Federal Register, Volume 73 Issue 223 (Tuesday, November 18, 2008)

[Federal Register Volume 73, Number 223 (Tuesday, November 18, 2008)]
[Rules and Regulations]
[Pages 69382-69411]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-27181]

[[Page 69381]]

-----------------------------------------------------------------------

Part III

Federal Reserve System

-----------------------------------------------------------------------

12 CFR Part 233

-----------------------------------------------------------------------

Department of the Treasury

-----------------------------------------------------------------------

31 CFR Part 132

-----------------------------------------------------------------------

Prohibition on Funding of Unlawful Internet Gambling; Final Rules

Federal Register / Vol. 73, No. 223 / Tuesday, November 18, 2008 /
Rules and Regulations

[[Page 69382]]

-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

12 CFR Part 233

[Regulation GG; Docket No. R-1298]

DEPARTMENT OF THE TREASURY

31 CFR Part 132

RIN 1505-AB78

Prohibition on Funding of Unlawful Internet Gambling

AGENCIES: Board of Governors of the Federal Reserve System and
Departmental Offices, Department of the Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This document is published jointly by the Departmental Offices
of the Department of the Treasury (the ``Treasury'') and the Board of
Governors of the Federal Reserve System (the ``Board'') (collectively,
the ``Agencies'') to adopt a final rule to implement applicable
provisions of the Unlawful Internet Gambling Enforcement Act of 2006
(the ``Act''). The final rule sets out definitions for terms used in
the regulation; designates payment systems that could be used by
participants in connection with, or to facilitate, a restricted
transaction; exempts certain participants in certain designated payment
systems from the requirement of the regulation; requires the
participants performing non-exempt functions in a designated payment
system to establish and implement policies and procedures reasonably
designed to prevent or prohibit restricted transactions, such as by
identifying and blocking such transactions; provides non-exclusive
examples of policies and procedures for non-exempt participants in each
designated payment system; and sets out the regulatory enforcement
framework. In developing this rule, the Agencies have consulted with
the Department of Justice, as required by the Act, and have taken into
consideration all comments received on the proposed rule issued in
October 2007.

DATES: Final rule is effective January 19, 2009. The incorporation by
reference of the publication listed in the final rule is approved by
the Director of the Federal Register as of January 19, 2009. However,
compliance by non-exempt participants in designated payment systems is
not required until December 1, 2009.

FOR FURTHER INFORMATION CONTACT:
Board: Christopher W. Clubb, Senior Counsel (202/452-3904), Legal
Division; Jeffrey S. Yeganeh, Manager, or Joseph Baressi, Financial
Services Project Leader (202/452-3959), Division of Reserve Bank
Operations and Payment Systems; for users of Telecommunication Devices
for the Deaf (TDD) only, contact 202/263-4869.
Treasury: Charles Klingman, Director, Office of Critical
Infrastructure Protection and Compliance Policy; or Steven D. Laughton,
Senior Counsel, Office of the Assistant General Counsel (Banking &
Finance), 202/622-9209.

SUPPLEMENTARY INFORMATION:

I. Background

Unlawful Internet Gambling Enforcement Act

The Act prohibits any person engaged in the business of betting or
wagering (as defined in the Act) from knowingly accepting payments in
connection with the participation of another person in unlawful
Internet gambling. Such transactions are termed ``restricted
transactions.'' The Act generally defines ``unlawful Internet
gambling'' as placing, receiving, or otherwise knowingly transmitting a
bet or wager by any means which involves the use, at least in part, of
the Internet where such bet or wager is unlawful under any applicable
Federal or State law in the State or Tribal lands in which the bet or
wager is initiated, received, or otherwise made. The Act states that
its provisions should not be construed to alter, limit, or extend any
Federal or State law or Tribal-State compact prohibiting, permitting,
or regulating gambling within the United States.\1\ The Act does not
spell out which activities are legal and which are illegal, but rather
relies on the underlying substantive Federal and State laws.\2\
---------------------------------------------------------------------------

\1\ 31 U.S.C. 5361(b).
\2\ See H. Rep. No. 109-412 (pt. 1) p. 10.
---------------------------------------------------------------------------

The Act requires the Agencies (in consultation with the U.S.
Attorney General) to designate payment systems that could be utilized
in connection with or to facilitate restricted transactions. Such a
designation makes the payment system, and financial transaction
providers participating in the system, subject to the requirements of
the regulations. The Act further requires the Agencies (in consultation
with the U.S. Attorney General) to prescribe regulations requiring
designated payment systems and financial transaction providers
participating in each designated payment system to establish policies
and procedures reasonably designed to identify and block or otherwise
prevent or prohibit restricted transactions. The regulations must
identify types of policies and procedures that would be deemed to be
reasonably designed to achieve this objective, including non-exclusive
examples. The Act also requires the Agencies to exempt certain
restricted transactions or designated payment systems from any
requirement imposed by the regulations if the Agencies jointly
determine that it is not reasonably practical to identify and block, or
otherwise prevent or prohibit the acceptance of, such transactions.

Overview of the Proposed Rule

In October 2007, the Agencies jointly issued, and requested public
comment on, a Notice of Proposed Rulemaking (``NPRM'') to implement the
Act.\3\ The proposed rule provided definitions of terms used in the
regulation, many of which followed or referred to definitions set out
in the Act or other existing regulatory or statutory definitions. The
proposed rule did not attempt to further define gambling-related terms
because the Act itself does not specify which gambling activities are
legal or illegal and relies on prohibitions contained in statutes that
are not under the jurisdiction of the Agencies. Application of some of
the terms used in the Act may depend significantly on the facts of
specific transactions such that general regulatory definitions would
not be appropriate.
---------------------------------------------------------------------------

\3\ 72 FR 56680 (Oct. 4, 2007).
---------------------------------------------------------------------------

The proposed rule designated the following payment systems as
payment systems that could be used in connection with unlawful Internet
gambling transactions restricted by the Act: Automated clearing house
systems; card systems; check collection systems; money transmitting
businesses; and wire transfer systems. The proposed rule required
participants in these designated payment systems to establish and
implement written policies and procedures reasonably designed to
identify and block or otherwise prevent or prohibit transactions in
connection with unlawful Internet gambling.
The proposed rule also exempted from the requirements to establish
such policies and procedures all participants in the automated clearing
house systems, check collection systems, and wire transfer systems,
except for the participant that possesses the customer relationship
with the Internet gambling business (and certain participants that
receive certain cross-border transactions from, or send certain such
transactions to, foreign payment service providers) because the
Agencies believed that it was not reasonably practical for those
participants to identify and block, or otherwise prevent or prohibit,
unlawful

[[Page 69383]]

Internet gambling transactions restricted by the Act. The Agencies
intended that the participant with the customer relationship with the
Internet gambling business would have the responsibility in the ACH
systems, check collection systems, or wire transfer systems to prevent
or prohibit restricted transactions from being credited to the account
of the gambling business through that particular payment system.
Finally, the proposed rule described types of policies and
procedures that non-exempt participants in each type of designated
payment system could adopt in order to comply with the Act and included
non-exclusive examples of policies and procedures that would be deemed
to be reasonably designed to prevent or prohibit restricted
transactions. The non-exclusive examples included special procedures
for cross-border transactions in ACH systems, check collection systems,
and wire transfer systems.
The Agencies requested comment on all aspects of the proposed rule,
as well as detailed questions regarding specific aspects of the rule
within each section.

Overview of Public Comments

The Agencies received comments from about 225 members of the
public, including approximately 125 consumers, 40 depository
institutions and associations thereof, 20 gambling-related entities, 10
public-policy advocacy groups, 10 payment system operators and money
transmitters, and 20 others, including Federal agencies and members of
Congress.\4\ In addition to the following overview, specific comments
are discussed in more detail in the portions of the section-by-section
analysis that describe particular provisions.
---------------------------------------------------------------------------

\4\ The comment letters and conference call summaries cited
herein are available on the Board's public Web site at: http://www.federalreserve.gov/generalinfo/foia/index.cfm?doc_id=R%2D1298&doc_ver=1.
---------------------------------------------------------------------------

Comments related to the Act. About 65 commenters directly addressed
the Act itself. Of these, approximately 35 commenters, almost all
consumers, expressed disapproval of the Act. Consumers generally
thought that the Act represents an inappropriate governmental intrusion
into the personal choices that individuals make and that the government
should not devote resources attempting to prevent Internet gambling. A
portion of these commenters further noted that the government might
wish to legalize, regulate, and tax Internet gambling, thereby helping
provide appropriate safeguards and protections for consumers while also
potentially increasing the government's revenues. Conversely, about 20
commenters, about evenly split between consumers and public-policy
advocacy groups, expressed support for the Act on the grounds that
gambling causes harm. These commenters noted that gambling via the
Internet is of particular concern because it is anonymous and can be
done within the home at any time of day or night. Additionally, about
10 commenters expressed concern that the Act will exacerbate the U.S.'s
difficulties with the World Trade Organization (WTO) related to
Internet gambling, and suggested that the Agencies refrain from
implementing the Act until the related WTO matter is resolved.\5\ The
Agencies believe that these comments relate to the public policy issue
of the merits of the Act itself and are outside the rulemaking process.
The Agencies' duty is to carry out their responsibilities to promulgate
implementing regulations required by the Act and that is the focus of
this rulemaking.
---------------------------------------------------------------------------

\5\ See, e.g., comment letter from David S. Orkin (Dec. 2, 2007)
p. 1.
---------------------------------------------------------------------------

Comments related to the proposed rule. About 20 commenters, almost
all of them depository institutions and associations of depository
institutions, noted that notwithstanding the Agencies' efforts to craft
a reasonable rule, the proposed regulation would be unduly burdensome
and would result in compliance costs greater than any offsetting
societal benefit. Several of these commenters stated that the rule
would adversely affect the competitiveness of the U.S. payments system,
and that the Agencies should be cognizant of the potential for the Act
and similar laws to cumulatively cause capital flight and erode the
U.S. dollar's status as the world's reserve currency. More broadly,
these commenters also questioned whether the payments system is the
appropriate mechanism by which to enforce prohibitions on Internet
gambling. Some of these commenters argued that the responsibility for
enforcing gambling laws should lie with Federal and State law
enforcement authorities and that, operationally, the preferable way to
prevent unlawful Internet gambling may be for the government to work
with telecommunications providers to impede gambling Web sites' access
to the Internet.
About 50 commenters, primarily consumers and gambling-related
entities, expressed concern regarding the rule's applicability to poker
and similar games. These commenters referred to the definition of ``bet
or wager,'' and argued that poker is a game predominantly of skill and
should be excluded from the scope of the definition.
About 30 commenters, primarily depository institutions and
associations thereof, as well as a few members of Congress and
gambling-related entities, expressed concern regarding the proposed
rule's definition of ``unlawful Internet gambling.'' Banks stated that
the definition's lack of specificity would result in higher costs
associated with complying with the rule. Some members of Congress and
gambling-related interests found the vagueness of the definition to be
so problematic as to raise free-speech, fundamental-fairness, and
Administrative Procedure Act concerns.
About 40 commenters responded to the Agencies' request for comment
on whether to incorporate within the rule a list of unlawful Internet
gambling businesses. About 35 commenters of various types--depository
institutions and associations thereof, payment system operators and
money transmitters, as well as public-policy groups--expressed support
for such a list, generally on the grounds that it would reduce the cost
of complying with the rule, but some of these commenters noted that the
list might not prevent restricted transactions. About five commenters,
all of which were payment system participants or associations thereof,
opposed a list on the grounds that it would not be effective.

II. Final Rule

Overview

After carefully considering the comments, the Agencies have adopted
a final rule to implement the Act. In accordance with the Act, the
Agencies have consulted with the Department of Justice during the
development of the final rule. The Agencies also conducted further
outreach to gather information on the issues raised in the public
comments.
The final rule shares some fundamental characteristics with the
approach presented in the proposed rule. First, for example, the final
rule retains the focus on a due diligence process in establishing and
maintaining a commercial customer relationship as the core policy and
procedure that the participants in designated payment systems other
than card systems can choose to prevent or prohibit restricted
transactions. As noted in the proposal, card systems are the only
designated payment systems that use a merchant and transaction coding
framework that

[[Page 69384]]

permits participants to identify and block, during processing,
transactions with indicia of being restricted transactions. The other
designated payment systems could choose to conduct due diligence in
account-opening procedures designed to ensure that the commercial
customer does not originate or receive restricted transactions through
the customer relationship. The final rule also continues to place the
responsibility for such due diligence on the participant that is
establishing or maintaining the customer relationship with the
commercial customer. In response to comments on the proposed rule, as
discussed in more detail below, a new subsection ----.6(b) of the final
rule provides additional guidance on due diligence steps participants
can take for commercial customers to have reasonably designed policies
and procedures to prevent or prohibit restricted transactions.
The Act requires the Agencies to provide non-exclusive examples of
reasonably designed policies and procedures to prevent restricted
transactions, rather than establishing an absolute prohibition on
processing any restricted transactions. The Agencies recognize the
challenge that participants in designated payments systems will face in
trying to prevent restricted transactions without unduly burdening
their processing of lawful transactions, which make up the vast
majority of payments processed. The Agencies believe that flexible,
risk-based due diligence procedures at account opening, such as those
set out in the final rule, present the best option for balancing these
two interests.
Similar to the proposed rule, the final rule does not contemplate
that the Agencies, other government agencies, or any other entity will
establish or publish a list of businesses known to be involved in
unlawful Internet gambling. Although the Act does not require creation
of a list of unlawful Internet gambling businesses, some commenters
have suggested that the Agencies should create such a list and make it
available to designated payment systems and their participants in order
to permit them to block payments destined to those entities.\6\
---------------------------------------------------------------------------

\6\ See, e.g., comment letter from Members of Congress of the
United States (Sen. Kyl et al.) (Dec. 12, 2007) (hereinafter ``Kyl
letter'') p. 2. See also H. Rep. No. 109-412, Part 1, p. 11.
---------------------------------------------------------------------------

After carefully considering the public comments on this issue, the
Agencies have concluded that such a list would not be effective or
efficient. The first step in including a business on such a list would
be to ensure that the particular business was, in fact, engaged in
activities deemed to be unlawful Internet gambling under the Act. The
Act, however, does not set out the precise activities that are covered
by the term, but refers to activities that are unlawful under other
Federal or State gambling laws for such determinations. Creating such a
list would require the Agencies to formally interpret those laws that
are written and enforced by other entities, such as State legislatures
and law enforcement agencies. Accordingly, interpretations by the
Agencies in these areas may not be determinative in defining the Act's
legal coverage and could set up conflicts or confusion with
interpretations by the entities that actually enforce those laws. In
addition, the Agencies do not believe that a list of businesses that
engage in unlawful Internet gambling would necessarily be effective or
efficient in preventing unlawful activity because the payment
transactions would not necessarily be made payable to the business's
listed name.\7\ Even where the business's listed name is used on the
transaction, some payment systems do not process the transaction based
on the payee name.\8\ Also, to the extent that Internet gambling
businesses can change their payments information with relative ease and
speed, such a list would be outdated quickly. Finally, the Agencies
believe that appropriate due diligence conducted by participants
opening accounts would be the most effective method for preventing
unlawful Internet gambling businesses from gaining access to the
payment system directly through U.S. accounts. The suggested due
diligence procedures discussed in this final rule are designed to
target that relationship.
---------------------------------------------------------------------------

\7\ See, e.g., comment letter from MoneyGram Int'l (Dec. 11,
2007) (herein ``neyGram letter'') p.3 (Internet gambling Web sites
may direct payments to an individual, rather than the business's
corporate name, and change these names frequently).
\8\ For example, the automated processing equipment used to
clear checks does not read the payee line on a typical consumer
check.
---------------------------------------------------------------------------

Moreover, the Act already provides for a course of action if
government entities are aware of an unlawful Internet gambling Web
site. The Act provides a procedure pursuant to which the U.S. Attorney
General, State attorneys general, or other appropriate State officials
may institute proceedings to have an unlawful Internet gambling Web
site removed by the interactive computer service that provides access
to that Web site.\9\ Accordingly, if government entities are aware of
an unlawful Internet gambling Web site, the procedure provided by the
Act for denying access to the Web site in its entirety could be used,
rather than permitting access to the unlawful Internet gambling Web
site to continue without interruption, while relying on the designated
payment systems and their participants to block every transaction
destined for the Internet gambling business operating the Web site.
---------------------------------------------------------------------------

\9\ 31 U.S.C. 5365(c).
---------------------------------------------------------------------------

Finally, the final rule, like the proposed rule, does not define
``unlawful Internet gambling'' beyond the Act's definition. Numerous
commenters addressed the implementation and compliance problems created
by the Act's definition of ``unlawful Internet gambling'' and requested
that the Agencies provide greater clarity regarding this term.\10\ The
Agencies carefully considered these comments, as well as the challenges
of creating a regulatory definition of a term encompassing the various
Federal and State laws affecting Internet gambling. After consulting
with the Department of Justice and representatives from the offices of
several State attorneys general regarding this issue, the Agencies have
determined that a single, regulatory definition of ``unlawful Internet
gambling'' would not be practical.\11\ The Act's definition of
``unlawful Internet gambling'' relies on underlying Federal and State
gambling laws. The States have taken different approaches to the
regulation of gambling within their jurisdictions and the structure of
State gambling law varies widely, as do the activities that are
permitted in each State. Accordingly, the underlying patchwork legal
framework does not lend itself to a single regulatory definition of
``unlawful Internet gambling.'' The Agencies have attempted to address
the payments industry's desire for more certainty that would result
from a precise regulatory definition of ``unlawful Internet gambling''
through the due diligence guidance provided in ----.6(b). The suggested
due diligence process relies on State regulation of Internet gambling
and imposes the burden of proof of legality of Internet gambling
activities on the gambling business, rather than the designated payment
systems and their participants.
---------------------------------------------------------------------------

\10\ See, e.g., comment letter from the American Bankers
Association (Dec. 12, 2007) (hereinafter ``ABA letter''), pp. 5-6.
\11\ See summary of conference call with representatives of
various State Attorneys General (call date July 9, 2008) p. 1.
---------------------------------------------------------------------------

As discussed in detail below, the Agencies have modified the rules
in various respects in response to the

[[Page 69385]]

comments received. Identical sets of the final rules are being adopted
by the Board, to be published in Title 12 of the Code of Federal
Regulations, and by the Treasury, to be published in Title 31 of the
Code of Federal Regulations.\12\ The section numbers used in the
analysis below have not changed from the proposed rule, but the
subsection numbers may have changed because subsections have been
added, deleted, or rearranged in response to public comments.
---------------------------------------------------------------------------

\12\ The final rules adopted by the Board and the Treasury
within their respective titles of the Code of Federal Regulations
(12 CFR Part 233 for the Board and 31 CFR Part 132 for the Treasury)
are identically numbered from Sec. ----.1 to Sec. ----.7. For ease
of reference, the single set of final rules adopted by each Agency
is referred to in this release as Section ----, excluding title and
part designations. A similar format is used to refer to the single
set of proposed rules issued by the Agencies.
---------------------------------------------------------------------------

Effective Date

In the NPRM, the Agencies proposed that the final rule should take
effect six months after the joint final rule was published, and
requested comment on whether this period was reasonable. Some
commenters, representing members of Congress, sports leagues, or
gambling-related entities, suggested that six months was either an
adequate implementation period or was too long. One or more of these
commenters stated that they did not understand why participants would
not be able to implement the final rule promptly, expressed concern
about the harm a delayed effective date would have on certain gambling
interests, and referenced the statutory deadline for the promulgation
of a rule.\13\ Most commenters representing the financial industry
suggested that this period was insufficient for financial transaction
providers to develop and implement the necessary policies and
procedures. In designated payment systems with operators, such as the
ACH systems and the card systems, commenters were concerned that
participants would have to wait until the operators developed and
announced their policies and procedures before developing their own
policies and procedures.\14\ These commenters suggested various periods
for an adequate implementation period, ranging from 12 months to 24
months.
---------------------------------------------------------------------------

\13\ See, e.g., Kyl letter, supra note 6, at 2.
\14\ See, e.g., comment letter from The Clearing House Assoc.
LLC and its affiliates, The Clearing House Payments Co. LLC (Dec.
12, 2007) (hereinafter ``The Clearing House letter'') p. 14.
---------------------------------------------------------------------------

The Agencies have reviewed these comments and the concerns
expressed about a delayed effective date, as well as the reasons given
for the need for additional time. In response, the Agencies have
decided to make the final rule effective approximately 60 days from the
date of publication of the final rule in the Federal Register, and to
establish a compliance date approximately 12 months from publication of
the final rule.\15\
---------------------------------------------------------------------------

\15\ The ``effective date'' is the date that the regulation
affects or is added to the Code of Federal Regulations. The
``compliance date'' is the date that regulated entities must be in
compliance with the regulation. National Archives and Records
Administration, Federal Register Document Drafting Handbook, pp. 2-
10 and 2-11 (Oct. 1998 rev.).
---------------------------------------------------------------------------

Given the changes in the non-exclusive examples of policies and
procedures which, if followed, would result in a reduction of
compliance burden from the proposed rule to the final rule, the
Agencies believe that non-exempt participants in designated payment
systems certainly should not require more than 12 months to design and
implement the necessary policies and procedures.\16\ The Agencies also
believe, however, that the commenters have adequately demonstrated that
six months may not be sufficient time for complying with the final
rule. Accordingly, the final rule includes a compliance date of
December 1, 2009, approximately 12 months from the date of publication
of the final rule in the Federal Register.
---------------------------------------------------------------------------

\16\ For example, the Agencies believe that the shifting of the
burden of establishing whether an Internet gambling business is
engaged in restricted transactions from the financial transaction
providers to the Internet gambling businesses will minimize burden
for participants.
---------------------------------------------------------------------------

Section-by-Section Analysis

Sec. ----.1 Authority, Purpose, and Incorporation by Reference
The Agencies did not receive any comments that explicitly requested
changes to this section; however, the final rule does include three
changes. First, subsection ----.1(a) has been revised to clarify that
the final rule, consistent with the Act, is not intended to affect or
interpret the interaction between existing Federal or State statutes,
such as the Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et seq.)
(IHA), and other Federal statutes. Specifically, as set out in
subsection ----.1(a), the Act states that none of its provisions shall
be construed as altering, limiting, or extending any Federal or State
law or Tribal-State compact prohibiting, permitting, or regulating
gambling within the United States.\17\ In addition, the Act states that
its provisions are not intended to change the existing relationship
between the IHA and other Federal statutes in effect on October 13,
2006, the date of the Act's enactment, and are not intended to resolve
any existing disagreements over how to interpret the relationship
between the IHA and other Federal statutes.\18\ The final rule is
intended to be consistent with these provisions and should not be
construed to affect or interpret the interaction between the various
underlying Federal and State statutes or Tribal-State compacts.
---------------------------------------------------------------------------

\17\ 31 U.S.C. 5361(b).
\18\ 31 U.S.C. 5362(10)(D)(iii).
---------------------------------------------------------------------------

Second, a new subsection ----.1(c) has been added and states that
requirements for the collection of information in the final rule have
been approved under the Paperwork Reduction Act for the Department of
the Treasury by the Office of Management and Budget (OMB) and by the
Board pursuant to authority delegated to the Board by OMB. Finally, the
reference to the automated clearing house rules incorporated by
reference into the final rule has been updated to reflect the 2008
rules published by the National Automated Clearing House Association
(NACHA). For purposes of this final rule, there are no material
differences between the 2008 NACHA rules and the 2007 NACHA rules that
were incorporated by reference in the proposed rule. The Agencies will
continue to update the reference to new rules issued by NACHA as
appropriate if there are changes in the rules that are material to
application of the final rule.
Sec. ----.2 Definitions
In general. In response to comments, the final rule contains
several new or modified defined terms. As an initial matter, lead-in
language for the entirety of Sec. ----.2 was added to clarify that the
definitions set out in the final rule are intended for use only with
respect to the final rule and are not intended to be used in other
contexts.
Sec. ----.2(a) Actual knowledge. The proposed rule included
examples of remedial actions that a non-exempt participant could choose
to take if it ``becomes aware'' that a commercial customer received
restricted transactions through the participant's facilities or a
foreign counterparty ``is found to have'' processed restricted
transactions through the participant's facilities. Commenters objected
to these terms as too vague to provide a basis for compliance programs
and suggested that they should be replaced with more precise terms that
could be implemented by compliance personnel and examined by
regulators.\19\ In

[[Page 69386]]

response to these comments, a new definition for the term ``actual
knowledge'' was added for use in the remedial action provisions of
Sec. ----.6. As described in more detail below, the Agencies revised
the remedial action examples to include an ``actual knowledge''
standard similar to what some commenters suggested.\20\ As used in the
final rule, the term ``actual knowledge'' includes information
regarding a particular transaction or commercial customer that is known
by or brought to the attention of compliance personnel of the
participant responsible for that transaction or customer (which may be
below officer level) or any officer of the participant. The Agencies
expect that an employee at the officer level of a participant should be
responsible for forwarding the information to the proper personnel
within the organization.
---------------------------------------------------------------------------

\19\ See, e.g., comment letter from Wells Fargo & Company (Dec.
12, 2007) (hereinafter ``Wells Fargo letter''), pp. 15-16.
\20\ Id. at 21-22.
---------------------------------------------------------------------------

Sec. ----.2(c) Bet or wager. The proposed rule contained a
definition of the term ``bet or wager'' which followed the definition
for that term contained in the Act.\21\ Specifically, the proposed rule
defined the term, in pertinent part, to mean the staking or risking by
any person of something of value upon the outcome of, among other
things, ``a game subject to chance, upon an agreement or understanding
that the person or another person will receive something of value in
the event of a certain outcome.'' \22\ Similar to the Act, the proposed
rule did not define gambling-related terms such as ``game subject to
chance.'' The Agencies explained in the proposed rule that it was their
preliminary view that issues regarding the scope of gambling-related
terms should be resolved by reference to the underlying substantive
State and Federal gambling laws and not by a general regulatory
definition. The Agencies received about 40 comments related to the
meaning of the term ``game subject to chance.''
---------------------------------------------------------------------------

\21\ 31 U.S.C. 5362(1).
\22\ NPRM, 72 FR at 56695.
---------------------------------------------------------------------------

Commenters requested that the Agencies clarify that Congress did
not intend for the Act to block lawful gaming transactions such as
skill games, that the definition of ``unlawful Internet gambling'' does
not include skill games, and that the system designed to stop the flow
of funds to unlawful Internet gambling operations does not include
businesses operating skill games on the Internet.\23\ Commenters also
suggested application of a dominant factor test as a means of
distinguishing a skill game from a game subject to chance.\24\
Commenters asserted that, under the dominant factor test, a game whose
outcome is determined predominantly by chance would be a game subject
to chance, and a game whose outcome is determined predominantly by
skill would be a skill game not covered by the Act or the
regulation.\25\ Commenters also stated that ``subject to chance'' is
meant to cover games like roulette or slots where persons bet against
the ``house'' and success is determined entirely by chance as opposed
to games where individuals compete against one another with success
over time being determined by skill.\26\ Commenters also asserted that
poker is a game of skill and not of chance.\27\ Other commenters
asserted that games like traditional poker and bridge are games subject
to chance based on the ``luck of the draw'' via the random shuffling
and dealing of cards.\28\ These commenters asserted that unlike
traditional poker and bridge, games like duplicate poker and duplicate
bridge are skill games, because the luck of the draw is completely
eliminated.
---------------------------------------------------------------------------

\23\ See e.g., comment letter from the Interactive Skill Games
Association (Dec. 12, 2007), pp. 1 and 3.
\24\ See e.g., comment letter from the Poker Players Alliance
(Dec. 12, 2007) (hereinafter ``PPA letter''), p. 2.
\25\ Id.
\26\ See e.g., comment letter from Daniel W. Johnson (Oct. 16,
2007), p. 1.
\27\ See e.g., PPA letter, supra note 24, at 2.
\28\ See e.g., comment letter from Nelson Mullins Riley &
Scarborough LLP (Dec. 12, 2007) (hereinafter ``Nelson Mullins
letter'') pp. 2-3.
---------------------------------------------------------------------------

The Agencies believe that the characterization of each of the
activities discussed above depends on the specific facts and
circumstances. As noted above, the Agencies believe that questions
regarding what constitutes unlawful Internet gambling should be
resolved pursuant to the applicable Federal and State gambling laws.
While there may be some games or contests conducted over the Internet
that are not ``games subject to chance'' and, thus, not subject to the
Act and the final rule, the Agencies believe that such issues are more
appropriately resolved pursuant to the various underlying gambling laws
than with a single regulatory definition.
The Agencies note, however, that a careful reading of the statutory
language of the Act may be instructive in discerning Congressional
intent regarding what constitutes a ``game subject to chance.'' The Act
defines the term ``bet or wager'' as including a ``game subject to
chance.'' \29\ However, the Act also defines the term ``bet or wager''
as including the purchase of a chance or opportunity to win a lottery
or other prize (which opportunity to win is predominantly subject to
chance).'' \30\ The fact that Congress used ``subject to chance'' in
one paragraph and ``predominantly subject to chance'' in the next
paragraph in the same subsection suggests that Congress intended the
element of chance in ``game subject to chance'' to be less than
predominant. The Agencies believe that if Congress had intended chance
to be the predominant factor in determining the outcome of a ``game
subject to chance,'' Congress would have inserted the word
``predominantly'' as it did subsequently in the same section.
Therefore, even if chance is not the predominant factor in the outcome
of a game, but was still a significant factor, the game could still be
deemed to be a ``game subject to chance'' under a plain reading of the
Act.
---------------------------------------------------------------------------

\29\ 31 U.S.C. 5362(1)(A).
\30\ 31 U.S.C. 5362(1)(B) (emphasis added).
---------------------------------------------------------------------------

One commenter suggested that the Agencies consider developing a
procedural mechanism by which Internet gambling businesses may apply
for and obtain a certification from the Agencies that the Internet
gambling businesses are engaged in lawful Internet gambling under
applicable Federal and/or State law.\31\ The Agencies have decided
against implementing such a certification process. Instead, the
nonexclusive policies and procedures contained in the final rule and
discussed further below provide for an analogous procedural mechanism
whereby the responsibility of determining which gambling activities are
lawful is retained with the authorities enforcing the underlying
gambling laws. Specifically, participants in designated payment systems
may choose to follow the due diligence process in Sec. ----.6(b) of
the final rule's non-exclusive examples whereby they can rely on
licenses issued by the appropriate gambling authorities as evidence
that a commercial customer's Internet gambling activities are lawful.
If a commercial customer does not have such a license, the participant
may request that the unlicensed Internet gambling business provide a
reasoned legal opinion that it does not engage in restricted
transactions. If a participant has questions or concerns regarding the
reasoned legal opinion, it should verify (or have the commercial
customer verify) the conclusions presented in the reasoned legal
opinion with the appropriate licensing authority.
---------------------------------------------------------------------------

\31\ Nelson Mullins letter, supra note 28, at 2 and 6.
---------------------------------------------------------------------------

Sec. ----.2(d) Block. A new definition for the term ``block'' was
added to the final

[[Page 69387]]

rule in response to comments that suggested that there was confusion
among participants over the meaning of the term.\32\ This term is used
in the Act and the proposed rule imported it from the statutory
language. As defined in the final rule, the term ``block'' means to
reject a transaction before or during processing and is not intended to
require freezing the funds. The funds would remain in or be returned to
the original account and could be accessed by the accountholder for
other purposes.
---------------------------------------------------------------------------

\32\ See, e.g., The Clearing House letter, supra note 14, at 13.
---------------------------------------------------------------------------

Sec. ----.2(f) Card system. The final rule includes revisions to
the definition of ``card system'' included in the proposed rule in
response to a comment that requested that the definition be clarified
to cover both a card system model in which the merchant acquirer, the
card network, and the card issuer are separate entities, as well as a
model in which one company (such as American Express) owns the card
processing network and is responsible for two or more major functions
involved in issuing cards and acquiring merchants to accept the
cards.\33\ The NPRM discussed both card system models and the proposed
rule made no distinction between the two.\34\ In order to remove any
ambiguity, the final rule clarifies that both models are covered by the
term ``card system'' in the final rule.
---------------------------------------------------------------------------

\33\ See, e.g., comment letter from Bank of America (Dec. 12,
2007) pp. 2-3.
\34\ NPRM, 72 FR 56680, 56684 n.10.
---------------------------------------------------------------------------

Sec. ----.2(i) Commercial customer. A new definition for the term
``commercial customer'' was added to the final rule in response to
comments that suggested that the final rule should clarify that the
regulation was focused on due diligence procedures relating to
commercial customers, rather than consumer accounts.\35\ As noted
above, other than for payment systems with a transaction coding
functionality, the Agencies are suggesting that the efforts of
participants in designated payment systems be focused on preventing
restricted transactions primarily through due diligence on commercial
customers. The Agencies have revised the provisions of the regulation
to provide more clarity on this point. To facilitate this, a definition
of the term ``commercial customer'' was added to the final rule.
---------------------------------------------------------------------------

\35\ See, e.g., comment letter from Howrey, LLP, on behalf of
The Money Services Round Table (Dec. 6, 2007) (hereinafter ``TMSRT
letter'') pp. 5-6.
---------------------------------------------------------------------------

Sec. ----.2(o) Foreign banking office. A new definition of the
term ``foreign banking office'' was included in the final rule for use
in the remedial action provisions in Sec. ----.6 for cross-border
transactions. The definition clarifies that a foreign office of a U.S.
bank and a non-U.S. office of a foreign banking organization are both
considered a ``foreign banking office'' for purposes of the final rule.
The non-exclusive examples of reasonably designed policies and
procedures include special provisions with respect to transactions and
relationships between a U.S. office of a participant in a designated
payment system and a foreign banking office. The new term for ``foreign
banking office'' was included to facilitate those provisions.
Sec. ----.2(r) Internet gambling business. The final rule includes
a new definition of the term ``Internet gambling business'' to
facilitate use of the expanded example of due diligence of commercial
customers. (Under the due diligence example, a participant would assess
the risk of a customer being engaged in an ``Internet gambling
business'' and would take certain steps based on that assessment.) The
term contains elements of the Act's definition of the term ``unlawful
Internet gambling,'' but includes both lawful and unlawful activities.
The new term excludes the customary activities of a financial
transaction provider, or any interactive computer service or
telecommunications service, similar to the Act's exclusions from the
term ``business of betting or wagering.''
Sec. ----.2(v) Operator. Some commenters requested clarification
of the exemptions and responsibilities of different participants in a
payment system under the examples of reasonably designed policies and
procedures to prevent restricted transactions.\36\ The final rule
defines the term ``operator'' of a designated payment system to mean an
entity that provides centralized clearing and delivery services between
participants in the designated payment system and maintains the
operational framework for the system and includes an ACH operator as
defined in the NACHA rules. This definition works in conjunction with
the clarifying changes to the exemptions and revisions, discussed
below. For example, the operator of a money transmitting business is
responsible for establishing the policies and procedures, while in an
ACH system, the operator is generally granted an exemption.
---------------------------------------------------------------------------

\36\ See, e.g., ABA letter, supra note 10, at 3-4.
---------------------------------------------------------------------------

Sec. ----.2(x) Reasoned legal opinion. The final rule includes a
new definition for the term ``reasoned legal opinion'' to facilitate
use of the expanded due diligence guidance that has been added to Sec.
----.6(b). As explained in more detail below, in certain situations, a
participant may ask a commercial customer for a ``reasoned legal
opinion'' that its Internet gambling business does not involve
restricted transactions. The Agencies added this term to provide more
guidance on the type of legal opinion that would be considered
adequate. The definition is based in part on the American Bar
Association standards for a legal opinion.\37\
---------------------------------------------------------------------------

\37\ See ``Third-Party Legal Opinion Report, Including the Legal
Opinion Accord, of the Section of Business Law,'' American Bar
Association, 47 Bus. Law. 167 (1991).
---------------------------------------------------------------------------

Sec. ----.2(y) Restricted transaction. Several commenters asked
the Agencies to clarify that the definition of ``restricted
transaction'' would not apply to funds going to a consumer (i.e., a
gambler), as opposed to funds going to a commercial customer (i.e., an
Internet gambling business).\38\ The Act defines ``restricted
transaction'' in Sec. 5362(7) as ``any transaction * * * which the
recipient is prohibited from accepting under section 5363.'' In turn,
Sec. 5363 provides that ``[n]o person engaged in the business of
betting or wagering may knowingly accept'' a payment ``in connection
with the participation of another person in unlawful Internet
gambling.'' Under the final rule, the term ``restricted transaction''
would not include funds going to a gambler, and would only include
funds going to an Internet gambling business.
---------------------------------------------------------------------------

\38\ See, e.g., comment letter from the National Automated
Clearing House Association (Dec. 13, 2007) (hereinafter ``NACHA
letter''), p. 2.
---------------------------------------------------------------------------

Sec. ----.2(aa) Third party processor. A new definition for the
term ``third party processor'' was added to the final rule in response
to comments that suggested the final rule should clarify the
responsibilities of processors under the Act.\39\ The new definition
clarifies that a processor with a direct customer relationship with the
originator of a debit transfer transaction or the receiver of a credit
transfer transaction, and which acts as an intermediary between the
originator (or receiver) and the depository institution is a ``third
party processor'' and covered by the regulation. A processor providing
back-office support to a depository institution is not covered by the
final rule, but the depository institution should ensure that such a
processor complies with the depository institution's policies. The term
``third party processor'' has also been added to the definition of
``participant in a designated payment system'' and, as discussed in
Sec. ----.6, ``third party processors'' are responsible for
establishing reasonably designed

[[Page 69388]]

policies and procedures in certain circumstances.
---------------------------------------------------------------------------

\39\ See, e.g., comment letter from U.S. Central Federal Credit
Union (Dec. 6, 2007) p. 3.
---------------------------------------------------------------------------

Sec. ----.3 Designated Payment Systems
The final rule's list of designated payment systems subject to the
regulation differs from the list presented in the proposed rule only
with respect to the designation for money transmitting businesses. The
proposed rule included the definitions of ``money transmitting
business'' and ``money transmitting service'' set out in the Act. The
proposed rule designated ``money transmitting businesses'' as payment
systems subject to the regulation. Commenters noted that, as defined in
the Act, ``money transmitting business'' included check cashers,
currency exchangers or entities which issue or redeem money orders or
travelers checks.\40\ For purposes of the Act, the Agencies do not
believe that entities should be brought under the final rule's
designation of ``money transmitting business'' and become subject to
the final rule's provisions solely by virtue of engaging in check
cashing, currency exchange, or the issuance or redemption of money
orders, travelers' checks, and other similar instruments. Such
activities could not be used for Internet gambling on an efficient
basis. Accordingly, in order to address this comment, the Agencies
revised the designation to read money transmitting businesses solely to
the extent that they ``engage in the transmission of funds, which does
not include check cashing, currency exchange, or the issuance or
redemption of money orders, travelers' checks, and other similar
instruments.'' Entities that would be included in the statutory term
``money transmitting business'' solely by virtue of engaging in check
cashing, currency exchange, or the issuance or redemption of money
orders, travelers' checks, and other similar instruments, but without
engaging in the transmission of funds, would not be a participant in a
designated payment system under the final rule.
---------------------------------------------------------------------------

\40\ E.g., TMSRT letter, supra note 35, at 2; see also Wells
Fargo letter, supra note 19, at 24-25.
---------------------------------------------------------------------------

After reviewing comments and conducting further outreach, the
Agencies have also revised the designation to include only those money
transmitting businesses that engage in the transmission of funds and
permit customers to initiate money transmission transactions remotely
from a location other than a physical office of the money transmitting
business.\41\ Money transmitting businesses that require senders to
come to a physical office location to initiate transactions would not
be attractive payment arrangements through which Internet businesses,
including Internet gambling businesses, could obtain payments from the
general public. The Agencies do not believe that such arrangements
could reasonably be used for Internet gambling on a scale that would be
useful or efficient for the Internet gambling business due to their
lack of broad public accessibility. The Agencies believe that money
transmitting businesses that do not permit remote initiation of
transactions, such as through a website, are primarily focused on
serving a narrow population or geographic area, such as would be the
case in arrangements where a particular population in the United States
is sending money to relatives in their home country.
---------------------------------------------------------------------------

\41\ See summary of conference call with The National Money
Transmitters Assoc. (call date June 3, 2008) (hereinafter ``NMTA
call summary''), p. 1.
---------------------------------------------------------------------------

A few commenters cited ``900-number'' payment schemes, and, while
not providing any information regarding how these schemes work,
requested that the Agencies look into them and ensure they are covered
by the regulation as appropriate.\42\ The Agencies have researched
these schemes and believe that the schemes would fit the Act's and
rule's definition of a money transmitting business if located within
the United States. Operators of the 900-number schemes appear to use
either a card payment or an ACH debit to obtain funds from the payor
(the caller) and, separately, to use either a check or an ACH credit to
send funds to the payee (the merchant that subscribes to the 900-number
service, i.e., the entity receiving the 900-number call). The model
appears analogous to that employed by PayPal (which identifies itself
as a money transmitting service, and has obtained numerous Federal and
State licenses in that regard), except that the operator of the 900-
number scheme uses the phone network instead of the Internet for
communications purposes, and uses phone numbers instead of email
addresses to identify payors and payees using the system. Accordingly,
such schemes located in the United States would be included in the
money transmitting business designated payment system set forth in
Sec. ----.3(d) of the rule, and non-exempt participants in these
systems, such as the operator, would be expected to adopt policies and
procedures reasonably designed to prevent or prohibit restricted
transactions if located in the United States.
---------------------------------------------------------------------------

\42\ See, e.g., comment letter from the National Football
League, Major League Baseball, National Basketball Association,
National Hockey League, and National Collegiate Athletic Association
(Dec. 12, 2007) (hereinafter ``NFL letter''), p. 5.
---------------------------------------------------------------------------

Sec. ----.4 Exemptions
In general. Under the proposed rule, in designated payment systems
other than card systems, the primary responsibility for establishing
reasonably designed policies and procedures to prevent restricted
transactions was placed on the participant that established and
maintained the customer relationship with the commercial recipient of
the funds (i.e., the Internet gambling business). The proposed rule
provided exemptions for other specified participants in the ACH, check
clearing, and wire transfer systems. Commenters noted that, while
listing the exempt participants in each designated payment system may
be the functional equivalent of exempting all participants except for
the participant with the customer relationship with the Internet
gambling business, it could define the exempt participants too
narrowly.\43\ In a payment transaction, there may be numerous
intermediary servicers that do not have access to information on the
commercial recipient and should be exempted. In addition, as commenters
noted, as payment systems evolve, new intermediary participants could
enter the transaction stream, but not be exempted because they were not
specifically listed in Sec. ----.4. Commenters recommended reworking
the text of Sec. ----.4 to make it clear that all participants in
designated payment systems are exempt, except for the participant that
possesses the customer relationship with the Internet gambling
business. In response to these comments, Sec. ----.4 has been revised
to exempt every participant in a designated payment system, except the
participants that have specific responsibilities in the non-exclusive
examples in Sec. ----.6, which, in most cases, will be the participant
with the relationship with the commercial customer.\44\ Various
participants would

[[Page 69389]]

have responsibilities under the non-exclusive examples for card systems
in Sec. ----.6 if card systems and their participants choose to adopt
them.
---------------------------------------------------------------------------

\43\ See, e.g., ABA letter, supra note 10, at 3.
\44\ Some commenters suggested that even an exempt participant
should be required to block a transaction in cases where the
participant has actual knowledge that it is a restricted
transaction. E.g., NFL letter, supra note 42, at 5. In an automated
payment system, it is unclear how an exempt participant would have
actual knowledge that a particular transaction is a restricted
transaction while in process. In addition, the final rule expressly
states that it does not modify any requirement imposed on a
participant by other applicable law or regulation to file a
suspicious activity report to the appropriate authorities. If any
participant suspects that a customer is processing illegal
transactions, including restricted transactions, through the
participant's facilities, the participant should file a suspicious
activity report with the appropriate authorities.
---------------------------------------------------------------------------

Sec. ----.4(a), (b), and (d) Exemptions for ACH, check, and wire
systems. Some commenters suggested that the final rule should provide a
blanket exemption for ACH, check collection, and wire transfer systems
in their entirety because these systems, unlike card systems, do not
have the functionality necessary to code transactions and
merchants.\45\ While such an approach would certainly reduce the burden
of the rule, it would substantially undermine the efficacy of the rule
and the Act. Moreover, the final rule's non-exclusive examples for ACH,
check collection, and wire transfer systems do not contemplate that
non-exempt participants would identify individual transactions as
restricted transactions. Rather, the final rule's non-exclusive
examples contemplate that a participant would conduct risk-based due
diligence of commercial customers at account opening, and when it has
actual knowledge that a commercial customer is engaged in an Internet
gambling business, to determine the risk the commercial customer
presents of engaging in restricted transactions.\46\ The Agencies
believe that this approach is reasonably practical for non-exempt
participants in the ACH, check collection, and wire transfer systems
and, accordingly, that a blanket exemption for these systems in their
entirety would not be appropriate under the Act.
---------------------------------------------------------------------------

\45\ E.g., comment letter from Manufacturers and Traders Trust
Co. (M&T Bank) (Dec. 11, 2007) (hereinafter ``M&T Bank letter''), p.
4. Some commenters similarly suggested that ACH, check collection,
and wire transfer systems should not be listed as designated payment
systems for similar reasons. See, e.g., Wells Fargo letter, supra
note 19, at 7.
\46\ One commenter acknowledged that a bank could perhaps
identify customers engaged in illegal Internet gambling by
conducting enhanced due diligence at account opening, but stated
that having to conduct enhanced due diligence at each account
opening would be a significant burden on banks and customers alike.
See comment letter from Compass Bank (Dec. 6, 2007), pp. 4-5.
---------------------------------------------------------------------------

Some commenters suggested exempting all U.S. participants
processing cross-border transactions, because these participants do not
have a direct customer relationship with Internet gambling businesses
located abroad.\47\ The final rule exempts U.S. participants processing
outbound cross-border credit transactions (i.e., ACH credits and wire
transfers) because there are no reasonably practical steps that a U.S.
participant could take to prevent their consumer customers from sending
restricted transactions cross-border.\48\ Specifically, the automated
systems associated with ACH credit and wire transfers do not typically
include information that would allow U.S. participants to identify and
block restricted transactions. The Agencies also considered a process
described in the NPRM that would involve customers describing the
nature of the transaction and/or stating whether the transaction
involves Internet gambling. However, the Agencies determined that such
a process would be unduly burdensome for U.S. participants with little
corresponding benefit because U.S. customers may mischaracterize the
nature of the transaction and the participant would generally be unable
to determine whether the customer's characterization of the transaction
is accurate. As discussed in greater detail below, however, the final
rule does not exempt U.S. participants receiving cross-border debit
transactions (i.e., ACH debits and check collections). Also, there are
no exemptions for cross-border transactions in card systems.
---------------------------------------------------------------------------

\47\ See e.g., ABA letter, supra note 10 at 4.
\48\ The final rule does not exempt the operator of a money
transmitting business with respect to cross-border transactions,
another form of credit transaction, because the operator of the
system typically signs up commercial customers and can perform due
diligence on those customers.
---------------------------------------------------------------------------

Exemptions for certain card systems. One commenter suggested that
the final rule should exempt gift cards entirely from the regulation
and exempt stored-value cards or, at a minimum, exempt stored value
cards below a threshold amount.\49\ The commenter stated that such
cards have not previously been subject to government regulation and
such card systems do not have policies and procedures in place to track
or limit the type of use of the card by the purchaser.\50\ The
commenter also stated that the burden of imposing a new regulation on
entities acting as a card system operator, a merchant acquirer, or a
card issuer is likely to be substantial. The Agencies considered this
comment, but determined that the concerns were addressed by the final
rule. The final rule's non-exclusive examples for card systems are
based on coding frameworks that have already been instituted by the
operators of the major ``open'' card systems, such as Visa, MasterCard,
and American Express. If a card system is a ``closed loop'' system, the
cards can only be used at the merchants belonging to the ``closed
loop'' system. So long as Internet gambling businesses cannot accept
these cards, the burden of this rule would be minimal, although the
non-exempt participants in these systems would still have to comply
with the rule's requirement to have reasonably designed policies and
procedures in place. Accordingly, the Agencies determined that a
blanket exemption for stored value products and gift cards was not
appropriate.
---------------------------------------------------------------------------

\49\ See comment letter from Alston & Bird LLP (Dec. 12, 2007)
(hereinafter ``Alston & Bird letter''), pp. 14-17.
\50\ The commenter also questions whether the proposed rule
required issuers, seller, and redeemers of gift cards to have
reasonably designed policies and procedures to prevent restricted
transactions. Id. at 15. As explained above, the only participants
in card systems that are contemplated by the final rule's non-
exclusive examples to have policies and procedures are the operator,
card issuer, third-party processor, and merchant acquirer. Retailers
that may sell pre-paid gift cards or stored value products of other
issuers, such as grocery stores or convenience stores that sell gift
cards for book stores, are not participants in a designated payment
system, as defined by the final rule, and thus are not covered by
the final rule.
---------------------------------------------------------------------------

Another commenter questioned the application of the proposed rule
to co-branded cards, where a depository institution issues the card,
but a non-depository institution, such as a securities firm, has its
name on the card.\51\ According to the commenter, the cards are usually
issued to customers of the non-depository institution, but, in some co-
branded card arrangements, the non-depository institution may assist
the card issuer in certain aspects of the program, such as performing
sub-accounting, issuing statements and providing authorization
services, under a servicing contract with the card issuer. The
commenter argued that a securities firm should not be regarded as a
participant in the card system simply because its name appears on the
card or the securities firm provides services to the card issuer in
support of the program. The Agencies believe that the final rule's non-
exclusive examples for card systems address these types of situations.
The non-exclusive examples for card systems contemplate the
implementation of a code system, such as transaction codes and
merchant/business category codes to accompany the authorization request
for a transaction. The code system should provide the operational
functionality to enable the card system operator or the card issuer to
reasonably identify and deny authorization for a transaction that the
coding procedure indicates may be a restricted transaction.
---------------------------------------------------------------------------

\51\ Comment letter from the Securities Industry and Financial
Markets Association (Dec. 12, 2007), pp. 3-4.
---------------------------------------------------------------------------

With respect to the commenter's question regarding the
responsibilities of the co-branding securities firm under the non-
exclusive examples for card systems in Sec. ----.6, the answer would
depend on the facts presented. If the

[[Page 69390]]

card issuing bank receives the transaction authorization request with
the required codes, it should implement its policies and procedures to
deny authorization for a transaction with codes that indicate it may be
a restricted transaction, without any involvement by the non-depository
institution with its name on the card. If the card issuing bank has
contracted with the co-branding non-depository institution to process
authorization requests, the card issuing bank is responsible for
ensuring that the co-branding non-depository institution is properly
following the card issuing bank's policies and procedures regarding
restricted transactions.
Sec. ----.4(c) Money transmitting business. The proposed rule did
not contain any exemptions for participants in a money transmitting
business. Commenters suggested that ``send'' agents of money
transmitting businesses should be exempted from the rule's requirements
because, like the originating institution in an ACH credit or a wire
transfer, the ``send'' agent does not have a direct relationship with
the commercial customer receiving the funds transmission and would not
be in a position to collect information to identify restricted
transactions.\52\ In response to these comments, the Agencies have
determined to exempt all send agents in a money transmitting business.
In fact, the final rule includes an exemption for all participants in a
money transmitting business, except for the operator. If an entity
acted as both a send agent and the operator in a money transmitting
business, the entity would not be exempted from the final rule by
virtue of acting as the operator.
---------------------------------------------------------------------------

\52\ See, e.g., TMSRT letter, supra note 35, at 3.
---------------------------------------------------------------------------

Sec. ----.5 Policies and Procedures Required
Sec. ----.5 Section title. In the proposed rule, the title of
Sec. ----.5 was ``Processing of restricted transactions prohibited.''
One commenter suggested that the title of Sec. ----.5 in the proposed
rule be revised to more accurately reflect what the section actually
does.\53\ In fact, the requirement in Sec. ----.5 is to establish and
implement reasonably designed policies and procedures to identify and
block or otherwise prevent or prohibit restricted transactions, rather
than impose a strict liability standard. The title of Sec. ----.5 in
the final rule has been revised accordingly to read ``Policies and
procedures required.''
---------------------------------------------------------------------------

\53\ See, e.g., comment letter from MasterCard Worldwide (Dec.
12, 2007) (hereinafter ``MasterCard letter'') p. 2.
---------------------------------------------------------------------------

Sec. ----.5(b) Reliance on system policies and procedures. The
proposed rule incorporated the Act's provisions permitting a
participant in a designated payment system to comply with the Act's
requirement to establish policies and procedures by relying on and
complying with the policies and procedures of the designated payment
system if the system's policies and procedures complied with the
requirements of the regulation. This would likely be applicable to
operator-driven systems, such as card systems. The Act does not
indicate how a participant is to determine whether a system's policies
and procedures comply with the regulation, and yet, makes such a
determination a requirement for compliance under this provision.
Commenters noted the significant problems and burden that would be
imposed on participants in determining whether a system's policies and
procedures complied with the regulation in order to rely on them.\54\
---------------------------------------------------------------------------

\54\ See, e.g., comment letter from the Office of the
Comptroller of the Currency (Dec. 12, 2007) (hereinafter
``Comptroller letter'') pp. 2-3.
---------------------------------------------------------------------------

In response to these comments and to provide participants with a
bright-line standard for knowing when they could rely on this provision
for compliance with the regulation, the Agencies revised the rule to
expressly permit participants in a designated payment system to rely on
a written statement or notice by the operator of the designated payment
system to its participants that states that the operator has designed
or structured its policies and procedures to comply with the
regulation. Such a statement or notice will be deemed to provide a
justifiable basis for the participant to assume that the system's
policies and procedures comply with the requirements of the final rule,
unless and until the participant is notified otherwise by the Federal
agency that has enforcement authority over that participant under Sec.
----.7. The Agencies anticipate that such a statement or notice will
provide a common understanding for all parties (i.e., the system
operator, the other participants, and the regulator) that the Federal
functional regulators will review the operator's policies and
procedures and that the participants, many of which may be small
businesses, will not be criticized by the regulators if they comply
with the operator's policies and procedures, even though the regulators
may subsequently deem the operator's policies and procedures to be
deficient. If, upon review, the regulators determine that the
operator's policies and procedures are deficient under the regulation,
the Agencies expect that the regulators will work with the operator to
correct the deficiency. If the operator is unable or unwilling to
correct the deficiency, the Agencies expect that the regulators or the
system operator would notify the participants that they can no longer
rely on the operator's policies and procedures.
Sec. ----.5(d) Liability protection. As noted in the NPRM, the
proposed rule imported the Act's provisions protecting persons from
liability for identifying and blocking, preventing or prohibiting the
acceptance of its products or services in connection with a
transaction, or otherwise refusing to honor a transaction if (i) the
transaction is a restricted transaction, (ii) such person reasonably
believed the transaction to be a restricted transaction, or (iii) the
person is a participant in a designated payment system and prevented
the transaction in reliance on the policies and procedures of a
designated payment system, in an effort to comply with the regulation.
Some commenters suggested that the final rule expand these provisions
to provide protection from liability in specific scenarios.\55\ The
Agencies considered these comments, but do not believe that expanding
the liability protections in the regulation is appropriate. The Act's
liability protection provisions address liability to a counterparty
that may arise under other statutes (such as State commercial laws)
from the failure of a participant in a designated payment system to
complete a transaction. The Agencies do not believe that the Act
authorizes them to expand or modify, by regulation, the scope of the
protection from liability that the Act itself provides with respect to
these other statutes.\56\ The liability protection provisions in the
final rule are limited to application of the final rule. The scope of
the Act's liability protection with respect to other statutes should be
determined by the entities that enforce those statutes. Accordingly,
the final rule retains the scope of the liability protection provisions
from the proposed rule.
---------------------------------------------------------------------------

\55\ See, e.g., comment letter from First Data Corporation (Dec.
12, 2007) p. 3.
\56\ A commenter also requested that the Agencies include the
Act's liability protection provisions verbatim from the statutory
language. See MasterCard letter, supra note 53, at 3. The commenter
was unclear as to whether the liability protection in the proposed
rule matched the breadth of content of the Act's provision. As noted
above, the Agencies intended to import the Act's liability
protections from the Act and only modified the language for
grammatical purposes to insert into the regulation.
---------------------------------------------------------------------------

Sec. ----.5(e) Overblocking. The Act requires that the Agencies
ensure that transactions in connection with any

[[Page 69391]]

activity excluded from the Act's definition of ``unlawful Internet
gambling'' are not blocked or otherwise prevented or prohibited by the
prescribed regulations (the ``overblocking provision'').\57\ As noted
in the NPRM, the proposed rule implemented this provision by making
clear that nothing in the regulation requires or is intended to suggest
that participants should block or otherwise prevent or prohibit any
transaction in connection with any activity that is excluded from the
definition of ``unlawful Internet gambling'' in the Act. In the NPRM,
the Agencies noted that they believed that the Act does not provide the
Agencies with the authority to require designated payment systems or
participants therein to process any gambling transactions if the system
or participant decides for business reasons not to process such
transactions.
---------------------------------------------------------------------------

\57\ 31 U.S.C. 5364(b)(4).
---------------------------------------------------------------------------

Some commenters agreed with the Agencies' approach to the
overblocking provision presented in the proposed rule.\58\ One
commenter noted that any regulation that would require participants in
designated payment systems to process certain types of transactions
would ``significantly alter the business practices of many financial
transaction providers--including the issuers of significant numbers of
payment cards who currently routinely decline authorization for all
transactions on U.S.-issued cards coded as Internet gambling
transactions.'' \59\ Conversely, some commenters representing gambling
interests argued that the final rule should clarify that transactions
related to interstate pari-mutuel wagering are not unlawful and need
not be blocked.\60\ Some commenters suggested that the final rule
should require designated payment systems to create a new merchant
category code specifically for gambling transactions that are not
prohibited by the Act.\61\
---------------------------------------------------------------------------

\58\ See, e.g., comment letter from Visa U.S.A. Inc. (Dec. 12,
2007) (hereinafter ``Visa letter'') p. 3; see also ABA letter, supra
note 10, at 5.
\59\ See MasterCard letter, supra note 53, at 4.
\60\ See, e.g., comment letter from American Greyhound Racing,
Inc. (Nov. 26, 2007), p. 2.
\61\ See, e.g., comment letter from the National Thoroughbred
Racing Association (Dec. 11, 2007), p. 2.
---------------------------------------------------------------------------

The Agencies continue to believe that the Act does not provide them
with the authority to require designated payment systems or
participants therein to engage in any particular line of business or
process any particular transactions.\62\ While card system operators
certainly may create new merchant category codes that are useful for
specific transactions and industries, that is a business decision that
those operators must make. Accordingly, the Agencies continue to
believe that the proposed rule's language adequately addressed the
Act's overblocking provision and that language has been retained in the
final rule.
---------------------------------------------------------------------------

\62\ A principle of statutory construction is that a statute
ought to be construed so that, if it can be prevented, no clause,
sentence, or word shall be superfluous, void, or insignificant. As
noted above, Sec. 5364(b)(4) of the Act directs the Agencies to
ensure that transactions excluded from the Act's definition of
``unlawful Internet gambling'' are not blocked or otherwise
prevented or prohibited ``by the prescribed regulations.'' To
interpret that provision as a requirement that designated payment
systems and participants therein must process all transactions
excluded from the definition of ``unlawful Internet gambling,'' even
though they have made business decisions not to process such
transactions, would render the words ``by the prescribed
regulations'' meaningless.
---------------------------------------------------------------------------

Sec. ----.5(g) U.S. offices. Some commenters requested that the
Agencies clarify that the scope of any final rule is limited to United
States offices of participants in designated payment systems.\63\ The
Agencies believe that the Act's restrictions apply only to transactions
that are unlawful under applicable U.S. Federal or State law. The Act's
definition of ``unlawful Internet gambling'' clearly states that it
refers to a bet or wager that ``is unlawful under any applicable
Federal or State law in the State or Tribal land in which the bet or
wager is initiated, received, or otherwise made.'' \64\ Transactions
that are wholly outside the United States (i.e., when all parties and
financial transaction providers to the transaction are outside the
United States) would not violate such laws. As discussed below, while
the Agencies expect U.S. participants to implement policies and
procedures for certain cross-border transactions, the responsibility
for implementing those policies and procedures would fall on the U.S.
institution that handles the cross-border transaction. In order to
provide the clarification requested by the comments, the final rule
includes a new Sec. ----.5(g) that states that the regulation's
requirement to establish and implement reasonably designed policies and
procedures applies only to the U.S. offices of participants in
designated payment systems.
---------------------------------------------------------------------------

\63\ See, e.g., Visa letter, supra note 58, at 4.
\64\ 31 U.S.C. 5362(10).
---------------------------------------------------------------------------

Sec. ----.6 Non-Exclusive Examples
Several commenters suggested that the final rule should clarify the
Agencies' intent that the non-exclusive examples provided in the
proposed rule were focused on relationships with commercial customers
and not with respect to consumer accounts.\65\ The Agencies recognize
the problems with designing and implementing procedures focused on
consumer accounts. For example, except for card systems, a participant
would generally not know the purpose of a consumer transaction and
often the payee information on a transaction, such as a check, is not
in automated form. In response to the comments requesting clarification
on this point, as a general matter, the non-exclusive examples in Sec.
----.6 have been revised to make it clear in each instance that the
policies and procedures to be implemented to prevent restricted
transactions are with respect to commercial customer accounts only.
---------------------------------------------------------------------------

\65\ See, e.g., ABA letter, supra note 10, at 4.
---------------------------------------------------------------------------

Sec. ----.6(b) Due diligence. As noted above and in the NPRM, most
designated payment systems do not use formats that would permit
participants to identify and block restricted transactions during
payment processing.\66\ Accordingly, the proposed rule adopted the
approach of using flexible, risk-based due diligence in the
participants' account-opening and account-maintenance procedures for
commercial customers to reduce the risk that the commercial customer
would originate or receive restricted transactions through its
commercial relationship with the participant. The proposed rule also
suggested that participants could include as a term of a commercial
customer agreement that the customer may not engage in restricted
transactions.
---------------------------------------------------------------------------

\66\ See, e.g., Wells Fargo letter, supra note 19, at 8.
---------------------------------------------------------------------------

Commenters raised several issues regarding these provisions.
Commenters expressed concern that the guidance provided was not
detailed enough.\67\ Commenters requested that the flexible risk-based
due diligence approach described in the preamble to the NPRM be
included in the final rule to facilitate participant compliance.\68\
Commenters also expressed concerns with including a term in a
commercial customer agreement prohibiting restricted transactions
because the commercial customer may not have the information necessary
to determine whether a transaction is a restricted transaction. These
commenters stated that revising millions of commercial customer
agreements to include such a provision would be burdensome and

[[Page 69392]]

impractical.\69\ Commenters suggested that commercial customers engaged
in an Internet gambling business should demonstrate to their financial
transaction providers that the commercial customers are not engaged in
unlawful Internet gambling in order to shift the burden of
distinguishing lawful from unlawful Internet gambling from the
financial transaction providers to the Internet gambling
businesses.\70\
---------------------------------------------------------------------------

\67\ See, e.g., comment letter from Branch Banking and Trust
Company (Dec. 12, 2007) (hereinafter ``BB&T letter''), p. 2.
\68\ See, e.g., comment letter from the Independent Community
Bankers of America (Dec. 12, 2007) (hereinafter ``ICBA letter''), p.
8.
\69\ See, e.g., MasterCard letter, supra note 53, at 6.
\70\ See NFL letter, supra note 42, at 3; see also undated
comment letter from Members of Congress of the United States (Rep.
Pitts et al.) p. 1.
---------------------------------------------------------------------------

In order to provide more guidance on the due diligence procedures
that the Agencies would deem reasonably designed, the final rule
includes a new Sec. ----.6(b) that sets out a specific process that a
non-exempt participant could choose to follow to conduct adequate due
diligence of commercial customers with respect to the risk of unlawful
Internet gambling. The non-exclusive examples for each designated
payment system include a reference to the general due diligence
provisions in this new section. The Agencies also believe that this due
diligence process will help alleviate some of the concerns regarding
the Act's definition of ``unlawful Internet gambling.'' While the
process set out in Sec. ----.6(b) may still require some judgment on
the part of participants opening new accounts for commercial customers,
the process would leave the primary responsibility for determining what
is lawful and unlawful gambling activity with the State gambling
commissions and other gambling licensing authorities.
As noted in the NPRM, the Agencies anticipate that participants
could choose to use a flexible, risk-based approach in their due
diligence procedures in that the level of due diligence performed would
match the level of risk posed by the commercial customer, and new Sec.
----.6(b) includes specific references to this type of approach. In
addition, the most efficient way for participants to implement the due
diligence procedures would be to incorporate them into existing
account-opening due diligence procedures (such as those required of
depository institutions under Federal banking agencies' anti-money
laundering compliance program requirements).\71\
---------------------------------------------------------------------------

\71\ See, e.g., 12 CFR 208.63.
---------------------------------------------------------------------------

As set out in new Sec. ----.6(b), the participant could choose to
conduct due diligence at account opening and determine the risk of a
commercial customer engaging in an Internet gambling business. The
participant should have a basic understanding of a new commercial
customer's business, based on normal account-opening procedures. The
vast majority of commercial customers will not have any involvement in
an Internet gambling business. If, based on its initial due diligence,
the participant determines that the prospective commercial customer
presents only a minimal risk of engaging in an Internet gambling
business, the participant could open the account for the commercial
customer without further action under Sec. ----.6(b).
One commenter suggested that the Agencies consider whether there
are low-risk relationships for which due diligence would not be
necessary.\72\ New subsection ----.6(b)(4) states that a participant
may deem the following commercial customers as presenting a minimal
risk of engaging in an Internet gambling business without further
investigation: (i) Entities that are directly supervised by the Federal
functional regulators that are responsible for enforcing the Act; and
(ii) agencies, departments, or divisions of the Federal government or a
State government. With respect to supervised entities, the Federal
functional regulators already review the activities of such entities
and additional due diligence by participants in designated payment
systems would be redundant.\73\ With respect to the activities of the
Federal or State governments, participants should be able to assume
that their activities are lawful.
---------------------------------------------------------------------------

\72\ See Comptroller letter, supra note 54, at 2.
\73\ For a general discussion in this regard, see the comment
letter from The Depository Trust & Clearing Corporation (Dec. 10,
2007).
---------------------------------------------------------------------------

Depository institutions that are non-exempt participants in
designated payment systems and have commercial customers that are money
transmitting businesses should apply their due diligence procedures to
those customers. However, under the final rule, the money transmitting
businesses would themselves be responsible for implementing their own
policies and procedures with respect to their commercial customers. The
depository institutions providing financial transaction services to the
money transmitting businesses would not be responsible for assessing
the risk that the money transmitting business's commercial customers
engage in an Internet gambling business.
Under Sec. ----.6(b), the Agencies contemplate that a U.S.
participant establishing a correspondent account for a foreign
respondent would conduct appropriate, risk-based due diligence on the
foreign respondent as a commercial customer to determine the risk the
foreign respondent presents of engaging in an Internet gambling
business. The Agencies expect that a participant would likely choose to
incorporate such due diligence in its normal correspondent account
opening procedures.\74\ For the purposes of the final rule, the
Agencies would not expect U.S. participants to conduct due diligence on
its foreign respondent's commercial customers. If a U.S. participant
obtained actual knowledge that a foreign respondent's commercial
customer processed restricted transaction through the U.S.
participant's facilities, the Agencies expect that the U.S. participant
would follow the applicable procedures for cross-border transactions
discussed below.
---------------------------------------------------------------------------

\74\ Many U.S. institutions are already required to conduct due
diligence of foreign financial institutions pursuant to Section 312
of the USA PATRIOT Act. 31 U.S.C. 5318(i); 31 CFR 103.176.
---------------------------------------------------------------------------

If the commercial customer's description of its business or other
factors cause the participant to suspect that it may present more than
a minimal risk of engaging in an Internet gambling business (for
example, the commercial customer offers games or contests over the
Internet), the participant should ask for further documentation from
the commercial customer. Certification from the commercial customer
that it does not engage in an Internet gambling business would address
factual questions regarding the commercial customer's business. If the
commercial customer engages in an Internet gambling business, the
participant should obtain further documentation to show that the
Internet gambling business is lawful. The non-exclusive policies and
procedures also provide for a participant to obtain a written
commitment from a commercial customer to notify the participant of any
changes in its legal authority to engage in its Internet gambling
business. If a commercial customer has a license that expressly
authorizes the customer to engage in the Internet gambling business
issued by the appropriate State or Tribal authority, the participant
should be able to rely on that State agency's ability to implement its
own gambling laws in a manner that does not violate the law of another
State or Federal law.
If the commercial customer does not have such a license, the
Agencies expect that the participant would obtain from the commercial
customer a reasoned legal opinion by the customer's counsel that
demonstrates that the commercial customer's Internet gambling business
does not involve restricted transactions. If a participant has
questions regarding

[[Page 69393]]

the permissibility of a commercial customer's activities, the
participant should consult with (or have the commercial customer obtain
confirmation from) the applicable licensing authority.\75\ In addition,
the suggested due diligence process in Sec. ----.6(b) includes a
third-party certification that the commercial customer's systems for
engaging in the Internet gambling business are reasonably designed to
ensure that the commercial customer's Internet gambling business will
remain within the licensed or otherwise lawful limits, including with
respect to age and location verification.
---------------------------------------------------------------------------

\75\ The receipt of a reasoned legal opinion pursuant to a due
diligence process under Sec. .----6(b) is solely for purposes of
compliance with implementing regulations under the Act and does not
necessarily constitute compliance with, or provide protection from
liability under, any other applicable Federal or State laws.
---------------------------------------------------------------------------

The Agencies expect that this provision will not only provide
additional guidance to participants on an adequate due diligence
process, but also will permit the entities that license gambling
activities to retain the primary responsibility for determining which
activities are permissible under U.S. law. The Agencies have designed
the example of due diligence procedures to enable designated payment
systems and their participants to rely on government licensing and
enforcement agencies to determine whether a commercial customer's
Internet gambling activities are lawful rather than trying to make that
determination themselves. The designated payment systems and their
participants should, however, obtain appropriate documentation from
those entities regarding the legality of the Internet gambling
activities of its prospective commercial customers.
The final rule retains the concept that participants in designated
payment systems could communicate to their commercial customers that
restricted transactions are prohibited. However, rather than suggesting
that the only way to accomplish this goal is to include such a
prohibition in the commercial customer agreement, the final rule
provides that a participant could notify all of its commercial
customers that restricted transactions are prohibited through a term in
the commercial customer agreement, a simple notice sent to the
customer, or through some other method.
Sec. ----.6(d) and (f) Monitoring the Internet. As an example of
reasonably designed policies and procedures for card systems and money
transmitting businesses, the proposed rule included monitoring the
Internet to detect unauthorized use of the relevant designated payment
system, including its trademarks.\76\ The Agencies' intent with this
example was to incorporate the existing practice of some participants
in designated payment systems to proactively search (or retain a
contractor to search) the Internet for unauthorized use of their
trademarks, including by Internet gambling Web sites.\77\ When
unauthorized use of a trademark was discovered, the payment system or
participant could choose to take steps to seek its removal from the
gambling Web site, including legal action if available.
---------------------------------------------------------------------------

\76\ Monitoring the Internet for unauthorized use of a trademark
is distinct from monitoring and analyzing payment patterns to detect
suspicious patterns of payments to a recipient. Monitoring and
analyzing payment patterns continues to be included in the non-
exclusive examples for card systems and money transmitting
businesses.
\77\ See, e.g., MoneyGram letter, supra note 7, at 2.
---------------------------------------------------------------------------

While some payment industry commenters recognized the value of
monitoring the Internet for abuse of trademarks, they also reported
that reasonable efforts to protect their trademarks are not always
successful.\78\ In addition, payment industry commenters objected to
the proposed rule converting the right to protect a trademark ``into an
obligation under the Act.'' \79\ Commenters noted that legal action to
protect trademarks can be costly and ultimately unsuccessful and
criticized the proposed rule because it implied that such action was
required.\80\ The Agencies believe that monitoring the Internet for
unauthorized use of a payment system's trademark by Internet gambling
businesses is a good practice and can be useful in preventing
restricted transactions. However, the Agencies agree that designated
payment systems and their participants should make a business decision
on whether to pursue this activity and how to respond to discovered
unauthorized use of their trademarks. Accordingly, in order to avoid
confusion, the Agencies have deleted from the final rule the language
regarding monitoring the Internet for unauthorized use of trademarks of
designated payment systems or non-exempt participants. Of course, the
examples in the rule are non-exclusive, and a system or participant may
choose to include trademark monitoring in its policies and procedures
where appropriate.
---------------------------------------------------------------------------

\78\ Id.
\79\ See comment letter from PayPal (Dec. 12, 2007), p. 2; see
also MasterCard letter, supra note 53, at 8.
\80\ See PayPal letter, supra note 79, at 2 and MasterCard
letter, supra note 53, at 8. None of the rule's examples of
reasonably designed policies and procedures are ``required.'' As
noted in Sec. ----.6(a) of both the proposed rule and the final
rule, the examples provided in Sec. ----.6 are non-exclusive and
designated payment systems and participants therein are permitted to
design and implement policies and procedures that may be different
than the examples.
---------------------------------------------------------------------------

Sec. ----.6(c), (d) and (f) Fines. In the non-exclusive examples
of reasonably designed policies and procedures for ACH systems, card
systems, and money transmitting businesses, the proposed rule included
the imposition of fines if the participant becomes aware that
restricted transactions had been processed. The Agencies' intent in
including this provision was to suggest imposing fines on participants
that violated system rules regarding unlawful Internet gambling.\81\
The proposed rule did not, however, adequately explain the specific
functions that should be carried out by specific participants in a
system, including how fines should be imposed.
---------------------------------------------------------------------------

\81\ See, e.g., National Automated Clearing House Association,
2007 ACH Rules, Operating Rules Appendix XI (The National System of
Fines).
---------------------------------------------------------------------------

The lack of specificity caused some confusion among commenters who
suggested that the provision be dropped or that the terminology be
revised.\82\ In the final rule, as a general matter, the Agencies have
attempted to provide greater clarity to the specific procedures in the
non-exclusive examples that are intended to apply to particular parties
in the designated payment system. With respect to fines, the Agencies
have deleted this provision from the final rule as potentially
confusing, given the different relationships between parties within
each designated payment system. As the examples in the rule are non-
exclusive, a system or participant may choose to include fines in its
policies and procedures where appropriate.
---------------------------------------------------------------------------

\82\ See, e.g., The Clearing House letter, supra note 14, at 11.
---------------------------------------------------------------------------

Sec. ----.6(d) Card system examples. The proposed rule included as
part of its non-exclusive examples of reasonably designed policies and
procedures for card systems due diligence in establishing commercial
customer accounts designed to ensure that the merchant will not receive
restricted transaction through the card system, similar to provisions
included in the non-exclusive examples for the other designated payment
systems. The proposed rule's card system examples also included
establishing transaction codes and merchant/business category codes
that accompany the authorization request for a transaction and creating
the operational functionality to enable the card system or the card
user to identify and deny authorization for a restricted transaction.
One card system commenter suggested that card systems

[[Page 69394]]

should be permitted to comply with the Act through the use of either
due diligence on merchants or coding to identify and block restricted
transactions, but not necessarily both.\83\ The commenter cited the
language of the Act that specifically identifies policies and
procedures that allow a designated payment system and its participants
``to identify restricted transactions by means of codes in
authorization messages or by other means'' and to block such
transactions, as one of the acceptable ways that a payment system can
comply with the Act.\84\
---------------------------------------------------------------------------

\83\ See Visa letter, supra note 58, at 2.
\84\ See 31 U.S.C. 5364(a).
---------------------------------------------------------------------------

The Agencies expect that a coding system to identify and block
restricted transactions will be the method of choice for the vast
majority of card system participants to comply with the Act. In
addition, the Agencies note that most Internet gambling businesses that
use card systems for funding do so through non-U.S. merchant acquirers
that are not subject to the Act or the final rule and likely would not
conduct due diligence regarding Internet gambling on their merchants.
However, the final rule retains a due diligence example for closed loop
card systems in the United States where the card can only be used for a
single merchant or a limited group of identified merchants, such as
merchants operating in a particular shopping mall. Section ----.6(d)
includes both the coding and due diligence examples for card systems as
alternatives and contemplates that a card system and its participants
could adopt either approach. Moreover, it is important to note that the
examples in Sec. ----.6 are non-exclusive and a card system could
adopt policies and procedures other than the coding and due diligence
examples presented and still comply with the final rule's requirement
to adopt reasonably designed policies and procedures to prevent or
prohibit restricted transactions.
In addition, some commenters suggested that the final rule's non-
exclusive examples should include a provision by which credit card
companies would create a particular merchant category code that would
be limited to those types of Internet gambling that are specifically
excluded from the definition of the term ``unlawful Internet gambling''
in Sec. ----.2(cc)--intrastate transactions, intratribal transactions,
and any activity that may be allowed under the Interstate Horseracing
Act.\85\ While card system operators may choose to create new codes for
such transactions, the Agencies believe that the establishment of codes
for particular merchant transactions is a business decision for the
card system operators and their participants. Accordingly, the final
rule does not specify the establishment of such codes in the coding
example for card systems.
---------------------------------------------------------------------------

\85\ See, e.g., comment letter from the American Horse Council
(Dec. 12, 2007), pp. 3-4; see also comment letter from the North
American Association of State & Provincial Lotteries (Dec. 11,
2007), p 3.
---------------------------------------------------------------------------

Sec. ----.6(c) and (e) Cross-border transactions. For the reasons
discussed in the NPRM and above, the Agencies believe that it is very
difficult, if not impossible, for a participant in the designated
payment systems (other than card systems) to identify restricted
transactions while they are being processed. As a result, the Agencies
determined that the most efficient way to implement the Act for the
systems other than card systems was through adequate due diligence by
participants when opening accounts for commercial customers to reduce
the risk that a commercial customer will introduce restricted
transactions into the payment system in the first place.
With respect to cross-border transactions, however, the institution
that opens the account for an Internet gambling business likely will be
located outside the United States and not be subject to the Act.
Accordingly, no U.S. participant would be able to conduct due diligence
at account opening for the foreign commercial customer. The proposed
rule provided examples of special procedures for participants in ACH,
check collection, and wire transfer systems that received cross-border
transactions from foreign counterparties, such as including as a term
in its agreement with a foreign counterparty a requirement that the
foreign counterparty have reasonably designed policies and procedures
in place to ensure that the commercial relationship would not be used
to process restricted transactions.\86\
---------------------------------------------------------------------------

\86\ The Agencies do not believe that special cross-border
procedures are necessary for card systems, which generally have the
same coding system for transactions regardless of where they are
initiated.
---------------------------------------------------------------------------

Commenters objected to the cross-border examples in the proposed
rule on numerous grounds.\87\ Some commenters stated that including a
term in agreements with foreign banks regarding restricted transactions
was not practicable because it was unrealistic to expect foreign
institutions to be willing or able to make specific representations
with respect to restricted transactions, given the uncertain definition
of ``unlawful Internet gambling.'' \88\ In addition, commenters noted
that the foreign correspondent with which the U.S. participant has a
contractual relationship may itself be a correspondent several steps
removed from the institution that has the customer relationship with
the Internet gambling business and that it would be unrealistic to
expect a provision in the cross-border agreement would be able to
prevent restricted transactions.\89\ Commenters suggested that cross-
border transactions conducted through correspondent relationships be
entirely exempt from the regulation, or that notice to customers that
the relevant payment system may not be used to engage in restricted
transactions should be deemed a reasonably designed policy and
procedure.\90\
---------------------------------------------------------------------------

\87\ See, e.g., ABA letter, supra note 10, at 7.
\88\ See, e.g., The Clearing House letter, supra note 14, at 9.
\89\ See, e.g., ABA letter, supra note 10, at 8.
\90\ Id.; see also The Clearing House letter, supra note 14, at
9.
---------------------------------------------------------------------------

The comment letters illustrated many of the challenges in
identifying and preventing particular types of transactions in the
modern, global payment system. The Agencies agree that, with the
complex framework of gambling laws in the United States, institutions
in other countries will not reasonably be able to determine which
transactions are unlawful under applicable U.S. law. Moreover, given
the numerous intermediaries involved with a typical cross-border
payment transaction, there will likely be many cases where the foreign
correspondent from which a U.S. participant receives a cross-border
debit transaction does not have a customer relationship with the
Internet gambling business.
In response to the comments on the various cross-border transaction
provisions, the Agencies have made revisions to the cross-border
provisions in the final rule. First, the final rule contains non-
exclusive examples with respect only to cross-border debit transactions
(i.e., ACH debits and check collections) because there are no
reasonably practical steps that a foreign counterparty could take to
prevent a U.S. institution from sending a restricted transaction to the
foreign counterparty, short of severing the relationship altogether.
Second, the final rule contemplates that if a U.S. participant is
notified by a U.S. government entity (such as its regulator or law
enforcement) that it has been sent cross-border restricted transactions
by a

[[Page 69395]]

particular foreign respondent, the participant would be expected to
notify its foreign respondent of the restricted transaction.\91\ The
Agencies have included a model notice in the appendix to the
regulation.
---------------------------------------------------------------------------

\91\ The Agencies expect that the notice would contain enough
detail (including identifying intermediaries) to permit the U.S.
participant to describe the transaction's path to its foreign
counterparty.
---------------------------------------------------------------------------

Sec. ----.6 Remedial Action
Commenters urged the Agencies to provide more detailed guidance as
to when non-exempt participants should take remedial action against
their commercial customers for processing restricted transactions.
These commenters stated that the proposed rule gave no specifics about
what types of penalties are appropriate under particular
circumstances.\92\ The Agencies considered these comments and
determined that a non-exempt participant's decision on when to deny a
commercial customer access to a particular payment system or when to
close the account of such customer for processing restricted
transactions is fact-specific and a matter of business judgment. As a
result, the final rule does not contain thresholds specifying when it
would be appropriate to take certain types of remedial action. When
restricted transactions are discovered, the Agencies expect that a
participant's regulator will review the remedial actions taken by the
participant and come to a judgment as to whether the participant took
appropriate action under the circumstances.
---------------------------------------------------------------------------

\92\ See e.g., NFL letter, supra note 42, at 4; see also comment
letter from Christian Coalition of America (Dec. 7, 2007), p.2.
---------------------------------------------------------------------------

Sec. ----.7 Regulatory Enforcement
The proposed rule essentially reiterated the regulatory enforcement
framework from the Act. Some commenters urged that the financial
regulators develop a uniform approach for enforcing the rule.\93\ The
Act does not modify the statutory enforcement mechanisms of the
agencies charged with enforcing the Act with respect to the
institutions that are within their jurisdiction. The Federal agencies
charged with regulatory enforcement authority for the final rule have
different enforcement authorities and use different regulatory tools
for fulfilling their supervisory responsibilities, so the Agencies do
not believe that it is appropriate to mandate a particular uniform
regulatory enforcement approach in the final rule. Moreover, the Board
expects that examiner guidance will be developed among the Federal
depository institution regulatory agencies responsible for enforcing
the final rule, however, that process would occur separately from this
rulemaking.
---------------------------------------------------------------------------

\93\ See, e.g., comment letter from Credit Union National
Association (Dec. 12, 2007) p. 5; see also comment letter from The
Financial Services Roundtable and BITS (Dec. 12, 2007), pp. 6-7.
---------------------------------------------------------------------------

Another commenter noted that the Act's regulatory enforcement
framework reflected in the proposed rule would subject money service
businesses (MSBs) to the jurisdiction of two different agencies--the
Federal Trade Commission for enforcement of the Act and the Internal
Revenue Service, which elsewhere has been delegated authority to
examine for compliance with the Bank Secrecy Act (BSA).\94\ The
commenter suggested that the Agencies could determine that MSBs should
be subject to the authority of only one regulator. The Agencies do not
believe that the Act provides the Agencies with the authority to modify
the regulatory authority of Federal agencies pursuant to the Act or any
other statute.
---------------------------------------------------------------------------

\94\ See Alston & Bird letter, supra note 49, at 23. See also,
31 CFR 103.56(b)(8) where the regulations of the Financial Crimes
Enforcement Network (``FinCEN'') clarify the examination authority
of the IRS.
---------------------------------------------------------------------------

After considering the public comments received on the proposed
rule, the Agencies have not modified Sec. ----.7 from the proposed
rule, other than technical conforming changes.

III. Administrative Law Matters

A. Executive Order 12866

It has been determined that this regulation is an economically
significant regulatory action as defined in section 3(f)(1) of E.O.
12866, as amended. Accordingly, this final rule has been reviewed by
the Office of Management and Budget. The reasons for this determination
are explained in more detail in the Small Business Regulatory
Enforcement Fairness Act Section B. The Regulatory Assessment prepared
by the Treasury for this regulation is provided below.
1. Description of Need for the Regulatory Action
The rulemaking is required by the Act, the applicable provisions of
which are designed to interdict the flow of funds from gamblers to
unlawful Internet gambling businesses. To accomplish this, the Act
requires the Agencies, in consultation with the U.S. Attorney General,
to jointly prescribe regulations requiring designated payment systems
(and their participants) to establish policies and procedures that are
reasonably designed to identify and block or otherwise prevent or
prohibit unlawful Internet gambling transactions restricted by the Act.
In accordance with the Act, section 3 of the final rule designates
five payment systems that could be used in connection with, or to
facilitate, unlawful Internet gambling transactions. The five
designated payment systems are the same payment systems designated in
the proposed rule, except that the Agencies have narrowed the
designation of money transmitting businesses to cover only those money
transmitting businesses that permit their customers to initiate fund
transfers remotely from a location other than a physical office of the
money transmitting business. As explained above, the Agencies' view is
that money transmitting businesses that do not permit their customers
to initiate remote funds transfers, such as through a Web site, could
not reasonably be used for Internet gambling because of the lack of
broad public accessibility. The Agencies believe that the narrowing of
the money transmitting business designation will significantly reduce
the number of money transmitting businesses affected by the final rule.
The Agencies estimated in the proposed rule that the number of money
transmitting businesses affected would be 253,208. The Agencies
estimate that the number of money transmitting businesses affected by
the final rule with the narrower designation and with the exemption
described below will be 16, resulting in an estimated reduction of
253,192 money transmitting businesses affected by the final rule.
In accordance with the Act, section 5 of the final rule requires
designated payment systems and participants in those designated payment
systems to establish and implement written policies and procedures
reasonably designed to identify and block or otherwise prevent or
prohibit unlawful Internet gambling transactions restricted by the Act.
In accordance with the Act, section 4 of the final rule exempts certain
participants in designated payment systems from the requirement to
establish and implement policies and procedures, because the Agencies
believe that it is not reasonably practical for those participants to
identify and block or otherwise prevent or prohibit unlawful Internet
gambling transactions restricted by the Act. As explained earlier, the
Agencies have expanded the exemptions in the final rule. For example,
the proposed rule did not contain any exemptions for money transmitting
businesses. At least one commenter recommended that the Agencies exempt
``send'' agents of

[[Page 69396]]

money transmitting businesses by analogizing such ``send'' agents to
the originating depository institutions for ACH credit and wire
transfers which the Agencies exempted in the proposed rule. The final
rule exempts all participants in money transmitting businesses,
including ``send'' agents, except for the operator. In accordance with
the Act, section 6 of the final rule contains a ``safe harbor''
provision by including non-exclusive examples of policies and
procedures which would be deemed to be reasonably designed to identify
and block or otherwise prevent or prohibit unlawful Internet gambling
transactions restricted by the Act.
2. Assessment of Potential Benefits and Costs
a. Potential Benefits
Congress determined that Internet gambling is a growing cause of
debt collection problems for insured depository institutions and the
consumer credit industry.\95\ Further, Congress determined that there
is a need for new mechanisms for enforcing Internet gambling laws
because traditional law enforcement mechanisms are often inadequate for
enforcing gambling prohibitions or regulations on the Internet,
especially where such gambling crosses State or national borders.\96\
Section 5 of the final rule addresses this by requiring participants in
designated payment systems, which include insured depository
institutions and other participants in the consumer credit industry, to
establish and implement reasonably designed policies and procedures to
identify and block or otherwise prevent or prohibit unlawful Internet
gambling transactions in order to stop the flow of funds to unlawful
Internet gambling businesses. This funds flow interdiction is designed
not only to inhibit the accumulation of consumer debt but also to
reduce debt collection problems for insured depository institutions and
the consumer credit industry. Treasury believes that the reduction of
debt collection problems through the final rule's funds flow
interdiction process will yield important benefits for insured
depository institutions and consumers given the recent turmoil in the
financial markets that is causing liquidity problems for insured
depository institutions and constraining the availability of consumer
credit. Moreover, the final rule carries out the Act's goal of
implementing new mechanisms for enforcing Internet gambling laws. The
final rule will likely provide other benefits. Specifically, the final
rule could restrict excesses related to unlawful Internet gambling by
underage or compulsive gamblers.
---------------------------------------------------------------------------

\95\ 31 U.S.C. 5361(a)(3).
\96\ 31 U.S.C. 5361(a)(4).
---------------------------------------------------------------------------

b. Potential Costs
Treasury believes that the costs of implementing the Act and the
final rule are lower than they would be if the Act and the final rule
were to require a prescriptive, one-size-fits-all approach with regard
to regulated entities. First, section 5 of the final rule provides that
a financial transaction provider shall be considered to be in
compliance with the regulation if it relies on and complies with the
written policies and procedures of the designated payment system of
which it is a participant. This means that the regulated entities will
not be required to establish their own policies and procedures but can
instead follow the policies and procedures of the designated payment
system, thereby resulting in lower costs. Based on public comments
received, the Agencies have made it easier for regulated entities to
choose to follow the policies and procedures of a designated payment
system. Specifically, the proposed rule incorporated the Act's
provision permitting regulated entities to rely on the policies and
procedures of a designated payment system if the system's policies and
procedures comply with the requirements of the regulation. In their
comments, regulated entities expressed concern about the significant
burden that would be imposed on them in determining whether a
designated payment system's policies and procedures complied with the
regulation, particularly when the payment system has thousands of
participants and no single participant has any significant leverage
with the payment system.\97\ In order to eliminate this burden and the
associated costs, the final rule specifically states that regulated
entities may rely on and treat as conclusive evidence a written
statement or notice from a designated payment system that the system's
policies and procedures comply with the final rule, unless such
regulated entities are specifically notified otherwise by the
appropriate Federal agency.
---------------------------------------------------------------------------

\97\ See e.g., comment letter from The Huntington National Bank
(Dec. 12, 2007) p. 3.
---------------------------------------------------------------------------

Second, with regard to regulated entities that choose to establish
their own policies and procedures, sections 5 and 6 of the final rule
provide maximum flexibility. Specifically, the final rule contains
neither design standards (such as requiring the use of a specific
technology) nor performance standards but instead requires, consistent
with the Act, that the policies and procedures be ``reasonably
designed'' to identify and block or otherwise prevent or prohibit
unlawful Internet gambling. In addition, the final rule expressly
authorizes each regulated entity to design and implement policies and
procedures that are ``tailored to its business,'' which will enable it
to craft policies and procedures based on individual circumstances. The
flexibility the final rule affords regulated entities that establish
their own policies and procedures should result in lower costs than if
the final rule took a prescriptive one-size-fits-all approach.
Third, the ``safe harbor'' provision, with its nonexclusive
examples of policies and procedures deemed to be ``reasonably
designed,'' provides regulated entities with specific guidance on how
to structure the policies and procedures required by the Act and the
final rule. As a result, costs associated with formulating policies and
procedures should be lower because the safe harbor provision provides
guidance on how to so structure the policies and procedures. The
Agencies also revised the nonexclusive due diligence examples contained
in section 6 of the final rule to reduce potential costs for regulated
entities. Specifically, the proposed rule contained nonexclusive due
diligence examples which generally placed the burden of distinguishing
lawful versus unlawful Internet gambling on regulated entities. As
noted earlier, public commenters suggested that commercial customers
engaged in an Internet gambling business should demonstrate to their
financial transaction providers that the commercial customers are not
engaged in unlawful Internet gambling in order to shift the burden of
distinguishing lawful versus unlawful Internet gambling from regulated
entities to the Internet gambling businesses. Based on these comments,
the Agencies revised the nonexclusive due diligence examples contained
in the final rule by shifting the burden of distinguishing lawful
versus unlawful Internet gambling from regulated entities to the
Internet gambling businesses. Treasury believes that this shifting of
the burden will result in lower costs for regulated entities that
choose to follow the final rule's nonexclusive due diligence examples.
Treasury received two comments expressing concern that the
Regulatory Assessment in the proposed rule only addressed the potential
recordkeeping

[[Page 69397]]

costs on regulated entities but did not include an analysis of the full
potential costs to participants to establish and implement the policies
and procedures, including legal, management and operational costs.\98\
In the proposed rule, Treasury explained that it did not have
sufficient information to quantify reliably the costs of developing
specific policies and procedures, and it solicited information and
comment on any costs or compliance requirements. Because the final rule
provides maximum flexibility to regulated entities that establish their
own policies and procedures by allowing them to tailor their policies
and procedures to their business, including the use of different
policies and procedures with respect to different business lines or
different parts of the organization, Treasury does not have sufficient
information to quantify reliably the costs of developing and
implementing specific policies and procedures.
---------------------------------------------------------------------------

\98\ See e.g., comment letter from the California and Nevada
Credit Union Leagues (Dec. 12, 2007) p.4.
---------------------------------------------------------------------------

It is estimated that the recordkeeping burden for regulated
entities will be approximately one million hours in order to develop
and establish the policies and procedures required by the Act and this
final rule. Using a reasonable estimate of average wages to monetize
the opportunity cost of this time, which is explained in more detail in
the Paperwork Reduction Act section below, yields a combined
recordkeeping burden of approximately $88.5 million. We estimate this
potential impact will be born during the first year this rule is in
effect, in anticipation of the compliance date 12 months after
publication of the final rule. In addition, it is estimated that the
recordkeeping requirement required by the Act and the final rule will
take approximately 8 hours per recordkeeper per year to maintain the
policies and procedures required by this rulemaking. It is estimated
that the total annual cost to regulated entities to maintain the
policies and procedures will be approximately $3,337,200.\99\
---------------------------------------------------------------------------

\99\ This estimate is based on an estimate of 16,686
recordkeepers. The hourly cost of the individual who would be
responsible for maintaining the policies and procedures is estimated
to be $25 per hour (which is an average based on data contained in
the U.S. Department of Labor, Bureau of Labor Statistics'
occupational employment statistics for office and administrative
support occupations, dated May 2007).
---------------------------------------------------------------------------

3. Interference With State, Local, and Tribal Governments
The Act does not alter State, local or Tribal gaming law.\100\ The
Act exempts from the definition of the term ``unlawful Internet
gambling,'' intrastate, intratribal, and intertribal transactions.\101\
Because the final rule does not alter these defined terms, it avoids
undue interference with State, local, and tribal governments in the
exercise of governmental functions. In addition, the final rule's non-
exclusive due diligence examples contained in Sec. ----.6 accord
deference to State and Tribal authorities. Specifically, the final
rule's due diligence examples provide that a regulated entity may
accept as evidence of a commercial customer's legal authority to engage
in an Internet gambling business, a license issued by an appropriate
State or Tribal authority that expressly allows the regulated entity's
commercial customer to engage in the Internet gambling business.
---------------------------------------------------------------------------

\100\ Specifically, the Act defines the term ``unlawful Internet
gambling'' as a bet or wager, which involves at least in part the
use of the Internet, where such bet or wager is unlawful under any
applicable Federal or State law in the State or Tribal lands in
which the bet or wager is initiated, received, or otherwise made. 31
U.S.C. 5362(10)(A).
\101\ 31 U.S.C. 5362(10)(B) and (C).
---------------------------------------------------------------------------

B. Small Business Regulatory Enforcement Fairness Act of 1996

As discussed elsewhere, the total recordkeeping costs alone imposed
on regulated entities exceed $88.5 million. Treasury does not have
adequate information to quantify the impact of other compliance
requirements, such as the implementation of any due diligence policies
and procedures for commercial customers during the first year of this
rule. These unquantified costs that are necessary to meet compliance
obligations include burdens related to management, clerical, technical,
training, auditing, and legal expertise that are necessary to implement
the policies and procedures set forth in this final rule. Therefore,
Treasury believes it is reasonable to assume the total compliance costs
of this final rule will exceed $100 million in the first year.
Considering the final rule's quantified and unquantified costs, and the
fact that costs are likely to constitute a major increase in costs for
an individual industry (depository institutions), it is a major rule as
defined by section 804 of the Small Business Regulatory Enforcement
Fairness Act of 1996.

C. Unfunded Mandates Reform Act (Sec. 202, Pub. L. 104-4; 2 U.S.C.
1532)

Treasury has concluded this rule does not contain a Federal mandate
that may result in the expenditure by State, local and Tribal
governments, in aggregate, or by the private sector, of $100 million or
more (adjusted for inflation) in any one year. The threshold after
adjustment for inflation is $130 million, using the most current (2007)
Implicit Price Deflator for the Gross Domestic Product. However,
Treasury believes the analyses provided in the Executive Order,
Regulatory Flexibility Act, and Paperwork Reduction Act sections
provide the analysis required by the Unfunded Mandates Reform Act.

D. Final Regulatory Flexibility Analysis

An initial regulatory flexibility analysis (IRFA) was included in
the NPRM in accordance with the Regulatory Flexibility Act (RFA).\102\
In the IRFA, the Agencies specifically solicited comment, including
from small entities, on whether the proposed rule would have a
significant economic impact on a substantial number of small entities.
No small entities submitted comments regarding quantification of their
projected costs. The Agencies expect this rule to affect a number of
small entities; however, the direct cost this rule imposes does not
appear to have a significant economic impact on a substantial number of
small entities, within the meaning of the RFA. Specifically, as
discussed below, the proposed rule estimated that approximately 253,368
small entities would be subject to the rule. The Agencies estimate that
the number of small entities subject to the final rule will be
approximately 12,267 or less than five percent of the total number of
small entities estimated in the proposed rule. The Agencies thus
believe that the final rule will not affect a substantial number of
small entities. Moreover, as noted below, in response to public
comments on the proposed rule and on the IRFA, the Agencies have made a
number of changes in the final rule that will reduce its economic
impact. Even though this rule does not appear to have a significant
economic impact on a substantial number of small entities, the Agencies
have not formally certified the rule as not having a ``significant
economic impact on a substantial number of small entities,'' as
provided under section 605(b) of the RFA. Instead, the Agencies have
prepared a Final Regulatory Flexibility Analysis as described in the
RFA, 5 U.S.C. 604.\103\
---------------------------------------------------------------------------

\102\ 5 U.S.C. 601 et seq.
\103\ When promulgating a final rule, the RFA requires agencies
to prepare a FRFA unless the agency finds that the final rule will
not, if promulgated, have a significant economic impact on a
substantial number of small entities. 5 U.S.C. 604(a) and 605(b).
---------------------------------------------------------------------------

The RFA requires each FRFA to contain:

A succinct statement of the need for, and objectives
of, the rule;
A summary of the significant issues raised by the
public comments in response to

[[Page 69398]]

the initial regulatory flexibility analysis, a summary of the
assessment of the agency of such issues, and a statement of any
changes made in the proposed rule as a result of such comments;
A description of and an estimate of the number of small
entities to which the rule will apply or an explanation of why no
such estimate is available;
A description of the projected reporting, recordkeeping
and other compliance requirements of the rule, including an estimate
of the classes of small entities which will be subject to the
requirement and the type of professional skills necessary for
preparation of the report or record; and
A description of the steps the agency has taken to
minimize the significant economic impact on small entities
consistent with the stated objectives of applicable statutes,
including a statement of the factual, policy, and legal reasons for
selecting the alternative adopted in the final rule and why each one
of the other significant alternatives to the rule considered by the
agency which affect the impact on small entities was rejected.\104\

\104\ 5 U.S.C. 604(a).
---------------------------------------------------------------------------

1. Statement of the Need for, and Objectives of, the Final Rule
The Agencies jointly are adopting this final rule to implement the
Act, as required by the Act. As noted above, the Act prohibits any
person in the business of betting or wagering (as defined in the Act)
from knowingly accepting payments in connection with the participation
of another person in unlawful Internet gambling. The Act requires the
Agencies jointly (in consultation with the U.S. Attorney General) to
designate payment systems that could be used in connection with, or to
facilitate, restricted transactions and to prescribe regulations
requiring designated payment systems, and financial transaction
providers participating in each designated payment system, to establish
policies and procedures reasonably designed to identify and block or
otherwise prevent or prohibit restricted transactions.\105\ The final
rule sets out necessary definitions, designates payment systems that
could be used in connection with restricted transactions, exempts
participants performing certain functions in designated payment systems
from the requirement imposed by the final rule, provides nonexclusive
examples of policies and procedures reasonably designed to identify and
block, or otherwise prevent and prohibit, restricted transactions, and
reiterates the enforcement regime set out in the Act for designated
payment systems and non-exempt participants therein. The Agencies
believe that the final rule implements Congress's requirement that the
Agencies prescribe regulations that carry out the purposes of the Act
and provide guidance to designated payment systems and participants
therein with respect to policies and procedures reasonably designed to
identify and block, or otherwise prevent or prohibit, transactions in
connection with unlawful Internet gambling.
---------------------------------------------------------------------------

\105\ 31 U.S.C. 5364(a).
---------------------------------------------------------------------------

2. Significant Issues Raised by Comments in Response to the IRFA
The Agencies have carefully considered the comment letters received
in response to the proposed rule. The preamble above provides a general
overview of the comments and the preamble's section-by-section analysis
discusses the significant issues raised by the comments. The following
is a summary of significant issues raised by commenters regarding the
IRFA. The Agencies also have considered the comments received from
small entities and associations that represent such small entities,
even though the comments did not specifically refer to the RFA.
The Agencies received several comments directly related to the
IRFA, including from the Office of Advocacy (Advocacy) of the U.S.
Small Business Administration.\106\ The most common concern expressed
in these comments was that the IRFA did not provide sufficient
information about the nature of the impact of the proposed rule on
small entities or that the burdens were not adequately estimated.
Advocacy stated that, while it appreciated the fact that the Agencies
may need to obtain information on the impact on small entities and
commended the Agencies for soliciting additional information from the
public, it was concerned that the Agencies were not providing all
available information. Advocacy referenced the Board's ``Supporting
Statement for Recordkeeping Requirements'' (Supporting Statement)
associated with the proposed rule that was submitted to the Office of
Management and Budget and published on the Board's website. The
Supporting Statement included an estimate of the proposed rule's total
recordkeeping cost to the public of just under $20 million. The
Supporting Statement was created in compliance with the Paperwork
Reduction Act (PRA), which requires a specific, objectively supported
estimate of burden.\107\ Conversely, the RFA authorizes agencies to
provide general descriptive statements of the effects of a proposed
rule, in lieu of a quantifiable or numerical description, if
quantification is not practicable or reliable.\108\ The Agencies stated
in the NPRM that they did not have sufficient information to quantify
reliably the effects the Act and the proposed rule would have on small
entities. The Agencies specifically requested public comment on any
costs, compliance requirements, or changes in operating procedures
arising from the application of the proposed rule and the extent to
which those costs, requirements, or changes are in addition to, or
different from, those arising from the application of the Act
generally.\109\ Because of the different standards contained in the PRA
and the RFA and the differing types of costs assessed under these two
statutes, the Agencies did not believe that Board's PRA estimates
constituted a useful proxy for purposes of the RFA. Accordingly, to
avoid confusion by providing inappropriate data, the Agencies did not
include the Board's PRA cost estimates in the IRFA.
---------------------------------------------------------------------------

\106\ E.g., comment letters were received from the Office of
Advocacy of the U.S. Small Business Administration (Dec. 12, 2007)
(hereinafter ``Advocacy letter''); the Center for Regulatory
Effectiveness (Nov. 15, 2007) (hereinafter ``CRE letter'');, M&T
Bank, supra note 45; TMSRT, supra note 35; Alston & Bird, supra note
49;, and J. Schmit, an individual (Dec. 8, 2007).
\107\ 44 U.S.C. 3506(c)(1)(A)(iv) and 5 CFR 1320.8(a)(4).
\108\ 5 U.S.C. 607.
\109\ NPRM, 72 FR at 56693.
---------------------------------------------------------------------------

Advocacy also expressed concern that the Agencies did not put
forward a meaningful discussion of alternatives to the proposed rule.
The only actual requirement in the proposed rule, which is mandated by
the Act, was that all non-exempt participants in designated payment
systems establish and implement policies and procedures reasonably
designed to identify and block or otherwise prevent or prohibit
restricted transactions.\110\ The proposed rule made clear that the
examples of reasonably designed policies and procedures set out in
Sec. ----.6 are non-exclusive and that a participant in a designated
payment system may design and use other policies and procedures that
are specific to its business and may use different policies and
procedures with respect to different types of restricted transactions.
With respect to the non-exclusive examples provided in Sec. ----.6 of
the proposed rule, the NPRM went into considerable detail describing
how the Agencies anticipated that such policies and procedures would
operate, including risk-based due diligence at account opening and
remedial actions if a participant discovered that a customer

[[Page 69399]]

processed restricted transactions through the participant's facilities.
---------------------------------------------------------------------------

\110\ This requirement is set out in Sec. ----.5(a) of the
proposed rule and is required by section 5364(a) of the Act.
---------------------------------------------------------------------------

The NPRM went into detail in discussing alternatives considered and
the reasoning behind the alternatives selected for the proposed rule,
particularly with respect to exemptions for certain participants in
designated payment systems and non-exclusive examples of procedures for
each designated payment system. For example, the NPRM discussed
alternatives that the Agencies included in the proposed rule (such as
due diligence at account opening, remedial action, and transaction
coding), and alternatives that the Agencies considered but rejected for
the proposed rule (such as a list of unlawful Internet gambling
businesses). With respect to small entities, the Agencies considered
exempting all small entities from coverage of the rule.\111\ As noted
in the IRFA, the Agencies proposed that the requirements in the
proposed rule be applicable to all entities subject to the Act, as
implemented, regardless of their size because an exemption for small
entities would significantly diminish the usefulness of the policies
and procedures required by the Act by permitting unlawful Internet
gambling operations to evade the requirements by using small financial
transaction providers.\112\
---------------------------------------------------------------------------

\111\ See 5 U.S.C. 603(c)(4).
\112\ NPRM, 72 FR at 56693.
---------------------------------------------------------------------------

The Agencies also considered as a significant alternative the use
of performance rather than design standards and the simplification of
compliance requirements.\113\ As noted in the NPRM, the proposed rule
was designed to provide maximum flexibility. The Act does not contain
specific performance (much less design) standards, but instead requires
that the policies and procedures be ``reasonably designed'' to prevent
or prohibit unlawful Internet gambling. The proposed rule preserved
this flexibility. In addition, the proposed rule simplified compliance
requirements by expressly authorizing each regulated entity to use
policies and procedures that are ``specific to its business'' to enable
it to efficiently tailor its policies and procedures to its needs.\114\
---------------------------------------------------------------------------

\113\ See 5 U.S.C. 603(c)(2) and (3).
\114\ Treasury noted in its discussion of Executive Order 12866
in the NPRM that providing this flexibility for regulated entities
by allowing them to tailor their policies and procedures to their
individual circumstances should result in lower costs than if the
Act and the proposed rule took a prescriptive one-size-fits-all
approach. NPRM, 72 FR at 56692.
---------------------------------------------------------------------------

The IRFA referred back to the extensive discussion of alternatives
in the NPRM when it stated that ``other than as noted above'' the
Agencies were unaware of any significant alternatives to the proposed
rule. Accordingly, the Agencies believe that the IRFA addressed this
requirement of the RFA.
Advocacy also suggested that the Agencies had not identified
Federal rules that duplicate, overlap, or conflict with the proposed
rule, as required by the RFA. The IRFA expressly stated that the
Agencies had not identified any Federal rules that duplicated,
overlapped, or conflicted with the proposed rule. As with all other
aspects of the proposed rule, the Agencies sought public comment
regarding whether any commenter believed there were any Federal rules
that duplicated, overlapped, or conflicted with the proposed rule.
Advocacy apparently interpreted these statements as an attempt by the
Agencies to shift the obligation for identifying such rules to small
entities. The Agencies intended its statement to mean that the Agencies
had researched the issue and found no Federal rules that duplicated,
overlapped, or conflicted with the proposed rule. Accordingly, the
Agencies believe that the IRFA addressed this requirement of the RFA.
Advocacy also suggested that the Agencies consider (i) exempting
small money transmitters from the proposed rule and (ii) exempting the
send agents in a money transmitting business. As noted above in the
section-by-section analysis, other commenters raised similar issues and
the Agencies have made revisions in the final rule to address these
concerns, including exempting all send agents in a money transmitting
business. However, the Agencies decided against exempting all small
money transmitting businesses. Specifically, the Agencies do not
believe that the Act's standard for granting exemptions would be met
with regard to such a wholesale exemption, and such wholesale exemption
would substantially undermine the purpose of the Act by allowing
unlawful Internet gambling businesses to evade the restrictions
contained in the Act and the final rule by using small money
transmitting businesses.\115\
---------------------------------------------------------------------------

\115\ See 31 U.S.C. 5364(b)(3). As noted above, the final rule
does, however, include a revised designation for money transmitting
businesses as including only those money transmitting businesses
that engage in the transmission of funds and permit customers to
initiate money transmission transactions remotely from a location
other than a physical office of the money transmitting business
(such as through the Internet). The Agencies believe that this
designation revised along functional lines, rather than by size, may
also exclude a significant number of small money transmitting
businesses.
---------------------------------------------------------------------------

Advocacy recommended that the Agencies prepare a revised initial
regulatory flexibility analysis to address its concerns. The Agencies
believe that the IRFA met the requirements of the RFA and a revised
initial regulatory flexibility analysis is not warranted. In addition,
after considering this and other comments, the Agencies determined that
the issues raised by Advocacy have been addressed in the final rule or
would not be resolved by an additional initial regulatory flexibility
analysis.
One commenter suggested that the Agencies extend the comment period
to allow the Agencies to gather additional information on the impact
the proposed rule would have on regulated small entities, including
through use of the procedures described in the RFA, which includes
direct notification of interested small entities.\116\ The commenter
stated that an extension of the comment period is warranted because
many small money transmitting businesses may not be part of a trade
association that is familiar with the federal regulatory process and
may not use English as their primary language, so they are in
particular need of outreach. In the NPRM, the Agencies stated that they
anticipated contacting trade groups representing participants that
qualify as small entities and encouraging them to provide comments
during the comment period in order to ascertain the costs imposed on
regulated small entities. Within a week of publication of the proposed
rule in the Federal Register, Board staff sent electronic notices to
money transmitter associations in over a dozen States, including New
York, New Jersey, California, Illinois, Georgia, Florida, Washington,
Colorado and Ohio, notifying them of the issuance of the proposed rule
and encouraging the associations to provide comments on all aspects of
the proposed rule, but, in particular, the costs that may be imposed on
small entities. A commenter, which received one of the electronic
notices and which represents small- and medium-sized money
transmitters, suggested that send agents in money transmitting
businesses should be exempted and noted that these send agents ``are
predominantly small entities.'' \117\ As noted above, the Agencies
exempted send agents from the requirement of the final rule. In
addition, under the final rule, the only non-exempt participants in a
money transmitting business are the operators that permit customers to
initiate

[[Page 69400]]

transmission of funds transactions remotely from a location other than
a physical office of the money transmitting business. The Agencies
believe that the public comment period was sufficient and that further
extension of the comment period is not warranted.
---------------------------------------------------------------------------

\116\ See CRE letter, supra note 106, at 5-6. The RFA section
can be found at 5 U.S.C. 609.
\117\ See TMSRT letter, supra note 35 at 3-4.
---------------------------------------------------------------------------

One commenter stated that the Agencies should determine how many
small entities will be affected by the rule in connection with their
participation in card systems, particularly gift card and stored-value
card systems.\118\ The number of small entities involved with card
systems that would be subject to the final rule is estimated below, but
the Agencies do not believe that attempting to break out the number of
small entities involved specifically with gift cards or stored value
cards is relevant to the analysis.\119\
---------------------------------------------------------------------------

\118\ See Alston & Bird letter, supra note 49, at 22-23.
\119\ Card systems basically operate the same way for purposes
of the Act and the rule, regardless of whether the particular card
involved is a credit card, debit card, pre-paid card, or stored-
value product. With respect to implementing the final rule's non-
exclusive examples for card systems, the relevant entities are the
card system operator, merchant acquirer bank, and the card issuer
bank. Retailers that may sell pre-paid gift cards or stored-value
products, such as grocery stores or convenience stores, are not
participants in a designated payment system, as defined by the final
rule, and thus are not covered by the final rule.
---------------------------------------------------------------------------

Based on information the Agencies had regarding the size of the
entities that commented, the Agencies have identified only one comment
letter received from a depository institution that qualifies as a
``small entity'' under regulations promulgated by the U.S. Small
Business Administration (SBA).\120\ The Agencies also received comment
letters from several trade associations whose membership could include
small entities affected by the rule.\121\ These comments raised issues
generally similar to those discussed above in the section-by-section
analysis, such as defining gambling-related terms, providing guidance
on adequate due diligence, creating a list of unlawful Internet
gambling businesses, and the burden of modifying customer agreements.
---------------------------------------------------------------------------

\120\ Comment letter from First National Bank of Morgan (Nov.
30, 2007), which questioned the public policy of imposing burden on
participants in designated payment systems to prevent Internet
gambling when other forms of gambling are permitted, such as State
lotteries and casinos. The SBA size standards to define small
business concerns in credit intermediation and related activities
are located at 13 CFR 121.201 (subsector 522).
\121\ E.g., ICBA letter, supra note 67; comment letter from the
Consumer Bankers Assoc. (Dec. 12, 2007) (hereinafter ``CBA
letter'').
---------------------------------------------------------------------------

3. Description and estimate of classes of small entities affected by
the final rule
The majority of small non-exempt participants in the five
designated payment systems (ACH systems, card systems, check collection
systems, money transmitting businesses, and wire transfer systems) that
would be affected by the rule are depository institutions. Pursuant to
the SBA size standards defining small entities, a commercial bank,
savings association, or credit union is considered a ``small entity''
if it has assets of $175 million or less.\122\ Based on call report
data for June 30, 2008, the Agencies estimate that 4,564 small banks
(out of a total of 7,699 banks), 412 small savings associations (out of
a total of 829), and 7,281 small credit unions (out of a total of
8,136), for a total of 12,257 small depository institutions, will be
directly affected by the final rule.\123\
---------------------------------------------------------------------------

\122\ 13 CFR 121.201.
\123\ Call report data include information submitted by
depository institutions on the following forms: Consolidated Reports
of Condition and Income for a Bank with Domestic and Foreign Offices
(FFIEC Form 031) and Consolidated Reports of Condition and Income
for a Bank with Domestic Offices Only (FFIEC Form 041), Thrift
Financial Report (OTS Form 1313), and NCUA Call Report (NCUA Form
5300).
---------------------------------------------------------------------------

Under the same SBA regulation, small money transmitting businesses
are those with assets of $7.0 million or less. Based in part on
information obtained from a Government Accountability Office report,
the Agencies estimate that there are approximately 253,208 money
transmitting businesses in the United States,\124\ and that 240,547 are
small entities as defined above.\125\ Section ----.3(d) of the final
rule states that only those money transmitting businesses that (1)
engage in the transmission of funds, which does not include check
cashing, currency exchange, or the issuance or redemption of money
orders, travelers' checks, and other similar instruments; and (2)
permit customers to initiate transmission of funds remotely from a
location other than a physical office of the money transmitting
business, would be subject to the rule. Moreover, Sec. ----.4(c) of
the rule exempts all participants in such a money transmitting
business, except for the operator of the system.\126\ Accordingly, only
money transmitting business operators that permit customers to initiate
transactions remotely must establish and implement written policies and
procedures reasonably designed to identify and block or otherwise
prevent or prohibit restricted transactions.
---------------------------------------------------------------------------

\124\ U.S. Government Accountability Office, ``Bank Secrecy Act:
FinCEN and IRS Need to Improve and Better Coordinate Compliance and
Data Management Efforts,'' GAO-07-212 (Dec. 2006). The Agencies note
that this report took information from multiple studies, some of
which focused on the number of ``money services businesses'' subject
to FinCEN regulation. The term ``money services business,'' by
virtue of thresholds and other criteria in FinCEN's definition,
applies to a different scope of entities than does the statutory
term ``money transmitting business.'' See 31 CFR 103.11(uu).
\125\ The estimate of 240,547 small money transmitting
businesses is the same estimate that is contained in the NPRM. The
Agencies expressly solicited comment in the NPRM on the number of
small entities to which the proposed rule would apply. The Agencies
did not receive any comments during the comment period disputing the
Agencies' specific estimates and providing an explanation of why the
estimates were being disputed.
\126\ The proposed rule designated money transmitting businesses
as a payment system subject to the rule and did not provide any
exemptions for participants in a money transmitting business.
---------------------------------------------------------------------------

Based on consultations with representatives of the money
transmitting industry, the Agencies believe that most small money
transmitting business operators do not permit customers to initiate
transmissions of funds remotely from a location other than a physical
office of the money transmitting business.\127\ Moreover, those
operators that do permit customers to initiate transactions remotely--
for example Western Union, MoneyGram, and PayPal--generally have asset
sizes that are above the ``small entity'' definition under the SBA
regulations. As a result, the Agencies estimate that of the estimated
240,547 small money transmitting businesses, no more than 10 consist of
operators that permit customers to initiate transmission of funds
transactions remotely. The Agencies thus estimate that only 10 small
money transmitting business operators will be affected by the final
rule.
---------------------------------------------------------------------------

\127\ See summary of conference call with the National Money
Transmitters Association (call date June 3, 2007) (hereinafter
``NMTA call summary'') p.1. (``The business of most smaller [money
transmitter organizations] is person-to-person remittances.
Furthermore, most smaller MTOs do not allow Internet-initiated
transactions--a customer is usually required to visit an agent
location in person in order to perform a transaction.'')
---------------------------------------------------------------------------

The Agencies thus estimate that approximately 12,267 small entities
will be subject to the final rule. When compared to the estimate
contained in the proposed rule of 253,368 small entities, the Agencies
believe that under the final rule approximately 241,101 fewer small
entities will have to comply with the final rule.
4. Recordkeeping, Reporting and Other Compliance Requirements
The extent to which small entities will be affected by the final
rule depends on several variables, including

[[Page 69401]]

which designated payment systems they participate in, the composition
of their customer base, and whether the entities are able to rely on
policies and procedures established and implemented by the designated
payment system. The final rule (as mandated by the Act) requires all
non-exempt participants to establish and implement written policies and
procedures reasonably designed to identify and block or otherwise
prevent or prohibit restricted transactions. The final rule contains
non-exclusive examples of reasonably designed policies and procedures
for participants in each designated payment system; however, the final
rule expressly permits non-exempt participants to design and implement
policies and procedures tailored to their business that may be
different than the examples provided in the final rule.
The Agencies believe that most small entities participating in ACH
systems, card systems, check collection systems and wire transfer
systems will be small depository institutions, including credit unions.
If a small depository institution chooses to follow the final rule's
non-exclusive examples for ACH, check collection, and wire transfer
systems set out in Sec. ----.6, they should develop policies and
procedures for conducting due diligence of commercial customers to
determine the risk the commercial customer presents of engaging in an
Internet gambling business. The due diligence examples in the final
rule also suggest that non-exempt participants notify all commercial
customers, through the account agreement or other means available, that
restricted transactions are prohibited from being processed through the
account or relationship. Developing such conforming policies and
procedures would likely require input from legal counsel and management
familiar with the small entity's existing account-opening, account
maintenance and due diligence procedures. The small entity's senior
management also would likely need to be involved in developing the
policies and procedures to ensure they are compatible with the
company's business plans.
In addition to policies and procedures for due diligence, the final
rule's non-exclusive examples also suggest including remedial action
procedures to be followed in situations where the participant has
actual knowledge that a commercial customer has processed restricted
transactions through the participant's facilities. Developing such
procedures would likely require input from legal counsel and compliance
personnel to integrate these procedures into the institution's existing
compliance program.
After the policies and procedures are designed and in place, the
Agencies anticipate that the actual implementation burden would be
shifted more toward the management, clerical, and technical functions
of the institution that would be interfacing directly with the
commercial customers. Training in the new policies and procedures would
be necessary for customer relations staff. In addition, involvement of
audit and compliance personnel would be necessary for audit and testing
of the new policies and procedures. Legal counsel, management, and
compliance personnel may be required to address issues that arise with
commercial customers that due diligence indicates may be engaged in an
Internet gambling business.
The Agencies anticipate that a depository institution that
qualifies as a small entity and participates in ACH, check, and wire-
transfer systems would be able to establish and implement the same due
diligence policies and procedures for commercial customers across all
three of those systems for purposes of the final rule. The institution
will not need to establish and implement separate policies and
procedures for each of these designated payment systems. Additionally,
credit unions, which constitute the majority of depository institutions
that qualify as small entities, generally have few, if any, commercial
customers because of the nature of their business. The final rule's due
diligence examples only apply to commercial customers, so an
institution with few or no commercial customer accounts would have
relatively minimal implementation burden. Further, even if a depository
institution that qualifies as a small entity does have such customers,
the vast majority of commercial customers will not present more than a
minimal risk of engaging in an Internet gambling business, so the due
diligence burden would be minimal.
A small entity that participates in a card system and chooses to
follow the card system examples in the final rule should largely be
able to rely on the policies and procedures established by the operator
of the card system, such as Visa or MasterCard.\128\ In general, such
small depository institutions will rely on the transaction coding of
the card system to determine whether to authorize or deny authorization
for a transaction that the card system's coding procedure indicates may
be a restricted transaction. Many small depository institutions had
already made the business decision, prior to the Act and this rule's
effective date, to implement these processes, such that this rule may
impose only minimal additional burden in this respect. Moreover, a
small depository institution may agree to have the card system operator
or a third-party processor make transaction authorization decisions on
its behalf as its agent. Following the card system example in the final
rule may require a small entity participant to seek input from legal
counsel and technical personnel familiar with the coding framework and
transaction authorization process used by the card system in which the
small entity participates, although, based on comments received, the
Agencies believe that many card issuing banks and card systems already
have such procedures in place.\129\
---------------------------------------------------------------------------

\128\ The Agencies have added a new Sec. ----.5(c) to the rule
stating that a participant in a designated payment system, such as a
small depository institution participating in a card system, may
rely on a written statement or notice by the operator of that system
that the system's policies and procedures comply with the
requirements of this rule.
\129\ See, e.g., MasterCard letter, supra note 53, at 3.
---------------------------------------------------------------------------

Small entities in money transmitting businesses would, to a large
extent, be ``send'' or ``receive'' agents that participate in systems
operated by Western Union, MoneyGram, or similar entities. The final
rule provides exemptions for all participants in a money transmitting
business, except for the operator. The Agencies anticipate that these
exemptions will completely eliminate the burden for such small
entities. In addition, the final rule extends only to those money
transmitting business operators that permit customers to initiate money
transmission transactions remotely from a location other than a
physical location of the money transmitting business. As noted earlier,
the National Money Transmitters Association (NMTA), a trade association
representing small- to medium-sized money transmitting organizations,
indicated that most smaller money transmitting organizations do not
allow Internet-initiated transactions and require a customer to visit
an agent location in person in order to initiate a transaction.\130\
---------------------------------------------------------------------------

\130\ NMTA call summary, supra note 41, at 1.
---------------------------------------------------------------------------

For those few small money transmitting business operators subject
to the final rule which choose to follow the final rule's examples, the
operator would need to design and implement policies and procedures for
conducting due diligence on its commercial

[[Page 69402]]

customers at the establishment of the account or relationship similar
to the due diligence described above for ACH, check collection, and
wire transfer systems. The final rule's examples also suggest that the
operator notify all commercial customers, through the account agreement
or other means available, that restricted transactions are prohibited
from being processed through the account or relationship. Developing
such conforming policies and procedures would likely require input from
legal counsel and management as described above for ACH, check
collection, and wire transfer systems. Implementation of due diligence
and remedial action policies and procedures would also require input
from legal counsel, management, technical, audit, and compliance
personnel similar to that required for the ACH, check collection, and
wire transfer systems.
In addition, the final rule's money transmitting business examples
suggest that an operator's policies and procedures should include
procedures regarding ongoing monitoring or testing to detect potential
restricted transactions, such as monitoring and analyzing payment
patterns to detect suspicious payment volumes to any recipient. Such
procedures would likely be facilitated by technical expertise and
software from an outside vendor; however, the final rule's examples do
not require using a vendor. In fact, the NMTA indicated that the
smallest money transmitting organizations are sometimes the best at
spotting anomalous transactions, even without computers. The NMTA
stated that such businesses keep detailed records and tend to know all
of their customers, and thus can quickly spot anomalous
transactions.\131\
---------------------------------------------------------------------------

\131\ NMTA call summary, supra note 41, at 1-2.
---------------------------------------------------------------------------

5. Steps Taken To Minimize the Economic Impact on Small Entities
As discussed in the preamble to this final rule, the Agencies
considered many approaches to minimize the burden of the rule on non-
exempt participants, including small entities, while carrying out the
mandates of the Act. Consistent with the Act, the final rule has been
designed for maximum flexibility with respect to non-exempt
participants, including small entities. First, the final rule only
requires non-exempt participants to establish and implement reasonably
designed policies and procedures. The final rule does not prescribe any
design standards (such as requiring the use of a specific technology)
or performance standards for such policies and procedures. Second, the
examples of reasonably designed policies and procedures provided in
Sec. ----.6 of the final rule are non-exclusive and non-prescriptive.
Specifically, a non-exempt participant, including a small entity, is
permitted to design and implement policies and procedures tailored to
its business that may be different than the examples provided in the
final rule. Participants may also tailor different policies and
procedures with respect to different business lines or different parts
of its organization. Third, the Agencies have made a number of changes
in the final rule in response to public comments on the proposed rule
in order to reduce the burden the Act and the rule impose on payment
system participants, including small entities.
The proposed rule designated money transmitting businesses as a
payment system subject to the rule and did not provide any exemptions
for particular participants in a money transmitting business.
Commenters suggested that the Agencies consider exempting small money
transmitters or, at a minimum, send agents of money transmitting
businesses from the rule.\132\ In addition, commenters suggested that
the designation of money transmitting businesses in the proposed rule
was too broad and included entities that were not intended to be
included by the Act.\133\ As discussed above, the final rule's listing
of money transmitting businesses as a designated payment system subject
to the rule has been narrowed to include only those money transmitting
businesses that (1) engage in the transmission of funds, which does not
include check cashing, currency exchange, or the issuance or redemption
of money orders, travelers' checks, and other similar instruments; and
(2) permit customers to initiate transmission of funds remotely from a
location other than a physical office of the money transmitting
business. Based on comments from the NMTA, these changes would exclude
most small money transmitting businesses. Moreover, the final rule
provides an exemption for all participants in a designated money
transmitting business except for the operator. As noted above, the
Agencies believe that almost all of the estimated 240,547 small
participants in money transmitting businesses are participants other
than operators. Accordingly, these small entities will not be affected
by the rule.
---------------------------------------------------------------------------

\132\ E.g. Advocacy letter, supra note 106 at 4; see also TMSRT
letter, supra note 35 at 3-4.
\133\ E.g., TMSRT letter, supra note 35 at 2.
---------------------------------------------------------------------------

The proposed rule reiterated the Act's provision that permits
participants in a designated payment system to comply with the rule's
requirement to establish and implement reasonably designed policies and
procedures by relying on and complying with the policies and procedures
of the designated payment system if, among other things, such policies
and procedures complied with the requirements of the proposed rule.
Commenters expressed concern, however, with the value of this provision
if a participant was unsure whether the designated payment system's
policies and procedures complied with the rule and the Act.\134\ This
issue would be particularly relevant to small entities that would be
more likely to be participants in a designated payment system than an
operator and would be more likely to take advantage of this authority
to rely on the system's policies and procedures, rather than incurring
the cost of designing and implementing their own policies and
procedures. The Agencies addressed this concern in the final rule by
permitting a participant to rely on the policies and procedures of its
designated payment system if the operator of that system has stated to
its participants that the operator has designed or structured the
system's policies and procedures to comply with the requirements of the
final rule, unless the participant is notified otherwise by its Federal
functional regulator or, in the case of participants that are not
directly supervised by a Federal functional regulator, the Federal
Trade Commission.
---------------------------------------------------------------------------

\134\ E.g., CBA letter, supra note 121, at 4.
---------------------------------------------------------------------------

The proposed rule's non-exclusive examples also indicated that non-
exempt participants in designated payment systems should conduct due
diligence in ``establishing or maintaining'' a commercial customer
relationship to ensure that the customer does not process restricted
transactions. Commenters noted the significant burden that would be
imposed by reviewing all of an institution's existing commercial
customer accounts to ensure that they did not process restricted
transactions.\135\ The final rule's examples for ACH, check collection,
and wire transfer systems recommends that non-exempt participants
conduct due diligence at the establishment of the commercial account or
relationship. If a non-exempt participant has actual knowledge that an
existing commercial customer engages in an Internet gambling business,
the final rule's non-exclusive policies and

[[Page 69403]]

procedures suggest that the participant conduct due diligence on that
customer similar to what is contemplated for new customers. Commenters
also suggested that the final rule provide more guidance on the due
diligence that would be deemed sufficient.\136\ In response to these
comments, the final rule provides detailed steps that a participant can
choose to take to conduct reasonable risk-based due diligence as
contemplated by the final rule's examples.
---------------------------------------------------------------------------

\135\ E.g., BB&T letter, supra note 67, at 2.
\136\ See, e.g., comment letter from the State Dept. Federal
Credit Union (Dec. 13, 2007) p. 2.
---------------------------------------------------------------------------

The proposed rule's designated payment system examples also
suggested including as a term of commercial customer agreements that
the customer may not engage in restricted transactions through the
participant's facilities. Numerous commenters stated that such a
requirement to modify existing agreements would be unduly
burdensome.\137\ In addition, commenters noted that typical customer
agreements already include a prohibition against unlawful transactions,
so modifying the agreement to specifically include restricted
transactions in this prohibition would be unnecessary.\138\ Based on
the comments, the final rule does not contemplate that non-exempt
participants in designated payment systems will modify their account
agreements with existing commercial customers, but instead contemplates
that participants will notify commercial customers that the
participant's facilities may not be used to process restricted
transactions. Such notification could be accomplished through a term in
the commercial customer agreements, through a notice sent to the
customer, or through some other method.
---------------------------------------------------------------------------

\137\ See, e.g., comment letter from the Electronic Check
Clearing House Organization (Dec. 10, 2007) p. 3.
\138\ See, e.g., The Clearing House letter, supra note 14, at 9.
---------------------------------------------------------------------------

The NPRM also set forth a proposed effective date for the final
rule of six months after its publication. Many commenters stated that
this was insufficient time to implement the rule. A longer period would
be particularly relevant for small entities because they would most
likely be participants in a designated payment system, rather than an
operator. Commenters stated that designated payment systems must first
develop their policies and procedures before participants will be able
to conform their policies and procedures.\139\ As explained above in
the preamble, the Agencies have established a compliance date for the
final rule 12 months from its publication. This longer period will give
small entities more time to establish and implement policies and
procedures reasonably designed to identify and block or otherwise
prevent restricted transactions, and may thereby reduce small entities'
costs of complying with the rule.
---------------------------------------------------------------------------

\139\ See, e.g., NACHA letter, supra note 38, at 5.
---------------------------------------------------------------------------

Commenters also recommended some significant alternatives to
approaches adopted in the proposed rule that the Agencies have not
adopted in the final rule. Some of these suggestions may have reduced
the burden imposed by the rule on some small entities, but were
rejected by the Agencies for factual, policy, or legal reasons. For
example, the final rule does not contemplate that any government entity
will create, publish, and maintain a list of unlawful Internet gambling
businesses. Several commenters indicated that such a list would assist
financial institutions in identifying Internet gambling
operations.\140\ After carefully considering this issue, including the
numerous comments both for and against such a list, for the reasons
discussed at length above, the Agencies have concluded that such a list
would not be effective or efficient. In addition, the final rule's non-
exclusive due diligence policies and procedures shift the burden of
distinguishing lawful from unlawful Internet gambling from participants
in designated payment systems to the Internet gambling businesses.
---------------------------------------------------------------------------

\140\ E.g., Wells Fargo letter, supra note 19, at 23-24.
---------------------------------------------------------------------------

Some commenters also suggested that the Agencies exempt from the
rule all participants in the ACH, check, and wire-transfer systems or
exclude such systems from the list of designated payment systems.\141\
While such an approach would reduce the burden of the rule on small
depository institutions, it would also substantially undermine the
efficacy of the rule. Section 5364(b)(3) of the Act states that the
Agencies shall exempt certain restricted transactions or designated
payment systems from the rule if the Agencies jointly find that it is
not reasonably practical to identify and block or otherwise prevent or
prohibit restricted transactions. The Agencies believe that it is
reasonably practical for participants in designated payment systems,
including small entities, to implement certain policies and procedures,
such as those contained in Sec. ----.6 of the final rule, that will
constitute policies and procedures reasonably designed to prevent or
prohibit restricted transactions. Accordingly, the Agencies have
determined that blanket exemptions for the ACH, check, and wire-
transfer systems would not be appropriate given the standard for an
exemption set forth in section 5364(b)(3) of the Act.
---------------------------------------------------------------------------

\141\ See, e.g., M&T Bank letter, supra note 45, at 4.
---------------------------------------------------------------------------

E. Paperwork Reduction Act Analysis

In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C.
3506; 5 CFR 1320 Appendix A.1), the Board has reviewed the final rule.
The collection of information contained in the Treasury's final rule
has been reviewed and approved by OMB in accordance with the
requirements of the Paperwork Reduction Act of 1995 (44 U.S.C.
3507(d)). The Agencies may not conduct or sponsor, and an organization
is not required to respond to, a collection of information unless it
displays a currently valid OMB control number. The OMB control numbers
are 1505-0204 for the Treasury and 7100-0317 for the Board.
The collection of information that is required by this final
rulemaking is found in sections 5 and 6. This collection of information
is required by section 802 of the Act, which requires the Agencies to
prescribe joint regulations requiring each designated payment system,
and all participants in such systems, to identify and block or
otherwise prevent or prohibit restricted transactions through the
establishment of policies and procedures reasonably designed to prevent
or prohibit restricted transactions. The final rule implements this
requirement by requiring all non-exempt participants in designated
payment systems to establish and implement written policies and
procedures reasonably designed to identify and block or otherwise
prevent or prohibit restricted transactions.
The recordkeepers are businesses or other for-profit and not-for-
profit organizations that include depository institutions (commercial
banks, savings associations, and credit unions), third-party
processors, and card system operators, and money transmitting business
operators. The final rule does not include a specific time period for
record retention; however, non-exempt participants would be required to
maintain the policies and procedures for a particular designated
payment system as long as they participate in that system.
The Agencies collectively received seven comment letters (from a
law firm, a depository institution, a member of Congress, an
individual, a government agency, and two business/trade

[[Page 69404]]

associations) that addressed the paperwork issues. Five comment letters
specifically addressed the burden estimates, one letter stated that the
Agencies could provide more rigorous burden estimates, and one letter
questioned the Board's monetized cost to the public as provided in its
OMB Supporting Statement posted on the Board's public Web site.
Broadly, all commenters stated that the paperwork burden estimates were
too low; therefore, the Agencies have substantially increased the
burden estimates.
Additionally, some of these commenters stated that the Agencies did
not adequately identify the number of entities that would incur
paperwork burden under the rule.\142\ The Agencies continue to believe
that their methodology for estimating the number of regulated entities
is generally accurate. The Board's and Treasury's burden estimates (as
provided in each Agency's OMB supporting statements for this
rulemaking) each reflect only about half of the rulemaking's burden on
regulated entities. The Agencies have agreed to split equally the total
number of recordkeepers not subject to examination and supervision by
either the Board or the Treasury's Office of the Comptroller of the
Currency and Office of Thrift Supervision.
---------------------------------------------------------------------------

\142\ One commenter expressed concern specifically regarding the
number of entities involved in stored value cards and gift cards
that would be subject to the rule's recordkeeping requirements. See
Alston & Bird letter, supra note 49, at 23 With respect to
implementing the final rule's non-exclusive examples for card
systems, the relevant entities are the card system operators,
merchant acquirers, and the card issuers. Retailers, such as grocery
stores or convenience stores, are not participants in a designated
payment system, as defined by the final rule, by virtue of their
selling pre-paid gift cards or stored value products and thus are
not covered by the final rule.
---------------------------------------------------------------------------

The final rule provides exemptions for all participants in a money
transmitting business, except for the operator. Small entities in money
transmitting businesses would, to a large extent, be send or receive
agents that participate in systems operated by Western Union,
MoneyGram, or similar entities. Accordingly, they are exempt from the
final rule and are not included in the estimated number of
recordkeepers below. Also, the Agencies clarified in the final rule
that money transmitting businesses are subject to the rule solely to
the extent they engage in the transmission of funds, which does not
include check cashing, currency exchange, or the issuance or redemption
of money orders, travelers' checks, and other similar instruments. This
change would reduce the number of money transmitting businesses that
are subject to the recordkeeping requirements. Also, in the final rule,
the Agencies clarified that the requirement to establish and implement
written policies and procedures applies only to U.S. offices of
participants in designated payment systems.
Depository institutions are the primary non-exempt participants for
the ACH, card, check collection, and wire transfer systems subject to
the rule. Accordingly, non-exempt depository institutions in such
designated payment systems would be subject to the recordkeeping
requirement of establishing and implementing written policies and
procedures reasonably designed to prevent or prohibit restricted
transactions to the extent that they participate in such systems.
Respondent burden:
For the purpose of estimating burden and accounting for it with
OMB, the total number of depository institutions listed for each Agency
includes the number of entities regulated by the Agency and half of the
remaining depository institutions and third-party processors. Each
Agency is also accounting for the burden for half of the card system
operators and money transmitting business operators to which the
Agencies estimate the final rule applies.
Federal Reserve:
Estimated number of recordkeepers: 3,459 commercial banks, 4,068
credit unions, 3 card system operators, and 8 money transmitting
business operators.
Estimated average annual burden hours per recordkeeper: One-time
burden 100 hours for commercial banks and card system operators, 20
hours for credit unions, and 120 hours for money transmitting business
operators. Ongoing annual burden of 8 hours per recordkeeper.
Estimated frequency: Annually.
Estimated total annual recordkeeping burden: One-time burden,
428,520 hours and ongoing burden, 60,304 hours.
Treasury:
Estimated number of recordkeepers: 4,240 commercial banks, 829
savings associations, 4,068 credit unions, 3 card system operators, and
8 money transmitting business operators.
Estimated average annual burden hours per recordkeeper: One-time
burden of 100 hours for commercial banks, savings associations and card
system operators; 20 hours for credit unions; and 120 hours for money
transmitting business operators. Ongoing annual burden of 8 hours per
recordkeeper.
Estimated frequency: Annually.
Estimated total annual recordkeeping burden: One-time burden,
589,520 hours and ongoing burden, 73,184 hours.
Based on these estimates, the PRA burden for regulated entities is
approximately one million hours:

----------------------------------------------------------------------------------------------------------------
Number of Number of hours spent (one-time
recordkeepers burden)
----------------------------------------------------------------------------------------------------------------
Treasury................................. 9,148 \143\ varies..................... 589,520
Federal Reserve.......................... 7,538 \144\ varies..................... 428,520
----------------------------------------------------------------------
Total PRA Burden Hours for All ................ ................................. 1,018,040
Regulated Entities.
----------------------------------------------------------------------------------------------------------------

The one-time burden imposed by the Act requires non-exempt
participants to establish policies and procedures. The Agencies
estimate that this initial burden will average 100 hours per commercial
bank, savings association, and card system operator, 20 hours per
credit union, and 120 hours per money transmitting business operator.
The Agencies also estimate that the ongoing burden of maintaining the
policies and

[[Page 69405]]

procedures once they are established will be 8 hours per recordkeeper.
---------------------------------------------------------------------------

\143\ The one-time burden hours for the 4,240 commercial banks,
829 savings associations, and 3 card system operators is 100 hours
each. The one-time burden for 4,068 credit unions is 20 hours each.
The one-time burden for 8 money transmitting business operators is
120 hours each.
\144\ The one-time burden hours for the 3,459 commercial banks
and 3 card system operators is 100 hours each. The one-time burden
for 4,068 credit unions is 20 hours each. The one-time burden for 8
money transmitting business operators is 120 hours each.
---------------------------------------------------------------------------

The Agencies further estimate (as provided in each Agency's OMB
Supporting Statement) the total start-up cost for the banking, card
system, and money transmitting industries to be $88,518,578.\145\
---------------------------------------------------------------------------

\145\ Total cost to the banking, card system, and money
transmitting industries was estimated using the following formula.
Percent of staff time, multiplied by annual burden hours, multiplied
by hourly rate: 20% Clerical @ $25, 25% Managerial or Technical @
$55, 25% Senior Management @ $100, and 30% Legal Counsel @ $144.
Hourly rate estimates for each occupational group are averages using
data from the Bureau of Labor and Statistics, Occupational
Employment and Wages, news release.
---------------------------------------------------------------------------

The total estimated recordkeeping cost for all regulated entities
is over $88.5 million:

Total PRA burden hours.................................. 1,018,040
Average adjusted rate of avg. wage for recordkeeping.... $86.95
Total PRA Cost to Regulated Entities.................... $88,518,578

Because the records would be maintained at the institutions and
notices are not provided to the Agencies, no issue of confidentiality
under the Freedom of Information Act arises. The Agencies have a
continuing interest in the public's opinion of our collections of
information. At any time, comments regarding the burden estimate, or
any other aspect of this collection of information, including
suggestions for reducing the burden may be sent to: Office of Critical
Infrastructure Protection and Compliance Policy, Department of the
Treasury, Main Treasury Building, Room 1327, 1500 Pennsylvania Avenue,
NW., Washington, DC 20220 ; Secretary, Board of Governors of the
Federal Reserve System, 20th and C Streets, NW., Washington, DC 20551;
and to the Office of Management and Budget, Paperwork Reduction Project
(1505-0204 for Treasury or 7100-0317 for the Board), Washington, DC
20503.

F. Plain Language

Each Federal banking agency, such as the Board, is required to use
plain language in all proposed and final rulemakings published after
January 1, 2000. 12 U.S.C. 4809. In addition, in 1998, the President
issued a memorandum directing each agency in the Executive branch, such
as Treasury, to use plain language for all new proposed and final
rulemaking documents issued on or after January 1, 1999. The Agencies
have sought to present the final rule, to the extent possible, in a
simple and straightforward manner.

IV. Statutory Authority

Pursuant to the authority set out in the Act and particularly
section 802 (codified at 31 U.S.C. 5361 et seq.), the Board amends
Chapter II of Title 12 of the Code of Federal Regulations and the
Treasury amends Chapter I of Title 31 of the Code of Federal
Regulations by adding the common rules set out below.

V. Text of Final Rules

List of Subjects

12 CFR Part 233

Banks, Banking, Electronic funds transfers, Incorporation by
reference, Internet gambling, Payments, Recordkeeping.

31 CFR Part 132

Banks, Banking, Electronic funds transfers, Incorporation by
reference, Internet gambling, Payments, Recordkeeping.

Federal Reserve System

Authority and Issuance

0
For the reasons set forth in the preamble, the Board amends Title 12,
Chapter II of the Code of Federal Regulations by adding a new part 233
as set forth under Common Rules at the end of this document:

PART 233--PROHIBITION ON FUNDING OF UNLAWFUL INTERNET GAMBLING
(REGULATION GG)

Sec.
233.1 Authority, purpose, and incorporation by reference.
233.2 Definitions.
233.3 Designated payment systems.
233.4 Exemptions.
233.5 Policies and procedures required.
233.6 Non-exclusive examples of policies and procedures.
233.7 Regulatory enforcement.
Appendix A to Part 233--Model Notice

Authority: 31 U.S.C. 5364.

Department of the Treasury

Authority and Issuance

0
For the reasons set forth in the preamble, Treasury amends Title 31,
Chapter I of the Code of Federal Regulations by adding a new part 132
as set forth under Common Rules at the end of this document:

PART 132--PROHIBITION ON FUNDING OF UNLAWFUL INTERNET GAMBLING

Sec.
132.1 Authority, purpose, and incorporation by reference.
132.2 Definitions.
132.3 Designated payment systems.
132.4 Exemptions.
132.5 Policies and procedures required.
132.6 Non-exclusive examples of policies and procedures.
132.7 Regulatory enforcement.
Appendix A to Part 132--Model Notice

Authority: 31 U.S.C. 321 and 5364.

Common Rules

The common rules added by the Board as part 233 of Title 12,
Chapter II of the Code of Federal Regulations and by Treasury as part
132 of Title 31, Chapter I of the Code of Federal Regulations follow:

Sec. ----.1 Authority, purpose, collection of information, and
incorporation by reference.

(a) Authority. This part is issued jointly by the Board of
Governors of the Federal Reserve System (Board) and the Secretary of
the Department of the Treasury (Treasury) under section 802 of the
Unlawful Internet Gambling Enforcement Act of 2006 (Act) (enacted as
Title VIII of the Security and Accountability For Every Port Act of
2006, Pub. L. No. 109-347, 120 Stat. 1884, and codified at 31 U.S.C.
5361-5367). The Act states that none of its provisions shall be
construed as altering, limiting, or extending any Federal or State law
or Tribal-State compact prohibiting, permitting, or regulating gambling
within the United States. See 31 U.S.C. 5361(b). In addition, the Act
states that its provisions are not intended to change which activities
related to horseracing may or may not be allowed under Federal law, are
not intended to change the existing relationship between the Interstate
Horseracing Act of 1978 (IHA) (15 U.S.C. 3001 et seq.) and other
Federal statutes in effect on October 13, 2006, the date of the Act's
enactment, and are not intended to resolve any existing disagreements
over how to interpret the relationship between the IHA and other
Federal statutes. See 31 U.S.C. 5362(10)(D)(iii). This part is intended
to be consistent with these provisions.
(b) Purpose. The purpose of this part is to issue implementing
regulations as required by the Act. The part sets out necessary
definitions, designates payment systems subject to the requirements of
this part, exempts certain participants in designated payment systems
from certain requirements of this part, provides nonexclusive examples
of policies and procedures reasonably designed to identify and block,
or otherwise prevent and prohibit, restricted transactions, and sets
out the Federal entities that have exclusive regulatory enforcement
authority with respect to the designated

[[Page 69406]]

payments systems and non-exempt participants therein.
(c) Collection of information. The Office of Management and Budget
(OMB) has approved the collection of information requirements in this
part for the Department of the Treasury and assigned OMB control number
1505-0204. The Board has approved the collection of information
requirements in this part under the authority delegated to the Board by
OMB, and assigned OMB control number 7100-0317.
(d) Incorporation by reference--relevant definitions from ACH
rules.
(1) This part incorporates by reference the relevant definitions of
ACH terms as published in the ``2008 ACH Rules: A Complete Guide to
Rules & Regulations Governing the ACH Network'' (the ``ACH Rules'').
The Director of the Federal Register approves this incorporation by
reference in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. Copies
of the ``2008 ACH Rules'' are available from the National Automated
Clearing House Association, Suite 100, 13450 Sunrise Valley Drive,
Herndon, Virginia 20171, http://nacha.org, (703) 561-1100. Copies also
are available for public inspection at the Department of Treasury
Library, Room 1428, Main Treasury Building, 1500 Pennsylvania Avenue,
NW., Washington, DC 20220, and the National Archives and Records
Administration (NARA). Before visiting the Treasury library, you must
call (202) 622-0990 for an appointment. For information on the
availability of this material at NARA, call (202) 741-6030, or go to:
http://www.archives.gov/federal_register/code_of_federal_regulations/ibr_locations.html 20002.
(2) Any amendment to definitions of the relevant ACH terms in the
ACH Rules shall not apply to this part unless the Treasury and the
Board jointly accept such amendment by publishing notice of acceptance
of the amendment to this part in the Federal Register. An amendment to
the definition of a relevant ACH term in the ACH Rules that is accepted
by the Treasury and the Board shall apply to this part on the effective
date of the rulemaking specified by the Treasury and the Board in the
joint Federal Register notice expressly accepting such amendment.

Sec. ----.2 Definitions.

The following definitions apply solely for purposes of this part:
(a) Actual knowledge with respect to a transaction or commercial
customer means when a particular fact with respect to that transaction
or commercial customer is known by or brought to the attention of:
(1) An individual in the organization responsible for the
organization's compliance function with respect to that transaction or
commercial customer; or
(2) An officer of the organization.
(b) Automated clearing house system or ACH system means a funds
transfer system, primarily governed by the ACH Rules, which provides
for the clearing and settlement of batched electronic entries for
participating financial institutions. When referring to ACH systems,
the terms in this regulation (such as ``originating depository
financial institution,'' ``operator,'' ``originating gateway
operator,'' ``receiving depository financial institution,'' ``receiving
gateway operator,'' and ``third-party sender'') are defined as those
terms are defined in the ACH Rules.
(c) Bet or wager:
(1) Means the staking or risking by any person of something of
value upon the outcome of a contest of others, a sporting event, or a
game subject to chance, upon an agreement or understanding that the
person or another person will receive something of value in the event
of a certain outcome;
(2) Includes the purchase of a chance or opportunity to win a
lottery or other prize (which opportunity to win is predominantly
subject to chance);
(3) Includes any scheme of a type described in 28 U.S.C. 3702;
(4) Includes any instructions or information pertaining to the
establishment or movement of funds by the bettor or customer in, to, or
from an account with the business of betting or wagering (which does
not include the activities of a financial transaction provider, or any
interactive computer service or telecommunications service); and
(5) Does not include--
(i) Any activity governed by the securities laws (as that term is
defined in section 3(a)(47) of the Securities Exchange Act of 1934 (15
U.S.C. 78c(a)(47)) for the purchase or sale of securities (as that term
is defined in section 3(a)(10) of that act (15 U.S.C. 78c(a)(10));
(ii) Any transaction conducted on or subject to the rules of a
registered entity or exempt board of trade under the Commodity Exchange
Act (7 U.S.C. 1 et seq.);
(iii) Any over-the-counter derivative instrument;
(iv) Any other transaction that--
(A) Is excluded or exempt from regulation under the Commodity
Exchange Act (7 U.S.C. 1 et seq.); or
(B) Is exempt from State gaming or bucket shop laws under section
12(e) of the Commodity Exchange Act (7 U.S.C. 16(e)) or section 28(a)
of the Securities Exchange Act of 1934 (15 U.S.C. 78bb(a));
(v) Any contract of indemnity or guarantee;
(vi) Any contract for insurance;
(vii) Any deposit or other transaction with an insured depository
institution;
(viii) Participation in any game or contest in which participants
do not stake or risk anything of value other than--
(A) Personal efforts of the participants in playing the game or
contest or obtaining access to the Internet; or
(B) Points or credits that the sponsor of the game or contest
provides to participants free of charge and that can be used or
redeemed only for participation in games or contests offered by the
sponsor; or
(ix) Participation in any fantasy or simulation sports game or
educational game or contest in which (if the game or contest involves a
team or teams) no fantasy or simulation sports team is based on the
current membership of an actual team that is a member of an amateur or
professional sports organization (as those terms are defined in 28
U.S.C. 3701) and that meets the following conditions:
(A) All prizes and awards offered to winning participants are
established and made known to the participants in advance of the game
or contest and their value is not determined by the number of
participants or the amount of any fees paid by those participants.
(B) All winning outcomes reflect the relative knowledge and skill
of the participants and are determined predominantly by accumulated
statistical results of the performance of individuals (athletes in the
case of sports events) in multiple real-world sporting or other events.
(C) No winning outcome is based--
(1) On the score, point-spread, or any performance or performances
of any single real-world team or any combination of such teams, or
(2 ) Solely on any single performance of an individual athlete in
any single real-world sporting or other event.
(d) Block means to reject a particular transaction before or during
processing, but it does not require freezing or otherwise prohibiting
subsequent transfers or transactions regarding the proceeds or account.
(e) Card issuer means any person who issues a credit card, debit
card, pre-paid card, or stored value card, or the agent of such person
with respect to such card.

[[Page 69407]]

(f) Card system means a system for authorizing, clearing and
settling transactions in which credit cards, debit cards, pre-paid
cards, or stored value cards (such cards being issued or authorized by
the operator of the system), are used to purchase goods or services or
to obtain a cash advance. The term includes systems both in which the
merchant acquirer, card issuer, and system operator are separate
entities and in which more than one of these roles are performed by the
same entity.
(g) Check clearing house means an association of banks or other
payors that regularly exchange checks for collection or return.
(h) Check collection system means an interbank system for
collecting, presenting, returning, and settling for checks or intrabank
system for settling for checks deposited in and drawn on the same bank.
When referring to check collection systems, the terms in this
regulation (such as ``paying bank,'' ``collecting bank,'' ``depositary
bank,'' ``returning bank,'' and ``check'') are defined as those terms
are defined in 12 CFR 229.2. For purposes of this part, ``check'' also
includes an electronic representation of a check that a bank agrees to
handle as a check.
(i) Commercial customer means a person that is not a consumer and
that contracts with a non-exempt participant in a designated payment
system to receive, or otherwise accesses, payment transaction services
through that non-exempt participant.
(j) Consumer means a natural person.
(k) Designated payment system means a system listed in Sec. --
--.3.
(l) Electronic fund transfer has the same meaning given the term in
section 903 of the Electronic Fund Transfer Act (15 U.S.C. 1693a),
except that such term includes transfers that would otherwise be
excluded under section 903(6)(E) of that act (15 U.S.C. 1693a(6)(E)),
and includes any funds transfer covered by Article 4A of the Uniform
Commercial Code, as in effect in any State.
(m) Financial institution means a State or national bank, a State
or Federal savings and loan association, a mutual savings bank, a State
or Federal credit union, or any other person that, directly or
indirectly, holds an account belonging to a consumer. The term does not
include a casino, sports book, or other business at or through which
bets or wagers may be placed or received.
(n) Financial transaction provider means a creditor, credit card
issuer, financial institution, operator of a terminal at which an
electronic fund transfer may be initiated, money transmitting business,
or international, national, regional, or local payment network utilized
to effect a credit transaction, electronic fund transfer, stored value
product transaction, or money transmitting service, or a participant in
such network, or other participant in a designated payment system.
(o) Foreign banking office means:
(1) Any non-U.S. office of a financial institution; and
(2) Any non-U.S. office of a foreign bank as described in 12 U.S.C.
3101(7).
(p) Interactive computer service means any information service,
system, or access software provider that provides or enables computer
access by multiple users to a computer server, including specifically a
service or system that provides access to the Internet and such systems
operated or services offered by libraries or educational institutions.
(q) Internet means the international computer network of
interoperable packet switched data networks.
(r) Internet gambling business means the business of placing,
receiving or otherwise knowingly transmitting a bet or wager by any
means which involves the use, at least in part, of the Internet, but
does not include the performance of the customary activities of a
financial transaction provider, or any interactive computer service or
telecommunications service.
(s) Intrastate transaction means placing, receiving, or otherwise
transmitting a bet or wager where--
(1) The bet or wager is initiated and received or otherwise made
exclusively within a single State;
(2) The bet or wager and the method by which the bet or wager is
initiated and received or otherwise made is expressly authorized by and
placed in accordance with the laws of such State, and the State law or
regulations include--
(i) Age and location verification requirements reasonably designed
to block access to minors and persons located out of such State; and
(ii) Appropriate data security standards to prevent unauthorized
access by any person whose age and current location has not been
verified in accordance with such State's law or regulations; and
(3) The bet or wager does not violate any provision of--
(i) The Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et
seq.);
(ii) 28 U.S.C. chapter 178 (professional and amateur sports
protection);
(iii) The Gambling Devices Transportation Act (15 U.S.C. 1171 et
seq.); or
(iv) The Indian Gaming Regulatory Act (25 U.S.C. 2701 et seq.).
(t) Intratribal transaction means placing, receiving or otherwise
transmitting a bet or wager where--
(1) The bet or wager is initiated and received or otherwise made
exclusively--
(i) Within the Indian lands of a single Indian tribe (as such terms
are defined under the Indian Gaming Regulatory Act (25 U.S.C. 2703));
or
(ii) Between the Indian lands of two or more Indian tribes to the
extent that intertribal gaming is authorized by the Indian Gaming
Regulatory Act (25 U.S.C. 2701 et seq.);
(2) The bet or wager and the method by which the bet or wager is
initiated and received or otherwise made is expressly authorized by and
complies with the requirements of--
(i) The applicable tribal ordinance or resolution approved by the
Chairman of the National Indian Gaming Commission; and
(ii) With respect to class III gaming, the applicable Tribal-State
compact;
(3) The applicable tribal ordinance or resolution or Tribal-State
compact includes--
(i) Age and location verification requirements reasonably designed
to block access to minors and persons located out of the applicable
Tribal lands; and
(ii) Appropriate data security standards to prevent unauthorized
access by any person whose age and current location has not been
verified in accordance with the applicable tribal ordinance or
resolution or Tribal-State Compact; and
(4) The bet or wager does not violate any provision of--
(i) The Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et
seq.);
(ii) 28 U.S.C. chapter 178 (professional and amateur sports
protection);
(iii) The Gambling Devices Transportation Act (15 U.S.C. 1171 et
seq.); or
(iv) The Indian Gaming Regulatory Act (25 U.S.C. 2701 et seq.).
(u) Money transmitting business has the meaning given the term in
31 U.S.C. 5330(d)(1) (determined without regard to any regulations
prescribed by the Secretary of the Treasury thereunder).
(v) Operator of a designated payment system means an entity that
provides centralized clearing and delivery services between
participants in the designated payment system and maintains the
operational framework for the system. In the case of an automated
clearinghouse system, the term ``operator'' has the same meaning as
provided in the ACH Rules.

[[Page 69408]]

(w) Participant in a designated payment system means an operator of
a designated payment system, a financial transaction provider that is a
member of, or has contracted for financial transaction services with,
or is otherwise participating in, a designated payment system, or a
third-party processor. This term does not include a customer of the
financial transaction provider, unless the customer is also a financial
transaction provider otherwise participating in the designated payment
system on its own behalf.
(x) Reasoned legal opinion means a written expression of
professional judgment by a State-licensed attorney that addresses the
facts of a particular client's business and the legality of the
client's provision of its services to relevant customers in the
relevant jurisdictions under applicable federal and State law, and, in
the case of intratribal transactions, applicable tribal ordinances,
tribal resolutions, and Tribal-State compacts. A written legal opinion
will not be considered ``reasoned'' if it does nothing more than recite
the facts and express a conclusion.
(y) Restricted transaction means any of the following transactions
or transmittals involving any credit, funds, instrument, or proceeds
that the Act prohibits any person engaged in the business of betting or
wagering (which does not include the activities of a financial
transaction provider, or any interactive computer service or
telecommunications service) from knowingly accepting, in connection
with the participation of another person in unlawful Internet
gambling--
(1) Credit, or the proceeds of credit, extended to or on behalf of
such other person (including credit extended through the use of a
credit card);
(2) An electronic fund transfer, or funds transmitted by or through
a money transmitting business, or the proceeds of an electronic fund
transfer or money transmitting service, from or on behalf of such other
person; or
(3) Any check, draft, or similar instrument that is drawn by or on
behalf of such other person and is drawn on or payable at or through
any financial institution.
(z) State means any State of the United States, the District of
Columbia, or any commonwealth, territory, or other possession of the
United States, including the Commonwealth of Puerto Rico, the
Commonwealth of the Northern Mariana Islands, American Samoa, Guam, and
the Virgin Islands.
(aa) Third-party processor means a service provider that--
(1) In the case of a debit transaction payment, such as an ACH
debit entry or card system transaction, has a direct relationship with
the commercial customer that is initiating the debit transfer
transaction and acts as an intermediary between the commercial customer
and the first depository institution to handle the transaction;
(2) In the case of a credit transaction payment, such as an ACH
credit entry, has a direct relationship with the commercial customer
that is to receive the proceeds of the credit transfer and acts as an
intermediary between the commercial customer and the last depository
institution to handle the transaction; and
(3) In the case of a cross-border ACH debit or check collection
transaction, is the first service provider located within the United
States to receive the ACH debit instructions or check for collection.
(bb) Unlawful Internet gambling means to place, receive, or
otherwise knowingly transmit a bet or wager by any means which involves
the use, at least in part, of the Internet where such bet or wager is
unlawful under any applicable Federal or State law in the State or
Tribal lands in which the bet or wager is initiated, received, or
otherwise made. The term does not include placing, receiving, or
otherwise transmitting a bet or wager that is excluded from the
definition of this term by the Act as an intrastate transaction or an
intra-tribal transaction, and does not include any activity that is
allowed under the Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et
seq.; see Sec. ----.1(a)). The intermediate routing of electronic data
shall not determine the location or locations in which a bet or wager
is initiated, received, or otherwise made.
(cc) Wire transfer system means a system through which an
unconditional order to a bank to pay a fixed or determinable amount of
money to a beneficiary upon receipt, or on a day stated in the order,
is transmitted by electronic or other means through the network,
between banks, or on the books of a bank. When referring to wire
transfer systems, the terms in this regulation (such as ``bank,''
``originator's bank,'' ``beneficiary's bank,'' and ``intermediary
bank'') are defined as those terms are defined in 12 CFR part 210,
appendix B.

Sec. ----.3 Designated payment systems.

The following payment systems could be used by participants in
connection with, or to facilitate, a restricted transaction:
(a) Automated clearing house systems;
(b) Card systems;
(c) Check collection systems;
(d) Money transmitting businesses solely to the extent they
(1) Engage in the transmission of funds, which does not include
check cashing, currency exchange, or the issuance or redemption of
money orders, travelers' checks, and other similar instruments; and
(2) Permit customers to initiate transmission of funds transactions
remotely from a location other than a physical office of the money
transmitting business; and
(e) Wire transfer systems.

Sec. ----.4 Exemptions.

(a) Automated clearing house systems. The participants processing a
particular transaction through an automated clearing house system are
exempt from this regulation's requirements for establishing written
policies and procedures reasonably designed to prevent or prohibit
restricted transactions with respect to that transaction, except for--
(1) The receiving depository financial institution and any third-
party processor receiving the transaction on behalf of the receiver in
an ACH credit transaction;
(2) The originating depository financial institution and any third-
party processor initiating the transaction on behalf of the originator
in an ACH debit transaction; and
(3) The receiving gateway operator and any third-party processor
that receives instructions for an ACH debit transaction directly from a
foreign sender (which could include a foreign banking office, a foreign
third-party processor, or a foreign originating gateway operator).
(b) Check collection systems. The participants in a particular
check collection through a check collection system are exempt from this
regulation's requirements for establishing written policies and
procedures reasonably designed to prevent or prohibit restricted
transactions with respect to that check collection, except for the
depositary bank.
(c) Money transmitting businesses. The participants in a money
transmitting business are exempt from this regulation's requirements
for establishing written policies and procedures reasonably designed to
prevent or prohibit restricted transactions, except for the operator.
(d) Wire transfer systems. The participants in a particular wire
transfer through a wire transfer system are exempt from this
regulation's requirements for establishing written

[[Page 69409]]

policies and procedures reasonably designed to prevent or prohibit
restricted transactions with respect to that transaction, except for
the beneficiary's bank.

Sec. ----.5 Policies and procedures required.

(a) All non-exempt participants in designated payment systems shall
establish and implement written policies and procedures reasonably
designed to identify and block or otherwise prevent or prohibit
restricted transactions.
(b) A non-exempt financial transaction provider participant in a
designated payment system shall be considered to be in compliance with
the requirements of paragraph (a) of this section if--
(1) It relies on and complies with the written policies and
procedures of the designated payment system that are reasonably
designed to--
(i) Identify and block restricted transactions; or
(ii) Otherwise prevent or prohibit the acceptance of the products
or services of the designated payment system or participant in
connection with restricted transactions; and
(2) Such policies and procedures of the designated payment system
comply with the requirements of this part.
(c) For purposes of paragraph (b)(2) in this section, a participant
in a designated payment system may rely on a written statement or
notice by the operator of that designated payment system to its
participants that states that the operator has designed or structured
the system's policies and procedures for identifying and blocking or
otherwise preventing or prohibiting restricted transactions to comply
with the requirements of this part as conclusive evidence that the
system's policies and procedures comply with the requirements of this
part, unless the participant is notified otherwise by its Federal
functional regulator or, in the case of participants that are not
directly supervised by a Federal functional regulator, the Federal
Trade Commission.
(d) As provided in the Act, a person that identifies and blocks a
transaction, prevents or prohibits the acceptance of its products or
services in connection with a transaction, or otherwise refuses to
honor a transaction, shall not be liable to any party for such action
if--
(1) The transaction is a restricted transaction;
(2) Such person reasonably believes the transaction to be a
restricted transaction; or
(3) The person is a participant in a designated payment system and
blocks or otherwise prevents the transaction in reliance on the
policies and procedures of the designated payment system in an effort
to comply with this regulation.
(e) Nothing in this part requires or is intended to suggest that
designated payment systems or participants therein must or should block
or otherwise prevent or prohibit any transaction in connection with any
activity that is excluded from the definition of ``unlawful Internet
gambling'' in the Act as an intrastate transaction, an intratribal
transaction, or a transaction in connection with any activity that is
allowed under the Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et
seq.; see Sec. ---- .1(a)).
(f) Nothing in this part modifies any requirement imposed on a
participant by other applicable law or regulation to file a suspicious
activity report to the appropriate authorities.
(g) The requirement of this part to establish and implement written
policies and procedures applies only to the U.S. offices of
participants in designated payment systems.

Sec. ---- .6 Non-exclusive examples of policies and procedures.

(a) In general. The examples of policies and procedures to identify
and block or otherwise prevent or prohibit restricted transactions set
out in this section are non-exclusive. In establishing and implementing
written policies and procedures to identify and block or otherwise
prevent or prohibit restricted transactions, a non-exempt participant
in a designated payment system is permitted to design and implement
policies and procedures tailored to its business that may be different
than the examples provided in this section. In addition, non-exempt
participants may use different policies and procedures with respect to
different business lines or different parts of the organization.
(b) Due diligence. If a non-exempt participant in a designated
payment system establishes and implements procedures for due diligence
of its commercial customer accounts or commercial customer
relationships in order to comply, in whole or in part, with the
requirements of this regulation, those due diligence procedures will be
deemed to be reasonably designed to identify and block or otherwise
prevent or prohibit restricted transactions if the procedures include
the steps set out in paragraphs (b)(1), (b)(2), and (b)(3) of this
section and subject to paragraph (b)(4) of this section.
(1) At the establishment of the account or relationship, the
participant conducts due diligence of a commercial customer and its
activities commensurate with the participant's judgment of the risk of
restricted transactions presented by the customer's business.
(2) Based on its due diligence, the participant makes a
determination regarding the risk the commercial customer presents of
engaging in an Internet gambling business and follows either paragraph
(b)(2)(i) or (b)(2)(ii) of this section.
(i) The participant determines that the commercial customer
presents a minimal risk of engaging in an Internet gambling business.
(ii) The participant cannot determine that the commercial customer
presents a minimal risk of engaging in an Internet gambling business,
in which case it obtains the documentation in either paragraph
(b)(2)(ii)(A) or (b)(2)(ii)(B) of this section--
(A) Certification from the commercial customer that it does not
engage in an Internet gambling business; or
(B) If the commercial customer does engage in an Internet gambling
business, each of the following--
(1) Evidence of legal authority to engage in the Internet gambling
business, such as--
(i) A copy of the commercial customer's license that expressly
authorizes the customer to engage in the Internet gambling business
issued by the appropriate State or Tribal authority or, if the
commercial customer does not have such a license, a reasoned legal
opinion that demonstrates that the commercial customer's Internet
gambling business does not involve restricted transactions; and
(ii) A written commitment by the commercial customer to notify the
participant of any changes in its legal authority to engage in its
Internet gambling business.
(2) A third-party certification that the commercial customer's
systems for engaging in the Internet gambling business are reasonably
designed to ensure that the commercial customer's Internet gambling
business will remain within the licensed or otherwise lawful limits,
including with respect to age and location verification.
(3) The participant notifies all of its commercial customers,
through provisions in the account or commercial customer relationship
agreement or otherwise, that restricted transactions are prohibited
from being processed through the account or relationship.
(4) With respect to the determination in paragraph (b)(2)(i) of
this section, participants may deem the following commercial customers
to present a

[[Page 69410]]

minimal risk of engaging in an Internet gambling business--
(i) An entity that is directly supervised by a Federal functional
regulator as set out in Sec. ---- .7(a); or
(ii) An agency, department, or division of the Federal government
or a State government.
(c) Automated clearing house system examples.
(1) The policies and procedures of the originating depository
financial institution and any third party processor in an ACH debit
transaction, and the receiving depository financial institution and any
third party processor in an ACH credit transaction, are deemed to be
reasonably designed to identify and block or otherwise prevent or
prohibit restricted transactions if they--
(i) Address methods to conduct due diligence in establishing a
commercial customer account or relationship as set out in Sec. ----
.6(b);
(ii) Address methods to conduct due diligence as set out in Sec.
---- .6(b)(2)(ii)(B) in the event that the participant has actual
knowledge that an existing commercial customer of the participant
engages in an Internet gambling business; and
(iii) Include procedures to be followed with respect to a
commercial customer if the originating depository financial institution
or third-party processor has actual knowledge that its commercial
customer has originated restricted transactions as ACH debit
transactions or if the receiving depository financial institution or
third-party processor has actual knowledge that its commercial customer
has received restricted transactions as ACH credit transactions, such
as procedures that address--
(A) The circumstances under which the commercial customer should
not be allowed to originate ACH debit transactions or receive ACH
credit transactions; and
(B) The circumstances under which the account should be closed.
(2) The policies and procedures of a receiving gateway operator and
third-party processor that receives instructions to originate an ACH
debit transaction directly from a foreign sender are deemed to be
reasonably designed to prevent or prohibit restricted transactions if
they include procedures to be followed with respect to a foreign sender
if the receiving gateway operator or third-party processor has actual
knowledge, obtained through notification by a government entity, such
as law enforcement or a regulatory agency, that such instructions
included instructions for restricted transactions. Such procedures may
address sending notification to the foreign sender, such as in the form
of the notice contained in appendix A to this part.
(d) Card system examples. The policies and procedures of a card
system operator, a merchant acquirer, third-party processor, or a card
issuer, are deemed to be reasonably designed to identify and block or
otherwise prevent or prohibit restricted transactions, if the policies
and procedures--
(1) Provide for either--
(i) Methods to conduct due diligence--
(A) In establishing a commercial customer account or relationship
as set out in Sec. ---- .6(b); and
(B) As set out in Sec. ---- .6(b)(2)(ii)(B) in the event that the
participant has actual knowledge that an existing commercial customer
of the participant engages in an Internet gambling business; or
(ii) Implementation of a code system, such as transaction codes and
merchant/business category codes, that are required to accompany the
authorization request for a transaction, including--
(A) The operational functionality to enable the card system
operator or the card issuer to reasonably identify and deny
authorization for a transaction that the coding procedure indicates may
be a restricted transaction; and
(B) Procedures for ongoing monitoring or testing by the card system
operator to detect potential restricted transactions, including--
(1) Conducting testing to ascertain whether transaction
authorization requests are coded correctly; and
(2) Monitoring and analyzing payment patterns to detect suspicious
payment volumes from a merchant customer; and
(2) For the card system operator, merchant acquirer, or third-party
processor, include procedures to be followed when the participant has
actual knowledge that a merchant has received restricted transactions
through the card system, such as--
(i) The circumstances under which the access to the card system for
the merchant, merchant acquirer, or third-party processor should be
denied; and
(ii) The circumstances under which the merchant account should be
closed.
(e) Check collection system examples.
(1) The policies and procedures of a depositary bank are deemed to
be reasonably designed to identify and block or otherwise prevent or
prohibit restricted transactions, if they--
(i) Address methods for the depositary bank to conduct due
diligence in establishing a commercial customer account or relationship
as set out in Sec. ---- .6(b);
(ii) Address methods for the depositary bank to conduct due
diligence as set out in Sec. ---- .6(b)(2)(ii)(B) in the event that
the depositary bank has actual knowledge that an existing commercial
customer engages in an Internet gambling business; and
(iii) Include procedures to be followed if the depositary bank has
actual knowledge that a commercial customer of the depositary bank has
deposited checks that are restricted transactions, such as procedures
that address--
(A) The circumstances under which check collection services for the
customer should be denied; and
(B) The circumstances under which the account should be closed.
(2) The policies and procedures of a depositary bank that receives
checks for collection from a foreign banking office are deemed to be
reasonably designed to identify and block or otherwise prevent or
prohibit restricted transactions if they include procedures to be
followed by the depositary bank when it has actual knowledge, obtained
through notification by a government entity, such as law enforcement or
a regulatory agency, that a foreign banking office has sent checks to
the depositary bank that are restricted transactions. Such procedures
may address sending notification to the foreign banking office, such as
in the form of the notice contained in the appendix to this part.
(f) Money transmitting business examples. The policies and
procedures of an operator of a money transmitting business are deemed
to be reasonably designed to identify and block or otherwise prevent or
prohibit restricted transactions if they--
(1) Address methods for the operator to conduct due diligence in
establishing a commercial customer relationship as set out in Sec. --
-- .6(b);
(2) Address methods for the operator to conduct due diligence as
set out in Sec. ---- .6(b)(2)(ii)(B) in the event that the operator
has actual knowledge that an existing commercial customer engages in an
Internet gambling business;
(3) Include procedures regarding ongoing monitoring or testing by
the operator to detect potential restricted transactions, such as
monitoring and analyzing payment patterns to detect suspicious payment
volumes to any recipient; and
(4) Include procedures when the operator has actual knowledge that
a commercial customer of the operator has received restricted
transactions through the money transmitting business, that address--
(i) The circumstances under which money transmitting services
should be

[[Page 69411]]

denied to that commercial customer; and
(ii) The circumstances under which the commercial customer account
should be closed.
(g) Wire transfer system examples. The policies and procedures of
the beneficiary's bank in a wire transfer are deemed to be reasonably
designed to identify and block or otherwise prevent or prohibit
restricted transactions if they--
(1) Address methods for the beneficiary's bank to conduct due
diligence in establishing a commercial customer account as set out in
Sec. ---- .6(b);
(2) Address methods for the beneficiary's bank to conduct due
diligence as set out in Sec. ---- .6(b)(2)(ii)(B) in the event that
the beneficiary's bank has actual knowledge that an existing commercial
customer of the bank engages in an Internet gambling business;
(3) Include procedures to be followed if the beneficiary's bank
obtains actual knowledge that a commercial customer of the bank has
received restricted transactions through the wire transfer system, such
as procedures that address
(i) The circumstances under which the beneficiary bank should deny
wire transfer services to the commercial customer; and
(ii) The circumstances under which the commercial customer account
should be closed.

Sec. ---- .7 Regulatory enforcement.

The requirements under this part are subject to the exclusive
regulatory enforcement of--
(a) The Federal functional regulators, with respect to the
designated payment systems and participants therein that are subject to
the respective jurisdiction of such regulators under section 505(a) of
the Gramm-Leach-Bliley Act (15 U.S.C. 6805(a)) and section 5g of the
Commodity Exchange Act (7 U.S.C. 7b-2); and
(b) The Federal Trade Commission, with respect to designated
payment systems and participants therein not otherwise subject to the
jurisdiction of any Federal functional regulators (including the
Commission) as described in paragraph (a) of this section.

Appendix A to Part ------Model Notice

[Date]
[Name of foreign sender or foreign banking office]
[Address]
Re: U.S. Unlawful Internet Gambling Enforcement Act Notice

Dear [Name of foreign counterparty]:

On [date], U.S. government officials informed us that your
institution processed payments through our facilities for Internet
gambling transactions restricted by U.S. law on [dates, recipients,
and other relevant information if available].
We provide this notice to comply with U.S. Government
regulations implementing the Unlawful Internet Gambling Enforcement
Act of 2006 (Act), a U.S. federal law. Our policies and procedures
established in accordance with those regulations provide that we
will notify a foreign counterparty if we learn that the counterparty
has processed payments through our facilities for Internet gambling
transactions restricted by the Act. This notice ensures that you are
aware that we have received information that your institution has
processed payments for Internet gambling restricted by the Act.
The Act is codified in subchapter IV, chapter 53, title 31 of
the U.S. Code (31 U.S.C. 5361 et seq.). Implementing regulations
that duplicate one another can be found at part 233 of title 12 of
the U.S. Code of Federal Regulations (12 CFR part 233) and part 132
of title 31 of the U.S. Code of Federal Regulations (31 CFR part
132).

By order of the Board of Governors of the Federal Reserve
System, November 12, 2008.
Robert deV. Frierson,
Deputy Secretary of the Board.

Dated: November 10, 2008.

By the Department of the Treasury.
Taiya Smith,
Executive Secretary.
[FR Doc. E8-27181 Filed 11-12-08; 4:15 pm]
BILLING CODE 6210-01-P; 4810-25-P