Eight years ago, residential mortgage companies and originators were first required to follow anti-money laundering rules, including reporting fraud and suspicious activity, in much the same way as banks and other financial institutions. The Financial Crimes Enforcement Network (FinCEN), a part of the U.S. Department of the Treasury, requires lenders and originators to create compliance programs and train employees. Originators will want to be aware of recent changes affecting compliance with these rules.
Recent updates to the Multistate Mortgage Committee’s examination manual for the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) program reflect guidance from FinCEN, the Consumer Financial Protection Bureau (CFPB) and other regulatory agencies. The Multistate Mortgage Committee, a regulatory body that represents state regulators, reviews and enforces compliance with applicable state and federal mortgage lending laws and regulations such as the Bank Secrecy Act.
The committee’s focus is on lenders and servicers operating in 10 or more states, otherwise known as multistate mortgage entities. It comprises state mortgage regulators appointed by the Conference of State Bank Supervisors and the American Association of Residential Mortgage Regulators to represent the examination interests of the combined states.
The changes to the examination manual cover risks in specific geographic areas and emphasized crimes. Here’s a breakdown of what mortgage professionals should know about these changes.
Assessing risk
A new section added to the manual provides mortgage originators with specific risk factors that examiners may consider when reviewing a mortgage originator’s compliance program and associated risk assessments. State examiners usually review the originator’s documented risk assessment during the anti-money laundering compliance examination.
Sample factors that may influence risk for a mortgage company’s products, services, clients and geographic areas are listed. Potential risk factors for loan products and services, for example, include the complexity of the product, the level of documentation required, the target borrower, online versus paper applications and the outsourcing of origination functions to third parties.
With respect to the latter example, third parties and other service providers are clients of a mortgage company and should be reviewed for the purpose of identifying risk. This category of clients includes other lenders and brokers, as well as third-party processors, underwriters and mortgage servicers.
The examination manual states that whether the client is an individual applicant or a business, mortgage companies and originators must have effective controls to confirm the identity of the individuals. This is where third-party oversight and anti-money laundering compliance intersect. Mortgage companies that outsource processing or underwriting, or those that accept third-party originations, should address this in their overall compliance program.
With respect to geographic areas, the manual sets forth the expectation that mortgage companies review the potential risk associated with the locations where the company is based and conducts business by considering High Intensity Drug Trafficking Areas, which are critical drug-trafficking regions of the U.S., Puerto Rico and the U.S. Virgin Islands. Areas designated by FinCEN as High Intensity Financial Crime Areas also should be considered.
In addition, the examination manual suggests that a lender is expected to review loan-level reports as part of its compliance and risk-assessment programs to identify mortgage clients in each state and physical branch locations that may be in these areas. Mortgage companies also may consider available mortgage fraud-risk data for clients and branches in assessing potential geographic risk.
Criminal fraud schemes
The updated version of the manual also expands on suspicious activities applicable to mortgage companies and originators, including (but not limited to) mortgage fraud, elder financial exploitation, and marijuana-related businesses and employees. While mortgage fraud has always been one of the most significant operational risks facing mortgage companies, the new version of the manual includes a fairly comprehensive overview of the various mortgage fraud motivations, types, schemes and red flags.
The manual further incorporates guidance from the CFPB and FinCEN to advise examiners of the roles of mortgage companies in detecting and reporting potential elder financial fraud. Originators should be aware that in addition to filing a suspicious-activity report with FinCEN, prompt reporting of suspected exploitation of seniors to adult protective services and law enforcement may be required.
Examiners are directed to review state-specific laws applicable to a financial institution’s elder-exploitation reporting requirements and incorporate any requirements into their examination. The updated manual references the state-specific elder financial-exploitation reporting requirements provided by the CFPB and notes that the required disclosure is generally not a violation of privacy laws. The manual’s section on marijuana-related businesses and employees tracks guidance for financial institutions that was issued by FinCEN in 2014. These include expectations for providing financial services to marijuana-related businesses and imposing a requirement to file a suspicious-activity report in each dealing.
While the manual does not specifically address hemp-related businesses, FinCEN issued guidance last year to indicate that banks are not subject to mandatory filing of reports for lawful hemp-related businesses. More recently, on June 29, 2020, FinCEN clarified that financial institutions are expected to follow standard client information due-diligence and reporting procedures if they become aware of suspicious activity by a hemp-related business.
Emerging threats
Mortgage companies and originators may not be aware that email compromise fraud — a scam in which criminals send an email message that appears to come from a known source making a legitimate request ― and cyber-enabled crime may be subject to suspicious-activity reporting to FinCEN. The manual highlights Bank Secrecy Act obligations associated with email compromise fraud and cyber-enabled crime, referencing earlier FinCEN guidance in these areas.
The updated manual was published before the COVID-19 pandemic became a reality in the U.S. Shortly after President Donald Trump declared a national emergency in response to COVID-19, FinCEN released an alert urging financial institutions to be vigilant against various types of coronavirus-related fraud threats, including cyber-related fraud.
Knowing that cybercriminals take advantage of the public during natural disasters in order to conduct financial fraud and disseminate malware, FinCEN anticipated both old and new threats that could emerge during the pandemic, and encouraged financial institutions to review prior instructions on disaster fraud. The increase in remote-working programs and business-process changes among mortgage originators may increase vulnerability to risks such as email fraud schemes, malware and other cyber-related threats.
Mortgage companies and originators should consider risks arising from both temporary and permanent changes to business processes and practices. In short, coronavirus-related fraud risks and operational changes should be incorporated into the risk assessment.
In addition to adding key risk factors and suspicious-activity examples, the new version of the manual also features updated examination procedures, including those specific to foreign assets, customer identification programs and identify-theft prevention. Although the manual is primarily a tool for examiners, this more robust version is highly useful for mortgage companies and originators when reviewing and updating their compliance programs and risk assessments.
The Bank Secrecy Act/Anti-Money Laundering controls of financial institutions are a significant area of concern for regulators and examiners. More changes may be on the horizon. This past June, the Anti-Money Laundering Act of 2020 was submitted for consideration by the Senate. Among other purposes, this is designed to modernize laws for anti-money laundering and combat the financing of terrorism by adapting to new and emerging threats.●
