AML CHALLENGES
responsibility to aggregate and report cash
transactions. In addition, prepaid card attributes are prohibitive of reportable transactions, as most value loads and withdrawals
are limited at $2,500 per transaction.
However, issuers still need to consider the
ability to aggregate cash activity between
multiple cardholders. Does the issuer obtain
the transactional records? If so, how can
the issuer aggregate activity if one cardholder has a card with program manager A
and another card with program manager B?
These aggregation issues remain a challenge
for the prepaid card industry.
Suspicious activity monitoring, reporting
and law enforcement needs
Suspicious activity monitoring can be
handled one of two ways, depending on the
amount of data the issuer receives on its
cardholders. If the issuer receives all cardholder information including transactional
data, typically referred to as “flat files,” it can
monitor activity within its organization. The
issuer may use a fraud or AML tool provided
by a card association, an internally built
system and risk-based rules, or an outside
vendor solution. However, few vendor solutions currently available for AML monitoring
adequately address the unique characteristics of prepaid card programs. It can also be
difficult to justify the cost of a vendor solution when prepaid revenue can be pennies
per transaction.
If the issuer is not receiving flat file information, or transactional data, it must provide its
program managers with suspicious activity
monitoring requirements. Issuers should
consider monitoring for such things as
multiple cards, cash value loads followed by
cash withdrawals, merchant credits without
corresponding debits, multiple transfers to
and from accounts, deposits in names other
than the cardholder and above average value
loads. The issuer should also periodically test
the program manager’s compliance with the
monitoring requirements.
As the regulated financial institution, the
issuer also has the responsibility to file SARs
on reportable activity. The issuer’s AML
requirements should provide the program
managers with information such as when
and how to report suspicious activity to
the issuer. Issuers should consider whether
to have the program manager report all
suspicious activity, regardless of the dollar
amount, or t