Comment on FR Doc # 2010-17505

Provider Considerations: Who is considered the Provider in this scenario? Program Manager contracts with “Subject” ISO for distribution of both reloadable and non-reloadable prepaid cards primarily through check cashing retail outlets, but also through other types of retail outlets. Program Manager uses financial institution as BIN sponsor and third party processor for account handling in addition to fulfillment vendors for card production. Clients of Program Manager, in addition to Subject ISO, include; (i) individual corporate entities for payroll/incentive card distribution; (ii) ISOs and marketing agents for other corporate distributions of various card programs; and (iii) check cashing outlets for general purpose reloadable prepaid card distribution. Subject ISO provides services for distributors who operate retail locations, some of which are owned by the principals of the Subject ISO, and some of which are independently owned. The Subject ISO is responsible for soliciting and signing up distributors as contractual “agents” of Subject ISO under a three-party agreement among Program Manager, Subject ISO and agent. Subject ISO is also responsible for, among other things: CIP and due diligence investigations, including site inspections of retail locations and background checks of the principals of the agents; risk assessments of such agents; marketing and branding the cards sold through the agents; and compliance training and activity monitoring of the agents. Program Manager and Subject ISO share net profits (program revenues less program expenses) with 75% of net profits going to Subject ISO and 25% going to the Program Manager. The individual retail outlets operated by the agents actually “sell” the prepaid cards to the consumer and may or may not be MSBs. Under the proposed new regulations, would the Subject ISO be a “ Provider”, “Seller”, or unaffected 3rd party? CIP and Transaction Information Retention Responsibilities: If another party in the chain (issuing bank, processor, client) is responsible for CIP verification and retention will the Provider also have to duplicate those efforts by collecting and retaining CIP information as well? If another party (issuing bank, processor, client) in the chain is responsible for transaction information retention will the Provider also have to duplicate those efforts by retaining transaction information as well?