1028.210—Anti-money laundering programs for operators of credit card systems.
(a) Anti-money laundering program requirement.
Effective July 24, 2002, each operator of a credit card system shall develop and implement a written anti-money laundering program reasonably designed to prevent the operator of a credit card system from being used to facilitate money laundering and the financing of terrorist activities. The program must be approved by senior management. Operators of credit card systems must make their anti-money laundering programs available to the Department of the Treasury or the appropriate Federal regulator for review.
(b) Minimum requirements.
At a minimum, the program must:
(1)
Incorporate policies, procedures, and internal controls designed to ensure the following:
(i)
That the operator does not authorize, or maintain authorization for, any person to serve as an issuing or acquiring institution without the operator taking appropriate steps, based upon the operator's money laundering or terrorist financing risk assessment, to guard against that person issuing the operator's credit card or acquiring merchants who accept the operator's credit card in circumstances that facilitate money laundering or the financing of terrorist activities;
(ii)
For purposes of making the risk assessment required by paragraph (b)(1)(i) of this section, the following persons are presumed to pose a heightened risk of money laundering or terrorist financing when evaluating whether and under what circumstances to authorize, or to maintain authorization for, any such person to serve as an issuing or acquiring institution:
(A)
A foreign shell bank that is not a regulated affiliate, as those terms are defined in § 1010.605(g) and (n) of this Chapter;
(B)
A person appearing on the Specially Designated Nationals List issued by Treasury's Office of Foreign Assets Control;
(C)
A person located in, or operating under a license issued by, a jurisdiction whose government has been identified by the Department of State as a sponsor of international terrorism under 22 U.S.C. 2371 ;
(D)
A foreign bank operating under an offshore banking license, other than a branch of a foreign bank if such foreign bank has been found by the Board of Governors of the Federal Reserve System under the Bank Holding Company Act (12 U.S.C. 1841, et seq.) or the International Banking Act (12 U.S.C. 3101, et seq.) to be subject to comprehensive supervision or regulation on a consolidated basis by the relevant supervisors in that jurisdiction;
(E)
A person located in, or operating under a license issued by, a jurisdiction that has been designated as noncooperative with international anti-money laundering principles or procedures by an intergovernmental group or organization of which the United States is a member, with which designation the United States representative to the group or organization concurs; and
(F)
A person located in, or operating under a license issued by, a jurisdiction that has been designated by the Secretary of the Treasury pursuant to 31 U.S.C. 5318A as warranting special measures due to money laundering concerns;
(iii)
That the operator is in compliance with all applicable provisions of subchapter II of chapter 53 of title 31, United States Code and this chapter;
(2)
Designate a compliance officer who will be responsible for assuring that:
(i)
The anti-money laundering program is implemented effectively;
(ii)
The anti-money laundering program is updated as necessary to reflect changes in risk factors or the risk assessment, current requirements of this chapter, and further guidance issued by the Department of the Treasury; and
(iii)
Appropriate personnel are trained in accordance with paragraph (b)(3) of this section;
(3)
Provide for education and training of appropriate personnel concerning their responsibilities under the program; and
(4)
Provide for an independent audit to monitor and maintain an adequate program. The scope and frequency of the audit shall be commensurate with the risks posed by the persons authorized to issue or accept the operator's credit card. Such audit may be conducted by an officer or employee of the operator, so long as the reviewer is not the person designated in paragraph (b)(2) of this section or a person involved in the operation of the program.