The payments ecosystem has become increasingly diverse in recent years, including not only processors and ISOs, but various types of payment facilitators, bill pay services, virtual wallets and digital currencies. New entrants to the payments business are often unaware of the various regulatory schemes that may govern their activities. In addition to federal consumer protection and anti money laundering and terrorist financing laws, many payments companies may be subject to state money service business laws.
One of the regulatory complexities of the payments business in the United States is keeping track of the differing regulatory schemes that cover money service businesses in each of the fifty states. Companies in various niches of the payments business may assume that because they are required to be licensed in one state where they do business, they are required to be licensed in all—or vice versa. In fact, the definitions and interpretations that govern who must be licensed vary from state to state. Likewise, compliance officers might logically assume that there is some uniformity in fees, bonding requirements and other rules from state to state. Here also, state laws and regulations vary widely. Even in states that have adopted the basic provisions of the Uniform Money Services Business Act, regulators have different ideas about how its terms should be interpreted.
If a company transmits money abroad or between all or many states, there is no quick and dirty means to avoid tracking these various laws. One could simply assume that licensing is required in all states where the company does business and apply for a license everywhere. (You can skip Montana, which has no money service business statute or regulations, but simply requires registration as a business with the Montana Secretary of State.) But this approach entails the risk that you might be spending significant unnecessary resources in, for example, California, which has the most detailed and complex regulatory scheme in the country, but also has a narrow definition of money transmitter. Further, every state has its own reporting requirements, some states have unique disclosure requirements, some allow posting of other security in lieu of bonds while others do not, and license renewal periods and fees vary widely among states.
Following are four broad areas that compliance officers should focus on in analyzing a firm’s responsibilities under state laws:
- The most basic question in each state is, “do we need to be licensed here?” Answering this question requires three basic steps. First, look to whether the activities the company engages in fall within the state’s statutory or regulatory definition of a money service business, money transmitter business or check cashing business. Published opinions and orders of the applicable state regulator sometimes provide additional guidance. This is not always a simple question and counsel generally should be consulted if there is any doubt. Even if states use identical or similar language to define these terms, state regulators often differ in their interpretations. One state defines “check cashing” so broadly as to include most payment processing. In other states, the term applies to the traditional storefront check cashing businesses. Sometimes it is appropriate to request an opinion from the regulator.
- Next, look to the specific exemptions. Federally chartered banks, thrifts and credit unions are generally exempted, but in some states out of state banks are not. Once again, the states are not uniform in the businesses they decide to exempt from licensing. One state (Massachusetts) only requires money transmitters that do foreign transmissions to be licensed.
- Assuming your business needs to be licensed in a particular state, focus on the license application requirements. Most state laws not only require that the information you provide be accurate when you apply, but that you update that information whenever there is a material change, such as when your in-state sales increase or decrease significantly. Accordingly, your compliance management system must track all this information.
- Most states also require that applicants post security, usually in the form of a bond, although many states also permit alternative specified forms of security. The amounts required vary greatly from state to state and change from time to time or based upon the amount of payments outstanding in the state. It is important that your compliance management system track these requirements.
- It is also important to check the license renewal requirements. Many states require the license to be renewed ever year or every two years. Failure to renew timely can bring sanctions by the regulator.
- Application, renewal and examination fees and costs vary greatly from state to state. Failure to pay timely can result in suspension of a license and resulting sanctions for doing business without a license.
Authorized Delegates, Agents and Vendors
- States use different terms for these counterparties (referred to here as “Authorized Delegates”), which are the businesses with which money transmitters contract to sell their services. The term originally encompassed retail outlets such as Western Union sites or AMEX travelers’ check sellers, but could include on line entities, such as bill payer services, that interface directly with consumers.
- In most cases, these retail outlets do not need to be licensed, but they generally do need to be listed by the licensee in reports to the regulator.
- Most states have statutes and regulations that govern Authorized Delegates and require the actual licensees to oversee their operations. The same laws often impose specific provisions that must be included in contracts between licensees and their Authorized Delegates.
- Many states require fees for each Authorized Delegate or vary the size of the licensing fees based upon the number of Authorized Delegates.
- Examiners will focus on how well the licensee’s compliance management system ensures compliance by Authorized Delegates with applicable rules and regulations. In other words, the regulators look to the licensee to enforce the rules among the parties that deal directly with the public. These compliance responsibilities cannot be contracted away.
Reporting and Disclosures
- States typically require periodic and special reports from licensees. There will always be an annual report, which includes financial statements and calculation of in-state business volume. Many states also require quarterly reports that update some of the annual information. In addition, special reports regarding material changes in information supplied in the application or of proposed changes in control are required.
- Once again, the states are not uniform in their reporting requirements. For example, definitions of change in control vary from state to state, meaning that a purchase of stock that would not trigger a report in one state might trigger a report in another. For this reason, the reporting requirements for every state in which a money transmitter does business must be tracked and triggers established in the compliance management system to ensure reports are generated when required.
- Some states have disclosure rules requiring certain information to be included in advertisements or posted on web sites or in physical locations. Typically this information involves fees and costs that may be charged for transmission services, but in some cases the rules also specify matters such as type size and location. As these requirements vary from state to state, the compliance program must keep track of them wherever the company does business.
- Another common requirement is that all customers be provided receipts that include certain information specified by statute or regulation. Money transmitters should be aware of these requirements and ensure that Authorized Delegates are complying with them.
Record-keeping and Examinations
- Every state in which a money transmitter is licensed conditions the license upon the right of state regulators to examine the company. An examination can involve the review of records; interviews of employees, executives or board members; and observation of operations.
- The cost of an examination is generally billed directly to the licensee based upon published hourly charges for examiners’ time and actual expenses. Many states conduct joint examinations in order to reduce duplication of effort.
- Regulators typically adjust the frequency and scope of examinations based upon the perceived risks posed by the licensee. Larger transmitters will, therefore, be examined more often than smaller ones. Transmitters that facilitate payments to or from businesses or individuals that regulators believe pose higher risks of consumer fraud, money laundering or terrorist financing may also expect more frequent and intrusive examinations than companies that avoid these lines of business.
- Well organized, complete and easily accessible records are key to a successful examination. Ideally, most or all of the relevant records are stored digitally and can be supplied to examiners remotely. By limiting the time examiners must spend on-site in the licensee’s or in authorized delegates’ facilities the expense of an examination can be reduced and the burden on executives and employees minimized.
- Most state regulatory schemes (in addition to the applicable federal laws) provide specific record retention guidance, including minimum retention periods for various classes of documents. It is important for these requirements to be incorporated into compliance management systems of licensees and their authorized delegates.
- Employees should be trained to deal courteously and cooperatively with examiners. In most states, examiners have the right to interview any employee, although they generally provide notice to management and attempt to minimize disruption to the workflow. Examiners my also visit the licensee’s facilities and observe operations.
- Employees should be counseled that examiners are simply doing their jobs and that any complaints or concerns about their actions should be communicated to higher management. The main attribute examiners look for among employees is evidence of a compliance culture, in which all employees understand the rules applicable to their jobs and are proud to demonstrate how they are complying.
- Executives and other employees should be aware that regulators are subject to confidentiality laws designed to prevent release of business confidential information revealed to examiners. These laws provide protection against attempts by third parties to access this information, including providing defenses to claims that privilege has been waived as to documents disclosed to and communications with examiners. To obtain the maximum benefit from these laws, licensees should be sure to provide appropriate markings on all confidential documents supplied to regulators and to emphasize the confidentiality of sensitive information that may be provided orally.