Along with cash, checks, credit cards, and debit cards, prepaid cards have become a common method of payment for goods and services in the United States. Prepaid cards can be used at one merchant only, or multiple merchants, or for more general purposes such as funds transfers. They also can be used to dispense wages and federal government benefits. Third party program managers often will establish a prepaid card program and contract with a bank that will issue the card and process card transactions.

These cards also can prove attractive to criminals who may seek to use those cards to launder proceeds of illegal activity. Recent Interagency Guidance issued by US federal regulators seeks to clarify certain regulatory requirements when a bank is involved in issuing these prepaid cards.


Under US anti-money laundering (AML) regulations, a banking organization must establish a customer identification program (CIP) to obtain, verify and maintain certain identifying information on its account customers. On March 21, 2016, the US federal banking agencies (the Federal Deposit Insurance Corporation, the Federal Reserve Board, the Office of the Comptroller of the Currency and the National Credit Union Administration) along with the US AML agency, the Financial Crimes Enforcement Network, issued the Interagency Guidance on applying bank CIP requirements to certain prepaid cards.

The Interagency Guidance only applies to prepaid cards where a bank is the “issuing bank” – this information usually appears on the back of the prepaid card. In the past, guidance from the banking agencies and FinCEN on AML compliance have emphasized the need for banks that issue prepaid cards to have strong AML programs to address the risk these cards present. This Interagency Guidance seeks to clarify which types of prepaid cards must be covered by a bank’s CIP.

If a bank contracts with a third party program manager as part of a prepaid card program, as with any outsourcing arrangement, the contract should clearly state the obligations of the parties, ensure access to all CIP information collected by the third party program manager, provide for the bank to audit the program manager and monitor its performance, and if applicable, outline the rights of a regulatory agency to examine the third party program manager. The bank remains liable for compliance with its CIP requirements as performed by that third party.

Which accounts are covered

  • General purpose prepaid cards issued by a bank that offer the customer the ability to reload funds onto the card or give the customer access to credit or overdraft features are subject to the CIP.
  • If the card does not have reloadable capacity, then it is not covered by the CIP requirement.
  • If a prepaid card is sold with reloadable, overdraft or credit features but they are not enabled at the time of purchase, the cardholder becomes subject to the CIP requirements once the feature or features are activated, which is done generally by contacting the issuing bank or third party program manager.

Which customers are covered by the CIP

Once it has been established that there is an account to which the CIP must be applied, the next question is who is the customer that needs to be identified.

General purpose cards

  • If the cardholder can reload funds onto a general purpose prepaid card or access credit on the card, the cardholder is subject to the CIP.
  • If a general purpose prepaid card is not reloadable and does not otherwise have the characteristics of a deposit or credit account, then the third party program manager that established the pooled account is considered the customer for purposes of the CIP requirement.

Cards used to pay wages

  • If an employer issues a prepaid card onto which only it can load wages from a deposit account it has established at the bank, then the employer is the customer for purposes of the CIP requirement.
  • If an employee is able to access credit or reload the cards from a source other than the employer, then the employee is the customer for purposes of the CIP requirement.

Cards dispensing government benefits

  • If a government agency uses prepaid cards to dispense benefits and only the government agency can load funds onto that prepaid card and does not provide access to credit, the government agency is the customer but there is no CIP requirement because government agencies generally are exempt from the definition of customer.
  • If the beneficiary cardholder is able to access credit or reload the cards from a nongovernment source, then the beneficiary is the customer for purposes of the CIP requirement.

Cards to access health benefits

  • If the card accesses a Health Savings Account, the employee is the customer for purposes of the CIP requirement because the account is established by the customer.
  • If the cardholder accesses a Flexible Savings Account or a Health Reimbursement Arrangement, the employer offering the card is the customer for purposes of the CIP requirement because it is the employer that establishes the account, even if the employee contributes funds through voluntary withholdings from his or her salary.