We are thinking about offering credit cards to our business customers. The program is bank-branded, however our provider will hold all transactions and fraud liability. We will receive monthly compensation from our provider based on # of cards issued, etc.

I believe other than maybe policy, procedures and addition to the BSA risk assessment as a product offering we should be all set. But…for some reason this sounds too easy.  Compliance and BSA is not supposed to be easy right!? Any insight would be greatly appreciated! Thank you in advance!

Review your policy on information sharing and privacy to see what, if any, changes you have to make and communicate to your consumer customers.

Others?

We have the same type arrangement with a credit card provider. It is not our 'produt'. We do not 'exchange' any personal/private information, we simply have applications in our lobby that would be mailed directly to the card issuer. If a card is issued, it has our name on it, but we have NO information at all on any of the cardholders. The credit card issuer holds all the personal/private info and nothing is ever shared with us, except the agreed upon fee if the card is issued. Consequently, I believe for Privacy purposes we have no joint marketing agreement with them as we do not share.

Georgia, that is the exact scenario in which we would offer these as well. So with that said, I think it's safe to assume that the compliance and BSA issues would fall on the behalf of the company issuing the cards. We would not have any access to these accounts as far as monitoring purposes since the balances would be held on there books and all transactions processed on their end. Whew! What a great day it is! :-) Thanks to you and John for your input!