BSA/AML Compliance

By now, every residential mortgage lender in this country should know that it must comply with the BSA/AML requirements.  According to the Final Rule issued by FinCEN, effective as of August 13, 2012, all non-bank residential mortgage lenders and originators ("RMLOs") must establish and maintain a comprehensive BSA/AML program and file suspicious activities reports. Non-compliance may result in substantial legal and monetary consequences.

Let's first sample the recent FinCEN enforcement actions against two banks.  Though these enforcement actions are not against RMLOs, the message from the FinCEN is loud and clear.  On September 24, 2013, FinCEN announced a consent order against the defunct Saddle River Valley Bank in Saddle River, New Jersey.  According to the consent order, FinCEN assessed a $4.1 million civil money penalty against Saddle River Valley Bank because FinCEN has determined that the bank failed to: (1) implement an effective BSA/AML program designed to manage its risks; (2) conduct due diligence in its foreign correspondent accounts; and (3) file suspicious activity reports ("SARs").  FinCEN levied a civil penalty of $37.5 million, on September 23, 2013, against TD Bank, N.A. for failing to file SARs related to a Ponzi scheme perpetrated by a Florida lawyer who was a customer of the bank.  Occurring almost concurrently, these two enforcement actions remind financial institutions, lenders, and RMLOs that BSA/AML compliance should be an integral part of each institution's compliance program, just like RESPA, TILA, and ECOA.  

Having seen the consequences of non-compliance with BSA/AML requirements, let's turn to the basics on how to be compliant. A RMLO must develop and implement a written BSA/AML program tailored to prevent itself from facilitating money laundering or from financing terrorist activities.  The BSA/AML program should be approved by the lending institution's senior management, and a copy of it must be made available to FinCEN or its designee, upon request.  The BSA/AML program should, at a minimum include these features: (1) policies, procedures, and internal controls designed in accordance with the risk factors associated with the RMLO’s products and services; (2) a designated compliance personnel to ensure the BSA/AML program’s effective implementation by relevant persons, agents, and brokers; (3) continuous training of appropriate persons regarding their responsibilities under the BSA/AML program; and (4) independent tests and audits by the RMLO or third parties to monitor and maintain the adequacy of the BSA/AML program.

It has been a little over one year since the BSA/AML requirements became mandatory for RMLOs.  With multiple final rules affecting mortgage lending being issued and amended by the CFPB in the past few months, compliance with the BSA/AML is hopefully not on the back burner of any RMLO since FinCEN has demonstrated that it is ready and willing to impose huge civil penalties where non-compliance is found.