or purchasing money orders, and paying for gasoline right at the pump. Whatever time and hassle may involved in properly registering for a prepaid card that works at an ATM and can be reloaded with cash will be repaid over time by the convenience that card payments bring.
On the other hand, it seems unreasonable to ask average consumers to submit to an underwriting procedure when they simply want to give a small, one-time gift for a relative’s birthday, or want to help their teenager to buy some songs on the Internet. Overburdening low value, non-reloadable cards with procedures designed for serious, durable banking accounts will likely impair a market that has proved very popular with consumers.
Our firm works with a number of different players in the payments business, and John asked me to comment specifically on how these AML issues affect retailers. Obviously, prepaid cards have become almost as popular with retailers as they are with consumers. The attraction of the cards for retailers is two-fold:
- Locking in future merchandise sales by selling closed-loop cards that work in their own stores
- Earning commissions by selling others’ prepaid cards, both open and closed loop products, in their stores and, for some retailers, adding additional value to cards that can be reloaded. These commissions represent a very productive use of the limited floor space occupied by a display of prepaid cards.
It’s the latter function that is our primary concern today in the AML area. Acting as the agent of the card issuer for the loading and reloading of value, the retailer will play an important role in carrying out whatever procedures are mandated by banks, card networks, or regulators.
Retailers have become accustomed to a certain level of complexity in the management of payment systems as card-based payments have become more prevalent and displaced cash and checks. With the growth of credit cards and the advent of both signature and PIN-based debit cards, retailer systems and staff have become increasingly adept in handling an increasingly diverse payment environment.
However, as we work to enhance payments systems and develop new ones, the common refrain we always hear from retailers is to please keep requirements as clear and uniform as possible to aid them in keeping their systems compliant and their staffs fully trained.
It is certainly no coincidence that while thousands of banks issue payment cards on perhaps a dozen or more different payment networks, the basic mechanics of card transaction at the point-of-sale are essentially the same for all of them. Apart from some cards needing a PIN and others being signed, card transactions look remarkably similar across brands, networks, sales environments, and even countries. By carefully staging introductions of new products, such as the new contactless radio frequency cards, we have enabled retailers to incorporate new payment technologies with minimal confusion because they were able to prepare their staff members to properly handle the innovations.
The same care and uniformity should be kept in mind as we consider proper procedures in the area of AML compliance for prepaid cards. Frankly, we do the criminal community a great favor to the extent that we allow ambiguity in regulation and diversity of network guidelines to persist. Retailers need to understand which cards are subject to reporting requirements, how much money may be loaded, how many cards may be purchased, and so on. The more precision and consistency we can achieve in the rules and regulations, the more effective will be the retailer compliance effort. Clear guidance will enable retailer IT departments to integrate compliance directly into their point of sale system and will simplify the work of their training departments as well.
We believe that the banks, card networks, and retailers have exhibited a very healthy respect thus far for the risks involved with cash access, reloadable and bulk-purchased cards. Rules have been instituted by the card networks in response to governmental concerns and they have paid close attention to the requirements of money service businesses.
It’s quite significant, for example, that as Visa and MasterCard have worked recently to create cash reload networks for their issuers, they have decided to work in partnership with existing licensed players in the space like InComm and Blackhawk Network. This is surprising in some ways, since those card networks already have connections to large retail networks through their traditional acquiring banks, but by working through specialized reload networks, they are leveraging the skills and systems of players who already have the appropriate credentials and processes, rather than rushing to bring inexperienced players into the reload function to meet fast-growing demand.
In the same vain, I think it’s comforting to see that while many non-financial companies have begun to launch open loop stored value programs, the formal issuing responsibility for those programs has been highly concentrated in a handful of banks that specialize in stored value. These banks have become the leaders of the prepaid compliance effort based on their considerable experience and expertise in both regulatory requirements and best business practices for the management of prepaid programs.
So, my two key recommendations are to align the rigorousness of procedures with the riskiness of the product or transactions, and to eliminate as much as possible lingering ambiguity about rules. The industry has shown a willingness to be cooperative and even somewhat conservative about AML compliance, I believe. My hope would be that meetings like this one will help drive the industry and its regulators toward a clear consensus on how business should conducted – prudently balancing significant risks with appropriate safeguards.
Copyright © 2007, Glenbrook Partners, LLC.