Customer Identification Procedures

QUESTION 

We submitted our CIP policy to our regulator in an examination.

In the exit interview, we were told the CIP policy does not have a set of core procedures required under the USA Patriot Act. We’ve provided this policy before, and they never said anything. Now they want us to revise it by including a checklist, but they are not telling us what goes into the checklist! 

We could use an outline of some basic checklist items to update the checklist. 

What should we provide as some checklist areas to implement our CIP policy? 

ANSWER 

Remember that whatever you put into a policy document with respect to procedures must be monitored and tested periodically. How do you know any checklist works if you are not monitoring and testing its effectiveness? 

The USA Patriot Act is a foundational Act for Customer Identification Procedures (CIP), and any checklist must conform with the Act’s mandates. 

In my view, your checklist should contain at least four procedural features: verifying identity, recordkeeping, list-checking, and customer notice. 

Let’s consider each of them in a checklist format. 

Verifying Identity 

The identity of every mortgage loan applicant should be screened for the following information (at minimum):

·       Name 

·       Date of birth 

·       Residential or business street address 

·       Citizenship:

o   For a U.S. person, use a taxpayer identification number.

o   For a non-U.S. person, one or more of the following:

§  a taxpayer identification number; passport number, and country of issuance;

§  alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.

o   Instead of obtaining a taxpayer identification number from a customer before opening the account, you may open an account for a customer who has applied for a taxpayer identification number but has not yet received one. In this case, however, you should confirm the application for the number was filed before the customer applied for the loan, and you should obtain the taxpayer identification number within a reasonable period of time after the account is opened.

One warning: Documents used to verify identity may include any unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguards, such as a driver’s license or passport. But be very careful in utilizing this method! 

Recordkeeping 

It is essential to maintain records of the information used to verify a person’s identity, including, but not limited to: 

·       All identifying information about a customer; 

·       A description of any document relied on, noting the type of document; 

·       Any identification number contained in the document, the place of issuance, and, if any, the date of issuance and expiration date; 

·       A description of the methods and the results of any measures undertaken to verify the identity of the customer; and, 

·       A description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained. 

Record of the foregoing information should be kept for at least five years after the mortgage loan is paid off or transferred to a loan purchaser. 

List-Checking 

Checking certain lists is a critical aspect of the CIP process. You should determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations available to your financial institution or provided to your financial institution by any government agency. 

·     Designate a person or department responsible for determining whether each new customer appears on any list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by the Treasury Department in consultation with the federal functional regulators. 

·     The designated person should make a determination within a reasonable period of time after a loan closes, or earlier, if required by another federal law or regulation or federal directive issued in connection with the applicable list. 

·     Follow all federal directives issued in connection with the lists. 

Customer Notice 

Be sure to provide customers with adequate, written notice that you request information to verify identities as required by the USA Patriot Act.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

Mortgage Fraud versus Money Laundering

QUESTION         

We recently completed your AML audit test and found that mortgage fraud and money laundering differ. This became clear when we learned that layering occurred on one of our loans. 

Three people were involved in a mortgage fraud scheme. Two stole the personal information, and the other one used that information to obtain a fraudulent loan. She became our borrower. Once the borrower received the loan's proceeds, some of the funds were transferred to the other two accomplices. We were shocked. 

Our question involves finding out how to identify mortgage fraud as distinct from money laundering. 

What is the difference between fraud and money laundering? 

ANSWER

Conducting the test of the Anti-Money Laundering Program is statutorily required. Each Residential Mortgage Lender and Originator[i] ("RMLO") must adopt a policy and procedure for Anti-Money Laundering in recognition of its obligations under the Bank Secrecy Act ("BSA"), other related money laundering regulations, the requirements of the Financial Crimes Enforcement Network (FinCEN), and federal and state licensing agencies. 

Testing every twelve months is recommended but not later than every eighteen months. An audit of the procedures must be conducted either internally, pursuant to FinCEN guidelines, or by an independent, external auditor entirely independent of the BSA Officer. Most clients retain us to conduct the audit test every twelve months. Our firm was the first in the country to offer AML testing for RMLOs.[ii] 

You can request information about our AML policy, testing, and training HERE. 

Simply stated, fraud creates value for the fraudster. Money laundering is the process by which that value enters the financial system and then moves around within and exits the financial system. 

Money laundering is the criminal practice of processing ill-gotten gains, or "dirty" money, through a series of transactions; in this way, the funds are "cleaned" so that they appear to be proceeds from legal activities. In effect, money laundering is the process of disguising funds derived from illicit activity in order to permit the use of the funds without the detection of the illegal activity that produced the funds. 

Fraud negatively impacts an organization's balance sheet, as the fraud will likely result in a loss of assets. The goal of a fraud is to steal value from the financial services provider. 

On the other hand, money laundering often boosts the balance sheet of a financial institution, as it results in greater use of the organization's products and services and more fee income. Money launderers are accustomed to paying a premium to place their funds in the financial system and often are less sensitive, if not indifferent, to the costs of moving such funds within the financial system. 

FinCEN has amassed substantial data on mortgage fraud. Traditional mortgage fraud involves homebuyers and/or lenders who falsify information to obtain a home loan. Other forms of mortgage fraud have proliferated in recent years and may include a plethora of scams, such as mortgage rescue and loan modification scams, reverse mortgage scams, rent-to-own scams, and bait-and-switch scams. 

Scammers may pose as lawyers, credit counselors, forensic loan auditors, mortgage loan auditors, or foreclosure prevention auditors. Indeed, in our AML tests and risk assessments, we have found that in both money laundering and terrorist financing, criminals can exploit loopholes and other weaknesses in the financial system to launder criminal proceeds, finance terrorism, or conduct other illegal activities, and, ultimately, hide the actual purpose of their activity. 

Terrorist Financing and Money Laundering

Since I'm providing an understanding of the difference between mortgage fraud and money laundering, I think this is a good place to clarify the difference between terrorist financing and money laundering. Many people think they're the same, but that is not true. 

Money laundering and terrorist financing are distinctly different criminal acts. However, as the law enforcement community has investigated how terrorists finance their activities, they have found that money laundering is often a necessary part of financing terrorist efforts. 

Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same or similar to those used by other criminals who launder funds. For example, terrorist financiers use currency smuggling, structured deposits or withdrawals from bank accounts, purchases of various types of monetary instruments, credit, debit, or prepaid cards, and funds transfers. 

Getting back to the concept of "clean" funds versus "dirty" funds, terrorist financing may involve either of them. Clean funds are funds obtained from ostensibly legitimate sources, such as personal employment, donations to a charitable organization, or the good faith purchase of goods – the purpose of which is the intention to use or contribute the proceeds therefrom to fund terrorist activities. 

Dirty funds, however, are those obtained through criminal activities. Terrorists have reportedly relied on extortion, kidnapping, narcotics trafficking, smuggling, fraud, theft, robbery, identity theft, and the use of conflict diamonds[iii] to raise money for their activities. 

Money laundering is typically described as occurring in three stages: placement, layering, and integration. However, as more financial transactions are conducted electronically, the lines between the three phases are gradually blurring.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] Briefly put, a person who accepts a residential mortgage loan application or offers or negotiates terms of a residential mortgage loan.

[ii] Residential mortgage lenders and originators (RMLOs – known as “mortgage companies” and “mortgage brokers” but not individual loan originators) were subject to the Bank Secrecy Act’s (BSA) anti-money laundering regime pursuant to a regulation published in the Federal Register on February 14, 2012 by FinCEN, a part of Treasury that implements the U.S.’s anti-money laundering regime. Under the new rules, RMLOs are required to develop and implement an anti-money laundering program (AML Program) and begin suspicious activity reporting (SAR filings) by August 13, 2012.

[iii] Conflict diamonds originate from areas controlled by forces or factions opposed to legitimate and internationally recognized governments and are used to fund military action in opposition to those governments, or in contravention of the decisions of the United Nations Security Council.

Laundering a Kleptocracy

QUESTION 

We convened a staff meeting of compliance and legal personnel to discuss how our anti-money laundering program responds adequately to foreign corruption. Our bank and its nonbank mortgage division are involved in loans to foreign nationals, borrowers who are American citizens with foreign bank accounts and properties, and we also have borrowers, both foreign nationals and American citizens, whose assets are situated in kleptocratic regimes. 

Our employee training includes a section on fraud management, including procedures for identifying assets corrupted by kleptocracy. However, we need to outline the types and means by which kleptocracies engage in public corruption. Recently, we had to decide whether to approve a large loan to a Russian national. We denied it to comply with the sanctions mandate. 

We have completed your AML Test, which found some important weaknesses in our AML program. The recommendations were implemented.

Due to the sanctions, we want to outline the specific ways that foreign public corruption impacts our AML program. Please help us to answer two important questions: 

1. What types of kleptocratic crimes can show up in AML compliance? 

2. What are some Red Flags involving kleptocratically corrupted assets? 

ANSWER 

The Financial Crimes Enforcement Network (FinCEN) has issued an advisory on kleptocracy and foreign public corruption (“Advisory”).[i] It urges financial institutions to focus their efforts on detecting the proceeds of foreign public corruption. This implementation is a priority for the U.S. government as it continues to implement the U.S. Strategy on Countering Corruption.[ii] The Advisory provides typologies and potential indicators of kleptocracy and other forms of foreign public corruption, namely bribery, embezzlement, extortion, and the misappropriation of public assets. 

Last year, President Biden established the fight against corruption as a core national security interest.[iii] The proceeds of foreign public corruption travel across national borders and can affect economies and political systems far from the origin of the proceeds. 

To advance their strategic, financial, and personal goals, kleptocratic regimes and corrupt public officials may engage in bribery, embezzlement, extortion, or the misappropriation of public assets, among other forms of corrupt behavior. They may exploit the U.S. and international financial systems to launder illicit gains, including through shell companies, offshore financial centers, and professional service providers who enable the movement and laundering of illegal wealth, including in the United States and other rule-of-law-based democracies. These practices harm the competitive landscape of financial markets and often have long-term corrosive effects on good governance, democratic institutions, and human rights standards. 

As but one instance, we have all become aware of the Russian kleptocracy. Studies, investigatory books, and considerable reporting have shown that Russian kleptocrats and other corrupt public officials steal the public’s wealth for personal gain and use their positions of power and access to state-owned resources for their personal benefit. Like other criminal actors, corrupt public officials launder the proceeds of their corruption through various means, including funneling money through shell companies or purchasing various high-end assets, such as real estate, yachts, private jets, and high-value art. 

I mention Russia because it is of particular concern as a kleptocracy since it is founded on the nexus between corruption, money laundering, malign influence and armed interventions abroad, and sanctions evasion. The latter comes up continually in anti-money laundering compliance in Russia and other countries where sanctions apply. Corruption is widespread throughout the Russian government and manifests itself as bribery of officials, misuse of budgetary resources, theft of government property, kickbacks in the procurement process, extortion, and improper use of official positions to secure personal profits. 

Russia’s further invasion of Ukraine highlights foreign public corruption perpetrated by kleptocratic regimes like that of Russian President Vladimir Putin. Russia’s actions in Ukraine are supported and enabled by Russia’s elites and oligarchs, who control a majority of Russia’s economic interests. These individuals have a mutually beneficial relationship with President Putin that allows them to misappropriate assets from the Russian people while helping President Putin maintain his tight control on power. Oligarchs are believed to be directly financing off-budget projects that include political, malign, influence operations, and armed interventions abroad. 

The U.S. government has imposed sanctions on many of these individuals and the businesses and state-owned entities they control as part of U.S. efforts to hold President Putin and his supporters accountable for Russia’s invasion of Ukraine and restrict their access to assets to finance Russia’s destabilizing activities globally. 

Guided by some aspects of the Advisory, I will briefly outline the typologies and how money laundering is usually accomplished. Afterward, I will list ten Red Flags associated with kleptocracy and foreign public corruption. 

Typologies 

Wealth Extraction 

According to the Advisory, foreign public corruption can take many forms, and this corruption can occur at every level of government. For instance, in Russia, “President Putin has allowed the resources of the Russian people to be siphoned off by oligarchs and elites, who amassed their fortunes through their personal connections to Putin and the abuse of state-owned entities and assets.” This activity is not unique to Russia. Kleptocratic activities throughout the world are often associated with other criminal behavior. 

Bribery and Extortion 

Bribery schemes often involve payments to foreign government officials by persons and entities to obtain or retain business or other benefits. These schemes, which generally benefit both parties involved, may be employed to influence political outcomes, secure lucrative contracts with governments or state-owned enterprises, gain access to natural resources or obtain fraudulent documents such as passports or visas, among other purposes.

USA Patriot Act Disclosure Form and the Freedom Act

QUESTION

We are a lender with a client that is very passionate about NOT signing the Patriot Act Disclosure that is included in our initial closing package. He is a permanent resident alien and claims that the Patriot Act has not been in existence since June 2015 and that a lender should not be requiring him to sign the U.S. Patriot Act Information Disclosure form. The client has no difficulties with providing the identification documents we require, but he feels that the disclosure form is a legal document which is inaccurate, as it is now the Freedom Act that governs. Is the client correct and how should we respond?  

ANSWER

Actually, the client is incorrect. He is operating under a common misconception that the entire USA Patriot Act expired. In reality, the vast majority of the Act, including Title III, which carries a great majority of the requirements for financial institutions, remains in effect. Thus, financial institutions are still required to (1) monitor for customers and transactions that could be related to terrorist activities through section 314(a) & (b); (2) verify the identity of customers through a customer identification program under section 326; and (3) have an established AML Program under section 352.

The sections that “expired” were section 215, which included the so-called “Lone Wolf” and “Roving Wiretap” provisions. The “Lone Wolf” provision allowed U.S. intelligence and law enforcement agencies to target surveillance at suspected terrorists who are not part of any group and without direct ties to terrorist groups. The “Roving Wiretap” provision permitted the monitoring of a specific person regardless of the devices used. The National Security Agency used section 215 as a basis for the mass collection and monitoring of phone records of millions of Americans who were not necessarily under investigation, a program Edward Snowden exposed in 2013. The USA Freedom Act essentially restored and amended section 215 through 2019.    

It is not clear which version of the USA Patriot Act Disclosure form you are using.  However, in all likelihood, just above the signature loan there is a statement to the effect of “By signing the form, you acknowledge receipt of this disclosure”. So, the client’s difficulty with acknowledging receipt of the form is difficult to grasp. If you are keeping the loan in portfolio, depending on your policies, you could have a documented exception, as there is no legal requirement that it be signed.

Joyce Wilkins Pollison 

Director/Legal & Regulatory Compliance 

Lenders Compliance Group

USA Patriot Act: Information Sharing and Disclosure

QUESTION

As a non-bank residential mortgage lender and originator, I know that our company is now required to file SARs with FinCEN, but are we also subject to the information sharing and disclosure provisions of Sections 314(a) and (b) of the USA PATRIOT Act? 

ANSWER

Yes as to both 314(a) and (b). 

The plain language of the regulation (31 CFR §1029.500) states that “[l]oan or finance companies are subject to the special information sharing procedures to deter money laundering and terrorist activity requirements set forth and cross referenced in [subpart E of part 1029],” which, in turn, makes reference to the general regulations implementing 314(a) and (b) contained in 31 CFR §1010, subpart E. Accordingly, RMLOs are specifically subject to the information sharing provisions of 314(a) and (b).

However, as a practical matter, unless a financial institution receives a 314(a) request from FinCEN requiring it to search for and disclose records, they have no obligation under the 314(a) rule. And, although not required to do so, RMLOs can participate in protected information sharing under 314(b) by completing and submitting the electronic information form on the FinCEN site (http://www.fincen.gov/statutes_regs/patriot/section314b.html) and selecting “Other” for the “Primary Federal Regulator” field.

Brennan T. Holland

Director/Legal & Regulatory Compliance

Lenders Compliance Group

Borrower Identification under the Patriot Act

QUESTION 

The company that generates my loan documents includes a form which requires the closing agent to obtain two forms of ID from the borrower. Does the Patriot Act require us to obtain and verify a borrower’s identity at closing with at least two forms of identification?

ANSWER 

No. There is no set number of forms of ID required by the USA Patriot Act. Section 326 of the USA Patriot Act requires financial institutions to implement a Customer Identification Program (“CIP”) that is appropriate for the size and location of the financial institution. This regulation requires the CIP to be in writing, incorporated into the institution’s Identity Theft Prevention and Red Flags program, and approved by the Board of Directors, a committee of the Board of Directors, or Senior Management.

A financial institution must implement reasonable procedures for verifying the identity of any person who applies for a residential or commercial mortgage loan. These procedures may vary based upon the circumstances of each situation and whether any “Red Flags” are present based on the information obtained by the financial institution regarding the consumer.

It should be noted that the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision, and the United States Department of the Treasury have recommended that “given the availability of counterfeit and fraudulently obtained documents, a bank is encouraged to obtain more than a single document to ensure that it has a reasonable belief that it knows the customer’s true identity”. [Interagency Interpretive Guidance on Customer Identification Program Requirements, April 28, 2005.]

This Guidance can be located by clicking on the link below.

http://www.fincen.gov/statutes_regs/guidance/html/faqsfinalciprule.html

Joyce Wilkins Pollison

Director/Legal & Regulatory Compliance

Lenders Compliance Group