[Federal Register Volume 73, Number 223 (Tuesday, November 18, 2008)]
[Rules and Regulations]
[Pages 69382-69411]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-27181]



[[Page 69381]]


-----------------------------------------------------------------------

Part III





Federal Reserve System





-----------------------------------------------------------------------



12 CFR Part 233



-----------------------------------------------------------------------





Department of the Treasury





-----------------------------------------------------------------------

31 CFR Part 132



-----------------------------------------------------------------------



Prohibition on Funding of Unlawful Internet Gambling; Final Rules

  Federal Register / Vol. 73, No. 223 / Tuesday, November 18, 2008 / 
Rules and Regulations  

[[Page 69382]]


-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

12 CFR Part 233

[Regulation GG; Docket No. R-1298]

DEPARTMENT OF THE TREASURY

31 CFR Part 132

RIN 1505-AB78

Prohibition on Funding of Unlawful Internet Gambling

AGENCIES: Board of Governors of the Federal Reserve System and 
Departmental Offices, Department of the Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This document is published jointly by the Departmental Offices 
of the Department of the Treasury (the ``Treasury'') and the Board of 
Governors of the Federal Reserve System (the ``Board'') (collectively, 
the ``Agencies'') to adopt a final rule to implement applicable 
provisions of the Unlawful Internet Gambling Enforcement Act of 2006 
(the ``Act''). The final rule sets out definitions for terms used in 
the regulation; designates payment systems that could be used by 
participants in connection with, or to facilitate, a restricted 
transaction; exempts certain participants in certain designated payment 
systems from the requirement of the regulation; requires the 
participants performing non-exempt functions in a designated payment 
system to establish and implement policies and procedures reasonably 
designed to prevent or prohibit restricted transactions, such as by 
identifying and blocking such transactions; provides non-exclusive 
examples of policies and procedures for non-exempt participants in each 
designated payment system; and sets out the regulatory enforcement 
framework. In developing this rule, the Agencies have consulted with 
the Department of Justice, as required by the Act, and have taken into 
consideration all comments received on the proposed rule issued in 
October 2007.

DATES: Final rule is effective January 19, 2009. The incorporation by 
reference of the publication listed in the final rule is approved by 
the Director of the Federal Register as of January 19, 2009. However, 
compliance by non-exempt participants in designated payment systems is 
not required until December 1, 2009.

FOR FURTHER INFORMATION CONTACT:
    Board: Christopher W. Clubb, Senior Counsel (202/452-3904), Legal 
Division; Jeffrey S. Yeganeh, Manager, or Joseph Baressi, Financial 
Services Project Leader (202/452-3959), Division of Reserve Bank 
Operations and Payment Systems; for users of Telecommunication Devices 
for the Deaf (TDD) only, contact 202/263-4869.
    Treasury: Charles Klingman, Director, Office of Critical 
Infrastructure Protection and Compliance Policy; or Steven D. Laughton, 
Senior Counsel, Office of the Assistant General Counsel (Banking & 
Finance), 202/622-9209.

SUPPLEMENTARY INFORMATION:

I. Background

Unlawful Internet Gambling Enforcement Act

    The Act prohibits any person engaged in the business of betting or 
wagering (as defined in the Act) from knowingly accepting payments in 
connection with the participation of another person in unlawful 
Internet gambling. Such transactions are termed ``restricted 
transactions.'' The Act generally defines ``unlawful Internet 
gambling'' as placing, receiving, or otherwise knowingly transmitting a 
bet or wager by any means which involves the use, at least in part, of 
the Internet where such bet or wager is unlawful under any applicable 
Federal or State law in the State or Tribal lands in which the bet or 
wager is initiated, received, or otherwise made. The Act states that 
its provisions should not be construed to alter, limit, or extend any 
Federal or State law or Tribal-State compact prohibiting, permitting, 
or regulating gambling within the United States.\1\ The Act does not 
spell out which activities are legal and which are illegal, but rather 
relies on the underlying substantive Federal and State laws.\2\
---------------------------------------------------------------------------

    \1\ 31 U.S.C. 5361(b).
    \2\ See H. Rep. No. 109-412 (pt. 1) p. 10.
---------------------------------------------------------------------------

    The Act requires the Agencies (in consultation with the U.S. 
Attorney General) to designate payment systems that could be utilized 
in connection with or to facilitate restricted transactions. Such a 
designation makes the payment system, and financial transaction 
providers participating in the system, subject to the requirements of 
the regulations. The Act further requires the Agencies (in consultation 
with the U.S. Attorney General) to prescribe regulations requiring 
designated payment systems and financial transaction providers 
participating in each designated payment system to establish policies 
and procedures reasonably designed to identify and block or otherwise 
prevent or prohibit restricted transactions. The regulations must 
identify types of policies and procedures that would be deemed to be 
reasonably designed to achieve this objective, including non-exclusive 
examples. The Act also requires the Agencies to exempt certain 
restricted transactions or designated payment systems from any 
requirement imposed by the regulations if the Agencies jointly 
determine that it is not reasonably practical to identify and block, or 
otherwise prevent or prohibit the acceptance of, such transactions.

Overview of the Proposed Rule

    In October 2007, the Agencies jointly issued, and requested public 
comment on, a Notice of Proposed Rulemaking (``NPRM'') to implement the 
Act.\3\ The proposed rule provided definitions of terms used in the 
regulation, many of which followed or referred to definitions set out 
in the Act or other existing regulatory or statutory definitions. The 
proposed rule did not attempt to further define gambling-related terms 
because the Act itself does not specify which gambling activities are 
legal or illegal and relies on prohibitions contained in statutes that 
are not under the jurisdiction of the Agencies. Application of some of 
the terms used in the Act may depend significantly on the facts of 
specific transactions such that general regulatory definitions would 
not be appropriate.
---------------------------------------------------------------------------

    \3\ 72 FR 56680 (Oct. 4, 2007).
---------------------------------------------------------------------------

    The proposed rule designated the following payment systems as 
payment systems that could be used in connection with unlawful Internet 
gambling transactions restricted by the Act: Automated clearing house 
systems; card systems; check collection systems; money transmitting 
businesses; and wire transfer systems. The proposed rule required 
participants in these designated payment systems to establish and 
implement written policies and procedures reasonably designed to 
identify and block or otherwise prevent or prohibit transactions in 
connection with unlawful Internet gambling.
    The proposed rule also exempted from the requirements to establish 
such policies and procedures all participants in the automated clearing 
house systems, check collection systems, and wire transfer systems, 
except for the participant that possesses the customer relationship 
with the Internet gambling business (and certain participants that 
receive certain cross-border transactions from, or send certain such 
transactions to, foreign payment service providers) because the 
Agencies believed that it was not reasonably practical for those 
participants to identify and block, or otherwise prevent or prohibit, 
unlawful

[[Page 69383]]

Internet gambling transactions restricted by the Act. The Agencies 
intended that the participant with the customer relationship with the 
Internet gambling business would have the responsibility in the ACH 
systems, check collection systems, or wire transfer systems to prevent 
or prohibit restricted transactions from being credited to the account 
of the gambling business through that particular payment system.
    Finally, the proposed rule described types of policies and 
procedures that non-exempt participants in each type of designated 
payment system could adopt in order to comply with the Act and included 
non-exclusive examples of policies and procedures that would be deemed 
to be reasonably designed to prevent or prohibit restricted 
transactions. The non-exclusive examples included special procedures 
for cross-border transactions in ACH systems, check collection systems, 
and wire transfer systems.
    The Agencies requested comment on all aspects of the proposed rule, 
as well as detailed questions regarding specific aspects of the rule 
within each section.

Overview of Public Comments

    The Agencies received comments from about 225 members of the 
public, including approximately 125 consumers, 40 depository 
institutions and associations thereof, 20 gambling-related entities, 10 
public-policy advocacy groups, 10 payment system operators and money 
transmitters, and 20 others, including Federal agencies and members of 
Congress.\4\ In addition to the following overview, specific comments 
are discussed in more detail in the portions of the section-by-section 
analysis that describe particular provisions.
---------------------------------------------------------------------------

    \4\ The comment letters and conference call summaries cited 
herein are available on the Board's public Web site at: http://www.federalreserve.gov/generalinfo/foia/index.cfm?doc_id=R%2D1298&doc_ver=1.
---------------------------------------------------------------------------

    Comments related to the Act. About 65 commenters directly addressed 
the Act itself. Of these, approximately 35 commenters, almost all 
consumers, expressed disapproval of the Act. Consumers generally 
thought that the Act represents an inappropriate governmental intrusion 
into the personal choices that individuals make and that the government 
should not devote resources attempting to prevent Internet gambling. A 
portion of these commenters further noted that the government might 
wish to legalize, regulate, and tax Internet gambling, thereby helping 
provide appropriate safeguards and protections for consumers while also 
potentially increasing the government's revenues. Conversely, about 20 
commenters, about evenly split between consumers and public-policy 
advocacy groups, expressed support for the Act on the grounds that 
gambling causes harm. These commenters noted that gambling via the 
Internet is of particular concern because it is anonymous and can be 
done within the home at any time of day or night. Additionally, about 
10 commenters expressed concern that the Act will exacerbate the U.S.'s 
difficulties with the World Trade Organization (WTO) related to 
Internet gambling, and suggested that the Agencies refrain from 
implementing the Act until the related WTO matter is resolved.\5\ The 
Agencies believe that these comments relate to the public policy issue 
of the merits of the Act itself and are outside the rulemaking process. 
The Agencies' duty is to carry out their responsibilities to promulgate 
implementing regulations required by the Act and that is the focus of 
this rulemaking.
---------------------------------------------------------------------------

    \5\ See, e.g., comment letter from David S. Orkin (Dec. 2, 2007) 
p. 1.
---------------------------------------------------------------------------

    Comments related to the proposed rule. About 20 commenters, almost 
all of them depository institutions and associations of depository 
institutions, noted that notwithstanding the Agencies' efforts to craft 
a reasonable rule, the proposed regulation would be unduly burdensome 
and would result in compliance costs greater than any offsetting 
societal benefit. Several of these commenters stated that the rule 
would adversely affect the competitiveness of the U.S. payments system, 
and that the Agencies should be cognizant of the potential for the Act 
and similar laws to cumulatively cause capital flight and erode the 
U.S. dollar's status as the world's reserve currency. More broadly, 
these commenters also questioned whether the payments system is the 
appropriate mechanism by which to enforce prohibitions on Internet 
gambling. Some of these commenters argued that the responsibility for 
enforcing gambling laws should lie with Federal and State law 
enforcement authorities and that, operationally, the preferable way to 
prevent unlawful Internet gambling may be for the government to work 
with telecommunications providers to impede gambling Web sites' access 
to the Internet.
    About 50 commenters, primarily consumers and gambling-related 
entities, expressed concern regarding the rule's applicability to poker 
and similar games. These commenters referred to the definition of ``bet 
or wager,'' and argued that poker is a game predominantly of skill and 
should be excluded from the scope of the definition.
    About 30 commenters, primarily depository institutions and 
associations thereof, as well as a few members of Congress and 
gambling-related entities, expressed concern regarding the proposed 
rule's definition of ``unlawful Internet gambling.'' Banks stated that 
the definition's lack of specificity would result in higher costs 
associated with complying with the rule. Some members of Congress and 
gambling-related interests found the vagueness of the definition to be 
so problematic as to raise free-speech, fundamental-fairness, and 
Administrative Procedure Act concerns.
    About 40 commenters responded to the Agencies' request for comment 
on whether to incorporate within the rule a list of unlawful Internet 
gambling businesses. About 35 commenters of various types--depository 
institutions and associations thereof, payment system operators and 
money transmitters, as well as public-policy groups--expressed support 
for such a list, generally on the grounds that it would reduce the cost 
of complying with the rule, but some of these commenters noted that the 
list might not prevent restricted transactions. About five commenters, 
all of which were payment system participants or associations thereof, 
opposed a list on the grounds that it would not be effective.

II. Final Rule

Overview

    After carefully considering the comments, the Agencies have adopted 
a final rule to implement the Act. In accordance with the Act, the 
Agencies have consulted with the Department of Justice during the 
development of the final rule. The Agencies also conducted further 
outreach to gather information on the issues raised in the public 
comments.
    The final rule shares some fundamental characteristics with the 
approach presented in the proposed rule. First, for example, the final 
rule retains the focus on a due diligence process in establishing and 
maintaining a commercial customer relationship as the core policy and 
procedure that the participants in designated payment systems other 
than card systems can choose to prevent or prohibit restricted 
transactions. As noted in the proposal, card systems are the only 
designated payment systems that use a merchant and transaction coding 
framework that

[[Page 69384]]

permits participants to identify and block, during processing, 
transactions with indicia of being restricted transactions. The other 
designated payment systems could choose to conduct due diligence in 
account-opening procedures designed to ensure that the commercial 
customer does not originate or receive restricted transactions through 
the customer relationship. The final rule also continues to place the 
responsibility for such due diligence on the participant that is 
establishing or maintaining the customer relationship with the 
commercial customer. In response to comments on the proposed rule, as 
discussed in more detail below, a new subsection ----.6(b) of the final 
rule provides additional guidance on due diligence steps participants 
can take for commercial customers to have reasonably designed policies 
and procedures to prevent or prohibit restricted transactions.
    The Act requires the Agencies to provide non-exclusive examples of 
reasonably designed policies and procedures to prevent restricted 
transactions, rather than establishing an absolute prohibition on 
processing any restricted transactions. The Agencies recognize the 
challenge that participants in designated payments systems will face in 
trying to prevent restricted transactions without unduly burdening 
their processing of lawful transactions, which make up the vast 
majority of payments processed. The Agencies believe that flexible, 
risk-based due diligence procedures at account opening, such as those 
set out in the final rule, present the best option for balancing these 
two interests.
    Similar to the proposed rule, the final rule does not contemplate 
that the Agencies, other government agencies, or any other entity will 
establish or publish a list of businesses known to be involved in 
unlawful Internet gambling. Although the Act does not require creation 
of a list of unlawful Internet gambling businesses, some commenters 
have suggested that the Agencies should create such a list and make it 
available to designated payment systems and their participants in order 
to permit them to block payments destined to those entities.\6\
---------------------------------------------------------------------------

    \6\ See, e.g., comment letter from Members of Congress of the 
United States (Sen. Kyl et al.) (Dec. 12, 2007) (hereinafter ``Kyl 
letter'') p. 2. See also H. Rep. No. 109-412, Part 1, p. 11.
---------------------------------------------------------------------------

    After carefully considering the public comments on this issue, the 
Agencies have concluded that such a list would not be effective or 
efficient. The first step in including a business on such a list would 
be to ensure that the particular business was, in fact, engaged in 
activities deemed to be unlawful Internet gambling under the Act. The 
Act, however, does not set out the precise activities that are covered 
by the term, but refers to activities that are unlawful under other 
Federal or State gambling laws for such determinations. Creating such a 
list would require the Agencies to formally interpret those laws that 
are written and enforced by other entities, such as State legislatures 
and law enforcement agencies. Accordingly, interpretations by the 
Agencies in these areas may not be determinative in defining the Act's 
legal coverage and could set up conflicts or confusion with 
interpretations by the entities that actually enforce those laws. In 
addition, the Agencies do not believe that a list of businesses that 
engage in unlawful Internet gambling would necessarily be effective or 
efficient in preventing unlawful activity because the payment 
transactions would not necessarily be made payable to the business's 
listed name.\7\ Even where the business's listed name is used on the 
transaction, some payment systems do not process the transaction based 
on the payee name.\8\ Also, to the extent that Internet gambling 
businesses can change their payments information with relative ease and 
speed, such a list would be outdated quickly. Finally, the Agencies 
believe that appropriate due diligence conducted by participants 
opening accounts would be the most effective method for preventing 
unlawful Internet gambling businesses from gaining access to the 
payment system directly through U.S. accounts. The suggested due 
diligence procedures discussed in this final rule are designed to 
target that relationship.
---------------------------------------------------------------------------

    \7\ See, e.g., comment letter from MoneyGram Int'l (Dec. 11, 
2007) (herein ``neyGram letter'') p.3 (Internet gambling Web sites 
may direct payments to an individual, rather than the business's 
corporate name, and change these names frequently).
    \8\ For example, the automated processing equipment used to 
clear checks does not read the payee line on a typical consumer 
check.
---------------------------------------------------------------------------

    Moreover, the Act already provides for a course of action if 
government entities are aware of an unlawful Internet gambling Web 
site. The Act provides a procedure pursuant to which the U.S. Attorney 
General, State attorneys general, or other appropriate State officials 
may institute proceedings to have an unlawful Internet gambling Web 
site removed by the interactive computer service that provides access 
to that Web site.\9\ Accordingly, if government entities are aware of 
an unlawful Internet gambling Web site, the procedure provided by the 
Act for denying access to the Web site in its entirety could be used, 
rather than permitting access to the unlawful Internet gambling Web 
site to continue without interruption, while relying on the designated 
payment systems and their participants to block every transaction 
destined for the Internet gambling business operating the Web site.
---------------------------------------------------------------------------

    \9\ 31 U.S.C. 5365(c).
---------------------------------------------------------------------------

    Finally, the final rule, like the proposed rule, does not define 
``unlawful Internet gambling'' beyond the Act's definition. Numerous 
commenters addressed the implementation and compliance problems created 
by the Act's definition of ``unlawful Internet gambling'' and requested 
that the Agencies provide greater clarity regarding this term.\10\ The 
Agencies carefully considered these comments, as well as the challenges 
of creating a regulatory definition of a term encompassing the various 
Federal and State laws affecting Internet gambling. After consulting 
with the Department of Justice and representatives from the offices of 
several State attorneys general regarding this issue, the Agencies have 
determined that a single, regulatory definition of ``unlawful Internet 
gambling'' would not be practical.\11\ The Act's definition of 
``unlawful Internet gambling'' relies on underlying Federal and State 
gambling laws. The States have taken different approaches to the 
regulation of gambling within their jurisdictions and the structure of 
State gambling law varies widely, as do the activities that are 
permitted in each State. Accordingly, the underlying patchwork legal 
framework does not lend itself to a single regulatory definition of 
``unlawful Internet gambling.'' The Agencies have attempted to address 
the payments industry's desire for more certainty that would result 
from a precise regulatory definition of ``unlawful Internet gambling'' 
through the due diligence guidance provided in ----.6(b). The suggested 
due diligence process relies on State regulation of Internet gambling 
and imposes the burden of proof of legality of Internet gambling 
activities on the gambling business, rather than the designated payment 
systems and their participants.
---------------------------------------------------------------------------

    \10\ See, e.g., comment letter from the American Bankers 
Association (Dec. 12, 2007) (hereinafter ``ABA letter''), pp. 5-6.
    \11\ See summary of conference call with representatives of 
various State Attorneys General (call date July 9, 2008) p. 1.
---------------------------------------------------------------------------

    As discussed in detail below, the Agencies have modified the rules 
in various respects in response to the

[[Page 69385]]

comments received. Identical sets of the final rules are being adopted 
by the Board, to be published in Title 12 of the Code of Federal 
Regulations, and by the Treasury, to be published in Title 31 of the 
Code of Federal Regulations.\12\ The section numbers used in the 
analysis below have not changed from the proposed rule, but the 
subsection numbers may have changed because subsections have been 
added, deleted, or rearranged in response to public comments.
---------------------------------------------------------------------------

    \12\ The final rules adopted by the Board and the Treasury 
within their respective titles of the Code of Federal Regulations 
(12 CFR Part 233 for the Board and 31 CFR Part 132 for the Treasury) 
are identically numbered from Sec.  ----.1 to Sec.  ----.7. For ease 
of reference, the single set of final rules adopted by each Agency 
is referred to in this release as Section ----, excluding title and 
part designations. A similar format is used to refer to the single 
set of proposed rules issued by the Agencies.
---------------------------------------------------------------------------

Effective Date

    In the NPRM, the Agencies proposed that the final rule should take 
effect six months after the joint final rule was published, and 
requested comment on whether this period was reasonable. Some 
commenters, representing members of Congress, sports leagues, or 
gambling-related entities, suggested that six months was either an 
adequate implementation period or was too long. One or more of these 
commenters stated that they did not understand why participants would 
not be able to implement the final rule promptly, expressed concern 
about the harm a delayed effective date would have on certain gambling 
interests, and referenced the statutory deadline for the promulgation 
of a rule.\13\ Most commenters representing the financial industry 
suggested that this period was insufficient for financial transaction 
providers to develop and implement the necessary policies and 
procedures. In designated payment systems with operators, such as the 
ACH systems and the card systems, commenters were concerned that 
participants would have to wait until the operators developed and 
announced their policies and procedures before developing their own 
policies and procedures.\14\ These commenters suggested various periods 
for an adequate implementation period, ranging from 12 months to 24 
months.
---------------------------------------------------------------------------

    \13\ See, e.g., Kyl letter, supra note 6, at 2.
    \14\ See, e.g., comment letter from The Clearing House Assoc. 
LLC and its affiliates, The Clearing House Payments Co. LLC (Dec. 
12, 2007) (hereinafter ``The Clearing House letter'') p. 14.
---------------------------------------------------------------------------

    The Agencies have reviewed these comments and the concerns 
expressed about a delayed effective date, as well as the reasons given 
for the need for additional time. In response, the Agencies have 
decided to make the final rule effective approximately 60 days from the 
date of publication of the final rule in the Federal Register, and to 
establish a compliance date approximately 12 months from publication of 
the final rule.\15\
---------------------------------------------------------------------------

    \15\ The ``effective date'' is the date that the regulation 
affects or is added to the Code of Federal Regulations. The 
``compliance date'' is the date that regulated entities must be in 
compliance with the regulation. National Archives and Records 
Administration, Federal Register Document Drafting Handbook, pp. 2-
10 and 2-11 (Oct. 1998 rev.).
---------------------------------------------------------------------------

    Given the changes in the non-exclusive examples of policies and 
procedures which, if followed, would result in a reduction of 
compliance burden from the proposed rule to the final rule, the 
Agencies believe that non-exempt participants in designated payment 
systems certainly should not require more than 12 months to design and 
implement the necessary policies and procedures.\16\ The Agencies also 
believe, however, that the commenters have adequately demonstrated that 
six months may not be sufficient time for complying with the final 
rule. Accordingly, the final rule includes a compliance date of 
December 1, 2009, approximately 12 months from the date of publication 
of the final rule in the Federal Register.
---------------------------------------------------------------------------

    \16\ For example, the Agencies believe that the shifting of the 
burden of establishing whether an Internet gambling business is 
engaged in restricted transactions from the financial transaction 
providers to the Internet gambling businesses will minimize burden 
for participants.
---------------------------------------------------------------------------

Section-by-Section Analysis

Sec.  ----.1 Authority, Purpose, and Incorporation by Reference
    The Agencies did not receive any comments that explicitly requested 
changes to this section; however, the final rule does include three 
changes. First, subsection ----.1(a) has been revised to clarify that 
the final rule, consistent with the Act, is not intended to affect or 
interpret the interaction between existing Federal or State statutes, 
such as the Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et seq.) 
(IHA), and other Federal statutes. Specifically, as set out in 
subsection ----.1(a), the Act states that none of its provisions shall 
be construed as altering, limiting, or extending any Federal or State 
law or Tribal-State compact prohibiting, permitting, or regulating 
gambling within the United States.\17\ In addition, the Act states that 
its provisions are not intended to change the existing relationship 
between the IHA and other Federal statutes in effect on October 13, 
2006, the date of the Act's enactment, and are not intended to resolve 
any existing disagreements over how to interpret the relationship 
between the IHA and other Federal statutes.\18\ The final rule is 
intended to be consistent with these provisions and should not be 
construed to affect or interpret the interaction between the various 
underlying Federal and State statutes or Tribal-State compacts.
---------------------------------------------------------------------------

    \17\ 31 U.S.C. 5361(b).
    \18\ 31 U.S.C. 5362(10)(D)(iii).
---------------------------------------------------------------------------

    Second, a new subsection ----.1(c) has been added and states that 
requirements for the collection of information in the final rule have 
been approved under the Paperwork Reduction Act for the Department of 
the Treasury by the Office of Management and Budget (OMB) and by the 
Board pursuant to authority delegated to the Board by OMB. Finally, the 
reference to the automated clearing house rules incorporated by 
reference into the final rule has been updated to reflect the 2008 
rules published by the National Automated Clearing House Association 
(NACHA). For purposes of this final rule, there are no material 
differences between the 2008 NACHA rules and the 2007 NACHA rules that 
were incorporated by reference in the proposed rule. The Agencies will 
continue to update the reference to new rules issued by NACHA as 
appropriate if there are changes in the rules that are material to 
application of the final rule.
Sec.  ----.2 Definitions
    In general. In response to comments, the final rule contains 
several new or modified defined terms. As an initial matter, lead-in 
language for the entirety of Sec.  ----.2 was added to clarify that the 
definitions set out in the final rule are intended for use only with 
respect to the final rule and are not intended to be used in other 
contexts.
    Sec.  ----.2(a) Actual knowledge. The proposed rule included 
examples of remedial actions that a non-exempt participant could choose 
to take if it ``becomes aware'' that a commercial customer received 
restricted transactions through the participant's facilities or a 
foreign counterparty ``is found to have'' processed restricted 
transactions through the participant's facilities. Commenters objected 
to these terms as too vague to provide a basis for compliance programs 
and suggested that they should be replaced with more precise terms that 
could be implemented by compliance personnel and examined by 
regulators.\19\ In

[[Page 69386]]

response to these comments, a new definition for the term ``actual 
knowledge'' was added for use in the remedial action provisions of 
Sec.  ----.6. As described in more detail below, the Agencies revised 
the remedial action examples to include an ``actual knowledge'' 
standard similar to what some commenters suggested.\20\ As used in the 
final rule, the term ``actual knowledge'' includes information 
regarding a particular transaction or commercial customer that is known 
by or brought to the attention of compliance personnel of the 
participant responsible for that transaction or customer (which may be 
below officer level) or any officer of the participant. The Agencies 
expect that an employee at the officer level of a participant should be 
responsible for forwarding the information to the proper personnel 
within the organization.
---------------------------------------------------------------------------

    \19\ See, e.g., comment letter from Wells Fargo & Company (Dec. 
12, 2007) (hereinafter ``Wells Fargo letter''), pp. 15-16.
    \20\ Id. at 21-22.
---------------------------------------------------------------------------

    Sec.  ----.2(c) Bet or wager. The proposed rule contained a 
definition of the term ``bet or wager'' which followed the definition 
for that term contained in the Act.\21\ Specifically, the proposed rule 
defined the term, in pertinent part, to mean the staking or risking by 
any person of something of value upon the outcome of, among other 
things, ``a game subject to chance, upon an agreement or understanding 
that the person or another person will receive something of value in 
the event of a certain outcome.'' \22\ Similar to the Act, the proposed 
rule did not define gambling-related terms such as ``game subject to 
chance.'' The Agencies explained in the proposed rule that it was their 
preliminary view that issues regarding the scope of gambling-related 
terms should be resolved by reference to the underlying substantive 
State and Federal gambling laws and not by a general regulatory 
definition. The Agencies received about 40 comments related to the 
meaning of the term ``game subject to chance.''
---------------------------------------------------------------------------

    \21\ 31 U.S.C. 5362(1).
    \22\ NPRM, 72 FR at 56695.
---------------------------------------------------------------------------

    Commenters requested that the Agencies clarify that Congress did 
not intend for the Act to block lawful gaming transactions such as 
skill games, that the definition of ``unlawful Internet gambling'' does 
not include skill games, and that the system designed to stop the flow 
of funds to unlawful Internet gambling operations does not include 
businesses operating skill games on the Internet.\23\ Commenters also 
suggested application of a dominant factor test as a means of 
distinguishing a skill game from a game subject to chance.\24\ 
Commenters asserted that, under the dominant factor test, a game whose 
outcome is determined predominantly by chance would be a game subject 
to chance, and a game whose outcome is determined predominantly by 
skill would be a skill game not covered by the Act or the 
regulation.\25\ Commenters also stated that ``subject to chance'' is 
meant to cover games like roulette or slots where persons bet against 
the ``house'' and success is determined entirely by chance as opposed 
to games where individuals compete against one another with success 
over time being determined by skill.\26\ Commenters also asserted that 
poker is a game of skill and not of chance.\27\ Other commenters 
asserted that games like traditional poker and bridge are games subject 
to chance based on the ``luck of the draw'' via the random shuffling 
and dealing of cards.\28\ These commenters asserted that unlike 
traditional poker and bridge, games like duplicate poker and duplicate 
bridge are skill games, because the luck of the draw is completely 
eliminated.
---------------------------------------------------------------------------

    \23\ See e.g., comment letter from the Interactive Skill Games 
Association (Dec. 12, 2007), pp. 1 and 3.
    \24\ See e.g., comment letter from the Poker Players Alliance 
(Dec. 12, 2007) (hereinafter ``PPA letter''), p. 2.
    \25\ Id.
    \26\ See e.g., comment letter from Daniel W. Johnson (Oct. 16, 
2007), p. 1.
    \27\ See e.g., PPA letter, supra note 24, at 2.
    \28\ See e.g., comment letter from Nelson Mullins Riley & 
Scarborough LLP (Dec. 12, 2007) (hereinafter ``Nelson Mullins 
letter'') pp. 2-3.
---------------------------------------------------------------------------

    The Agencies believe that the characterization of each of the 
activities discussed above depends on the specific facts and 
circumstances. As noted above, the Agencies believe that questions 
regarding what constitutes unlawful Internet gambling should be 
resolved pursuant to the applicable Federal and State gambling laws. 
While there may be some games or contests conducted over the Internet 
that are not ``games subject to chance'' and, thus, not subject to the 
Act and the final rule, the Agencies believe that such issues are more 
appropriately resolved pursuant to the various underlying gambling laws 
than with a single regulatory definition.
    The Agencies note, however, that a careful reading of the statutory 
language of the Act may be instructive in discerning Congressional 
intent regarding what constitutes a ``game subject to chance.'' The Act 
defines the term ``bet or wager'' as including a ``game subject to 
chance.'' \29\ However, the Act also defines the term ``bet or wager'' 
as including the purchase of a chance or opportunity to win a lottery 
or other prize (which opportunity to win is predominantly subject to 
chance).'' \30\ The fact that Congress used ``subject to chance'' in 
one paragraph and ``predominantly subject to chance'' in the next 
paragraph in the same subsection suggests that Congress intended the 
element of chance in ``game subject to chance'' to be less than 
predominant. The Agencies believe that if Congress had intended chance 
to be the predominant factor in determining the outcome of a ``game 
subject to chance,'' Congress would have inserted the word 
``predominantly'' as it did subsequently in the same section. 
Therefore, even if chance is not the predominant factor in the outcome 
of a game, but was still a significant factor, the game could still be 
deemed to be a ``game subject to chance'' under a plain reading of the 
Act.
---------------------------------------------------------------------------

    \29\ 31 U.S.C. 5362(1)(A).
    \30\ 31 U.S.C. 5362(1)(B) (emphasis added).
---------------------------------------------------------------------------

    One commenter suggested that the Agencies consider developing a 
procedural mechanism by which Internet gambling businesses may apply 
for and obtain a certification from the Agencies that the Internet 
gambling businesses are engaged in lawful Internet gambling under 
applicable Federal and/or State law.\31\ The Agencies have decided 
against implementing such a certification process. Instead, the 
nonexclusive policies and procedures contained in the final rule and 
discussed further below provide for an analogous procedural mechanism 
whereby the responsibility of determining which gambling activities are 
lawful is retained with the authorities enforcing the underlying 
gambling laws. Specifically, participants in designated payment systems 
may choose to follow the due diligence process in Sec.  ----.6(b) of 
the final rule's non-exclusive examples whereby they can rely on 
licenses issued by the appropriate gambling authorities as evidence 
that a commercial customer's Internet gambling activities are lawful. 
If a commercial customer does not have such a license, the participant 
may request that the unlicensed Internet gambling business provide a 
reasoned legal opinion that it does not engage in restricted 
transactions. If a participant has questions or concerns regarding the 
reasoned legal opinion, it should verify (or have the commercial 
customer verify) the conclusions presented in the reasoned legal 
opinion with the appropriate licensing authority.
---------------------------------------------------------------------------

    \31\ Nelson Mullins letter, supra note 28, at 2 and 6.
---------------------------------------------------------------------------

    Sec.  ----.2(d) Block. A new definition for the term ``block'' was 
added to the final

[[Page 69387]]

rule in response to comments that suggested that there was confusion 
among participants over the meaning of the term.\32\ This term is used 
in the Act and the proposed rule imported it from the statutory 
language. As defined in the final rule, the term ``block'' means to 
reject a transaction before or during processing and is not intended to 
require freezing the funds. The funds would remain in or be returned to 
the original account and could be accessed by the accountholder for 
other purposes.
---------------------------------------------------------------------------

    \32\ See, e.g., The Clearing House letter, supra note 14, at 13.
---------------------------------------------------------------------------

    Sec.  ----.2(f) Card system. The final rule includes revisions to 
the definition of ``card system'' included in the proposed rule in 
response to a comment that requested that the definition be clarified 
to cover both a card system model in which the merchant acquirer, the 
card network, and the card issuer are separate entities, as well as a 
model in which one company (such as American Express) owns the card 
processing network and is responsible for two or more major functions 
involved in issuing cards and acquiring merchants to accept the 
cards.\33\ The NPRM discussed both card system models and the proposed 
rule made no distinction between the two.\34\ In order to remove any 
ambiguity, the final rule clarifies that both models are covered by the 
term ``card system'' in the final rule.
---------------------------------------------------------------------------

    \33\ See, e.g., comment letter from Bank of America (Dec. 12, 
2007) pp. 2-3.
    \34\ NPRM, 72 FR 56680, 56684 n.10.
---------------------------------------------------------------------------

    Sec.  ----.2(i) Commercial customer. A new definition for the term 
``commercial customer'' was added to the final rule in response to 
comments that suggested that the final rule should clarify that the 
regulation was focused on due diligence procedures relating to 
commercial customers, rather than consumer accounts.\35\ As noted 
above, other than for payment systems with a transaction coding 
functionality, the Agencies are suggesting that the efforts of 
participants in designated payment systems be focused on preventing 
restricted transactions primarily through due diligence on commercial 
customers. The Agencies have revised the provisions of the regulation 
to provide more clarity on this point. To facilitate this, a definition 
of the term ``commercial customer'' was added to the final rule.
---------------------------------------------------------------------------

    \35\ See, e.g., comment letter from Howrey, LLP, on behalf of 
The Money Services Round Table (Dec. 6, 2007) (hereinafter ``TMSRT 
letter'') pp. 5-6.
---------------------------------------------------------------------------

    Sec.  ----.2(o) Foreign banking office. A new definition of the 
term ``foreign banking office'' was included in the final rule for use 
in the remedial action provisions in Sec.  ----.6 for cross-border 
transactions. The definition clarifies that a foreign office of a U.S. 
bank and a non-U.S. office of a foreign banking organization are both 
considered a ``foreign banking office'' for purposes of the final rule. 
The non-exclusive examples of reasonably designed policies and 
procedures include special provisions with respect to transactions and 
relationships between a U.S. office of a participant in a designated 
payment system and a foreign banking office. The new term for ``foreign 
banking office'' was included to facilitate those provisions.
    Sec.  ----.2(r) Internet gambling business. The final rule includes 
a new definition of the term ``Internet gambling business'' to 
facilitate use of the expanded example of due diligence of commercial 
customers. (Under the due diligence example, a participant would assess 
the risk of a customer being engaged in an ``Internet gambling 
business'' and would take certain steps based on that assessment.) The 
term contains elements of the Act's definition of the term ``unlawful 
Internet gambling,'' but includes both lawful and unlawful activities. 
The new term excludes the customary activities of a financial 
transaction provider, or any interactive computer service or 
telecommunications service, similar to the Act's exclusions from the 
term ``business of betting or wagering.''
    Sec.  ----.2(v) Operator. Some commenters requested clarification 
of the exemptions and responsibilities of different participants in a 
payment system under the examples of reasonably designed policies and 
procedures to prevent restricted transactions.\36\ The final rule 
defines the term ``operator'' of a designated payment system to mean an 
entity that provides centralized clearing and delivery services between 
participants in the designated payment system and maintains the 
operational framework for the system and includes an ACH operator as 
defined in the NACHA rules. This definition works in conjunction with 
the clarifying changes to the exemptions and revisions, discussed 
below. For example, the operator of a money transmitting business is 
responsible for establishing the policies and procedures, while in an 
ACH system, the operator is generally granted an exemption.
---------------------------------------------------------------------------

    \36\ See, e.g., ABA letter, supra note 10, at 3-4.
---------------------------------------------------------------------------

    Sec.  ----.2(x) Reasoned legal opinion. The final rule includes a 
new definition for the term ``reasoned legal opinion'' to facilitate 
use of the expanded due diligence guidance that has been added to Sec.  
----.6(b). As explained in more detail below, in certain situations, a 
participant may ask a commercial customer for a ``reasoned legal 
opinion'' that its Internet gambling business does not involve 
restricted transactions. The Agencies added this term to provide more 
guidance on the type of legal opinion that would be considered 
adequate. The definition is based in part on the American Bar 
Association standards for a legal opinion.\37\
---------------------------------------------------------------------------

    \37\ See ``Third-Party Legal Opinion Report, Including the Legal 
Opinion Accord, of the Section of Business Law,'' American Bar 
Association, 47 Bus. Law. 167 (1991).
---------------------------------------------------------------------------

    Sec.  ----.2(y) Restricted transaction. Several commenters asked 
the Agencies to clarify that the definition of ``restricted 
transaction'' would not apply to funds going to a consumer (i.e., a 
gambler), as opposed to funds going to a commercial customer (i.e., an 
Internet gambling business).\38\ The Act defines ``restricted 
transaction'' in Sec.  5362(7) as ``any transaction * * * which the 
recipient is prohibited from accepting under section 5363.'' In turn, 
Sec.  5363 provides that ``[n]o person engaged in the business of 
betting or wagering may knowingly accept'' a payment ``in connection 
with the participation of another person in unlawful Internet 
gambling.'' Under the final rule, the term ``restricted transaction'' 
would not include funds going to a gambler, and would only include 
funds going to an Internet gambling business.
---------------------------------------------------------------------------

    \38\ See, e.g., comment letter from the National Automated 
Clearing House Association (Dec. 13, 2007) (hereinafter ``NACHA 
letter''), p. 2.
---------------------------------------------------------------------------

    Sec.  ----.2(aa) Third party processor. A new definition for the 
term ``third party processor'' was added to the final rule in response 
to comments that suggested the final rule should clarify the 
responsibilities of processors under the Act.\39\ The new definition 
clarifies that a processor with a direct customer relationship with the 
originator of a debit transfer transaction or the receiver of a credit 
transfer transaction, and which acts as an intermediary between the 
originator (or receiver) and the depository institution is a ``third 
party processor'' and covered by the regulation. A processor providing 
back-office support to a depository institution is not covered by the 
final rule, but the depository institution should ensure that such a 
processor complies with the depository institution's policies. The term 
``third party processor'' has also been added to the definition of 
``participant in a designated payment system'' and, as discussed in 
Sec.  ----.6, ``third party processors'' are responsible for 
establishing reasonably designed

[[Page 69388]]

policies and procedures in certain circumstances.
---------------------------------------------------------------------------

    \39\ See, e.g., comment letter from U.S. Central Federal Credit 
Union (Dec. 6, 2007) p. 3.
---------------------------------------------------------------------------

Sec.  ----.3 Designated Payment Systems
    The final rule's list of designated payment systems subject to the 
regulation differs from the list presented in the proposed rule only 
with respect to the designation for money transmitting businesses. The 
proposed rule included the definitions of ``money transmitting 
business'' and ``money transmitting service'' set out in the Act. The 
proposed rule designated ``money transmitting businesses'' as payment 
systems subject to the regulation. Commenters noted that, as defined in 
the Act, ``money transmitting business'' included check cashers, 
currency exchangers or entities which issue or redeem money orders or 
travelers checks.\40\ For purposes of the Act, the Agencies do not 
believe that entities should be brought under the final rule's 
designation of ``money transmitting business'' and become subject to 
the final rule's provisions solely by virtue of engaging in check 
cashing, currency exchange, or the issuance or redemption of money 
orders, travelers' checks, and other similar instruments. Such 
activities could not be used for Internet gambling on an efficient 
basis. Accordingly, in order to address this comment, the Agencies 
revised the designation to read money transmitting businesses solely to 
the extent that they ``engage in the transmission of funds, which does 
not include check cashing, currency exchange, or the issuance or 
redemption of money orders, travelers' checks, and other similar 
instruments.'' Entities that would be included in the statutory term 
``money transmitting business'' solely by virtue of engaging in check 
cashing, currency exchange, or the issuance or redemption of money 
orders, travelers' checks, and other similar instruments, but without 
engaging in the transmission of funds, would not be a participant in a 
designated payment system under the final rule.
---------------------------------------------------------------------------

    \40\ E.g., TMSRT letter, supra note 35, at 2; see also Wells 
Fargo letter, supra note 19, at 24-25.
---------------------------------------------------------------------------

    After reviewing comments and conducting further outreach, the 
Agencies have also revised the designation to include only those money 
transmitting businesses that engage in the transmission of funds and 
permit customers to initiate money transmission transactions remotely 
from a location other than a physical office of the money transmitting 
business.\41\ Money transmitting businesses that require senders to 
come to a physical office location to initiate transactions would not 
be attractive payment arrangements through which Internet businesses, 
including Internet gambling businesses, could obtain payments from the 
general public. The Agencies do not believe that such arrangements 
could reasonably be used for Internet gambling on a scale that would be 
useful or efficient for the Internet gambling business due to their 
lack of broad public accessibility. The Agencies believe that money 
transmitting businesses that do not permit remote initiation of 
transactions, such as through a website, are primarily focused on 
serving a narrow population or geographic area, such as would be the 
case in arrangements where a particular population in the United States 
is sending money to relatives in their home country.
---------------------------------------------------------------------------

    \41\ See summary of conference call with The National Money 
Transmitters Assoc. (call date June 3, 2008) (hereinafter ``NMTA 
call summary''), p. 1.
---------------------------------------------------------------------------

    A few commenters cited ``900-number'' payment schemes, and, while 
not providing any information regarding how these schemes work, 
requested that the Agencies look into them and ensure they are covered 
by the regulation as appropriate.\42\ The Agencies have researched 
these schemes and believe that the schemes would fit the Act's and 
rule's definition of a money transmitting business if located within 
the United States. Operators of the 900-number schemes appear to use 
either a card payment or an ACH debit to obtain funds from the payor 
(the caller) and, separately, to use either a check or an ACH credit to 
send funds to the payee (the merchant that subscribes to the 900-number 
service, i.e., the entity receiving the 900-number call). The model 
appears analogous to that employed by PayPal (which identifies itself 
as a money transmitting service, and has obtained numerous Federal and 
State licenses in that regard), except that the operator of the 900-
number scheme uses the phone network instead of the Internet for 
communications purposes, and uses phone numbers instead of email 
addresses to identify payors and payees using the system. Accordingly, 
such schemes located in the United States would be included in the 
money transmitting business designated payment system set forth in 
Sec.  ----.3(d) of the rule, and non-exempt participants in these 
systems, such as the operator, would be expected to adopt policies and 
procedures reasonably designed to prevent or prohibit restricted 
transactions if located in the United States.
---------------------------------------------------------------------------

    \42\ See, e.g., comment letter from the National Football 
League, Major League Baseball, National Basketball Association, 
National Hockey League, and National Collegiate Athletic Association 
(Dec. 12, 2007) (hereinafter ``NFL letter''), p. 5.
---------------------------------------------------------------------------

Sec.  ----.4 Exemptions
    In general. Under the proposed rule, in designated payment systems 
other than card systems, the primary responsibility for establishing 
reasonably designed policies and procedures to prevent restricted 
transactions was placed on the participant that established and 
maintained the customer relationship with the commercial recipient of 
the funds (i.e., the Internet gambling business). The proposed rule 
provided exemptions for other specified participants in the ACH, check 
clearing, and wire transfer systems. Commenters noted that, while 
listing the exempt participants in each designated payment system may 
be the functional equivalent of exempting all participants except for 
the participant with the customer relationship with the Internet 
gambling business, it could define the exempt participants too 
narrowly.\43\ In a payment transaction, there may be numerous 
intermediary servicers that do not have access to information on the 
commercial recipient and should be exempted. In addition, as commenters 
noted, as payment systems evolve, new intermediary participants could 
enter the transaction stream, but not be exempted because they were not 
specifically listed in Sec.  ----.4. Commenters recommended reworking 
the text of Sec.  ----.4 to make it clear that all participants in 
designated payment systems are exempt, except for the participant that 
possesses the customer relationship with the Internet gambling 
business. In response to these comments, Sec.  ----.4 has been revised 
to exempt every participant in a designated payment system, except the 
participants that have specific responsibilities in the non-exclusive 
examples in Sec.  ----.6, which, in most cases, will be the participant 
with the relationship with the commercial customer.\44\ Various 
participants would

[[Page 69389]]

have responsibilities under the non-exclusive examples for card systems 
in Sec.  ----.6 if card systems and their participants choose to adopt 
them.
---------------------------------------------------------------------------

    \43\ See, e.g., ABA letter, supra note 10, at 3.
    \44\ Some commenters suggested that even an exempt participant 
should be required to block a transaction in cases where the 
participant has actual knowledge that it is a restricted 
transaction. E.g., NFL letter, supra note 42, at 5. In an automated 
payment system, it is unclear how an exempt participant would have 
actual knowledge that a particular transaction is a restricted 
transaction while in process. In addition, the final rule expressly 
states that it does not modify any requirement imposed on a 
participant by other applicable law or regulation to file a 
suspicious activity report to the appropriate authorities. If any 
participant suspects that a customer is processing illegal 
transactions, including restricted transactions, through the 
participant's facilities, the participant should file a suspicious 
activity report with the appropriate authorities.
---------------------------------------------------------------------------

    Sec.  ----.4(a), (b), and (d) Exemptions for ACH, check, and wire 
systems. Some commenters suggested that the final rule should provide a 
blanket exemption for ACH, check collection, and wire transfer systems 
in their entirety because these systems, unlike card systems, do not 
have the functionality necessary to code transactions and 
merchants.\45\ While such an approach would certainly reduce the burden 
of the rule, it would substantially undermine the efficacy of the rule 
and the Act. Moreover, the final rule's non-exclusive examples for ACH, 
check collection, and wire transfer systems do not contemplate that 
non-exempt participants would identify individual transactions as 
restricted transactions. Rather, the final rule's non-exclusive 
examples contemplate that a participant would conduct risk-based due 
diligence of commercial customers at account opening, and when it has 
actual knowledge that a commercial customer is engaged in an Internet 
gambling business, to determine the risk the commercial customer 
presents of engaging in restricted transactions.\46\ The Agencies 
believe that this approach is reasonably practical for non-exempt 
participants in the ACH, check collection, and wire transfer systems 
and, accordingly, that a blanket exemption for these systems in their 
entirety would not be appropriate under the Act.
---------------------------------------------------------------------------

    \45\ E.g., comment letter from Manufacturers and Traders Trust 
Co. (M&T Bank) (Dec. 11, 2007) (hereinafter ``M&T Bank letter''), p. 
4. Some commenters similarly suggested that ACH, check collection, 
and wire transfer systems should not be listed as designated payment 
systems for similar reasons. See, e.g., Wells Fargo letter, supra 
note 19, at 7.
    \46\ One commenter acknowledged that a bank could perhaps 
identify customers engaged in illegal Internet gambling by 
conducting enhanced due diligence at account opening, but stated 
that having to conduct enhanced due diligence at each account 
opening would be a significant burden on banks and customers alike. 
See comment letter from Compass Bank (Dec. 6, 2007), pp. 4-5.
---------------------------------------------------------------------------

    Some commenters suggested exempting all U.S. participants 
processing cross-border transactions, because these participants do not 
have a direct customer relationship with Internet gambling businesses 
located abroad.\47\ The final rule exempts U.S. participants processing 
outbound cross-border credit transactions (i.e., ACH credits and wire 
transfers) because there are no reasonably practical steps that a U.S. 
participant could take to prevent their consumer customers from sending 
restricted transactions cross-border.\48\ Specifically, the automated 
systems associated with ACH credit and wire transfers do not typically 
include information that would allow U.S. participants to identify and 
block restricted transactions. The Agencies also considered a process 
described in the NPRM that would involve customers describing the 
nature of the transaction and/or stating whether the transaction 
involves Internet gambling. However, the Agencies determined that such 
a process would be unduly burdensome for U.S. participants with little 
corresponding benefit because U.S. customers may mischaracterize the 
nature of the transaction and the participant would generally be unable 
to determine whether the customer's characterization of the transaction 
is accurate. As discussed in greater detail below, however, the final 
rule does not exempt U.S. participants receiving cross-border debit 
transactions (i.e., ACH debits and check collections). Also, there are 
no exemptions for cross-border transactions in card systems.
---------------------------------------------------------------------------

    \47\ See e.g., ABA letter, supra note 10 at 4.
    \48\ The final rule does not exempt the operator of a money 
transmitting business with respect to cross-border transactions, 
another form of credit transaction, because the operator of the 
system typically signs up commercial customers and can perform due 
diligence on those customers.
---------------------------------------------------------------------------

    Exemptions for certain card systems. One commenter suggested that 
the final rule should exempt gift cards entirely from the regulation 
and exempt stored-value cards or, at a minimum, exempt stored value 
cards below a threshold amount.\49\ The commenter stated that such 
cards have not previously been subject to government regulation and 
such card systems do not have policies and procedures in place to track 
or limit the type of use of the card by the purchaser.\50\ The 
commenter also stated that the burden of imposing a new regulation on 
entities acting as a card system operator, a merchant acquirer, or a 
card issuer is likely to be substantial. The Agencies considered this 
comment, but determined that the concerns were addressed by the final 
rule. The final rule's non-exclusive examples for card systems are 
based on coding frameworks that have already been instituted by the 
operators of the major ``open'' card systems, such as Visa, MasterCard, 
and American Express. If a card system is a ``closed loop'' system, the 
cards can only be used at the merchants belonging to the ``closed 
loop'' system. So long as Internet gambling businesses cannot accept 
these cards, the burden of this rule would be minimal, although the 
non-exempt participants in these systems would still have to comply 
with the rule's requirement to have reasonably designed policies and 
procedures in place. Accordingly, the Agencies determined that a 
blanket exemption for stored value products and gift cards was not 
appropriate.
---------------------------------------------------------------------------

    \49\ See comment letter from Alston & Bird LLP (Dec. 12, 2007) 
(hereinafter ``Alston & Bird letter''), pp. 14-17.
    \50\ The commenter also questions whether the proposed rule 
required issuers, seller, and redeemers of gift cards to have 
reasonably designed policies and procedures to prevent restricted 
transactions. Id. at 15. As explained above, the only participants 
in card systems that are contemplated by the final rule's non-
exclusive examples to have policies and procedures are the operator, 
card issuer, third-party processor, and merchant acquirer. Retailers 
that may sell pre-paid gift cards or stored value products of other 
issuers, such as grocery stores or convenience stores that sell gift 
cards for book stores, are not participants in a designated payment 
system, as defined by the final rule, and thus are not covered by 
the final rule.
---------------------------------------------------------------------------

    Another commenter questioned the application of the proposed rule 
to co-branded cards, where a depository institution issues the card, 
but a non-depository institution, such as a securities firm, has its 
name on the card.\51\ According to the commenter, the cards are usually 
issued to customers of the non-depository institution, but, in some co-
branded card arrangements, the non-depository institution may assist 
the card issuer in certain aspects of the program, such as performing 
sub-accounting, issuing statements and providing authorization 
services, under a servicing contract with the card issuer. The 
commenter argued that a securities firm should not be regarded as a 
participant in the card system simply because its name appears on the 
card or the securities firm provides services to the card issuer in 
support of the program. The Agencies believe that the final rule's non-
exclusive examples for card systems address these types of situations. 
The non-exclusive examples for card systems contemplate the 
implementation of a code system, such as transaction codes and 
merchant/business category codes to accompany the authorization request 
for a transaction. The code system should provide the operational 
functionality to enable the card system operator or the card issuer to 
reasonably identify and deny authorization for a transaction that the 
coding procedure indicates may be a restricted transaction.
---------------------------------------------------------------------------

    \51\ Comment letter from the Securities Industry and Financial 
Markets Association (Dec. 12, 2007), pp. 3-4.
---------------------------------------------------------------------------

    With respect to the commenter's question regarding the 
responsibilities of the co-branding securities firm under the non-
exclusive examples for card systems in Sec.  ----.6, the answer would 
depend on the facts presented. If the

[[Page 69390]]

card issuing bank receives the transaction authorization request with 
the required codes, it should implement its policies and procedures to 
deny authorization for a transaction with codes that indicate it may be 
a restricted transaction, without any involvement by the non-depository 
institution with its name on the card. If the card issuing bank has 
contracted with the co-branding non-depository institution to process 
authorization requests, the card issuing bank is responsible for 
ensuring that the co-branding non-depository institution is properly 
following the card issuing bank's policies and procedures regarding 
restricted transactions.
    Sec.  ----.4(c) Money transmitting business. The proposed rule did 
not contain any exemptions for participants in a money transmitting 
business. Commenters suggested that ``send'' agents of money 
transmitting businesses should be exempted from the rule's requirements 
because, like the originating institution in an ACH credit or a wire 
transfer, the ``send'' agent does not have a direct relationship with 
the commercial customer receiving the funds transmission and would not 
be in a position to collect information to identify restricted 
transactions.\52\ In response to these comments, the Agencies have 
determined to exempt all send agents in a money transmitting business. 
In fact, the final rule includes an exemption for all participants in a 
money transmitting business, except for the operator. If an entity 
acted as both a send agent and the operator in a money transmitting 
business, the entity would not be exempted from the final rule by 
virtue of acting as the operator.
---------------------------------------------------------------------------

    \52\ See, e.g., TMSRT letter, supra note 35, at 3.
---------------------------------------------------------------------------

Sec.  ----.5 Policies and Procedures Required
    Sec.  ----.5 Section title. In the proposed rule, the title of 
Sec.  ----.5 was ``Processing of restricted transactions prohibited.'' 
One commenter suggested that the title of Sec.  ----.5 in the proposed 
rule be revised to more accurately reflect what the section actually 
does.\53\ In fact, the requirement in Sec.  ----.5 is to establish and 
implement reasonably designed policies and procedures to identify and 
block or otherwise prevent or prohibit restricted transactions, rather 
than impose a strict liability standard. The title of Sec.  ----.5 in 
the final rule has been revised accordingly to read ``Policies and 
procedures required.''
---------------------------------------------------------------------------

    \53\ See, e.g., comment letter from MasterCard Worldwide (Dec. 
12, 2007) (hereinafter ``MasterCard letter'') p. 2.
---------------------------------------------------------------------------

    Sec.  ----.5(b) Reliance on system policies and procedures. The 
proposed rule incorporated the Act's provisions permitting a 
participant in a designated payment system to comply with the Act's 
requirement to establish policies and procedures by relying on and 
complying with the policies and procedures of the designated payment 
system if the system's policies and procedures complied with the 
requirements of the regulation. This would likely be applicable to 
operator-driven systems, such as card systems. The Act does not 
indicate how a participant is to determine whether a system's policies 
and procedures comply with the regulation, and yet, makes such a 
determination a requirement for compliance under this provision. 
Commenters noted the significant problems and burden that would be 
imposed on participants in determining whether a system's policies and 
procedures complied with the regulation in order to rely on them.\54\
---------------------------------------------------------------------------

    \54\ See, e.g., comment letter from the Office of the 
Comptroller of the Currency (Dec. 12, 2007) (hereinafter 
``Comptroller letter'') pp. 2-3.
---------------------------------------------------------------------------

    In response to these comments and to provide participants with a 
bright-line standard for knowing when they could rely on this provision 
for compliance with the regulation, the Agencies revised the rule to 
expressly permit participants in a designated payment system to rely on 
a written statement or notice by the operator of the designated payment 
system to its participants that states that the operator has designed 
or structured its policies and procedures to comply with the 
regulation. Such a statement or notice will be deemed to provide a 
justifiable basis for the participant to assume that the system's 
policies and procedures comply with the requirements of the final rule, 
unless and until the participant is notified otherwise by the Federal 
agency that has enforcement authority over that participant under Sec.  
----.7. The Agencies anticipate that such a statement or notice will 
provide a common understanding for all parties (i.e., the system 
operator, the other participants, and the regulator) that the Federal 
functional regulators will review the operator's policies and 
procedures and that the participants, many of which may be small 
businesses, will not be criticized by the regulators if they comply 
with the operator's policies and procedures, even though the regulators 
may subsequently deem the operator's policies and procedures to be 
deficient. If, upon review, the regulators determine that the 
operator's policies and procedures are deficient under the regulation, 
the Agencies expect that the regulators will work with the operator to 
correct the deficiency. If the operator is unable or unwilling to 
correct the deficiency, the Agencies expect that the regulators or the 
system operator would notify the participants that they can no longer 
rely on the operator's policies and procedures.
    Sec.  ----.5(d) Liability protection. As noted in the NPRM, the 
proposed rule imported the Act's provisions protecting persons from 
liability for identifying and blocking, preventing or prohibiting the 
acceptance of its products or services in connection with a 
transaction, or otherwise refusing to honor a transaction if (i) the 
transaction is a restricted transaction, (ii) such person reasonably 
believed the transaction to be a restricted transaction, or (iii) the 
person is a participant in a designated payment system and prevented 
the transaction in reliance on the policies and procedures of a 
designated payment system, in an effort to comply with the regulation. 
Some commenters suggested that the final rule expand these provisions 
to provide protection from liability in specific scenarios.\55\ The 
Agencies considered these comments, but do not believe that expanding 
the liability protections in the regulation is appropriate. The Act's 
liability protection provisions address liability to a counterparty 
that may arise under other statutes (such as State commercial laws) 
from the failure of a participant in a designated payment system to 
complete a transaction. The Agencies do not believe that the Act 
authorizes them to expand or modify, by regulation, the scope of the 
protection from liability that the Act itself provides with respect to 
these other statutes.\56\ The liability protection provisions in the 
final rule are limited to application of the final rule. The scope of 
the Act's liability protection with respect to other statutes should be 
determined by the entities that enforce those statutes. Accordingly, 
the final rule retains the scope of the liability protection provisions 
from the proposed rule.
---------------------------------------------------------------------------

    \55\ See, e.g., comment letter from First Data Corporation (Dec. 
12, 2007) p. 3.
    \56\ A commenter also requested that the Agencies include the 
Act's liability protection provisions verbatim from the statutory 
language. See MasterCard letter, supra note 53, at 3. The commenter 
was unclear as to whether the liability protection in the proposed 
rule matched the breadth of content of the Act's provision. As noted 
above, the Agencies intended to import the Act's liability 
protections from the Act and only modified the language for 
grammatical purposes to insert into the regulation.
---------------------------------------------------------------------------

    Sec.  ----.5(e) Overblocking. The Act requires that the Agencies 
ensure that transactions in connection with any

[[Page 69391]]

activity excluded from the Act's definition of ``unlawful Internet 
gambling'' are not blocked or otherwise prevented or prohibited by the 
prescribed regulations (the ``overblocking provision'').\57\ As noted 
in the NPRM, the proposed rule implemented this provision by making 
clear that nothing in the regulation requires or is intended to suggest 
that participants should block or otherwise prevent or prohibit any 
transaction in connection with any activity that is excluded from the 
definition of ``unlawful Internet gambling'' in the Act. In the NPRM, 
the Agencies noted that they believed that the Act does not provide the 
Agencies with the authority to require designated payment systems or 
participants therein to process any gambling transactions if the system 
or participant decides for business reasons not to process such 
transactions.
---------------------------------------------------------------------------

    \57\ 31 U.S.C. 5364(b)(4).
---------------------------------------------------------------------------

    Some commenters agreed with the Agencies' approach to the 
overblocking provision presented in the proposed rule.\58\ One 
commenter noted that any regulation that would require participants in 
designated payment systems to process certain types of transactions 
would ``significantly alter the business practices of many financial 
transaction providers--including the issuers of significant numbers of 
payment cards who currently routinely decline authorization for all 
transactions on U.S.-issued cards coded as Internet gambling 
transactions.'' \59\ Conversely, some commenters representing gambling 
interests argued that the final rule should clarify that transactions 
related to interstate pari-mutuel wagering are not unlawful and need 
not be blocked.\60\ Some commenters suggested that the final rule 
should require designated payment systems to create a new merchant 
category code specifically for gambling transactions that are not 
prohibited by the Act.\61\
---------------------------------------------------------------------------

    \58\ See, e.g., comment letter from Visa U.S.A. Inc. (Dec. 12, 
2007) (hereinafter ``Visa letter'') p. 3; see also ABA letter, supra 
note 10, at 5.
    \59\ See MasterCard letter, supra note 53, at 4.
    \60\ See, e.g., comment letter from American Greyhound Racing, 
Inc. (Nov. 26, 2007), p. 2.
    \61\ See, e.g., comment letter from the National Thoroughbred 
Racing Association (Dec. 11, 2007), p. 2.
---------------------------------------------------------------------------

    The Agencies continue to believe that the Act does not provide them 
with the authority to require designated payment systems or 
participants therein to engage in any particular line of business or 
process any particular transactions.\62\ While card system operators 
certainly may create new merchant category codes that are useful for 
specific transactions and industries, that is a business decision that 
those operators must make. Accordingly, the Agencies continue to 
believe that the proposed rule's language adequately addressed the 
Act's overblocking provision and that language has been retained in the 
final rule.
---------------------------------------------------------------------------

    \62\ A principle of statutory construction is that a statute 
ought to be construed so that, if it can be prevented, no clause, 
sentence, or word shall be superfluous, void, or insignificant. As 
noted above, Sec.  5364(b)(4) of the Act directs the Agencies to 
ensure that transactions excluded from the Act's definition of 
``unlawful Internet gambling'' are not blocked or otherwise 
prevented or prohibited ``by the prescribed regulations.'' To 
interpret that provision as a requirement that designated payment 
systems and participants therein must process all transactions 
excluded from the definition of ``unlawful Internet gambling,'' even 
though they have made business decisions not to process such 
transactions, would render the words ``by the prescribed 
regulations'' meaningless.
---------------------------------------------------------------------------

    Sec.  ----.5(g) U.S. offices. Some commenters requested that the 
Agencies clarify that the scope of any final rule is limited to United 
States offices of participants in designated payment systems.\63\ The 
Agencies believe that the Act's restrictions apply only to transactions 
that are unlawful under applicable U.S. Federal or State law. The Act's 
definition of ``unlawful Internet gambling'' clearly states that it 
refers to a bet or wager that ``is unlawful under any applicable 
Federal or State law in the State or Tribal land in which the bet or 
wager is initiated, received, or otherwise made.'' \64\ Transactions 
that are wholly outside the United States (i.e., when all parties and 
financial transaction providers to the transaction are outside the 
United States) would not violate such laws. As discussed below, while 
the Agencies expect U.S. participants to implement policies and 
procedures for certain cross-border transactions, the responsibility 
for implementing those policies and procedures would fall on the U.S. 
institution that handles the cross-border transaction. In order to 
provide the clarification requested by the comments, the final rule 
includes a new Sec.  ----.5(g) that states that the regulation's 
requirement to establish and implement reasonably designed policies and 
procedures applies only to the U.S. offices of participants in 
designated payment systems.
---------------------------------------------------------------------------

    \63\ See, e.g., Visa letter, supra note 58, at 4.
    \64\ 31 U.S.C. 5362(10).
---------------------------------------------------------------------------

Sec.  ----.6 Non-Exclusive Examples
    Several commenters suggested that the final rule should clarify the 
Agencies' intent that the non-exclusive examples provided in the 
proposed rule were focused on relationships with commercial customers 
and not with respect to consumer accounts.\65\ The Agencies recognize 
the problems with designing and implementing procedures focused on 
consumer accounts. For example, except for card systems, a participant 
would generally not know the purpose of a consumer transaction and 
often the payee information on a transaction, such as a check, is not 
in automated form. In response to the comments requesting clarification 
on this point, as a general matter, the non-exclusive examples in Sec.  
----.6 have been revised to make it clear in each instance that the 
policies and procedures to be implemented to prevent restricted 
transactions are with respect to commercial customer accounts only.
---------------------------------------------------------------------------

    \65\ See, e.g., ABA letter, supra note 10, at 4.
---------------------------------------------------------------------------

    Sec.  ----.6(b) Due diligence. As noted above and in the NPRM, most 
designated payment systems do not use formats that would permit 
participants to identify and block restricted transactions during 
payment processing.\66\ Accordingly, the proposed rule adopted the 
approach of using flexible, risk-based due diligence in the 
participants' account-opening and account-maintenance procedures for 
commercial customers to reduce the risk that the commercial customer 
would originate or receive restricted transactions through its 
commercial relationship with the participant. The proposed rule also 
suggested that participants could include as a term of a commercial 
customer agreement that the customer may not engage in restricted 
transactions.
---------------------------------------------------------------------------

    \66\ See, e.g., Wells Fargo letter, supra note 19, at 8.
---------------------------------------------------------------------------

    Commenters raised several issues regarding these provisions. 
Commenters expressed concern that the guidance provided was not 
detailed enough.\67\ Commenters requested that the flexible risk-based 
due diligence approach described in the preamble to the NPRM be 
included in the final rule to facilitate participant compliance.\68\ 
Commenters also expressed concerns with including a term in a 
commercial customer agreement prohibiting restricted transactions 
because the commercial customer may not have the information necessary 
to determine whether a transaction is a restricted transaction. These 
commenters stated that revising millions of commercial customer 
agreements to include such a provision would be burdensome and

[[Page 69392]]

impractical.\69\ Commenters suggested that commercial customers engaged 
in an Internet gambling business should demonstrate to their financial 
transaction providers that the commercial customers are not engaged in 
unlawful Internet gambling in order to shift the burden of 
distinguishing lawful from unlawful Internet gambling from the 
financial transaction providers to the Internet gambling 
businesses.\70\
---------------------------------------------------------------------------

    \67\ See, e.g., comment letter from Branch Banking and Trust 
Company (Dec. 12, 2007) (hereinafter ``BB&T letter''), p. 2.
    \68\ See, e.g., comment letter from the Independent Community 
Bankers of America (Dec. 12, 2007) (hereinafter ``ICBA letter''), p. 
8.
    \69\ See, e.g., MasterCard letter, supra note 53, at 6.
    \70\ See NFL letter, supra note 42, at 3; see also undated 
comment letter from Members of Congress of the United States (Rep. 
Pitts et al.) p. 1.
---------------------------------------------------------------------------

    In order to provide more guidance on the due diligence procedures 
that the Agencies would deem reasonably designed, the final rule 
includes a new Sec.  ----.6(b) that sets out a specific process that a 
non-exempt participant could choose to follow to conduct adequate due 
diligence of commercial customers with respect to the risk of unlawful 
Internet gambling. The non-exclusive examples for each designated 
payment system include a reference to the general due diligence 
provisions in this new section. The Agencies also believe that this due 
diligence process will help alleviate some of the concerns regarding 
the Act's definition of ``unlawful Internet gambling.'' While the 
process set out in Sec.  ----.6(b) may still require some judgment on 
the part of participants opening new accounts for commercial customers, 
the process would leave the primary responsibility for determining what 
is lawful and unlawful gambling activity with the State gambling 
commissions and other gambling licensing authorities.
    As noted in the NPRM, the Agencies anticipate that participants 
could choose to use a flexible, risk-based approach in their due 
diligence procedures in that the level of due diligence performed would 
match the level of risk posed by the commercial customer, and new Sec.  
----.6(b) includes specific references to this type of approach. In 
addition, the most efficient way for participants to implement the due 
diligence procedures would be to incorporate them into existing 
account-opening due diligence procedures (such as those required of 
depository institutions under Federal banking agencies' anti-money 
laundering compliance program requirements).\71\
---------------------------------------------------------------------------

    \71\ See, e.g., 12 CFR 208.63.
---------------------------------------------------------------------------

    As set out in new Sec.  ----.6(b), the participant could choose to 
conduct due diligence at account opening and determine the risk of a 
commercial customer engaging in an Internet gambling business. The 
participant should have a basic understanding of a new commercial 
customer's business, based on normal account-opening procedures. The 
vast majority of commercial customers will not have any involvement in 
an Internet gambling business. If, based on its initial due diligence, 
the participant determines that the prospective commercial customer 
presents only a minimal risk of engaging in an Internet gambling 
business, the participant could open the account for the commercial 
customer without further action under Sec.  ----.6(b).
    One commenter suggested that the Agencies consider whether there 
are low-risk relationships for which due diligence would not be 
necessary.\72\ New subsection ----.6(b)(4) states that a participant 
may deem the following commercial customers as presenting a minimal 
risk of engaging in an Internet gambling business without further 
investigation: (i) Entities that are directly supervised by the Federal 
functional regulators that are responsible for enforcing the Act; and 
(ii) agencies, departments, or divisions of the Federal government or a 
State government. With respect to supervised entities, the Federal 
functional regulators already review the activities of such entities 
and additional due diligence by participants in designated payment 
systems would be redundant.\73\ With respect to the activities of the 
Federal or State governments, participants should be able to assume 
that their activities are lawful.
---------------------------------------------------------------------------

    \72\ See Comptroller letter, supra note 54, at 2.
    \73\ For a general discussion in this regard, see the comment 
letter from The Depository Trust & Clearing Corporation (Dec. 10, 
2007).
---------------------------------------------------------------------------

    Depository institutions that are non-exempt participants in 
designated payment systems and have commercial customers that are money 
transmitting businesses should apply their due diligence procedures to 
those customers. However, under the final rule, the money transmitting 
businesses would themselves be responsible for implementing their own 
policies and procedures with respect to their commercial customers. The 
depository institutions providing financial transaction services to the 
money transmitting businesses would not be responsible for assessing 
the risk that the money transmitting business's commercial customers 
engage in an Internet gambling business.
    Under Sec.  ----.6(b), the Agencies contemplate that a U.S. 
participant establishing a correspondent account for a foreign 
respondent would conduct appropriate, risk-based due diligence on the 
foreign respondent as a commercial customer to determine the risk the 
foreign respondent presents of engaging in an Internet gambling 
business. The Agencies expect that a participant would likely choose to 
incorporate such due diligence in its normal correspondent account 
opening procedures.\74\ For the purposes of the final rule, the 
Agencies would not expect U.S. participants to conduct due diligence on 
its foreign respondent's commercial customers. If a U.S. participant 
obtained actual knowledge that a foreign respondent's commercial 
customer processed restricted transaction through the U.S. 
participant's facilities, the Agencies expect that the U.S. participant 
would follow the applicable procedures for cross-border transactions 
discussed below.
---------------------------------------------------------------------------

    \74\ Many U.S. institutions are already required to conduct due 
diligence of foreign financial institutions pursuant to Section 312 
of the USA PATRIOT Act. 31 U.S.C. 5318(i); 31 CFR 103.176.
---------------------------------------------------------------------------

    If the commercial customer's description of its business or other 
factors cause the participant to suspect that it may present more than 
a minimal risk of engaging in an Internet gambling business (for 
example, the commercial customer offers games or contests over the 
Internet), the participant should ask for further documentation from 
the commercial customer. Certification from the commercial customer 
that it does not engage in an Internet gambling business would address 
factual questions regarding the commercial customer's business. If the 
commercial customer engages in an Internet gambling business, the 
participant should obtain further documentation to show that the 
Internet gambling business is lawful. The non-exclusive policies and 
procedures also provide for a participant to obtain a written 
commitment from a commercial customer to notify the participant of any 
changes in its legal authority to engage in its Internet gambling 
business. If a commercial customer has a license that expressly 
authorizes the customer to engage in the Internet gambling business 
issued by the appropriate State or Tribal authority, the participant 
should be able to rely on that State agency's ability to implement its 
own gambling laws in a manner that does not violate the law of another 
State or Federal law.
    If the commercial customer does not have such a license, the 
Agencies expect that the participant would obtain from the commercial 
customer a reasoned legal opinion by the customer's counsel that 
demonstrates that the commercial customer's Internet gambling business 
does not involve restricted transactions. If a participant has 
questions regarding

[[Page 69393]]

the permissibility of a commercial customer's activities, the 
participant should consult with (or have the commercial customer obtain 
confirmation from) the applicable licensing authority.\75\ In addition, 
the suggested due diligence process in Sec.  ----.6(b) includes a 
third-party certification that the commercial customer's systems for 
engaging in the Internet gambling business are reasonably designed to 
ensure that the commercial customer's Internet gambling business will 
remain within the licensed or otherwise lawful limits, including with 
respect to age and location verification.
---------------------------------------------------------------------------

    \75\ The receipt of a reasoned legal opinion pursuant to a due 
diligence process under Sec.  .----6(b) is solely for purposes of 
compliance with implementing regulations under the Act and does not 
necessarily constitute compliance with, or provide protection from 
liability under, any other applicable Federal or State laws.
---------------------------------------------------------------------------

    The Agencies expect that this provision will not only provide 
additional guidance to participants on an adequate due diligence 
process, but also will permit the entities that license gambling 
activities to retain the primary responsibility for determining which 
activities are permissible under U.S. law. The Agencies have designed 
the example of due diligence procedures to enable designated payment 
systems and their participants to rely on government licensing and 
enforcement agencies to determine whether a commercial customer's 
Internet gambling activities are lawful rather than trying to make that 
determination themselves. The designated payment systems and their 
participants should, however, obtain appropriate documentation from 
those entities regarding the legality of the Internet gambling 
activities of its prospective commercial customers.
    The final rule retains the concept that participants in designated 
payment systems could communicate to their commercial customers that 
restricted transactions are prohibited. However, rather than suggesting 
that the only way to accomplish this goal is to include such a 
prohibition in the commercial customer agreement, the final rule 
provides that a participant could notify all of its commercial 
customers that restricted transactions are prohibited through a term in 
the commercial customer agreement, a simple notice sent to the 
customer, or through some other method.
    Sec.  ----.6(d) and (f) Monitoring the Internet. As an example of 
reasonably designed policies and procedures for card systems and money 
transmitting businesses, the proposed rule included monitoring the 
Internet to detect unauthorized use of the relevant designated payment 
system, including its trademarks.\76\ The Agencies' intent with this 
example was to incorporate the existing practice of some participants 
in designated payment systems to proactively search (or retain a 
contractor to search) the Internet for unauthorized use of their 
trademarks, including by Internet gambling Web sites.\77\ When 
unauthorized use of a trademark was discovered, the payment system or 
participant could choose to take steps to seek its removal from the 
gambling Web site, including legal action if available.
---------------------------------------------------------------------------

    \76\ Monitoring the Internet for unauthorized use of a trademark 
is distinct from monitoring and analyzing payment patterns to detect 
suspicious patterns of payments to a recipient. Monitoring and 
analyzing payment patterns continues to be included in the non-
exclusive examples for card systems and money transmitting 
businesses.
    \77\ See, e.g., MoneyGram letter, supra note 7, at 2.
---------------------------------------------------------------------------

    While some payment industry commenters recognized the value of 
monitoring the Internet for abuse of trademarks, they also reported 
that reasonable efforts to protect their trademarks are not always 
successful.\78\ In addition, payment industry commenters objected to 
the proposed rule converting the right to protect a trademark ``into an 
obligation under the Act.'' \79\ Commenters noted that legal action to 
protect trademarks can be costly and ultimately unsuccessful and 
criticized the proposed rule because it implied that such action was 
required.\80\ The Agencies believe that monitoring the Internet for 
unauthorized use of a payment system's trademark by Internet gambling 
businesses is a good practice and can be useful in preventing 
restricted transactions. However, the Agencies agree that designated 
payment systems and their participants should make a business decision 
on whether to pursue this activity and how to respond to discovered 
unauthorized use of their trademarks. Accordingly, in order to avoid 
confusion, the Agencies have deleted from the final rule the language 
regarding monitoring the Internet for unauthorized use of trademarks of 
designated payment systems or non-exempt participants. Of course, the 
examples in the rule are non-exclusive, and a system or participant may 
choose to include trademark monitoring in its policies and procedures 
where appropriate.
---------------------------------------------------------------------------

    \78\ Id.
    \79\ See comment letter from PayPal (Dec. 12, 2007), p. 2; see 
also MasterCard letter, supra note 53, at 8.
    \80\ See PayPal letter, supra note 79, at 2 and MasterCard 
letter, supra note 53, at 8. None of the rule's examples of 
reasonably designed policies and procedures are ``required.'' As 
noted in Sec.  ----.6(a) of both the proposed rule and the final 
rule, the examples provided in Sec.  ----.6 are non-exclusive and 
designated payment systems and participants therein are permitted to 
design and implement policies and procedures that may be different 
than the examples.
---------------------------------------------------------------------------

    Sec.  ----.6(c), (d) and (f) Fines. In the non-exclusive examples 
of reasonably designed policies and procedures for ACH systems, card 
systems, and money transmitting businesses, the proposed rule included 
the imposition of fines if the participant becomes aware that 
restricted transactions had been processed. The Agencies' intent in 
including this provision was to suggest imposing fines on participants 
that violated system rules regarding unlawful Internet gambling.\81\ 
The proposed rule did not, however, adequately explain the specific 
functions that should be carried out by specific participants in a 
system, including how fines should be imposed.
---------------------------------------------------------------------------

    \81\ See, e.g., National Automated Clearing House Association, 
2007 ACH Rules, Operating Rules Appendix XI (The National System of 
Fines).
---------------------------------------------------------------------------

    The lack of specificity caused some confusion among commenters who 
suggested that the provision be dropped or that the terminology be 
revised.\82\ In the final rule, as a general matter, the Agencies have 
attempted to provide greater clarity to the specific procedures in the 
non-exclusive examples that are intended to apply to particular parties 
in the designated payment system. With respect to fines, the Agencies 
have deleted this provision from the final rule as potentially 
confusing, given the different relationships between parties within 
each designated payment system. As the examples in the rule are non-
exclusive, a system or participant may choose to include fines in its 
policies and procedures where appropriate.
---------------------------------------------------------------------------

    \82\ See, e.g., The Clearing House letter, supra note 14, at 11.
---------------------------------------------------------------------------

    Sec.  ----.6(d) Card system examples. The proposed rule included as 
part of its non-exclusive examples of reasonably designed policies and 
procedures for card systems due diligence in establishing commercial 
customer accounts designed to ensure that the merchant will not receive 
restricted transaction through the card system, similar to provisions 
included in the non-exclusive examples for the other designated payment 
systems. The proposed rule's card system examples also included 
establishing transaction codes and merchant/business category codes 
that accompany the authorization request for a transaction and creating 
the operational functionality to enable the card system or the card 
user to identify and deny authorization for a restricted transaction. 
One card system commenter suggested that card systems

[[Page 69394]]

should be permitted to comply with the Act through the use of either 
due diligence on merchants or coding to identify and block restricted 
transactions, but not necessarily both.\83\ The commenter cited the 
language of the Act that specifically identifies policies and 
procedures that allow a designated payment system and its participants 
``to identify restricted transactions by means of codes in 
authorization messages or by other means'' and to block such 
transactions, as one of the acceptable ways that a payment system can 
comply with the Act.\84\
---------------------------------------------------------------------------

    \83\ See Visa letter, supra note 58, at 2.
    \84\ See 31 U.S.C. 5364(a).
---------------------------------------------------------------------------

    The Agencies expect that a coding system to identify and block 
restricted transactions will be the method of choice for the vast 
majority of card system participants to comply with the Act. In 
addition, the Agencies note that most Internet gambling businesses that 
use card systems for funding do so through non-U.S. merchant acquirers 
that are not subject to the Act or the final rule and likely would not 
conduct due diligence regarding Internet gambling on their merchants. 
However, the final rule retains a due diligence example for closed loop 
card systems in the United States where the card can only be used for a 
single merchant or a limited group of identified merchants, such as 
merchants operating in a particular shopping mall. Section ----.6(d) 
includes both the coding and due diligence examples for card systems as 
alternatives and contemplates that a card system and its participants 
could adopt either approach. Moreover, it is important to note that the 
examples in Sec.  ----.6 are non-exclusive and a card system could 
adopt policies and procedures other than the coding and due diligence 
examples presented and still comply with the final rule's requirement 
to adopt reasonably designed policies and procedures to prevent or 
prohibit restricted transactions.
    In addition, some commenters suggested that the final rule's non-
exclusive examples should include a provision by which credit card 
companies would create a particular merchant category code that would 
be limited to those types of Internet gambling that are specifically 
excluded from the definition of the term ``unlawful Internet gambling'' 
in Sec.  ----.2(cc)--intrastate transactions, intratribal transactions, 
and any activity that may be allowed under the Interstate Horseracing 
Act.\85\ While card system operators may choose to create new codes for 
such transactions, the Agencies believe that the establishment of codes 
for particular merchant transactions is a business decision for the 
card system operators and their participants. Accordingly, the final 
rule does not specify the establishment of such codes in the coding 
example for card systems.
---------------------------------------------------------------------------

    \85\ See, e.g., comment letter from the American Horse Council 
(Dec. 12, 2007), pp. 3-4; see also comment letter from the North 
American Association of State & Provincial Lotteries (Dec. 11, 
2007), p 3.
---------------------------------------------------------------------------

    Sec.  ----.6(c) and (e) Cross-border transactions. For the reasons 
discussed in the NPRM and above, the Agencies believe that it is very 
difficult, if not impossible, for a participant in the designated 
payment systems (other than card systems) to identify restricted 
transactions while they are being processed. As a result, the Agencies 
determined that the most efficient way to implement the Act for the 
systems other than card systems was through adequate due diligence by 
participants when opening accounts for commercial customers to reduce 
the risk that a commercial customer will introduce restricted 
transactions into the payment system in the first place.
    With respect to cross-border transactions, however, the institution 
that opens the account for an Internet gambling business likely will be 
located outside the United States and not be subject to the Act. 
Accordingly, no U.S. participant would be able to conduct due diligence 
at account opening for the foreign commercial customer. The proposed 
rule provided examples of special procedures for participants in ACH, 
check collection, and wire transfer systems that received cross-border 
transactions from foreign counterparties, such as including as a term 
in its agreement with a foreign counterparty a requirement that the 
foreign counterparty have reasonably designed policies and procedures 
in place to ensure that the commercial relationship would not be used 
to process restricted transactions.\86\
---------------------------------------------------------------------------

    \86\ The Agencies do not believe that special cross-border 
procedures are necessary for card systems, which generally have the 
same coding system for transactions regardless of where they are 
initiated.
---------------------------------------------------------------------------

    Commenters objected to the cross-border examples in the proposed 
rule on numerous grounds.\87\ Some commenters stated that including a 
term in agreements with foreign banks regarding restricted transactions 
was not practicable because it was unrealistic to expect foreign 
institutions to be willing or able to make specific representations 
with respect to restricted transactions, given the uncertain definition 
of ``unlawful Internet gambling.'' \88\ In addition, commenters noted 
that the foreign correspondent with which the U.S. participant has a 
contractual relationship may itself be a correspondent several steps 
removed from the institution that has the customer relationship with 
the Internet gambling business and that it would be unrealistic to 
expect a provision in the cross-border agreement would be able to 
prevent restricted transactions.\89\ Commenters suggested that cross-
border transactions conducted through correspondent relationships be 
entirely exempt from the regulation, or that notice to customers that 
the relevant payment system may not be used to engage in restricted 
transactions should be deemed a reasonably designed policy and 
procedure.\90\
---------------------------------------------------------------------------

    \87\ See, e.g., ABA letter, supra note 10, at 7.
    \88\ See, e.g., The Clearing House letter, supra note 14, at 9.
    \89\ See, e.g., ABA letter, supra note 10, at 8.
    \90\ Id.; see also The Clearing House letter, supra note 14, at 
9.
---------------------------------------------------------------------------

    The comment letters illustrated many of the challenges in 
identifying and preventing particular types of transactions in the 
modern, global payment system. The Agencies agree that, with the 
complex framework of gambling laws in the United States, institutions 
in other countries will not reasonably be able to determine which 
transactions are unlawful under applicable U.S. law. Moreover, given 
the numerous intermediaries involved with a typical cross-border 
payment transaction, there will likely be many cases where the foreign 
correspondent from which a U.S. participant receives a cross-border 
debit transaction does not have a customer relationship with the 
Internet gambling business.
    In response to the comments on the various cross-border transaction 
provisions, the Agencies have made revisions to the cross-border 
provisions in the final rule. First, the final rule contains non-
exclusive examples with respect only to cross-border debit transactions 
(i.e., ACH debits and check collections) because there are no 
reasonably practical steps that a foreign counterparty could take to 
prevent a U.S. institution from sending a restricted transaction to the 
foreign counterparty, short of severing the relationship altogether. 
Second, the final rule contemplates that if a U.S. participant is 
notified by a U.S. government entity (such as its regulator or law 
enforcement) that it has been sent cross-border restricted transactions 
by a

[[Page 69395]]

particular foreign respondent, the participant would be expected to 
notify its foreign respondent of the restricted transaction.\91\ The 
Agencies have included a model notice in the appendix to the 
regulation.
---------------------------------------------------------------------------

    \91\ The Agencies expect that the notice would contain enough 
detail (including identifying intermediaries) to permit the U.S. 
participant to describe the transaction's path to its foreign 
counterparty.
---------------------------------------------------------------------------

Sec.  ----.6 Remedial Action
    Commenters urged the Agencies to provide more detailed guidance as 
to when non-exempt participants should take remedial action against 
their commercial customers for processing restricted transactions. 
These commenters stated that the proposed rule gave no specifics about 
what types of penalties are appropriate under particular 
circumstances.\92\ The Agencies considered these comments and 
determined that a non-exempt participant's decision on when to deny a 
commercial customer access to a particular payment system or when to 
close the account of such customer for processing restricted 
transactions is fact-specific and a matter of business judgment. As a 
result, the final rule does not contain thresholds specifying when it 
would be appropriate to take certain types of remedial action. When 
restricted transactions are discovered, the Agencies expect that a 
participant's regulator will review the remedial actions taken by the 
participant and come to a judgment as to whether the participant took 
appropriate action under the circumstances.
---------------------------------------------------------------------------

    \92\ See e.g., NFL letter, supra note 42, at 4; see also comment 
letter from Christian Coalition of America (Dec. 7, 2007), p.2.
---------------------------------------------------------------------------

Sec.  ----.7 Regulatory Enforcement
    The proposed rule essentially reiterated the regulatory enforcement 
framework from the Act. Some commenters urged that the financial 
regulators develop a uniform approach for enforcing the rule.\93\ The 
Act does not modify the statutory enforcement mechanisms of the 
agencies charged with enforcing the Act with respect to the 
institutions that are within their jurisdiction. The Federal agencies 
charged with regulatory enforcement authority for the final rule have 
different enforcement authorities and use different regulatory tools 
for fulfilling their supervisory responsibilities, so the Agencies do 
not believe that it is appropriate to mandate a particular uniform 
regulatory enforcement approach in the final rule. Moreover, the Board 
expects that examiner guidance will be developed among the Federal 
depository institution regulatory agencies responsible for enforcing 
the final rule, however, that process would occur separately from this 
rulemaking.
---------------------------------------------------------------------------

    \93\ See, e.g., comment letter from Credit Union National 
Association (Dec. 12, 2007) p. 5; see also comment letter from The 
Financial Services Roundtable and BITS (Dec. 12, 2007), pp. 6-7.
---------------------------------------------------------------------------

    Another commenter noted that the Act's regulatory enforcement 
framework reflected in the proposed rule would subject money service 
businesses (MSBs) to the jurisdiction of two different agencies--the 
Federal Trade Commission for enforcement of the Act and the Internal 
Revenue Service, which elsewhere has been delegated authority to 
examine for compliance with the Bank Secrecy Act (BSA).\94\ The 
commenter suggested that the Agencies could determine that MSBs should 
be subject to the authority of only one regulator. The Agencies do not 
believe that the Act provides the Agencies with the authority to modify 
the regulatory authority of Federal agencies pursuant to the Act or any 
other statute.
---------------------------------------------------------------------------

    \94\ See Alston & Bird letter, supra note 49, at 23. See also, 
31 CFR 103.56(b)(8) where the regulations of the Financial Crimes 
Enforcement Network (``FinCEN'') clarify the examination authority 
of the IRS.
---------------------------------------------------------------------------

    After considering the public comments received on the proposed 
rule, the Agencies have not modified Sec.  ----.7 from the proposed 
rule, other than technical conforming changes.

III. Administrative Law Matters

A. Executive Order 12866

    It has been determined that this regulation is an economically 
significant regulatory action as defined in section 3(f)(1) of E.O. 
12866, as amended. Accordingly, this final rule has been reviewed by 
the Office of Management and Budget. The reasons for this determination 
are explained in more detail in the Small Business Regulatory 
Enforcement Fairness Act Section B. The Regulatory Assessment prepared 
by the Treasury for this regulation is provided below.
1. Description of Need for the Regulatory Action
    The rulemaking is required by the Act, the applicable provisions of 
which are designed to interdict the flow of funds from gamblers to 
unlawful Internet gambling businesses. To accomplish this, the Act 
requires the Agencies, in consultation with the U.S. Attorney General, 
to jointly prescribe regulations requiring designated payment systems 
(and their participants) to establish policies and procedures that are 
reasonably designed to identify and block or otherwise prevent or 
prohibit unlawful Internet gambling transactions restricted by the Act.
    In accordance with the Act, section 3 of the final rule designates 
five payment systems that could be used in connection with, or to 
facilitate, unlawful Internet gambling transactions. The five 
designated payment systems are the same payment systems designated in 
the proposed rule, except that the Agencies have narrowed the 
designation of money transmitting businesses to cover only those money 
transmitting businesses that permit their customers to initiate fund 
transfers remotely from a location other than a physical office of the 
money transmitting business. As explained above, the Agencies' view is 
that money transmitting businesses that do not permit their customers 
to initiate remote funds transfers, such as through a Web site, could 
not reasonably be used for Internet gambling because of the lack of 
broad public accessibility. The Agencies believe that the narrowing of 
the money transmitting business designation will significantly reduce 
the number of money transmitting businesses affected by the final rule. 
The Agencies estimated in the proposed rule that the number of money 
transmitting businesses affected would be 253,208. The Agencies 
estimate that the number of money transmitting businesses affected by 
the final rule with the narrower designation and with the exemption 
described below will be 16, resulting in an estimated reduction of 
253,192 money transmitting businesses affected by the final rule.
    In accordance with the Act, section 5 of the final rule requires 
designated payment systems and participants in those designated payment 
systems to establish and implement written policies and procedures 
reasonably designed to identify and block or otherwise prevent or 
prohibit unlawful Internet gambling transactions restricted by the Act. 
In accordance with the Act, section 4 of the final rule exempts certain 
participants in designated payment systems from the requirement to 
establish and implement policies and procedures, because the Agencies 
believe that it is not reasonably practical for those participants to 
identify and block or otherwise prevent or prohibit unlawful Internet 
gambling transactions restricted by the Act. As explained earlier, the 
Agencies have expanded the exemptions in the final rule. For example, 
the proposed rule did not contain any exemptions for money transmitting 
businesses. At least one commenter recommended that the Agencies exempt 
``send'' agents of

[[Page 69396]]

money transmitting businesses by analogizing such ``send'' agents to 
the originating depository institutions for ACH credit and wire 
transfers which the Agencies exempted in the proposed rule. The final 
rule exempts all participants in money transmitting businesses, 
including ``send'' agents, except for the operator. In accordance with 
the Act, section 6 of the final rule contains a ``safe harbor'' 
provision by including non-exclusive examples of policies and 
procedures which would be deemed to be reasonably designed to identify 
and block or otherwise prevent or prohibit unlawful Internet gambling 
transactions restricted by the Act.
2. Assessment of Potential Benefits and Costs
a. Potential Benefits
    Congress determined that Internet gambling is a growing cause of 
debt collection problems for insured depository institutions and the 
consumer credit industry.\95\ Further, Congress determined that there 
is a need for new mechanisms for enforcing Internet gambling laws 
because traditional law enforcement mechanisms are often inadequate for 
enforcing gambling prohibitions or regulations on the Internet, 
especially where such gambling crosses State or national borders.\96\ 
Section 5 of the final rule addresses this by requiring participants in 
designated payment systems, which include insured depository 
institutions and other participants in the consumer credit industry, to 
establish and implement reasonably designed policies and procedures to 
identify and block or otherwise prevent or prohibit unlawful Internet 
gambling transactions in order to stop the flow of funds to unlawful 
Internet gambling businesses. This funds flow interdiction is designed 
not only to inhibit the accumulation of consumer debt but also to 
reduce debt collection problems for insured depository institutions and 
the consumer credit industry. Treasury believes that the reduction of 
debt collection problems through the final rule's funds flow 
interdiction process will yield important benefits for insured 
depository institutions and consumers given the recent turmoil in the 
financial markets that is causing liquidity problems for insured 
depository institutions and constraining the availability of consumer 
credit. Moreover, the final rule carries out the Act's goal of 
implementing new mechanisms for enforcing Internet gambling laws. The 
final rule will likely provide other benefits. Specifically, the final 
rule could restrict excesses related to unlawful Internet gambling by 
underage or compulsive gamblers.
---------------------------------------------------------------------------

    \95\ 31 U.S.C. 5361(a)(3).
    \96\ 31 U.S.C. 5361(a)(4).
---------------------------------------------------------------------------

b. Potential Costs
    Treasury believes that the costs of implementing the Act and the 
final rule are lower than they would be if the Act and the final rule 
were to require a prescriptive, one-size-fits-all approach with regard 
to regulated entities. First, section 5 of the final rule provides that 
a financial transaction provider shall be considered to be in 
compliance with the regulation if it relies on and complies with the 
written policies and procedures of the designated payment system of 
which it is a participant. This means that the regulated entities will 
not be required to establish their own policies and procedures but can 
instead follow the policies and procedures of the designated payment 
system, thereby resulting in lower costs. Based on public comments 
received, the Agencies have made it easier for regulated entities to 
choose to follow the policies and procedures of a designated payment 
system. Specifically, the proposed rule incorporated the Act's 
provision permitting regulated entities to rely on the policies and 
procedures of a designated payment system if the system's policies and 
procedures comply with the requirements of the regulation. In their 
comments, regulated entities expressed concern about the significant 
burden that would be imposed on them in determining whether a 
designated payment system's policies and procedures complied with the 
regulation, particularly when the payment system has thousands of 
participants and no single participant has any significant leverage 
with the payment system.\97\ In order to eliminate this burden and the 
associated costs, the final rule specifically states that regulated 
entities may rely on and treat as conclusive evidence a written 
statement or notice from a designated payment system that the system's 
policies and procedures comply with the final rule, unless such 
regulated entities are specifically notified otherwise by the 
appropriate Federal agency.
---------------------------------------------------------------------------

    \97\ See e.g., comment letter from The Huntington National Bank 
(Dec. 12, 2007) p. 3.
---------------------------------------------------------------------------

    Second, with regard to regulated entities that choose to establish 
their own policies and procedures, sections 5 and 6 of the final rule 
provide maximum flexibility. Specifically, the final rule contains 
neither design standards (such as requiring the use of a specific 
technology) nor performance standards but instead requires, consistent 
with the Act, that the policies and procedures be ``reasonably 
designed'' to identify and block or otherwise prevent or prohibit 
unlawful Internet gambling. In addition, the final rule expressly 
authorizes each regulated entity to design and implement policies and 
procedures that are ``tailored to its business,'' which will enable it 
to craft policies and procedures based on individual circumstances. The 
flexibility the final rule affords regulated entities that establish 
their own policies and procedures should result in lower costs than if 
the final rule took a prescriptive one-size-fits-all approach.
    Third, the ``safe harbor'' provision, with its nonexclusive 
examples of policies and procedures deemed to be ``reasonably 
designed,'' provides regulated entities with specific guidance on how 
to structure the policies and procedures required by the Act and the 
final rule. As a result, costs associated with formulating policies and 
procedures should be lower because the safe harbor provision provides 
guidance on how to so structure the policies and procedures. The 
Agencies also revised the nonexclusive due diligence examples contained 
in section 6 of the final rule to reduce potential costs for regulated 
entities. Specifically, the proposed rule contained nonexclusive due 
diligence examples which generally placed the burden of distinguishing 
lawful versus unlawful Internet gambling on regulated entities. As 
noted earlier, public commenters suggested that commercial customers 
engaged in an Internet gambling business should demonstrate to their 
financial transaction providers that the commercial customers are not 
engaged in unlawful Internet gambling in order to shift the burden of 
distinguishing lawful versus unlawful Internet gambling from regulated 
entities to the Internet gambling businesses. Based on these comments, 
the Agencies revised the nonexclusive due diligence examples contained 
in the final rule by shifting the burden of distinguishing lawful 
versus unlawful Internet gambling from regulated entities to the 
Internet gambling businesses. Treasury believes that this shifting of 
the burden will result in lower costs for regulated entities that 
choose to follow the final rule's nonexclusive due diligence examples.
    Treasury received two comments expressing concern that the 
Regulatory Assessment in the proposed rule only addressed the potential 
recordkeeping

[[Page 69397]]

costs on regulated entities but did not include an analysis of the full 
potential costs to participants to establish and implement the policies 
and procedures, including legal, management and operational costs.\98\ 
In the proposed rule, Treasury explained that it did not have 
sufficient information to quantify reliably the costs of developing 
specific policies and procedures, and it solicited information and 
comment on any costs or compliance requirements. Because the final rule 
provides maximum flexibility to regulated entities that establish their 
own policies and procedures by allowing them to tailor their policies 
and procedures to their business, including the use of different 
policies and procedures with respect to different business lines or 
different parts of the organization, Treasury does not have sufficient 
information to quantify reliably the costs of developing and 
implementing specific policies and procedures.
---------------------------------------------------------------------------

    \98\ See e.g., comment letter from the California and Nevada 
Credit Union Leagues (Dec. 12, 2007) p.4.
---------------------------------------------------------------------------

    It is estimated that the recordkeeping burden for regulated 
entities will be approximately one million hours in order to develop 
and establish the policies and procedures required by the Act and this 
final rule. Using a reasonable estimate of average wages to monetize 
the opportunity cost of this time, which is explained in more detail in 
the Paperwork Reduction Act section below, yields a combined 
recordkeeping burden of approximately $88.5 million. We estimate this 
potential impact will be born during the first year this rule is in 
effect, in anticipation of the compliance date 12 months after 
publication of the final rule. In addition, it is estimated that the 
recordkeeping requirement required by the Act and the final rule will 
take approximately 8 hours per recordkeeper per year to maintain the 
policies and procedures required by this rulemaking. It is estimated 
that the total annual cost to regulated entities to maintain the 
policies and procedures will be approximately $3,337,200.\99\
---------------------------------------------------------------------------

    \99\ This estimate is based on an estimate of 16,686 
recordkeepers. The hourly cost of the individual who would be 
responsible for maintaining the policies and procedures is estimated 
to be $25 per hour (which is an average based on data contained in 
the U.S. Department of Labor, Bureau of Labor Statistics' 
occupational employment statistics for office and administrative 
support occupations, dated May 2007).
---------------------------------------------------------------------------

3. Interference With State, Local, and Tribal Governments
    The Act does not alter State, local or Tribal gaming law.\100\ The 
Act exempts from the definition of the term ``unlawful Internet 
gambling,'' intrastate, intratribal, and intertribal transactions.\101\ 
Because the final rule does not alter these defined terms, it avoids 
undue interference with State, local, and tribal governments in the 
exercise of governmental functions. In addition, the final rule's non-
exclusive due diligence examples contained in Sec.  ----.6 accord 
deference to State and Tribal authorities. Specifically, the final 
rule's due diligence examples provide that a regulated entity may 
accept as evidence of a commercial customer's legal authority to engage 
in an Internet gambling business, a license issued by an appropriate 
State or Tribal authority that expressly allows the regulated entity's 
commercial customer to engage in the Internet gambling business.
---------------------------------------------------------------------------

    \100\ Specifically, the Act defines the term ``unlawful Internet 
gambling'' as a bet or wager, which involves at least in part the 
use of the Internet, where such bet or wager is unlawful under any 
applicable Federal or State law in the State or Tribal lands in 
which the bet or wager is initiated, received, or otherwise made. 31 
U.S.C. 5362(10)(A).
    \101\ 31 U.S.C. 5362(10)(B) and (C).
---------------------------------------------------------------------------

B. Small Business Regulatory Enforcement Fairness Act of 1996

    As discussed elsewhere, the total recordkeeping costs alone imposed 
on regulated entities exceed $88.5 million. Treasury does not have 
adequate information to quantify the impact of other compliance 
requirements, such as the implementation of any due diligence policies 
and procedures for commercial customers during the first year of this 
rule. These unquantified costs that are necessary to meet compliance 
obligations include burdens related to management, clerical, technical, 
training, auditing, and legal expertise that are necessary to implement 
the policies and procedures set forth in this final rule. Therefore, 
Treasury believes it is reasonable to assume the total compliance costs 
of this final rule will exceed $100 million in the first year. 
Considering the final rule's quantified and unquantified costs, and the 
fact that costs are likely to constitute a major increase in costs for 
an individual industry (depository institutions), it is a major rule as 
defined by section 804 of the Small Business Regulatory Enforcement 
Fairness Act of 1996.

C. Unfunded Mandates Reform Act (Sec. 202, Pub. L. 104-4; 2 U.S.C. 
1532)

    Treasury has concluded this rule does not contain a Federal mandate 
that may result in the expenditure by State, local and Tribal 
governments, in aggregate, or by the private sector, of $100 million or 
more (adjusted for inflation) in any one year. The threshold after 
adjustment for inflation is $130 million, using the most current (2007) 
Implicit Price Deflator for the Gross Domestic Product. However, 
Treasury believes the analyses provided in the Executive Order, 
Regulatory Flexibility Act, and Paperwork Reduction Act sections 
provide the analysis required by the Unfunded Mandates Reform Act.

D. Final Regulatory Flexibility Analysis

    An initial regulatory flexibility analysis (IRFA) was included in 
the NPRM in accordance with the Regulatory Flexibility Act (RFA).\102\ 
In the IRFA, the Agencies specifically solicited comment, including 
from small entities, on whether the proposed rule would have a 
significant economic impact on a substantial number of small entities. 
No small entities submitted comments regarding quantification of their 
projected costs. The Agencies expect this rule to affect a number of 
small entities; however, the direct cost this rule imposes does not 
appear to have a significant economic impact on a substantial number of 
small entities, within the meaning of the RFA. Specifically, as 
discussed below, the proposed rule estimated that approximately 253,368 
small entities would be subject to the rule. The Agencies estimate that 
the number of small entities subject to the final rule will be 
approximately 12,267 or less than five percent of the total number of 
small entities estimated in the proposed rule. The Agencies thus 
believe that the final rule will not affect a substantial number of 
small entities. Moreover, as noted below, in response to public 
comments on the proposed rule and on the IRFA, the Agencies have made a 
number of changes in the final rule that will reduce its economic 
impact. Even though this rule does not appear to have a significant 
economic impact on a substantial number of small entities, the Agencies 
have not formally certified the rule as not having a ``significant 
economic impact on a substantial number of small entities,'' as 
provided under section 605(b) of the RFA. Instead, the Agencies have 
prepared a Final Regulatory Flexibility Analysis as described in the 
RFA, 5 U.S.C. 604.\103\
---------------------------------------------------------------------------

    \102\ 5 U.S.C. 601 et seq.
    \103\ When promulgating a final rule, the RFA requires agencies 
to prepare a FRFA unless the agency finds that the final rule will 
not, if promulgated, have a significant economic impact on a 
substantial number of small entities. 5 U.S.C. 604(a) and 605(b).
---------------------------------------------------------------------------

    The RFA requires each FRFA to contain:

     A succinct statement of the need for, and objectives 
of, the rule;
     A summary of the significant issues raised by the 
public comments in response to

[[Page 69398]]

the initial regulatory flexibility analysis, a summary of the 
assessment of the agency of such issues, and a statement of any 
changes made in the proposed rule as a result of such comments;
     A description of and an estimate of the number of small 
entities to which the rule will apply or an explanation of why no 
such estimate is available;
     A description of the projected reporting, recordkeeping 
and other compliance requirements of the rule, including an estimate 
of the classes of small entities which will be subject to the 
requirement and the type of professional skills necessary for 
preparation of the report or record; and
     A description of the steps the agency has taken to 
minimize the significant economic impact on small entities 
consistent with the stated objectives of applicable statutes, 
including a statement of the factual, policy, and legal reasons for 
selecting the alternative adopted in the final rule and why each one 
of the other significant alternatives to the rule considered by the 
agency which affect the impact on small entities was rejected.\104\

    \104\ 5 U.S.C. 604(a).
---------------------------------------------------------------------------

1. Statement of the Need for, and Objectives of, the Final Rule
    The Agencies jointly are adopting this final rule to implement the 
Act, as required by the Act. As noted above, the Act prohibits any 
person in the business of betting or wagering (as defined in the Act) 
from knowingly accepting payments in connection with the participation 
of another person in unlawful Internet gambling. The Act requires the 
Agencies jointly (in consultation with the U.S. Attorney General) to 
designate payment systems that could be used in connection with, or to 
facilitate, restricted transactions and to prescribe regulations 
requiring designated payment systems, and financial transaction 
providers participating in each designated payment system, to establish 
policies and procedures reasonably designed to identify and block or 
otherwise prevent or prohibit restricted transactions.\105\ The final 
rule sets out necessary definitions, designates payment systems that 
could be used in connection with restricted transactions, exempts 
participants performing certain functions in designated payment systems 
from the requirement imposed by the final rule, provides nonexclusive 
examples of policies and procedures reasonably designed to identify and 
block, or otherwise prevent and prohibit, restricted transactions, and 
reiterates the enforcement regime set out in the Act for designated 
payment systems and non-exempt participants therein. The Agencies 
believe that the final rule implements Congress's requirement that the 
Agencies prescribe regulations that carry out the purposes of the Act 
and provide guidance to designated payment systems and participants 
therein with respect to policies and procedures reasonably designed to 
identify and block, or otherwise prevent or prohibit, transactions in 
connection with unlawful Internet gambling.
---------------------------------------------------------------------------

    \105\ 31 U.S.C. 5364(a).
---------------------------------------------------------------------------

2. Significant Issues Raised by Comments in Response to the IRFA
    The Agencies have carefully considered the comment letters received 
in response to the proposed rule. The preamble above provides a general 
overview of the comments and the preamble's section-by-section analysis 
discusses the significant issues raised by the comments. The following 
is a summary of significant issues raised by commenters regarding the 
IRFA. The Agencies also have considered the comments received from 
small entities and associations that represent such small entities, 
even though the comments did not specifically refer to the RFA.
    The Agencies received several comments directly related to the 
IRFA, including from the Office of Advocacy (Advocacy) of the U.S. 
Small Business Administration.\106\ The most common concern expressed 
in these comments was that the IRFA did not provide sufficient 
information about the nature of the impact of the proposed rule on 
small entities or that the burdens were not adequately estimated. 
Advocacy stated that, while it appreciated the fact that the Agencies 
may need to obtain information on the impact on small entities and 
commended the Agencies for soliciting additional information from the 
public, it was concerned that the Agencies were not providing all 
available information. Advocacy referenced the Board's ``Supporting 
Statement for Recordkeeping Requirements'' (Supporting Statement) 
associated with the proposed rule that was submitted to the Office of 
Management and Budget and published on the Board's website. The 
Supporting Statement included an estimate of the proposed rule's total 
recordkeeping cost to the public of just under $20 million. The 
Supporting Statement was created in compliance with the Paperwork 
Reduction Act (PRA), which requires a specific, objectively supported 
estimate of burden.\107\ Conversely, the RFA authorizes agencies to 
provide general descriptive statements of the effects of a proposed 
rule, in lieu of a quantifiable or numerical description, if 
quantification is not practicable or reliable.\108\ The Agencies stated 
in the NPRM that they did not have sufficient information to quantify 
reliably the effects the Act and the proposed rule would have on small 
entities. The Agencies specifically requested public comment on any 
costs, compliance requirements, or changes in operating procedures 
arising from the application of the proposed rule and the extent to 
which those costs, requirements, or changes are in addition to, or 
different from, those arising from the application of the Act 
generally.\109\ Because of the different standards contained in the PRA 
and the RFA and the differing types of costs assessed under these two 
statutes, the Agencies did not believe that Board's PRA estimates 
constituted a useful proxy for purposes of the RFA. Accordingly, to 
avoid confusion by providing inappropriate data, the Agencies did not 
include the Board's PRA cost estimates in the IRFA.
---------------------------------------------------------------------------

    \106\ E.g., comment letters were received from the Office of 
Advocacy of the U.S. Small Business Administration (Dec. 12, 2007) 
(hereinafter ``Advocacy letter''); the Center for Regulatory 
Effectiveness (Nov. 15, 2007) (hereinafter ``CRE letter'');, M&T 
Bank, supra note 45; TMSRT, supra note 35; Alston & Bird, supra note 
49;, and J. Schmit, an individual (Dec. 8, 2007).
    \107\ 44 U.S.C. 3506(c)(1)(A)(iv) and 5 CFR 1320.8(a)(4).
    \108\ 5 U.S.C. 607.
    \109\ NPRM, 72 FR at 56693.
---------------------------------------------------------------------------

    Advocacy also expressed concern that the Agencies did not put 
forward a meaningful discussion of alternatives to the proposed rule. 
The only actual requirement in the proposed rule, which is mandated by 
the Act, was that all non-exempt participants in designated payment 
systems establish and implement policies and procedures reasonably 
designed to identify and block or otherwise prevent or prohibit 
restricted transactions.\110\ The proposed rule made clear that the 
examples of reasonably designed policies and procedures set out in 
Sec.  ----.6 are non-exclusive and that a participant in a designated 
payment system may design and use other policies and procedures that 
are specific to its business and may use different policies and 
procedures with respect to different types of restricted transactions. 
With respect to the non-exclusive examples provided in Sec.  ----.6 of 
the proposed rule, the NPRM went into considerable detail describing 
how the Agencies anticipated that such policies and procedures would 
operate, including risk-based due diligence at account opening and 
remedial actions if a participant discovered that a customer

[[Page 69399]]

processed restricted transactions through the participant's facilities.
---------------------------------------------------------------------------

    \110\ This requirement is set out in Sec.  ----.5(a) of the 
proposed rule and is required by section 5364(a) of the Act.
---------------------------------------------------------------------------

    The NPRM went into detail in discussing alternatives considered and 
the reasoning behind the alternatives selected for the proposed rule, 
particularly with respect to exemptions for certain participants in 
designated payment systems and non-exclusive examples of procedures for 
each designated payment system. For example, the NPRM discussed 
alternatives that the Agencies included in the proposed rule (such as 
due diligence at account opening, remedial action, and transaction 
coding), and alternatives that the Agencies considered but rejected for 
the proposed rule (such as a list of unlawful Internet gambling 
businesses). With respect to small entities, the Agencies considered 
exempting all small entities from coverage of the rule.\111\ As noted 
in the IRFA, the Agencies proposed that the requirements in the 
proposed rule be applicable to all entities subject to the Act, as 
implemented, regardless of their size because an exemption for small 
entities would significantly diminish the usefulness of the policies 
and procedures required by the Act by permitting unlawful Internet 
gambling operations to evade the requirements by using small financial 
transaction providers.\112\
---------------------------------------------------------------------------

    \111\ See 5 U.S.C. 603(c)(4).
    \112\ NPRM, 72 FR at 56693.
---------------------------------------------------------------------------

    The Agencies also considered as a significant alternative the use 
of performance rather than design standards and the simplification of 
compliance requirements.\113\ As noted in the NPRM, the proposed rule 
was designed to provide maximum flexibility. The Act does not contain 
specific performance (much less design) standards, but instead requires 
that the policies and procedures be ``reasonably designed'' to prevent 
or prohibit unlawful Internet gambling. The proposed rule preserved 
this flexibility. In addition, the proposed rule simplified compliance 
requirements by expressly authorizing each regulated entity to use 
policies and procedures that are ``specific to its business'' to enable 
it to efficiently tailor its policies and procedures to its needs.\114\
---------------------------------------------------------------------------

    \113\ See 5 U.S.C. 603(c)(2) and (3).
    \114\ Treasury noted in its discussion of Executive Order 12866 
in the NPRM that providing this flexibility for regulated entities 
by allowing them to tailor their policies and procedures to their 
individual circumstances should result in lower costs than if the 
Act and the proposed rule took a prescriptive one-size-fits-all 
approach. NPRM, 72 FR at 56692.
---------------------------------------------------------------------------

    The IRFA referred back to the extensive discussion of alternatives 
in the NPRM when it stated that ``other than as noted above'' the 
Agencies were unaware of any significant alternatives to the proposed 
rule. Accordingly, the Agencies believe that the IRFA addressed this 
requirement of the RFA.
    Advocacy also suggested that the Agencies had not identified 
Federal rules that duplicate, overlap, or conflict with the proposed 
rule, as required by the RFA. The IRFA expressly stated that the 
Agencies had not identified any Federal rules that duplicated, 
overlapped, or conflicted with the proposed rule. As with all other 
aspects of the proposed rule, the Agencies sought public comment 
regarding whether any commenter believed there were any Federal rules 
that duplicated, overlapped, or conflicted with the proposed rule. 
Advocacy apparently interpreted these statements as an attempt by the 
Agencies to shift the obligation for identifying such rules to small 
entities. The Agencies intended its statement to mean that the Agencies 
had researched the issue and found no Federal rules that duplicated, 
overlapped, or conflicted with the proposed rule. Accordingly, the 
Agencies believe that the IRFA addressed this requirement of the RFA.
    Advocacy also suggested that the Agencies consider (i) exempting 
small money transmitters from the proposed rule and (ii) exempting the 
send agents in a money transmitting business. As noted above in the 
section-by-section analysis, other commenters raised similar issues and 
the Agencies have made revisions in the final rule to address these 
concerns, including exempting all send agents in a money transmitting 
business. However, the Agencies decided against exempting all small 
money transmitting businesses. Specifically, the Agencies do not 
believe that the Act's standard for granting exemptions would be met 
with regard to such a wholesale exemption, and such wholesale exemption 
would substantially undermine the purpose of the Act by allowing 
unlawful Internet gambling businesses to evade the restrictions 
contained in the Act and the final rule by using small money 
transmitting businesses.\115\
---------------------------------------------------------------------------

    \115\ See 31 U.S.C. 5364(b)(3). As noted above, the final rule 
does, however, include a revised designation for money transmitting 
businesses as including only those money transmitting businesses 
that engage in the transmission of funds and permit customers to 
initiate money transmission transactions remotely from a location 
other than a physical office of the money transmitting business 
(such as through the Internet). The Agencies believe that this 
designation revised along functional lines, rather than by size, may 
also exclude a significant number of small money transmitting 
businesses.
---------------------------------------------------------------------------

    Advocacy recommended that the Agencies prepare a revised initial 
regulatory flexibility analysis to address its concerns. The Agencies 
believe that the IRFA met the requirements of the RFA and a revised 
initial regulatory flexibility analysis is not warranted. In addition, 
after considering this and other comments, the Agencies determined that 
the issues raised by Advocacy have been addressed in the final rule or 
would not be resolved by an additional initial regulatory flexibility 
analysis.
    One commenter suggested that the Agencies extend the comment period 
to allow the Agencies to gather additional information on the impact 
the proposed rule would have on regulated small entities, including 
through use of the procedures described in the RFA, which includes 
direct notification of interested small entities.\116\ The commenter 
stated that an extension of the comment period is warranted because 
many small money transmitting businesses may not be part of a trade 
association that is familiar with the federal regulatory process and 
may not use English as their primary language, so they are in 
particular need of outreach. In the NPRM, the Agencies stated that they 
anticipated contacting trade groups representing participants that 
qualify as small entities and encouraging them to provide comments 
during the comment period in order to ascertain the costs imposed on 
regulated small entities. Within a week of publication of the proposed 
rule in the Federal Register, Board staff sent electronic notices to 
money transmitter associations in over a dozen States, including New 
York, New Jersey, California, Illinois, Georgia, Florida, Washington, 
Colorado and Ohio, notifying them of the issuance of the proposed rule 
and encouraging the associations to provide comments on all aspects of 
the proposed rule, but, in particular, the costs that may be imposed on 
small entities. A commenter, which received one of the electronic 
notices and which represents small- and medium-sized money 
transmitters, suggested that send agents in money transmitting 
businesses should be exempted and noted that these send agents ``are 
predominantly small entities.'' \117\ As noted above, the Agencies 
exempted send agents from the requirement of the final rule. In 
addition, under the final rule, the only non-exempt participants in a 
money transmitting business are the operators that permit customers to 
initiate

[[Page 69400]]

transmission of funds transactions remotely from a location other than 
a physical office of the money transmitting business. The Agencies 
believe that the public comment period was sufficient and that further 
extension of the comment period is not warranted.
---------------------------------------------------------------------------

    \116\ See CRE letter, supra note 106, at 5-6. The RFA section 
can be found at 5 U.S.C. 609.
    \117\ See TMSRT letter, supra note 35 at 3-4.
---------------------------------------------------------------------------

    One commenter stated that the Agencies should determine how many 
small entities will be affected by the rule in connection with their 
participation in card systems, particularly gift card and stored-value 
card systems.\118\ The number of small entities involved with card 
systems that would be subject to the final rule is estimated below, but 
the Agencies do not believe that attempting to break out the number of 
small entities involved specifically with gift cards or stored value 
cards is relevant to the analysis.\119\
---------------------------------------------------------------------------

    \118\ See Alston & Bird letter, supra note 49, at 22-23.
    \119\ Card systems basically operate the same way for purposes 
of the Act and the rule, regardless of whether the particular card 
involved is a credit card, debit card, pre-paid card, or stored-
value product. With respect to implementing the final rule's non-
exclusive examples for card systems, the relevant entities are the 
card system operator, merchant acquirer bank, and the card issuer 
bank. Retailers that may sell pre-paid gift cards or stored-value 
products, such as grocery stores or convenience stores, are not 
participants in a designated payment system, as defined by the final 
rule, and thus are not covered by the final rule.
---------------------------------------------------------------------------

    Based on information the Agencies had regarding the size of the 
entities that commented, the Agencies have identified only one comment 
letter received from a depository institution that qualifies as a 
``small entity'' under regulations promulgated by the U.S. Small 
Business Administration (SBA).\120\ The Agencies also received comment 
letters from several trade associations whose membership could include 
small entities affected by the rule.\121\ These comments raised issues 
generally similar to those discussed above in the section-by-section 
analysis, such as defining gambling-related terms, providing guidance 
on adequate due diligence, creating a list of unlawful Internet 
gambling businesses, and the burden of modifying customer agreements.
---------------------------------------------------------------------------

    \120\ Comment letter from First National Bank of Morgan (Nov. 
30, 2007), which questioned the public policy of imposing burden on 
participants in designated payment systems to prevent Internet 
gambling when other forms of gambling are permitted, such as State 
lotteries and casinos. The SBA size standards to define small 
business concerns in credit intermediation and related activities 
are located at 13 CFR 121.201 (subsector 522).
    \121\ E.g., ICBA letter, supra note 67; comment letter from the 
Consumer Bankers Assoc. (Dec. 12, 2007) (hereinafter ``CBA 
letter'').
---------------------------------------------------------------------------

3. Description and estimate of classes of small entities affected by 
the final rule
    The majority of small non-exempt participants in the five 
designated payment systems (ACH systems, card systems, check collection 
systems, money transmitting businesses, and wire transfer systems) that 
would be affected by the rule are depository institutions. Pursuant to 
the SBA size standards defining small entities, a commercial bank, 
savings association, or credit union is considered a ``small entity'' 
if it has assets of $175 million or less.\122\ Based on call report 
data for June 30, 2008, the Agencies estimate that 4,564 small banks 
(out of a total of 7,699 banks), 412 small savings associations (out of 
a total of 829), and 7,281 small credit unions (out of a total of 
8,136), for a total of 12,257 small depository institutions, will be 
directly affected by the final rule.\123\
---------------------------------------------------------------------------

    \122\ 13 CFR 121.201.
    \123\ Call report data include information submitted by 
depository institutions on the following forms: Consolidated Reports 
of Condition and Income for a Bank with Domestic and Foreign Offices 
(FFIEC Form 031) and Consolidated Reports of Condition and Income 
for a Bank with Domestic Offices Only (FFIEC Form 041), Thrift 
Financial Report (OTS Form 1313), and NCUA Call Report (NCUA Form 
5300).
---------------------------------------------------------------------------

    Under the same SBA regulation, small money transmitting businesses 
are those with assets of $7.0 million or less. Based in part on 
information obtained from a Government Accountability Office report, 
the Agencies estimate that there are approximately 253,208 money 
transmitting businesses in the United States,\124\ and that 240,547 are 
small entities as defined above.\125\ Section ----.3(d) of the final 
rule states that only those money transmitting businesses that (1) 
engage in the transmission of funds, which does not include check 
cashing, currency exchange, or the issuance or redemption of money 
orders, travelers' checks, and other similar instruments; and (2) 
permit customers to initiate transmission of funds remotely from a 
location other than a physical office of the money transmitting 
business, would be subject to the rule. Moreover, Sec.  ----.4(c) of 
the rule exempts all participants in such a money transmitting 
business, except for the operator of the system.\126\ Accordingly, only 
money transmitting business operators that permit customers to initiate 
transactions remotely must establish and implement written policies and 
procedures reasonably designed to identify and block or otherwise 
prevent or prohibit restricted transactions.
---------------------------------------------------------------------------

    \124\ U.S. Government Accountability Office, ``Bank Secrecy Act: 
FinCEN and IRS Need to Improve and Better Coordinate Compliance and 
Data Management Efforts,'' GAO-07-212 (Dec. 2006). The Agencies note 
that this report took information from multiple studies, some of 
which focused on the number of ``money services businesses'' subject 
to FinCEN regulation. The term ``money services business,'' by 
virtue of thresholds and other criteria in FinCEN's definition, 
applies to a different scope of entities than does the statutory 
term ``money transmitting business.'' See 31 CFR 103.11(uu).
    \125\ The estimate of 240,547 small money transmitting 
businesses is the same estimate that is contained in the NPRM. The 
Agencies expressly solicited comment in the NPRM on the number of 
small entities to which the proposed rule would apply. The Agencies 
did not receive any comments during the comment period disputing the 
Agencies' specific estimates and providing an explanation of why the 
estimates were being disputed.
    \126\ The proposed rule designated money transmitting businesses 
as a payment system subject to the rule and did not provide any 
exemptions for participants in a money transmitting business.
---------------------------------------------------------------------------

    Based on consultations with representatives of the money 
transmitting industry, the Agencies believe that most small money 
transmitting business operators do not permit customers to initiate 
transmissions of funds remotely from a location other than a physical 
office of the money transmitting business.\127\ Moreover, those 
operators that do permit customers to initiate transactions remotely--
for example Western Union, MoneyGram, and PayPal--generally have asset 
sizes that are above the ``small entity'' definition under the SBA 
regulations. As a result, the Agencies estimate that of the estimated 
240,547 small money transmitting businesses, no more than 10 consist of 
operators that permit customers to initiate transmission of funds 
transactions remotely. The Agencies thus estimate that only 10 small 
money transmitting business operators will be affected by the final 
rule.
---------------------------------------------------------------------------

    \127\ See summary of conference call with the National Money 
Transmitters Association (call date June 3, 2007) (hereinafter 
``NMTA call summary'') p.1. (``The business of most smaller [money 
transmitter organizations] is person-to-person remittances. 
Furthermore, most smaller MTOs do not allow Internet-initiated 
transactions--a customer is usually required to visit an agent 
location in person in order to perform a transaction.'')
---------------------------------------------------------------------------

    The Agencies thus estimate that approximately 12,267 small entities 
will be subject to the final rule. When compared to the estimate 
contained in the proposed rule of 253,368 small entities, the Agencies 
believe that under the final rule approximately 241,101 fewer small 
entities will have to comply with the final rule.
4. Recordkeeping, Reporting and Other Compliance Requirements
    The extent to which small entities will be affected by the final 
rule depends on several variables, including

[[Page 69401]]

which designated payment systems they participate in, the composition 
of their customer base, and whether the entities are able to rely on 
policies and procedures established and implemented by the designated 
payment system. The final rule (as mandated by the Act) requires all 
non-exempt participants to establish and implement written policies and 
procedures reasonably designed to identify and block or otherwise 
prevent or prohibit restricted transactions. The final rule contains 
non-exclusive examples of reasonably designed policies and procedures 
for participants in each designated payment system; however, the final 
rule expressly permits non-exempt participants to design and implement 
policies and procedures tailored to their business that may be 
different than the examples provided in the final rule.
    The Agencies believe that most small entities participating in ACH 
systems, card systems, check collection systems and wire transfer 
systems will be small depository institutions, including credit unions. 
If a small depository institution chooses to follow the final rule's 
non-exclusive examples for ACH, check collection, and wire transfer 
systems set out in Sec.  ----.6, they should develop policies and 
procedures for conducting due diligence of commercial customers to 
determine the risk the commercial customer presents of engaging in an 
Internet gambling business. The due diligence examples in the final 
rule also suggest that non-exempt participants notify all commercial 
customers, through the account agreement or other means available, that 
restricted transactions are prohibited from being processed through the 
account or relationship. Developing such conforming policies and 
procedures would likely require input from legal counsel and management 
familiar with the small entity's existing account-opening, account 
maintenance and due diligence procedures. The small entity's senior 
management also would likely need to be involved in developing the 
policies and procedures to ensure they are compatible with the 
company's business plans.
    In addition to policies and procedures for due diligence, the final 
rule's non-exclusive examples also suggest including remedial action 
procedures to be followed in situations where the participant has 
actual knowledge that a commercial customer has processed restricted 
transactions through the participant's facilities. Developing such 
procedures would likely require input from legal counsel and compliance 
personnel to integrate these procedures into the institution's existing 
compliance program.
    After the policies and procedures are designed and in place, the 
Agencies anticipate that the actual implementation burden would be 
shifted more toward the management, clerical, and technical functions 
of the institution that would be interfacing directly with the 
commercial customers. Training in the new policies and procedures would 
be necessary for customer relations staff. In addition, involvement of 
audit and compliance personnel would be necessary for audit and testing 
of the new policies and procedures. Legal counsel, management, and 
compliance personnel may be required to address issues that arise with 
commercial customers that due diligence indicates may be engaged in an 
Internet gambling business.
    The Agencies anticipate that a depository institution that 
qualifies as a small entity and participates in ACH, check, and wire-
transfer systems would be able to establish and implement the same due 
diligence policies and procedures for commercial customers across all 
three of those systems for purposes of the final rule. The institution 
will not need to establish and implement separate policies and 
procedures for each of these designated payment systems. Additionally, 
credit unions, which constitute the majority of depository institutions 
that qualify as small entities, generally have few, if any, commercial 
customers because of the nature of their business. The final rule's due 
diligence examples only apply to commercial customers, so an 
institution with few or no commercial customer accounts would have 
relatively minimal implementation burden. Further, even if a depository 
institution that qualifies as a small entity does have such customers, 
the vast majority of commercial customers will not present more than a 
minimal risk of engaging in an Internet gambling business, so the due 
diligence burden would be minimal.
    A small entity that participates in a card system and chooses to 
follow the card system examples in the final rule should largely be 
able to rely on the policies and procedures established by the operator 
of the card system, such as Visa or MasterCard.\128\ In general, such 
small depository institutions will rely on the transaction coding of 
the card system to determine whether to authorize or deny authorization 
for a transaction that the card system's coding procedure indicates may 
be a restricted transaction. Many small depository institutions had 
already made the business decision, prior to the Act and this rule's 
effective date, to implement these processes, such that this rule may 
impose only minimal additional burden in this respect. Moreover, a 
small depository institution may agree to have the card system operator 
or a third-party processor make transaction authorization decisions on 
its behalf as its agent. Following the card system example in the final 
rule may require a small entity participant to seek input from legal 
counsel and technical personnel familiar with the coding framework and 
transaction authorization process used by the card system in which the 
small entity participates, although, based on comments received, the 
Agencies believe that many card issuing banks and card systems already 
have such procedures in place.\129\
---------------------------------------------------------------------------

    \128\ The Agencies have added a new Sec.  ----.5(c) to the rule 
stating that a participant in a designated payment system, such as a 
small depository institution participating in a card system, may 
rely on a written statement or notice by the operator of that system 
that the system's policies and procedures comply with the 
requirements of this rule.
    \129\ See, e.g., MasterCard letter, supra note 53, at 3.
---------------------------------------------------------------------------

    Small entities in money transmitting businesses would, to a large 
extent, be ``send'' or ``receive'' agents that participate in systems 
operated by Western Union, MoneyGram, or similar entities. The final 
rule provides exemptions for all participants in a money transmitting 
business, except for the operator. The Agencies anticipate that these 
exemptions will completely eliminate the burden for such small 
entities. In addition, the final rule extends only to those money 
transmitting business operators that permit customers to initiate money 
transmission transactions remotely from a location other than a 
physical location of the money transmitting business. As noted earlier, 
the National Money Transmitters Association (NMTA), a trade association 
representing small- to medium-sized money transmitting organizations, 
indicated that most smaller money transmitting organizations do not 
allow Internet-initiated transactions and require a customer to visit 
an agent location in person in order to initiate a transaction.\130\
---------------------------------------------------------------------------

    \130\ NMTA call summary, supra note 41, at 1.
---------------------------------------------------------------------------

    For those few small money transmitting business operators subject 
to the final rule which choose to follow the final rule's examples, the 
operator would need to design and implement policies and procedures for 
conducting due diligence on its commercial

[[Page 69402]]

customers at the establishment of the account or relationship similar 
to the due diligence described above for ACH, check collection, and 
wire transfer systems. The final rule's examples also suggest that the 
operator notify all commercial customers, through the account agreement 
or other means available, that restricted transactions are prohibited 
from being processed through the account or relationship. Developing 
such conforming policies and procedures would likely require input from 
legal counsel and management as described above for ACH, check 
collection, and wire transfer systems. Implementation of due diligence 
and remedial action policies and procedures would also require input 
from legal counsel, management, technical, audit, and compliance 
personnel similar to that required for the ACH, check collection, and 
wire transfer systems.
    In addition, the final rule's money transmitting business examples 
suggest that an operator's policies and procedures should include 
procedures regarding ongoing monitoring or testing to detect potential 
restricted transactions, such as monitoring and analyzing payment 
patterns to detect suspicious payment volumes to any recipient. Such 
procedures would likely be facilitated by technical expertise and 
software from an outside vendor; however, the final rule's examples do 
not require using a vendor. In fact, the NMTA indicated that the 
smallest money transmitting organizations are sometimes the best at 
spotting anomalous transactions, even without computers. The NMTA 
stated that such businesses keep detailed records and tend to know all 
of their customers, and thus can quickly spot anomalous 
transactions.\131\
---------------------------------------------------------------------------

    \131\ NMTA call summary, supra note 41, at 1-2.
---------------------------------------------------------------------------

5. Steps Taken To Minimize the Economic Impact on Small Entities
    As discussed in the preamble to this final rule, the Agencies 
considered many approaches to minimize the burden of the rule on non-
exempt participants, including small entities, while carrying out the 
mandates of the Act. Consistent with the Act, the final rule has been 
designed for maximum flexibility with respect to non-exempt 
participants, including small entities. First, the final rule only 
requires non-exempt participants to establish and implement reasonably 
designed policies and procedures. The final rule does not prescribe any 
design standards (such as requiring the use of a specific technology) 
or performance standards for such policies and procedures. Second, the 
examples of reasonably designed policies and procedures provided in 
Sec.  ----.6 of the final rule are non-exclusive and non-prescriptive. 
Specifically, a non-exempt participant, including a small entity, is 
permitted to design and implement policies and procedures tailored to 
its business that may be different than the examples provided in the 
final rule. Participants may also tailor different policies and 
procedures with respect to different business lines or different parts 
of its organization. Third, the Agencies have made a number of changes 
in the final rule in response to public comments on the proposed rule 
in order to reduce the burden the Act and the rule impose on payment 
system participants, including small entities.
    The proposed rule designated money transmitting businesses as a 
payment system subject to the rule and did not provide any exemptions 
for particular participants in a money transmitting business. 
Commenters suggested that the Agencies consider exempting small money 
transmitters or, at a minimum, send agents of money transmitting 
businesses from the rule.\132\ In addition, commenters suggested that 
the designation of money transmitting businesses in the proposed rule 
was too broad and included entities that were not intended to be 
included by the Act.\133\ As discussed above, the final rule's listing 
of money transmitting businesses as a designated payment system subject 
to the rule has been narrowed to include only those money transmitting 
businesses that (1) engage in the transmission of funds, which does not 
include check cashing, currency exchange, or the issuance or redemption 
of money orders, travelers' checks, and other similar instruments; and 
(2) permit customers to initiate transmission of funds remotely from a 
location other than a physical office of the money transmitting 
business. Based on comments from the NMTA, these changes would exclude 
most small money transmitting businesses. Moreover, the final rule 
provides an exemption for all participants in a designated money 
transmitting business except for the operator. As noted above, the 
Agencies believe that almost all of the estimated 240,547 small 
participants in money transmitting businesses are participants other 
than operators. Accordingly, these small entities will not be affected 
by the rule.
---------------------------------------------------------------------------

    \132\ E.g. Advocacy letter, supra note 106 at 4; see also TMSRT 
letter, supra note 35 at 3-4.
    \133\ E.g., TMSRT letter, supra note 35 at 2.
---------------------------------------------------------------------------

    The proposed rule reiterated the Act's provision that permits 
participants in a designated payment system to comply with the rule's 
requirement to establish and implement reasonably designed policies and 
procedures by relying on and complying with the policies and procedures 
of the designated payment system if, among other things, such policies 
and procedures complied with the requirements of the proposed rule. 
Commenters expressed concern, however, with the value of this provision 
if a participant was unsure whether the designated payment system's 
policies and procedures complied with the rule and the Act.\134\ This 
issue would be particularly relevant to small entities that would be 
more likely to be participants in a designated payment system than an 
operator and would be more likely to take advantage of this authority 
to rely on the system's policies and procedures, rather than incurring 
the cost of designing and implementing their own policies and 
procedures. The Agencies addressed this concern in the final rule by 
permitting a participant to rely on the policies and procedures of its 
designated payment system if the operator of that system has stated to 
its participants that the operator has designed or structured the 
system's policies and procedures to comply with the requirements of the 
final rule, unless the participant is notified otherwise by its Federal 
functional regulator or, in the case of participants that are not 
directly supervised by a Federal functional regulator, the Federal 
Trade Commission.
---------------------------------------------------------------------------

    \134\ E.g., CBA letter, supra note 121, at 4.
---------------------------------------------------------------------------

    The proposed rule's non-exclusive examples also indicated that non-
exempt participants in designated payment systems should conduct due 
diligence in ``establishing or maintaining'' a commercial customer 
relationship to ensure that the customer does not process restricted 
transactions. Commenters noted the significant burden that would be 
imposed by reviewing all of an institution's existing commercial 
customer accounts to ensure that they did not process restricted 
transactions.\135\ The final rule's examples for ACH, check collection, 
and wire transfer systems recommends that non-exempt participants 
conduct due diligence at the establishment of the commercial account or 
relationship. If a non-exempt participant has actual knowledge that an 
existing commercial customer engages in an Internet gambling business, 
the final rule's non-exclusive policies and

[[Page 69403]]

procedures suggest that the participant conduct due diligence on that 
customer similar to what is contemplated for new customers. Commenters 
also suggested that the final rule provide more guidance on the due 
diligence that would be deemed sufficient.\136\ In response to these 
comments, the final rule provides detailed steps that a participant can 
choose to take to conduct reasonable risk-based due diligence as 
contemplated by the final rule's examples.
---------------------------------------------------------------------------

    \135\ E.g., BB&T letter, supra note 67, at 2.
    \136\ See, e.g., comment letter from the State Dept. Federal 
Credit Union (Dec. 13, 2007) p. 2.
---------------------------------------------------------------------------

    The proposed rule's designated payment system examples also 
suggested including as a term of commercial customer agreements that 
the customer may not engage in restricted transactions through the 
participant's facilities. Numerous commenters stated that such a 
requirement to modify existing agreements would be unduly 
burdensome.\137\ In addition, commenters noted that typical customer 
agreements already include a prohibition against unlawful transactions, 
so modifying the agreement to specifically include restricted 
transactions in this prohibition would be unnecessary.\138\ Based on 
the comments, the final rule does not contemplate that non-exempt 
participants in designated payment systems will modify their account 
agreements with existing commercial customers, but instead contemplates 
that participants will notify commercial customers that the 
participant's facilities may not be used to process restricted 
transactions. Such notification could be accomplished through a term in 
the commercial customer agreements, through a notice sent to the 
customer, or through some other method.
---------------------------------------------------------------------------

    \137\ See, e.g., comment letter from the Electronic Check 
Clearing House Organization (Dec. 10, 2007) p. 3.
    \138\ See, e.g., The Clearing House letter, supra note 14, at 9.
---------------------------------------------------------------------------

    The NPRM also set forth a proposed effective date for the final 
rule of six months after its publication. Many commenters stated that 
this was insufficient time to implement the rule. A longer period would 
be particularly relevant for small entities because they would most 
likely be participants in a designated payment system, rather than an 
operator. Commenters stated that designated payment systems must first 
develop their policies and procedures before participants will be able 
to conform their policies and procedures.\139\ As explained above in 
the preamble, the Agencies have established a compliance date for the 
final rule 12 months from its publication. This longer period will give 
small entities more time to establish and implement policies and 
procedures reasonably designed to identify and block or otherwise 
prevent restricted transactions, and may thereby reduce small entities' 
costs of complying with the rule.
---------------------------------------------------------------------------

    \139\ See, e.g., NACHA letter, supra note 38, at 5.
---------------------------------------------------------------------------

    Commenters also recommended some significant alternatives to 
approaches adopted in the proposed rule that the Agencies have not 
adopted in the final rule. Some of these suggestions may have reduced 
the burden imposed by the rule on some small entities, but were 
rejected by the Agencies for factual, policy, or legal reasons. For 
example, the final rule does not contemplate that any government entity 
will create, publish, and maintain a list of unlawful Internet gambling 
businesses. Several commenters indicated that such a list would assist 
financial institutions in identifying Internet gambling 
operations.\140\ After carefully considering this issue, including the 
numerous comments both for and against such a list, for the reasons 
discussed at length above, the Agencies have concluded that such a list 
would not be effective or efficient. In addition, the final rule's non-
exclusive due diligence policies and procedures shift the burden of 
distinguishing lawful from unlawful Internet gambling from participants 
in designated payment systems to the Internet gambling businesses.
---------------------------------------------------------------------------

    \140\ E.g., Wells Fargo letter, supra note 19, at 23-24.
---------------------------------------------------------------------------

    Some commenters also suggested that the Agencies exempt from the 
rule all participants in the ACH, check, and wire-transfer systems or 
exclude such systems from the list of designated payment systems.\141\ 
While such an approach would reduce the burden of the rule on small 
depository institutions, it would also substantially undermine the 
efficacy of the rule. Section 5364(b)(3) of the Act states that the 
Agencies shall exempt certain restricted transactions or designated 
payment systems from the rule if the Agencies jointly find that it is 
not reasonably practical to identify and block or otherwise prevent or 
prohibit restricted transactions. The Agencies believe that it is 
reasonably practical for participants in designated payment systems, 
including small entities, to implement certain policies and procedures, 
such as those contained in Sec.  ----.6 of the final rule, that will 
constitute policies and procedures reasonably designed to prevent or 
prohibit restricted transactions. Accordingly, the Agencies have 
determined that blanket exemptions for the ACH, check, and wire-
transfer systems would not be appropriate given the standard for an 
exemption set forth in section 5364(b)(3) of the Act.
---------------------------------------------------------------------------

    \141\ See, e.g., M&T Bank letter, supra note 45, at 4.
---------------------------------------------------------------------------

E. Paperwork Reduction Act Analysis

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3506; 5 CFR 1320 Appendix A.1), the Board has reviewed the final rule. 
The collection of information contained in the Treasury's final rule 
has been reviewed and approved by OMB in accordance with the 
requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 
3507(d)). The Agencies may not conduct or sponsor, and an organization 
is not required to respond to, a collection of information unless it 
displays a currently valid OMB control number. The OMB control numbers 
are 1505-0204 for the Treasury and 7100-0317 for the Board.
    The collection of information that is required by this final 
rulemaking is found in sections 5 and 6. This collection of information 
is required by section 802 of the Act, which requires the Agencies to 
prescribe joint regulations requiring each designated payment system, 
and all participants in such systems, to identify and block or 
otherwise prevent or prohibit restricted transactions through the 
establishment of policies and procedures reasonably designed to prevent 
or prohibit restricted transactions. The final rule implements this 
requirement by requiring all non-exempt participants in designated 
payment systems to establish and implement written policies and 
procedures reasonably designed to identify and block or otherwise 
prevent or prohibit restricted transactions.
    The recordkeepers are businesses or other for-profit and not-for-
profit organizations that include depository institutions (commercial 
banks, savings associations, and credit unions), third-party 
processors, and card system operators, and money transmitting business 
operators. The final rule does not include a specific time period for 
record retention; however, non-exempt participants would be required to 
maintain the policies and procedures for a particular designated 
payment system as long as they participate in that system.
    The Agencies collectively received seven comment letters (from a 
law firm, a depository institution, a member of Congress, an 
individual, a government agency, and two business/trade

[[Page 69404]]

associations) that addressed the paperwork issues. Five comment letters 
specifically addressed the burden estimates, one letter stated that the 
Agencies could provide more rigorous burden estimates, and one letter 
questioned the Board's monetized cost to the public as provided in its 
OMB Supporting Statement posted on the Board's public Web site. 
Broadly, all commenters stated that the paperwork burden estimates were 
too low; therefore, the Agencies have substantially increased the 
burden estimates.
    Additionally, some of these commenters stated that the Agencies did 
not adequately identify the number of entities that would incur 
paperwork burden under the rule.\142\ The Agencies continue to believe 
that their methodology for estimating the number of regulated entities 
is generally accurate. The Board's and Treasury's burden estimates (as 
provided in each Agency's OMB supporting statements for this 
rulemaking) each reflect only about half of the rulemaking's burden on 
regulated entities. The Agencies have agreed to split equally the total 
number of recordkeepers not subject to examination and supervision by 
either the Board or the Treasury's Office of the Comptroller of the 
Currency and Office of Thrift Supervision.
---------------------------------------------------------------------------

    \142\ One commenter expressed concern specifically regarding the 
number of entities involved in stored value cards and gift cards 
that would be subject to the rule's recordkeeping requirements. See 
Alston & Bird letter, supra note 49, at 23 With respect to 
implementing the final rule's non-exclusive examples for card 
systems, the relevant entities are the card system operators, 
merchant acquirers, and the card issuers. Retailers, such as grocery 
stores or convenience stores, are not participants in a designated 
payment system, as defined by the final rule, by virtue of their 
selling pre-paid gift cards or stored value products and thus are 
not covered by the final rule.
---------------------------------------------------------------------------

    The final rule provides exemptions for all participants in a money 
transmitting business, except for the operator. Small entities in money 
transmitting businesses would, to a large extent, be send or receive 
agents that participate in systems operated by Western Union, 
MoneyGram, or similar entities. Accordingly, they are exempt from the 
final rule and are not included in the estimated number of 
recordkeepers below. Also, the Agencies clarified in the final rule 
that money transmitting businesses are subject to the rule solely to 
the extent they engage in the transmission of funds, which does not 
include check cashing, currency exchange, or the issuance or redemption 
of money orders, travelers' checks, and other similar instruments. This 
change would reduce the number of money transmitting businesses that 
are subject to the recordkeeping requirements. Also, in the final rule, 
the Agencies clarified that the requirement to establish and implement 
written policies and procedures applies only to U.S. offices of 
participants in designated payment systems.
    Depository institutions are the primary non-exempt participants for 
the ACH, card, check collection, and wire transfer systems subject to 
the rule. Accordingly, non-exempt depository institutions in such 
designated payment systems would be subject to the recordkeeping 
requirement of establishing and implementing written policies and 
procedures reasonably designed to prevent or prohibit restricted 
transactions to the extent that they participate in such systems.
    Respondent burden:
    For the purpose of estimating burden and accounting for it with 
OMB, the total number of depository institutions listed for each Agency 
includes the number of entities regulated by the Agency and half of the 
remaining depository institutions and third-party processors. Each 
Agency is also accounting for the burden for half of the card system 
operators and money transmitting business operators to which the 
Agencies estimate the final rule applies.
    Federal Reserve:
    Estimated number of recordkeepers: 3,459 commercial banks, 4,068 
credit unions, 3 card system operators, and 8 money transmitting 
business operators.
    Estimated average annual burden hours per recordkeeper: One-time 
burden 100 hours for commercial banks and card system operators, 20 
hours for credit unions, and 120 hours for money transmitting business 
operators. Ongoing annual burden of 8 hours per recordkeeper.
    Estimated frequency: Annually.
    Estimated total annual recordkeeping burden: One-time burden, 
428,520 hours and ongoing burden, 60,304 hours.
    Treasury:
    Estimated number of recordkeepers: 4,240 commercial banks, 829 
savings associations, 4,068 credit unions, 3 card system operators, and 
8 money transmitting business operators.
    Estimated average annual burden hours per recordkeeper: One-time 
burden of 100 hours for commercial banks, savings associations and card 
system operators; 20 hours for credit unions; and 120 hours for money 
transmitting business operators. Ongoing annual burden of 8 hours per 
recordkeeper.
    Estimated frequency: Annually.
    Estimated total annual recordkeeping burden: One-time burden, 
589,520 hours and ongoing burden, 73,184 hours.
    Based on these estimates, the PRA burden for regulated entities is 
approximately one million hours:

----------------------------------------------------------------------------------------------------------------
                                               Number of      Number of hours spent (one-time
                                             recordkeepers                burden)
----------------------------------------------------------------------------------------------------------------
Treasury.................................             9,148  \143\ varies.....................           589,520
Federal Reserve..........................             7,538  \144\ varies.....................           428,520
                                          ----------------------------------------------------------------------
    Total PRA Burden Hours for All         ................  .................................         1,018,040
     Regulated Entities.
----------------------------------------------------------------------------------------------------------------

    The one-time burden imposed by the Act requires non-exempt 
participants to establish policies and procedures. The Agencies 
estimate that this initial burden will average 100 hours per commercial 
bank, savings association, and card system operator, 20 hours per 
credit union, and 120 hours per money transmitting business operator. 
The Agencies also estimate that the ongoing burden of maintaining the 
policies and

[[Page 69405]]

procedures once they are established will be 8 hours per recordkeeper.
---------------------------------------------------------------------------

    \143\ The one-time burden hours for the 4,240 commercial banks, 
829 savings associations, and 3 card system operators is 100 hours 
each. The one-time burden for 4,068 credit unions is 20 hours each. 
The one-time burden for 8 money transmitting business operators is 
120 hours each.
    \144\ The one-time burden hours for the 3,459 commercial banks 
and 3 card system operators is 100 hours each. The one-time burden 
for 4,068 credit unions is 20 hours each. The one-time burden for 8 
money transmitting business operators is 120 hours each.
---------------------------------------------------------------------------

    The Agencies further estimate (as provided in each Agency's OMB 
Supporting Statement) the total start-up cost for the banking, card 
system, and money transmitting industries to be $88,518,578.\145\
---------------------------------------------------------------------------

    \145\ Total cost to the banking, card system, and money 
transmitting industries was estimated using the following formula. 
Percent of staff time, multiplied by annual burden hours, multiplied 
by hourly rate: 20% Clerical @ $25, 25% Managerial or Technical @ 
$55, 25% Senior Management @ $100, and 30% Legal Counsel @ $144. 
Hourly rate estimates for each occupational group are averages using 
data from the Bureau of Labor and Statistics, Occupational 
Employment and Wages, news release.
---------------------------------------------------------------------------

    The total estimated recordkeeping cost for all regulated entities 
is over $88.5 million:

Total PRA burden hours..................................       1,018,040
Average adjusted rate of avg. wage for recordkeeping....          $86.95
Total PRA Cost to Regulated Entities....................     $88,518,578
 

    Because the records would be maintained at the institutions and 
notices are not provided to the Agencies, no issue of confidentiality 
under the Freedom of Information Act arises. The Agencies have a 
continuing interest in the public's opinion of our collections of 
information. At any time, comments regarding the burden estimate, or 
any other aspect of this collection of information, including 
suggestions for reducing the burden may be sent to: Office of Critical 
Infrastructure Protection and Compliance Policy, Department of the 
Treasury, Main Treasury Building, Room 1327, 1500 Pennsylvania Avenue, 
NW., Washington, DC 20220 ; Secretary, Board of Governors of the 
Federal Reserve System, 20th and C Streets, NW., Washington, DC 20551; 
and to the Office of Management and Budget, Paperwork Reduction Project 
(1505-0204 for Treasury or 7100-0317 for the Board), Washington, DC 
20503.

F. Plain Language

    Each Federal banking agency, such as the Board, is required to use 
plain language in all proposed and final rulemakings published after 
January 1, 2000. 12 U.S.C. 4809. In addition, in 1998, the President 
issued a memorandum directing each agency in the Executive branch, such 
as Treasury, to use plain language for all new proposed and final 
rulemaking documents issued on or after January 1, 1999. The Agencies 
have sought to present the final rule, to the extent possible, in a 
simple and straightforward manner.

IV. Statutory Authority

    Pursuant to the authority set out in the Act and particularly 
section 802 (codified at 31 U.S.C. 5361 et seq.), the Board amends 
Chapter II of Title 12 of the Code of Federal Regulations and the 
Treasury amends Chapter I of Title 31 of the Code of Federal 
Regulations by adding the common rules set out below.

V. Text of Final Rules

List of Subjects

12 CFR Part 233

    Banks, Banking, Electronic funds transfers, Incorporation by 
reference, Internet gambling, Payments, Recordkeeping.

31 CFR Part 132

    Banks, Banking, Electronic funds transfers, Incorporation by 
reference, Internet gambling, Payments, Recordkeeping.

Federal Reserve System

Authority and Issuance

0
For the reasons set forth in the preamble, the Board amends Title 12, 
Chapter II of the Code of Federal Regulations by adding a new part 233 
as set forth under Common Rules at the end of this document:

PART 233--PROHIBITION ON FUNDING OF UNLAWFUL INTERNET GAMBLING 
(REGULATION GG)

Sec.
233.1 Authority, purpose, and incorporation by reference.
233.2 Definitions.
233.3 Designated payment systems.
233.4 Exemptions.
233.5 Policies and procedures required.
233.6 Non-exclusive examples of policies and procedures.
233.7 Regulatory enforcement.
Appendix A to Part 233--Model Notice

    Authority: 31 U.S.C. 5364.

Department of the Treasury

Authority and Issuance

0
For the reasons set forth in the preamble, Treasury amends Title 31, 
Chapter I of the Code of Federal Regulations by adding a new part 132 
as set forth under Common Rules at the end of this document:

PART 132--PROHIBITION ON FUNDING OF UNLAWFUL INTERNET GAMBLING

Sec.
132.1 Authority, purpose, and incorporation by reference.
132.2 Definitions.
132.3 Designated payment systems.
132.4 Exemptions.
132.5 Policies and procedures required.
132.6 Non-exclusive examples of policies and procedures.
132.7 Regulatory enforcement.
Appendix A to Part 132--Model Notice

    Authority: 31 U.S.C. 321 and 5364.

Common Rules

    The common rules added by the Board as part 233 of Title 12, 
Chapter II of the Code of Federal Regulations and by Treasury as part 
132 of Title 31, Chapter I of the Code of Federal Regulations follow:


Sec.  ----.1  Authority, purpose, collection of information, and 
incorporation by reference.

    (a) Authority. This part is issued jointly by the Board of 
Governors of the Federal Reserve System (Board) and the Secretary of 
the Department of the Treasury (Treasury) under section 802 of the 
Unlawful Internet Gambling Enforcement Act of 2006 (Act) (enacted as 
Title VIII of the Security and Accountability For Every Port Act of 
2006, Pub. L. No. 109-347, 120 Stat. 1884, and codified at 31 U.S.C. 
5361-5367). The Act states that none of its provisions shall be 
construed as altering, limiting, or extending any Federal or State law 
or Tribal-State compact prohibiting, permitting, or regulating gambling 
within the United States. See 31 U.S.C. 5361(b). In addition, the Act 
states that its provisions are not intended to change which activities 
related to horseracing may or may not be allowed under Federal law, are 
not intended to change the existing relationship between the Interstate 
Horseracing Act of 1978 (IHA) (15 U.S.C. 3001 et seq.) and other 
Federal statutes in effect on October 13, 2006, the date of the Act's 
enactment, and are not intended to resolve any existing disagreements 
over how to interpret the relationship between the IHA and other 
Federal statutes. See 31 U.S.C. 5362(10)(D)(iii). This part is intended 
to be consistent with these provisions.
    (b) Purpose. The purpose of this part is to issue implementing 
regulations as required by the Act. The part sets out necessary 
definitions, designates payment systems subject to the requirements of 
this part, exempts certain participants in designated payment systems 
from certain requirements of this part, provides nonexclusive examples 
of policies and procedures reasonably designed to identify and block, 
or otherwise prevent and prohibit, restricted transactions, and sets 
out the Federal entities that have exclusive regulatory enforcement 
authority with respect to the designated

[[Page 69406]]

payments systems and non-exempt participants therein.
    (c) Collection of information. The Office of Management and Budget 
(OMB) has approved the collection of information requirements in this 
part for the Department of the Treasury and assigned OMB control number 
1505-0204. The Board has approved the collection of information 
requirements in this part under the authority delegated to the Board by 
OMB, and assigned OMB control number 7100-0317.
    (d) Incorporation by reference--relevant definitions from ACH 
rules.
    (1) This part incorporates by reference the relevant definitions of 
ACH terms as published in the ``2008 ACH Rules: A Complete Guide to 
Rules & Regulations Governing the ACH Network'' (the ``ACH Rules''). 
The Director of the Federal Register approves this incorporation by 
reference in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. Copies 
of the ``2008 ACH Rules'' are available from the National Automated 
Clearing House Association, Suite 100, 13450 Sunrise Valley Drive, 
Herndon, Virginia 20171, http://nacha.org, (703) 561-1100. Copies also 
are available for public inspection at the Department of Treasury 
Library, Room 1428, Main Treasury Building, 1500 Pennsylvania Avenue, 
NW., Washington, DC 20220, and the National Archives and Records 
Administration (NARA). Before visiting the Treasury library, you must 
call (202) 622-0990 for an appointment. For information on the 
availability of this material at NARA, call (202) 741-6030, or go to: 
http://www.archives.gov/federal_register/code_of_federal_regulations/ibr_locations.html 20002.
    (2) Any amendment to definitions of the relevant ACH terms in the 
ACH Rules shall not apply to this part unless the Treasury and the 
Board jointly accept such amendment by publishing notice of acceptance 
of the amendment to this part in the Federal Register. An amendment to 
the definition of a relevant ACH term in the ACH Rules that is accepted 
by the Treasury and the Board shall apply to this part on the effective 
date of the rulemaking specified by the Treasury and the Board in the 
joint Federal Register notice expressly accepting such amendment.


Sec.  ----.2  Definitions.

    The following definitions apply solely for purposes of this part:
    (a) Actual knowledge with respect to a transaction or commercial 
customer means when a particular fact with respect to that transaction 
or commercial customer is known by or brought to the attention of:
    (1) An individual in the organization responsible for the 
organization's compliance function with respect to that transaction or 
commercial customer; or
    (2) An officer of the organization.
    (b) Automated clearing house system or ACH system means a funds 
transfer system, primarily governed by the ACH Rules, which provides 
for the clearing and settlement of batched electronic entries for 
participating financial institutions. When referring to ACH systems, 
the terms in this regulation (such as ``originating depository 
financial institution,'' ``operator,'' ``originating gateway 
operator,'' ``receiving depository financial institution,'' ``receiving 
gateway operator,'' and ``third-party sender'') are defined as those 
terms are defined in the ACH Rules.
    (c) Bet or wager:
    (1) Means the staking or risking by any person of something of 
value upon the outcome of a contest of others, a sporting event, or a 
game subject to chance, upon an agreement or understanding that the 
person or another person will receive something of value in the event 
of a certain outcome;
    (2) Includes the purchase of a chance or opportunity to win a 
lottery or other prize (which opportunity to win is predominantly 
subject to chance);
    (3) Includes any scheme of a type described in 28 U.S.C. 3702;
    (4) Includes any instructions or information pertaining to the 
establishment or movement of funds by the bettor or customer in, to, or 
from an account with the business of betting or wagering (which does 
not include the activities of a financial transaction provider, or any 
interactive computer service or telecommunications service); and
    (5) Does not include--
    (i) Any activity governed by the securities laws (as that term is 
defined in section 3(a)(47) of the Securities Exchange Act of 1934 (15 
U.S.C. 78c(a)(47)) for the purchase or sale of securities (as that term 
is defined in section 3(a)(10) of that act (15 U.S.C. 78c(a)(10));
    (ii) Any transaction conducted on or subject to the rules of a 
registered entity or exempt board of trade under the Commodity Exchange 
Act (7 U.S.C. 1 et seq.);
    (iii) Any over-the-counter derivative instrument;
    (iv) Any other transaction that--
    (A) Is excluded or exempt from regulation under the Commodity 
Exchange Act (7 U.S.C. 1 et seq.); or
    (B) Is exempt from State gaming or bucket shop laws under section 
12(e) of the Commodity Exchange Act (7 U.S.C. 16(e)) or section 28(a) 
of the Securities Exchange Act of 1934 (15 U.S.C. 78bb(a));
    (v) Any contract of indemnity or guarantee;
    (vi) Any contract for insurance;
    (vii) Any deposit or other transaction with an insured depository 
institution;
    (viii) Participation in any game or contest in which participants 
do not stake or risk anything of value other than--
    (A) Personal efforts of the participants in playing the game or 
contest or obtaining access to the Internet; or
    (B) Points or credits that the sponsor of the game or contest 
provides to participants free of charge and that can be used or 
redeemed only for participation in games or contests offered by the 
sponsor; or
    (ix) Participation in any fantasy or simulation sports game or 
educational game or contest in which (if the game or contest involves a 
team or teams) no fantasy or simulation sports team is based on the 
current membership of an actual team that is a member of an amateur or 
professional sports organization (as those terms are defined in 28 
U.S.C. 3701) and that meets the following conditions:
    (A) All prizes and awards offered to winning participants are 
established and made known to the participants in advance of the game 
or contest and their value is not determined by the number of 
participants or the amount of any fees paid by those participants.
    (B) All winning outcomes reflect the relative knowledge and skill 
of the participants and are determined predominantly by accumulated 
statistical results of the performance of individuals (athletes in the 
case of sports events) in multiple real-world sporting or other events.
    (C) No winning outcome is based--
    (1) On the score, point-spread, or any performance or performances 
of any single real-world team or any combination of such teams, or
    (2 ) Solely on any single performance of an individual athlete in 
any single real-world sporting or other event.
    (d) Block means to reject a particular transaction before or during 
processing, but it does not require freezing or otherwise prohibiting 
subsequent transfers or transactions regarding the proceeds or account.
    (e) Card issuer means any person who issues a credit card, debit 
card, pre-paid card, or stored value card, or the agent of such person 
with respect to such card.

[[Page 69407]]

    (f) Card system means a system for authorizing, clearing and 
settling transactions in which credit cards, debit cards, pre-paid 
cards, or stored value cards (such cards being issued or authorized by 
the operator of the system), are used to purchase goods or services or 
to obtain a cash advance. The term includes systems both in which the 
merchant acquirer, card issuer, and system operator are separate 
entities and in which more than one of these roles are performed by the 
same entity.
    (g) Check clearing house means an association of banks or other 
payors that regularly exchange checks for collection or return.
    (h) Check collection system means an interbank system for 
collecting, presenting, returning, and settling for checks or intrabank 
system for settling for checks deposited in and drawn on the same bank. 
When referring to check collection systems, the terms in this 
regulation (such as ``paying bank,'' ``collecting bank,'' ``depositary 
bank,'' ``returning bank,'' and ``check'') are defined as those terms 
are defined in 12 CFR 229.2. For purposes of this part, ``check'' also 
includes an electronic representation of a check that a bank agrees to 
handle as a check.
    (i) Commercial customer means a person that is not a consumer and 
that contracts with a non-exempt participant in a designated payment 
system to receive, or otherwise accesses, payment transaction services 
through that non-exempt participant.
    (j) Consumer means a natural person.
    (k) Designated payment system means a system listed in Sec.  --
--.3.
    (l) Electronic fund transfer has the same meaning given the term in 
section 903 of the Electronic Fund Transfer Act (15 U.S.C. 1693a), 
except that such term includes transfers that would otherwise be 
excluded under section 903(6)(E) of that act (15 U.S.C. 1693a(6)(E)), 
and includes any funds transfer covered by Article 4A of the Uniform 
Commercial Code, as in effect in any State.
    (m) Financial institution means a State or national bank, a State 
or Federal savings and loan association, a mutual savings bank, a State 
or Federal credit union, or any other person that, directly or 
indirectly, holds an account belonging to a consumer. The term does not 
include a casino, sports book, or other business at or through which 
bets or wagers may be placed or received.
    (n) Financial transaction provider means a creditor, credit card 
issuer, financial institution, operator of a terminal at which an 
electronic fund transfer may be initiated, money transmitting business, 
or international, national, regional, or local payment network utilized 
to effect a credit transaction, electronic fund transfer, stored value 
product transaction, or money transmitting service, or a participant in 
such network, or other participant in a designated payment system.
    (o) Foreign banking office means:
    (1) Any non-U.S. office of a financial institution; and
    (2) Any non-U.S. office of a foreign bank as described in 12 U.S.C. 
3101(7).
    (p) Interactive computer service means any information service, 
system, or access software provider that provides or enables computer 
access by multiple users to a computer server, including specifically a 
service or system that provides access to the Internet and such systems 
operated or services offered by libraries or educational institutions.
    (q) Internet means the international computer network of 
interoperable packet switched data networks.
    (r) Internet gambling business means the business of placing, 
receiving or otherwise knowingly transmitting a bet or wager by any 
means which involves the use, at least in part, of the Internet, but 
does not include the performance of the customary activities of a 
financial transaction provider, or any interactive computer service or 
telecommunications service.
    (s) Intrastate transaction means placing, receiving, or otherwise 
transmitting a bet or wager where--
    (1) The bet or wager is initiated and received or otherwise made 
exclusively within a single State;
    (2) The bet or wager and the method by which the bet or wager is 
initiated and received or otherwise made is expressly authorized by and 
placed in accordance with the laws of such State, and the State law or 
regulations include--
    (i) Age and location verification requirements reasonably designed 
to block access to minors and persons located out of such State; and
    (ii) Appropriate data security standards to prevent unauthorized 
access by any person whose age and current location has not been 
verified in accordance with such State's law or regulations; and
    (3) The bet or wager does not violate any provision of--
    (i) The Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et 
seq.);
    (ii) 28 U.S.C. chapter 178 (professional and amateur sports 
protection);
    (iii) The Gambling Devices Transportation Act (15 U.S.C. 1171 et 
seq.); or
    (iv) The Indian Gaming Regulatory Act (25 U.S.C. 2701 et seq.).
    (t) Intratribal transaction means placing, receiving or otherwise 
transmitting a bet or wager where--
    (1) The bet or wager is initiated and received or otherwise made 
exclusively--
    (i) Within the Indian lands of a single Indian tribe (as such terms 
are defined under the Indian Gaming Regulatory Act (25 U.S.C. 2703)); 
or
    (ii) Between the Indian lands of two or more Indian tribes to the 
extent that intertribal gaming is authorized by the Indian Gaming 
Regulatory Act (25 U.S.C. 2701 et seq.);
    (2) The bet or wager and the method by which the bet or wager is 
initiated and received or otherwise made is expressly authorized by and 
complies with the requirements of--
    (i) The applicable tribal ordinance or resolution approved by the 
Chairman of the National Indian Gaming Commission; and
    (ii) With respect to class III gaming, the applicable Tribal-State 
compact;
    (3) The applicable tribal ordinance or resolution or Tribal-State 
compact includes--
    (i) Age and location verification requirements reasonably designed 
to block access to minors and persons located out of the applicable 
Tribal lands; and
    (ii) Appropriate data security standards to prevent unauthorized 
access by any person whose age and current location has not been 
verified in accordance with the applicable tribal ordinance or 
resolution or Tribal-State Compact; and
    (4) The bet or wager does not violate any provision of--
    (i) The Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et 
seq.);
    (ii) 28 U.S.C. chapter 178 (professional and amateur sports 
protection);
    (iii) The Gambling Devices Transportation Act (15 U.S.C. 1171 et 
seq.); or
    (iv) The Indian Gaming Regulatory Act (25 U.S.C. 2701 et seq.).
    (u) Money transmitting business has the meaning given the term in 
31 U.S.C. 5330(d)(1) (determined without regard to any regulations 
prescribed by the Secretary of the Treasury thereunder).
    (v) Operator of a designated payment system means an entity that 
provides centralized clearing and delivery services between 
participants in the designated payment system and maintains the 
operational framework for the system. In the case of an automated 
clearinghouse system, the term ``operator'' has the same meaning as 
provided in the ACH Rules.

[[Page 69408]]

    (w) Participant in a designated payment system means an operator of 
a designated payment system, a financial transaction provider that is a 
member of, or has contracted for financial transaction services with, 
or is otherwise participating in, a designated payment system, or a 
third-party processor. This term does not include a customer of the 
financial transaction provider, unless the customer is also a financial 
transaction provider otherwise participating in the designated payment 
system on its own behalf.
    (x) Reasoned legal opinion means a written expression of 
professional judgment by a State-licensed attorney that addresses the 
facts of a particular client's business and the legality of the 
client's provision of its services to relevant customers in the 
relevant jurisdictions under applicable federal and State law, and, in 
the case of intratribal transactions, applicable tribal ordinances, 
tribal resolutions, and Tribal-State compacts. A written legal opinion 
will not be considered ``reasoned'' if it does nothing more than recite 
the facts and express a conclusion.
    (y) Restricted transaction means any of the following transactions 
or transmittals involving any credit, funds, instrument, or proceeds 
that the Act prohibits any person engaged in the business of betting or 
wagering (which does not include the activities of a financial 
transaction provider, or any interactive computer service or 
telecommunications service) from knowingly accepting, in connection 
with the participation of another person in unlawful Internet 
gambling--
    (1) Credit, or the proceeds of credit, extended to or on behalf of 
such other person (including credit extended through the use of a 
credit card);
    (2) An electronic fund transfer, or funds transmitted by or through 
a money transmitting business, or the proceeds of an electronic fund 
transfer or money transmitting service, from or on behalf of such other 
person; or
    (3) Any check, draft, or similar instrument that is drawn by or on 
behalf of such other person and is drawn on or payable at or through 
any financial institution.
    (z) State means any State of the United States, the District of 
Columbia, or any commonwealth, territory, or other possession of the 
United States, including the Commonwealth of Puerto Rico, the 
Commonwealth of the Northern Mariana Islands, American Samoa, Guam, and 
the Virgin Islands.
    (aa) Third-party processor means a service provider that--
    (1) In the case of a debit transaction payment, such as an ACH 
debit entry or card system transaction, has a direct relationship with 
the commercial customer that is initiating the debit transfer 
transaction and acts as an intermediary between the commercial customer 
and the first depository institution to handle the transaction;
    (2) In the case of a credit transaction payment, such as an ACH 
credit entry, has a direct relationship with the commercial customer 
that is to receive the proceeds of the credit transfer and acts as an 
intermediary between the commercial customer and the last depository 
institution to handle the transaction; and
    (3) In the case of a cross-border ACH debit or check collection 
transaction, is the first service provider located within the United 
States to receive the ACH debit instructions or check for collection.
    (bb) Unlawful Internet gambling means to place, receive, or 
otherwise knowingly transmit a bet or wager by any means which involves 
the use, at least in part, of the Internet where such bet or wager is 
unlawful under any applicable Federal or State law in the State or 
Tribal lands in which the bet or wager is initiated, received, or 
otherwise made. The term does not include placing, receiving, or 
otherwise transmitting a bet or wager that is excluded from the 
definition of this term by the Act as an intrastate transaction or an 
intra-tribal transaction, and does not include any activity that is 
allowed under the Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et 
seq.; see Sec.  ----.1(a)). The intermediate routing of electronic data 
shall not determine the location or locations in which a bet or wager 
is initiated, received, or otherwise made.
    (cc) Wire transfer system means a system through which an 
unconditional order to a bank to pay a fixed or determinable amount of 
money to a beneficiary upon receipt, or on a day stated in the order, 
is transmitted by electronic or other means through the network, 
between banks, or on the books of a bank. When referring to wire 
transfer systems, the terms in this regulation (such as ``bank,'' 
``originator's bank,'' ``beneficiary's bank,'' and ``intermediary 
bank'') are defined as those terms are defined in 12 CFR part 210, 
appendix B.


Sec.  ----.3  Designated payment systems.

    The following payment systems could be used by participants in 
connection with, or to facilitate, a restricted transaction:
    (a) Automated clearing house systems;
    (b) Card systems;
    (c) Check collection systems;
    (d) Money transmitting businesses solely to the extent they
    (1) Engage in the transmission of funds, which does not include 
check cashing, currency exchange, or the issuance or redemption of 
money orders, travelers' checks, and other similar instruments; and
    (2) Permit customers to initiate transmission of funds transactions 
remotely from a location other than a physical office of the money 
transmitting business; and
    (e) Wire transfer systems.


Sec.  ----.4  Exemptions.

    (a) Automated clearing house systems. The participants processing a 
particular transaction through an automated clearing house system are 
exempt from this regulation's requirements for establishing written 
policies and procedures reasonably designed to prevent or prohibit 
restricted transactions with respect to that transaction, except for--
    (1) The receiving depository financial institution and any third-
party processor receiving the transaction on behalf of the receiver in 
an ACH credit transaction;
    (2) The originating depository financial institution and any third-
party processor initiating the transaction on behalf of the originator 
in an ACH debit transaction; and
    (3) The receiving gateway operator and any third-party processor 
that receives instructions for an ACH debit transaction directly from a 
foreign sender (which could include a foreign banking office, a foreign 
third-party processor, or a foreign originating gateway operator).
    (b) Check collection systems. The participants in a particular 
check collection through a check collection system are exempt from this 
regulation's requirements for establishing written policies and 
procedures reasonably designed to prevent or prohibit restricted 
transactions with respect to that check collection, except for the 
depositary bank.
    (c) Money transmitting businesses. The participants in a money 
transmitting business are exempt from this regulation's requirements 
for establishing written policies and procedures reasonably designed to 
prevent or prohibit restricted transactions, except for the operator.
    (d) Wire transfer systems. The participants in a particular wire 
transfer through a wire transfer system are exempt from this 
regulation's requirements for establishing written

[[Page 69409]]

policies and procedures reasonably designed to prevent or prohibit 
restricted transactions with respect to that transaction, except for 
the beneficiary's bank.


Sec.  ----.5  Policies and procedures required.

    (a) All non-exempt participants in designated payment systems shall 
establish and implement written policies and procedures reasonably 
designed to identify and block or otherwise prevent or prohibit 
restricted transactions.
    (b) A non-exempt financial transaction provider participant in a 
designated payment system shall be considered to be in compliance with 
the requirements of paragraph (a) of this section if--
    (1) It relies on and complies with the written policies and 
procedures of the designated payment system that are reasonably 
designed to--
    (i) Identify and block restricted transactions; or
    (ii) Otherwise prevent or prohibit the acceptance of the products 
or services of the designated payment system or participant in 
connection with restricted transactions; and
    (2) Such policies and procedures of the designated payment system 
comply with the requirements of this part.
    (c) For purposes of paragraph (b)(2) in this section, a participant 
in a designated payment system may rely on a written statement or 
notice by the operator of that designated payment system to its 
participants that states that the operator has designed or structured 
the system's policies and procedures for identifying and blocking or 
otherwise preventing or prohibiting restricted transactions to comply 
with the requirements of this part as conclusive evidence that the 
system's policies and procedures comply with the requirements of this 
part, unless the participant is notified otherwise by its Federal 
functional regulator or, in the case of participants that are not 
directly supervised by a Federal functional regulator, the Federal 
Trade Commission.
    (d) As provided in the Act, a person that identifies and blocks a 
transaction, prevents or prohibits the acceptance of its products or 
services in connection with a transaction, or otherwise refuses to 
honor a transaction, shall not be liable to any party for such action 
if--
    (1) The transaction is a restricted transaction;
    (2) Such person reasonably believes the transaction to be a 
restricted transaction; or
    (3) The person is a participant in a designated payment system and 
blocks or otherwise prevents the transaction in reliance on the 
policies and procedures of the designated payment system in an effort 
to comply with this regulation.
    (e) Nothing in this part requires or is intended to suggest that 
designated payment systems or participants therein must or should block 
or otherwise prevent or prohibit any transaction in connection with any 
activity that is excluded from the definition of ``unlawful Internet 
gambling'' in the Act as an intrastate transaction, an intratribal 
transaction, or a transaction in connection with any activity that is 
allowed under the Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et 
seq.; see Sec.  ---- .1(a)).
    (f) Nothing in this part modifies any requirement imposed on a 
participant by other applicable law or regulation to file a suspicious 
activity report to the appropriate authorities.
    (g) The requirement of this part to establish and implement written 
policies and procedures applies only to the U.S. offices of 
participants in designated payment systems.


Sec.  ---- .6  Non-exclusive examples of policies and procedures.

    (a) In general. The examples of policies and procedures to identify 
and block or otherwise prevent or prohibit restricted transactions set 
out in this section are non-exclusive. In establishing and implementing 
written policies and procedures to identify and block or otherwise 
prevent or prohibit restricted transactions, a non-exempt participant 
in a designated payment system is permitted to design and implement 
policies and procedures tailored to its business that may be different 
than the examples provided in this section. In addition, non-exempt 
participants may use different policies and procedures with respect to 
different business lines or different parts of the organization.
    (b) Due diligence. If a non-exempt participant in a designated 
payment system establishes and implements procedures for due diligence 
of its commercial customer accounts or commercial customer 
relationships in order to comply, in whole or in part, with the 
requirements of this regulation, those due diligence procedures will be 
deemed to be reasonably designed to identify and block or otherwise 
prevent or prohibit restricted transactions if the procedures include 
the steps set out in paragraphs (b)(1), (b)(2), and (b)(3) of this 
section and subject to paragraph (b)(4) of this section.
    (1) At the establishment of the account or relationship, the 
participant conducts due diligence of a commercial customer and its 
activities commensurate with the participant's judgment of the risk of 
restricted transactions presented by the customer's business.
    (2) Based on its due diligence, the participant makes a 
determination regarding the risk the commercial customer presents of 
engaging in an Internet gambling business and follows either paragraph 
(b)(2)(i) or (b)(2)(ii) of this section.
    (i) The participant determines that the commercial customer 
presents a minimal risk of engaging in an Internet gambling business.
    (ii) The participant cannot determine that the commercial customer 
presents a minimal risk of engaging in an Internet gambling business, 
in which case it obtains the documentation in either paragraph 
(b)(2)(ii)(A) or (b)(2)(ii)(B) of this section--
    (A) Certification from the commercial customer that it does not 
engage in an Internet gambling business; or
    (B) If the commercial customer does engage in an Internet gambling 
business, each of the following--
    (1) Evidence of legal authority to engage in the Internet gambling 
business, such as--
    (i) A copy of the commercial customer's license that expressly 
authorizes the customer to engage in the Internet gambling business 
issued by the appropriate State or Tribal authority or, if the 
commercial customer does not have such a license, a reasoned legal 
opinion that demonstrates that the commercial customer's Internet 
gambling business does not involve restricted transactions; and
    (ii) A written commitment by the commercial customer to notify the 
participant of any changes in its legal authority to engage in its 
Internet gambling business.
    (2) A third-party certification that the commercial customer's 
systems for engaging in the Internet gambling business are reasonably 
designed to ensure that the commercial customer's Internet gambling 
business will remain within the licensed or otherwise lawful limits, 
including with respect to age and location verification.
    (3) The participant notifies all of its commercial customers, 
through provisions in the account or commercial customer relationship 
agreement or otherwise, that restricted transactions are prohibited 
from being processed through the account or relationship.
    (4) With respect to the determination in paragraph (b)(2)(i) of 
this section, participants may deem the following commercial customers 
to present a

[[Page 69410]]

minimal risk of engaging in an Internet gambling business--
    (i) An entity that is directly supervised by a Federal functional 
regulator as set out in Sec.  ---- .7(a); or
    (ii) An agency, department, or division of the Federal government 
or a State government.
    (c) Automated clearing house system examples.
    (1) The policies and procedures of the originating depository 
financial institution and any third party processor in an ACH debit 
transaction, and the receiving depository financial institution and any 
third party processor in an ACH credit transaction, are deemed to be 
reasonably designed to identify and block or otherwise prevent or 
prohibit restricted transactions if they--
    (i) Address methods to conduct due diligence in establishing a 
commercial customer account or relationship as set out in Sec.  ---- 
.6(b);
    (ii) Address methods to conduct due diligence as set out in Sec.  
---- .6(b)(2)(ii)(B) in the event that the participant has actual 
knowledge that an existing commercial customer of the participant 
engages in an Internet gambling business; and
    (iii) Include procedures to be followed with respect to a 
commercial customer if the originating depository financial institution 
or third-party processor has actual knowledge that its commercial 
customer has originated restricted transactions as ACH debit 
transactions or if the receiving depository financial institution or 
third-party processor has actual knowledge that its commercial customer 
has received restricted transactions as ACH credit transactions, such 
as procedures that address--
    (A) The circumstances under which the commercial customer should 
not be allowed to originate ACH debit transactions or receive ACH 
credit transactions; and
    (B) The circumstances under which the account should be closed.
    (2) The policies and procedures of a receiving gateway operator and 
third-party processor that receives instructions to originate an ACH 
debit transaction directly from a foreign sender are deemed to be 
reasonably designed to prevent or prohibit restricted transactions if 
they include procedures to be followed with respect to a foreign sender 
if the receiving gateway operator or third-party processor has actual 
knowledge, obtained through notification by a government entity, such 
as law enforcement or a regulatory agency, that such instructions 
included instructions for restricted transactions. Such procedures may 
address sending notification to the foreign sender, such as in the form 
of the notice contained in appendix A to this part.
    (d) Card system examples. The policies and procedures of a card 
system operator, a merchant acquirer, third-party processor, or a card 
issuer, are deemed to be reasonably designed to identify and block or 
otherwise prevent or prohibit restricted transactions, if the policies 
and procedures--
    (1) Provide for either--
    (i) Methods to conduct due diligence--
    (A) In establishing a commercial customer account or relationship 
as set out in Sec.  ---- .6(b); and
    (B) As set out in Sec.  ---- .6(b)(2)(ii)(B) in the event that the 
participant has actual knowledge that an existing commercial customer 
of the participant engages in an Internet gambling business; or
    (ii) Implementation of a code system, such as transaction codes and 
merchant/business category codes, that are required to accompany the 
authorization request for a transaction, including--
    (A) The operational functionality to enable the card system 
operator or the card issuer to reasonably identify and deny 
authorization for a transaction that the coding procedure indicates may 
be a restricted transaction; and
    (B) Procedures for ongoing monitoring or testing by the card system 
operator to detect potential restricted transactions, including--
    (1) Conducting testing to ascertain whether transaction 
authorization requests are coded correctly; and
    (2) Monitoring and analyzing payment patterns to detect suspicious 
payment volumes from a merchant customer; and
    (2) For the card system operator, merchant acquirer, or third-party 
processor, include procedures to be followed when the participant has 
actual knowledge that a merchant has received restricted transactions 
through the card system, such as--
    (i) The circumstances under which the access to the card system for 
the merchant, merchant acquirer, or third-party processor should be 
denied; and
    (ii) The circumstances under which the merchant account should be 
closed.
    (e) Check collection system examples.
    (1) The policies and procedures of a depositary bank are deemed to 
be reasonably designed to identify and block or otherwise prevent or 
prohibit restricted transactions, if they--
    (i) Address methods for the depositary bank to conduct due 
diligence in establishing a commercial customer account or relationship 
as set out in Sec.  ---- .6(b);
    (ii) Address methods for the depositary bank to conduct due 
diligence as set out in Sec.  ---- .6(b)(2)(ii)(B) in the event that 
the depositary bank has actual knowledge that an existing commercial 
customer engages in an Internet gambling business; and
    (iii) Include procedures to be followed if the depositary bank has 
actual knowledge that a commercial customer of the depositary bank has 
deposited checks that are restricted transactions, such as procedures 
that address--
    (A) The circumstances under which check collection services for the 
customer should be denied; and
    (B) The circumstances under which the account should be closed.
    (2) The policies and procedures of a depositary bank that receives 
checks for collection from a foreign banking office are deemed to be 
reasonably designed to identify and block or otherwise prevent or 
prohibit restricted transactions if they include procedures to be 
followed by the depositary bank when it has actual knowledge, obtained 
through notification by a government entity, such as law enforcement or 
a regulatory agency, that a foreign banking office has sent checks to 
the depositary bank that are restricted transactions. Such procedures 
may address sending notification to the foreign banking office, such as 
in the form of the notice contained in the appendix to this part.
    (f) Money transmitting business examples. The policies and 
procedures of an operator of a money transmitting business are deemed 
to be reasonably designed to identify and block or otherwise prevent or 
prohibit restricted transactions if they--
    (1) Address methods for the operator to conduct due diligence in 
establishing a commercial customer relationship as set out in Sec.  --
-- .6(b);
    (2) Address methods for the operator to conduct due diligence as 
set out in Sec.  ---- .6(b)(2)(ii)(B) in the event that the operator 
has actual knowledge that an existing commercial customer engages in an 
Internet gambling business;
    (3) Include procedures regarding ongoing monitoring or testing by 
the operator to detect potential restricted transactions, such as 
monitoring and analyzing payment patterns to detect suspicious payment 
volumes to any recipient; and
    (4) Include procedures when the operator has actual knowledge that 
a commercial customer of the operator has received restricted 
transactions through the money transmitting business, that address--
    (i) The circumstances under which money transmitting services 
should be

[[Page 69411]]

denied to that commercial customer; and
    (ii) The circumstances under which the commercial customer account 
should be closed.
    (g) Wire transfer system examples. The policies and procedures of 
the beneficiary's bank in a wire transfer are deemed to be reasonably 
designed to identify and block or otherwise prevent or prohibit 
restricted transactions if they--
    (1) Address methods for the beneficiary's bank to conduct due 
diligence in establishing a commercial customer account as set out in 
Sec.  ---- .6(b);
    (2) Address methods for the beneficiary's bank to conduct due 
diligence as set out in Sec.  ---- .6(b)(2)(ii)(B) in the event that 
the beneficiary's bank has actual knowledge that an existing commercial 
customer of the bank engages in an Internet gambling business;
    (3) Include procedures to be followed if the beneficiary's bank 
obtains actual knowledge that a commercial customer of the bank has 
received restricted transactions through the wire transfer system, such 
as procedures that address
    (i) The circumstances under which the beneficiary bank should deny 
wire transfer services to the commercial customer; and
    (ii) The circumstances under which the commercial customer account 
should be closed.


Sec.  ---- .7  Regulatory enforcement.

    The requirements under this part are subject to the exclusive 
regulatory enforcement of--
    (a) The Federal functional regulators, with respect to the 
designated payment systems and participants therein that are subject to 
the respective jurisdiction of such regulators under section 505(a) of 
the Gramm-Leach-Bliley Act (15 U.S.C. 6805(a)) and section 5g of the 
Commodity Exchange Act (7 U.S.C. 7b-2); and
    (b) The Federal Trade Commission, with respect to designated 
payment systems and participants therein not otherwise subject to the 
jurisdiction of any Federal functional regulators (including the 
Commission) as described in paragraph (a) of this section.

Appendix A to Part ------Model Notice

[Date]
[Name of foreign sender or foreign banking office]
[Address]
Re: U.S. Unlawful Internet Gambling Enforcement Act Notice

Dear [Name of foreign counterparty]:

    On [date], U.S. government officials informed us that your 
institution processed payments through our facilities for Internet 
gambling transactions restricted by U.S. law on [dates, recipients, 
and other relevant information if available].
    We provide this notice to comply with U.S. Government 
regulations implementing the Unlawful Internet Gambling Enforcement 
Act of 2006 (Act), a U.S. federal law. Our policies and procedures 
established in accordance with those regulations provide that we 
will notify a foreign counterparty if we learn that the counterparty 
has processed payments through our facilities for Internet gambling 
transactions restricted by the Act. This notice ensures that you are 
aware that we have received information that your institution has 
processed payments for Internet gambling restricted by the Act.
    The Act is codified in subchapter IV, chapter 53, title 31 of 
the U.S. Code (31 U.S.C. 5361 et seq.). Implementing regulations 
that duplicate one another can be found at part 233 of title 12 of 
the U.S. Code of Federal Regulations (12 CFR part 233) and part 132 
of title 31 of the U.S. Code of Federal Regulations (31 CFR part 
132).

    By order of the Board of Governors of the Federal Reserve 
System, November 12, 2008.
Robert deV. Frierson,
Deputy Secretary of the Board.

    Dated: November 10, 2008.

By the Department of the Treasury.
Taiya Smith,
Executive Secretary.
 [FR Doc. E8-27181 Filed 11-12-08; 4:15 pm]
BILLING CODE 6210-01-P; 4810-25-P