There are many laws and regulations that govern prepaid and debit card programs, some of which are new to the payments landscape. The two critical regulations for a card program are the Bank Secrecy Act (BSA), which includes Anti-Money Laundering (AML) provisions. Congress passed the Bank Secrecy Act in 1970 to detect and prevent money laundering. Later, Congress passed the Patriot Act to fight terrorism. These laws require organizations in the financial sector to abide by specific rules, such as keeping certain records and filing individual reports. The contents of which are useful in legal, regulatory, and financial matters.
Within the BSA, there are requirements for “Know Your Customer” (“KYC”) and “Know Your Business Customer” (“KYB”). Doing customer due diligence is essential so that you know who you’re doing business with to ensure they are not bad actors. There is also the Customer Identification Program (“CIP”), which is done in compliance with the Office of Foreign Assets Control (“OFAC”) screenings.
There are also various Federal Regulations that we have to comply with, like Reg E and rules put out by the Consumer Financial Protection Bureau (“CFPB”), like their Prepaid Rule. As participants in the payments industry, it is all of our duties to have a culture of Compliance from the top executives all the way through to the rank and file employees.
Components of a Payments Compliance Program
Your card program should have in place policies, procedures, and processes to adequately manage the relevant BSA/AML risks as obligated under the regulations. The following are five components that are essential for a successful Compliance program.
- Risk assessment: Risk assessment includes identifying those risks inherent to the financial industry. Compliance teams will examine products, services, clients, and even geographic locations. Compliance then assigns a risk profile to each one of those areas.
- Internal controls: Internal controls are reviewed regularly by the company’s top leadership. Responsibilities and procedures have to be created by a compliant organization to adhere to specific guidelines and use best compliance practices, such as dual control and segregation of duties.
- Reporting: A program manager needs to report to their banking partners various required information at predetermined intervals so those banks can report to their auditors. Often, these banks will conduct BSA/AML Audits. The only way that a card program can stay in business is by demonstrating sound internal control based on risk assessment and the assignment segregation of these duties.
- Compliance Training: Compliance training is a requirement and not a request. It cannot be stressed enough, training is required to keep card programs, and the companies that market them, safe. Every employee, and in the case of a program manager, every client, must be fully trained on BSA/AML on at least an annual basis.
- Have a Bank Secrecy Act (“BSA”) / Anti-Money Laundering (“AML”) Officer: Often referred to as a “Chief Compliance Officer (COO),” the Board of Directors should oversee this role or individual and receive regular reports and updates from them. The Chief Compliance Officer’s responsibility is to ensure that all training requirements mentioned earlier are met, along with the mandated monitoring and reporting requirements.
Cascade’s compliance team offers a complete package of BSA/AML, that includes policies and procedures to keep the programs that we manage compliant with all applicable rules and laws.At the end of the day, this means that our clients can rest assured that we have their back and they won’t have to worry about compliance – that is our job.