Mortgage Compliance Overview
Luke Osborne November 14, 2016
All “mortgage companies” including banks and non-bank lenders and brokers need to comply with an expanding set of laws that regulate the mortgage industry. The Financial Crimes Enforcement Network (FinCEN) has recently implemented regulations that requires all non-bank institutions to comply with laws regarding Anti-Money Laundering (AML) and Suspicious Activity Reports (SARs). This guide will help you to understand the requirements of mortgage compliance and where you can go to get more information.
Anti-Money Laundering Program
The Bank Secrecy Act (BSA) in 31 CFR Chapter X, Parts 1010 and 1029 requires companies to:
- Perform a risk assessment for the types of business that your company does.
- Develop company policies and procedures to handle potential fraud and to stay compliant with regulations.
- Designate a compliance officer.
- Train employees based on your policies and procedures.
- Annually perform testing of your AML program as a whole.
A risk assessment should include risks unique to your company:
- Customer base
- Products and Services
- Geographic areas of operation and market area
- How loan applications are taken (Face to Face, Telephone, Internet, Mail)
Policies & Procedures
Your company’s AML Program should include, at a minimum, “the development of internal policies, procedures, and controls.” This means that you must have written documentation available for employees that covers company policy on anti-money laundering and other topics.
Mortgage Compliance Officer
Your company needs to designate and register a mortgage compliance officer with FinCEN. To register a compliance officer, visit: http://bsaefiling.fincen.treas.gov/main.html
The compliance officer is responsible for:
- Establishing and maintaining procedures designed to ensure compliance with AML;
- Provide periodic updates on AML Policy to all staff;
- Ensure proper record retention;
- Ensure proper training of all staff;
- Ensure that SAR is filed with FinCEN when applicable;
- Ensure proper reporting to Executive Management;
- Act as liaison with Regulator, law enforcement, IRS, FinCEN when applicable;
- Effective implementation of AML Policy
Employee Compliance Training
The company must have a regular AML compliance training program that educates all employees on company policies. Your AML training program must:
- include all employees, including management and board of directors.
- be performed no less than annually.
- include new employees (within the first 30 days as a rule of thumb).
- maintain training records which must include names, dates, and test scores (which implies there must be a test).
In addition to formal training, the compliance officer is responsible for disseminating information on law changes and policy changes and must keep a record of these communications.
Independent Testing of Policy
Testing will be dependent upon the organization’s size and risk. It must be completed at least annually or more frequently if warranted. It can be done by an independent 3 rd party, or can be done by company personnel provided that they do not:
- work for the compliance officer, nor
- perform any of the AML functions to be tested
Suspicious Activity Reports (SARs)
SARs are the tool used to implement AML Policy. The BSA imposes both a mandatory and voluntary requirement to file them. All filings are to be done electronically at: http://bsaefiling.fincen.treas.gov/main.html.
Required filings are triggered by certain criteria published by FinCEN. Additional information on the topic can be found at http://www.fincen.gov/statutes_regs/guidance/html/reg_faqs.html.
Civil Penalties for Non-Compliance:
- Failure to comply with recordkeeping requirements: up to $1,000 per violation.
- Failure to comply with reporting requirements: not to exceed the greater of the amount involved in the transaction (not to exceed $100,000) or $25,000.
- Issuance of cease and desist order if continued noncompliance.
- Forfeiture of assets.
Criminal Penalties for Noncompliance:
- A person willfully violating the BSA shall be fined not more than $250,000, or imprisoned for not more than five (5) years, or both.
- A person willfully violating the BSA while violating another law of the United States or as part of a pattern of any illegal activity involving more than $100,000 in a 12 month period shall be fined not more than $500,000, imprisoned for no more than 10 years, or both.
- A separate violation occurs for each day the violation continues and each office, branch or place of business at which a violation occurs or continues.
Both the Consumer Finance Protection Bureau (CFPB) and the IRS are authorized to carry out audits of your policies, procedures, training records, and reports. These are folks you probably don’t want to mess with.