Introductory BSA/AML Examiner School, Providence, RI

are joined for the limited purpose of providing a closed loop prepaid access program, such an arrangement falls within the term “defined merchant.”

Question 4: Policies and procedures reasonably adapted to avoid the threshold for seller of prepaid access

Q: Can FinCEN offer more specificity and clarity regarding what measures are necessary on the part of retailers to institute controls, policies and procedures sufficient to meet the “reasonably adapted” criteria, and thereby avoid being designated as “sellers” under the rule? Must a retailer collect identification information from every customer to be able to track how much the person buys in a single day as part of “policies and procedures reasonably adapted to prevent” the sale of more than $10,000 in prepaid access to an individual in a day? closed loop prepaid access) to funds that exceed $10,000 to any person during any one day, and has not implemented policies and procedures reasonably adapted to prevent such a sale.” See 31 CFR 1010.100(ff)(7)(ii). In FinCEN’s November 2011 Frequently Asked Questions related to Prepaid Access (November 2011 FAQs), Question [#4] asks “[h]ow do I know whether my policies and procedures are ‘reasonably adapted’ to prevent a sale of more than $10,000 to any person during any one day?” The response to this question states that the policies and procedures must be risk-based and appropriate for the retailer in question. 5 We understand that some persons and businesses in the marketplace are interpreting this section of the regulation to impose the equivalent of a strict liability standard regarding the sale of prepaid access. In effecting compliance, some retailers are requesting purchaser information at the point of sale for each and every sale of prepaid access; this information has, on occasion, included social security numbers and driver’s license numbers. Purchasers may be confused and reluctant to provide such personal information, particularly in situations where the purchases are of low dollar value and/or exclusively closed loop products. Although a business entity may choose to collect this information for its own reasons, FinCEN did not intend to institute such a sweeping requirement. Instead, FinCEN’s expectation regarding the “policies and procedures reasonably adapted to prevent” sales of $10,000 of collective prepaid access is that retailers will: (1) develop an internal policy regarding sales of prepaid access in excess of $10,000 to a single individual in a day; (2) articulate this policy to the appropriate personnel within the organization; and (3) monitor activity, through mechanisms appropriate to the retailer’s size and type of operating structure, to avoid sales in excess of $10,000 to a single individual in a day. As we stated in the closing sentence of the response to Question 4 in the November 2011 FAQs, “[t]he fact that a retailer sells over $10,000 in prepaid access to one person in one day does not in and of itself mean that the retailer’s policies and procedures are not ‘reasonably adapted to prevent such a sale.’” A: A person is a “Seller of prepaid access” if the person “[s]ells prepaid access (including

As we noted in FinCEN’s public webinar in November 2011:

5 See http://www.fincen.gov/news_room/nr/html/20111102.html.