A Look at AML Audits - Can you Audit Without a Risk Assessment?

We deal with known risks by establishing a plan to mitigate them. In the case of AML plans for mortgage companies, we face the risk of allowing financial crimes to go undiscovered and enter the financial system through our business. 

We create compliance plans as multi-tiered tools to deal with the risk. The tiers are the four (or five, depending on your business) pillars of an AML plan 

1. the plan itself - which identifies the risks your business encounters and how you mitigate them
2. training - your employees learn how to identify and report red flags
3. compliance officer - the person who implements the procedures, files reports, and ensures the activity, such as training, audits, risk assessments, etc., takes place 
4. an audit or exam - reviews your plan, determines if it is sufficient for the risks you face, and identifies if you are following it
5. ongoing review of accounts - if we are servicing, for instance

Static Plans DO NOT Address the Risks - Make Sure you know what they are

We conduct hundreds of AML audits, and the BIGGEST problem we see is that AML plans don't address the risks the business faces explicitly. Furthermore, the audits or tests we see focus on whether the AML plan contains arcane legal citations or reviews a sampling of closed loan files. This is not where the risk is.  

In the mortgage business, we are experts in looking for fraud - documenting sources of funds and ferreting out suspicious income and transactions. This doesn't mean that fraud and suspicious activity doesn't make it through (CoreLogic reports 1 in 131, or 0.76% of loans, are fraudulent). Still, it does mean that the MAJORITY of incidences probably aren't in the files that make it through to closing. So it makes sense to focus our efforts on loans that don't go through a complete underwriting process. 

None of the AML plans and audits we have reviewed focus on risk assessments. Hawaii is the only state we have encountered where they are requesting a specific AML risk assessment - (Bravo! Mahalo!). New York requires large-scale risk assessments of the entire operation, including AML. 

This leads me to conclude that people don't know what a risk assessment is or even why you do one. The purpose of the Risk Assessment is to look at YOUR business for areas of risk. Only then can you create a strategy to mitigate money laundering activity? 

How to Conduct a Risk Assessment?

Depending on the firm's scope, our risk assessments create a binary decision tree instead of a complex "relative risk rating" approach - e.g., low, medium, and high. We do it this way because the risk increases on an absolute basis. One red flag doesn't necessarily indicate fraud or money laundering activity; however, two levels of risk means that we should, at a minimum, document that we validated there were no red flags. We refer to this as "risk layering," where two or more inherent risks exist in a file. 

• Higher risk components - Company-wide
• Geography
• Business model -
• delegated, non-delegated, 
• retail/wholesale, etc. 
• Origination strategy - 
• direct/indirect
• relationship/transactional
• Higher risk components - Loan Level
• Loan Type
• Gift Letter
• ALT/Non-QM
• Investment
• Borrower Type
• Self-employed
• Real Estate
• Medical
• Cash Business

This allows us to have a methodical elevation of the review of the file. 

We do this because things that don't matter to the underwriter from an approval perspective (the loan meets guidelines) often matter for detecting and reviewing red flags. In our business, we review files for these elements, and it always surprises us how often these are overlooked. Examples include:

Deposits not needed for down payment or closing costs - the underwriter isn't concerned about whether a borrower has a $100,000 CD in one bank if he has the $20,000 he needs for closing seasoned in another account. The money has been there forever, and the account doesn't move. But does it make sense that someone who makes $60,000 a year has $100,000 stashed in an account they don't touch? Especially when they have a lot of debt? No, it doesn't. That's a SAR.

Income and Expenses from a side business - the underwriter doesn't include the borrower's side business which involves cash in the computation. He or she has enough income to qualify for the loan. The side job (documented by frequent small dollar cash deposits) is a compensating factor, and the borrower didn't need to provide tax returns because she was on salary. That makes perfect sense, except that if there is more than $5,000 of this kind of activity in the loan file (e.g., 2 months' bank statements), then that triggers a SAR report for "smurfing."

• Focus on engagements/applications/rate quotes/pre-quals which do not complete
• The greatest risk lies in loans or prospects not reviewed by underwriting/credit.

North Carolina Mortgage Licensing and Examinations - What have we learned?

It should surprise no one that NCCOB - the nation's FIRST state regulator to initiate anti-predatory lending laws, and one of the first to initiate robust pre-licensing training, AND was a leader in pre-Dodd-Frank regulation - has now taken the flag as one of the most detail-oriented examiners. 

Expect an initial examination within the first 12 months of licensing. Existing licensees who have never been examined should expect one, and this normally coincides with a complaint or other inconsistency.

For those licensed in the state, NCCOB (North Carolina Commissioner of Banks) has clearly and transparently posted its expectations. Yet over and over we see brokers and lenders alike responding with surprise to examination findings and questionnaires. When we review the findings to help licensees comply we aren't surprised, just a little disappointed at what some might call willful blindness.

We have a great deal of respect for the rational approach that the regulator has taken. Nothing in the findings represent anything that brokers or lenders shouldn't be responsible for. If anything, our concern is that these problems exist elsewhere and propagate because of a lack of oversight.

Broker Fee Agreements

It's illegal to collect a fee without the customer's explicit agreement. These files show missing or incorrect broker fee agreements, or incorrectly completed lender financing agreements. The common response or argument is that the LE or CD provides the customer's tacit agreement. However, it's usually too late at that point; the information on the LE/CD should come from the financing or broker agreement.

For our customers, we devote a section of our quality control plan for correct completion and retention of financing or fee agreements.

BSA/Anti-Money Laundering Plans

We sell both stand-alone anti-money laundering plans, or better yet, QC (Quality Control) plans that identify the full set of FinCEN (FINancial Crimes Enforcement Network) identified Red Flags. Our BSA/AML (Bank Secrecy Act/Anti-Money Laundering) plans use these to identify potential SARs (Suspicious Activity Reports) for reporting.

Most people don't read them.

Otherwise, they would know that they include:

• A SAR Reporting Workflow
• A Compliance Officer (You have to put the person's name where it says "Insert Compliance Officer here")
• Initial and Periodic Training (We give this away here, or provide a checklist to ensure you have taken AML specific training as part of your Continuing Education)
• Both FinCEN and Industry Specific Red Flags

When we see a finding related to "deficient AML plans" these all fall under that category.

Missing Documents in Audit Files

Inexcusably, many files reflect missing exhibits or data reflected in reporting doesn't match loan files. THIS IS JOB ONE of a quality control plan! Time spent retrieving documents from investors, closing agents or even borrowers represents lost loan production time; wouldn't you rather spend time originating than chasing old loan file exhibits? 

This is the reason our QC Plan has a closed loan checklist. Click to download NCCOB's version here. We find it interesting that the checklist they provide bears some resemblance to the one in your plan:

1099's - Beware EVERYONE

We recently wrote an article on 1099 compensation of originators. NCCOB takes the position that originators are employees. Unless you follow the recommendations in our article, expect an issue with 1099 payments. Further, BRANCH MANAGERS ARE EMPLOYEES by definition; you can't be a contract manager. No Branch Manager 1099s. Also, you can't have branches in homes.

Contract Processors and other unlicensed entities

As above, compensating 3rd parties for work normally done by employees, such as processing, should automatically prompt you to require licensing of that individual or service.

State Examinations - AML/BSA Compliance - Self-Audit Checklist to Ensure Compliance

The Anti-Money Laundering rule (AML) implemented by the Bank Secrecy Act (BSA) creates many questions for lenders and brokers. We know that state examiners focus on a number of specific issues. A recent spate of calls reveals that New York, Indiana, Texas and Pennsylvania have questionnaires and examiners that ask pointed questions about the AML/BSA compliance program for mortgage originators.  To ensure that you are hitting all of the requirements we have compiled a self-audit checklist for you to use to evaluate and collect data.  You should run through this checklist annually.

Use the BSA/AML Self-Audit Checklist for mortgage originators, to ensure you keep all of the information needed for an examination.  Members may download the original form for customization from http://www.mortgagepolicymanual.com/updates-and-downloads.html or mortgagemanuals.com/updatesanddownloads.htm

Compliance Officer Training

New York's examination findings sometimes cite a recommendation for the compliance officer to have training.  The FinCEN rule requires training, but does not say that it must come from a certified 3rd party.  FinCEN offers training on its website, and many compliance providers provide training for a fee. Familiarity with the rule - actually reading your policy - also counts as training.

Here is a video that instructs the Compliance Officer how to register for the FinCEN portal to report SARs

Quality Control and AML

We do not recommend that firms maintain a separate Anti-Money Laundering Plan, but rather that they integrate the AML process with their Quality Control function.  After all, FinCEN wrote the AML rule as a fraud detection/reporting requirement, and that is exactly what the quality control plan should do.  As a consequence, make sure your quality control plan has a robust red flag feature.

Register for the Portal

Your plan loses credibility if your compliance officer isn't even registered with the FinCEN portal.  It implies that you have no intention of participating in the program.  This simple fix will eliminate many citations.

Mortgage Compliance Service Providers Using Scare Tactics

Why do they use Scare Tactics? They get the phone ringing.

But they also  create a lot of unnecessary disruption for companies that are trying to comply. For instance, one e-mail we saw recently, sent from a compliance company, warned Florida mortgage brokers over license suspension issues for non-compliance. As you know, we always try to shed light on issues that confuse participants, and there are some misleading problems with this solicitation. The first one is that the enforcement action WASN'T IN FLORIDA, it was in North Carolina, so Florida brokers can stop worrying about why they weren't aware they needed certain disclosures that don't exist in Florida.

Beyond this misleading alarm, there are other elements to consider.

First, let's just clarify one thing: you have to do something egregious to receive a cease and desist order. In the case of the broker who was the subject of this cautionary tale (whose name was redacted in the marketing piece), the egregious act involved charging borrowers fees which they did not agree to in writing. When a regulator cites you for this type of behavior, if it was unintentional and not systematic,  you can usually negotiate to correct the activity by making restitution for the unearned portion of fees. As we all know, most investors WON'T LET US collect more than we are legally entitled to, so one can conclude that this particular broker didn't have that type of oversight.

Second, in this case the broker surrendered his or her license, rather than deal with compliance. In this case, the broker likely didn't submit or negotiate any required policies and procedures. For regulators, this is standard procedure. If you cite an entity for one element, you cite them for everything that they lacked. Certainly, the lack of a compliance system was not the primary violation.

That said, brokers do need to have a compliance system in place. Regulators generally require policies to cover the elements for which they cited the broker:

1. Lack of control and supervision over its operations and staff; (a quality control plan should provide supervisory guidelines for staff - part of our broker pack)
2. Failure to have a written information security plan;  (Information Security is a requirement of FACTA - part of our broker pack)
3. Failure to have a written Anti-Money Laundering Program and policies and procedures for reporting and maintaining Suspicious Activity Reports; (AML required by FinCEN, is a fraud detection plan - your Quality Control plan doesn't have legs if there isn't a reporting structure - we provide a plug-in)
4. Good Faith Estimates that did not comport with state and federal laws and regulations pertaining to mortgage lending; (Compliance policies and procedures address how to properly disclose - clearly this action is also pre-10/3, due to the GFE reference)
5. Improper charging or collecting of third party fees for loan-related goods, products, and services; (A quality control plan should address the completion of a loan agreement, retention of documents and financial audit to avoid these types of findings)
6. Failure to maintain required records; (you should conduct a Quality Control Compliance audit on each loan you close. This procedure, which is part of Quality Control, identifies documents you must keep and any deficiencies)
7. Failure to provide required disclosures to borrowers (Your production quality control should include a checklist that identifies all required disclosures - this way you can prove you sent and checked for them, even if the borrower doesn't return a signed copy)

Laundry Lists Don't Help you Identify What's Needed

Regulators and investors often provide lists of specific policies or procedures they want to see. Complying with the laundry list creates a false impression that you have satisfied all concerns when in reality much risk remains in the uncertainty of how your procedure gets implemented. The individual responsibility for compliance starts at the function level; the person who actually does the work. If you map out a person's job duties, and provide a detailed rubric for how it gets completed, you ensure compliance. 

There exists a panoply of policy solutions for mortgage industry participants, but only those which specifically spell out HOW you comply will eliminate the risk of non-compliance. 

State Examinations - AML/BSA Compliance - Self-Audit Checklist to Ensure Compliance

We know that state examiners focus on a number of specific issues. A recent spate of calls reveals that New York, Indiana, Texas and Pennsylvania have questionnaires and examiners that ask pointed questions about the AML/BSA compliance program for mortgage originators.  To ensure that you are hitting all of the requirements we have compiled a self-audit checklist for you to use to evaluate and collect data.  You should run through this checklist annually.

Use the BSA/AML Self-Audit Checklist for mortgage originators, to ensure you keep all of the information needed for an examination.  Members may download the original form for customization from http://www.mortgagepolicymanual.com/updates-and-downloads.html or mortgagemanuals.com/updatesanddownloads.htm

Compliance Officer Training

New York's examination findings sometimes cite a recommendation for the compliance officer to have training.  The FinCEN rule requires training, but does not say that it must come from a certified 3rd party.  FinCEN offers training on its website, and many compliance providers provide training for a fee. Familiarity with the rule - actually reading your policy - also counts as training.

Quality Control and AML

We do not recommend that firms maintain a separate Anti-Money Laundering Plan, but rather that they integrate the AML process with their Quality Control function.  After all, FinCEN wrote the AML rule as a fraud detection/reporting requirement, and that is exactly what the quality control plan should do.  As a consequence, make sure your quality control plan has a robust red flag feature.

Register for the Portal

Your plan loses credibility if your compliance officer isn't even registered with the FinCEN portal.  It implies that you have no intention of participating in the program.  This simple fix will eliminate many citations.

Updated: As AML/SAR Rule Anniversary Approaches, Little or No SAR Reporting Activity for Mortgage Brokers

Anti-Money Laundering (AML) and Suspicious Activity Reporting (SAR) for Non-Depository Mortgage Brokers and Correspondents became mandatory in August of 2012.  Two years later, we see little activity. Why?

7/18/14 Updated - New SAR Analysis from FinCEN?

It seems that FinCEN, after requiring so much input from the mortgage industry, but yet not releasing data, felt compelled to release a report.  That analysis is available here:

Click here to download FinCEN SAR Reporting Data 7/2014

Mortgage News Digest began requesting information from FinCEN's press office for statistics at the end of May.  Calls went unreturned, but this data satisfies the request.

From Mortgage News Digest June 2014 "Threats were made, and the industry scrambled to make sense of the procedures required and implement them.  Systems were automated to allow easier online reporting. Yet FinCEN still hasn't released any new data since Q2 of 2012 - almost 2 years later. How does this help us in the field?  Several calls to FinCEN went unreturned, so while there may be information in the works, we haven't seen it yet. (June 2014)

At last we have the data, but it shows anemic reporting data.  No wonder this became a low priority.

Of all product types resulting in filings, Mortgages rank #2 behind only credit cards for incidence rate.  In 2013 there were over 2500 mortgage related reports

Overall, mortgage fraud ranks behind Identity Theft and Credit Card Fraud as reported by Other Financial Institutions.  This is reflective of similar statistics by other regulated institutions, but the scale is much smaller.

Hotspots Revisited

While we knew Southern California, New York and Florida were hotspots, it may come as a surprise that Utah leads the nation in SAR reports.  Why is this?  Tribal Casinos report many transactions where chips are cashed in.  That would not be the case for the other states. 

Reviewing Closed Loans - Wrong Selection Criteria

Although the FinCEN guidelines suggest a strategy of annual audits and loan level audits, such as those conducted for quality control by most lenders, from the perspective of the initiative that spawned this requirement, the audits come too late to have any real benefit.  We have found that most mortgage brokers don't understand their role in this process.  "We haven't had any SARs!" comes the report at the audit.

These words are spoken with pride, but the revelation of NO findings may actually be a trigger for a regulator to look MORE closely, and then discover that the only loans included in the sampling are those which have already passed underwriting muster.  In today's environment brokers and small lenders alike should take the approach that the government has assigned them the role of "watchdog."  Embrace it.  File a SAR today! It's your PATRIOTic duty!

NO SAR may actually trigger an audit.  If your production staff isn't identifying red flags, you can't report.

"Don't Worry - Be SAR-ry!"

As lenders and brokers we also experience the mixed message: "Keep your customer's information private at all costs."  This trust is the foundation of our business.  "If I report this information about my customer to the Federal authorities, am I not breaching that trust? Won't it come back to me through my referral sources?" These concerns have a reasonable basis, but understand this:

1. There is no direct line from the reporting activity to the investigation and prosecution.  In fact, if it is an isolated incident, it likely will not draw attention to the authorities given the number of enforcement priorities already occupying their attention.  
2. You are not allowed to disclose the fact that a SAR is in process.  
3. Your potential criminal and legal liability for being perceived as participating or assisting in perpetrating fraud is far greater if it turns out you did not report something that later gets revealed.

July 4th - PATRIOT Act

The BSA/SAR reporting requirement is based on information derived from the mandatory requirements of the PATRIOT Act (Providing Appropriate Tools Required to Intercept and Obstruct Terrorism). Your prospect may not seem to be a terrorist, but terrorist funding is commonly sourced through illegal activity like real estate investment, cash businesses, medical companies and many self-employed businessmen.  After 9-11, your company mantra - regardless of whether you are a one-man shop or a large lender - should include "If you see something, say something."

Oh, By the Way, Your Annual AML Audit Deadline is Just Around the Corner

If you initiated your AML plan in August, 2012 with everyone else who became subject to the FinCEN rule at that time, you were required to review your AML procedures annually.  Your audit would be due in August. Let us help you with that.  Call or e-mail today.

You can also receive a free, simple self-audit checklist by requesting it here:

Response to HUD/FHA's Request for Comment on Quality Control Procedures - TAKE ACTION

FR–5723–N–01 Federal Housing Administration (FHA): Single Family Quality Assurance- Solicitation of Information on Quality Lending Practices

HUD has requested feedback from the industry on revisions it needs to make to its quality assurance process.  It is important to weigh in on this.  WE DO NOT WANT ANOTHER 4060.1 (REV 2)!  What we need is clarity on what FHA is finding that is causing problems so we can incorporate those issues into our current quality control plan.  WE DON'T WANT TO HAVE 2 or 3 DIFFERENT PLANS.  We want to have one plan that we can use to insure that our loans meet ALL guidelines.

PLEASE RESPOND TODAY that we need clarity, not a new bureaucracy.  Submit your response by copying and pasting the last paragraph of my response below.  If you don't act now, we will all pay the consequences.

"
July 17, 2013

As a participant in, and subsequently a consultant to, the mortgage lending industry I applaud FHA/HUD for taking this proactive approach to risk management through production quality control.  

OBSERVATION

The industry has made substantial strides in updating mortgage quality assurance standards.  Both FNMA and FHLMC issued detailed guidance communicating with real transparency their expectations for the level of review and the things that will cause a loan to be defective.  Their updates came at a time when the ability and appetite of the industry to absorb putbacks had evaporated.  Lenders no longer simply capitulated to indemnification demands but challenged them because of the opacity of the GSEs requirements. 

In our business we review the 4060.1 REV-2 to help prepare a lender for mortgagee approval.  The quality control measures prompted in the 4060.1 REV-2, when adhered to the letter, expose the lender to substantial risk of omission.  The guidelines show FHA's laser focus on a few narrow areas, and then silence on everything else.  Lenders who follow these quality guidelines to the letter will have defects: the requirements are too open-ended to provide real direction. 

For this reason, we insist lenders install a comprehensive "production quality control process" which includes peer quality control review of the application, processing, underwriting and closing for EVERY loan, in addition to hiring/management.  These functions are "re-reviewed" in the post-closing sampling.  This proactive checklist system can evolve if we discover additional findings.

RECOMMENDATION

PLEASE DO NOT create another 4060.1 REV-2 type manual.  FHA should disseminate a list of defects it has found on loans (like a FAQ) that lenders must use to screen their files pre-underwriting and pre-endorsement.  FHA should work to align its process requirements WITH industry best practices instead of a "special" track.  Change fatigue will impair adherence to "new" requirements."

A Comprehensive QC Checklist will go much further in improving loan quality

than another manual.

Our quality control plans include extensive editable checklists that allow your personnel to address potential loan quality issues BEFORE they become buybacks or declined loans.  Let's have a discussion of best practices to insure we are catching everything.

I have attached a sample of a comprehensive QC checklist for production.  (It is an older version, because the current version is one we sell - I don't want to cannibalize our product)  Please feel free to comment or talk to us directly about implementing a complete quality process.

Vendor Management Policies - What's Really Involved?

Click here to download a copy of the vendor management approval process

checklist.  Comment below or in the blog and learn how to get an up-to-date policy

for your company that gets maintained for free.

Free Vendor Management Checklist

We make the assumption that our business partners all comply with the rules and regulations of our common business.  If they don't, we have been used to the idea that we can simply say "Not my fault!"  Unfortunately, while the idea of "plausible deniability" seems comforting,  the industry no longer allows us to blame someone else for ignorance.  We now need to manage our vendors.

Participate in the Vendor Management Survey here 

The CFPB's mandate for Vendor Management is over 1 

year old .  How do you comply?

Don't Fall Prey to Regulatory Paranoia

In the same way that some compliance firms use the fear of CFPB audit as a marketing prompt, Vendor Management occupies that same space in mortgage industry participants' chest of fears.

This is the News Flash that wasn't:  CFPB requires financial entities to oversee their vendors for compliance. "We need to have vendor management policies and procedures?  That is such a compliance burden!"  Wait a second.  Don't we already do this?  The answer, for firms who have already initiated standard mortgage industry operating procedures, is yes.  Vendor management has long been a function in the branch operations process.  We have always approved appraisers, title/escrow companies, couriers, PMI companies and credit bureaus, to name a few.  For those of us who are in wholesale, we have always approved our brokers and correspondents.  Since we do this anyway, it is important to examine whether we are doing it correctly.

I Have Covered the Basics - Who Am I Missing?

This depends greatly on your business model.  Who is customer facing?  Who presents an information security risk?

The easiest way of ensuring you have captured all of your vendors is to go through your accounts payable register and your office correspondence.  Is there anyone there who looks at your customer's information?  Do they have access to your office?  Do they ever interface with your customers?  At a minimum

• Title Companies/Escrow/Settlement
• Appraisers
• Credit Bureaus
• Mortgage Insurance Company
• Courier/Delivery
• Mortgage Brokers
• Mortgage Wholesalers
• Lead Generation
• Office Cleaning
• Temporary Staffing
• Accountant/Bookeeping
• Web/Network Hosting
• Document Destruction
• Records Management
• Consultants
• SOFTWARE (SaaS)
• Sub-Servicer

What Am I Checking Them For?

Again, depending on the provider and the scope of its business you will address different elements.  Customer facing vendors have to comply with the same laws we do, while all vendors should have basic elements in place:

Background and Reputation

You should consider the background and reputation of ALL providers regardless of the level or type of service it provides.  At a minimum, check the internet, BBB, and the agency disbarred lists including FinCen, FNMA, FHLMC, and LDP as well as others you regularly check.  Individuals should have a background check of the court records in their jurisdiction.  The provider should be prepared to allow you request enough information to make a meaningful search.  Consider the difficulty of conducting a check without the name and address information of the principals.
  

THEIR Compliance Program

Consumer Facing/Access - Tier 1 or 2 depending on the type of information vendor has access to:

Even though LOS/Credit SaaS vendors are not consumer facing, they have access to the customer's information, so should provide this information as to customer identifying information.  

• Truth-in-Lending Act
• Real Estate Settlement Procedures Act
• Flood/Disaster Protection
• Right to Financial Privacy Act
• Credit Practices Rule
• Fair Housing Act
• Equal Credit Opportunity Act
• FACT Act
• SAFE Act
• Appraiser Independence

Non-Consumer Facing - Low Risk Tier 3

• Information Security 
• Criminal Background Checks

Do I have to hire someone to manager my vendors?

Vendor management simply means the process of monitoring things that are being done on our behalf.  You do not have to hire someone.  In fact, if you do hire someone you have to vet that contractor as well!  In addition, much of the work done to manage this information is borne by the client since the company has the access to the customer information.

Order our Vendor Management Policy and Procedure and receive free access to updates as you provide feedback!

Companies Offering Vendor Management Services

Fortrex Technologies - David Bedard
Vendor Audit - Lenders Compliance Group
Appraiser Management - Global DMS, Melissa Key

A Wave of Compliance Manager Duties Crashing Down On You?

Compliance Manager - Mission Impossible?

Of all of the groups benefiting from the wave of regulation, one has created the hottest job in the industry today -  the "Compliance Manager."  If you wear the "Compliance Hat" you know that this is just the industry looking for another panacea - a silver bullet to manage the seemingly overwhelming task of keeping up with the rules and regs tsunami.  If you are a company owner or manager, you WANT a silver bullet (if not to just shoot yourself with!)

Reading the job descriptions in association with the Compliance Manager job posting, you would think the job is kind of amorphous; alot of "and other duties as may be assigned in order to comply with regulations..", or "and other regulatory requirements..." To me that is an anathema to the position.  We want to be as specific as possible about the job duties.  We need to specify WHAT that individual needs to do AND when.

A Simple and Practical Approach

What are the duties of the Compliance Manager?  This rubric attempts to manage the responsibilities in a finite way. Click here to add comments and suggestions to the sheet. 

We have seen a substantial growth in "Compliance Management Software", too.  This is a reaction to that same search for panacea.  Even with automation of data management, audit and reporting there still must be someone to parse the data and verify its timing and accuracy.

Since it's the human process that makes the program effective, we have upgraded our compliance manager position description to include these elements.  This also ties in with all of the requirements of the CFPB audit guidance, so that if you are anticipating a CFPB examination ensuring you have implemented.  If you are a subscriber to the updates you can get them on our Document Management Website.

AML/SAR Updates now available

AML/SAR Policy and Procedures

We have posted a draft AML/SARs policy to be included in your policies and procedures.  It cover the enhanced file review for money-laundering, self-employed businesses and the SAR reporting matrix and procedure.  Remember that our procedures already covered reviewing for fraud - this expands that review to cover the new mandate.  


Go to Mortgage Manuals Download Site to check your subscription status and download the policy. 


We have provided an update to the Quality Control Plan which addresses enhanced guidance for review of deposits and self-employed borrowers in money businesses, and provides the reporting procedures for ALL suspicious activity. 

Fraud Red Flags

It is important to note that the mortgage industry already reviews for Fraud Red Flags, and if you are a Mortgage Manuals customer, you have 95% of this in place.  This update enhances guidance for reviewing deposit Red Flags (by adding several items to the production quality control checklist).  It enhances the review of Self-Employed borrowers for transactions and structures that lend themselves to Money Laundering. 

SAR Procedures

Non-currency businesses were not previously required to report. This policy updates the QC plan by memorializing

• The process for identifying Reportable Events

• The process for reporting SARs

• Using FINCEN Reports in your own reporting

Training Programs

We were developing an AML SAR Reporting Training Program, until we realized that many of our customers already have this in place, either through the Bank AML procedures or through Continuing Education programs.  If you require a generic AML Program, please do not hesitate to contact us directly at 202-550-5626.