As reported in Part 1 of this series, all non-bank residential mortgage lenders and originators (RMLOs) have until August 13, 2012 to establish an Anti-Money Laundering (AML) program as part of the new rule.
Howard Eisenhardt, Counsel in BuckleySandler’s Washington, DC office, cautions against simply attempting to use a bank model AML template. “Bank models are focused on cash, account monitoring, and include many things that are not part of the business model of an RMLO. In addition, there are many things peculiar to an RMLO that would not be present in the traditional depository AML program. While some parts may be the same, the RMLO AML Program is not a ‘one size fits all.’ The bank model is like the proverbial square peg, the RMLO model is more like a round hole, and the two just don’t fit together,” explains Eisenhardt.
Instead, Eisenhardt suggests RMLOs follow a five-step process to establish an AML compliance program that will identify and address the unique challenges they face.
Conduct a risk assessment – Conducting an initial risk assessment, focusing on all business lines, products, services, customers, and geographical locations will allow a company to determine exposure to risks associated with money laundering, terrorist financing, and other laws. The information gleaned from the risk assessment will drive the development of its AML program.
Determine internal policies, procedures, and controls – Incorporate policies, procedures, and controls based on the risk assessment in the step above.
Appoint a designated BSA Compliance Officer – Though it might seem obvious, when appointing a compliance officer, the individual must be competent in the area. He / she should have a knowledge of the BSA and its implementing regulations and be qualified by experience, knowledge, and training. Simply inserting an existing compliance officer with no AML/BSA experience into this role may not be effective.
Establish an employee training program – Provide on-going training for appropriate personnel concerning their responsibilities under the AML program. Training should include a general overview of the law and highlight red flags that they should be looking for.
Implement an independent audit function – To ensure an AML program is effective, regular testing is critical. Testing is an important factor in developing conclusions about the integrity of overall controls and risk management processes. Testing can be done by an independent third party or can be done by an internal resource as long as that person does not work for or report to the BSA Officer.
Eisenhardt points out that AML Programs and their requirements are uncharted waters for RMLOs, but strongly advises against delaying rolling out a program. He suggests a company familiarize itself with the regulations and start with a well thought out, comprehensive risk assessment.