The Federal Reserve and the Treasury issued a final rule to implement the portions of the Unlawful Internet Gambling Enforcement Act (“Act”) relating to payment systems and their participants.

The Act prohibits gambling organizations from accepting payments in connection with unlawful Internet gambling. Such payments are termed "restricted transactions." The Act also requires the FED to prescribe regulations requiring designated payment systems and their participants to establish policies and procedures reasonably designed to identify and block restricted transactions.

The underpinning of the Act requires payment systems such as card systems and their participants to establish and implement written policies and procedures reasonably designed to identify and block restricted transactions concerning credit card, debit card, pre-paid card, or stored value card.

CARD PROCESSING: The Act includes two non-exclusive examples whereby policies and/or procedures maybe deployed for purposes of complying with the rules:

1. Provide for the implementation of a code system, such as transaction codes and merchant/business category codes, that are required to accompany the authorization request for a transaction, including:

a. The operational functionality to enable the card system operator or the card issuer to reasonably identify and deny authorization for a transaction that the coding procedure indicates may be a restricted transaction; and

b. Procedures for ongoing monitoring or testing by the card system operator to detect potential restricted transactions, including: (i) conducting testing to determine whether authorization requests are properly coded; and (ii) monitoring and analyzing payment patterns to detect suspicious payment volumes from a merchant.

2. For the card system operator, merchant acquirer, or third-party processor, include procedures to be followed when the participant has actual knowledge that a merchant has received restricted transactions through the card system, such as:

a. The circumstances under which the access to the card system for the merchant, merchant acquirer, or third-party processor should be denied; and

b. The circumstances under which the merchant account should be closed.

Exemptions: The Act does not exempt from compliance any designated payment system in its entirety, but rather exempts certain participants in the ACH, check collection, and wire transfer systems. With respect to domestic transactions, the Act exempts all participants in these systems except for a participant that would have a customer relationship with an Internet gambling business.

Cross-Border Transactions: The Act places the responsibility on U.S. payment system participants that send transactions to, or receive transactions from, foreign institutions to establish policies and procedures reasonably designed to prevent these restricted transactions. For example, a U.S. correspondent bank could require in its account agreement that foreign institutions have policies and procedures in place to avoid sending restricted transactions to the U.S. participant.

Over-blocking: The Act’s over-blocking provisions stipulate that nothing in the regulation is intended to suggest that payment systems or their participants must or should block transactions explicitly excluded from the definition of unlawful Internet gambling.

Black-List: The Act and/or regulators have opted-out of creating a black list to identify the names of merchants alleged in illegal Internet gambling activity.
Intermediaries: The Act does not specifically address how a payment card system should handle transactions with payment intermediaries, such as when a card is used to fund an electronic account (e.g., PayPal) and the account is used to pay an Internet casino.

Under the Act, financial institutions may rely upon a written statement and/or notice from their service provider if: (i) it relies on and complies with the written policies and procedures of the card system that are reasonably designed to identify and block restricted transactions (or, in the alternative, reasonably designed to deny access to the system to Internet casinos that may submit restricted transactions); and (ii) such policies and procedures of the system comply with the Act.

Regulators anticipate that the written statement by a service provider will provide sufficient evidence of compliance. If upon review, a regulator determines that a service provider policies and/or procedures are deficient under the Act, the regulator must work with the service provider to correct any deficiency. If a service provider is unable and/or unwilling to correct the deficiency, the regulators and/or service provider would be required to notify the financial institution that they can no longer rely upon the service provider policies and procedures for compliance of the Act.

Compliance Dates: The Act is effective on January 19, 2009; compliance with the Act is not mandatory until December 1, 2009.