Non-Bank Mortgage Lenders: Preparing for New AML Rules

Non-Bank Mortgage Lenders: Preparing for New AML Rules


On February 7, 2012, the Financial Crimes Enforcement Network (FinCEN) released a final rule requiring non-bank residential mortgage lenders and originators to establish a written anti-money laundering (AML) program and file suspicious activity reports (SARs) on suspicious or potentially illegal activities.

Under the Bank Secrecy Act (BSA), loan and finance companies are included in the definition of “financial institutions” that are covered by the Act. These companies have been temporarily exempted from coverage while FinCEN studied the extent to which AML requirements should be applied to them. This final rule applies specifically to a subset of loan and finance companies – the non-bank residential mortgage lenders and originators, referred to in the final rule as “RMLOs.” In its release, FinCEN does note that this is the beginning of an incremental expansion of AML program requirements to the broader universe of loan and finance companies.

FinCEN’s final rule acknowledges the current regulatory gap for RMLOs that could be exploited, particularly for mortgage fraud, and it also recognizes the value to law enforcement and regulators of receiving additional SARs related to mortgage fraud.


While there is a six-month phase-in period for compliance with these new BSA requirements, the issue for RMLOs is how to design and implement an effective and fully compliant AML program that is risk-based and meets FinCEN’s expectations. FinCEN states clearly that it expects mortgage fraud prevention, as well as money laundering prevention, to be the key goals of RMLO AML programs.

Challenges and Opportunities

The challenge for RMLOs is to create and put into effect a written AML program that covers the four required “pillars”:

  1. Policies, procedures and internal controls that address BSA requirements, integrate agents and brokers into the AML program, and require obtaining necessary customer information
  2. A designated compliance officer to oversee the program, its updates and training requirements
  3. Ongoing training of appropriate persons
  4. Independent testing by a third party or officer or employee of the company

The program must be approved by senior management and there is no exemption for small RMLOs

​The AML program must also address the monitoring, identification and filing of SARs for suspicious or potentially illegal activities, the primary focus of which will be mortgage fraud.

Other challenges include accurately assessing money laundering risks in order to create a risk-based AML program, identifying the technology possibly needed to support the program and, for large RMLOs, possibly finding experienced personnel for program management.

The opportunities lie in improved capabilities for an RMLO to detect and prevent fraud and actively manage reputational risks. Taking advantage of FinCEN’s position that the AML program should be risk-based also provides the opportunity to leverage existing policies and procedures and make the compliance burden more manageable.

Our Point of View

Implementing an effective AML program requires careful planning and clear communication. It is critical that all staff members understand that a working AML program is not just the job of the compliance officer or department – everybody in the institution has an important role to play.

Other key considerations for building and executing a good AML program include:

  • Members of senior management must “walk the walk” by actively demonstrating support for the AML program through their actions.
  • Risks should be evaluated objectively and honestly, and this assessment should form the basis of the program’s design
  • Red flags from FinCEN’s Mortgage Loan Fraud Updates are a great starting point for suspicious activity monitoring and training
  • Training and communication must be coordinated from the start, and it is better to err on the side of too much rather than too little at the beginning.
  • All staff members must clearly understand their obligation to report internally any activity or transactions that are unusual or potentially suspicious.
  • Written guidance must be developed that is targeted to the lender’s products and operations
  • Complete and thorough documentation should be maintained.

RMLOs relying on bank financing for their operations should expect that their banking partners will inquire about their AML programs, possibly asking for copies of the written program or evidence of independent testing and evaluation.

How We Help Companies Succeed

Protiviti has a dedicated team of AML and compliance professionals who understand both the AML rules and the mortgage loan origination business. We help financial institutions of all types with AML and mortgage origination risk assessments, AML program design, fraud program design, suspicious activity monitoring process development, independent testing, and enforcement action remediation.


For a large non-bank financial institution, we conducted an extensive look-back of originated mortgage loans to identify indications of mortgage fraud or money laundering. Our review included all documentation used in the underwriting process and covered red flags and indicators of fraud and money laundering. Potentially suspicious activity was escalated to the client for final investigation and SAR filing, as appropriate. Through this engagement, we assisted the client in creating an AML/fraud checklist for use in the origination process and strengthening AML program components for fraud identification and investigation.


Carol Beaumier
​ +1.212.603.8337
Michael Brauneis
John Atkinson

Ready to work with us?