The Office of the Comptroller of the Currency (OCC) has issued guidance for use by national banks in developing and implementing a comprehensive risk management program for prepaid access programs. Beginning July 21, 2011, the guidance will also apply to federal savings associations.

The guidance, issued on June 29, 2011, describes prepaid access programs as providing electronic access to funds or the value of funds that have been paid in advance through devices such as a card, code, serial number, mobile ID number, or personal ID number. It cautions that banks are exposed to an increased risk of fraud and money laundering when such programs have more advanced functionality, such as the ability to conduct card-to-card, Internet, mobile phone, or international funds transfers.

Although its coverage is broad, the guidance is very general in nature. According to the guidance, to identify, measure, monitor, and control the risks related to prepaid access products, a bank should have a comprehensive risk management program that includes the following components:

  • The bank’s board of directors, in consultation with management, should establish risk limits and outline expectations for compliance and performance reporting. The board must understand how a prepaid program is expected to operate, the level and nature of its risks, its projected costs and revenues, and its requirements, such as the need for expertise in the areas of operations, information technology, audit, compliance, and legal. 

  • Written policies and procedures should govern a prepaid program, including the evaluation, selection, and oversight of third-party service providers. A thorough due diligence review of any potential third-party service provider is critical. Also, third-party arrangements should be governed by “a well-constructed, enforceable service contract that clearly defines expectations, duties, rights, and obligations of each party.” Nine items, “at a minimum,” should be included in the contracts, such as clauses (1) outlining the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and Office of Foreign Assets Control (OFAC) obligations of the parties, (2) outlining the OCC’s authority to examine the service provider, and (3) defining how the parties will share information about fraud losses and suspicious activity and the process for sharing and/or indemnifying losses. 

  • The bank’s audit and compliance functions should test that fees are clearly disclosed to consumers and assessed as disclosed, and should also provide for testing of BSA/AML and OFAC compliance for both in-house and outsourced components of a prepaid program. 

  • The bank’s board of directors should receive periodic reports from management to evaluate whether a prepaid program is operating within established risk limits and achieving stated objectives and financial results. Those reports may include such items as summaries of suspicious activity monitoring and reporting, fraud loss reports, and results of audits and regulatory compliance reviews.

Given that third-party service provider contracts are a significant focus of the guidance, it seems likely those contracts will receive increased scrutiny in OCC examinations. Accordingly, banks should carefully review their third-party service provider contracts with counsel to ensure that they satisfy guidance requirements.

Attorneys in Ballard Spahr’s Consumer Financial Services Group have extensive experience in the structuring and documenting of prepaid access programs and have conducted detailed risk assessments for clients offering such programs. The Group is nationally recognized for its guidance in structuring and documenting new consumer financial services products, its experience with the full range of federal and state consumer credit laws throughout the country, and its skill in litigation defense and avoidance (including pioneering work in pre-dispute arbitration programs). For more information, please contact group Chair Alan S. Kaplinsky, 215.864.8544 or; Vice Chair Jeremy T. Rosenblum, 215.864.8505 or; John L. Culhane, Jr., 215.864.8535 or; Keith R. Fisher, 202.661.2284 or; Barbara S. Mishkin, 215.864.8528 or; or Mark J. Furletti, 215.864.8138 or  


Copyright © 2011 by Ballard Spahr LLP.
(No claim to original U.S. government material.)


All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.