CUNA Regulatory Comment Call

October 19, 2007

EXECUTIVE SUMMARY

• The Department of the Treasury and the Federal Reserve Board (the Agencies) issued a joint proposed rule to implement the Unlawful Internet Gambling Enforcement Act (Act).
• The proposal designates the following five payment systems that could be used in connection with a restricted transaction: automated clearing house systems (ACH); card systems, check collection systems, money transmitting businesses; and wire transfer systems.
• Most participants from the ACH, check collection and wire transfer systems will be exempt. Participants in these systems that are not exempt are those with a customer relationship with the Internet gambling business and those that send or receive certain cross-border transactions, including credit unions if they engage in these activities.
• This means that participants in card systems and within money transfer businesses would be covered by the rule, including credit unions participating in these systems.
• All non-exempt participants would be required to either establish or implement policies and procedures to identify and block, prevent or prohibit restricted transactions or rely on and comply with the policies and procedures established by the payment system.
• The proposal provides nonexclusive examples of policies and procedures for each designated payment system.
• A safe harbor is provided to anyone that identifies and blocks a transaction if it is restricted, the participant believes it is restricted or the transaction is blocked in reliance on the policies and procedures.
• This is a very confusing proposal and we don’t pretend to have all the answers because the regulators certainly don’t.
• You may access a copy of the proposed rule here.
• Comments are due to the Treasury and the Federal Reserve by December 12, 2007. Please submit your comments to CUNA by November 25, 2007. Please feel free to fax your responses to CUNA at 202-638-7052 or e-mail them to CUNA SVP and Deputy General Counsel Mary Dunn at mdunn@cuna.com or Assistant General Counsel Lilly Thomas at LThomas@cuna.com or by telephone at 202-638-5777.

BACKGROUND

The Unlawful Internet Gambling Enforcement Act of 2006 (Act) was enacted as Title VIII of the Security and Accountability For Every Port Act of 2006 and signed into law on October 13, 2006. This Act prohibits persons engaged in the business of betting or wagering from knowingly accepting payments from another engaged in unlawful Internet gambling. Among other provisions, the Act directs the Federal Reserve Board and Treasury Department to implement its provisions, in consultation with the Department of Justice. They were directed to designate the payments systems that could be used to make a ‘”restricted transaction” under the Act (an illegal Internet gambling transaction). Designating a payment system subjects it and the financial transaction providers, such as financial institutions, to regulation. Federal financial institution regulators, including NCUA, are to enforce the rule, when finalized, for the institutions they supervise. (NCUA will enforce the rule for all federally insured credit unions; privately insured stated chartered credit unions will be under the Federal Trade Commission’s enforcement.)

The Act directs that the regulation must require payment systems covered by the rule and financial transaction providers (including financial institutions) participating in each covered payment system to establish policies and procedures that are “reasonably designed” to identify and block restricted transactions. The rules must identify the types of policies and procedures that would be deemed to be “reasonably designed” to meet the Act’s objectives. The agencies are required to exempt any transactions or participants in payment systems from the requirements of the rule if the regulators determine it is not reasonably practical to identify and block such transactions.

The Act provides that a participant, such as a financial institution, in a payment system that is covered by the rule will be deemed to be in compliance if it relies on the policies and procedures of the payment system and such policies and procedures comply with the rule.

HIGHLIGHTS

The Department of the Treasury and the Federal Reserve Board (the Agencies) issued a joint proposed rule to implement the Unlawful Internet Gambling Enforcement Act (Act). The proposed rule would require participants in “designated payment systems” to establish policies and procedures reasonably designed to identify and block or prevent transactions in connection with unlawful Internet gambling.

The proposal designates five payment systems that could be used in connection with a restricted transaction:

• Automated clearing house systems (ACH);
• Card systems (including credit, debit, and pre-paid cards or stored value products);
• Check collection systems;
• Money transmitting businesses; and
• Wire transfer systems.

Participants in these payment systems include financial institutions that participate in, are members of, or have contracted for services with a designated payment system.

Exemptions

The proposal exempts most participants in the ACH systems, check collection systems, and wire transfer systems. Participants in these systems that are not exempt are those that would have a “customer relationship” with the Internet gambling business and those that send or receive certain cross-border transactions. Specifically, the first participant in the United States that receives an incoming cross-border ACH debit or check collection transaction directly from a foreign institution is not exempt. In the case of outgoing wire transfers and ACH credit transactions, the originator’s financial institution or the intermediary financial institution in the U.S. that sends the wire transfer transaction, or the gateway operator that sends the ACH credit entry directly to a foreign bank is also not exempt.

Specifically, the following participants in each payment system below would be exempt from requirements to establish written policies and procedures to prevent or prohibit restricted transactions:

ACH systems

• The ACH Operator, except one that receives instructions to originate an ACH debit transaction or send a credit transaction directly from a foreign sender;
• The originating depository financial institution (ODFI) in an ACH credit transaction; and
• The receiving depository financial institution (RDFI) in an ACH debit transaction.

Check collection systems

• A check clearing house;
• The paying bank, unless it is also the depositary bank;
• Any collecting bank other than the depositary bank; and
• Any returning bank.

Wire transfer systems

• The operator of a wire transfer network;
• The originator’s financial institution or intermediary financial institution except one that sends or credits a wire transfer transaction directly to a foreign bank.

Requirements for Non-Exempt Participants

In addition to participants that have a business relationship with an Internet gambling business or receive or send certain cross-border transactions, participants in the credit card services and money transmitting businesses are not exempt.

All non-exempt participants would be required to either:

1. Establish and implement policies and procedures to identify and block, or otherwise prevent or prohibit restricted transactions; or
2. Rely on and comply with the policies and procedures established by the payment system as long as its policies and procedures comply with the regulation.

The proposed regulations provide examples of policies and procedures for each designated payment system. The examples are nonexclusive and participants are directed to use the policies and procedures in a risk-based manner tailoring them to their type of business and to the different types of restricted transactions.

Generally, policies and procedures for each system should be designed to prevent or prohibit restricted transactions and include measures to be taken when restricted transactions are discovered. Additionally, policies and procedures should address methods for conducting due diligence in establishing and maintaining a commercial account relationship and should be designed to ensure that the commercial customer does not originate or receive restricted transactions.

Card Systems Examples

Policies and procedures for participants in card systems, including merchant acquirers, card system operators, and card issuers, such as credit unions should:

• Address methods for conducting due diligence in establishing or maintaining a merchant/customer relationship. They should be designed to ensure that the merchant/customer will not receive restricted transactions through the card system by screening potential merchant customers to ascertain the nature of their business and include in the merchant customer agreement that the merchant may not receive restricted transactions through the card system.
• Include procedures to identify and block or prevent or prohibit restricted transactions by:
  • Establishing transaction and merchant/business category codes required to accompany the authorization request and enabling the issuer or operator to identify and deny authorization for a restricted transaction.
  • Monitoring or testing 1.) potential restricted transactions to ensure authorization requests are coded correctly; 2.) websites to detect unauthorized use of the card system including its trademark; or 3.) payment patterns to detect suspicious payment volumes from a merchant customer.
• Include procedures to be followed, such as assessing fines or denying access to the card system, when it is discovered that a merchant received restricted transactions through the card system.

Automated Clearing House System (ACH) Examples

Policies and procedures of the ODFIs and third-party senders in ACH debit transactions and RDFIs in ACH credit transactions should:

• Address methods for conducting due diligence in establishing or maintaining a customer relationship. They should be designed to ensure that the customer will not originate restricted debit transactions or receive restricted credit transactions by screening potential commercial customers to ascertain the nature of their business and include in the commercial customer agreement that the customer may not receive restricted transactions.
• Include procedures to be followed, such as assessing fines, preventing the transaction or closing the account, when it is discovered that a customer originated or received restricted transactions.

The proposal also includes examples of policies and procedures for ACH gateway operators and third-party senders receiving instructions from foreign senders, which would not apply to credit unions.

Check Collection System Examples

Policies and procedures of a depositary institution should:

• Address methods for conducting due diligence in establishing or maintaining a customer relationship to ensure that the customer would not receive restricted transactions such as screening potential commercial customers to ascertain the nature of the business and include in the commercial customer agreement that the customer may not deposit checks that constitute restricted transactions.
• Procedures should include actions to be taken, such as refusing checks for deposit and closing the account, when the depository institution becomes aware that the customer deposited checks that are restricted transactions.
• Depository institutions that receive a check for collection directly from a foreign bank should have policies and procedures in place that address methods for conducting due diligence in establishing or maintaining the correspondent relationship with the foreign bank.
• They should include a term in its agreement requiring the foreign bank to have policies and procedures in place to ensure that the correspondent relationship will not be used to process restricted transactions.
• Additionally, procedures should include actions to be taken, such as denying check collection services for the foreign bank or closing the correspondent account, when it is discovered that a foreign bank sent checks that are restricted transactions.

Wire Transfer System Examples

The policies and procedures of a beneficiary’s financial institution in a wire transfer should:

• Address methods for conducting due diligence in establishing or maintaining a commercial customer relationship to ensure that the customer would not receive restricted transactions such as screening potential commercial customers to ascertain the nature of the business and include in the commercial customer agreement that the customer may not receive restricted transactions.
• Both the beneficiary’s financial institution as well as an originator’s financial institution or intermediary bank that sends or credits a wire transfer directly to a foreign bank should have procedures that include actions to be taken, such as denying access to the wire transfer system and closing the account, when restricted transactions are discovered.

Money Transmitting Business Examples

The example of policies and procedures of money transmitting businesses include addressing methods for conducting due diligence in establishing or maintaining a commercial relationships. The policies and procedures should be designed to ensure that the commercial subscriber will not receive restricted transactions through the money transmitting business by screening potential commercial subscribers to ascertain the nature of their business and include in their agreement that the subscriber may not receive restricted transactions.

The money transmitting business should Include procedures to identify and block or prevent or prohibit restricted transactions by monitoring or testing:

• Websites to detect unauthorized use of the money transmitting business including its trademark; or
• Payment patterns to detect suspicious payment volumes.

Procedures should include what actions should be followed, such as assessing fines, denying access or closing accounts, when it is discovered that restricted transactions have been received.

Safe Harbor

The proposal provides a safe harbor to anyone that identifies and blocks or a transaction or refuses to honor a transaction if:

• The transaction is restricted or the participant reasonably believes the transaction is restricted; or
• The non-exempt participant blocked the transaction in reliance on the policies and procedures of the designated payment system in an effort to comply with the regulation.

Definitions

The following are key definitions listed in the proposal:

• Unlawful Internet gambling transaction – to place, receive or otherwise knowingly transmit a bet or wager by any means that involves the use, at least in part, of the Internet where such a bet or wager is unlawful under any applicable Federal or State law where the bet or wager is initiated, received or otherwise made.
• Restricted (payment) transaction – one which a person engaged in the business of betting or wagering is prohibited from accepting in connection with another person’s participation in unlawful Internet gambling. Such transactions include credit or the proceeds of credit, electronic fund transfers, funds transmitted by or through a money transmitting business or the proceeds of such transfers, and any check, draft or similar instrument that is drawn by or on behalf of the other person and is drawn on or payable at or through any financial institution.
• Participant in a designated payment system – an operator of a designated payment system or a financial institution that is a member of or has contracted for financial transaction services with, or is participating in a designated payment system.
• Automated clearing house system or ACH system – a funds transfer system, primarily governed by the ACH rules. The terms used in this proposal when referring to ACH systems are those terms that are defined in the ACH Rules.
• Card Issuer – any person who issues a credit, debit, or pre-paid card as well as any stored value products, issued or authorized by the operator of the system.
• Money transmitting business or service – is any business other than a depository institution which provides check cashing, currency exchange, or money transmitting or remittance services, or issues or redeems money orders, travelers’ checks, and other similar instruments.

1. Is this rule well-constructed or do you find it confusing? Why?
   
   Please explain.
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   
2. Do you believe that the list of five designated payment systems is too broad or too narrow? Do you agree with the current list of designated payment systems, or should new and emerging systems be included?
   
   Please explain.
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   
3. Do you agree with the list of exempt participants? Do you believe any additional exemptions should be included or should existing exemptions be removed?
   
   Please explain.
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   
4. The proposed rule currently exempts Originating Depository Financial Institutions (ODFIs) from establishing and implementing policies and procedures. Do you believe it is impractical for an ODFI to implement policies and procedures in an ACH credit transaction? Does the burden outweigh any benefit in identifying and blocking restricted transactions?
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   
5. The proposal specifically exempts the originator’s financial institution and intermediary financial institution in a domestic wire transfer. Do you believe it is impractical for these participants to implement policies and procedures in a wire transaction?
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   
6. Do you believe it is appropriate for participants to incorporate into their account opening procedures the proposal’s due diligence provisions, including periodic confirmation of the nature and type of a commercial customer’s business?
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   
7. Do you support the inclusion of examples of policies and procedures? Are the examples too broad or too specific?
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   
8. Do you believe ongoing monitoring and testing should be incorporated in the examples for the ACH, wire and check cashing systems?
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   
9. Do you believe it is practical and cost-effective for card systems to develop additional merchant codes to include lawful Internet gambling?
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   

   ---

   
   
   
10. Do you believe that the agencies should establish and maintain a “list” of unlawful Internet gambling businesses for participants to access and use when blocking restricted transactions?
    
    

    ---

    
    
    

    ---

    
    
    

    ---

    
    
    

    ---

    
    
    
11. Do you agree with the proposed definitions of the terms, specifically of the designated payment systems and participants? If not, please explain.
    
    

    ---

    
    
    

    ---

    
    
    

    ---

    
    
    

    ---

    
    
    
12. Do you believe six month after the joint final rules are published is sufficient time for financial institutions and other participants to comply?
    
    

    ---

    
    
    

    ---

    
    
    

    ---

    
    
    

    ---

    
    
    
13. Please provide any additional comments you wish.
    
    

    ---

    
    
    

    ---

    
    
    

    ---

    
    
    

    ---

    
    
    

Copyright © 2008 - Credit Union National Association, Inc.