(a) Anti-money laundering program requirement. Effective July 24,
2002, each operator of a credit card system shall develop and implement
a written anti-money laundering program reasonably designed to prevent
the operator of a credit card system from being used to facilitate
money laundering and the financing of terrorist activities. The program
must be approved by senior management. Operators of credit card systems
must make their anti-money laundering programs available to the Department
of the Treasury or the appropriate Federal regulator for review.
(b) Minimum requirements. At a minimum, the program must:
(1) Incorporate policies, procedures, and
internal controls designed to ensure the following:
(i) That
the operator does not authorize, or maintain authorization for, any
person to serve as an issuing or acquiring institution without the
operator taking appropriate steps, based upon the operator’s money
laundering or terrorist financing risk assessment, to guard against
that person issuing the operator’s credit card or acquiring merchants
who accept the operator’s credit card in circumstances that facilitate
money laundering or the financing of terrorist activities;
(ii) For purposes of making
the risk assessment required by paragraph (b)(1)(i) of this section,
the following persons are presumed to pose a heightened risk of money
laundering or terrorist financing when evaluating whether and under
what circumstances to authorize, or to maintain authorization for,
any such person to serve as an issuing or acquiring institution:
(A) A foreign shell bank that is not a regulated affiliate, as those
terms are defined in section 1010.605(g) and (n) of this chapter;
(B) A person appearing on
the Specially Designated Nationals List issued by Treasury’s Office
of Foreign Assets Control;
(C) A person located in, or operating under a license issued by,
a jurisdiction whose government has been identified by
the Department of State as a sponsor of international terrorism under
22 U.S.C. 2371;
(D) A foreign
bank operating under an offshore banking license, other than a branch
of a foreign bank if such foreign bank has been found by the Board
of Governors of the Federal Reserve System under the Bank Holding
Company Act (12 U.S.C. 1841, et seq.) or the International
Banking Act (12 U.S.C. 3101, et seq.) to be subject to comprehensive
supervision or regulation on a consolidated basis by the relevant
supervisors in that jurisdiction;
(E) A person located in, or operating under
a license issued by, a jurisdiction that has been designated as noncooperative
with international anti-money laundering principles or procedures
by an intergovernmental group or organization of which the United
States is a member, with which designation the United States representative
to the group or organization concurs; and
(F) A person located in, or operating under
a license issued by, a jurisdiction that has been designated by the
Secretary of the Treasury pursuant to 31 U.S.C. 5318A as warranting
special measures due to money laundering concerns;
(iii) That the operator
is in compliance with all applicable provisions of subchapter II of
chapter 53 of title 31, United States Code and this chapter;
(2) Designate a compliance
officer who will be responsible for assuring that:
(i) The
anti-money laundering program is implemented effectively;
(ii) The anti-money laundering
program is updated as necessary to reflect changes in risk factors
or the risk assessment, current requirements of this chapter, and
further guidance issued by the Department of the Treasury; and
(iii) Appropriate
personnel are trained in accordance with paragraph (b)(3) of this
section;
(3) Provide for education and training of appropriate personnel concerning
their responsibilities under the program; and
(4) Provide for an independent audit to
monitor and maintain an adequate program. The scope and frequency
of the audit shall be commensurate with the risks posed by the persons
authorized to issue or accept the operator’s credit card. Such audit
may be conducted by an officer or employee of the operator, so long
as the reviewer is not the person designated in paragraph (b)(2) of
this section or a person involved in the operation of the program.
