Digital Marketing: Artificial Intelligence and Behavioral Analytics

QUESTION 

Our company has signed up marketing people who offer digital marketing. Our CEO is adding experts in artificial intelligence and behavioral analytics to our marketing department. As the Compliance Manager, I am concerned. 

I came here from an online lender, so I am not naïve about online marketing tools. Digital marketing is mostly a fancy name for online marketing, meaning the leverage of numerous channels such as resources for behavioral modeling, search engines, social media, all kinds of websites, emails, text messages, and a host of multimedia. This is a veritable forest of minefields governed by regulations. 

I get it! We need digital marketing for brand awareness and to generate business. Most consumers these days expect a branded, online presence. But the stakes are high, especially because the ability to police digital marketers is ridiculously labor intensive. 

However, the CFPB has recently been making lots of noise about digital marketing providers. It is going to hold digital marketing providers liable for UDAAP violations – and now we’re going to employ these people right here in my company! I’m worried about the implications. I need some insight into what to expect. 

What are the implications for hiring digital marketers or using digital marketing providers? 

ANSWER 

On August 10, 2022, the Consumer Financial Protection Bureau (CFPB) issued an interpretive rule that addresses when digital marketing providers who commingle the targeting and delivery of advertisements to consumers are covered by the Consumer Financial Protection Act of 2010 (CFPA). 

Under the interpretive rule,[i] when digital marketing providers are materially involved in a covered person’s content targeting, the digital marketing provider does not meet the time or space exception to the service provider definition. As a result, those digital marketing providers would typically meet the definition of service provider under the CFPA and be subject to that law’s consumer protections. 

Let me dig a little deeper and provide some background and context. 

Section 1002 of the CFPA defines the term "service provider" and sets forth two exceptions to that definition. Our focus is on the time and space exception. 

            Time and Space Exception 

Under one of those exceptions, a person is not a service provider solely by virtue of such person offering or providing to a covered person time or space for an advertisement for a consumer financial product or service through print, newspaper, or electronic media. 

When digital marketing providers go beyond traditional advertising, such as by using algorithmic models or other analytics, they are typically covered by the CFPA as service providers. The interpretive rule explains that the time or space exception does not cover digital marketing firms that are materially involved in developing content strategy. 

Many digital marketing providers play a dramatically different role in consumer advertising than traditional media sources like print newspapers or radio stations. Many digital marketers target and deliver ads to specific consumers using sophisticated analytical techniques, including machine learning (i.e., artificial intelligence, or “AI”) and behavioral analytics, to process large amounts of consumer data. In other words, many digital marketers aggregate and analyze immense amounts of granular consumer data and then use that data to determine what advertisements to provide to specific consumers at what times. 

The CFPB’s interpretive rule explains that digital marketing providers commingle the service of targeting and delivering advertisements with the activities of traditional media sources in providing airtime or physical space. 

Digital marketing providers obtain data from various sources, including, but not limited to, data collected directly from consumers, for instance, when registering for an account or conducting a search query into a search bar. 

Furthermore, digital marketers may harvest a wide variety of consumer data by monitoring and tracking a consumer’s web activity, including their browsing history, online activity, and even geolocation. There is a scary term for this type of marketing: surveillance advertising. 

Digital marketers may also obtain data from third-party data brokers or second-party partnerships with other companies. Using these tools and others, digital marketers collect granular consumer data that they analyze to develop insights about consumers’ behavior more broadly. 

The ways in which digital marketing providers specifically target ads are varied and evolve over time. Ultimately, the digital marketer may decide which group(s) the consumer belongs in and which financial services companies want to advertise to that group. Then they select the specific ad to display to that consumer and/or when to display the ad based on other factors (i.e., the amount a firm is willing to pay to display the ad). 

Thus, many digital marketing providers are materially involved in developing content strategy by identifying or selecting prospective customers and/or selecting or placing content to affect consumer engagement, including purchasing or adopting behavior. These activities go well beyond the activities of traditional media sources, such as print newspapers or radio, that only passively provide airtime or physical space for advertisements. 

The interpretive rule[ii] sets forth delineations for digital marketing being (1) a material service and (2) liable for UDAAP violations. 

As the interpretive rule explains: 

Digital marketers provide material services to financial firms. 

A material service is one that is significant or important. Digital marketing providers are typically materially involved in the development of content strategy when they identify or select prospective customers or select or place content to encourage consumer engagement with advertising. Digital marketers engaged in this type of ad targeting and delivery are not merely providing ad space and time, and they do not qualify under the time or space exception. 

The CFPB, states, and other consumer protection enforcers can sue digital marketers to stop violations of consumer financial protection law. 

Service providers are liable for unfair, deceptive, or abusive acts or practices under the CFPA. When digital marketers act as service providers, they are liable for consumer protection law violations 

A company is subject to the CFPA, including its prohibition on unfair, deceptive, or abusive acts or practices, if it offers or provides a financial product or service for use by consumers primarily for personal, family, or household purposes.[iii] And a “service provider” is also subject to the CFPA, including its UDAAP prohibition.[iv] 

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] CFPB Warns that Digital Marketing Providers Must Comply with Federal Consumer Financial Protections, Press Release, Consumer Financial Protection Bureau, August 10, 2022

[ii] Limited Applicability of Consumer Financial Protection Act’s “Time or Space” Exception to Digital Marketers, Interpretative Rule, August 10, 2022

[iii] See 12 U.S.C. 5481(5), (6), (15)(A); 5531; 5536.

[iv] See 12 U.S.C. 5481(26); 5531; 5536.

Monitoring Trusts for AML Compliance

QUESTION 

We have an issue involving trusts and anti-money laundering. Our bank serves its customers through five branches. I am the AML officer, and we have a Compliance Manager. 

It was our understanding that trusts are not used to launder illegal funds. But, recently, we have a new customer account owned by a trust. Based on our review, we believe we should file a Suspicious Activity Report. We think the trustee is directly involved in transactions that would require us to file a SAR. 

We want to know more about trusts in connection with possible AML requirements. Also, please let us know about some risk factors to consider. 

What are the features of trusts and the impact on upholding AML monitoring? 

And what are some risk factors relating to abusing trusts in money laundering? 

ANSWER 

The Financial Action Task Force (FATF) recognizes the misuse of trusts for money laundering as a global problem. I will provide an overview of trust activities that evince vulnerabilities for money laundering crimes. My answer is perforce somewhat cursory because of the intricate legal and regulatory compliance risks associated with this aspect of AML compliance. 

The FATF has identified characteristic AML and Counter Terrorist Financing (usually referred to with the acronym “CFT”) vulnerabilities of trusts that include 

(1) problematic relationships among the settlor, trustee, and beneficiary of a trust; 

(2) use of specific trust provisions to obscure relevant facts; and 

(3) use of trusts to take advantage of jurisdictional differences. 

In the United States, a trust is a legal arrangement created and governed under state law (whether statutory or common law) of the jurisdiction in which it was formed. A trust is generally a relationship created by an arrangement between the grantor and the trustee, under which the trustee assumes fiduciary obligations to the trust’s beneficiaries. 

The legal title to any property held in trust is controlled by the trustee, who is then charged with the responsibility of administering that property for the benefit of one or more beneficiaries. The beneficiaries of the trust may receive the economic benefits from the trust property but generally have no power over the investment or distribution of that property. The duties, powers, and responsibilities of these parties are determined by the law of the jurisdiction of formation of the trust and by the trust agreement. 

Central to trust law is a set of fiduciary duties or obligations imposed on every trustee, one effect of which is to require that the trustee have and maintain information about other parties relevant to the trust, including co-trustees, the grantor, and the beneficiaries of the trust. However, several states have recently enacted or proposed trust legislation that may run counter to conventional trust law in some ways. This includes, for instance, the formation of a domestic asset protection trust (DAPT) similar to those in South Dakota and Wyoming. 

Many people are unaware of the fact that Federal law does not regulate trusts. Rather, federal law applicable to trusts is primarily directed toward the taxation of trust income. U.S. trusts are taxed on U.S. and foreign source income, and foreign trusts are taxed only on U.S. source income. 

A trust with income generating a U.S. tax liability is required to file an annual income tax return with the IRS and may be required to file an income tax return with a state, if applicable. That return will disclose the identifying information and tax identification number of each beneficiary who received taxable income from the trust during that year. 

A foreign trust with no U.S. source income need not file an annual income tax return with the IRS and therefore need not disclose its beneficiaries to the IRS. A trust formed under U.S. law may be treated as a foreign trust for tax purposes if a non-U.S. person has control over one substantial decision of the trust (i.e., a non-U.S. protector with authority to decide whether to replace a trustee). 

Under reciprocal Foreign Account Tax Compliance Act intergovernmental agreements, the IRS is not required to automatically exchange information on accounts maintained by U.S. financial institutions – including accounts held by foreign trusts – if the account does not receive income during the year or receives only foreign source income. 

So, given the foregoing outline, would it not be appropriate for trustees to be subject to the Bank Secrecy Act (BSA)? 

The answer may surprise you: trustees (except for trust companies) are not subject to the BSA. 

When misused, trust and asset management accounts can conceal the sources and uses of funds – and the identity of beneficial owners. 

Some factors that may serve as indicia of a higher risk that a trust is being used for inappropriate purposes include 

(1)   unusual account relationships and circumstances, 

(2)   questionable assets and sources of assets, 

(3)   and other potential risk areas, such as offshore accounts, private investment companies, and funds transfers to or from offshore accounts. 

There are numerous AML incidences where trustees have been caught abusing trusts. For instance, in October 2021, six defendants were charged with conspiring to defraud the IRS and other fraud offenses from at least January 2015 through September 2018. According to the superseding indictment, as part of the tax fraud scheme, the conspirators allegedly filed fraudulent individual tax returns and other tax documents that reported false withholdings from mortgage lenders and then claimed substantial refunds from the IRS. After processing the false returns, the IRS allegedly issued over $1 million in refunds. To prevent the IRS from recovering the fraudulently obtained refunds, the conspirators allegedly created trusts, opened new bank accounts in the name of business entities and the trusts, and transferred the criminal proceeds between the accounts to conceal the funds from the IRS.[i] 

To date, the available evidence does not indicate that trusts established within the United States are frequently used for money laundering purposes. They are used for tax avoidance purposes by both U.S. and foreign persons. While that is distinct from money laundering, it still is of interest to the Treasury Department. 

Where trusts were identified as being used to launder money, they relied on strawman trustees (trustees willing to act illegally) to provide a clean name for the trust documents. The U.S. government is seeking to expand its understanding of whether and how U.S. trusts are misused for illicit purposes in the United States.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] “Six Defendants Charged with Conspiring to Defraud the IRS and Other Fraud Offenses,” (October 15, 2021), US/DOJ, District of Hawaii, https://www.justice.gov/usao-hi/pr/six-defendants-charged-conspiring-defraud-irs-and-other-fraud-offenses

Mortgage Fraud versus Money Laundering

QUESTION         

We recently completed your AML audit test and found that mortgage fraud and money laundering differ. This became clear when we learned that layering occurred on one of our loans. 

Three people were involved in a mortgage fraud scheme. Two stole the personal information, and the other one used that information to obtain a fraudulent loan. She became our borrower. Once the borrower received the loan's proceeds, some of the funds were transferred to the other two accomplices. We were shocked. 

Our question involves finding out how to identify mortgage fraud as distinct from money laundering. 

What is the difference between fraud and money laundering? 

ANSWER

Conducting the test of the Anti-Money Laundering Program is statutorily required. Each Residential Mortgage Lender and Originator[i] ("RMLO") must adopt a policy and procedure for Anti-Money Laundering in recognition of its obligations under the Bank Secrecy Act ("BSA"), other related money laundering regulations, the requirements of the Financial Crimes Enforcement Network (FinCEN), and federal and state licensing agencies. 

Testing every twelve months is recommended but not later than every eighteen months. An audit of the procedures must be conducted either internally, pursuant to FinCEN guidelines, or by an independent, external auditor entirely independent of the BSA Officer. Most clients retain us to conduct the audit test every twelve months. Our firm was the first in the country to offer AML testing for RMLOs.[ii] 

You can request information about our AML policy, testing, and training HERE. 

Simply stated, fraud creates value for the fraudster. Money laundering is the process by which that value enters the financial system and then moves around within and exits the financial system. 

Money laundering is the criminal practice of processing ill-gotten gains, or "dirty" money, through a series of transactions; in this way, the funds are "cleaned" so that they appear to be proceeds from legal activities. In effect, money laundering is the process of disguising funds derived from illicit activity in order to permit the use of the funds without the detection of the illegal activity that produced the funds. 

Fraud negatively impacts an organization's balance sheet, as the fraud will likely result in a loss of assets. The goal of a fraud is to steal value from the financial services provider. 

On the other hand, money laundering often boosts the balance sheet of a financial institution, as it results in greater use of the organization's products and services and more fee income. Money launderers are accustomed to paying a premium to place their funds in the financial system and often are less sensitive, if not indifferent, to the costs of moving such funds within the financial system. 

FinCEN has amassed substantial data on mortgage fraud. Traditional mortgage fraud involves homebuyers and/or lenders who falsify information to obtain a home loan. Other forms of mortgage fraud have proliferated in recent years and may include a plethora of scams, such as mortgage rescue and loan modification scams, reverse mortgage scams, rent-to-own scams, and bait-and-switch scams. 

Scammers may pose as lawyers, credit counselors, forensic loan auditors, mortgage loan auditors, or foreclosure prevention auditors. Indeed, in our AML tests and risk assessments, we have found that in both money laundering and terrorist financing, criminals can exploit loopholes and other weaknesses in the financial system to launder criminal proceeds, finance terrorism, or conduct other illegal activities, and, ultimately, hide the actual purpose of their activity. 

Terrorist Financing and Money Laundering

Since I'm providing an understanding of the difference between mortgage fraud and money laundering, I think this is a good place to clarify the difference between terrorist financing and money laundering. Many people think they're the same, but that is not true. 

Money laundering and terrorist financing are distinctly different criminal acts. However, as the law enforcement community has investigated how terrorists finance their activities, they have found that money laundering is often a necessary part of financing terrorist efforts. 

Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same or similar to those used by other criminals who launder funds. For example, terrorist financiers use currency smuggling, structured deposits or withdrawals from bank accounts, purchases of various types of monetary instruments, credit, debit, or prepaid cards, and funds transfers. 

Getting back to the concept of "clean" funds versus "dirty" funds, terrorist financing may involve either of them. Clean funds are funds obtained from ostensibly legitimate sources, such as personal employment, donations to a charitable organization, or the good faith purchase of goods – the purpose of which is the intention to use or contribute the proceeds therefrom to fund terrorist activities. 

Dirty funds, however, are those obtained through criminal activities. Terrorists have reportedly relied on extortion, kidnapping, narcotics trafficking, smuggling, fraud, theft, robbery, identity theft, and the use of conflict diamonds[iii] to raise money for their activities. 

Money laundering is typically described as occurring in three stages: placement, layering, and integration. However, as more financial transactions are conducted electronically, the lines between the three phases are gradually blurring.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] Briefly put, a person who accepts a residential mortgage loan application or offers or negotiates terms of a residential mortgage loan.

[ii] Residential mortgage lenders and originators (RMLOs – known as “mortgage companies” and “mortgage brokers” but not individual loan originators) were subject to the Bank Secrecy Act’s (BSA) anti-money laundering regime pursuant to a regulation published in the Federal Register on February 14, 2012 by FinCEN, a part of Treasury that implements the U.S.’s anti-money laundering regime. Under the new rules, RMLOs are required to develop and implement an anti-money laundering program (AML Program) and begin suspicious activity reporting (SAR filings) by August 13, 2012.

[iii] Conflict diamonds originate from areas controlled by forces or factions opposed to legitimate and internationally recognized governments and are used to fund military action in opposition to those governments, or in contravention of the decisions of the United Nations Security Council.

NMLS Exemption for Clerical Employees

QUESTION

We are trying to determine if our clerical employees must register with the NMLS. As a small lender, we believe that NMLS only licenses loan officers because there is an exception for clerical staff. 

Yet, when we read the NMLS website and review the SAFE Act, we get more confused. 

Are clerical employees exempt from having to register with the NMLS? 

And what about management employees doing administrative work – do they need to go through the NMLS? 

ANSWER 

Let’s be clear: the Nationwide Mortgage Licensing System and Registry (“Registry”) does not grant or deny license authority. Make sure you understand the role served by the Registry. 

The Secure and Fair Enforcement for (SAFE) Mortgage License Act[i] requires states to enact individual loan originator licensing requirements, enact by law or regulation a system for licensing and registering loan originators meeting prescribed specifications, and join the Registry. 

The Registry is maintained jointly by the Conference of State Bank Supervisors (CSBS) and the American Association of Residential Mortgage Regulators (AARMR). 

All 50 states adopted the Registry, the record system for non-depository, financial services licensing or registration. It is the official system for companies and individuals seeking to apply for, amend, renew and surrender license authorities managed through the Registry by state or territorial governmental agencies. 

The federal banking agencies jointly enacted a similar system for the registration of individual loan originators on the Registry system for employees of (1) a depository institution, (2) employees of a subsidiary that is owned and controlled by a depository institution and regulated by a federal banking agency, or (3) employees of an institution that the Farm Credit Administration regulates.[ii] 

The Registry establishes protocols for assigning a unique identifier to each registered loan originator that will facilitate electronic tracking.[iii] 

To understand the requirements for administrative and clerical employees, we begin with what tasks such employees perform. It is essential to begin with a description of the tasks (and functions)  rather than specific titles because the tasks are dispositive in determining if an employee must comply with the Registry mandates. 

Administrative or clerical tasks mean the receipt, collection, and distribution of information common for the processing or underwriting of a loan in the mortgage industry and communication with a consumer to obtain information necessary for the processing or underwriting of a residential mortgage loan. 

Usually, when I define the tasks this way, I am asked if loan processors and underwriters fit within the “administrative or clerical” category. 

The answer is, they may, if 

(1) they are W-2 employees of a mortgage broker, mortgage lender, or institution that is regulated by one of the federal banking agencies, 

(2) they are performing their duties at the direction and subject to the supervision of a state licensed or federally registered loan originator, and 

(3) any communications they have with a consumer do not include offering or negotiating loan rates or terms, or counseling consumers about residential mortgage loan rates and terms. 

Another common question is whether an independent contractor must comply with the Registry requirements. Loan processors and underwriters functioning as independent contractors must be state licensed or federally registered as loan originators and assigned a unique identifier.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

___________________________
[i] 12 U.S.C. § 5101, et. seq.
[ii] On May 29, 2009, the Federal Banking Agencies (Federal Reserve Board, OCC, OTS, FDIC, NCUA and Farm Credit Administration) issued a joint notice of proposed rulemaking concerning implementation of the SAFE Mortgage Recovery Act. [74 Federal Register No. 109, p. 27386]
[iii] For more information, the CSBS provides https://www.csbs.org/nationwide-multistate-licensing-system