On February 7, 2012, the Financial Crimes Enforcement Network (FinCEN), a bureau of the Department of the Treasury, finalized regulations requiring non-bank residential mortgage lenders and originators ("RMLOs") to establish anti-money laundering ("AML") programs and file suspicious activity reports ("SAR") under the Bank Secrecy Act ("BSA").
With this Final Rule, FinCEN has closed the regulatory gap once left open by the exemption of RMLOS from the AML and SAR obligations under the BSA. FinCEN studies concluded that RMLOs, as providers of mortgage finance, are in a position to identify money laundering risks and fraud. Accordingly, FinCEN issued an Advanced Notice of Proposed Rulemaking on July 21, 2009, proposing that RMLOs be subject to the same AML and SAR requirements as banks and other financial institutions. The Notice of Proposed Rulemaking was issued on December 9, 2010, soliciting comments on the proposed regulations. After considering and responding to comments, FinCEN issued the Final Rule, which goes into effect 60 days after publication in the Federal Register, and has a compliance date of six months after publication.
The new regulations include RMLOs in the definition of "loan or finance company" and allow for the addition of other types of loan and finance related business and professions in future amendments. RMLOs will now be required to implement AML programs and report suspicious activity, including fraudulent attempts to obtain a mortgage or launder money by use of the proceeds of other crimes to purchase residential real estate. The Final Rule does not require RMLOs to comply with any other BSA reporting or recordkeeping regulations.
According to FinCEN, the new regulatory obligations will not be overly burdensome, as RMLOs already gather much of the reportable information in the normal course of business.
Pursuant to the Final Rule's definition of "residential mortgage orginator," any business that, on behalf of one or more lenders, accepts a completed mortgage loan application, even if the business does not in any manner engage in negotiating the terms of a loan, is subject to the regulatory requirements. The Final Rule also covers businesses that offer or negotiate specific loan terms on behalf of either a lender or borrower, regardless of whether they also accept a mortgage loan application. FinCEN estimates that approximately 31,000 entities will be affected.
The Final Rule expressly exempts or excludes the following:
- banks and insured depository institutions;
- persons registered with and functionally regulated or examined by the U.S. Securities and Exchange Commission or the Commodity Futures Trading Commission;
- individuals employed by covered loan or finance companies and affiliated financial institutions; and
- individuals who finance the sale of their own property.
The Final Rule also excludes from the definition of "loan or finance company" the following:
- real estate agents and escrow companies;
- any government sponsored enterprise regulated by the Federal Housing Finance Agency ("FHFA"), which already must comply with specific reporting requirements under the FHFA;
- any Federal or state agency or authority administering mortgage or housing assistance, fraud prevention or foreclosure prevention programs;
- legitimate, non-profit organizations that limit their activities to assisting with the preparation of loan applications or referral of prospective borrowers to qualified lenders, for free or for a fee, that provide short-term, non-mortgage loans to qualified borrowers or homeowners, or that otherwise facilitate the extension of a residential mortgage loan (but do not make the loan or offer or negotiate the terms of the loan); and
- mortgage servicing companies.
Pursuant to section 129.210, RMLOs must develop and implement an anti-money laundering program reasonably designed to prevent the RMLO from being used to facilitate money laundering. Specifically, every RMLO is required to implement risk-based programs that take into account the unique risks associated with its products and services, as well as its size and market. Thus, FinCEN expects that each program will be unique. The goal of the specific policies and procedures of an effective AML program should be the prevention of fraud and money laundering.
Suspicious Activity Reports
Section 1029.320 sets forth the rules and obligations of RMLOs to report suspicious transactions. Specifically, RMLOs must now report suspicious transactions that are conducted or attempted by, at, or through the RMLO and involve or aggregate at least $5,000 in funds or other assets. Transactions are reportable regardless of whether they involve currency. An RMLO is required to report a transaction if it knows, suspects, or has reason to suspect that the transaction or pattern of transactions:
- involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity;
- is designed, whether through structuring or other means, to evade the requirements of the BSA;
- has no business or apparent lawful purposes, and the loan or finance company knows of no reasonable explanation for the transaction after examining the available facts; or
- involves the use of the RMLO to facilitate criminal activity.
The RMLO must report the suspicious activity within 30 days after it has become aware of the transaction. The RMLO must report the transaction by completing a SAR and filing it with FinCEN. FinCEN is in the process of modernizing its SAR filing system and intends to establish a uniform electronic form for use by all financial institutions with a SAR filing obligation.
Section 1029.320(d)(1) reinforces the statutory prohibition against the disclosure by a financial institution of a SAR. The SAR – as well as information that would reveal the existence of that SAR – must be kept confidential and not be disclosed except as so authorized. The confidentiality provision does not prohibit the disclosure of the underlying facts, transactions, or documents upon which an SAR is based (provided the existence of the SAR is not disclosed), or the sharing of SAR information within the company's corporate structure for limited purposes as determined by FinCEN.
FinCEN is authorized under section 1029.320(f) to impose a range of civil and criminal penalties. The severity of those penalties depends on the specific circumstances of the non-compliance.