CUNA Regulatory Comment Call

October 19, 2007




The Unlawful Internet Gambling Enforcement Act of 2006 (Act) was enacted as Title VIII of the Security and Accountability For Every Port Act of 2006 and signed into law on October 13, 2006. This Act prohibits persons engaged in the business of betting or wagering from knowingly accepting payments from another engaged in unlawful Internet gambling. Among other provisions, the Act directs the Federal Reserve Board and Treasury Department to implement its provisions, in consultation with the Department of Justice. They were directed to designate the payments systems that could be used to make a ‘”restricted transaction” under the Act (an illegal Internet gambling transaction). Designating a payment system subjects it and the financial transaction providers, such as financial institutions, to regulation. Federal financial institution regulators, including NCUA, are to enforce the rule, when finalized, for the institutions they supervise. (NCUA will enforce the rule for all federally insured credit unions; privately insured stated chartered credit unions will be under the Federal Trade Commission’s enforcement.)

The Act directs that the regulation must require payment systems covered by the rule and financial transaction providers (including financial institutions) participating in each covered payment system to establish policies and procedures that are “reasonably designed” to identify and block restricted transactions. The rules must identify the types of policies and procedures that would be deemed to be “reasonably designed” to meet the Act’s objectives. The agencies are required to exempt any transactions or participants in payment systems from the requirements of the rule if the regulators determine it is not reasonably practical to identify and block such transactions.

The Act provides that a participant, such as a financial institution, in a payment system that is covered by the rule will be deemed to be in compliance if it relies on the policies and procedures of the payment system and such policies and procedures comply with the rule.


The Department of the Treasury and the Federal Reserve Board (the Agencies) issued a joint proposed rule to implement the Unlawful Internet Gambling Enforcement Act (Act). The proposed rule would require participants in “designated payment systems” to establish policies and procedures reasonably designed to identify and block or prevent transactions in connection with unlawful Internet gambling.

The proposal designates five payment systems that could be used in connection with a restricted transaction:

Participants in these payment systems include financial institutions that participate in, are members of, or have contracted for services with a designated payment system.


The proposal exempts most participants in the ACH systems, check collection systems, and wire transfer systems. Participants in these systems that are not exempt are those that would have a “customer relationship” with the Internet gambling business and those that send or receive certain cross-border transactions. Specifically, the first participant in the United States that receives an incoming cross-border ACH debit or check collection transaction directly from a foreign institution is not exempt. In the case of outgoing wire transfers and ACH credit transactions, the originator’s financial institution or the intermediary financial institution in the U.S. that sends the wire transfer transaction, or the gateway operator that sends the ACH credit entry directly to a foreign bank is also not exempt.

Specifically, the following participants in each payment system below would be exempt from requirements to establish written policies and procedures to prevent or prohibit restricted transactions:

ACH systems

Check collection systems

Wire transfer systems

Requirements for Non-Exempt Participants

In addition to participants that have a business relationship with an Internet gambling business or receive or send certain cross-border transactions, participants in the credit card services and money transmitting businesses are not exempt.

All non-exempt participants would be required to either:

  1. Establish and implement policies and procedures to identify and block, or otherwise prevent or prohibit restricted transactions; or
  2. Rely on and comply with the policies and procedures established by the payment system as long as its policies and procedures comply with the regulation.

The proposed regulations provide examples of policies and procedures for each designated payment system. The examples are nonexclusive and participants are directed to use the policies and procedures in a risk-based manner tailoring them to their type of business and to the different types of restricted transactions.

Generally, policies and procedures for each system should be designed to prevent or prohibit restricted transactions and include measures to be taken when restricted transactions are discovered. Additionally, policies and procedures should address methods for conducting due diligence in establishing and maintaining a commercial account relationship and should be designed to ensure that the commercial customer does not originate or receive restricted transactions.

Card Systems Examples

Policies and procedures for participants in card systems, including merchant acquirers, card system operators, and card issuers, such as credit unions should:

Automated Clearing House System (ACH) Examples

Policies and procedures of the ODFIs and third-party senders in ACH debit transactions and RDFIs in ACH credit transactions should:

The proposal also includes examples of policies and procedures for ACH gateway operators and third-party senders receiving instructions from foreign senders, which would not apply to credit unions.

Check Collection System Examples

Policies and procedures of a depositary institution should:

Wire Transfer System Examples

The policies and procedures of a beneficiary’s financial institution in a wire transfer should:

Money Transmitting Business Examples

The example of policies and procedures of money transmitting businesses include addressing methods for conducting due diligence in establishing or maintaining a commercial relationships. The policies and procedures should be designed to ensure that the commercial subscriber will not receive restricted transactions through the money transmitting business by screening potential commercial subscribers to ascertain the nature of their business and include in their agreement that the subscriber may not receive restricted transactions.

The money transmitting business should Include procedures to identify and block or prevent or prohibit restricted transactions by monitoring or testing:

Procedures should include what actions should be followed, such as assessing fines, denying access or closing accounts, when it is discovered that restricted transactions have been received.

Safe Harbor

The proposal provides a safe harbor to anyone that identifies and blocks or a transaction or refuses to honor a transaction if:


The following are key definitions listed in the proposal:


  1. Is this rule well-constructed or do you find it confusing? Why?

    Please explain.

  2. Do you believe that the list of five designated payment systems is too broad or too narrow? Do you agree with the current list of designated payment systems, or should new and emerging systems be included?

    Please explain.

  3. Do you agree with the list of exempt participants? Do you believe any additional exemptions should be included or should existing exemptions be removed?

    Please explain.

  4. The proposed rule currently exempts Originating Depository Financial Institutions (ODFIs) from establishing and implementing policies and procedures. Do you believe it is impractical for an ODFI to implement policies and procedures in an ACH credit transaction? Does the burden outweigh any benefit in identifying and blocking restricted transactions?

  5. The proposal specifically exempts the originator’s financial institution and intermediary financial institution in a domestic wire transfer. Do you believe it is impractical for these participants to implement policies and procedures in a wire transaction?

  6. Do you believe it is appropriate for participants to incorporate into their account opening procedures the proposal’s due diligence provisions, including periodic confirmation of the nature and type of a commercial customer’s business?

  7. Do you support the inclusion of examples of policies and procedures? Are the examples too broad or too specific?

  8. Do you believe ongoing monitoring and testing should be incorporated in the examples for the ACH, wire and check cashing systems?

  9. Do you believe it is practical and cost-effective for card systems to develop additional merchant codes to include lawful Internet gambling?

  10. Do you believe that the agencies should establish and maintain a “list” of unlawful Internet gambling businesses for participants to access and use when blocking restricted transactions?

  11. Do you agree with the proposed definitions of the terms, specifically of the designated payment systems and participants? If not, please explain.

  12. Do you believe six month after the joint final rules are published is sufficient time for financial institutions and other participants to comply?

  13. Please provide any additional comments you wish.

Eric Richard • General Counsel • (202) 508-6742 •
Mary Mitchell Dunn • SVP & Deputy General Counsel • (202) 508-6736 •
Jeffrey Bloch • Assistant General Counsel • (202) 508-6732 •
Lilly Thomas • Assistant General Counsel • (202) 508-6733 •
Catherine Orr • Senior Regulatory Counsel • (202) 508-6743 •