Anti-Money Laundering Program: Testing

I learned recently some rather extraordinary news: my firm is currently the only mortgage risk management firm in the country offering testing of a Residential Mortgage Lenders and Originator’s (RMLO’s) Anti-Money Laundering Program.* This situation struck me as exceedingly odd, inasmuch as testing is a statutory requirement.

Testing annually is recommended, but not later than every eighteen months. In this first year, most companies are testing prior to the Financial Crimes and Enforcement Network’s (FinCEN’s)statute’s anniversary date in August. An audit of the procedures detailed in an RMLO’s policy and procedures must be conducted either an internal auditor, in accordance with FinCEN guidelines, or, in accordance with FinCEN guidelines, by an independent external auditor.

How is it that we are the first mortgage risk management firm to offer the independent auditing requirement? Maybe, even at this late date, the industry itself is still trying to absorb the AML compliance implementation, while struggling to integrate a multitude of other new regulations.

Many residential mortgage industry participants have run the Elizabeth Kubler Ross spectrum of denial to acceptance at a pace that leaves in its wake the sentiments of high dudgeon, middling dudgeon, intermediate dudgeon, towering dudgeon, lofty dudgeon - and, finally, recognition that the tide of change is actually upon us!

I have tried to make it clear in previous articles, that the AML program is quite different than other policy statements and procedures!

For two of my analyses on this matter, read my articles entitled Anti-Money Laundering Program - Preparation is Protection (8/2012), or Anti-Money Laundering Debuts for Nonbank Mortgage Companies (3/2012).

Over the years, we have conducted AML audits for banks. Now we conduct them for nonbanks and their Suspicious Activity Report (SAR) filing compliance. Soon enough, I expect another cottage industry to arise, chock full of firms that will promote such external auditing, bringing about yet another feeding frenzy!

In this article, I will offer some of the basics to AML testing for RMLOs, so that you have a high-level set of bullets that may offer some insight into the audit process. There are many moving features to such an audit. In constructing your own procedures, be aware that the time to learn about how to properly test and report audit results is most certainly not during an examination.

_____________________________________________________

IN THIS ARTICLE

Elements of Testing

Internal or External Auditing

Library

_____________________________________________________

We recommend that an AML audit for RMLOs should contain, at the least, the following elements:

Entrance Interview
We require an entrance interview for all AML program audits. The meeting is held with company’s officials, compliance personnel, and support staff is conducted to (1) discuss the company’s lender profile, (2) specify procedures to be followed by the company in the course of the engagement, (3) answer any questions regarding the auditor’s evaluation process.

Audit responses to Prior Year Consulting and Regulatory Examination Reports (if applicable)We are in the first year of the AML program. However, each year afterward, the review will ask for the prior year's reports, including any regulatory reports. This part of the review cannot be side-stepped, because it acts as a baseline, further enhanced by an evaluation of corrective action responses. The reviewer's first actions may include back-testing to see if corrective actions were implemented. Any continuation of a compliance failure that previously was subject to corrective action should cause the review to mark down the results.

Issue and Review Document Request
Every audit must contain a document request. The extent that a company can comply with the document request is in itself a sign of the company's ability to implement the AML program's requirements. It is expected that a company will provide the documents needed promptly, in legible condition, and in their entirety. Failure to provide certain documents causes an adverse finding.

Conduct Anti-Money Laundering (AML) Risk Assessment
The review must go through a series of risk assessment analytics in order to determine that the company is fulfilling its AML program requirements. These series can be quite extensive, depending on the company's size, complexity, and risk profile.

Review
There are several areas subject to a comprehensive review which include, but are not limited to the following:

-AML Compliance Program Oversight

-Customer Identification Program Oversight

-Suspicious Activity Reporting (SAR) Policies and Procedures

-Suspicious Activity Monitoring Systems

-Transaction Testing, consisting of a sample of filed Suspicious Activity Reports (SARs) in order to determine completeness.

-Information Sharing Practices under Section 314(a) and 314(b) of the USA PATRIOT Act

-Reporting of Cash Payments Over $10,000 (FinCEN Form 8300) (if applicable)

-Report of Foreign Bank and Financial Accounts (IRS Form TD F 90-22.1) (if applicable)

-Report of International Transportation of Currency or Monetary Instruments (FinCEN Form 105) (if applicable)

In audits for RMLOs, the top six reviews are the key components.

Exit InterviewWe required an exit interview for all AML program audits. Like the entrance interview, this meeting is held with company’s officials, compliance personnel, and support staff. In this setting, we review and discuss initial results and learn about the RMLO's responses to some of the findings.

Issue an Audit Report containing Findings and RecommendationsThe Audit Report serves as a basis for the Company to assess the adequacy of policies, procedures, and processes associated with residential mortgage lender and originator lending relationships. The Findings determine whether the Company’s system for monitoring loan accounts for suspicious activities and for reporting of suspicious activities are adequate given the Company’s size, complexity, location, and types of customer relationships. The Recommendations set forth the proposed corrective actions required to comply with FinCEN regulations.

_____________________________________________________

Anti-Money Laundering–Red Flags and the SAR Narrative

Even though AML compliance for nonbanks has been in effect since August 13, 2012, many Residential Mortgage Lenders and Originators (RMLO) still seem to have considerable difficulty in two specific areas: how to determine when a Suspicious Activity Report (SAR) should be filed, and which suspicious activity events or features may trigger the SAR filing requirement.

In one article, entitled Anti-Money Laundering Debuts for Nonbanks, I unpack the AML Program in a way that will provides some familiarity with the AML Compliance scope, while perhaps also making its implementation a bit less daunting than it might otherwise seem to be.

In another article, entitled Anti-Money Laundering Program: Preparation is Protection, I outlined many of the so-called Red Flags and other triggering events. In addition, I offered a way to construct a SAR narrative - the description to FinCEN about the alleged suspicious activity - that, based on years of experience auditing and implement AML compliance on behalf of our clients, best meets FinCEN's expectations of an informative statement.

To give you an idea of the size and complexity of a well-constructed AML Program, my firm’s AML Program is well over fifty pages – which consists of a policy statement and numerous appendices for applicable procedures. This should give you some idea of the depth and detail needed for properly implementing AML compliance. The absence of or any inaccuracies in required program components may indicate a defective policy and procedures – the very tools needed to assist in detecting and preventing money laundering or other illegal activities conducted through mortgage banking conduits.

So, a word of caution is due: do not take the chance of buying an abbreviated or defective AML Program, in the hope of merely satisfying the “basic” FinCEN requirements. Obtaining a boilerplate document with your company’s name on it is regressive, and it is a tactic that Examiners are now regularly criticizing in adverse findings.

These days, regulators are fully aware of this ‘short cut’ to compliance. An insufficient AML Program may cause adverse examination findings. Indeed, in some cases, template-driven policy and procedures may cause Examiners to escalate their regulatory review of an RMLO’s anti-money laundering implementation.

AML compliance is a specialized area of mortgage compliance, necessitating genuine, practical, hands-on, regulatory compliance and experiential knowledge, and an AML Program must reflect precise policies and procedures that not only implement the SAR regulations but also conform to a company’s way of doing business.

Therefore, an AML Program is one policy statement and set of procedures where the purchase price should not be an operative consideration. Caveat Emptor!

This is why I want to further outline the descriptive process of completing the SAR narrative, emphasizing a simple method I call The 5 W's and the How, and I will also provide details regarding both so-called Red Flags and triggering events. So, even if a company has a skimpy or defective AML policy and procedures, at least those who implement AML Compliance may be offered some rudimentary guidelines to consider in the practical experience of actually filing a SAR.

_________________________________________________________

IN THIS ARTICLE

The 5 W's and the How

Triggering Events

Documentation Red Flags

Applicant Red Flags

RMLO's Employee Red Flags

Library Resources

_________________________________________________________

The 5 W's and the How

If I were to choose the central feature of the SAR, I would select the SAR narrative.

Each SAR requires a narrative to be provided by the SAR filer. 

Over time, my firm has compiled numerous examples of common patterns of suspicious activities from our audit and due diligence reviews. Based on our experience and FinCEN’s own stated guidance, we believe that there are five interrogative categories to be considered when writing a SAR narrative: who? what? when? where? and why?

 

The method of operation (or how?) is also very important and should be included in the SAR narrative. 

HERE ARE “THE 5 WS” TO THE SAR NARRATIVE:

1. Who is conducting the suspicious activity?

2. What instruments or mechanisms are being used to identify the suspicious activity?

3. When did the suspicious activity take place?

4. Where did the suspicious activity take place?

5. Why does the filer think the activity is suspicious?

FinCEN suggests that the RMLO describe briefly its industry or business (i.e., mortgage banker, mortgage broker). Then describe, as fully as possible, why the activity or transaction is unusual, considering the types of products and services that the mortgage industry or the RMLO offers, and the nature and normally expected, transactional activities of customers.

HERE IS THE “HOW” TO THE SAR NARRATIVE:

Always include the How! This is an important feature of a SAR narrative. 

• How did the suspicious activity occur?

The narrative section of the SAR should describe the modus operandi or the method of operations of the subject conducting the suspicious activity. In a concise, accurate, and logical manner, the filer should provide a description of how the suspect transaction or pattern of transactions was committed. As completely as possible, the SAR narrative should offer a full picture of the suspicious activity.

At all costs, avoid long, rambling, and circuitous descriptions. When completing the narrative section of the SAR, many clients actually state the forgoing questions and then answer each question. Consequently, FinCEN is able to quickly understand the predicate conditions for filing the SAR.

_________________________________________________________

Triggering Events

FinCEN has made it clear that certain triggering events constitute the appearance of mortgage loan fraud. Perpetrators seem to invent new scams all the time. Indeed, FinCEN continues to issue reports periodically about the most current methods to commit mortgage fraud. 

Some salient schemes:

Anti-Money Laundering Program for Mortgage Brokers - Interview

Monday, August 13, 2012, marks the commencement of the Anti-Money Laundering Program.

Specifically, this is the effective date for implementing the regulatory compliance requirements for Residential Mortgage Lenders and Originators (RMLOs).

From August 13, 2012 forward, RMLOs must have established an Anti-Money Laundering Program (AML Program) and, as required, file Suspicious Activity Reports (SARs).  

The Financial Crimes Enforcement Network (FinCEN), a bureau of the Department of the Treasury, issued regulations earlier this year that require RMLOs to establish AML Programs and report suspicious activities under the mandates of the Bank Secrecy Act.

For additional background information, please refer to my March 2012 article, entitled Anti-Money Laundering Debuts for Nonbanks. *

This month, I am publishing yet another article on AML compliance, this time the subject is about drafting the Anti-Money Laundering Program. The article is entitled Anti-Money Laundering Program - Preparation is Protection. When published, I will notify you and send you the download link.

INTERVIEW: ANTI-MONEY LAUNDERING COMPLIANCE

Recently, I was interviewed by Paul Donohue, the Founder of Abacus Mortgage Training and Education, for his highly-regarded Abacus Mortgage Mastery Series.

I discussed at considerable length the many compliance features and guidelines of the Anti-Money Laundering Program. We had a detailed and engaging discussion about anti-money laundering as it relates to RMLOs.

I suggest that you listen to this interview, because it covers a broad range of issues and will help you to be prepared for implementing FinCEN's Anti-Money Laundering Program for RMLOs.

There are two ways for you to listen to the interview:

• Listen to the full Interview.
  • Click the Interview button on our website.

• Download the full interview (MP3) to save for future reference and AML training plans. 
  • Click the MP3 button on our website.

INTERVIEW

Anti-Money Laundering Compliance

CLICK

____________________________________________________________

* Jonathan Foxx is the President & Managing Director of Lenders Compliance Group

Anti-Money Laundering Debuts for Mortgage Brokers

A new era in filing requirements is about to begin.* For the first time, the Financial Crimes Enforcement Network, known as “FinCEN,” will require nonbank mortgage lenders and originators to implement an Anti-Money Laundering program (“AML Program”) and file Suspicious Activity Reports (“SARs”) for certain loan transactions.[i] FinCEN is establishing this AML program in accordance with the Bank Secrecy Act (“BSA”).[ii]

The guidelines relating to the AML requirement became effective on April 16, 2012, and the AML Program’s effective compliance date is August 13, 2012.[iii]

The AML program and SAR filing regulations, which I will refer to as “FinCEN’s rule,” are considered to be “the first step in an incremental approach to implementation of regulations for the broad loan or finance company category of financial institutions.”[iv]

The Bank Secrecy Act defines the term "financial institution" to include, in part, a loan or finance company. This terminology, however, can reasonably be construed to extend to any business entity that makes loans to or finances purchases on behalf of consumers and businesses. Thus, nonbank residential mortgage lenders and originators, and mortgage brokers, are grouped into the "loan or finance company" category.[v] However, the term ‘‘loan or finance company’’ is actually not concisely defined in any FinCEN regulation, and there is no legislative history on the term itself.

Nevertheless, FinCEN is applying this term to extend to any business entity that makes loans to or finances purchases on behalf of consumers and businesses. [vi] Therefore, residential mortgage lenders and originators (“RMLOs”) are covered by the scope of the ‘‘loan or finance company’’ term. I will use the acronym “RMLO” in this article, inasmuch as my principal focus herein relates to residential mortgage lenders and originators.

FinCEN can issue regulations requiring financial institutions to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism. Federally regulated depository institutions have been required to have AML Programs,[vii] and now, as of the aforementioned effective compliance date, RMLOs must also comply with FinCEN’s regulations relating to implementing an AML Program and the filing of SARs.

Over the last few years,[viii] FinCEN has issued studies and analyses that used SARs to discover suspected mortgage fraud and money laundering that involved both banks and residential mortgage lenders and originators.[ix] According to FinCEN, these reports “underscore[d] the potential benefits of AML and SAR regulations for a variety of businesses in the primary and secondary residential mortgage markets.”[x]

Residential mortgage lenders and originators, the RMLOs, are considered to be the primary providers of mortgage finance, and have a unique position with respect to direct contact with the consumer. Thus, they are presumably able to assess and identify money laundering risks and fraud.[xi] At this time, FinCEN is not proposing a definition of “loan or finance company’’ that would encompass other types of consumer or commercial finance companies, or real estate agents and other entities involved in real estate closings and settlements.

In this article, I am going to unpack the AML Program for you in a way that will give you some familiarity with its scope, while perhaps also making its implementation a bit less daunting than it might otherwise seem to be. Nevertheless, many RMLOs will find that setting up the AML Program will be a challenging endeavor. Information, issuances, and relevant documentation are available in the FinCEN section of my firm’s website Library.

Please keep in mind that, as is the case with many applications of legal and regulatory compliance, there are aspects and nuances that will require recourse to a competent risk management professional to obtain comprehensive guidance and reliable information.[xii]

AML Program

Residential mortgage lenders and originators, the RMLOs, are required to establish an AML

Program that includes, at a minimum:

(1) Development of internal policies, procedures, and controls.

(2) Designation of a compliance officer.

(3) Ongoing employee training program.

(4) Independent audit function to test for compliance.

To effectuate the AML Program, FinCEN has given a definition of an RMLO that is broad in scope and covers most nonbank residential mortgage originators.

The AML Program covers any business that, on behalf of one or more lenders, accepts a completed mortgage loan application, even if the business does not in any manner engage in negotiating the terms of a loan. Also covered are businesses that offer or negotiate specific loan terms on behalf of either a lender or borrower, regardless of whether they also accept a mortgage loan application.

Note that the word “accept” is intended to differentiate the FinCEN rule from the SAFE Act. FinCEN is ensuring that persons who either accept an application or offer or negotiate the terms of a loan are covered. Furthermore, the AML rule applies to residential mortgage originators, regardless of whether they receive compensation or gain for acting in that capacity.

Obviously, these changes create differences between the definitions in the FinCEN rule and those used in the SAFE Act and other federal mortgage-related statutes. Clearly, this was done intentionally to differentiate the FinCEN requirements from those other statutes, so that FinCEN’s interpretation is not based on the interpretation of those statutes.[xiii] Moreover, FinCEN has taken the position that the registration and training requirements under the SAFE Act are not sufficient to address all of the concerns and accomplish all of the goals related to AML and SAR programs. In any event, FinCEN has announced that it intends to dialogue with the Conference of State Bank Supervisors (“CSBS”) to coordinate the identification and examination of mortgage originators subject to FinCEN’s rule.[xiv]

The AML Program applies to businesses, including sole proprietorships, but does not contemplate coverage of an individual employed by a financial institution.[xv] To state this precisely: FinCEN’s rule does not incorporate any exceptions for businesses based on their form of organization.

There are no exceptions for a certain arbitrary number of employees or net worth, nor is there a “small business” exclusion or exception for businesses with fewer than five employees, or for businesses that satisfy some other arbitrary size, net worth or similar criteria. Similarly, there is no “de minimis” exception for businesses that lend or broker loans under a relatively low value, or low aggregate volume of transactions within a set time period. The only exclusion is given to individuals financing the sale of their own real estate.

Generally, purchase money mortgage loans and traditional refinancing transactions facilitated by RMLOs are covered in the AML Program. Yet, because any transactions conducted by the RMLO could reasonably be considered to be extending a residential mortgage loan or offering or negotiating the terms of a residential mortgage loan, within the meaning of the definitions of ‘‘residential mortgage lender’’ and ‘‘residential mortgage originator,’’ as provided in FinCEN’s rule, the AML Program would seem to apply to transactions involving funds or programs under the Troubled Asset Relief Program and similar Federal programs, or any similar state housing authority or housing assistance program. However, to the contrary, FinCEN’s rule does not directly apply to the Federal or state housing authorities and agencies administering such programs. Therefore, excluded from the AML Program is any Federal or state agency or authority administering mortgage or housing assistance, fraud prevention or foreclosure prevention program, though RMLOs participating in such programs must comply with FinCEN's rule to the extent that any transactions could reasonably be considered to be extending a residential mortgage loan or offering or negotiating the terms of a residential mortgage loan.[xvi]