C2 Financial Corporation Anti Money Laundering Program and Suspicious Activity Reporting (AML Program) Purpose: This program is being established and implemented by C2 Financial Corporation (C2) as an anti money laundering program designed to prevent C2 from being used to facilitate money laundering or the financing of terrorist activities as is required under Section 31 CFR 1029.210. Additionally, this program includes procedures for filing the required Suspicious Activity Reports Goals: The goal of this program is to assess the risks of the company and to assist in preventing mortgage fraud and money laundering and to ensure that the corporate and origination staff is properly trained. Applicability: C2 is required to comply with Section 31 CFR 1029.210, et al, effective August 13, 2012 as a Residential Mortgage Originator. A Residential Mortgage Originator is defined as: A person who accepts a residential mortgage loan application or offers or negotiates terms of a residential mortgage loan Program Policies and Procedures: The following Policies and Procedures have been created to address the AML/SAR requirements for the company. 1. Risk Assessment a. What Risk does the organization face? C2 Financial Corporation (C2) is a mortgage company, engaging in the business of originating and brokering mortgage loans, the company does not close or fund loans. Majority of the business of C2 is originating and brokering conforming first mortgage loans. The loan originators may offer second mortgage loans, jumbo products, FHA products, HELOC loans and reverse mortgage loans in certain areas based on their experience and the offerings of the Lenders C2 does business with. C2 is licensed in Arizona, California, Colorado, Florida, Missouri, Nevada, Oregon, Texas and Washington. There are approximately 400 loan originators at any given time and majority of these originators are located in and doing business in California. Mortgage fraud, misrepresentations and false documentation are the largest risks faced by C2. Examples of possibly Mortgage Fraud that the company could be at risk for is: occupancy fraud, straw buyer fraud, income fraud, and employment fraud. b. Customer Assessment what risks could they pose? i. In assessing the risks facing C2, the largest risk faced is mortgage fraud and being given fraudulent information from a borrower, this would include income and employment fraud, occupancy fraud and possibly straw buyer fraud. ii. Money Laundering and utilization of funds from a Mortgage to fund Terrorist Activities is not a large risk for a Mortgage Broker because as a Mortgage Broker C2 does not fund the loans or lend the money directly to the borrowers. Our role as a Broker is to arrange financing for the borrowers and to negotiate FinCEN AMLSAR Program Page 1
terms, take the application and gather the necessary information for the Lender to make a decision on the loan and to ultimately fund the loan. iii. In looking at the customer base, products and services offered, geographic locations, size and how the applications are taken the company needs to be aware of mainly how the applications are taken. While there are a good number of loan originators, 300 400 approximately, they are all licensed and competent to be originating loans. They have a very broad customer base and do not discriminate and will work with borrowers of all income levels, backgrounds and walks of life. The originators understand that they must be aware of their surroundings and keep their eyes open for anything that looks to be suspicious. The only products offered by the company are those that are provided to us by the Lenders in which we have contracted with. The biggest risk facing the originators comes in how the applications are taken as online application or information provided by email or over the phone may not be as accurate; additionally it is easier for a borrower to try to perpetrate fraud if they are not looking at someone face to face. Gathering the information to complete the loan application and ensuring it is accurate is the biggest risk facing C2 with regards to AML/SAR issues. 2. Compliance Officer Requirement: Due to the size of the corporate staff of C2, the company is appointing Andrea Vasquez as the Compliance Officer for purposes of AML/SAR reporting and this program (the AMLCO). The AMLCO does not act in the capacity of Compliance Officer with regards to any and all other compliance matters, including but not limited to licensing, compliance with state and federal rules and regulations, examinations or other compliance matters, these duties have been assigned to Outside Counsel for Compliance due to the nature of the organization. The AMLCO will work directly with the Outside Counsel for C2 in fulfilling his duties under this program. a. In this, the AMLCO will work with Outside Counsel to establish and maintain procedures to ensure compliance with the AML statutes. b. The AMLCO will provide updates periodically on the AML/SAR to corporate staff and origination staff ensuring they are aware of the company s policies and procedures. c. The AMLCO will ensure records are maintained and that accurate information is provided to Outside Counsel in order to file any needed SAR or other reports. d. The AMLCO will work with the Outside Counsel with regards to acting as a liaison with Regulators, Law Enforcement and others when applicable, but will ultimately delegate this responsibility to Outside Counsel as this would be better handed by them. 3. Anti Money Laundering Policies, Procedures and Controls: Because C2 is a Mortgage Broker; we do not have strict policies and procedures in place with regards to our customers and money laundering or terrorist financing. C2 does not fund loans and therefore does not wire funds to a borrower. C2 assists in arranging mortgage financing for borrowers, but will not control or FinCEN AMLSAR Program Page 2
disperse funds and because of this C2 does not have policies, procedures or controls in place with regards to actions such as wire transfers, handling monetary instruments, or reviewing or mitigating high risk with customers. 4. AML/ SAR Training: Corporate staff will be required to review this program and attend an annual training overview course on AML/SAR. Those individuals involved in quality control and compliance will be required to attend a training course on AML/SAR either internally or one provided by an outside course provider that will provide them with more detail and information on what to look for as a part of their job duties. Additionally all loan originators are required to take a course on AML/SAR and provide the company of proof of completion of a course at the time they renew their license annually. This course may be provided to them internally or they may be required to take an outside course offered by an approved course provider. Regardless of where the training it done, it must be completed annually. a. Corporate Staff Overview Training: i. Staff must attend a brief meeting on the topic, will be provided with the original program to read and must sign attesting to reviewing the program and attending the meeting. ii. Annually the staff will be required to attend a meeting where they will be provided with any updates, legislative changes, new issues and be given the opportunity to discuss the program. They must sign in and attest to attending the meeting. iii. Upon hiring a new employee, they will be given a brief overview on the topic, provided a copy of the original program and any updates and must sign attesting to reviewing the program and being given an overview of the topic. 5. Suspicious Activity Reporting (SAR) Requirements a. Who is responsible for filing SAR s: The AMLCO will contact Outside Counsel for C2 with the necessary information and will assist outside counsel in filing the SAR with FinCEN through the BSA E Filing System. b. When is a SAR required to be filed: i. There are four categories of transactions that require reporting: 1. If a transaction involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity. a. Involves an aggregate of $5000 in funds or other assets 2. If a transaction is designed, whether through structuring or other means, to evade the requirements of the Bank Secrecy Act FinCEN AMLSAR Program Page 3
3. If a transaction has no business or apparent lawful purpose and the company knows of no reasonable explanation for the transaction after examining the available facts 4. If the transaction involves the use of the company (C2) to facilitate criminal activity. ii. If a loan originator reports to the AMLCO that there has been a transaction or activity that would fall into one of the four categories, the AMLCO will contact Outside Counsel to work with them in beginning an investigation. iii. Within 15 days of the report, all information must be gathered and Outside Counsel will begin the necessary reporting. iv. The final SAR on the transaction must be filed within 30 days of C2 becoming aware of the suspicious transaction. c. SAR decisions and senior management involvement: i. Review of the suspicious activity will be made by upper management and upper management, including the AMLCO, will be responsible for contacting Outside Counsel and discussing the situation and all parties involved will make the final decision on whether or not the transaction falls into one of the reporting categories and on how to proceed with the information that has been obtained. d. Completing the SAR, retaining documentation, ensuring the reports contain the details on: i. The AMLCO will work with the loan originator who has had contact with the borrower and was the first to notice the suspicious activity. They will collect the following information: Who, What, When, Why and How to ensure that they have enough information to accurately provide in filing the report. ii. This documentation will be provided to Outside Counsel along with any necessary contact information of the loan originator, in case Outside Counsel needs more information to complete a report. iii. All written documentation will be maintained with the loan file on the transaction at issue. This will be scanned as part of the loan file. The internal report maintained by outside counsel and the AMLCO will note the loan file number and any other info necessary to locate the file. iv. All SAR records will be maintained for a period of five (5) years from the date of filing. e. SAR confidentiality requirements: All SAR Reports are strictly confidential. i. The SAR, any information related to the SAR and any information that would reveal the existence of an SAR shall be maintained and kept strictly confidential. The only parties involved in the discussion of the SAR and the transaction must FinCEN AMLSAR Program Page 4
be involved in the transaction or bound by confidentiality due to their position within the company. ii. It is strictly prohibited to reveal that a SAR has been filed or to disclose the SAR iii. The only exception to this prohibition is it is allowable to disclose the SAR and details of the SAR to requisite agencies such as FinCEN, Federal, State or Local Law Enforcement Agencies or a Federal or State Regulatory Agency that examines C2 for compliance with the Bank Secrecy Act. f. Monitoring for Suspicious Activities: i. C2 currently has a system in place to monitor loan files for mortgage fraud, through verification of deposits, verification of employment, verification of taxes/income through the issuance of a 4506T form, and has staff in place to review a percentage of the files closed after funding to ensure the information provided is accurate and can be verified by known sources. ii. If suspicious activity is detected through the normal loan quality control process this will be reported to the AMLCO for further investigation and reporting with the Outside Counsel. iii. As mentioned above, all Loan originators must attend training on AML/SAR and monitoring for suspicious activities. They may do this through education providers such as AllRegs, ComplianceEase, Trainingpro, or other educational providers. 1. Loan Originators must take a course, at least annually, designed to train them on monitoring for suspicious activities. 2. Proof of compliance with this training requirement must be provided to C2 corporate staff upon their annual renewal of their loan originator licenses, by Dec. 31 st. 3. In addition to the loan originators, the quality control staff will also attend training on monitoring for suspicious activities so that they are as familiar with the information and can assist loan originators if necessary. g. Handling Law Enforcement/Regulatory requests, complying and assisting with investigations, supporting documentation and verification of the identity of the requestor: i. All law enforcement and regulatory requests will be handled through Outside Counsel for C2. Management and corporate employees will assist outside counsel in obtaining any necessary documentation, but all correspondence and communication with law enforcement and regulatory agencies will be directed to outside counsel and Outside Counsel will review and disperse all company correspondence, responses, etc. with such agencies. FinCEN AMLSAR Program Page 5
h. Safe Harbor provisions: If C2 provides information to a law enforcement or regulatory agency as a voluntary disclosure of any possible violation of law they are not liable to any person under any law or regulation for such disclosure or for failure to provide notice of such disclosure. 6. USA Patriot Act Requirements a. CIP (Customer Identification Program) Program: i. C2 requires all loan originators to collect Identifying information on all borrowers in connection with their loan transactions through two patriot act forms that are required on all loans and by viewing borrower (customer) identification. ii. Each borrower must provide proof of their identification through a photo ID and completion of the Information Disclosure: Patriot Act Form. Additionally each Loan Originator must complete the Customer Identification Documentation: Patriot Act Form based on their observations. iii. Copies of the identification used, and both forms are maintained in the loan file on the transaction. b. P&P on Customer Due Diligence and/or Enhanced Due Diligence: i. The policies and procedures in place with regards to Customer Due Diligence and the Patriot Act include requiring loan originators to complete one form verifying their visual inspection of the identification provided and to have another form completed by the borrowers. Both of these must be provided with every loan file. These policies and procedures are located in the disclosure section of the loan officer handbook. c. Policies and Procedures for information sharing in Compliance with section 314(a) of the Patriot Act: i. Policy C2 will report any instances of suspected terrorist activity or use of funds derived from a mortgage loan they are assisting in originating to the appropriate State and Federal Law Enforcement Agencies. ii. Procedure C2 will provide any and all information with regards to a suspicious transaction to their Outside Counsel, who will do a brief investigation and immediately report the issue to law enforcement. d. Participation in Section 314(b) Cooperation among Financial Institutions: i. C2 does not participate in the cooperation among Financial Institutions with regards to the sharing of information. Due to the nature of the business of C2, the company feels that this is not necessary. Should the need to share information arise, the company would create the necessary policies and procedures and would ensure compliance with Section 314(b). FinCEN AMLSAR Program Page 6
7. OFAC Requirements (Office of Foreign Asset Control) a. P&P for monitoring and updating the SDN (Specially Designated Nationals) list to ensure that they are not doing business with restricted individuals or entities (website: http://www.instantofac.com/) : i. C2 does not lend money or disperse funds to individuals and therefore relies on the lender or financial institution that will provide the funds to the borrower to ensure that they are not dispersing funds to an individual on the SDN list. b. If Reporting with OFAC is needed, P&P s on how to handle it and who will report: i. C2 feels that it is not necessary to have P&P s in place to handle SDN list monitoring as they rely on the lender to ensure that they are not providing funds to individuals on this list as C2 does not and will not have control over these funds. 8. Training Program a. Loan Originators: C2 addresses FinCEN AML/SAR through the inclusion of this program in the Loan Officer Handbook and through the requirement of training/education classes to be taken by the loan originators. b. Corporate Employees: The employees responsible for quality control of the loans are also required to attend training/education on AML/SAR to ensure they are adequately trained to monitor for the possibility of money laundering or other suspicious activity within a loan file. Additionally they are trained so that they may assist the loan originators in any issues they potentially see and to answer any questions they may have. c. Testing and Monitoring of the Program: The program is tested through independent verification by the quality control staff; in that they review a percentage of the loan files after close to ensures that there have been no potential issues missed. Additionally files are reviewed periodically by Outside Counsel for compliance and AML/SAR is included in this review. The originators must provide proof of completion of their training annually and this will be maintained in their files. d. Annually outside Counsel will review the program and do testing to ensure that it is operating as necessary considering the size and risk of the operations. FinCEN AMLSAR Program Page 7