Skip to main content

AML Program for Residential Mortgage Brokers

Mar 13, 2015

Question: I am a mortgage broker, one-man shop. I have been told that I must have an anti-money laundering program in place and have a test of the program conducted by a third party. Given that my company consists only of me, this requirement seems very onerous and expensive. Must I have such a program in place and, if so, what does it consist of?

Answer: Yes, as a mortgage broker, you must have an Anti-Money Laundering Program in place, regardless of whether you are a company employing 100 loan originators or a ‘one-man shop.'

The Bank Secrecy Act of 1970 (BSA, or “Act”) requires financial institutions to assist U.S. government agencies in detecting and preventing money laundering. Among the activities to be performed by a financial institution is the reporting of suspicious activity that might signify money laundering. The Financial Crimes Enforcement Network (FinCEN) is responsible for implementing and enforcing compliance with the BSA.

On Feb. 7, 2012, FinCEN extended the requirement for an Anti-Money Laundering Program to include residential mortgage loan originators (RMLOs) as it was thought that RMLOs could fill a regulatory gap open to exploitation by criminals. RMLOs, as the primary providers of mortgage financing, deal directly with consumers, and are in a unique position to identify and assess money laundering fraud. Under the Act, an RMLO includes a “person who accepts a residential mortgage loan application, or offers or negotiates terms of a residential mortgage loan,” such as a mortgage broker. [31 CFR § 1010.100(lll)(1)(iii)]  The requirement became effective Aug. 13, 2012. 

An RMLO’s AML Program, at a minimum, should consist of the following four elements: (1) policies, procedures and internal controls; (2) designation of an AML Compliance Officer; (3) on-going training; and, (4) an independent test.  A brief overview of each of these elements is set forth below. [CFR: Title 31, Subtitle B, Chapter X, Section 1029.210 (a)-(d)]

First, you must develop and implement policies, procedures and internal controls designed to limit and control risks and achieve compliance with the BSA. The policies and procedures should be based upon a risk assessment of your company, identifying the level of risk posed by your customers. Such an assessment should take into account your products and services, your geographic lending locations, and customer markets served by your company. Additionally, the Program should include sound policies and processes to verify your customer’s identity and information. The Program should also contain methods for identifying suspicious activity, such as a red flags worksheet, and the procedures to be followed upon discovery of such activity.

Second, the company must appoint an AML Compliance Officer, which in the case of your one-man shop, would be you. This individual is responsible for managing AML compliance at the company. The AML Compliance Officer must monitor the compliance of all personnel with your AML Program, update the Program as necessary, and ensure that all affected personnel are trained on the various AML components.

Third, training on at least an annual basis is essential. Any company personnel who handles any aspects of a residential mortgage loan transaction must be kept informed about both the BSA and its regulations and your company’s specific policies, procedures and processes. It is essential that should an employee identify a red flag, the employee must know the procedures to be followed in order to bring the matter to a resolution. Thus, in a small shop, it is most likely that training should be required of all employees.

Fourth, your company’s AML Program should require annual independent testing to verify the effectiveness of the Program. This testing is generally in the form of an audit and can be performed by a third party or a Company employee. If it is performed by a company employee, it cannot be performed by the AML Compliance Officer or anyone reporting to the AML Compliance Officer. The frequency of testing is risk-based. Generally, regulators recommend that the testing be conducted no less than every 12 to 18 months and the scheduling of the audit be done commensurate with the company's size, complexity, and risk profile. The findings of the AML audit may indicate the frequency of testing. A risk assessment and testing should be conducted as loan products, services, or your business changes.



Joyce Pollison is director of legal and regulatory compliance for Lenders Compliance Group. She may be reached by phone at (516) 442-3456.

About the author
Published
Mar 13, 2015
Rocket Mortgage Sues HUD Over Regulatory, Enforcement Discrepancies

Rocket seeks dismissal of the DOJ's October lawsuit alleging the lender committed racial appraisal bias.

Dec 05, 2024
CFPB Finalizes Rule Increasing Federal Oversight On Nonbank Fintechs

The final rule concerns lenders that offer digital payment apps and handle more than 50 million transactions per year.

Banking Regulator Testifies On Digital Transition, Climate Risks

Head of the OCC shares front-line perspectives as federal agencies prepare for a second Trump administration

Nov 20, 2024
FHA Proposes Looser Boarder Income Requirements For Qualifying Borrowers

The proposed changes reduce acceptable rental income history from two years to 12 months, among other expansions of FHA guidelines

Nov 20, 2024
New Calendar, Or Dictionary, Needed For AnnieMac

Half-a-dozen class-action law firms have launched investigations into AnnieMac's "proactive" handling of a late-August data breach.

Consumer Watchdog Invites State Regulators To Dance

As regulatory roll-backs loom over financial sectors, the CFPB says consumers' financial data rights are states' to forfeit