Private lenders aren’t always seen as part of traditional banking, but there are risks that every financial institution needs to prepare for. Complying with anti-money laundering (AML) laws means ensuring you have appropriate measures in place to detect fraudulent activity.
This article explores how an AML compliance policy helps to protect private lenders from fines, legal penalties and reputational damage.
Do AML Compliance Requirements Apply to Private Lenders?
AML compliance requirements increasingly apply to private lenders. It’s a legal obligation in some states, as the Financial Crimes Enforcement Network (FinCEN) continues to close regulatory gaps. Private lenders must have an AML compliance policy in several scenarios, including:
- Legal requirements: Under the FinCEN rule 31 CFR Part 1029, a Residential Mortgage Lender or Originator (RMLO) must establish an AML program. Private lenders who operate in the residential mortgage finance space are defined as RMLOs. Therefore, they’re legally obligated to have an AML policy in place to reduce mortgage fraud risks.
- State licensing: State-licensed private lenders may need to be AML-compliant, especially if they do substantial business with high-volume income or complex entities. For example, commercial finance lenders and mortgage brokers must generally be AML-compliant.
- Banking partners: There are scenarios in which a private lender isn’t legally considered a financial institution. However, they may have banking partners that have AML compliance in place. These partners can impose these requirements on the private lender.
- Reputation and perception: Banks may choose to work only with private lenders that have robust AML processes due to industry or public perceptions around financial entities that aren’t compliant, whether or not they are legally obligated to comply.
Being compliant places private lenders alongside other institutions that have money laundering prevention and terrorist financing risk measures in place.
The Four Pillars of a Compliant AML Program
Almost every AML policy or program in finance relates to the Bank Secrecy Act (BSA) of 1970, which is based on four standard pillars. The purpose of these pillars is to reduce the chances of financial institutions being used to launder money. While regulatory compliance may differ across organizations, private lenders should always comply with the following pillars:
- Internal controls: This pillar works toward establishing strict procedures and policies to identify and mitigate money laundering risks. These profiles should remain tailored to the risk profile of each institution, including products, services and the customer base of a private lender.
- Compliance officer: This involves appointing a person responsible for overseeing the AML program. It must be someone with a deep understanding of BSA and AML laws, including the Patriot Act and the Office of Foreign Assets Control (OFAC) regulations. The compliance officer will serve as a point of contact for regulatory bodies and can expect to work independently.
- Ongoing training: Financial institutions must train personnel regularly, including updating or reaffirming AML regulations and the AML compliance policy. Other areas of focus include identifying and reporting potential fraudulent activities.
- Testing and auditing: The AML program requires an independent review, which includes an audit to ensure everything is operational and compliant. The goal is to identify potential weaknesses in the program or the company’s AML policy. Your compliance officer cannot conduct the audit. Instead, a third party typically audits the business.
Private lenders tend to operate outside of traditional banking. While regulatory compliance varies across jurisdictions, AML compliance requirements apply across all areas of finance.
Applying AML Compliance as a Private Lender
It’s not just about adhering to compliance pillars. Financial institutions have a responsibility to put these rules into practice. From complex structures and transactions to wealthy clients, putting these steps into practice helps to create a more efficient AML structure.
Customer Identification Program (CIP)
Private lenders must have a CIP in place to help verify customers, and they should verify customers at the beginning of a potential new client relationship. Existing clients making a large transaction may be subject to reverification. A CIP can apply to individuals, beneficiaries and guarantors in some circumstances.
The goal of a CIP is to confirm a customer’s identity, deter criminal acts and prevent the creation of fake accounts. Details required as part of a customer identification program include:
- Legal name
- Date of birth
- Residential or business address
- Identification number, like a Social Security or taxpayer identification number
- Formation documents, owner details and employer identification numbers (EIN) for business entities
Financial institutions are required to verify this information through independent entities, such as checking public records, credit reports and state-issued ID cards. Any discrepancies or inconsistencies must be thoroughly investigated and addressed before proceeding. Without a CIP, private lenders can’t effectively conduct ongoing customer due diligence (CDD). This means less scrutiny over what the loan is for, and reduces the chances of spotting illegal activity.
Suspicious Activity Reports (SARs)
Beyond the use of CIP and CDD to understand a client lies the need to document unusual behavior. Private lenders will need to file SARs with FinCEN if suspicious activity is detected. Suspicious behavior can include complex shell structures, delays in providing information or early repayments in cash.
Despite strong CIP and CDD processes in place, cybercrime is sophisticated and agile. SARs serve as another line of defense and are a legal obligation under the BSA. It provides law enforcement with crucial information that prevents terrorist financing and money laundering. Failure to do so can lead to fines and severe criminal penalties for financial institutions.
Lenders will typically have 30 days to file a SAR for suspicious transactions over $5,000. If a suspect isn’t identified within 30 days, an additional 30 days may be added.
Form 8300
While this form is typically an IRS requirement when reporting cash payments that exceed $10,000, it’s also an effective part of a practical daily AML compliance policy. This form helps to implement long-term robust AML practices in several ways, including:
- Creating a clear paper trail for the IRS Criminal Investigation (IRS-CI) to observe unusual patterns
- Collecting and reporting key customer information that aligns with CIP requirements
- Providing transactional information that can add more depth to a SAR filing
- Feeding into the wider database of FinCEN to build a comprehensive framework of criminal activities
Form 8300 includes any related client transactions, meaning it targets potential structuring activities. A criminal may attempt to fly under the radar by breaking a large cash payment into small ones under the $10,000 limit. If a private lender receives several smaller cash payments that exceed this limit, there may be cause to check whether they are related.
Conducting AML Risk Assessments
Creating a compliance culture is essential. Private lenders may not operate like traditional banks, which can increase the potential for higher money laundering risks. The pillars and daily practices of an AML compliance policy provide a blueprint for a robust AML risk assessment, enabling organizations to identify compliance gaps and training opportunities.
An AML risk assessment helps financial institutions integrate compliance with internal best practices, tailoring their processes by:
- Considering the type of customers you deal with, including location and industry
- Analyzing what’s deemed unusual or high-volume transactions
- Comparing product offerings and service risks within specific jurisdictions known for money laundering
- Understanding modern identity verification challenges, like technologies and mobile onboarding
- Applying compliance pillars and daily AML compliance practices across your organization to reduce risk
- Locating where the biggest risks are to focus resources and training in these areas
Doing this keeps private lenders and their services ahead of inadvertent oversights, while maintaining an agile approach to future laundering risks.
Partnering With Private Lender Law
AML is always evolving. The scope of processes and procedures covered here continues to expand. Private lenders can anticipate this by implementing frameworks that elevate their offerings and integrate seamlessly with compliance requirements.
Private Lender Law partners with clients to create robust frameworks. Through comprehensive compliance reviews, policy drafting and audit support, we help our clients to increase compliance while reducing money laundering risks. Reach out to talk to an expert today and learn what we can do for your firm.