Mortgage Fraud: Basic Categories

QUESTION 

We are reviewing our branch and home office procedures for identifying mortgage fraud. As the Compliance Officer, I receive all allegations of mortgage fraud for review. However, I can't be at all the branches all the time, and I want to be able to categorize some basic areas related to mortgage fraud. 

Each branch has a Branch Manager who works with a senior underwriter to identify potential mortgage fraud. The senior underwriter conducts a second review, and the Branch Manager provides oversight. Even with the training we do, there is no standardization for a categorical approach. What I am looking for is a list of the most likely areas of mortgage fraud. We would like to distribute the list so that it can be used throughout the company. It will help us to set basic standards. 

What are some of the basic categories of mortgage fraud? 

COMPLIANCE SOLUTION 

QC Tune-up® 

Forensic Mortgage Audit®

RESPONSE 

Mortgage fraud prevention is an area in which we have extensive expertise. Indeed, we invented the Forensic Mortgage Audit®, which uses loan-level reviews to detect mortgage fraud. I've provided expert witness representation and given testimony in cases related to mortgage fraud. Our clients regularly discuss potential cases of it with us. We've written policies and procedures to prevent it. I've spoken about it at conferences and written extensively on the topic, for instance, here. 

Here's my published article, with linked sections, entitled Mortgage Fraud Challenges: How to Catch a Crook. 

And I can tell you, based on my experience, crooks continue to find new ways to commit mortgage fraud all the time. To identify the means and methods of these crooks requires staying one step ahead of them – and, even then, they devise new plans to scam, deceive, rip off, con, double-deal, cheat, and skunk their way toward new contrivances of chicanery. 

For instance, request information about our Identity Theft Prevention Program – a program which, by the way, is a statutory requirement. Our policy provides an extensive list of the various nefarious methods by which thieves commit mortgage fraud. 

If you are a subscriber to our newsletters, we will be happy to provide our checklist of Common Red Flags for Mortgage Fraud. Just request it here! 

BASIC CATEGORIES

The basic features of mortgage fraud revolve around intentional deception or misrepresentation to obtain a mortgage loan or to profit from the lending process. 

If you're looking for a basic set of mortgage fraud categories, it is possible to group them into a few areas, with the proviso that this construct is a very high-level outline. The outline should not be taken as comprehensive. But if you want to offer it to the affected personnel, it might help to streamline the review process. 

I think you should still be notified that a mortgage fraud review is taking place, even if the second review clears it. Be aware of potential false positives! 

In my opinion, mortgage fraud can be categorized into fraud for housing, fraud against homeowners, and fraud for profit. Unfortunately, industry professionals are often involved in mortgage fraud activities in pursuit of profits. 

So, let's outline these categories. 

Fraud for Housing 

This illicit activity happens when a borrower provides false information to acquire or maintain ownership of a home. A borrower commits this type of fraud to obtain or maintain ownership of a home in an illegal manner. They may misrepresent their financial standing to qualify for a loan they would not otherwise be able to get. 

Categories of Fraud For Housing 

Income and Employment Fraud 

Falsifying or inflating income, fabricating employment history, or creating forged documents like W-2s, tax returns, and bank statements to qualify for a larger loan or a better interest rate.

Identity-Related Suspicious Activity

QUESTION 

We are a large mortgage lender in the West. A hedge fund owns us. Recently, the hedge fund came down hard on our compliance department for allowing the originating of loans that our AML process should have screened out. They were up in arms because our state regulator issued an administrative action against us. 

We didn't file some SARs that were identity-related, but we did document why the SARS were not filed. That didn't satisfy the regulator because they said we did not follow our own AML program guidelines. We may now lose our Safe Harbor because we didn't file the SARs by following our own policy. 

There are other issues, but the biggest one involves not screening for identity-related suspicious activity. That's the regulator's term: "identity-related suspicious activity." 

The auditor we hired to do our annual AML test was fired. Now, to comply with the regulator, we have to find an auditor who will work with us to review the last 36 months to determine if we should have filed more identity-related SARs. This is a massive undertaking. I am one of several operations persons drafted into the compliance department to assist. I want to know more, and I hope you will give us some feedback. 

What is identity-related suspicious activity? 

ANSWER 

We provide Anti-Money Laundering (AML) testing and training. We were the first compliance firm in the country to offer testing, training, and a written AML Program. Also, we handle large AML due diligence projects such as the one you've described. If you want information about our AML compliance support, contact us here. 

For years, the Financial Crimes Enforcement Network (FinCEN) has issued trend analyses showing that identity-related suspicious activity is a huge percentage of filings. For instance, in 2021, approximately 1.6 million SARs (42% of the SARs filed that year) related to identity, which was $212 billion in suspicious activity. 

Just a few weeks ago, FinCEN published its findings as part of its ongoing Identity Project ("Report").[i] The Report outlines how bad actors exploit identity-related processes in processing transactions as well as opening and accessing accounts. 

I will provide a cursory overview of the Report and then move on to an answer to your question. 

TYPOLOGIES 

The Report discusses the existence of significant identity-related exploitations through various schemes. FinCEN identified over fourteen "typologies" commonly indicated in identity-related SARs. 

The most frequently reported were 

(1) fraud,

(2) false records,

(3) identity theft,

(4) third-party money laundering, and

(5) circumvention of verification standards. 

These top five typologies accounted for 88% of identity-related SARs and 74% of the total suspicious activity reported in 2021. 

TRENDS 

Trends found in the BSA reporting include: 

·       Although identity-related suspicious activity impacted all types of financial institutions, depository institutions filed the most identity-related BSA reports, which was about 54% of all identity-related filings. 

·       The impact of identity-related exploitations by BSA report volumes and cited U.S. dollar values are significant. Attackers most frequently use impersonation tactics, followed by compromise during authentication, and then circumvent verification to evade detection. Compromised credentials have a disproportionally large monetary impact compared to impersonation and circumvention. 

·       The Report found that compromised credentials have a disproportionate financial impact compared to other types of identity exploitation. 

SAFE HARBOR 

I will not comment on your company's exposure to losing the Safe Harbor except to point out that the Safe Harbor provision of the Bank Secrecy Act (BSA)[ii], among other things, shields financial institutions, their officers, and employees from civil liability for reporting known or suspected criminal offenses or suspicious activity by filing a SAR. From your question, I can't tell who told you that your company may lose the Safe Harbor. 

The Safe Harbor provides immunity to any "financial institution that makes a voluntary disclosure of any possible violation of law or regulation to a government agency." This protection precludes liability under any federal, state, or local law, or regulation, or under any contract. Nevertheless, courts have disagreed about the scope of the protection it affords. You should be working with competent counsel in responding to the regulatory agency. 

SCREENING PROCEDURES 

It seems to me that your screening procedures failed to identify identity-related suspicious activity. You state that the regulator alleges you did not follow your own AML program procedures. That infers that you have procedures in a ratified AML Program that were not implemented. 

There are three stages to a systemic framework that mitigates identity-related suspicious activity.[iii] These stages are: (1) Validation; (2) Verification; and (3) Authentication. I do not think this framework is failsafe, but it is quite comprehensive. Nonetheless, in the age of Artificial Intelligence, we can expect updates to these stages. 

The following is a brief outline of each stage. 

Validation 

The validation stage begins when a customer presents identity attributes and supporting evidence (i.e., birth certificate, passport, driver's license, and so forth) – in person or remotely – for review by a financial institution. The financial institution then attempts to determine:

a)     Whether the presented identity exists (i.e., whether it is tied to a real-life identity);

b)     Whether the presented identity is unique (i.e., whether it is claimed by only one entity);

c)     Whether the presented information and evidence are authentic and accurate. 

Generally, the financial institution makes these determinations by comparing the presented information and evidence against authoritative government data, such as public records and Social Security Administration data, or third-party data sources, such as credit reporting agency, utility, and employer data (i.e., independent and reliable data sources). 

Verification 

In the verification stage, the financial institution confirms that the previously validated identity evidence belongs to the customer. The financial institution may, for instance, match the customer's appearance in person (or virtually) via photo or video to a photo on the customer's driver's license, passport, or other photo identification. 

Verification tools and techniques can rely on humans or be entirely automated. These tools may also use biometrics like facial recognition and "liveness" detection or verify documents and attributes to determine a match. This process may also use various other technical and risk data from third parties. 

Authentication 

In the authentication stage, a financial institution assesses whether the customer is who they purport to be based on the customer's possession and control of valid "authenticators." Financial institutions may also engage in other activities involving transactions, such as verifying counterparties and other transaction monitoring. 

Authentication is supposed to provide "risk-based" assurance that the customer is the same customer whose identity was validated and verified during previous steps of the identity process. 

The authentication process can occur in person or remotely, be manual or digital, rely on humans or machines, and is considered more robust when it depends on multiple authentication factors (i.e., multifactor authentication). 

Common authentication factors include: 

a)     Ownership of something the customer has (i.e., a badge, phone, or cryptographic key);

b)     Knowledge of something the customer knows (i.e., a password, passphrase, or PIN);

c)     Inherent or something the customer is (i.e., a fingerprint or other biometric data).

Credit Repair Services – Cautioning the Consumer

QUESTION 

Our CEO has notified our loan officers that she will not accept any applications where credit repair has taken place. Some of our loan officers now threaten to leave the company because they view credit repair as a legitimate business. 

Maybe it is and maybe it isn’t. I am not in a position to know. But I do know that the CFPB has been very litigious against credit repair companies for all sorts of violations. And the CFPB has been getting some hefty settlements. 

We have been tasked with drafting a pamphlet to give applicants about the hazards involving credit repair. We are supposed to say that our company will not process applications if a credit repair company is used. 

Since you have written about the scams to consumers and challenges to lenders from credit repair companies, I hope you can provide a brief outline for our pamphlet. 

What should our pamphlet say about the scams and dangers of credit repair? 

ANSWER 

I think there is a tendency to take the whole credit repair industry to task because of the frauds perpetrated by several of its members, large and small. It is better to educate consumers about the risks than to tar all credit repair services with the nefarious actions of bad counselors. Many credit repair companies make a positive contribution to consumers’ financial welfare. 

Generally, credit repair organizations[i] sell, provide, or perform any service in return for the payment of money or other valuable consideration for the express (or implied) purpose of improving a consumer’s credit record, credit history, or credit rating or providing advice or assistance to a consumer with respect to any such activity or service.[ii] 

You are correct in stating that there have been substantial settlements involving credit repair companies, two of the largest being CreditRepair.com and Lexington Law. The settlement was reached in litigation with the Consumer Financial Protection Bureau (CFPB). Both companies are now bankrupt, each owned by PGX Holdings, Inc., which is reorganizing in bankruptcy.[iii] The settlement, among other things, states that the companies collected illegal advance fees for credit repair services through telemarketing in violation of federal law.[iv] 

The stipulated judgment will impose more than $64 million in civil monetary penalties and a $2.7 billion judgment for redress. Plus, it will require notices about the settlement to be sent to enrolled consumers, including information about canceling the service. Finally, for ten years, the settlement bars these companies from doing business with certain marketing affiliates and bans them from telemarketing any credit repair services or others marketed through telemarketing. 

I won’t second-guess the reasons why your CEO has decided not to take a loan application if the applicant used a credit repair company, but considering the case of CreditRepair.com and Lexington Law, and the CFPB’s far-reaching the CFPB’s examination and enforcement authorities, she may be mindful of the legal, regulatory, and operational risks. 

Providing a pamphlet about credit repair to the applicant is a good idea. It is proactive. If you offer a pamphlet but do not accept loan applications from people who use or plan to use credit repair, it would be helpful to state the company’s position in the pamphlet and appropriate disclosures. But this is not just a business decision. 

Suppose you take the application but discover that the applicant used a credit repair service, and you have a blanket policy that rejects such applications. In that case, you may need to reject the application, possibly based on an inability to verify credit eligibility. That decision would cause the issuance of Regulation B disclosure (i.e., Adverse Action), which requires you to disclose why you rejected the application. The Equal Credit Opportunity Act (ECOA)[v] and Fair Credit Reporting Act (FCRA)[vi] would likely apply. In fact, there are several moving parts, regulatory, legal, credit underwriting, and operational, to the decision not to accept applications where credit repair is used. The decision to implement a blanket policy to ban all applications where consumers have used credit repair or credit relief guidance is fraught with risk. Before implementing these plans, I suggest you discuss them with competent counsel or compliance professionals. 

However, in general, issuing a pamphlet to applicants is worthwhile. You don’t have to discourage an applicant from using credit repair services if you offer the pamphlet to warn applicants about potential scams, frauds, ripoffs, shams, deceptions, swindles, and telemarketing crimes. The warning may be enough! 

Legitimate credit repair services follow numerous federal laws, including the Credit Repair Organizations Act[vii] and, as applicable, the Telemarketing Sales Rule,[viii] both of which forbid credit repair organizations from using deceptive practices and accepting up-front fees. 

The CFPB has provided substantial guidance to consumers. Several years ago, the CFPB issued a Consumer Advisory called Don’t Be Misled By Companies Offering Paid Credit Repair Services.[ix] The Bureau also published an article on How To Avoid Credit Repair Service Scams, which is easy to adapt to a pamphlet format.[x] A fine pamphlet on credit repair fraud, entitled Consumer Pamphlet: Credit Repair Fraud, is provided as a public service for consumers by The Florida Bar.[xi] In drafting your pamphlet, consider including these publications in your review. 

It would help if you listed some caveats in the pamphlet that can assist consumers in evaluating credit counselors. A well-known resource for finding a credit counselor is the National Foundation for Credit Counseling. Contact information about it can be offered in the pamphlet.[xii] 

Whatever caveats you choose, such a list should at least include these five Red Flags:[xiii] 

1.     They demand payment upfront. 

The company wants you to pay before it provides any services. Under the Credit Repair Organizations Act, credit repair companies can’t request or receive payment until they’ve completed the services they’ve promised. Some companies will structure monthly payment plans to avoid this requirement, and you should know that no form of upfront payment is legal. 

A simple rule to follow is “Don’t pay upfront.” If the company uses telemarketing such that the Telemarketing Sales Rule applies, the company may not request or receive fees until it has provided you with a credit report generated more than six months after the promised results that shows the results. 

2.     It sounds too good to be true. 

The company tells you it can get rid of the negative credit information in your credit report in a short period, even if that information is accurate and current. Also, if they promise a specific increase in your credit score or guarantee a certain result. 

No one can guarantee this. It simply takes time to repair your credit file. 

3.     They can’t answer questions.

The company representative can’t explain the specifics of the services they are offering you or the total cost for those services. 

Asking a few simple questions can help you determine if you are dealing with a reputable organization. 

4.     They hold back or provide misinformation. 

The company doesn’t inform you of your rights, including your right to obtain a written contract outlining the details of your arrangement, as well as having the ability to cancel your contract with the company within three business days. The company does not disclose the full cost of its services, and/or the company suggests that you should not (or cannot) contact any of the nationwide credit reporting companies directly (you can). 

5.     They ask you to misrepresent information. 

The company suggests that you try to invent a “new” credit identity – resulting in a new credit report – by applying for an Employer Identification Number instead of your Social Security Number. 

 

Jonathan Foxx, Ph.D., MBA

Chairman & Managing Director

Lenders Compliance Group

---

[i] See §1679a(3)(A)(i)-(ii), 15 USC Chapter 41, Subchapter II-A: Credit Repair Organizations, From Title 15: Commerce and Trade, Chapter 41—Consumer Credit Protection

[ii] Ibid. §1679a(3)(A), Credit repair organizations include entities that can or will sell, provide, or perform credit repairs.

[iii] Credit repairer PGX begins bankruptcy with $12 million loan, Knauth, Dietrich, June 6, 2023, Reuters. PGX also owns Credit.com.

[iv] CFPB Reaches Multibillion Dollar Settlement with Credit Repair Conglomerate, Press Release, August 28, 2023, Consumer Financial Protection Bureau; Bureau of Consumer Financial Protection v Progrexion Marketing, Inc.

[v] Equal Credit Opportunity Act

[vi] Fair Credit Reporting Act

[vii] 15 USC §§ 1679-1679j, FTC; Title IV of the Consumer Credit Protection Act, prohibits untrue or misleading representations and requires certain affirmative disclosures in the offering or sale of "credit repair" services. The Act bars companies offering credit repair services from demanding advance payment, requires that credit repair contracts be in writing, and gives consumers certain contract cancellation rights.

[viii] 16 CFR 310, FTC; The Telemarketing Sales Rule requires telemarketers to make specific disclosures of material information; prohibits misrepresentations; sets limits on the times telemarketers may call consumers; prohibits calls to a consumer who has asked not to be called again; and sets payment restrictions for the sale of certain goods and services.

[ix] Don’t Be Misled By Companies Offering Paid Credit Repair Services, Consumer Advisory, Consumer Financial Protection Bureau, issued September 20, 2016, updated December 3, 2019.

[x] How To Avoid Credit Repair Service Scams, Brown, Desmond, September 23, 2016, updated July 30, 2019, Blog, Consumer Financial Protection Bureau

[xi] Consumer Pamphlet: Credit Repair Fraud, The Florida Bar, updated June 2023, https://www.floridabar.org/public/consumer/tip005/. Note, the article appears to be copyrighted, so contact the organization for permission to publish it in whole or in part.   

[xii] The nonprofit National Foundation for Credit Counseling has a website at https://www.nfcc.org. Its telephone is 800-388-2227.

[xiii] Op. cit. x

Credit Card Relief Scams

QUESTION 

We allow our loan applicants to pay for certain services by credit card. One service that we do not offer is credit relief. But our loan officers send applicants with poor credit to a credit relief company. The credit relief company repairs their credit, which makes it possible for us to get them a mortgage on improved terms. Most of the time, their credit problems involve credit card debt. 

Recently, an attorney for one of our loan applicants contacted us about the applicant being scammed by the credit relief company. He's threatening to contact law enforcement, the state banking department, the FTC, and the CFPB. For what it's worth, I had told the CEO not to use credit relief companies, but he ignored me. 

I know you have written about all kinds of scams over the years. I want to show the CEO your feedback. Maybe he will change his mind about using a credit relief company. 

What are some dangers of using a credit relief company? 

ANSWER 

Yes, indeed, I have written extensively about credit relief companies. They pose a threat to the banks and nonbanks in many ways. Your scenario, unfortunately, happens all the time. The Federal Trade Commission (FTC) is very aggressive in going after these companies. 

If your CEO calls me, I will tell him to knock it off! He's playing with fire. Whatever his reasons (which I assume are based on profit incentives), the risk is much too high to justify such a tactic to originate mortgage loans. 

There is a constant stream of administrative and litigious actions against credit card relief scams. I'll pick just one bad actor out of the barrel of thousands of bad actors that have been caught in the FTC's net. But other federal and state agencies are continually monitoring and prosecuting these scammers. If your company is referring clients to them, you could come in for rather unpleasant special treatment by these agencies. 

Let's take a brief look at the FTC's action against a credit card debt relief scheme operated by Sean Austin, John Steven Huffman, and John Preston Thompson and their affiliated companies that allegedly took millions from people by falsely promising to eliminate or substantially reduce their credit card debt. 

In the Complaint, Federal Trade Commission v Acro Services LLC, et al,[i] the FTC alleged that, since 2019, Austin, Huffman, and Thompson operated a network of companies incorporated in Tennessee, Nevada, New Mexico, and Wyoming that worked together as a common enterprise to support their deceptive credit card debt relief scheme.[ii] Their companies allegedly operated under multiple names, such as ACRO Services, American Consumer Rights Organization, Consumer Protection Resources, Reliance Solutions, Thacker & Associates, and Tri Star Consumer Group. 

The deceptive and unlawful tactics allegedly included:[iii] 

Deceptive Telemarketing

The operators violated the Telemarketing Sales Rule[iv] by using telemarketers to call consumers and pitch their deceptive scheme. The telemarketers often falsely claimed to be affiliated with a particular credit card association, bank, or credit reporting agency and promised they could greatly reduce or eliminate consumers' credit card debt in approximately 12-18 months. 

Making Phony Debt Relief Promises

In marketing their services, the scheme's operators claimed to use several bogus methods to reduce or eliminate consumers' credit card debt. For example, they falsely claimed that consumers may qualify for a federal debt relief program or that a consumer doesn't owe the debt because it hasn't been "validated." 

Charging Deceptive Upfront Fees

Consumers who agreed to sign up for the debt relief program were charged an upfront enrollment fee of thousands of dollars depending on a consumer's available credit. They were falsely told it is part of the debt that will be eliminated as part of the program. Consumers were also charged monthly fees ranging from $20-$35 for "credit monitoring" services. 

To compound the misery, consumers who signed up for the defendants' services were allegedly told to stop making payments to their credit card companies and communicating with those companies. Consumers, however, were never informed that as a result of such actions, they could be sued for failing to pay their credit card debt, may accrue even more debt, and could damage their credit scores, which could also harm their ability to get credit in the future, the FTC alleged. Nice guys! 

They wound up being temporarily shut down, and their assets were frozen.[v] QED 

Consumers often do not know how to spot a debt relief scam. Two signs of this fraud are (1) the consumer gets an unsolicited call from a scammer helping to eliminate their debt, and (2) the scammer asks for upfront fees. Another trick of this nasty scam is where the scammer tells the consumer to cut off communication with creditors. When a debt settlement company says the consumer must cut off all contact with the creditors and doesn’t disclose potential consequences such as collection actions or damage to the consumer’s credit, that’s a red flag of a debt settlement scam. 

Other ornery stratagems include where the scammer refuses to send the consumer information about the debt relief company unless the consumer first provides financial information (such as credit card account numbers and balances, and offering guarantees about lowering or erasing the debit. 

I do not want to paint all debt relief companies with too broad a brush. Legitimate debt relief companies can help consumers to avoid bankruptcy and get their credit back on track. Most debt relief companies are debt settlement companies whose ultimate goal is supposedly to help the consumer settle their debt, sometimes for less than what they owe. But their services are never free, and often costly, with some companies charging significant fees for their help. 

Debt settlement companies may tell the consumer to stop paying debts during the negotiation process with creditors to enable them to expedite the settlement process; however, they do not tell the consumer to cease contact with the creditors. The idea of negotiating is to convince the creditors that the consumer cannot repay the borrowed amount. Through the negotiation, leading to a debt management plan, the goal is for the creditor to settle for less rather than getting nothing by pushing the debtor into bankruptcy. 

If your CEO wants to continue to use a credit relief company, he should insist that the company comply with applicable FTC guidelines. According to the FTC, upfront, a debt settlement company must disclose the fees, conditions, and terms of service; how long it will take to achieve results; the amount the consumer must save in a dedicated savings account before the company makes an offer to each creditor on the consumer’s behalf; money in a dedicated account is the consumer’s to withdraw at any time without penalty; and the account administrator is not affiliated with the debt settlement provider and doesn’t get referral fees 

Based on your question, your company is currently at legal and regulatory risk. I have only grazed the surface. Careful planning and appropriate due diligence must be done. Until that undertaking is conducted, resulting in legally sound guidelines, your loan officers should stop referring applicants to any credit relief company. 

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] Federal Trade Commission v Acro Services LLC, et al, US District Court, Middle District of Tennessee, 3:22-cv-00895, November 7, 2022

[ii] See FTC Halts Debt Relief Scheme that Bilked Millions from Consumers While Leaving Many Deeper in Debt, Release, November 30, 2022, Federal Trade Commission,

[iii] Idem

[iv] The Federal Trade Commission (FTC) enforces the Telemarketing Sales Rule.

[v] Temporary Restraining Order, Federal Trade Commission v Acro Services, et al, US District Court, Middle District of Tennessee, 3:22-cv-00895, November 21, 2022

Challenges of Cryptocurrency Compliance

QUESTION

We are writing a policy for cryptocurrency compliance. We are a mid-sized nonbank. I am the Compliance Manager, and I have two in support staff. Our Board of Directors thinks cryptocurrency will continue to be a part of bank and nonbank transactions. They retained a research firm that says it is growing quickly.

I recognize that there are benefits to cryptocurrency. However, in writing this policy, we see how it can also impact our Anti-Money Laundering safeguards. So, we need to know the risks of cryptocurrency triggering our AML tripwires. 

What are the safe versus risky features of cryptocurrency? 

ANSWER

Your question comes at a time when cryptocurrency is a hot topic in banking and government circles. Indeed, the Treasury Department views cryptocurrency as potentially leading to economic instability due to increased fraud risk in the absence of sufficient government regulation. The Washington Post reports:

“The Treasury Department will warn the White House that cryptocurrencies could pose significant financial risks that outweigh their benefits unless the government rolls out major new regulations, according to two people familiar with the matter.”[i] 

I speak with DC political types all the time, and I can tell you that a good percentage of them do not know what cryptocurrency is, let alone how to regulate it. Sometimes I wonder if they only just recently figured out how to send an email. Several of them are oblivious to how the Internet works, so I suppose they think it works by magic. 

But, there is no mystery to cryptocurrency. It’s not magic. 

Cryptocurrency is establishing itself as a legitimate alternative to traditional finance. As such, it should be regulated. And, as to linking it to Anti-Money Laundering (AML), you are entirely correct: there is a direct interface with Know Your Customer (KYC) processes and cryptocurrency. 

Understand that cryptocurrencies had a total market capitalization of $900 billion in June, which jumped to $1 trillion in August.[ii] That is astounding growth! 

You’ll need to become familiar with certain new terminology to make sense of cryptocurrency compliance. I will embolden a few words that are particular to cryptocurrency. So, let’s dig in! 

What is Cryptocurrency? 

Some people believe that cryptocurrency is impervious to scrutiny and appropriate regulation. The notion here is that transactions are “transparent” because they are kept in blockchain ledgers. Thus, it is erroneously thought, cryptocurrency can’t be well-regulated. However, these are simply digital ledgers that capture each transaction, which can be traced back to a wallet address. Transactions are time-stamped and immutable because to alter something in a ledger, every single block in the chain, across all its distributed versions, would need to be changed. 

There is also the view that cryptocurrency is where criminals hang out to hide their nefarious purposes. I don’t think that holds up to scrutiny. The fact is that only 0.15% of such transaction volume was related to crime in 2021.[iii] 

Is cryptocurrency vulnerable to cyberattacks? Well, yes and no. Wallets are owned and accessed by persons, which means they will be vulnerable to fraudsters and cybercriminals.[iv] But the blockchain technology that facilitates and records cryptocurrency transactions is nearly impossible to edit and is rooted in cryptography. However, cryptocurrency wallets need to be secured to protect them from attack. 

It seems to me that anyone who thinks cryptocurrency is a fad has not been paying attention. It jumped by 567% in 2021[v] and is forecasted to have a compound annual growth rate of 12.8% between 2021 and 2031.[vi] 

I have read that people in economies battling hyperinflation have avoided devaluation of their hard-currency wages by exchanging them for digital currencies, which are then used to pay for food and other products.[vii] In economies with high remittance-based GDPs, cryptocurrency seems to be a fast and reliable way to transfer funds overseas compared to traditional alternatives, which may offer poor exchange rates. Some large financial institutions also appear to recognize opportunities to mobilize in cryptocurrency investing. Small companies seem to acknowledge that cryptocurrency can fill financial access gaps in regions where the traditional finance market is more limited. 

But money attracts thieves! 

Criminality and Cryptocurrency 

Cash has anonymity, but crypto currency does not! Cryptocurrency transactions are traceable through the blockchain, and cryptocurrency wallets are represented by a numbered key rather than held in a natural or legal person’s name. Therefore, KYC is an essential tool in cryptocurrency compliance. 

Blockchain analysis can show the transaction history of a cryptocurrency coin or crypto wallet, but criminals will still find ways to obfuscate their source of funds and identities. The same risk and transaction patterns and factors used in KYC for traditional financial products show evidence of similar criminals, such as money launderers, cybercriminals, and traffickers. These crooks tend to adapt to and use the efficiencies of new technology. 

Vendors that provide wallets to businesses and individuals must aim to have an accurate and perpetual KYC record of persons they are onboarding and servicing. If there are signs of criminality, law enforcement can trace the behavior and know who is behind it. 

As cryptocurrency and its accessibility continue to grow, so does the evidence of criminal activity. International financial compliance regulators such as the Financial Action Task Force (FATF), the Financial Crimes Enforcement Network (FinCEN), and the European Union are taking the lead in developing regulatory approaches to virtual currencies. Although these efforts are critical, regulation is still much too tenuous and loose. Regulations certainly do not maintain international continuity. 

Another transaction medium is a “kiosk” that lets users purchase Bitcoins (and other cryptocurrencies) using cash or a debit card. This “kiosk” is called a Bitcoin Automated Teller Machine (BATM). The BATM is a quickly growing medium that requires regulation. To get a sense of how quickly BATMs are being installed, in June 2022 there were 37,786 BATMs available in seventy-eight countries.[viii] As of today, there are nearly 38,723 BATMs. 

Ratifying policies and procedures for cryptocurrency transactions is “mission critical” to a financial institution involved in cryptocurrency transactions. Frankly, given the lack of comprehensive regulation, it is vital that banks and financial institutions develop their own best practices and manage AML strategies that will mitigate the risks bad actors pose, making sure due diligence is as complete as possible. 

Safe and Risky Features 

You asked about distinguishing between safe and risky features of cryptocurrency. I believe that a primary, reliable measure of risk is traceability. The blockchain provides a record of transactions and ownership. But what if that history is hidden, or nobody is reviewing it? 

And, to be sure, traceability in cryptocurrency and digital assets varies. 

There are several known ways that ownership is obscured in cryptocurrency transactions, and you must ensure that your KYC initiatives account for them. I will provide four examples.

 

1. Mixers

 

Also called tumblers, mixers aim to hide the origin of their users’ funds by obscuring the transaction history of crypto assets. For instance, Bitcoin Fog[ix] allowed users to transfer funds from their crypto wallets into ‘the fog,’ where the assets would be mixed with other users’ currencies to anonymize the funds. After the currencies were mixed, the original user would receive a random number of payouts, each containing a random amount of cryptocurrency.[x]

Mortgage Fraud versus Money Laundering

QUESTION         

We recently completed your AML audit test and found that mortgage fraud and money laundering differ. This became clear when we learned that layering occurred on one of our loans. 

Three people were involved in a mortgage fraud scheme. Two stole the personal information, and the other one used that information to obtain a fraudulent loan. She became our borrower. Once the borrower received the loan's proceeds, some of the funds were transferred to the other two accomplices. We were shocked. 

Our question involves finding out how to identify mortgage fraud as distinct from money laundering. 

What is the difference between fraud and money laundering? 

ANSWER

Conducting the test of the Anti-Money Laundering Program is statutorily required. Each Residential Mortgage Lender and Originator[i] ("RMLO") must adopt a policy and procedure for Anti-Money Laundering in recognition of its obligations under the Bank Secrecy Act ("BSA"), other related money laundering regulations, the requirements of the Financial Crimes Enforcement Network (FinCEN), and federal and state licensing agencies. 

Testing every twelve months is recommended but not later than every eighteen months. An audit of the procedures must be conducted either internally, pursuant to FinCEN guidelines, or by an independent, external auditor entirely independent of the BSA Officer. Most clients retain us to conduct the audit test every twelve months. Our firm was the first in the country to offer AML testing for RMLOs.[ii] 

You can request information about our AML policy, testing, and training HERE. 

Simply stated, fraud creates value for the fraudster. Money laundering is the process by which that value enters the financial system and then moves around within and exits the financial system. 

Money laundering is the criminal practice of processing ill-gotten gains, or "dirty" money, through a series of transactions; in this way, the funds are "cleaned" so that they appear to be proceeds from legal activities. In effect, money laundering is the process of disguising funds derived from illicit activity in order to permit the use of the funds without the detection of the illegal activity that produced the funds. 

Fraud negatively impacts an organization's balance sheet, as the fraud will likely result in a loss of assets. The goal of a fraud is to steal value from the financial services provider. 

On the other hand, money laundering often boosts the balance sheet of a financial institution, as it results in greater use of the organization's products and services and more fee income. Money launderers are accustomed to paying a premium to place their funds in the financial system and often are less sensitive, if not indifferent, to the costs of moving such funds within the financial system. 

FinCEN has amassed substantial data on mortgage fraud. Traditional mortgage fraud involves homebuyers and/or lenders who falsify information to obtain a home loan. Other forms of mortgage fraud have proliferated in recent years and may include a plethora of scams, such as mortgage rescue and loan modification scams, reverse mortgage scams, rent-to-own scams, and bait-and-switch scams. 

Scammers may pose as lawyers, credit counselors, forensic loan auditors, mortgage loan auditors, or foreclosure prevention auditors. Indeed, in our AML tests and risk assessments, we have found that in both money laundering and terrorist financing, criminals can exploit loopholes and other weaknesses in the financial system to launder criminal proceeds, finance terrorism, or conduct other illegal activities, and, ultimately, hide the actual purpose of their activity. 

Terrorist Financing and Money Laundering

Since I'm providing an understanding of the difference between mortgage fraud and money laundering, I think this is a good place to clarify the difference between terrorist financing and money laundering. Many people think they're the same, but that is not true. 

Money laundering and terrorist financing are distinctly different criminal acts. However, as the law enforcement community has investigated how terrorists finance their activities, they have found that money laundering is often a necessary part of financing terrorist efforts. 

Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same or similar to those used by other criminals who launder funds. For example, terrorist financiers use currency smuggling, structured deposits or withdrawals from bank accounts, purchases of various types of monetary instruments, credit, debit, or prepaid cards, and funds transfers. 

Getting back to the concept of "clean" funds versus "dirty" funds, terrorist financing may involve either of them. Clean funds are funds obtained from ostensibly legitimate sources, such as personal employment, donations to a charitable organization, or the good faith purchase of goods – the purpose of which is the intention to use or contribute the proceeds therefrom to fund terrorist activities. 

Dirty funds, however, are those obtained through criminal activities. Terrorists have reportedly relied on extortion, kidnapping, narcotics trafficking, smuggling, fraud, theft, robbery, identity theft, and the use of conflict diamonds[iii] to raise money for their activities. 

Money laundering is typically described as occurring in three stages: placement, layering, and integration. However, as more financial transactions are conducted electronically, the lines between the three phases are gradually blurring.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] Briefly put, a person who accepts a residential mortgage loan application or offers or negotiates terms of a residential mortgage loan.

[ii] Residential mortgage lenders and originators (RMLOs – known as “mortgage companies” and “mortgage brokers” but not individual loan originators) were subject to the Bank Secrecy Act’s (BSA) anti-money laundering regime pursuant to a regulation published in the Federal Register on February 14, 2012 by FinCEN, a part of Treasury that implements the U.S.’s anti-money laundering regime. Under the new rules, RMLOs are required to develop and implement an anti-money laundering program (AML Program) and begin suspicious activity reporting (SAR filings) by August 13, 2012.

[iii] Conflict diamonds originate from areas controlled by forces or factions opposed to legitimate and internationally recognized governments and are used to fund military action in opposition to those governments, or in contravention of the decisions of the United Nations Security Council.