REGULATORY AND COMPLIANCE IN NORTH AMERICA

EML takes compliance very seriously and builds requirements into every program. We actively review federal, state and local laws, and banking regulations. We are a MasterCard® PCI Compliant and Visa® Compliant service provider, undergoing annual reviews to maintain these regulatory certifications. EML works to comply with the regulatory requirements and guidance of these agencies and laws: OCC, OSFI, FinCEN, OFAC, FDIC, FinTrac and HIPPA.

EML also maintains anti-money laundering programs for CIP, KYC and BSA. Our security standards include PCI/SSAE-16 certification, disaster recovery plans, and a dedicated fraud-prevention team. This team continually screens transactions for suspicious activity and utilizes applications such as Cybersource and Velocity, which help detect fraudulent transactions before they happen.

REGULATORY AND COMPLIANCE IN THE UNITED KINGDOM

PCI Certification: EML meets the stringent requirements of the PCI-DSS standards to provide a secure gift card program. Our processes and procedures have been fully certified as compliant by an independent Qualified Service Assessor.

SAS 70 Compliance: EML has successfully completed a Type II audit process for the last four years for compliance with the Internal Control standards of Statement on Auditing Standards No. 70 (”SAS 70”), “Reports on the Processing of Transactions by Service Organizations.” EML engages an independent and internationally recognized accounting and consulting firm, to assist the company in the SAS 70 internal control review and audit process. SAS 70 is a recognized standard for transaction processing entities.

REGULATORY AND COMPLIANCE IN AUSTRALIA

PCI Data Security Standard: The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa’s Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard’s Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process – including preventing, detecting and reacting to security incidents. EML is designated as a Level 1 transaction processor.

High Availability: All the critical systems are designed and configured in a highly available setup to eliminate single points of failure in equipment and communication links. EML hosts all its services from two dedicated data centers. The Polaris Data Centre in Queensland and the Port Park Data Centre in Melbourne are both N+2 and Tier 3 facilities meaning all the critical systems are designed and configured in a highly available setup to eliminate single points of failure in equipment and communication links.

System Monitoring: EML uses a 24 x 7 proactive monitoring system. This system detects and notifies the operations team of any availability, performance or security issue in the system.

Australian Financial Services License: EML is the holder of Australian Financial Services License number 404131 granted by the Australian Securities and Investments Commission.

AUSTRAC Reporting Entity: The Australian Government introduced the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act 2006 in response to global pressures to strengthen Australia’s ability to detect and prevent money laundering and terrorism financing. EML takes the implementation of the AML/CTF Act seriously and has taken steps to ensure that we meet our obligations as set in the AML/CTF Act.

Privacy: The Privacy Act 1988 (Cth) regulates the personal information held by EML. The collection, use and disclosure of personal information is governed by the Australian Privacy Principles.

Visa Risk Manager: Visa Risk Manager is the real-time, intelligent decisioning solution powered by VisaNet to help EML optimize loss prevention and maximize profitability through effective, enhanced risk decisioning capabilities for its prepaid Visa card programs.

Vigil Service: Vigil is a comprehensive fraud management operation which offers best-practice fraud monitoring services via a dedicated 24×7 transaction monitoring service supported with full call center capability, staffed by qualified, experienced and specialist staff.

Fractals: Fractals is a leading intelligent fraud detection and prevention product. It delivers value to all players in the transaction chain. Fractals can tackle any type of transactional fraud problem including cross product, cross channel, enterprise fraud detection and prevention. It will handle transactions from any channel from ATM and POS to internet and mobile. Rare among fraud detection solutions, Fractals is PA-DSS certified.

Authorized Deposit-Taking Institution Relationships: For more than nine years, EML has worked in close collaborative relationships with some of Australia’s largest ADI’s. Preferred partners Cuscal Limited and Heritage Bank Limited, provide depository and settlement services, financial transaction switching and sponsorship to the Visa, eftpos and rediATM schemes. These established relationships with Cuscal and Heritage are strong foundations that underpin the success of the EML prepaid portfolio.

ASAE 3402 Controls Assessment: EML's approach to treasury is one of transparency and control. EML has engaged Deloitte Touche Tohmatsu to facilitate a company-wide controls framework via the ASAE3402 Assurance Reports on Controls at a Service Organization which is issued by the Auditing and Assurance Standards Board of Australia. This engagement ensures a robust business with a control framework operating effectively and efficiently to underpin growth.