On Nov. 12, the Department of the Treasury and Board of Governors of the Federal Reserve System (the “Agencies”) issued final regulations to implement the Unlawful Internet Gambling Enforcement Active 2006 (the “UIGEA”).1
Generally, the UIGEA prohibits gambling businesses from accepting credit, electronic funds transfers, checks and other payments in connection with another person’s unlawful Internet gambling (“restricted transactions”). In addition, the UIGEA required the Agencies to promulgate regulations requiring financial payment networks, and all participants therein, “to identify and block or otherwise prevent or prohibit" 2 restricted transactions “through the establishment of policies and procedures reasonably designed to identify and block or otherwise prevent or prohibit the acceptance of restricted transactions . . ." 3 The regulations constitute the Agencies’ fulfillment of that obligation.
As you may recall, the UIGEA explicitly provides that it does not change existing law in regard to what is or is not illegal Internet gambling. Whatever was illegal Internet gambling under state law, federal law -- or both -- prior to passage of the UIGEA remains so, and similarly, no Internet gambling that was lawful under applicable state and federal law prior to the passage of the UIGEA became illegal by reason of the law’s enactment.
Thus, exactly what is legal and illegal Internet gambling under existing laws remains unaddressed by the UIGEA, and this problem is significant because existing state and federal laws allow for different reasonable interpretations as to what gambling business can be lawfully conducted via the Internet. By way of example only, there are different views as to whether the Wire Wager Act4 applies to non-sports wagering, to wagering-related communications that begin and end in the same state -- or both -- but are routed across that state’s boundaries. Unsurprisingly, the regulations do nothing to clarify this situation.
The regulations apply only to “designated payment systems” and “participants” therein, except that certain participants are exempted, as discussed below. “Designated payment systems,” are, generally, automated clearing house (“ACH”) systems; systems for authorizing, clearing and settling transactions involving purchases by credit cards, debit cards, pre-paid cards or stored value cards; systems for collecting, presenting, returning and settling checks; and money transmitting businesses when transmitting funds (e.g., not when involved in check cashing, exchanging currencies, or issuing money orders or travelers’ checks).
“Participants” in a designated payment system are operators of such a system, financial transaction providers that are members of or have contracted for services with such a system and third-party processors. The term specifically does not include customers of a financial transaction provider, unless the customer is also a financial transaction provider participating in the designated payment system on its own behalf. Thus, individual gamblers are not “participants” and are not covered by the regulations.
Pursuant to the regulations, all non-exempt participants in designated payment systems (exempt participants are discussed below) must establish and implement policies and procedures “reasonably designed” to identify and block or otherwise prevent or prohibit restricted transactions (“Policies and Procedures”).
The regulations do not make clear exactly what such Policies and Procedures must contain, nor do they assist participants in determining what constitutes unlawful Internet gambling, a business involved therein -- or both. However, the regulations provide guidance with respect to the required Policies and Procedures, and examples which, if followed, will be deemed compliant with the regulations.
Although the examples are non-exclusive and participants are free to establish and implement compliance plans that do not follow the examples, to do so risks a finding that the participants’ compliance plans are not “reasonably designed” to identify and block or otherwise prevent or prohibit restricted transactions, and thus are not compliant with the regulations. As discussed below, the examples in the regulations indicate that the required Policies and Procedures should establish a due diligence process in connection with the participants’ establishing and maintaining customer relationships with their business customers.
In the following circumstances, participants are exempt from the obligation imposed by the regulations to establish Policies and Procedures. Exempted are:
(1) Participants processing a transaction through an ACH system except for (i) the receiving depository financial institution and any third-party processor receiving the transaction on behalf of the receiver (in an ACH credit transaction); (ii) the originating depository financial institution and any third-party processor initiating the transaction on behalf of the originator (in an ACH debit transaction); and (iii) the receiving gateway operator and any third-party processor that receives instructions for an ACH debit transaction directly from a foreign sender;
(2) Participants in check collection systems except for the depository bank;
(3) Participants in a money transmitting businesses, except for the operator; and
(4) Participants in a wire transfer except for the beneficiary’s bank.
Thus, for example, in regard to payments via check collection systems, wire transfers, or both, only the entity that has a direct relationship with business customer receiving the funds is subject to the requirement that it establish Policies and Procedures.
The regulations set forth guidelines and provide a number of non-exclusive examples to assist participants in the development and implementation of Policies and Procedures. By way of guidelines, the regulations state that a non-exempt “financial transaction provider" 5/participant will be considered to be in compliance with its obligation to establish and implement policies and procedures reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions if:
(1) It relies on and complies with the written policies and procedures of the designated payment system that are reasonably designed to:
(i) Identify and block restricted transactions; or
(ii) Otherwise prevent or prohibit the acceptance of the products or services of the designated payment system or participant in connection with restricted transactions; and
(2) Such policies and procedures of the designated payment system comply with the requirements of this part.
Note, however, that the financial transaction provider/participant need not determine whether the Policies and Procedures of the designated payment system of which it is a member or with which it contracts for services are “reasonably designed” to fulfill the stated goals, whether they otherwise comply with the regulations -- or both.
This is because, under the regulations (as well as pursuant to the UIGEA), a person that identifies and blocks a transaction, or prohibits the acceptance of its product or services in connection with the transaction, or otherwise refuses to honor a transaction, shall not be liable to any party for taking such action if the person is a participant in a designated payment system and blocks or otherwise prevents the transaction in reliance on the Policies and Procedures of the designated payment system.
As mentioned, the regulations contain non-exclusive examples of Policies and Procedures to identify and block or otherwise prevent or prohibit restricted transactions. These are considered to be “reasonably designed” for such purpose and, if adopted and implemented, the participant will be deemed to have complied with the regulations.
The first example, to which all subsequent examples refer, suggests that the non-exempt participant comply by conducting due diligence of the business entities with which it has relationships. The example provides, in part, that if a non-exempt participant in a designated payment system establishes and implements due diligence procedures regarding its commercial customer accounts or relationships that include the steps in paragraphs (1), (2) and (3) below, subject to paragraph (4), those procedures will be deemed to be “reasonably designed” to identify and block or otherwise prevent or prohibit restricted transactions, and thus compliant with the regulations.
(1) At the establishment of the account or relationship, the participant conducts due diligence of a commercial customer and its activities commensurate with the participant’s judgment of the risk of restricted transactions presented by the customer’s business.
(2) Based on its due diligence, the participant makes a determination regarding the risk the commercial customer presents of engaging in an Internet gambling business and follows either paragraph (2)(i) or (2)(ii) of this section.
(i) The participant determines that the commercial customer presents a minimal risk of engaging in an Internet gambling business.
(ii) The participant cannot determine that the commercial customer presents a minimal risk of engaging in an Internet gambling business, in which case it obtains the documentation in either paragraph (2)(ii)(A) or (2)(ii)(B) of this section.
(A) Certification from the commercial customer that it does not engage in an Internet gambling business; or
(B) If the commercial customer does engage in an Internet gambling business, each of the following:
(1) Evidence of legal authority to engage in the Internet gambling business, such as:
(a) A copy of the commercial customer’s license that expressly authorizes the customer to engage in the Internet gambling business issued by the appropriate State or Tribal authority or, if the commercial customer does not have such a license, a reasoned legal opinion that demonstrates that the commercial customer’s Internet gambling business does not involve restricted transactions; and
(b) A written commitment by the commercial customer to notify the participant of any changes in its legal authority to engage in its Internet gambling business.
(2) A third-party certification that the commercial customer’s systems for engaging in the Internet gambling business are reasonably designed to ensure that the commercial customer’s Internet gambling business will remain within the licensed or otherwise lawful limits, including with respect to age and location verification.
(3) The participant notifies all of its commercial customers, through provisions in the account or commercial customer relationship agreement or otherwise, that restricted transactions are prohibited from being processed through the account or relationship.
(4) With respect to the determination in paragraph (2)(i) of this section, participants may deem the following commercial customers to present a minimal risk of engaging in an Internet gambling business:
(i) An entity that is directly supervised by a Federal functional regulator as set out in the regulations; or
(ii) An agency, department, or division of the Federal government or a State government.
Based on this example of compliant Policies and Procedures, if a participant determines that a commercial customer conducts Internet gambling, it must obtain either a copy of the government-issued or tribe-issued license authorizing such activity or, if the customer does not have such a license, a “reasoned legal opinion" 6 that demonstrates that the commercial customer’s Internet gambling business does not involve restricted transactions.
In this regard, it seems likely that, if a commercial customer that conducts Internet gambling cannot produce a government-issued or tribe-issued license, then whether or not the customer offers a legal opinion, the participant will block or otherwise prevent financial transactions to that customer. This is because, if the participant accepts the legal opinion and thereupon permits the transaction, it takes the risk of that opinion not being “reasoned,” whereas it is very unlikely that a participant will be liable for incorrectly blocking or otherwise preventing a transaction relating to lawful Internet gambling. This is true because the regulations provide (as does the UIGEA) that a person that identifies and blocks a transaction, or prohibits the acceptance of its product or services in connection with the transaction, shall not be liable to any party for such action if the person reasonably believes the transaction to be a restricted transaction (even if turns out that such is not actually the case).
The example specific to “card systems” 7 provides, in part, that policies and procedures of a card system operator, merchant acquirer, third-party processor or card issuer are deemed to be “reasonably designed” to identify and block or otherwise prevent or prohibit restricted transactions, if they:
(1) Provide for either:
(i) (A) Methods to conduct due diligence in establishing customer accounts as set out in subparagraph (2) in the above general example; and
(B) procedures as set out in (2)(ii)(B) above if the participant has actual knowledge that the participant engages in an Internet gambling business; or
(ii) Implementation of a code system, such as transaction codes and merchant/business category codes, that are required to accompany the authorization request for a transaction, including:
(A) The operational functionality to enable the card system operator or the card issuer to reasonably identify and deny authorization for a transaction that the coding procedure indicates may be a restricted transaction; and
(B) Procedures for ongoing monitoring or testing by the card system operator to detect potential restricted transactions, . . . and
(2) For the card system operator, merchant acquirer, or third-party processor, include procedures to be followed when the participant has actual knowledge that a merchant has received restricted transactions through the card system, such as
The UIGEA requires that, via the regulations, the Agencies “ensure that transactions in connection with any activity excluded from the definition of unlawful Internet gambling [by reason of the intrastate, intratribal and interstate horseracing exceptions to that term] 8 are not blocked or otherwise prevented or prohibited by the prescribed regulations." 9 However, the Agencies implementation of this “overblocking” prevention requirement is weak. The Agencies have purported to fulfill this obligation by providing in the regulations simply that nothing therein “requires or is intended to suggest that designated payment systems or participants therein must or should block or otherwise or prevent or prohibit any transaction in connection with any activity that is excluded from the definition of ‘unlawful internet gambling’ . . .” This seems to fall short of the “assurance” required by the statute.
The obligations imposed by the regulations are subject to enforcement by the various federal regulators that already regulate the applicable financial institutions,10 except that the Federal Trade Commission enforces the regulations with respect to any designated payment systems not already regulated by such other federal regulators.
The regulations become effective Jan. 19, 2009. However, compliance by non-exempt participants in designated payment systems is not required until December 1, 2009.
1 Codified at 31 U.S.C. §§5361 – 5366.
2 31 U.S.C. §5364
4 18 U.S.C. §1081, et seq.
5 A “financial transaction provider” is defined, generally, as a creditor, credit card issuer, financial institution, operator of a terminal at which an electronic fund transfer may be initiated, a money transmitting business or a payment network.
6 Under the regulations, a “reasoned legal opinion” means “a written expression of professional judgment by a State-licensed attorney that addresses the facts of a particular client’s business and the legality of the client’s provision of its services to relevant customers in the relevant jurisdictions under applicable federal and State law, and, in the case of intratribal transactions, applicable tribal ordinances, tribal resolutions, and Tribal-State compacts. A written legal opinion will not be considered "reasoned" if it does nothing more than recite the facts and express a conclusion.”
7 “Card systems” are defined, generally, as systems for authorizing, clearing and settling transactions involving the use of credit cards, debit cards, pre-paid cards or stored-value cards to purchase goods or services or to effect cash advances.
8 Those exceptions are contained in subparagraphs (B), (C) and (D)(i) of 31 U.S.C. §5362(10).
9 31 U.S.C. §5364(b)(4)
10 These regulators are specified in Section 505(a) of the Gramm-Leach-Bliley Act (15 U.S.C. §6805(a)) and Section 5g of the Commodity Exchange Act (7 U.S.C. §7b-2).