AML Program for Residential Mortgage Brokers – NMP Skip to main content

AML Program for Residential Mortgage Brokers

Joyce Pollison
Mar 13, 2015

Question: I am a mortgage broker, one-man shop. I have been told that I must have an anti-money laundering program in place and have a test of the program conducted by a third party. Given that my company consists only of me, this requirement seems very onerous and expensive. Must I have such a program in place and, if so, what does it consist of?

Answer: Yes, as a mortgage broker, you must have an Anti-Money Laundering Program in place, regardless of whether you are a company employing 100 loan originators or a ‘one-man shop.'

The Bank Secrecy Act of 1970 (BSA, or “Act”) requires financial institutions to assist U.S. government agencies in detecting and preventing money laundering. Among the activities to be performed by a financial institution is the reporting of suspicious activity that might signify money laundering. The Financial Crimes Enforcement Network (FinCEN) is responsible for implementing and enforcing compliance with the BSA.

On Feb. 7, 2012, FinCEN extended the requirement for an Anti-Money Laundering Program to include residential mortgage loan originators (RMLOs) as it was thought that RMLOs could fill a regulatory gap open to exploitation by criminals. RMLOs, as the primary providers of mortgage financing, deal directly with consumers, and are in a unique position to identify and assess money laundering fraud. Under the Act, an RMLO includes a “person who accepts a residential mortgage loan application, or offers or negotiates terms of a residential mortgage loan,” such as a mortgage broker. [31 CFR § 1010.100(lll)(1)(iii)]  The requirement became effective Aug. 13, 2012. 

An RMLO’s AML Program, at a minimum, should consist of the following four elements: (1) policies, procedures and internal controls; (2) designation of an AML Compliance Officer; (3) on-going training; and, (4) an independent test.  A brief overview of each of these elements is set forth below. [CFR: Title 31, Subtitle B, Chapter X, Section 1029.210 (a)-(d)]

First, you must develop and implement policies, procedures and internal controls designed to limit and control risks and achieve compliance with the BSA. The policies and procedures should be based upon a risk assessment of your company, identifying the level of risk posed by your customers. Such an assessment should take into account your products and services, your geographic lending locations, and customer markets served by your company. Additionally, the Program should include sound policies and processes to verify your customer’s identity and information. The Program should also contain methods for identifying suspicious activity, such as a red flags worksheet, and the procedures to be followed upon discovery of such activity.

Second, the company must appoint an AML Compliance Officer, which in the case of your one-man shop, would be you. This individual is responsible for managing AML compliance at the company. The AML Compliance Officer must monitor the compliance of all personnel with your AML Program, update the Program as necessary, and ensure that all affected personnel are trained on the various AML components.

Third, training on at least an annual basis is essential. Any company personnel who handles any aspects of a residential mortgage loan transaction must be kept informed about both the BSA and its regulations and your company’s specific policies, procedures and processes. It is essential that should an employee identify a red flag, the employee must know the procedures to be followed in order to bring the matter to a resolution. Thus, in a small shop, it is most likely that training should be required of all employees.

Fourth, your company’s AML Program should require annual independent testing to verify the effectiveness of the Program. This testing is generally in the form of an audit and can be performed by a third party or a Company employee. If it is performed by a company employee, it cannot be performed by the AML Compliance Officer or anyone reporting to the AML Compliance Officer. The frequency of testing is risk-based. Generally, regulators recommend that the testing be conducted no less than every 12 to 18 months and the scheduling of the audit be done commensurate with the company's size, complexity, and risk profile. The findings of the AML audit may indicate the frequency of testing. A risk assessment and testing should be conducted as loan products, services, or your business changes.

Joyce Pollison is director of legal and regulatory compliance for Lenders Compliance Group. She may be reached by phone at (516) 442-3456.

Mar 13, 2015
CFPB Seeks Insight On Creating A Fairer Mortgage Market

The Consumer Financial Protection Bureau has been actively looking to create a fairer mortgage market, free of discriminatory engagements. To do so, it issued a Request for Information to seek input on rules implementing the Home Mortgage Disclosure Act.

Regulation and Compliance
Nov 17, 2021
Regulators Renew Effort to Protect Against Foreclosures

CFPB, The Fed, FDIC and other agencies will watch for compliance with COVID-19 protections

Regulation and Compliance
Nov 10, 2021
Fed To Begin Tapering Asset Purchases by 14.3% This Month

Also sets target range for the federal funds rate at 0 to 1/4%.

Regulation and Compliance
Nov 03, 2021
CFPB Cracks Down On Discriminatory Credit Reporting For Black And Hispanic Consumers

Consumers in majority Black and Hispanic neighborhoods are far more likely to have disputes appear on their credit reports. 

Regulation and Compliance
Nov 03, 2021
CFPB Names 2 New Assistant Directors

Former Obama Administration officials will lead Supervision Policy, Enforcement divisions.

Regulation and Compliance
Oct 29, 2021
FHFA Proposes Extra Disclosure Rules For Fannie, Freddie

The proposed rule for the Enterprise Regulatory Capital Framework seeks to put Enterprises on a "level playing field" with U.S. banking requirements.

Regulation and Compliance
Oct 28, 2021