RESIDENTIAL MORTGAGE LENDERS & ORIGINATORS L COMPLIANCE PROGRAM

Transcription

1 RESIDENTIAL MORTGAGE LENDERS & ORIGINATORS L COMPLIANCE PROGRAM PO Box 760 Prosper, TX

2 Contents INTRODUCTION... 6 New FinCEN Rule 31 CFR Parts 1010 and AML Policy Manual... 7 DEFINITIONS... 8 DESCRIPTION OF MONEY LAUNDERING, TERRORIST FINANCING, AND MORTGAGE FRAUD... 9 Money Laundering... 9 Terrorist Financing Mortgage Fraud RMLO AML COMPLIANCE PROGRAM ADMINISTRATION & GENERAL PROGRAM REQUIREMENTS Introduction Program Definition Annual Approval Of The AML Program Program Requirements Internal Controls Independent Testing Designated AML Responsibilities OFAC Compliance Officer Training Employee Certification Record Retention Special Requirement For RMLOs CUSTOMER IDENTIFICATION PROGRAM Introduction Definitions Customer Information Required Customer Identification Verification Documentary Methods to Verify Identity

3 Primary photo identification ( Primary ID ) Secondary non photo identification ( Secondary ID ) Documentation of Customer Verification Non documentary Methods to Verify Identity Lack of Verification Recordkeeping Requirements And Retention Comparison With Government Lists Customer Notice Important Information About Procedures For Opening A New Account Reliance On Another Financial Institution Use Of Third Parties FINCEN FORM 8300 REPORT OF CASH PAYMENTS OVER $10, SUSPICIOUS ACTIVITY MONITORING AND REPORTING Introduction Identification of Suspicious Activity Monitoring By RMLO Employees Money Laundering Red Flags Money Laundering Red Flags for Mortgage Lending Common Mortgage Fraud Red Flags from Fannie Mae High level Red Flags Mortgage Application Sales Contract Credit Report Employment and Income Documentation Asset Documentation Appraisal Title Owner Occupancy HUD 1 Settlement Statement Research and Monitoring Of Suspicious Activity

4 SAR Decision Making Process SAR Filing on Continuing Activity Reporting Of Suspicious Activity Timing of a SAR Filing SAR Quality Prohibition of SAR Disclosure Safe Harbor for Suspicious Activity Reporting SAR Record Retention AML RISK ASSESSMENT AND CUSTOMER DUE DILIGENCE Introduction Annual Risk Assessment OFFICE OF FOREIGN ASSET CONTROL (OFAC) Introduction OFAC Program OFAC Risk Assessment Internal Controls OFAC Potential Match Process Independent Testing Training USA PATRIOT ACT SECTION 314 INFORMATION SHARING AND SECTION 311 SPECIAL MEASURES Introduction Information Sharing With Law Enforcement Information Sharing Procedures Confidentiality of Information Requests Designation of Individuals Responsible Use of Section 314(a) Information Voluntary Information Sharing Designation of Individual Responsible Information Sharing Procedures SECTION 311 SPECIAL MEASURES

5 Introduction Types of Special Measures Designated Individual APPENDIX A: BACKGROUND INFORMATION Summary Of BSA/AML Laws And Regulations Role of Government Agencies In The BSA U.S. Treasury Financial Crimes Enforcement Network Internal Revenue Service Federal Banking Agencies OFAC Penalties for Money Laundering, Terrorist Financing, And Violations of The BSA Criminal Penalties for Violations of the BSA Civil Penalties for Violations of the BSA APPENDIX B: AML RISK ASSESSMENT APPENDIX C: UNUSUAL ACTIVITY FORM AND AML CERTIFICATIONS APPENDIX D: RED FLAG LISTING APPENDIX E: SAR NARRATIVE GUIDANCE FinCEN SAR Quality Guidance Who is conducting the suspicious activity? What instruments or mechanisms are being used to facilitate the suspect transactions? When did the suspicious activity take place? Where did the suspicious activity take place? Why does the filer think the activity is suspicious? How did the suspicious activity occur?

6 INTRODUCTION New FinCEN Rule 31 CFR Parts 1010 and 1029 On February 14, 2012, FinCEN issued a new Rule mandating non bank residential mortgage lenders and originators (RMLOs) to implement an anti money laundering (AML) program and report suspicious activities to prevent and detect money laundering, terrorism financing and criminal activity, including mortgage fraud. This Rule (31 CFR Parts 1010 and 1029) applies to any persons who accept a residential mortgage loan application or that offer or negotiate terms of a residential mortgage loan. As such, it applies to every residential mortgage lender and broker in the United States, regardless of size. The new Rule is effective April 16, 2012 with mandatory compliance August 13, (1) The Rule requires an AML program that includes, at a minimum: (2) The development of internal policies, procedures, and controls; (3) The designation of a compliance officer; (4) An ongoing employee training program; and (5) An independent audit to test the AML program. The AML program must be risk based. As such, a risk assessment is also required. The Rule also requires RMLOs to comply with USA PATRIOT Act 314 requirements to prevent terrorism financing and to report certain suspicious transactions that are conducted or attempted by, at, or through the RMLO. FinCEN and its delegate the Internal Revenue Service (IRS) have been granted authority to examine RMLOs, to determine compliance with requirements of the Rule. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of 31 CFR Parts 1010 and NOTE: The Rule requires the mortgage lender to ensure that any mortgage brokers used are also in full compliance with the Rule. 6

7 AML Policy Manual This document contains American Home Free Mortgage s ( RMLO ) Policy Manual relating to the Money Laundering Control Act, Bank Secrecy Act, the USA PATRIOT Act, U.S. Treasury Department Office of Foreign Assets Control regulations and FinCEN Rule (31 CFR Parts 1010 and 1029) and all applicable related laws and regulations, including without limitation Title 31, Chapter X of the United States Code of Federal Regulations (collectively, the AML laws and regulations ). The purpose of the Policy Manual is to address RMLO s responsibilities under the AML laws and regulations and provide guidance to employees regarding AML related laws and regulations. This Policy creates a framework for compliance with all of the various AML related regulations and sets forth the guiding principles for implementing and maintaining adequate controls to protect the RMLO from risks associated from providing services to individuals or entities that may be involved in money laundering, terrorist financing or other illegal activities covered by the AML laws and regulations. This Policy Manual contains the RMLO s AML Compliance Program, which includes the RMLO s: Senior management oversight Internal Controls to ensure ongoing compliance Independent Testing of AML compliance Designation of AML Compliance Officer Training for appropriate personnel Customer Identification Program (CIP) FinCEN Form 8300 reporting Suspicious activity monitoring & reporting program AML Customer Due Diligence Program USA PATRIOT Act section 314 information sharing program Office of Foreign Assets Control ( OFAC ) program An effective AML Compliance Program requires sound risk management; therefore, this Policy Manual provides guidance on identifying and controlling risks associated with money laundering, terrorist financing and other illegal activities. Compliance with this Policy Manual should ensure effective antimoney laundering systems and legal compliance. 7

8 Senior Management expects strict compliance with the AML laws and regulations and expects that all employees of RMLO shall perform their duties in a manner consistent with and in full support of this Policy Manual. Senior Management shall approve this Policy Manual annually. This AML Program Manual is based on and contains information from the new FinCEN regulation 31 CFR Parts 1010 and 1029 as well as the Federal Financial Institutions Examination Council Bank Secrecy Act Anti Money Laundering Examination Manual. DEFINITIONS This AML Program contains a great number of acronyms and other definitions. This section describes the respective meanings of many of these acronyms. These definitions shall remain consistent throughout this Policy Manual. Although it may add to the length of this document, some of the words may be spelled out within individual sections in addition to being defined here when the use of the complete word or phrase can assist in the understanding of that section. RMLO Non bank residential mortgage lenders and originators AML Anti money laundering and related laws and regulations BSA The Bank Secrecy Act and related laws and regulations AML Compliance Program RMLO s AML Program as related to the various Anti Money Laundering laws and regulations AML Risk Assessment Matrix The document used to assess the various risks of RMLO s products, services, customers, and geographies. CDD Customer Due Diligence FinCEN Form 8300 Report of Cash Transactions Greater than $10,000 FinCEN Financial Crimes Enforcement Network OFAC Office of Foreign Assets Control SAR Suspicious Activity Report USA PATRIOT Act Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of

9 Section 314 Information Request A request for information to be shared with or from law enforcement or another RMLO or financial institution DESCRIPTION OF MONEY LAUNDERING, TERRORIST FINANCING, AND MORTGAGE FRAUD The AML Rule is intended to safeguard the U.S. financial system, financial institutions and RMLOs from the abuses of financial crime, including mortgage fraud, money laundering, terrorist financing, and other financial crimes. RMLOs are primary providers of mortgage finance in most cases dealing directly with the consumer and are in a unique position to assess and identify money laundering risks and fraud while directly assisting consumers with their financial needs and protecting the RMLO sector from the abuses of financial crime and money laundering. Because of their positioning, and due to the growth of mortgage fraud in particular, it is essential for RMLOs to comply with the AML Rule. Towards that end, RMLOs must develop, implement, and maintain effective AML programs that address the ever changing strategies of money launderers and terrorists who attempt to gain access to the U.S. financial system. A sound AML Compliance Program is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions. Refer to the SUSPICIOUS ACTIVITY MONITORING AND REPORTING section for red flags or examples of suspicious activities that may indicate money laundering or terrorist financing. Money Laundering Money laundering is the criminal practice of processing ill gotten gains, or dirty money, through a series of transactions; in this way the funds are cleaned so that they appear to be proceeds from legal activities. Money laundering generally does not involve currency at every stage of the laundering process. Although money laundering is a diverse and often complex process, it basically involves three independent steps that can occur simultaneously: (1) Placement: The first and most vulnerable stage of laundering money is placement. The goal is to introduce the unlawful proceeds into the financial system without attracting the attention of financial institutions or law enforcement. Placement techniques include structuring currency deposits in amounts to evade reporting requirements or commingling currency deposits of legal and illegal enterprises. Examples may include using unlawfully derived funds to place large down payments on multiple properties, dividing large amounts of currency into less conspicuous smaller sums that are deposited directly into a bank account, or depositing a refund check from a canceled vacation package or insurance policy. (2) Layering: The second stage of the money laundering process is layering, which involves moving funds around the financial system, often in a complex series of transactions to create confusion and complicate the paper trail. Examples of layering include obtaining a home equity loan soon after making a large down payment on a home and wiring out the proceeds from the loan, 9

10 exchanging monetary instruments for larger or smaller amounts, or wiring or transferring funds to and through numerous accounts in one or more financial institutions. (3) Integration: The ultimate goal of the money laundering process is integration. Once the funds are in the financial system and insulated through the layering stage, the integration stage is used to create the appearance of legality through additional transactions. These transactions further shield the criminal from a recorded connection to the funds by providing a plausible explanation for the source of the funds. Examples include making large down payments on multiple properties and then quickly selling the properties, the purchase and resale of, investment securities, foreign trusts, or other assets. Terrorist Financing The motivation behind terrorist financing is ideological as opposed to profit seeking, which is generally the motivation for most crimes associated with money laundering. Terrorism is intended to intimidate a population or to compel a government or an international organization to do or abstain from doing any specific act through the threat of violence. An effective financial infrastructure is critical to terrorist operations. Terrorist groups develop sources of funding that are relatively mobile to ensure that funds can be used to obtain material and other logistical items needed to commit terrorist acts. Thus, money laundering is often a vital component of terrorist financing. Terrorists generally finance their activities through both unlawful and legitimate sources. Unlawful activities, such as extortion, kidnapping, and narcotics trafficking, have been found to be a major source of funding. Other observed activities include smuggling, fraud, theft, robbery, identity theft, use of conflict diamonds, and improper use of charitable or relief funds. In the last case, donors may have no knowledge that their donations have been diverted to support terrorist causes. Other legitimate sources have also been found to provide terrorist organizations with funding; these legitimate funding sources are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership, and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to those methods used by other criminals that launder funds. For example, terrorist financiers use currency smuggling, structured deposits or withdrawals from bank accounts, purchases of various types of monetary instruments, credit/debit or stored value cards, and funds transfers. There is also evidence that some forms of informal banking (e.g., hawala ) have played a role in moving terrorist funds. Transactions through hawalas are difficult to detect given the lack of documentation, their size, and the nature of the transactions involved. Funding for terrorist attacks does not always require large sums of money, and the associated transactions may not be complex. 10

11 Mortgage Fraud Mortgage fraud is the intentional misstatement, misrepresentation, or omission by an applicant or other interested parties, relied on by a mortgage lender or originator to provide funding for, to purchase, or to insure a mortgage loan. Mortgage fraud exists when a mortgage lender relies on an untrue statement or document when deciding the terms and conditions of credit. Fraud can influence a lender to approve a loan that would otherwise be denied, or to set more favorable terms for credit than would be extended if the truth were known. Mortgage fraud can take many forms. Fraud can range from the relatively minor (such as individuals exaggerating their personal income to qualify for higher loan amounts) to severe (such as criminal organizations perpetrating frauds that affect entire communities). The risk of mortgage fraud is substantial in the RMLO sector and is growing. Indeed, since 2006, FinCEN has issued numerous studies analyzing SARs reporting suspected mortgage fraud and money laundering involving RMLOs that brokered or sold purchase money and refinance loans to lending institutions. RMLOs are primary providers of mortgage finance in most cases dealing directly with the consumer and are in a unique position to assess and identify money laundering risks and fraud while directly assisting consumers with their financial needs. Because of this, RMLOs can be particularly instrumental in preventing mortgage fraud. As a result, FinCEN issued AML regulations that apply to RMLOs so as to capture the benefits of AML and SAR regulation applied to mortgage lenders and brokers. RMLO AML COMPLIANCE PROGRAM ADMINISTRATION & GENERAL PROGRAM REQUIREMENTS Introduction RMLO hereby establishes its written AML Compliance Program. The primary purpose of the AML Compliance Program is to control risks that may be associated with RMLO s unique products, services, customers, and geographic locations. The AML Compliance Program shall maintain procedures and monitoring reasonably designed to assure RMLO s compliance with the AML laws and regulations, including recordkeeping and reporting requirements. Senior Management shall incorporate an enterprise wide framework for the AML Compliance Program to ensure coordination of risk management throughout RMLO s enterprise. Senior Management is ultimately responsible for RMLO s AML Program. Program Definition RMLO s AML Compliance Program is described in detail in this Program Manual. This directive begins with the commitment from RMLO s Senior Management to set a culture of AML compliance. RMLO has 11

12 established a designated AML Compliance Officer to be responsible for and to serve as a central point of contact for the administration of the AML Compliance Program. In addition, Senior Management expects that every employee with responsibilities relating to AML is aware of his or her AML compliance responsibilities and shall be adequately trained and committed to fulfill RMLO s AML compliance goals. Annual Approval of The AML Program The AML Program Manual shall be approved by Senior Management annually or as necessary based on the risk of RMLO. Program Requirements This AML Compliance Program shall provide for the following general requirements: Senior Management oversight and approval A system of internal controls to ensure ongoing compliance Independent testing of AML compliance Designate an individual or individuals responsible for managing AML compliance Training for appropriate personnel Record Retention The following is a description of each of the five general requirements of this AML Compliance Program. Senior Management Oversight And Approval RMLO believes that it is critical that Senior Management maintain effective oversight of the sufficiency of the AML Compliance Program and the effectiveness of the Program to maintain compliance with the AML laws and regulations. Senior Management shall ensure that the AML Compliance Program is approved annually or as necessary based on risk. Internal Controls Senior management is ultimately responsible for ensuring that RMLO maintains an effective AML internal control structure, including suspicious activity monitoring and reporting. Senior management shall endeavor to create a culture of compliance to ensure staff adherence to the AML policies and processes. Internal controls are RMLO s policies, procedures, and processes designed to limit and control risks and to achieve compliance with the AML laws and regulations. RMLO shall maintain an appropriate level of 12

13 internal controls commensurate with its size, structure, risks and complexity, in coordination with the capabilities and processes of any of its Banking Partners. RMLO s internal controls shall: Identify operations (products, services, customers, and geographic locations) more vulnerable to abuse by money launderers and criminals; provide for periodic updates to the Risk Assessment Matrix; and provide for the AML Compliance Program to be tailored to manage the risks identified in the AML Risk Assessment (see the AML Risk Assessment in Appendix B). Inform senior management of compliance initiatives, identified compliance deficiencies, and any corrective action taken. Identify a person or persons responsible for AML compliance (see the AML compliance designations later in this section). Provide for program continuity despite changes in management or employee composition or structure. Implement risk based customer due diligence (CDD) and enhanced due diligence (EDD) policies, procedures, and processes (see AML Customer Due Diligence Program section for the CDD program). Monitor for Mortgage Lending Red Flags including Money Laundering and Fraudulent Activity (see Lending Red Flags section). Provide for adequate supervision and training of employees that may take loan applications, handle currency, check or wire transactions, review documentation, or engage in any other activity covered by the AML laws and regulations. Independent Testing RMLO s risk based independent testing shall be conducted by a qualified independent third party or by any officer or employee of RMLO other than the AML Compliance Officer on an annual basis or as deemed necessary based on risk. The Independent Reviewer shall provide Senior Management with a comprehensive report of the independent test. The Independent Reviewer shall conduct an objective evaluation of the AML Compliance Program, perform testing for specific compliance with the requirements of the AML laws and regulations,e valuate pertinent management information systems and otherwise meet regulatory requirements applicable to an independent AML audit. RMLO s independent testing may vary each period depending on its size, complexity, scope of activities, risk profile, quality of control functions, geographic diversity, and use of technology. RMLO s independent testing shall cover, at a minimum, the activities that are considered high risk. The frequency and depth of each activity s independent testing shall vary according to the RMLO s AML Risk Assessment. The independent testing shall assist Senior Management in identifying areas of weakness or areas where there is a need for enhancements or stronger controls. Senior management shall work with the Independent Reviewer to determine the appropriate risk based scope of each year s testing efforts such that it includes: 13

14 An evaluation of the overall integrity and effectiveness of the AML Compliance Program, including policies, procedures, and processes. A review of the AML Risk Assessment for reasonableness given RMLO s risk profile (products, services, customers, and geographic locations). Appropriate transaction testing to verify RMLO s adherence to the FinCEN recordkeeping and reporting requirements (SARs, FinCEN Form 8300, Section 314(a) Information Sharing Requests). An evaluation of management s efforts to resolve violations and deficiencies noted in previous audits. A review of staff training for adequacy, accuracy, and completeness. A review of the effectiveness of the RMLO s suspicious activity monitoring. Based on RMLO s risk, related reports may include, but are not limited to: o o o Loan documentation reports, An assessment of the overall process for identifying and reporting suspicious activity, including a review of filed or prepared SARs to determine their accuracy, timeliness, completeness, and effectiveness of the program. A review of the OFAC compliance program as applicable (refer to OFAC Compliance Program section for more information on the OFAC compliance program). The Independent Reviewer shall document the independent test scope, procedures performed, transaction testing completed, and findings of the review. Upon request, all independent test documentation and work papers shall be made available for review. Any violations, Program or procedures exceptions, or other deficiencies noted during the independent test shall be included in the independent test report and reported to Senior Management in a timely manner. Management and the Reviewer shall track independent test deficiencies and document corrective actions. RMLO hereby names Jason Wu as its Independent Reviewer. Designated AML Responsibilities Senior Management recognizes the importance of all AML related laws and regulations and shall continue to maintain a strong AML Compliance Program. The AML Compliance Officer is the central point of the enterprise wide program where AML risks throughout the organization are aggregated. Although Senior Management is ultimately responsible for RMLO s AML compliance, the AML Compliance Officer shall be responsible for overall AML Compliance. The following is a listing of individuals responsible for managing AML compliance. AML Compliance Officer Senior Management shall designate a qualified individual to serve as the AML Compliance Officer. The AML Compliance Officer shall be knowledgeable of the AML laws and regulations. The AML Compliance Officer shall attend AML training annually to maintain a strong knowledge of the AML laws and regulations and keep up with any changes in the regulations. The AML Compliance Officer shall have a high level of authority and responsibility within RMLO and shall have a direct reporting line to Senior 14

15 Management. The AML Compliance Officer shall understand RMLO s products, services, customers, and geographic locations, and the potential money laundering and terrorist financing risks associated with them. The AML Compliance Officer shall manage all aspects of the AML Compliance Program and manage RMLO s adherence to the AML laws and regulations. The AML Compliance Officer shall be responsible for managing and coordinating the day to day AML compliance for RMLO. Although the AML Compliance Officer may delegate the AML day to day monitoring duties, the officer shall be responsible for overall AML compliance. Senior Management shall ensure that the AML Compliance Officer has sufficient authority and resources (monetary, physical, and personnel) to administer an effective AML Compliance Program based on the risk profile. The AML Compliance Officer shall regularly apprise Senior Management of ongoing compliance with the AML laws and regulations. Pertinent AML related information, including the reporting of SARs filed with FinCEN, shall be reported to Senior Management so that they can make informed decisions about overall AML compliance. The AML Compliance Officer shall be responsible for carrying out the direction of Senior Management and ensuring that employees adhere to the AML policies, procedures, and processes. The AML Compliance Officer shall also be responsible for managing the AML independent testing. The AML Compliance Officer s responsibilities shall include, but are not necessarily limited to: Writing, reviewing and maintaining AML policies and procedures Preparing the AML Risk Assessment and coordinating monitoring and reviews based on the RMLO s risk in each activity Coordinating and managing AML independent test Responding to internal and external audit review findings Reporting to Senior Management all pertinent aspects of the AML Compliance Program Report FinCEN Form 8300 for all transactions in excess of $10,000 in cash Reviewing all suspicious activity noted and ensuring a SAR is filed appropriately Coordinating and conducting any FinCEN 314 reviews and reporting Coordinating and conducting final review of AML monitoring and reviews Conducting annual AML training for the appropriate staff and conducting or assisting with special AML training as necessary, ensuring that all appropriate staff are trained and tested on AML laws and regulations RMLO hereby names Mike Kergosien as the AML Compliance Officer. 15

16 OFAC Compliance Officer The OFAC Compliance Officer shall be responsible for reviewing and maintaining the RMLO s OFAC Compliance Program as deemed necessary. The OFAC Compliance Officer shall oversee all OFAC potential matches and ensure that Management reviews OFAC potential matches accordingly. In addition, the OFAC Compliance Officer shall conduct testing of the RMLO s third party vendors to ensure they update the OFAC list on a timely basis. See OFAC Compliance Program section for additional OFAC information. RMLO hereby names Mike Kergosien as the OFAC Compliance Officer. FinCEN 314 Compliance Officer The FinCEN 314 Compliance Officer shall be responsible for reviewing the confidential section 314(a) listing from FinCEN against RMLO s customer base for any potential matches. FinCEN distributes the confidential listing through a secure web site every two weeks, or if an emergency request is transmitted. The RMLO s FinCEN 314 Compliance Officer shall receive the notification from FinCEN, access the section 314(a) subject list from the secure web site, and download the files for searching. The FinCEN 314 Compliance Officer shall notify FinCEN if the RMLO has a match with the subject list. In addition, the FinCEN 314 Compliance Officer shall also be responsible for any information sharing with other financial institutions section 314(b). (See the USA PATRIOT Act 314A Information Sharing Section for additional information about the listing). RMLO hereby names Mike Kergosien as the FinCEN 314 Compliance Officer. Training RMLO recognizes the importance of ongoing education, training, and compliance. Senior Management shall be informed of changes and new developments with the AML laws and regulations. Senior Management shall receive AML training annually to better understand the AML regulatory requirements, the ramifications of noncompliance, and the risks posed to the RMLO. The AML training shall assist Senior Management in adequately providing AML oversight, approving AML policies, and providing sufficient AML resources. RMLO s AML training program shall reinforce the importance that Senior Management places on the RMLO s compliance with the AML laws and regulations and ensure that all employees understand their role and accountability in maintaining an effective AML Compliance Program. The AML Compliance Officer shall ensure that appropriate personnel are trained in applicable aspects of AML at least annually. 16

17 The training shall include AML regulatory requirements as well as the RMLO s internal AML policies, procedures, and processes. RMLO s AML training program shall provide training for all personnel whose duties require knowledge of the AML laws and regulations and shall be tailored to each area s specific responsibilities. The AML training shall also be provided to new staff whose duties require knowledge of the AML laws and regulations. Employees shall be required to take a comprehensive test annually. A passing score for the computer based test shall be at least 80% or above. If the employee does not pass the test, they shall repeat the test until a passing score is achieved. Failure to pass the test shall be recorded on the employee s performance evaluation and may result in additional action taken by management to address deficiencies. The AML Compliance Officer shall maintain copies of the training programs, dates of training sessions, attendance records and scores as necessary. Employee Certification New employees shall be required to review the AML Compliance Program and provide written certification to the AML Compliance Officer that they understand their responsibilities relating to the AML laws and regulations. Existing employees whose duties require knowledge of the AML laws and regulations shall provide written certification that they understand their responsibilities relating to the AML laws and regulations. This certification shall be signed by the appropriate employees annually. (See copy of AML Certification in Appendix C: Unusual Activity Form and AML Certifications.) Record Retention RMLO shall retain copies of Customer Identification, FinCEN Form 8300 reporting, SARs filed and SARs not filed and FinCEN 314 documentation as well as supporting documentation for each for a period of five years. Special Requirement For RMLOs Mortgage Lenders must ensure that any RMLO with which they do business complies with the necessary requirements of the new FinCEN Rule 31 CFR Parts 1010 and As a result, RMLO hereby documents within this AML Program its commitment to maintaining the requirements of the new FinCEN Rule. 17

18 CUSTOMER IDENTIFICATION PROGRAM Introduction RMLO s AML program must ensure that the RMLO obtains all the information necessary to make its AML program effective. Such information includes, but is not limited to, relevant customer information collected and maintained by the RMLO s agents and brokers. According to FinCEN, the specific means to obtain such information is left to the discretion of the loan or finance company, although FinCEN anticipates that the loan or finance companies may need to amend existing agreements with its agents and brokers to ensure that the company receives necessary customer information. For purposes of making the required risk assessment, RMLO must consider all relevant information. RMLO is required to maintain an AML Compliance Program and work closely with various banking partners so the RMLO will comply with the CIP requirements. RMLO s CIP is described within this section and is hereby incorporated into the AML Compliance Program. This CIP shall enable RMLO to form a reasonable belief that it knows the true identity of each Customer. The RMLO s CIP shall include loan application procedures that specify the identifying information that shall be obtained from each Customer and shall include reasonable and practical risk based procedures for verifying the identity of each Customer. Definitions For the purpose of this CIP, the following terms are hereby defined: Loan Application is defined as an Application taken for any type of Loan used to apply for RMLO s products and services at one of RMLO s locations. Customer is defined as a Person who is seeking to use RMLO s products and services as well as RMLO s banking partner s services. Person means an individual, corporation, partnership, trust, estate, or any other entity recognized as a legal person. Excluded from the definition of a Person are: federally regulated banks, banks regulated by a state bank regulator, and governmental entities. Customer Information Required RMLO s loan application process details the identifying information that must be obtained from each Customer. At a minimum, RMLO must obtain and verify the following basic information from each customer before approval: Name Date of Birth, for individuals 18

19 Address A physical address shall consist of a residential or business street address, or, if no residential address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another individual to contact. A post office box is acceptable for consumer accounts for mailing purposes, so long as the customer provides a legitimate street address, which is listed on a driver s license or other acceptable form of identification. Identification Number An identification number for a U.S. Person is a taxpayer identification number (TIN, or evidence of an application for one), and for a non U.S. person is one or more of the following: a TIN; a passport number and country of issuance; an alien identification card number; or a number and country of issuance of any other unexpired government issued document evidencing nationality or residence and bearing a photograph or similar safeguard. Customer Identification Verification RMLO s CIP shall contain risk based procedures for verifying the identity of the Customer within a reasonable period of the loan application. RMLO need not establish the accuracy of every element of identifying information obtained, but shall verify enough information to form a reasonable belief that it knows the true identity of the Customer. RMLO s approval process and its loan application procedures shall describe when it uses documentary methods, non documentary methods, or a combination of both. RMLO s banking partners may also verify the identity of each customer through tools maintained by the banking partner. Documentary Methods to Verify Identity RMLO shall primarily use documentary methods to verify a Customer s identity and shall accept the following pieces of identification: Primary photo identification ( Primary ID ) Unexpired state drivers license Unexpired state identification card Unexpired United States passport Unexpired resident alien card Military identification Passports from other countries (check the OFAC list before accepting a foreign passport for ID) Secondary non photo identification ( Secondary ID ) Social Security Card Signed Credit Card Current Utility Bills Employee Identification Student Identification Medical Card 19

20 Firearm Owner s Identification Rental Lease Official Document with Current Home Address Other secondary identification as allowed by RMLO or the banking partners RMLO shall review an unexpired government issued form of identification from all loan applicants (Primary ID). For certain individuals where the address on the application doesn t match the address on the identification or the last name on the application doesn t match the last name on the identification, the RMLO shall request another form of identification such as a utility bill or marriage license to verify the identity. RMLO shall require additional identification if: The photo identification is unclear. The signature on the identification does not match the signature on the signed documents. The driver s license or state identification card was recently issued. The address on the application does not match the address provided by the Customer or the address on the identification. Any other reason the RMLO deems necessary. This additional identification shall include the non documentary method of verifying the Customer s identity discussed below. Documentation of Customer Verification RMLO shall maintain appropriate documentation to verify the RMLO reviewed the necessary information to form a reasonable belief that it knows the true identity of the Customer. RMLO shall document appropriate identifying information in the loan file such as the issuing state or country and the driver s license number. In addition, RMLO shall document any exceptions to the Customer Identification Program. Non documentary Methods to Verify Identity Non documentary methods used to verify Customer s identity include contacting the customer via phone or obtaining information from a consumer reporting agency, public database or other source. Lack of Verification RMLO s CIP also addresses procedures for circumstances in which the RMLO cannot form a reasonable belief that it knows the true identity of the Customer. These procedures shall describe: 20

21 Circumstances in which RMLO would not approve the customer or would not accept the loan application (e.g., if RMLO does not receive the signed documentation from a potential applicant). The terms under which a Customer may apply for the loan while RMLO attempts to verify the Customer s identity such as the verification. When RMLO should withdraw or deny the application, after attempts to verify a Customer s identity have failed. Recordkeeping Requirements and Retention RMLO s CIP also contains recordkeeping procedures that describe minimum requirements for maintaining identifying information. RMLO shall retain the identifying information (name, address, date of birth for an individual, TIN, and any other information required by the CIP) obtained for a period of five years. Comparison with Government Lists RMLO s CIP includes procedures for determining whether a Customer appears on any federal government list of known or suspected terrorists or terrorist organizations. RMLO has elected to satisfy this requirement through its compliance with the OFAC requirements described later in this Program in the OFAC Compliance Program section, as there currently is no designated government lists to verify specifically for CIP purposes. Customer Notice RMLO shall provide Customers with a notice that they will be requesting information to verify their identities. This notice shall describe the identification requirements and shall be provided in a manner that is reasonably designed to allow a Customer to view it or otherwise receive the notice before the Account is opened. The notice shall state the following: Important Information About Procedures For Opening A New Account To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we shall ask for your name, address, date of birth, and other information that shall allow us to identify you. We may also ask to see your driver s license or other identifying documents. Reliance On Another Financial Institution RMLO may rely on other financial institutions and affiliates to perform elements of the CIP. RMLO recognizes that it will be ultimately responsible for compliance with the requirements of the CIP since they are obtaining the identifying information. Since any banking partners are regulated financial institutions, they will also need to comply with CIP. 21

22 Use Of Third Parties RMLO may rely on the use of a third party to assist in verifying the identity of its Customers. Additional non documentary verification may be used if RMLO did not receive the adequate documentary methods for identifying the Customer. RMLO recognizes that it shall ultimately be responsible for the third party s compliance with the requirements of the CIP. FINCEN FORM 8300 REPORT OF CASH PAYMENTS OVER $10,000 RMLO has certain reporting and record keeping obligations relating to transactions involving large amounts of currency over $10,000. This section describes RMLO s Program to ensure proper reporting and record keeping relating to these transactions and is hereby incorporated into the AML Compliance Program. The purpose of the FinCEN Form 8300 is to create a paper trail for transactions conducted with cash over $10,000. RMLO shall file FinCEN Form 8300 for each transaction in currency (down payment or loan payment) of more than $10,000 by, through, or to the RMLO. Senior Management shall ensure RMLO employees are adequately trained on when to complete FinCEN Form In addition, Senior Management shall ensure there are controls in place to capture all instances of cash transactions over $10,000. SUSPICIOUS ACTIVITY MONITORING AND REPORTING Introduction Suspicious activity reporting is a critical component of the U.S. government s ability to utilize financial information to combat terrorism, terrorist financing, money laundering, and other financial crimes. As a result, RMLO must ensure that it has effective policies, procedures and processes in place to identify, research, and report on suspicious activity. A transaction requires reporting under this section if it is conducted or attempted by, at, or through RMLO, it involves or aggregates funds or other assets of at least $5,000, and the RMLO knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part): (1) Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation; 22

23 (2) Is designed, whether through structuring or other means, to evade any requirements of this part or any other regulations promulgated under the Bank Secrecy Act (3) Has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the RMLO knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or (4) Involves use of the RMLO to facilitate criminal activity, such as mortgage fraud More than one RMLO may have an obligation to report the same transaction under this section, and other financial institutions may have separate obligations to report suspicious activity with respect to the same transaction pursuant to other provisions of this part. In those instances, no more than one report is required to be filed by the RMLO and other financial institution(s) involved in the transaction, provided that the report filed contains all relevant facts, including the name of each RMLO and financial institution involved in the transaction, the report complies with all instructions applicable to joint filings, and each institution maintains a copy of the report filed, along with any supporting documentation. The main vehicle for reporting suspicious activity is the filing of a suspicious activity report ( SAR ) with FinCEN. As a practical matter, it is not possible for RMLO to detect and report all potentially illicit transactions that flow through its loan and bank relationships, but must rely on the effectiveness of its systems and personnel for monitoring, researching and reporting suspicious activity. RMLO s systems of monitoring, researching and reporting suspicious activity are described within this section and are hereby incorporated into the AML Compliance Program. Identification of Suspicious Activity RMLO shall, to the best of its ability, identify suspicious activity that may involve money laundering, AML violations, terrorist financing, and certain other crimes, such as mortgage fraud. RMLO shall not be obligated to investigate or confirm the underlying predicate crime (e.g., terrorist financing, money laundering, tax evasion, identity theft, and various types of fraud), as that is the responsibility of law enforcement. If RMLO knows, suspects, or has reason to suspect that a customer may be linked to terrorist activity against the United States, RMLO shall immediately call FinCEN s Financial Institutions Terrorist Hotline at the toll free number: Similarly, if any other suspected violation requires immediate attention, such as an ongoing money laundering scheme, RMLO shall notify the appropriate law enforcement agencies. 23

24 When unusual activity is identified, RMLO shall inform the AML Compliance Officer using the Unusual Activity Form. The AML Compliance Officer will then review the unusual activity and file a SAR as necessary. (See Appendix C for a sample of the Unusual Activity Form). Monitoring By RMLO Employees It shall be the responsibility of every employee of RMLO to assist in the identification of suspicious activity and refer such activity to the AML Compliance Officer. Employees are often the front line of defense against potential money laundering schemes. These employees are the eyes and ears of the RMLO and have the largest chance of recognizing suspicious activity. Toward that end, all personnel whose duties include direct contact with customers or loan documentation are required to identify and report any unusual activity to the AML Compliance Officer. In order to assist the employees with this task, the AML Compliance Officer has provided each department with Unusual Activity Report forms to complete any time an employee notices any unusual activity (a copy of the Unusual Activity Report is included in Appendix C). Money Laundering Red Flags RMLO shall provide all employees that deal directly with customers with a detailed listing of money laundering, mortgage fraud and terrorist financing red flags. This full listing of potentially suspicious activities, or red flags for money laundering, mortgage fraud and terrorist financing are directly from Appendix D of the FFIEC AML Examination Manual. Although these lists are not all inclusive, they help employees recognize possible money laundering schemes. Employees shall focus on reporting suspicious activities, rather than on determining whether the transactions are in fact linked to money laundering or a particular crime. Potential Money Laundering and/or Fraudulent Activity Red Flags for Mortgage Lending are: Money Laundering Red Flags for Mortgage Lending Borrower Loan to LLC (Limited Liability Company) Loan to High Risk individual (i.e. PEP Politically Exposed Person, FEP Financially Exposed Person) Borrower/Loan in litigation Income compared to disclosed profession (i.e., working at McDonalds but making $250,000 per year) Transactions involving recently created companies when the amount is large compared to their assets Indications that the parties are not acting on their own behalf and are trying to hide the identity of the real customer The customer is not interested in improving the terms of the loan 24