Keeping Your Hotel Gift Card and Experience Program U.S. Compliant
Businesses that are operating prepaid access programs like gift cards may find themselves handling complex and competing compliance issues. Knowing which rules apply when and implementing necessary policies and procedures can streamline your own operations and avoid unwelcome audits.
This research article has been commissioned by Techsembly from Blackgarden Law. Please note this information provided is for informational purposes only, and is not intended to constitute legal advice. Please reach out to Blackgarden Law or your legal counsel for any particular matters to your organization.
The Hotel Gift Card market is rapidly growing and is projected to be valued at US $133 billion by the end of 2030. With such a large portion of value being exchanged using gift cards, any business, especially those in the hospitality industry, risks having their gift card (or “prepaid access”) program flagged by law enforcement as a potential tool for money laundering. Once flagged, law enforcement can incur audits of transaction history and internal policies. If the latter is found lacking, even if the prepaid access program was never abused for illegal activities, law enforcement can still impose fines. As governments and law enforcement became aware of the opportunities to use gift cards to avoid tracking of funds and take advantage of customers, they began to increase regulation of those gift cards and other prepaid access programs in an effort to stem the flow of illegal, untaxed cash and protect consumers. Businesses that are operating prepaid access programs like gift cards for example may find themselves handling complex and competing compliance issues. Knowing which rules apply when and implementing necessary policies and procedures can streamline your own operations and avoid unwelcome audits.
This article will help the reader understand a piece of the United States regulatory environment and provide a primer to design and maintain a gift card program that complies with the relevant rules. Techsembly has invited lawyers from Blackgarden Law to discuss legal implications of handling gift cards in the US, and steps businesses will need to take to stay within the boundaries of the law. Please note, the authors of this article are not your lawyers, this guide is not legal advice and it should not be used as a substitute for your own counsel. As often repeated below, your team of lawyers and accountants should work with you to develop your gift card program.
What laws do I need to be aware of?
Different regulatory bodies impose different requirements to further diverse policy interests. If your hotel handles gift cards, there are two dominant public interests driving regulation at the US federal level: the Bank Secrecy Act (“BSA”) for white-collar crime prevention (essentially money laundering), and the CREDIT CARD ACCOUNTABILITY RESPONSIBILITY AND DISCLOSURE ACT OF 2009 (the “CARD Act”) for consumer protection.
In 1970, the United States Congress passed the BSA aimed at curtailing white-collar crime. Later amendments to the BSA targeted money laundering for terrorist organizations, including using prepaid access systems like credit, debit, prepaid phone, and gift cards to move money across borders. In 2009, the United States Congress implemented the CARD Act to regulate many of those same instruments to enhance consumer protection, including restricting fees and stating that most “cards, codes, and other devices” could not have expiration dates sooner than five years from the purchase date.
These interests do not always align, meaning that regulations designed to prevent the use of gift cards to launder or obscure the transfer of value may create friction with other rules promulgated to protect consumers. Furthermore, while money laundering and consumer protection are key interests for regulators, there are other rules that you may be subject to, depending upon your region.
For example, in the United States, although the BSA and CARD Act apply at the federal level, state law may also be involved in creating different or additional requirements for prepaid programs. If your business issues, redeems, or otherwise handles prepaid access programs, you are strongly recommended to do thorough research and engage local counsel regarding relevant state or local laws involved with payment systems.
These two sets of regulations create different restrictions, requirements, and exceptions that your hotel may need to follow with regard to gift cards.
Is your Gift Card Prepaid Program subject to the BSA?
The primary agency tasked with enforcing the BSA is Financial Crimes Enforcement Network (“FinCEN”). FinCEN’s authority extends to transactions involving US currency or those where one party to the transaction is based in the US. If your business engages in transactions that meet this definition, you are operating under FinCEN’s jurisdiction and will have to follow its rules.
FinCEN requires certain parties handling fungible financial assets to comply with its regulations and follow anti-money laundering protocols. FinCEN identified stored value vehicles, including gift card programs (often referred to as “prepaid access”) as subject to its review. If certain financial vehicles can be used to store funds for future use or transfer, they may qualify as prepaid access programs subject to regulation to prevent money laundering.
The BSA Prepaid Access Final Rule (“Rule”) requires providers and sellers of prepaid access to (1) file suspicious activity reports (“SARs”), (2) collect and retain customer and transactional information and (3) maintain an anti-money laundering program. These are material obligations similar to those imposed on businesses that transmit or convert money also known as Money Services Businesses (“MBS”). To be subject to the Rule, a business must be a provider or seller of prepaid access. Those definitions are important to understand.
Who is a seller under the Prepaid Access Rule?
If a business sells (or loads) prepaid access, it is considered a seller under the Rule unless: (a) the prepaid program it is selling cannot be used before the user’s identity is verified, and (b) it has policies and procedures in place that are reasonably adapted to prevent the sale of more than $10,000 of any type of prepaid access to any one person on any one day. Unless (a) and (b) above are satisfied, you are a seller.
Who is a provider of a Prepaid Program under the BSA?
The provider of the prepaid access program is the party with “principal oversight and control.” “Principal oversight and control” is determined by the specific facts and circumstances. Activities that indicate “principal oversight and control” include: organizing, setting the terms and conditions and deciding what other businesses that will participate in the prepaid program (i.e. as sellers), and generally doing things that demonstrate oversight and control of the prepaid program. A gift card holding entity may be the provider if that party has principal oversight and control but holding the liability is not determinative under the BSA’s definitions.
What is a prepaid access program under the BSA?
The Rule defines a “prepaid program” as “an arrangement of one or more persons acting together to provide prepaid access.” That’s a fairly broad definition, but the Rule goes on expressly exclude three specific types of arrangements from regulation; (1) programs that provide access to funds of no more than $2,000/day via a closed-loop card, (2) programs that provide access to funds provided solely by a government agency, or (3) programs that provide prepaid access to funds exclusively from certain health or dependent care arrangements.
Closed-loop versus Open-loop
For most businesses, the $2,000/day on a closed-loop program is the most applicable exception. So what’s a “closed-loop” card? Prepaid access programs/cards are characterized as open or closed-loop depending on how broadly they can be used. A prepaid program is closed-loop if it can only be used by the issuing merchant and its related entities. For example, a gift card from your local coffee shop is generally only redeemable at that shop and, therefore, a closed-loop program. Gift cards from Gap.com are redeemable at any location or online from Gap, Old Navy, Athleta, and Banana Republic, but it’s still a closed-loop program because the cards must be used within Gap’s brand family.
Conversely, an open-loop prepaid card can be redeemed anywhere that accepts the issuing brand. For example, you may have purchased or received a Visa gift card. While the card may be personalized or even branded with a business’s logo, the holder of that open-loop card can use it with any merchant or website that accepts Visa. It is essentially a prepaid debit card, even if it has a “suggested use” printed on its face.
How are prepaid access programs, including gift cards, administered under the BSA?
First, a qualifying prepaid access program has two main elements: an advance payment of funds and a way to subsequently retrieve or transfer those funds or the value of those funds. Within such programs, two kinds of parties may need to take on some compliance responsibility: providers and sellers of a qualifying prepaid program.
A provider of a prepaid program is determined on a case-by-case basis based on the relevant facts. Generally, the provider is the party with principal oversight and control over the prepaid program. Under the BSA, the provider of a qualifying prepaid access program is required to register as a Money Services Business. Even if it seems like a complex undertaking, when the BSA was revised, FinCEN streamlined how qualifying entities need to comply. In fact, they broke with much of the global enforcement focus targeting digital transactions and requiring specific licensing for participating in e-commerce. At least under the BSA, FinCEN treats all money transferrers as Money Service Businesses, requiring registration and compliance as such regardless of whether the transfers are handling paper or electronic currency. FinCEN’s approach has been that any entity that handles financial transactions like wiring funds, converting currency, or providing prepaid access should register as a Money Service Business, but is otherwise given a high degree of discretion in implementing anti-money laundering procedures based on the risks involved in that operator’s business.
Within a network of merchants using a prepaid program, there only needs to be one provider. In fact, FinCEN would prefer a single program provider as that party becomes the sole contact for FinCEN. Based on industry responses, FinCEN has agreed that within a prepaid access network, the provider can be appointed by agreement between the parties involved. If you are operating a closed-loop gift program within a network of merchants, the same entity that holds all prepaid accounts for breakage could also be the one responsible for the majority of compliance issues with FinCEN by simply entering a written agreement naming them as the provider.
The second category of participants in a prepaid access program are sellers: those who sell and redeem prepaid value programs. Generally, these retailers are not required to register as Money Services Businesses and take on substantially less compliance requirements. Retailers should report suspicious activity, retain customer verification information for five years, and implement anti-money laundering procedures. According to FinCEN, the intensity and nature of those procedures are highly business specific. The lesser risk your business’ offerings could be unwittingly involved in money laundering, the less you need to contemplate in your procedures. In particular, FinCEN has identified that sellers whose prepaid access programs are limited to $1,000 a day and cannot be transferred internationally are a low risk for money laundering, and are therefore exempt from BSA requirements.
Additionally, there are limits on both sellers and providers. Within the gift card space, a closed-loop program cannot provide access to the value of $10,000 of funds in a single day to a single person, whether in one or a series of transactions (or series of vehicles) without incurring additional reporting obligations. Also, an individual vehicle cannot provide more than $2,000 of value to a single person in a day. This includes a gift card that can be reloaded and the act of reloading it. FinCEN has also made clear their concern extends beyond the exact form of the transactions to the substance and intent of the deals; structuring transactions and policies to get around these requirements can not only trigger FinCEN scrutiny, but be treated as a violation of the rules.
What actions and internal policies do I need to implement when handling gift cards under the BSA?
Complying with the BSA requires implementing and following internal policies and making filings with the Department of Treasury. However, there is no “one-size fits all” internal policy to adopt. Your operation’s policies should account for and manage the risks relevant to the assets, namely their fungibility, and transferability. As for compliance with one’s internal policies, FinCEN seems to understand some variance may be within normal operations, but systematic failures, like designated personnel continually omitting reports, create risks.
Specifically, FinCEN names one measure of compliance allowing some wiggle room: preventing transactions over $10,000 through internal policies. Here, the BSA requires internal policies that “intend to prevent” transactions for over $10,000 of goods and services rather than imposing a bright-line rule to prevent such transactions. But FinCEN’s attention to the intent of policies means a hotel does not have carte blanche to offer and sell $10,000+ prepaid programs without running into BSA compliance issues.
Gift cards under the Card Act
The CARD Act is focused on protecting customers from predatory fees and practices (like short expiration dates) and takes a different approach to devices that work as prepaid access programs including gift cards. Beyond fees, the CARD Act sets ground rules for terminating gift cards.
The CARD Act mandated prepaid cards, including closed loop cards, cannot expire less than 5 years from issuance. For sellers, long or indefinite validity periods present an accounting conundrum; while the seller gets the cash up front and a guarantee that those funds must be spent with the seller’s brand family, the prepaid amount is a liability, in the form of an obligation to provide goods and services, until the holder uses it. Any balance on the card can’t be recognized as revenue until it's spent or expired. This outstanding amount is referred to as “breakage.”
The State of Escheat
Escheatment is the right of a United States governmental entity (generally a state) to take ownership of assets and unclaimed property if no beneficiaries can be determined or when assets are unclaimed. This includes things like deposits at banks or brokerages and gift cards. Rules for gift card escheatment are made state by state, so it is key to understand why the applicable law is within your organization. For example in Alabama, gift cards are presumed to be abandoned three years (note, that is less than the five-year federal minimum expiration date) after it is unclaimed by the owner - but only 60% of its face value is presumed abandoned. In sharp contrast, gift cards in Arizona are not even considered property, and are therefore not subject to escheat.
Gift Card Holding Companies
One method of managing breakage for larger and multi-unit operators is by setting up a holding company to hold the underlying funds for and manage a closed-loop gift card program.
Any affiliated merchants within the network can accept gift cards, but the underlying liability is held within the holding company. This strategy can help with a lot of Card Act issues, especially the escheat situation described above. An important aspect of this strategy is to incorporate such entities in a state with favorable escheat laws. This is not a strategy that will work for everyone. If you only operate in one state, incorporating your holding company in another state is probably not an option. Work with your accounting and legal professionals to determine if this is a workable strategy for you.
Experience cards are rapidly growing in popularity. Often called “experience” cards or vouchers, these provide access to a specific experience, such as a massage, fixed-price meal, class, or event. More and more gift buyers are moving away from gifting monetary cards to gifting an experience, which is seen to be more personal and meaningful. Experience cards are exempted from many Card Act requirements, meaning they can be easier and more economic to administer. Cards not issued “in a specified amount” is not a gift certificate under the Card Act and therefore not subject to its requirements.
For example, a $250 gift card to Hotel A would be subject to the notice and termination requirements set forth in the CARD Act. However, Hotel A could sell a certificate for afternoon tea at the hotel as a more limited experience card without treading on the bulk of CARD Act compliance measures for gift cards. It is key to remember that for quality, experience cards must be issued without a specific or denominated amount.
The BSA Rule on Experience Cards
The fact that experience cards are more limited in their application (justifying different treatment when compared to strictly fund-based closed-loop gift cards under the CARD Act), this does not exempt them from BSA requirements.
Within the gift card space, a closed-loop program cannot provide access to the value of $10,000 of funds in a single day to a single person, whether in one or a series of transactions. Also, any individual vehicle cannot provide more than $2,000 of value to a single person in a day. This includes a gift card that can be reloaded and the act of reloading it. Under the BSA, an experience card likely qualifies as a prepaid access program for the value of the goods and services available in the credited experience even if that same device would be exempt from disclosure and termination requirements under the CARD Act.
However, there is still a benefit to offering experience cards rather than pure value-based closed-loop programs under the BSA. Experience cards fundamentally have less fungibility than cash, open-loop, or closed-loop prepaid funds since that experience cannot be redeemed for other goods or services. Therefore, it provides substantially less value to a money laundering operation. As a result, FinCEN may be satisfied with less intensive anti-money laundering procedures because there is a lower risk of that asset being involved.
For example, a $100 gift card for Hotel A would likely need to be accompanied by a notice regarding the expiration of the card under the CARD Act. Under the BSA, if the purchaser acquired over $1,000 worth of these gift cards, then some party within the merchant’s network would likely need to be registered as a Money Service Business and the retailer itself would need to implement anti-money laundering policies related to the cards that might include customer verification procedures.
To compare, Hotel B’s 2024 Valentine’s Day Experience Package sold for $1,500 for example could be an experience card under the CARD Act, meaning it would not be subject to the five-year bar on expiration or disclosure requirements. Because of its value, it would also likely be exempt from the BSA rules. However, if the value of that package were $2,000, the amount involved would likely require the program provider to register as a Money Services Business and the retailer to implement anti-money laundering procedures even though the experience card is more limited in its application. Note that in the examples in this paragraph, Hotels A and B could be both the provider and the retailer depending on whether a third party, such as a gift card holding company described above, is also involved. Under the BSA, the only difference for the merchants involved between the experience card and closed-loop gift cards for the same value is that the lesser fungibility of the experience card may merit less stringent internal anti-money laundering procedures.
What measures should you implement to safeguard you?
Beyond the policies themselves, you can tailor your offerings to make internal measures less demanding. Experience cards provide some administrative benefits under the CARD Act and their reduced application in money laundering operations also means there is a lower risk to your business to account for in your policies. Restricting the transfer of those prepaid programs and ensuring only verified customers participate in them further reduces the ability for bad actors to misappropriate your programs. FinCEN has also recognized that domestic transactions and programs are lower risk than programs that involve international transactions for white collar crime. If that is a relevant customer base for your program, be prepared to address it in your policies.
Ultimately, prevention is cheaper than defending. Thoughtful policies specific to your operations can avoid costly audits, let alone running afoul of FinCEN. Experience cards may not overcome all of the hurdles that come with anti-money laundering compliance, but they can reduce the risks associated with your programs while providing a way to efficiently manage your obligations under the CARD Act. It’s always a good idea to evaluate and continually reevaluate your program; identify areas for compliance and develop a plan to implement procedures and controls. Your tools and vendors should be able to accommodate strategies like experience-based gift certificates, reasonable policies intended to prevent certain transactions, and gift card holding companies.
Another reminder that this guide is not legal advice and should not be a substitute for your own counsel. It is strongly recommended to get the right advisors within your domain for your property, and implement any new procedures as necessary without any delay to avoid attention from FinCEN, or even the sudden removal of unclaimed property from your bank account by the state. With the right advisors, a plan and some hard work, you can limit your exposure and make your gift card program an excellent service and marketing mechanism for your business.
About Techsembly and Blackgarden Law
Techsembly is a one-stop e-commerce solution enabling luxury hotel groups to generate additional revenue streams through the sale of gift cards, experiences, F&B delivery, merchandise and curated marketplaces on one seamlessly integrated platform, custom designed for you.
Techsembly’s Gift Card and experience solution is integrated with some of the world's most prestigious hotels, helping them to drive Gift Card and Experience sales globally. Their solution enables the sale of property specific experiences and global Gift Cards that can be redeemed across multiple properties and currencies.
Techsembly is headquartered in the UK with global offices worldwide.
Blackgardenlaw is a boutique business, securities and intellectual property law firm with a focus on finance, technology, and consumer products.
All content in this blog is published for the user’s informational purposes only. They do not constitute legal advice nor do they necessarily reflect the opinions of Blackgarden Law, Techsembly or any of their partners, employees, vendors or clients. There is no implicit guarantee that this information is correct, complete, or up-to-date. No attorney of Blackgardenlaw will become your lawyer just because you read this content or used this site. Use of this website or any of the content, materials or links does not create an attorney-client relationship. Do not rely in any way on information from this blog or website without engaging a competent attorney.
This article has been written in partnership with Blackgarden Law as a follow-up to their post on A Guide for Businesses Selling Gift Cards Under the Credit Card Act's Gift Law. Read the blog now >>