Small Business Lenders: Can You Survive an OFAC BSA/AML Audit?

Although banks continue to be the entities most heavily scrutinized, increasingly, non-bank institutions are finding themselves caught in the crosshairs of government agencies. In fact, the vast majority of enforcement actions announced by the Office of Foreign Assets Control (OFAC) since 2018 have not been targeted toward banks at all. Gone are the days when non-bank lenders, particularly small business lenders, were free to operate largely outside of the purview of regulators.

As financial crimes become increasingly complex and non-bank entities such as Apple, Western Union, and Expedia have become embroiled in OFAC actions, non-bank business lenders are confused about their regulatory compliance obligations and how to go about obligations. One of the most daunting of the regulatory terrains that business lenders of all sizes are finding themselves navigating is Anti-Money Laundering (AML) compliance.

So what is money laundering and what is its purpose?

For criminals and terrorist groups, money laundering is critical to the effective operation of virtually every form of national and international organized crime. In order not to get caught and to keep the ill-gotten funding flowing, perpetrators must disguise the origin of their money so they can avoid detection when they use it. 

A standard money laundering scheme generally involves a series of three transactions used to disguise the source of financial assets: 

  1. Placement — placing illegal funds into financial institutions through deposits, wire transfers, cash loan or credit line repayment, or other means

  1. Layering — putting distance between funds and their criminal origin through the use of layers of complex financial transactions

  1. Integration — getting the laundered money back to the criminal generally via a final apparently legitimate purchase and subsequent sale of property (e.g., real estate, gems, etc.)

Combating Money Laundering

AML is the term financial institutions mainly use to describe regulatory controls they are required to implement in order to prevent, detect, and report money laundering activities. Simply put, Anti-Money Laundering efforts aim to prevent or limit the ability of criminals to access the capital required to operate their criminal enterprises.

The United States passed the Bank Secrecy Act (BSA) in 1970. This act requires financial institutions to report certain transactions to the Department of the Treasury, including OFAC, as a part of what is called a Suspicious Activity Report (SAR). The information provided is used by the Financial Crimes Enforcement Network (FinCEN), often in conjunction with domestic and international criminal investigators or foreign financial intelligence agencies.

After the 9/11 terrorist attacks, the USA Patriot Act was passed, expanding Anti-Money Laundering efforts by allowing investigative tools and methods created for organized crime and drug trafficking prevention to be used in investigations of terrorism.

Anti-Money-Laundering (AML) Compliance for Business Lenders

As a business lender involved in digital lending transactions, you are in a position to do your part to prevent money laundering activity. In fact, it is your obligation. 

Although it can seem daunting, when broken down into its component parts, an effective AML program goes hand-in-hand with prudent risk management for lenders anyway. Irrespective of AML compliance, when making loans, you want to know who your customer is, where their money is coming from, and if your customer’s business is legitimate, right?

Until recently, there have been four official pillars of BSA/AML compliance:

  1. Designation of a Compliance Officer
  2. Written Internal Policies, Procedures and Controls
  3. Ongoing Training for Employees
  4. Independent Review


As of May 2018, FinCEN mandated that the fifth official pillar of BSA/AML compliance be fully in effect in the US: Customer Due Diligence. This placed a higher emphasis on Know Your Customer (KYC) obligations under the US PATRIOT Act. These enhanced the focus on establishing Beneficial Ownership of legal entities (the human being(s) having ultimate control over the borrowing entity for a lender), which can often be hidden using intentionally complex corporate ownership structuring.

Sanctions for Non-Compliance

Regulatory compliance is serious business. Worldwide, penalties for non-compliance with AML standards are dramatically increasing for financial institutions in recent years.

According to Sanction Scanner: “...When we look at the total AML penalties in recent years, we observe an increase in the total penalty amount. Failures in the compliance processes of financial institutions cause them to face heavy fines. While the AML penalties given in 2018 were approximately $4 billion, the AML penalties given in 2019 increased by approximately 2 times to approximately $8 billion. When we examine some of the data announced in 2020, we see that the AML penalties given in the first half of 2020 are close to $6 billion dollars.”

Now is definitely the time to be sure your BSA/AML compliance protocols are up to snuff.

Digital Lending: Successfully Navigating BSA/AML Compliance 

Although BSA/AML compliance can seem daunting, there are real benefits for lenders of all sizes beyond just compliance. A result of successfully implementing the appropriate controls to ensure regulatory compliance is a significantly improved system for picking up on suspicious activities early in the customer journey and ultimately, a significantly reduced risk of fraud. 

Still, the challenges facing lenders of all sizes trying to ensure BSA/AML compliance schemes are significant:

  • Instituting the right protocols and ensuring they are adhered to can be overwhelming.
  • Minimizing the cost of implementing and maintaining such a program.
  • Balancing customer demand for speed and ease during the borrowing process with ensuring all Customer Due Diligence protocols are followed for each new prospective borrower.

In order to compete with large financial institutions (think: low cost of capital and plenty of money to spend on compliance) and well-capitalized online lenders delivering loans at warp speed utilizing financial technology, small to mid-sized lenders must get this right. If they do not, they risk being out-spent and out-innovated and left out in the cold. 

To get this right, it is imperative that a compliance plan simplifies compliance, limits the potential for human error and oversight, minimizes costs, and causes no disruption to the customer journey. 

A lot to think about, but Capiform’s cloud lending technology comes pre-configured to make compliance and fraud detection data collection, ingestion, monitoring, and reporting super-fast and easy. Much of a lender’s BSA/AML compliance can and should be automated, as automation eliminates or greatly reduces the chances of human error, ensures that protocols are followed consistently, reduces the cost of maintaining an effective BSA/AML compliance effort, and speeds up the process.

There’s a longstanding axiom in lending that it’s not the best offer to a borrower that is accepted, it is the first offer to a borrower that is accepted. This has never been truer than it is today, yes it has also never been riskier to move too quickly when adjudicating credit decisions. 

Capiform’s small business lending platform allows lenders to complete complex, detailed KYC assessments and fraud checks in the blink of an eye, ensuring that lenders are not only the first to make offers but also ensuring that they stay compliant and safe while winning more high-quality loans than their slower competitors.


Consider booking some time with Capiform to discuss how our digital lending platform can help you compete effectively and safely for years to come.