Skip to main content
OCC Flag

An official website of the United States government

OCC Bulletin 2016-10 | March 21, 2016

Prepaid Cards: Interagency Guidance to Issuing Banks on Applying Customer Identification Program Requirements for Holders of Prepaid Cards


Chief Executive Officers of National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties


The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and the Financial Crimes Enforcement Network (FinCEN) (collectively, the agencies), are publishing this guidance to clarify the applicability of the customer identification program (CIP) regulations1 implementing Section 326 of the USA PATRIOT Act to prepaid cards. The guidance specifically discusses the treatment under the CIP regulations of prepaid cards issued by banks, savings associations, credit unions, and branches of foreign banks (collectively, banks), including cards that are sold and distributed by third parties that design, manage, and operate prepaid card programs (third-party program managers).

Note for Community Banks

The principles contained in this guidance apply to all national banks, federal savings associations, and federal branches and agencies.


The guidance

  • clarifies that a bank’s CIP should apply to the holders of certain prepaid cards issued by a bank.
  • provides an overview of the CIP rule requirements in 31 CFR 1020.220 with regard to the establishment of an account, identification of the customer, and verification of the customer’s identity.
  • states that a general purpose prepaid card that can be reloaded by the cardholder or by another party on behalf of a cardholder, or that permits access to credit or overdraft features, creates an account for purposes of the CIP rule.
  • clarifies that when an account is created, a customer relationship is established between the issuing bank and the cardholder.
  • discusses the application of these principles to other types of prepaid cards, such as payroll and government benefit cards.
  • discusses minimum contractual requirements for business relationships between issuing banks and third-party program managers.  


Prepaid cards have become mainstream financial products, used by individuals, corporations, and other private sector entities, as well as by state, federal, and local governments. General purpose prepaid cards can be used at multiple, unaffiliated merchants and permit cardholders to perform a variety of functions, including some that have traditionally been conducted using other mechanisms, such as checks or debit cards tied to bank deposit accounts or credit cards. Such functions include withdrawing cash at automated teller machines, paying bills, and transferring funds to and receiving funds from other cardholders.  

The agencies have clarified that money laundering and other financial crime risks associated with the issuance of prepaid cards and the processing of prepaid card transactions require the implementation of strong and effective mitigating controls. Controls already put in place, such as limits on card value and the frequency and number of transfers permitted, and due diligence on third parties and cardholders have assisted in mitigating these risks. This guidance addresses questions that have arisen regarding the application of the CIP rule to prepaid cards issued by banks, including cards issued by banks under arrangements with third-party program managers.

Further Information

Please contact Spencer W. Doak, Director for BSA/AML Compliance Policy, at
(202) 649-5470.


Grovetta N. Gardineer
Senior Deputy Comptroller for Compliance and Community Affairs

Related Link

1 68 Fed. Reg. 25090 (May 9, 2003), codified at 31 CFR 1020.220 (U.S. Department of the Treasury); 
12 CFR 21.21 (OCC); 12 CFR 208.62(b)(2) and 12 CFR 211.24(j)(2) (FRB); 12 CFR 326 (FDIC); and
12 CFR 748.2 (NCUA).