Resource Documents Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision Financial Crimes Enforcement Network Office of Foreign Assets Control

Examination Procedures Core Procedures Expanded Procedures

Bank Secrecy Act Anti-Money Laundering Examination Manual

Backward | Table of Contents | Forward

Electronic Cash—Overview

 

Objective. Assess the adequacy of the bank’s systems to manage the risks associated with electronic cash (e-cash), and management’s ability to implement effective monitoring and reporting systems.

E-cash (e-money) is a digital representation of money. E-cash comes in two basic forms: stored value card e-cash and computer e-cash. Stored value card e-cash is most often downloaded through special terminals (e.g., specially equipped automated teller machines (ATMs), computers, or cellular phones) onto electronic cards. Computer e-cash is downloaded to personal computer hard disks via a modem or stored in an on-line repository.

Stored value cards can operate in either an open or closed system¹⁷⁷. Typically, open system cards may be reloaded, allowing the cardholder to add value. Closed system cards are usually limited to the initial value posted to the card, but some may allow the cardholder to add value. Additionally, funds can be prepaid on an open system card by one person, with someone else accessing the currency elsewhere through an ATM. Prepayment involves a transfer of funds to the card (e.g., telephone calling cards). Some domestic and offshore banks offer cards with currency access through ATMs internationally. Since stored value cards are easy to fund and transport without creating a paper trail, they are attractive for abuse by various illegal enterprises and money launderers. For example, drug dealers have been known to load currency onto prepaid cards and send the cards to their drug suppliers outside the country. Phone cards and other closed system prepaid cards can be purchased for currency and transferred from one person to another and resold. Often, a firm independent of a bank processes all card transactions through a "pooled" bank account held in the name of the firm managing the card program.¹⁷⁸

Consumers use e-cash to access, store, and redeem funds that are maintained electronically. In addition, e-cash, in the form of payroll cards, is now offered by employers to their employees in place of a check to distribute wages. These payroll cards may also function as multi-purpose or general use reloadable cards (i.e., the cardholder can add value to the card at a variety of retail outlets using currency). The value of the funds stored on these cards can be transferred between cardholders using compatible electronic systems and networks, often without using banks.

Using ATMs, point-of-sale devices, or special readers, stored monetary value is subtracted from the card or the value allocated to the card that is held in a pooled bank account. When the monetary value is depleted, the card is either discarded (disposable) or, in some instances, value is replenished (reloadable). In the case of computer e-cash, monetary value is electronically deducted from the bank account when a purchase is made or funds are transferred to another person. Additional information on types of e-cash products is available in the FFIEC Information Technology Examination Handbook.¹⁷⁹

Risk Factors

Transactions using e-cash may pose the following unique risks to the bank:

• Funds may be transferred to or from an unknown third party.
• Customers may be able to avoid border restrictions as the transactions can become mobile and may not be subject to jurisdictional restrictions.
• Transactions may be instantaneous.
• Specific cardholder activity may be difficult to determine by reviewing activity through a pooled account.
• The customer may perceive the transactions as less transparent.

Risk Mitigation

Banks should establish BSA/AML monitoring, identification, and reporting for unusual and suspicious activities occurring through e-cash. Useful management information systems for detecting unusual activity on high-risk accounts include ATM activity reports (focusing on foreign transactions), funds transfer reports, new account activity reports, change of Internet address reports, Internet Protocol (IP) address reports, and reports to identify related or linked accounts (e.g., common addresses, phone numbers, e-mail addresses, and tax identification numbers). Other controls, such as establishing transaction and account dollar limits that require manual intervention to exceed the preset limit, may also be instituted by the bank.

Backward | Table of Contents | Forward