What the Patriot Act has to do with mortgages

Posted on by

What does a law constructed to prevent terrorist attacks in the U.S. have to do with mortgages? If you’re a mortgage loan originator (MLO), a lot, it turns out.

The 2001 Patriot Act amended the Bank Secrecy Act, which was enacted in 1970 to combat money laundering and terrorist financing. [31 United States Code §5311 et seq.]

The Bank Secrecy Act requires banks have proper safeguards in place to inform law enforcement when they suspect banking activity points to terrorist activity or money laundering. The Patriot Act’s main change was to require each financial institution operating in the U.S. to have a Customer Identification Program (CIP).

The purpose of financial institution’s CIP is to verify borrowers’ and mortgage applicants’ identities and alert law enforcement when suspicious activity or individuals are identified.

When a mortgage applicant has applied for an ITIN before opening an account with the institution but has not yet received one, the CIP may include procedures for dealing with this situation. When the financial institution includes such a procedure, the procedure needs to show how they will confirm the ITIN was applied for before opening an account and that they will receive the ITIN within a reasonable period of time when an account is opened. [31 CFR §1020.200(a)(i)(B)]

The CIP needs to include a procedure for notifying mortgage applicants that they are requesting information to verify their identity. [31 CFR §1020.200(a)(5)(i)]

Suspicious activity identified

When the financial institution cannot verify an individual’s identity, they need to have a procedure in place for responding to these situations. The procedures need to cover:

  • when the financial institution won’t open the account;
  • the terms with which a borrower may use their account while the institution is attempting to verify their identity;
  • when the institution will close an account after the borrower’s identity cannot be verified; and
  • when the institution needs to file a Suspicious Activity Report (SAR). [31 CFR 1020.200(a)(iii)]

When the financial institution feels it necessary, they file a SAR. This is filed no later than 30 days following the detection of suspicious information through the Bank Secrecy Act E-Filing System, accessed here. However, when no individual suspect is identified by the institution, they may delay filing the Suspicious Activity Report for up to 60 days from initial detection. When a suspicious activity requires immediate attention, the institution will notify law enforcement and the Office of the Comptroller of Currency (OCC) immediately by phone. [12 CFR §21.11(d)]

The CIP needs to also include a procedure for comparing individuals with government lists of known or suspected terrorists. [31 CFR §1020.200(a)(4)