Qualifying your borrower: What Lenders Need to Know About Anti-Money Laundering (AML) Compliance

Article by:

Share This Post:

Qualifying your borrower: What Lenders Need to Know About Anti-Money Laundering (AML) Compliance was originally published in the American Association of Private Lender‘s Summer 2022 issue of Private Lender magazine.

The AAPL supports efforts to combat money laundering and related crime and encourages private lenders to establish a sensible AML program.

To understand how anti-money laundering laws apply to private lenders, it is important to understand exactly what is meant by “money laundering.”

Money laundering is the process of making illegally gained proceeds (i.e., “dirty money”) appear legal (i.e., “clean”). Typically, it involves three steps:

  1. Placement
  2. Layering
  3. Integration

First, the illegitimate funds are introduced into the legitimate financial system. Then, the money is moved around to create confusion, sometimes by wiring or transferring through numerous accounts. Finally, it is integrated into the financial system through additional transactions until the “dirty money” appears “clean.”

Money Laundering and Real Estate Transactions

In general, because real estate transactions are high value, they can provide criminals with an opportunity to successfully cover their financial tracks. Real estate transactions are also subject to less scrutiny than some other means of money laundering (e.g., stocks and bonds).

Real estate can also be a valuable asset because it mostly appreciates in value over time. So, purchased properties can be rented out to obtain an ongoing income.

All these factors make the real estate industry an attractive option for criminals wanting to launder illegal funds. Through real estate, organized criminals try to create the illusion of legitimacy and disguise the origin of their money.

Money laundering can happen in a real estate transaction in several ways:

  • A purchaser may use criminally obtained funds to put a deposit on a property.
  • A purchaser may pay for a property using cash funds only.
  • The true ownership of a real estate asset may be disguised to avoid detection through trusts and shell companies.
  • Third-party purchases may be enacted to avoid links between criminals and the purchased property.
  • In the case of rentals, a tenant may use criminally obtained funds to pay rent, often at amounts much higher than market rates.
  • Undervaluing properties and “off the books” deals may involve an amount being paid officially, and another amount paid directly to the seller in cash.
  • Overvaluing properties may allow criminals to launder greater volumes of cash.

Money Laundering and Mortgage Transactions

The “loan-back method” of money laundering involves cleaning money obtained from criminal sources to appear that the money was derived from legal mortgage lending activities. Loans and mortgages are usually taken as a cover to launder money proceedings, and lump sum cash repayments may used to repay the loans.

A common method of money laundering is to fabricate a loan, also referred to as “back-to-back” or “loan-back.” The most popular loan-back form of laundering money is when criminals borrow their own criminal money. This is usually done through the creation of a loan agreement between the criminal and a third party.

Money Laundering Hurts America

Money laundering can facilitate crimes such as drug trafficking and terrorism and can adversely impact the global economy.

Money laundering and its effects corrode the very fabric of society. It impacts all spheres of a functioning democratic society, including political, civil, social, and economic. It damages the quality of life of all residents in the states and cities where it is prevalent.

Anti-Money Laundering Laws

In its mission to “safeguard the financial system from the abuses of financial crime, including terrorist financing, money laundering and other illicit activity,” the Financial Crimes Enforcement Network acts as the designated administrator of the Bank Secrecy Act (BSA). The BSA, established in 1970, has become one of the most important tools in the fight against money laundering. Since its enactment, numerous other laws have enhanced and amended the BSA to provide law enforcement and regulatory agencies with the most effective tools to combat money laundering.

Are private lenders required to comply with anti-money laundering laws?


Are private lenders required to establish an anti-money laundering (AML) program?


A private lender’s AML program should be “risk-based.” That means that a private lender’s AML policies, procedures, and internal controls should be designed to address the risk of money laundering specific to the private lender’s business. A private lender can identify that risk by looking at the type of customers it serves, where its customers are located, and the types of services it offers.

It is a good practice to develop a written analysis of a private lender’s money laundering and terrorist financing risk and how the private lender’s AML procedures manage that risk. This “risk‑assessment” will help a private lender ensure that its AML program is the right one for the company and is a useful tool for demonstrating the private lender used a reasonable approach for designing its AML program.

Here is a seven-step process for creating a risk assessment.

Step 1: Create an AML Policy.

Every private lender should have a written AML policy to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by following all applicable requirements under the Bank Secrecy Act (BSA) and its implementing regulations.

A private lender’s AML policies, procedures, and internal controls should be designed to ensure compliance with all applicable BSA regulations and FINRA rules; further, they should be reviewed and updated on a regular basis to ensure appropriate policies, procedures, and internal controls are in place to account for both changes in regulations and changes in the company’s business.

Step 2: Designate an AML Compliance Officer.

A private lender must designate a person as its anti-money laundering program compliance officer. This person has full responsibility for the firm’s AML program. The AML compliance officer must have a working knowledge of the BSA and related laws. The duties of the AML compliance officer should include monitoring the private lender’s compliance with AML obligations, employee training, and recordkeeping. The AML compliance officer must also ensure that Suspicious Activity Reports (SARs) are filed with the Financial Crimes Enforcement Network (FinCEN) when appropriate.

Step 3: Give AML Information

To Federal Law Enforcement Agencies and Other Private Lenders When Appropriate. If a private lender receives an information request from FinCEN, the private lender must search its records and provide that information to FinCEN promptly.

National Security Letters (NSLs) are written investigative demands that may be issued by the local Federal Bureau of Investigation (FBI) and other federal government authorities conducting counterintelligence and counterterrorism investigations to obtain, among other things, financial records of private lenders. NSLs are highly confidential. No private lender or employee can disclose to any person that a government authority or the FBI has sought or obtained access to records. Private lenders that receive NSLs must have policies and procedures in place for processing and maintaining the confidentiality of NSLs.

BSA regulations permit private lenders to share information with other financial institutions under the protection of a safe harbor if certain procedures are followed. If a private lender shares or plans to share information with other financial institutions, the private lender must describe its procedures for such sharing.

Step 4: Check OFAC Lists.

A private lender should comply with the requirements of the Office of Foreign Assets Control (OFAC) in conjunction with AML compliance. OFAC is an office of the U.S. Treasury that administers and enforces economic sanctions and embargoes based on U.S. foreign policy and national security goals that target geographic regions and governments (e.g., Cuba, Sudan and Syria), as well as individuals or entities that could be anywhere (e.g., international narcotics traffickers, foreign terrorists, and proliferators of weapons of mass destruction).

As part of its enforcement efforts, OFAC publishes a list of Specially Designated Nationals and Blocked Persons (SDN list), which includes names of companies and individuals who are connected with the sanction’s targets. U.S. persons are prohibited from dealing with SDNs wherever they are located, and all SDN assets must be blocked. Because OFAC’s programs are constantly changing, a private lender should determine how it will check with OFAC to ensure that its SDN list is current and that the private lender completes information regarding the listings of economic sanctions and embargoes enforced by OFAC affecting countries and parties before making a loan.

Step 5: Create Customer Identification Program.

Firms are required to have and follow reasonable procedures to document and verify the identity of their customers who open new accounts. These procedures must address the types of information the private lender will collect from the customer and how it will verify the customer’s identity. These procedures must enable the private lender to form a reasonable belief that it knows the true identity of its customers.

The private lender’s customer identification program (CIP) must be in writing and be part of the firm’s AML compliance program.

The CIP rule applies only to “customers” who open new “accounts” with a private lender. Specifically, the CIP rule defines a “customer” as (1) a person who opens a new account (a borrower who receives a new loan) or (2) an individual who opens a new account (obtains a new loan) for an individual who lacks legal capacity or for an entity that is not a legal person. “Customer” does not refer to persons who fill out new loan paperwork or who provide information necessary to obtain a loan if such persons are not the borrower as well.

Also, for purposes of the CIP rule’s definition of customer, the following entities are excluded from the definition of “customer”:

  • A regulated bank
  • A federal, state, or local government
  • A government agency
  • Any entity, other than a bank, whose common stock is listed on the New York Stock Exchange or the American Stock Exchange or whose common stock has been designated as a NASDAQ National Market Security
  • A person who has an existing account with a private lender, provided the private lender has a reasonable belief it knows the true identity of the person.

Accordingly, a private lender does not have to verify the identities of persons with existing mortgage loans with the private lender, as long as the private lender has a reasonable belief that it knows the true identity of the customer.

FINRA has produced a Customer Identification Program Notice to assist firms in fulfilling this notification requirement. Please refer to the FINRA AML webpage for further details.

Step 6: Customer Due Diligence Rule.

FinCEN has a rule relating to Customer Due Diligence Requirements for Financial Institutions (CDD Rule). The rule clarifies and strengthens customer due diligence for covered financial institutions, including private lenders.

In its CDD Rule, FinCEN identifies four components of customer due diligence:

  1. Customer identification and verification
  2. Beneficial ownership identification and verification
  3. Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile
  4. Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information

Because the first component is already an AML program requirement (under the CIP Rule), the CDD Rule focuses on the other three components.

Specifically, the CDD Rule focuses on the second component by adding a new requirement to AML programs. The addition requires private lenders to establish and maintain reasonable written procedures designed to verify the identities of beneficial owners of legal entity customers, subject to certain exclusions and exemptions.

Under the CDD Rule, private lenders must obtain from the natural person obtaining a mortgage loan on behalf of the legal entity customer, the identity of the beneficial owners of the entity. In addition, that individual must certify the accuracy of the information, to the best of their knowledge. FinCEN intends that the legal entity customer identify its ultimate beneficial owner(s) and not “nominees” or “straw men.”

The CDD Rule does not specify the form in which private lenders must collect beneficial owners’ required information (name, date of birth, address, and Social Security number or other government identification number). Rather, private lenders may choose to obtain the information by using FinCEN’s standard certification form in Appendix A of the CDD Rule (at https://www.fincen.gov/resources/filing-information) or by another means, provided the chosen method satisfies the identification requirements in the CDD Rule. In any case, the CDD Rule requires private lenders to maintain records of the beneficial ownership information they obtain.

After a private lender obtains the required beneficial ownership information, the CDD Rule requires the private lender to verify the identity of the beneficial owner(s)—in other words, that they are who they say they are—and not their status as beneficial owners through risk-based procedures that include, at a minimum, the elements required for CIP procedures for verifying the identity of individual customers. These verifications must be completed within a reasonable time after the loan is made. Private lenders may rely on the beneficial ownership information supplied by the individual obtaining the loan, provided the private lender has no knowledge of facts that would reasonably call into question the reliability of that information.

A private lender must create and maintain records of compliance. These include:

For identification—any identifying information the private lender obtains under the beneficial ownership identification requirements of the CDD Rule, including the certification (if obtained).

For verification—a description of any document relied on (noting the type, any identification number, place of issuance, and, if any, date of issuance and expiration), any non-documentary methods and the results of any measures undertaken, and the resolution of each substantive discrepancy.

Private lenders must maintain the records collected for identification purposes for a minimum of five years after the account is closed—and for verification purposes, for five years after the record is made.

Step 7: Identifying and Reporting Suspicious Transactions.

Private lenders must establish risk-based procedures reasonably designed to detect and report suspicious transactions in order to comply with the BSA and FINRA Rule 3310. These procedures must include using the customer’s risk profile as a baseline to monitor for suspicious activity. The risk of suspicious activity will vary for each private lender, depending on its size and location and based on its business model and the products and services it offers. A private lender can identify that risk by looking at the type of customers it serves, where its customers are located, and the types of products and services it offers. Given the wide variety of business models employed by small private lenders, it is paramount that each private lender’s monitoring procedures be tailored to its business and identified risks. Additionally, to identify circumstances warranting further due diligence by the firm, a private lender’s procedures should identify “red flags” or indicators of possible suspicious activity. Higher risk transactions generally need to be subjected to greater scrutiny.

Procedures should also describe how the private lender will monitor for or otherwise identify these “red flags.” A private lender may monitor transactions manually or through automated systems or a combination of the two, as long as the system is reasonably designed to identify and report suspicious activity.

It is important that a private lender’s procedures provide specific details regarding its monitoring system (e.g., who, what, when, where, and how).

Red flags in mortgage loan transactions may include the following:

1. Possible Concealment of Real Beneficiary Owner

In certain transactions, a customer may appear to be reluctant, unable, or refuse to reveal certain information such as business activities, corporate history, source of wealth or funds, name of real beneficiary owner, etc.

Some customers may not have a clear answer to questions such as why they are conducting their activities in a certain manner, who they are transacting with, or the exact nature of their business dealings with third parties outside the United States.

2. Customer Makes Unusual Requests

A customer insists on the use of an intermediary in all professional and informal interactions without adequate justification.

It’s a red flag if the customer eschews personal contact without a proper justification. Furthermore, due diligence should be enhanced if:

  • The customer is a foreign national without adequate dealings in the United States or lacks any clear real estate transaction in the country.
  • Refuses to cooperate or provide the requisite information, data, and documents.
  • The customer makes unusual requests related to the real estate agency, brokerage, or its employees.

3. Suspicious Nature of Customer

The risk of money laundering becomes higher if the customer is either a politically exposed person or is connected with a person who is politically exposed.

This connection can be either professional or familial. The following are some of the red flags that are associated with the suspicious nature of the customer:

  • The customer conducts a transaction that is incompatible with the customer’s socioeconomic or educational or professional background.
  • The customer is a signatory to multiple company accounts without proper justification.
  • The customer is interested in foreign company formation in tax havens or a jurisdiction that provides secrecy incentives without proper commercial justification.
  • The customer expresses unusual interest in helping the business arrangements of the other party to the transaction.

4. Legal Entities and Related Arrangements

When a customer is a legal person or a legal arrangement, look for the following AML red flags:

  • Inability to demonstrate a history or provide evidence of real activity
  • No presence on internet or social business network platforms such as LinkedIn
  • Registered under a name that does not indicate the activity of the company
  • Registered under a name that indicates activities different from those it claims to perform
  • Registered name of the company is identical or similar to big multinational companies
  • Email address uses public or nonprofessional domains such as Hotmail, Gmail, Yahoo, etc.
  • Address doesn’t match the company’s profile or can’t be located using Google Maps or other reliable internet mapping services
  • Registered address of the company is the same as the address of many other companies, indicating the use of a mailbox service
  • Unable to contact or locate directors or controlling shareholders
  • Directors or controlling shareholders are representatives of other legal persons or arrangements, indicating the use of professional nominees
  • Company has an unusually large number of beneficiaries and other controlling interests
  • Company is incorporated in a jurisdiction known for high money laundering risk
  • Jurisdiction of incorporation doesn’t require companies to report the real beneficiary owner to a central registry
  • A complex legal structure that doesn’t make commercial sense

5. Unusual Transactions

An AML Compliance Officer should be on alert if the customer carries out an unusual number of transactions within a short period.

Some customers may ask for shortcuts to facilitate quick transactions, knowingly downplaying the inherent risks of such shortcuts. This kind of transaction requires enhanced due diligence. Some other related risky transactions are given below:

  • Deposits and payments made from multiple accounts or sources
  • Using the assistance of multiple professionals for the same transactions in the same jurisdiction without a justifiable reason
  • Furnishing forged records or fake documents
  • The legal person (the customer) is on the Sanctions List

6. Unusual Payment Means

The means or methods of payment turn out to be an AML red flag in the following conditions:

  • Payment made through cash or negotiable instruments that do not state the true payer such as bank drafts, cashier’s checks, etc.
  • Payment is divided into smaller parts with a short interval in between
  • Dubious validity of the documents submitted with loan applications
  • Payment involves a loan already granted, an attempt to obtain a loan or cash collateral that is deposited abroad

What Is AAPL’s Position on BSA Compliance?

The AAPL strongly supports our government’s efforts to combat money laundering and related crime, and we encourage each private lender to establish a sensible AML Program that fits its unique organization.

Certain political and government actors may try to diminish the standing of private lenders by arguing that new legislation should specifically target the industry to prevent money laundering. However, as shown above, the vast array of AML laws and regulations that currently apply to private lenders are sufficient to combat money laundering.

Questions about this article? Reach out to our team below.