On Compliance: Unlawful Internet Gambling
Enforcement
New
rules will require new policies for credit unions, particularly those with business
members.
By Timothy I. Oppelt, Esq.
CUES' Credit Union Management's "On Compliance" column runs the fourth Thursday of every month.
On
Nov. 12, 2008, the U.S. Department of Treasury and the Federal Reserve Board
issued the final rule implementing the Unlawful
Internet Gambling Enforcement Act of 2006, 31 U.S.C. § 5361-67. The new
regulations, found at 12 C.F.R. Part 233 and 31 C.F.R. Part 132, require financial
institutions to be in compliance with UIGEA requirements by
UIGEA generally prohibits gambling businesses from knowingly receiving illegal bet or wager payments.
For purposes of the rule, "unlawful Internet gambling" does not have a self-contained regulatory definition. Instead, UIGEA covers bets or wagers that are unlawful under any applicable federal or state law in the jurisdiction where the bet or wager is initiated, received or otherwise made. Even the Department of Treasury shied away from gathering any example list or summary of illegal transactions under the various state and federal gambling laws when issuing the regulations. Your credit union should likely discuss these issues with local attorneys or local law enforcement. In fact, because the underlying federal and state laws vary widely and identifying violators is difficult, the agencies have also not provided an "OFAC-type" list of businesses engaged in such unlawful activities under the rule.
The primary thrust of the regulations, however, is that financial institutions participating in "designated payment systems"—ACH systems, card systems, check collection systems, money transmitting businesses and wire transfer systems—are required to have policies and procedures reasonably designed to stop unlawful Internet gambling transactions. While this initially seems quite broad, the rule's exceptions significantly ease the burden on many credit unions. Even so, credit unions will need to closely examine how the act and regulations might apply to their operations.
Credit unions would be considered to "participate in designated payment systems" if they are a member of, or have contracted for services with, one of the above-mentioned payment systems. However, the rules exempt participants other than the following: originators, receivers or operators in ACH situations; check collection "depository institutions"; operators of money transmitting systems; and wire transfer "beneficiary banks."
These exclusions are important, as they focus the rule on ACH and those institutions that have the relationship with the business engaging in illegal gambling (not the consumer). However, because of the breadth of the rule, even institutions that do not have any business customers will want to have a policy in place.
Rather, financial institutions covered by the rule must, as indicated, establish and implement policies and procedures to identify and block, prevent or prohibit restricted transactions of funds going to Internet gambling businesses. Note that the rule does not preclude funds going to gamblers. Note also that "blocking" transactions does not mean freezing accounts, only preventing individual transactions.
Alternatively, a financial institution may also comply with the rule if it relies on the payment system's policies and procedures. To do so, the financial institution must obtain a written statement by the payment systems operator (e.g., the ACH operator or wire-transfer system operator) stating that the operator has designed or structured the policies and procedures for identifying and blocking or otherwise preventing restricted transactions to comply with the requirements of the regulations. Such a statement will provide a justifiable basis for a financial institution to assume that the policies and procedures are in compliance, unless the financial institution is notified otherwise by its federal regulator (or other federal agency with enforcement authority).
If your credit union decides to rely on the compliance of your payment system operator, you should be sure to obtain written documentation of your operator's procedures, including a copy of the policy, and record it accordingly as part of the credit union's due diligence review of the provider.
Whether your credit union decides to establish its own policy or rely on the provider's, certain minimum provisions should be included in the policy to ensure compliance under the law. The policy should include both preventative measures (including, but not limited to, due diligence upon opening a commercial account relationship), and corrective measures if a restricted transaction does occur. Credit unions should check any provider's policies it relies on for these aspects. Note also that the agencies do permit a financial institution to tailor homemade policies to its business and use different procedures for different business lines or parts of the organization.
Importantly, credit unions that identify, refuse to honor, or block transactions are provided a "safe-harbor" of sorts under UIGEA and the regulations, protecting credit unions and individuals from liability (such as from a suit alleging improper delay of a payment) if: (1) the transaction is actually an illegal or "restricted" gambling transaction, (2) the credit union reasonably believed the transaction to be a restricted transaction, or (3) the credit union prevented the transaction in reliance on the policies and procedures of its designated payment system in an effort to comply with the regulation.
Ultimately, UIGEA and its regulations do not have as sweeping a scope as once feared. That does not, however, lessen the importance for credit unions in the coming months to implement policies, whether home-grown or provided by their payment system operators.
Tim Oppelt is an attorney with Styskal, Wiese & Melchione, and devotes his practice to the representation of credit union clients in regulatory and transactional matters.
- Go to the current issue of Credit Union Management magazine.
