Anti Money Laundering – a Technical Explanation

[Ken Rishel]

From another client report (this one from 2012) - sans footnotes and references.

All Americans are experiencing the expansionist wave of government control over all of our activities, and businesses are being increasing drafted as part of a quasi police network or informer network. The definition depends on a person’s point of view, but the end result is the same.

Therefore, it should be no surprise that both the sellers and lenders involved with manufactured homes have been forced to join this new movement, but apparently many who have not been paying attention to the “Change” that Obama promised us are surprised.

Overview

• § Non-depository lenders, including seller financiers are now included with depository lenders in responsibility for anti money laundering compliance issues.
• § Those engaged in the sale of manufactured homes that also engage, even once, in facilitating a credit transaction have been reclassified) for Treasury Department purposes as “lenders”.
• § There are very serious consequences for not accepting those compliance responsibilities.
• § The Treasury Department has signaled they will not tolerate “loopholes” and they are

  working to broaden the base of those who must comply with the end goal of including every business that deals with big-ticket transactions or any other transaction where larger amounts of money change hands.

• § An unstated, but underlying goal, is to track all cash movement in the United States so as to also ferret out and destroy any underground economy that exists in the United States in order to collect taxes on monies currently going unreported.

  A New Beginning in Government Control

  The Financial Crimes Enforcement Network, known as “FinCEN,” has required nonbank mortgage lenders and originators to implement an Anti-Money Laundering program (“AML Program”) and file Suspicious Activity Reports (“SARs”) for certain loan transactions.

• § FinCEN is establishing this AML program in accordance with the Bank Secrecy Act (“BSA”)
• § The guidelines relating to the AML requirement become effective on April 16, 2012, and the AML Program’s effective compliance date is August 13, 2012.
• § The AML program and SAR filing regulations are considered to be “the first step in an incremental approach to implementation of regulations for the broad loan or finance

  company category of financial institutions.” 4

• § The Bank Secrecy Act defines the term "financial institution" to include, in part, a loan or

  finance company. This terminology, however, can reasonably be construed to extend to any business entity that makes loans to or finances purchases on behalf of consumers and businesses. Thus, nonbank residential mortgage lenders and originators, and mortgage brokers, are grouped into the "loan or finance company" category.

  However, the term ‘‘loan or finance company’’ is actually not concisely defined in any FinCEN Technical Explanation of Anti Money Laundering Requirements regulation, and there is no legislative history on the term itself. Nevertheless, FinCEN is applying this term to extend to any business entity that makes loans to or finances purchases on behalf of consumers and businesses. * Therefore, residential mortgage lenders and originators (“RMLOS”) are covered by the scope of the ‘‘loan or finance company’’ term. I will use the acronym “covered entity” in this article, inasmuch as my principal focus herein relates to seller financiers engaged in captive finance and retailers and communities now covered by this rule extension.

FinCEN can issue regulations requiring financial institutions to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism. Federally regulated depository institutions have been required to have AML Programs, and now, as of the aforementioned effective compliance date, covered entities must also comply with FinCEN’s regulations relating to implementing an AML Program and the filing of SARs.

Over the last few years, FinCEN has issued studies and analyses that used SARs to discover suspected mortgage fraud and money laundering that involved both banks and residential mortgage lenders and originators. According to FinCEN, these reports “underscore [d] the potential benefits of AML and SAR regulations for a variety of businesses in the primary and secondary residential mortgage markets.”

Residential mortgage lenders and originators, the covered entities, are considered to be the primary providers of primary residence finance, and have a unique position with respect to direct contact with the consumer. Thus, they are presumably able to assess and identify money laundering risks and fraud. At this time, FinCEN is not proposing a definition of “loan or finance company’’ that would encompass other types of consumer or commercial finance companies, or real estate agents and other entities involved in real estate closings and settlements.

AML PROGRAM

Residential mortgage lenders and originators, the covered entities, are required to establish an AML Program that includes, at a minimum:

• ü Development of internal policies, procedures, and controls that are contained in written policy and procedure manuals.
• ü The selection and designation of a qualified compliance officer to oversee the compliance effort.
• ü A formal, documented and ongoing employee training program.
• ü The establishment of an internal or third party independent audit function to test for

  compliance.

  To effectuate the AML Program, FinCEN has given a definition of a covered entity that is broad in scope and covers most nonbank residential mortgage originators, which, in effect means those that sell homes.

  The AML Program covers any business that, on behalf of one or more lenders, accepts a Technical Explanation of Anti Money Laundering Requirements completed mortgage loan application, even if the business does not in any manner engage in negotiating the terms of a loan. Also covered are businesses that offer or negotiate specific loan terms on behalf of either a lender or borrower, regardless of whether they also accept a mortgage loan application.

Note that the word “accept” is intended to differentiate the FinCEN rule from the SAFE Act. FinCEN is ensuring that persons who either accept an application or offer or negotiate the terms of a loan are covered. Furthermore, the AML rule applies to residential mortgage originators, regardless of whether they receive compensation or gain for acting in that capacity.

Obviously, these changes create differences between the definitions in the FinCEN rule and those used in the SAFE Act and other federal mortgage-related statutes. Clearly, this was done intentionally to differentiate the FinCEN requirements from those other statutes, so that FinCEN’s interpretation is not based on the interpretation of those statutes.13 Moreover, FinCEN has taken the position that the registration and training requirements under the SAFE Act are not sufficient to address all of the concerns and accomplish all of the goals related to AML and SAR programs. In any event, FinCEN has announced that it intends to dialogue with the Conference of State Bank Supervisors (“CSBS”) to coordinate the identification and examination of mortgage originators subject to FinCEN’s rule.

Exclusion of Exceptions

The AML Program applies to businesses, including sole proprietorships, but does not contemplate coverage of an individual employed by a financial institution. To state this precisely: The rule does not incorporate any exceptions for businesses based on their form of organization.

There are no exceptions for a certain arbitrary number of employees or net worth, nor is there a “small business” exclusion or exception for businesses with fewer than five employees, or for businesses that satisfy some other arbitrary size, net worth or similar criteria. Similarly, there is no “de minimis” exception for businesses that lend or broker loans under a relatively low value, or low aggregate volume of transactions within a set time period. The only exclusion is given to individuals financing the sale of their own real estate.

Generally, purchase money mortgage loans and traditional refinancing transactions facilitated by covered entities are covered in the AML Program.

Exceptions

However, to the contrary, the rule does not directly apply to the Federal or state housing authorities and agencies administering such programs. Therefore, excluded from the AML Program is any Federal or state agency or authority administering mortgage or housing assistance, fraud prevention or foreclosure prevention program, though manufactured housing entities participating in such programs must comply with the rule to the extent that any transactions could reasonably be considered to be extending a primary residence loan or offering or negotiating the terms of a primary residence loan.

Technical Explanation of Anti Money Laundering Requirements

Interestingly, the AML Program does apply to foreclosure prevention actions and counseling services performed by legitimate, non-profit organizations, to the extent any such organizations may reasonably be deemed to be extending a residential mortgage loan (including a short-term mortgage loan), or offering or negotiating the terms of a residential mortgage loan. However, the rule does not require implementation of the AML Program rules for non-profit organizations that:

(1) limit their activities to assisting with the preparation of loan applications or referral of prospective borrowers to qualified lenders, for free or for a fee,

(2) provide short-term, non-mortgage loans to qualified borrowers or homeowners, or

otherwise “facilitate” the extension of a residential mortgage loan (but do not make the loan or offer or negotiate the terms of the loan).

Apparently, loan servicers are in a grey area with respect to complying with the rule. Although FinCEN seems to agree that the typical activities of mortgage servicing companies do not fall within the definition of residential mortgage originator, FinCEN will not make a “blanket exclusion or exception” for mortgage servicers. That is, because the broad definition is based on the activity in which an entity is engaged, as long as a mortgage servicer does not extend residential mortgage loans or offer or negotiate the terms of a residential mortgage loan application, it will not fall under of the definition of residential mortgage loan originator.

Loan modification programs, such as the Home Affordable Modification Program (“HAMP”) are covered by the rule only to the extent that the modifications do not involve extending new residential mortgage loans or offering or negotiating the terms of a residential mortgage loan application. Such programs nonetheless are vulnerable to fraud and money laundering; in fact, since 2009, FinCEN has warned financial institutions and consumers about the fraud and money laundering risks associated with foreclosure prevention and loan modification programs.

SUSPICIOUS ACTIVITY REPORTS

Suspicious Activity Report, known as a SAR or in common parlance, “Something Ain’t Right” requires a special form at the present time. However, FinCEN is moving toward reporting via the internet, and should have a web site set up by the August 13th (2012) deadline.

The Federal financial institutions’ regulatory agencies, the U S Departments of Justice, and the Treasury, may use and share the information collected on a SAR.

Historically with banks and credit unions, the time required for collecting information averages thirty to forty- five minutes per SAR response, and that includes the time to gather and maintain data in the required SAR report, review the instructions, and complete the report’s fields. It is likely the same time frame will likely apply to nonbank SARs.

However, FinCEN is modernizing its SAR filing system and intends to establish a uniform electronic form for use by all financial institutions with a SAR filing obligation. Accordingly, FinCEN promulgated the aforementioned, effective compliance date for SAR filing in order to allow time for the nonbank industry to implement programs and systems and for FinCEN to implement the new filing system using a uniform SAR.

In addition, FinCEN intends to phase out the manual filing of paper SAR forms. Therefore, regulated entities will be required to use FinCEN’s electronic, web-based E-Filing system, which is currently under development, for the filing of the SAR form. The E-Filing system will be web-based and will not require automated systems to be integrated into the loan origination systems. The current SAR consists of five parts, as follows:

Part I: Reporting Financial Institution Information Part II: Suspect Information
Part III: Suspicious Activity Information
Part IV: Contact for Assistance

Part V: Suspicious Activity Information Explanation/Description

Completing the SAR correctly is essential to compliance with the rule. A whole cottage industry of independent auditors has built up over the years to review depository lender’s compliance with respect to SAR filings. Rishel Consulting Group has a team of auditors nationwide already in place that works with seller financiers in their compliance requirements, and can also handle the new audit requirements for non-lenders who see the value of a third party audit. However it is accomplished, this auditing is essential as there is a requisite independent testing component to any valid AML Program, whether bank or nonbank, and now for affected retailers and community owners.

For an example of meticulous due diligence in completing a SAR, the SAR’s Part V section itself requires careful explanation and/or description of “known or suspected violation of law or suspicious activity” and the care with which it is completed may make the difference in whether or not the described conduct and its possible criminal nature are clearly understood and recorded. Thus, the SAR form’s preparation and filing, although conducted by the covered entity’s employees, often requires independent auditors to determine and report on the enforcement of the AML Program and the accuracy, completeness, and timeliness of the SAR filings.

Rishel Consulting Group conducts such audits and our auditors have observed a variation in the level of understanding on the part of our clients regarding, among other things:

§ the comprehensiveness of the AML Program, what information requires a SAR filing, § the obligation of filing a SAR in a particular instance, how and when a SAR must be or should have been filed, and the extent to which employees are adequately educated in Bank Secrecy Act mandates.

SAFE HARBOR

There are some features of filing a SAR that have stirred controversy and provoked litigation over the years, especially in the areas of the “Safe Harbor,” limitation on liability, and notification to the suspect of a subject SAR being filed. There is a “Safe Harbor” under Federal law that provides complete protection from civil liability for all reports of suspicious activity transactions made to appropriate authorities, including supporting documentation, regardless of whether such reports are filed pursuant to the SAR’s instructions or are filed on a voluntary basis. Specifically, the law provides that a financial institution, and its directors, officers, employees and agents, that make a disclosure of any possible violation of law or regulation, including in connection with the preparation of suspicious activity reports, “shall not be liable to any person under any law or regulation of the United States, any constitution, law, or regulation of any state or political subdivision of any state, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such disclosure or for any failure to provide notice of such disclosure to the person who is the subject of such disclosure or any other person identified in the disclosure”.

A covered entity, and any director, officer, employee, or agent of any loan or finance company, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to FinCEN’s rule or any other authority, including a disclosure made jointly with another institution, is protected from liability for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both.

Confidential Nature of SARs

Notification to the suspect is prohibited under Federal law and an entity, and its directors, officers, employees and agents that, voluntarily or by means of filing a SAR, report suspected or known criminal violations or suspicious activities may not notify any person involved in the transaction that the transaction has been reported.

Indeed, any covered entity, and any director, officer, employee, or agent of an covered entity, if subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, must decline to produce the SAR or any information relating to the subject SAR. The required response of the covered entity to such circumstances is to notify FinCEN of any such request and reporting to FinCEN the response thereto made thus far by the covered entity.

Furthermore, there is a prohibition to sharing by an covered entity, or any director, officer, employee, or agent of the covered entity, of a SAR, or any information that would reveal the existence of a SAR, within the covered entity’s own corporate organizational structure.

There are even prohibitions involving government entities with respect to SAR disclosure. A Federal, state, local, territorial, or tribal government authority, or any director, officer, employee, or agent of any of the foregoing, may not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with the Bank Secrecy Act. Official duties, however, do not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding.

AML PROGRAM – COMPONENTS

The AML Program for retailers and community owners requires, in the first place, a written anti- money laundering program that is reasonably designed to prevent the entity from being used to facilitate money laundering or the financing of terrorist activities. Senior Management must approve the AML Program and, upon request, a copy of it must be made available to FinCEN (or its designee).

The following four components constitute the core requirements of the AML Program. Failure to comply fully with implementing these components on and after August 13, 2012 may constitute a violation of the Bank Secrecy Act. I have titled each component to reflect its essential significance.

INTERNAL CONTROL PLAN

Incorporate policies, procedures, and internal controls based upon the covered entity’s assessment of the money laundering and terrorist financing risks associated with its products and services. Policies, procedures, and internal controls developed and implemented by an covered entity must include provisions for complying with the applicable requirements of integrating the company’s agents and brokers into its AML Program, and obtaining all relevant customer-related information necessary for an effective AML Program.

COMPLIANCE OFFICER

Designate a compliance officer who will be responsible for ensuring that:

• The AML Program is implemented effectively, including monitoring compliance by the company’s agents and brokers with their obligations under the program;
• The AML Program is updated, as necessary; and, Appropriate persons are educated and properly trained. 
• The AML Program is implemented effectively, including monitoring compliance by the company’s agents and brokers with their obligations under the program;
• The AML Program is updated, as necessary; and, Appropriate persons are educated and properly trained.

EMPLOYEE TRAINING

Provide for on-going training of appropriate persons concerning their responsibilities under the AML Program. A business may satisfy this requirement with respect to its employees, agents, and brokers by directly training such persons or verifying that such persons have received training by a competent third party. It is important that copies of all internal training materials be retained for display to any regulators and that such training be documented by requiring all employees to sign an affidavit of receiving such training and their understanding of such training and their responsibilities in helping the business achieve required compliances.

INDEPENDENT TESTING

Provide for independent testing to monitor and maintain an adequate AML Program. The scope and frequency of the testing must be commensurate with the risks posed. It is recommended that testing be conducted by a qualified third party, but, the law provides that any officer or employee of the business, other than the person designated as the BSA officer may conduct the audit and testing.

FILING THE SAR

Commencing with the compliance date of August 13, 2012, every covered retailer or community is required to file a SAR with FinCEN, pursuant to the FinCEN’s rule. A covered business may also file a SAR that it believes is relevant to the possible violation of any law or regulation, but whose reporting is not actually required. The AML Program should provide clear and unambiguous procedures to identify such instances.

• A transaction requires reporting if it is conducted or attempted by, at, or through a covered retailer or community, it involves or aggregates funds or other assets of at least $5,000, and the covered entity knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part):
• Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation. 
• Is designed, whether through structuring or other means, to evade any requirements of this part or any other regulations promulgated under the Bank Secrecy Act.
• Has no business or apparent lawful purpose or is not the sort of purpose in which the particular customer would normally be expected to engage, and the covered business knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.
• Involves use of the covered entity to facilitate criminal activity. 
• Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation.
• Is designed, whether through structuring or other means, to evade any requirements of this part or any other regulations promulgated under the Bank Secrecy Act.
• Has no business or apparent lawful purpose or is not the sort of purpose in which the particular customer would normally be expected to engage, and the covered business knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.
• Involves use of the covered entity to facilitate criminal activity.

It should be noted that more than one covered entity may have an obligation to report the same transaction, and actually other financial institutions may have separate obligations to report suspicious activity with respect to the same transaction pursuant to other FinCEN provisions. In those instances, no more than one report is required to be filed by the covered entity and other financial institutions involved in the transaction, provided that the filed report contains all relevant facts, including the name of each financial institution involved in the transaction, the SAR complies with all instructions applicable to joint filings, and each institution maintains a copy of the filed SAR, along with any supporting documentation.

The SAR must be filed no later than thirty (30) calendar days after the date of the initial detection by the reporting covered entity of facts that may constitute a basis for filing a SAR. If no suspect is identified on the date of such initial detection, an covered entity may delay filing a SAR for an additional thirty (30) calendar days to identify a suspect, but in no case may the reporting be delayed more than sixty (60) calendar days after the date of the initial detection.

There are mechanisms in place to handle urgent circumstances. In situations involving violations that require immediate attention, such as suspected terrorist financing or ongoing money laundering schemes, a covered entity is required to immediately notify by telephone an appropriate law enforcement authority, obviously in addition to the timely filing of a SAR. And voluntary notification to FinCEN of suspicious transactions that may relate to terrorist activity may be directed to FinCEN’s Financial Institutions Hotline at xxx-xxx-xxxx; and, of course, such notification would still require the covered entity to file the subject SAR in a timely manner.

RECORD RETENTION

Even if there were no requirement to retain records, it would be very prudent to do so in order to prove what is being done to assure compliance. Regulators make their decisions based on what they can examine in writing, not on verbal assurances. However, record retention provisions are required by the AML Program rules when it involves SARs. The covered entity must maintain a copy of any SAR filed by the covered entity or on its behalf (including joint reports), and the original (or business record equivalent) of any supporting documentation concerning any SAR that it files (or is filed on its behalf), for a period of five (5) years from the date of filing the SAR. Supporting documentation should be identified as such and maintained by the covered entity, and would in any event be deemed to have been filed with the SAR.

The covered entity is required to make all supporting documentation available to FinCEN, or any Federal, state, or local law enforcement agency, or any Federal regulatory authority that examines the covered entity for compliance with the Bank Secrecy Act, or any state regulatory authority administering a state law that requires the covered entity to comply with the Bank Secrecy Act or otherwise authorizes the state authority to ensure that the covered entity complies with the Bank Secrecy Act, upon request.

EXAMINATIONS

Federal prudential regulators have delegated authority to examine certain financial institutions they oversee for compliance with the regulations. The Internal Revenue Service (‘‘IRS’’) has also been delegated the authority to examine for compliance with the regulations those financial institutions that are not examined by the CFPB, and those retailers and communities now considered a covered entity but not subject to lender examinations.

SARs filed pursuant to the regulations go into a database that is accessible to regulatory agencies and law enforcement on the federal, state and local levels.

FinCEN has been considering various options for delegating complete or partial examination authorities over covered entities for compliance with the AML Program. In addition to the IRS authority, some entities under consideration that may have delegated supervision, examination, and enforcement authority are state regulatory agencies, the Consumer Financial Protection Bureau (“CFPB”), and the Federal banking agencies (particularly with respect to covered entities affiliated with banks or insured depository institutions and their holding companies).

A regulatory issuance from FinCEN is forthcoming on the designated authorities. FinCEN has announced that it plans to work with other relevant regulatory agencies in the development of consistent compliance examination procedures, and in the future it will provide public notice of other agencies that will exercise delegated compliance examination authority with respect to certain classes of covered entities and other loan or finance companies.

PREPARATION AND READINESS

It is important to develop a reliable understanding about when a covered entity should be
required to file a particular SAR. In my view, a determination as to whether a SAR is required must be based on all the facts and circumstances relating to the transaction and customer of the covered entity. Different fact patterns will require different judgments.

Some examples of red flags are referenced in previous FinCEN reports on mortgage fraud and money laundering in the residential real estate sectors that would also apply to manufactured home sales and lending. There are many identifiers and special information procedures that FinCEN has provided to identify suspicious activity. Most previously covered entities, in order to remain viable, already have in place policies and procedures to prevent and detect fraud, insider abuse, and other crimes. Established anti-fraud measures should assist covered entities in reporting suspicious transactions.

The techniques of money laundering and mortgage fraud are continually evolving, and there is no way to provide anything of real permanence in regard to this compliance responsibility. 

This material is being provided to educate those who are failing to understand that even for community owners and/or retailers - no matter how small - must have a compliance management system to deal with the areas of compliance the federal government has required them to deal with.