Changes in Washington; How it could affect you.

Changes in the White House usually mean a change in those who run the myriad departments that oversee our businesses and therefore our livelihoods. So, what should we expect now? With the promise of a very tumultuous mid-term election season, we may see a flurry of activity to get things passed that ordinarily might have taken more time and bipartisan discussion. This is typical politics. But how does that impact us? Let’s look at a few things that our industry should be watching to insulate themselves from needless pain and suffering.

First is the CFPB. The department has a new Director, Rohit Chopra, and he is coming out swinging. Prior to his appointment he was the Commissioner of the Fair-Trade Commission, where he pushed for more aggressive remedies against big tech companies. In an article penned by John R. Coleman for Buckley Commentary & Analysis on September 30, 2021, the first sentence says, “The CFPB under the leadership of Rohit Chopra appears poised to pursue an aggressive enforcement posture and test the limits of its authority in pursuit of broad market change”. To be clear, you do NOT want the CFPB looking in your general direction let alone doing a thorough examination of your practices. Keep in mind the department exists to make a fair and level playing field in the financial market for consumers. How many times can we say that folks accuse us of treating them unfairly? How about with the interest rates and fees we charge? Might this make us a target? Look at how much legislation is aimed at payday lenders that we frequently get lumped into.

There are three things to make sure you have right, so you do not risk getting to know the CFPB closely.

  1. Truth in Lending Act (TILA).
    1. Make sure that the wording on the back of your contracts matches federal and state laws.
    1. Make sure the APR stated on the contract is correct.
    1. If you are collecting mobile payments, consider how that payment affects the APR stated on a contract signed in advance. Does your practice of accepting those payments then put you in a position of ‘over-charging’ your customer?
  2. Military Lending Act (MLA)
    1. Make sure your contract does not mention ‘arbitration’. The MLA does not allow this, and it is a major component of the CFPB complaint against First Cash[1]
    1. Make sure you have proof you are providing a required verbal representation of the Military Annual Percentage Rate (MAPR) to your covered borrowers[2]
    1. Make sure your staff is fully aware of your company’s policies and procedures and that you fully understand your risk when it comes to not using the safe-harbor provision found in the MLA.
  3. Equal Credit Opportunity Act (ECOA)
    1. While not a leading cause of CFPB-induced heartburn, it is important that you have a statement in your policy manual about the fact that your loans are based on the collateral presented, its condition and ‘salability’ and the customers payment history and NOT on any other reason that could get you in trouble. Train your staff on this. Be mindful of the never-ending chatter about equality and how any infraction here can blow up in an ugly PR kind of way.

Second is the Fair-Trade Commission (FTC). This department also gets a new Director, and we are not sure what direction they will go, but there has been some recent saber rattling around the Safeguards rule according to the recent NPA Government Relations Committee’s webinar. The idea here is that you are tasked with keeping all of the non-public identifiable information of your customers in your possession away from prying eyes. These means secure storage at all times (digitally or otherwise) and then secure destruction when the time comes (digitally or otherwise).

If you use a cloud-based software program, have you asked what guarantees they provide that you will not be the victim of a data breach? Do you have any idea what to do in the event of a data breach? Do you carry a Cyber-Liability rider on your insurance policy? Make sure you talk to your providers about this important coverage, and make sure you understand the important differences between the levels of coverage. Data breaches are happening more…not less.

With the pending flurry of activity by Congress, all stakeholders should be carefully watching any proposed legislative action that could be damaging to our industry. We should all be paying close attention to what is going on in Washington. One way is to sign up for the weekly NPA e-mail update[3] (you do not have to be an NPA member to get the e-mail). Another is to get alerts about potential legislation as it is introduced and not after it is signed into law. There are many options available to do this but “GovTrack.us” is a good start.

One additional item that was mentioned in the January 27 NPA GRC webinar was the increased focus on functioning AML programs by banks and the Financial Crimes Enforcement Network (FinCEN). Our business has doubled almost overnight with banks like Truist actually referring their clients to us if they are found lacking in the AML department. This is a huge reversal from a few years ago where the banks were just casting pawnbrokers aside. While not all banks are taking this step, they are all being forced to perform due diligence of their clients. If you have an AML program, make sure it is current, you are doing your training, and you are getting the mandated annual reviews. If you do not have an AML program, well, what are you waiting for?


[1] https://www.consumerfinance.gov/enforcement/actions/firstcash-inc-and-cash-america-west-inc/

[2] https://www.burrellprinting.com/products/Pawn-Loans/MLA-Disclosure/MLA-MAPR-Disclosure

[3] https://www.nationalpawnbrokers.org/this-week-in-pawn/

Don’t skip the training

As I perform annual independent AML reviews across the country, I run across the same issues time and time again, the biggest of which is training not being performed either on time or at all. Title 31 of the US code, otherwise known as the USA PATRIOT Act, requires that all precious metals dealers required to have an AML program must train their staff on the following occasions:

    1. Within 30 days of hire
    2. Annually as a refresher
    3. Anytime the law changes

Employees who require training are those who interact with customers at the loan and sales counters, are in administration or are on the Board. Basically, if they handle cash or are in charge of those who do, then training is required. Those who do online sales or other services like warehouse work or jewelry repair are excluded from the requirement.

If you think about the 4 pillars, this is the one that lies squarely on the compliance officer’s shoulders.

To pass muster, there needs to be good documentation of training. Be sure to record:

    1. What was discussed with some detail
    2. Who attended the training
    3. Who presented the training
    4. The date of the training

Attendees should sign a register or some sort of document that proves they were there along with what training they received. These documents should be retained for a minimum of 5 years before they are destroyed.

Training topics need to include the following at a minimum:

    1. Money laundering defined with examples provided
    2. What suspicious activity looks like and how it is handled
    3. Indications for use of a SAR and who will be filing these
    4. Indications for use of an 8300 form and who will be filing these
    5. The four pillars of the AML program
    6. Record retention requirements
    7. OFAC and SDN lookup requirements and your procedures
    8. GLBA, privacy and safeguard requirements
    9. Proper Customer identification procedures
    10. Know your Customer and Enhanced Due Diligence procedures

Training can be provided in one-on-one or group settings or you can use an online resource. A test is not required if done in a setting that allows for back and forth so all questions can be answered. Ultimately, the compliance officer needs to feel confident that those being trained walk away informed and that actual learning took place. If this is not guaranteed, then a written test should be incorporated.

The importance of this piece of the AML program can’t be overstated. If you think about the 4 pillars, this is the one that lies squarely on the compliance officer’s shoulders. If they are not on top of the training, it will show during a review. It only takes the IRS folks about 5 minutes to identify whether or not a company has their act together or is trying to bluff their way through an exam. Those identified as having their act together sail through exams practically stress-free. Those who do not have their act together will feel as if they were tortured.

If you need help with training or want to run what you are currently doing past us to see if you are covered, we are here to help!

Posting Compliance

Listing of state and laws that require posting by employers

There has been a lot of activity in federal, state, and local government agencies that require action on the part of the employer. Above is a listing of all the changes by state and the laws with the mandatory change in the last three months.

If you are in an affected state, all you need to do is go to your state’s Labor Department website and search printable posters. You can always print the required posters for free from your state’s Labor Department and forego using a service to provide the posters for you.

11 more states will see an increase in the minimum wage at the start of the new year. They will require new postings to be in place by 1/1/22.

Contact us with any questions you might have about your compliance posting requirements.

Bank Discontinuance 3.0?

Bank sign on marble background. 3d illustration

Over the last several weeks, I have seen on forums references to what many believe is a resurgence of the old bank discontinuance. Some are even referencing its old “Operation Chokepoint” name although this isn’t really accurate. So, are banks actually ramping up the shedding of their “high-risk” accounts? The short answer is, yes, at least from the uptick in volume I am seeing in calls for my services.

Why is this happening? Well, there are a couple of reasons, but first let’s identify what is really occurring. Operation Chokepoint was an underhanded program borne during the Obama/Holder administration that was officially stopped years ago. After the program was put out to pasture, the banks continued to engage in two behaviors that were (and are) detrimental to us as pawnbrokers. The official term used was “de-risking”. As pawnbrokers, we were either flat out cancelled by our banks for ‘no reason’, or we were denied services and accounts strictly because of our industry.

Many of you reading this either have been a victim of de-risking or know someone who has. In January 2020, I was asked by a CA pawnbroker to help their company find a bank after Wells Fargo “de-risked” them. It took us calling twenty-six banks before we found one that would actually talk to and eventually bank them. Twenty-six banks said “no” over the phone. Twenty-six! All because of the industry.

De-risking has gotten so bad that the reasons behind which the banks hide to shed these unwanted customers have been kept top secret. Most of you, if your account was cancelled, were never given a reason. The fact is, the bank had to jump through extra hoops to bank you due to your status as a “high-risk” business. It costs them money to perform the due-diligence required to satisfy the regulators and it was just easier to tell you they could not do business with you. In reality, they were being told by the OCC and regulators that they what they were doing was counter to the banking rules and guidelines. However, there was no enforcement provision behind the rules, so the behavior went on for ten years. Of course, it was all about the banks bottom line.

The OCC (Office of the Comptroller of the Currency) finally had enough when 6 of the 7 major banks in Alaska weaseled out of providing funding and services for those in the oil and gas exploration industry. This of course was strictly political, but the banks had the power (and audacity) to weasel and weasel they did. It would be the straw that broke the camels back. Imagine the majority of the major banks in the Mid-West saying they would no longer support the farming industry?

In November of 2020, the OCC proposed the Fair Access Rule which is set to become effective April 1. “The rule codifies more than a decade of OCC guidance stating that banks should conduct risk assessments of individual customers, rather than make broad-based decisions affecting whole categories or classes of customers, when provisioning access to services, capital, and credit”.[1]

The rule requires, “covered banks (those with $100 Billion or more in assets) to make those products and services they choose to offer available to all customers in the communities they serve based on consideration of quantitative, impartial, risk-based standards established by the bank.”[2] The banks covered by the rule are ironically the same bad actors that were (and currently still are) cancelling accounts. Think B of A, Wells Fargo, Chase, Capital 1, US Bank, etc.

Further, the OCC states, “As Comptrollers and staff in previous administrations have made clear in speeches, guidance, and testimony, banks should not terminate services to entire categories of customers without conducting individual risk assessments. It is inconsistent with basic principles of prudent risk management to make decisions based solely on conclusory or categorical assertions of risk without actual analysis.”[3]

So, this is good news, right? Well, it is, but you need to know that like all good things, there is almost always an offset. It will likely now be an offense punishable by a monetary fine for a large bank to either discard you without giving you a chance to measure up, or to ignore you outright just because you are a pawnbroker. Small banks are exempted, however, there will be pressure for them to follow the same guidance without the possibility of a monetary fine hanging over them.

The catch is that if the banks are required to perform their due diligence, and they will, the very first thing on their list will be to make sure that any precious metals business has an AML program in place. It should go without saying that the program will need to actually be current and not sitting in the bottom of a file cabinet somewhere with 10 years of dust on it. There is little else separating you from the other businesses they bank, so the only tool they have to discard you is the AML program.

The program that has been required since 2005 and has been widely ignored in the pawn industry is now going to be pivotal in helping you maintain your banking relationship. Risk going without and it is a matter of time before the hammer comes down. So many wait until the bank asks to see the program and then in a panic make the frantic call. To date, we have been able to help every single customer in that situation that has called our firm. We believe, however that will be evolving and that banks will have the ability to determine that a brand new program does not make one compliant since they were supposed to be compliant long ago.

Programs require annual training and reviews. Reviews, by the very nature of the word, are backward looking processes. You cannot review the future; only the past. Ergo, if you have a new program it is impossible to review your adherence to what it prescribes because you did not have it in place over the period in the past under review. Remember, they set the rules and can still boot you with the slightest infraction if they so choose. The good news is they have to let us know the rules, and we can hold them accountable to their own Fair Access Rule. The rules are changing, and they will continue to be more challenging, not less. If you think back 20-25 years, if you have been in the industry that long, you know that the whole Compliance piece was not a thing that you had to worry about. Well, now you do. You are kidding yourselves if you think that the industry will have less compliance requirements directed its way in the future. At best we can hope for the status quo.

How do we help minimize future regulatory burdens? Take the time to get involved with your local and state legislators. Do it now. Proactively. Build relationships with them now. Before you need to ask them for a favor. Hiding in your store does not in any way influence legislators. At least it doesn’t allow you to influence them in a positive way. Rather it allows them to formulate their own opinions.

Our industry has a perpetual black-eye. That means our industry still has not done enough to change our image. That image is going to cost us in many ways if we don’t stop being ignorant. It is why we have to fight to prove we are essential. It is why we end up on a high-risk list when the banks who can cast aside in an instant are the ones who are high risk.

Decide to do now what it takes for your business, and your industry. Get your compliance house in order (It is far easier than you can imagine but you will never know if you do not reach out) and get your advocacy hat on like your life depends on it and you will be fine. Or, keep doing the same thing but remember…

If you always do, what you’ve always done, you will always have what you’ve always had.

The Fair Access Rule has been put on hold to allow the incoming Comptroller of the Currency the courtesy of reviewing it before it takes effect.[4]


[1] OCC News release 2021-8 | January 14, 2021 2nd paragraph

[2] OCC News Release 2021-8 | January 14, 2021 5th paragraph

[3] OCC News Release 2021-8 | January 14, 2021 3rd paragraph

[4] OCC News Release 2021-14 | January 28, 2021

8300 forms and those pesky related transactions

Dollar Banknotes Counting

This is another installment in a series of articles meant to keep members from making the same mistakes that have proven costly to their competitors. This article will deal primarily with 8300 forms and when it becomes necessary to file one.

Hands down I get more calls about 8300 forms than anything else. I get them sent to me by fax, and they are emailed so I can check them on my cell phone. Most of the time, all are done correctly. To me, this reinforces the fact that we just don’t do many of them, so it will take a while to ‘get good at it’.

First things first, then. The description at the very top of the form gives a fair amount of foundational information. It states, “Report of Cash Payments over $10,000 Received in a Trade or Business”. Three important takeaways from the title are:

  1. Payments must be in CASH
  2. Transactions must exceed $10,000
  3. Money is RECEIVED by the trade or business

You are in the business of dealing with precious metals and cash, the volume of which varies greatly from day to day, and store to store. The IRS knows this. Because cash and precious metals provide anonymity to the holder, the Treasury folks have placed pawnshops on a “High Risk” list that is presented to every bank. It is the reason why banks are dumping pawnbrokers as customers. It is not guns, or anything else. You are a ‘high-risk’ business in their eyes. Reluctance to file forms feeds the illusion in their minds that you have plenty to hide and they want to identify just what that might be. Like it or not, the times are changing. Title 31 audits are becoming disturbingly more frequent. Lack of preparedness on your part may prove disastrous.

Back to the form. What is Cash? Obviously, currency (US and foreign), money orders, cashier’s checks in the amount of $10,000 or less, and traveler’s checks. All other forms of payment (checks, debit and credit cards) are traceable so we get to ignore those. For the purpose of this article, we are focusing on large transactions only. If you accept money orders in your store, do so with caution. It is highly recommended that you do NOT take money orders for large transactions, especially if they are sequentially numbered and in a large quantity. If the customer had to purchase these with cash, why didn’t they just come to you and give you cash? Because you might report it… What does that tell you about your customer? Perhaps this would be a suspicious transaction? You bet it would.

Traveler’s checks are almost obsolete, so we won’t spend any time on those, but the same caution applies as for money orders.

Transactions in a bank or other ‘financial institution’ are subject to CTR filings. These are the equivalent to our 8300 forms. This means that if a customer enters a bank with $10,000 and gets a cashier’s check, the CTR is not filed. Why? Go back to #2 above. The transaction has to be greater than $10,000. This is a round number and a very popular amount imprinted on a cashier’s check. It is still cash! If this check is combined with cash to complete a transaction, then you need to file an 8300. If that cashier’s check was for a penny more, then you would be off the hook. Why? Because the bank filed on the check already relieving you of the duty to do so.

Your job is to identify how much “cash” was brought to the table. If you can eliminate certain parts of the transaction due to payment by debit card perhaps, and the total amount drops to $10,000 or less, then you do not have to file the 8300. Normally this is easy to identify. However, we need to look at ‘related’ transactions since that is where the confusion occurs, both at a business and an IRS level. Follow along carefully here.

8300 filings are required when:

  1. A single customer, in a single event, on a single day presents you with over $10,000 in cash for any purpose (usually retail sales or pawn redemptions of any number);
  2. A single customer, in multiple events, on a single day presents you with over $10,000 in cash for any purpose (usually retail sales or pawn redemptions of any number);
  3. Multiple customers for the benefit of a single customer, in multiple events, on a single day present you with over $10,000 in cash for any purpose (usually retail sales or pawn redemptions of any number);
  • A single customer, or multiple customers for the benefit of a single customer, in multiple events, over a 24-hour period present you with over $10,000 in cash for any purpose (usually retail sales or pawn redemptions of any number);
  • Related transactions where the combination of interest and principal payments made with cash over a rolling 365-day period exceed $10,000.

Wait a minute. What did the last one say? Start at the beginning and read them again slowly. Each one is built on the last. Related transactions are effectively any transactions that are tied together by a time component. Since money laundering and tax evasion involve a common, and simple to detect, tactic known as ‘structuring’, you are required to watch for transactions that might occur over several days as a way to avoid the 8300 filing. Although the actual requirement is “24 hours”, it is common practice to count two consecutive business days as the same thing. So, let’s look at examples.

If a customer comes in at 10:30 on Day #1 and gives you $8,000 in cash and then comes back at noon on Day #2 and gives you $3,500 more in cash, you have to file. Why? Because these transactions are “related”.

If a customer does the same thing but instead of coming in on Day #2 with the balance comes in on day #4 you are off the hook, unless you have reason to believe they are avoiding the filing of the form. They might get a pass the first time, but if they continue this type of trend, you will file a form anyway and mark it as suspicious.

So far so good? Okay. Take it a step further. If a person borrows $10,000, you know they are going to pay you back over $10,000, right? So, if that person comes in 6 weeks after borrowing the money, and pay you with interest in cash, then you file the form. What if they renewed it twice? Well, then you have to add the interest from those payments to the end total as well. Go back and read that line again. I am not making this up.

Related transactions then involve a bit of forecasting. If you can follow the last example, then what if you loan a customer $7,500 on one day on one item? You must follow that loan through to see if the payments received on it ever exceed $10,000 in a rolling 365-day period.

What if the loan was actually three different loans that totaled $7,500 on the same day? Same thing.

What if you gave a loan for $5,000 on day #1 and another for $2,500 on day #2? Is this starting to sound familiar? It should. Same thing. These are related transactions and so need to be tracked until they are either defaulted or redeemed.

Related transactions are only those transactions that are entered into within a 24-hour period. When our customers start lumping loans together to make it easier for them payment wise, that does not make these loans related. In other words, the customer who comes in on Wednesday to pay for loans due on Wednesday and then asks if she can pay for her loans due next week at the same time to save her a trip does not now have more loans added to the related pile. Only the loans that were originally generated within the 24-hour period are truly related.

The bad news is that there is not a pawn software I am familiar with that has figured out how to identify ‘related transactions’ correctly or completely. It is actually easily done with pencil and paper so why it is such a challenge for a computer is beyond my capacity to understand. The most frequent error is that they will aggregate the information and then notify you. Aggregation is the act of adding up every single transaction done by a customer in a rolling time period and once it hits $10,000, BOOM! That is dead wrong and generates paperwork and filings for nothing. The reporting provided is useless in most cases and, while useful to verify that you got the big transactions logged, it is not at all a time saver. One large software company even adds the money going out to the money coming in to get to $10,000. This is based on the CTR format used by banks and is just wrong. At no point ever is $5,000 in pawn (OUT) and $6,000 in sales (IN) going to add to $11,000 (IN) except in their program.

Bottom line, you are responsible for tracking these transactions in an attempt to fall in line with the IRS edict. Every effort you make will be blessed by the IRS though, and in this you should take solace. Those who do nothing, out of either ignorance or frustration, place themselves in the direct path of an IRS audit that will progress much further than they ever imagined. Those shops who ‘turn a blind eye’ to these filings are likely to be accused of “willful non-compliance” by the IRS, the fine for which can be six figures. The good news is that each store usually only has a small number of customers that this even pertains to. Identify these few customers and watch them. I will be waiting for your call!

Title 31 Audits: So, what’s the big deal?

Auditor or internal revenue service staff

This is another installment in a series of articles meant to keep members from making the same mistakes that have proven costly to their competitors. This article will deal primarily with Title 31 AML exams and everything they entail.

So, you got your letter from the IRS. It is either a form letter #4479 (precious metals BSA exam) or a form letter #4313 (MSB BSA exam). Either way, you will be going through a Title 31 exam, the purpose of which is to determine your level of awareness of, and compliance with, the BSA and the laws that regulate your type of business. There are two types of exams here, the first of which is correct for you if you are strictly a precious metals dealer and you do NOT perform any Money Service Business (MSB) services like money order sales, wiring of funds, currency exchange etc. If this is you, and you got the other letter, you need to notify the examiner and explain you are not an MSB. This won’t stop the audit, but it will minimize the scope.

The letter will have an attachment known as a 4564 which is a document request. If you got the MSB letter in error, then you will need to get clarification from your examiner as to what documents you will now need to produce since the list is substantially shorter for non-MSB’s. You will be asked to produce copies of your AML program, your business risk assessment, training materials, independent audit reports, and lots of internal paper (bank statements, sales receipts, purchase records, supplier lists, invoices etc. for a 6-month period they will identify. Remember the first installment where we discussed the requirements of an AML program? All those items are on the top of the document request list. This is why you need an AML program at least 6 months prior to receiving the exam notification.

The day of the exam, you will be greeted by the examiner and asked to provide several answers to very simple questions as they start the process. Lots of “how do you do this”, and “how long have you” or “have you ever” etc. and then the fun begins. You will be asked to provide a piece from your showcase and then provide the source for it. The examiner may pick the piece, or they may ask you to go grab one. It is critical here that you pass this part of the exam or your Title 31 exam may morph quickly into a Title 26 Tax audit.

Sourcing means being able to identify the source of the item. Where did it come from or who brought it into the store? Was it a default? A buy? Did you purchase the piece from Stuller? Where exactly did the item come from? Any vague answers here will not pass muster and they will keep digging. If you use any type of bin or bucket method with your scrap, then you have exposure to a very thorough IRS exam. For example, if the majority of your jewelry inventory has “inventory” tags that do NOT correlate with how the item came into your possession you are at risk. If you can’t identify the person or company that sold you the item, you are at risk. Why? Because you can’t then prove where it came from or how much you paid for it. This is the IRS after all folks. Do you see how this can escalate quickly? It is highly recommended that all precious metals items in showcases are tagged with inventory numbers that allow you to fully source the items.

If the IRS agent thinks for half a second that you are hiding anything, whether through naivete or blatant actions, then be prepared for a long visit indeed. The additional time it will take to change how you price your inventory and enter it into your system is minimal compared to that tax audit I can guarantee you. This goes back to the whole illusion piece I always talk about. If in very short order the illusion is presented to the IRS agent that you can source every single piece, then they will move on. If, on the other hand they get the feeling that you can only source a few pieces, then they will react accordingly.

Now, once you get past the scary part, the next piece can be done off site, either in the CPA’s office or a meeting room somewhere. This is where all the documents from the request letter will be examined. In reality the process goes the same here as it did back at the store. They will ask for a few documents and will observe your ability to answer how your paperwork is done. How do buys make it onto the paperwork? How does that get to the IRS eventually? While many owners want to hide from the IRS and let others handle their exams, this could be a huge mistake. The person who can provide the fastest and clearest responses with regards to the paperwork should be in the room. It is also highly recommended that you have a professional in the room as well to help with the question and answer process as it relates to the AML components. Your CPA will NOT be the best person for this function unless they have training in AML processes. On the other hand, the AML professional is of no help if the audit becomes a Title 26 audit.

The exam covers a 6-month period, but really the examiner will start with the first 3 months and will only go further if they feel the need to do so. If you are good at answering questions quickly and thoroughly, the chances are good that you will be asked to forward a week or two of records to the examiners office for them to use in writing their report and they will head off to their next appointment. It will take up to a couple of months to get your results back, and a short notice with the words “no findings” printed on it is your best possible outcome.

Bottom line here is that you deal in precious metals and cash. The combination of these two items is a quick path to money laundering and also tax evasion. Regulators assume neither but are looking for both. What illusion are you sending them? When you get the letter do you start stalling right away and postponing the exam date? How do you think that looks to the examiner? Do you immediately get the copies requested by the examiner sent to their attention in the time frame they have set forth in the document request letter? What does that tell them about your program? What impression are you sending to them about your compliance with your responses? How will that impact the attitude they enter your business with?

A normal exam should not take more than 2-3 hours. The examiners that I have dealt with are all very personable and are indeed helpful. They are also thorough. They do not ask yes or no questions. They are pros at what they do just like you are. Treat them well and they will respond well. Patronize them and you are in trouble. Nobody likes to be patronized. Do NOT try to sit through one of these audits without representation. Much like taking a trusted friend or family member to difficult doctor appointments, it is important to have good representation at an exam. You will miss critical elements due to your nervousness which is perfectly normal. It is why you need someone there to help you answer correctly and to listen for things you don’t know you should be listening for. If you are prepared, you will do just fine. You are either proactive here or reactive. Proactive wins the day. Every. Single. Time.

SDN Lookups: What do I need to do?

Magnifier on the computer keyboard

This is another installment in a series of articles meant to keep members from making the same mistakes that have proven costly to their competitors. This article will deal primarily with SDN lookups and everything that entails.

The Office of Foreign Asset Control, or OFAC, is a financial intelligence and enforcement agency of the Treasury Department. They identify individuals, entities, and vessels across the world that US citizens are not to provide assistance to for whatever reason. There are a myriad of lists that have been generated over the last many years and collectively the names of the individuals, entities, and vessels included therein are referred to as Specifically Designated Nationals or SDN’s for short. The SDN list at any given time has 15,000 or more names included on it and it has been updated or changed at least 120 times in each of the last two years. This means roughly once every 3 days.

The idea is that you are not allowed to give money to anyone that appears on the list. Period. It doesn’t matter how much money we are talking about. How does one know if someone is on the list? Well, you have to check! How? Well, first of all, that all depends on what software company you hitched your wagon to. If they can provide the search then you are half way there. If they can’t, well then you have a problem. Most can, and most do, but there are nuances.

Most of the major software providers in the market today provide the SDN lookup as part of their package with the exception of one. Several not only include it in the package at no extra cost, they actually turn the function on so it is useful. Sadly, several do not understand the importance of keeping you compliant, so they push that way to the bottom of the priority list.

For you to have full confidence in your software, you will need the following things:

  1. A query is done by the software of the OFAC SDN list on a regular basis (remember it changes on average every three days). The updated version is then either:
    1. Downloaded and installed by a staff member in a timely fashion, OR
    1. Automatically updated by the software (invisible)
  2. Entering a customer’s name in your system will then trigger one of the following:
    1. Nothing which means your customer is not on the list, OR
    1. Flagging the account that your customer could be a “potential match”.
  3. Flagged accounts will need to be either cleared (99.99% of the time) by a staff person or they will require further direction at which point in time you will likely not be doing business with that customer.
  4. A report should be run routinely that identifies the potential matches that were done in the period you query. The report should include:
    1. The date of the potential match
    1. The name of your customer
    1. The name of the SDN in question
    1. The status (cleared or not)

Effectively, you need to prove that you have a system that works. The report is the single most important piece and few software providers offer an option. A few let you know on a daily closeout. That is great, but what if an IRS examiner asks you to prove that your system is working. You would then have to go through countless daily reports to find the last actual potential match you had. Hardly efficient. In light of the fact that you may be asked, “how many SDN hits do you get in a year?” it would be helpful to have a report to immediately hand someone instead of spending the next twenty to thirty minutes frantically looking for data. Let’s get right to it. If the system can flag the account, then it can track the event. If it can track the event, then it can run a report. Easy Peasy.

Two more things. Assuming your system does include the SDN lookup feature, and assuming it is always turned on, how do you know it is working if you never get any ‘hits’? You need to ask your software company what the minimum name score is set to. The industry standard is 85%. The higher the number, the more closely the name must match the list. I have found software set at 100% match in the last year. It is highly unlikely that you would ever get a potential match with your score set at 100%. At 85% you will get hits. This proves that your system is working.

If your system is working, and you know this because you are getting potential matches, but it won’t give you reports, then print out any potential matches and keep them in a file. In this series we have talked about the importance of creating an illusion. By printing out your potential matches, you will cover two items. One is that you will identify the frequency (or lack thereof) of potential matches. The other is that you have proven that your system is working. Both bases need to be covered for the regulator asking the question. If you only have a couple a year, well that shows you are a low risk and it is well worth printing two sheets of paper a year to prove that point to someone who thinks first of all you don’t even do this stuff, and second that you probably do 100’s of these things. Data doesn’t lie.

If your software does not provide the option to do a free automatic SDN lookup, ask them why not. After you decide whether you are staying with them, you will then have to look at the probability of manually checking all your new customers against the SDN list on the OFAC website. This is not as onerous as it sounds, but is an extra step that will add 30 seconds to your loan process. In this instance, you really should print all of these and retain them for a month or so and then start systematically shredding them, being careful to retain any potential matches for a year. Again, this shows you have a system in place, and it shows the frequency of the potential matches. This is the goal.

The law requires you do not give money to anyone on the SDN list. If you perform a proper ‘front-end’ check, you will have complied. If you electronically report to CAPSS, you will find that they may or may not check the list, but it is irrelevant since that is what is referred to as a ‘back-end’ check. You already gave the money out and now you are tattling on yourself.

Bottom line here is that you need to identify your risk tolerance and act accordingly. The chance of a potential match is not that good. The chance of getting an actual match is astronomical. The chance of getting a Title 31 audit where they ask you questions about your system? Pretty darned good.

AML programs part 2: I don’t do transactions that large OR I just have a small shop

finance

This is the second installment in a series of articles meant to keep members from making the same mistakes that have proven costly to their competitors. This article will deal primarily with what an AML program really is and is designed to do.

In the last segment, we discussed the importance of being able to present an illusion that you are in full compliance with all things AML when the bank regulators or the IRS examiners come calling. This is not just a thing…it is reality. Provided with enough paperwork and reports, a regulator will agree that much is being done, but may still have some thoughts about what is actually being accomplished. Better to be in that position after a review than in the position of the regulator determining that nothing was even being done. The former will get you much further down the road than the latter for sure.

AML programs, while tiptoeing through the tax issues, primarily deal with keeping the precious metals dealer out of the money laundering and terror financing business. While the tax audit deals in a very concrete matter, the Title 31 rules are somewhat abstract. Title 26 is the tax code. 8300 forms fall under the tax code primarily, but they can also fall into the Title 31 realm. Most of what we deal with in Title 31 is suspicious activity. Title 26 deals with certain thresholds and the appropriate reporting of concrete transactions. In other words, if a customer presents you with $11,000 in cash you must file an 8300 within 15 days. Period. Concrete.

Title 31 is abstract. How so? The primary tools in the arsenal of the precious metals dealer are the Suspicious Activity Report (SAR), the 8300, and the Specifically Designated National (SDN) lookup. While the filing of an 8300 form as mentioned above was straight forward, what would happen if the customer was trying to break up the transactions to avoid the filing of the form, and therefore avoiding the tax ramifications of reporting to the IRS? That now becomes suspicious behavior. Does suspicious behavior have a dollar amount? Nope.

Precious Metals Dealers are exempt from mandatory filing of SAR’s. That means they are strictly voluntary. As soon as a pawnbroker learns that, they usually decide right then and there they will not be filing any of these forms since they don’t have to. I caution them all that we are trying to create an illusion. An illusion that says we are at the ready. We are trying to play by the rules. “If it looks shady, then I will file the SAR”. A word of warning though; one can’t just file SAR’s randomly or they place themselves at jeopardy of being penalized for reckless behavior.

Consider the fact that banks are required to file SAR’s and have entire departments just for this purpose. You know, when a business owner takes multiple deposits to the bank in a week, and while separately they are not over $10,000, but collectively they are? The bank files an SAR. I can give you names and numbers of the pawnbrokers who have gotten sudden unannounced visits from the IRS accusing them of structuring their deposits to avoid the CTR (bank equivalent to the 8300) reporting requirements. ‘Structuring’ is money laundering, and this is the IRS we are talking about. The IRS does not generally hold pawnbrokers in the highest regard as you may know.

So, if the banks have to file these all the time, and they find that you are not filing any…ever, well they then jump to the conclusion that you are not taking this whole AML thing seriously. In reality, you truly may not have any transactions worthy of an SAR filing. So how do you win this battle? By having an illusion in place that you are looking for these transactions but just haven’t encountered any. By having high dollar transaction tracking in place that you can show them. By having internal controls that someone checks monthly to make sure nothing is slipping through the cracks. By having written policies and procedures in place that state what will happen if suspicious activity is indeed encountered. By being set up with an account on the BSA website so you will be ready to file a form immediately if you had to. In the beginning of implementing your program this is all an illusion. As you progress through the first several years of implementation, the appearance to the regulator is that you are doing all you can to comply. Over time, the illusion is that you are in full compliance and it is just part of the company DNA. How does the old saying go? You never get a second chance to make a first impression (illusion)!

What do you need to do to help the illusion along?

  1. Read and become familiar with your AML program. Make sure it is accurate and depicts all of your policies and procedures.
  2. Be on top of the training required:
    1. Within 30 days of hire of a new staff person
    1. Every year as a refresher
  3. Print out monthly reports from your software, if possible, that show you are looking for suspicious activity
  4. Print out reports from your software, if possible, that show you have an active SDN program in place, and that it works.
  5. If you are a corporation, include a resolution annually affirming your commitment as a company to the program and to the compliance officer in place.
  6. Finally, and most importantly, take this stuff seriously. Don’t roll your eyes and make faces when you are explaining to your staff why you “have to do this stuff”. They will key in on you and your efforts will be doomed from the very start.

So, what illusion do you want to provide the regulators when they come calling? If your business depended on it, I bet you would be willing to do whatever it took to get the ship heading in the right direction. The fact is, if you do nothing, the fines that can be levied could be in the business ending realm. Failure to have a program fines can be $25,000. Willful non-compliance fines can be six figures.

A good consultant will help you get your program off the pages of the manual and into the culture of your staff. It is NOT as difficult as you think. Learning to drive was a challenge for all of us the first time. Some of us had to learn on manual transmissions so those that didn’t, can just sit quietly. Seriously, remember how hard it was to get started? It didn’t take too long and we mastered the process and we never looked back. This is no different.

AML programs part 1: Why the big deal?

Regulations book. Law, rules and regulations concept.

This is the first of a several part series highlighting the issues I find routinely in pawnshops, large and small, across the country today. It is my hope that by highlighting these issues, our members will be better educated and can make more well-informed decisions before crisis strikes. Future articles will discuss corporate minutes (or the lack thereof), SDN checks and what stores are doing right and what they are doing wrong, 8300 forms and related transactions, debunking myths around the Military Lending Act, and primers on the Privacy Act and the Safeguards rule.

AML programs part 1: Why the big deal?

In late August, 2019, one of our CAPA members posted on the forum that they were going through an IRS Title 31 Exam. This is the exam of, in this case, a precious metals dealers anti-money laundering (AML) program and is not to be confused with the more common (and greatly feared) Title 26 tax audit. This AML program has been a Federal requirement for precious metals dealers since January 1, 2006 but we will get back to that in a minute.

In the forum post, our member implied that things were not going well and that there was a fair amount of stress involved in the process. They also indicated that the IRS examiners had shared that “pawnbrokers had been flying under the radar, but no longer.” I was in the middle of an Alaskan cruise and my phone blew up with dozens of calls in a 2-day span from members who needed reassurance that they were either okay or that they could be okay. Needless to say, when I got back from my vacation, I was a busy man. Three weeks later I was at the CAPA Long Beach event and was swamped on Sunday throughout the entire vendor time allotment setting up account after account. Many of the folks who set up accounts in September have been pawnbrokers for generations. Thank you, IRS.

So why bother you with the details? Let me summarize. The IRS is now taking a serious look at pawnshops. Banks never stopped looking at pawnshops even after we were told that Operation Chokepoint was in the rear-view mirror (enter “de-risking”). Lose your bank account and you have immediate pain and frustration. You must take your eyes off running a business and focus your efforts on garnering another account. The new bank? They will likely ask to see your AML program. What they want to see, is an active (read ‘well-used’) AML program that has been around for a while. Think about it. If you had that program, you would probably still have the old bank account. They will tolerate a brand-new AML program, but you will likely be put under a microscope anyway because having an AML program is not the important part. Incorporating the program into the culture of your business is what they need to see.

In large part, you will need to create the illusion early on that you place a very high value on Compliance while you are still trying to get the hang of it. Much like driving a car when you first got your license. You wanted everyone to know you had it, but you still needed to practice and get better. Did you get better by driving once a year? Nope. Same reason why those pawnbrokers who purchase an AML program and then take it out once a year (if that) for the obligatory independent review, look like beginners. When a bank regulator or IRS examiner starts asking you questions about your program you should already have a working knowledge of it. This is the wrong time to try to fake it. Everyone knows what is going on and you just look, and feel, silly trying to save your backside from whatever punishment is likely to be doled out.

Title 31 audits are real.  I know because I sit in on them helping represent my customers. They are happening in California with a much greater frequency than ever before and according to the examiners I deal with will continue to do so. Bank de-risking is real and is never going away. CA pawnbrokers need to be very aware of this and get out in front of it. Title 31 exams for those with active programs usually go well. Those that have inactive or non-existent programs usually pay a price for their inaction.

Functioning AML programs have 4 key components. These are known as the 4 pillars. An AML program missing one or more of these pillars is much like a Rolex watch with a phony movement…worthless. Those 4 pillars are:

  1. A written program based on the dealer’s risk assessment that puts policies, procedures, and controls in place to eliminate the possibility of money laundering, terrorist financing, and other illicit activities.
  2. The designation of a compliance officer to be in charge of the implementation and updating of the program and the training of the staff.
  3. The ongoing education and training of specific staff (all who handle sales and pawns plus owners and managers) at least once a year and usually within 30 days of hire.
  4. An annual independent review of the program to make sure that it is working and effective.

Those who treat this as anything less than a priority stand to pay the penalties that go along with postponing the inevitable. Many of us wait until one of our friends goes through something before we jump on the bandwagon. In fact, I would say that the vast majority of us tend to react to others pain and we use that as the stimulus to get us moving. Perhaps that is the difference between leaders and followers. Call it what you want, but once you get a letter from either the bank or the IRS, if you do not already have an AML program in place, it is too late. PERIOD.

Compliance

Businessman hand building wooden blocks with Compliance concept.

Compliance. Yuck! Everyone hates the whole compliance thing, but we all must admit, whether we like it or not, it is just going to get worse and not better. When I owned my stores in CA and OR from 1996-2012, I had no idea any of this stuff ever existed. By 2013 I had started a business to help others understand and it has now blossomed into 39 states and Canada!

Title 31 audits (the IRS likes to refer to them as ‘exams’) are occurring with an alarming rate and should have everyone reading this at least paying attention. While these are not “tax” audits, they can lead to them quickly if you are not careful. Nobody wants a “tax” (Title 26) audit. So, what do you need to know?

Title 31 is the U.S. PATRIOT ACT and as pawnbrokers you fall under this act because you are considered a financial institution. You are a bank after all, and many states use their banking regulators to monitor and license pawnbrokers. You then get to follow the same rules as banks. To add to this, you are also considered a ‘high risk’ industry by FinCEN which is the Treasury watchdog and enforcement arm. (FinCEN stands for Financial Crime Enforcement Network.) They set the rules and they DO enforce them. Fines levied by FinCEN can be business ending, and since pawnbrokers are supposed to have had AML programs in place and operational since 2005, they have little tolerance for ignorance, real or feigned.

So, what exactly is a Title 31 Exam? It is an exam of your Anti-Money Laundering program. You will get a notice 30 days ahead of time letting you know you have been selected for an exam. Included with the letter will be a three-page document listing all of the items they will need you to have ready to go for the special day. The first several will be requested digitally prior to the actual review so they can do some homework before they arrive. At the very top of the list is a copy of your AML program.

Question for you. If you do not have an AML, how are you going to send it digitally? On top of that, an audit will go back 6 months to look at your AML program and the systems you have in place in support of that program. How do you prove to their satisfaction that you had a functioning program when in fact you did not? The answer is you do not. And there you are, standing naked in front of the IRS begging for a second chance and trying to explain to them that you had no idea you were required to do this stuff even though the laws have been in place for much of it since George W. Bush was in office.

Exams do not actually take much time when the examiner is on site, but the preparation will set you back several hours, and in some cases depending on the size of your operation(s), days. You will need to provide employment records, training documentation, any 8300 and SAR forms you filed, any workpapers (reports and tracking info to show why you did or did not file 8300 forms and SAR’s), bank statements, and purchase records for the 6 month period in question.

On the day of the review, I highly recommend that you meet the examiner with your treasure trove of documents off-site. I also recommend that you have someone other than yourself sitting there trying to answer questions on your behalf. These exams are new to many IRS folks and they are trying to figure them out. You will be too nervous to answer questions correctly and see what path they are leading you down. You may walk right into a tax audit if you answer something innocently but incorrectly. By the way, your CPA is not the best person for these reviews. They are proficient in Title 26 but NOT Title 31. While they may be well-meaning, I am aware of at least one exam that went south in the last 18 months because of this scenario.

So, what exactly do you have to have in place to pass this exam?

  1. A written program based on the risks inherent in your unique business and its geographic location for the potential to have money laundering or other nefarious activity take place. The program is to be custom (not a template) and a living, breathing document that is part of the culture of your operation.
  2. A designated compliance officer in charge of the whole thing. In addition, if you are an entity, then you need to provide a statement from the top echelon that shows support for the program and the compliance officer at the very least.
  3. Routine documented training, provided at these three times:
    1. Within 30 days of hire for new staff that are required to know the information
    1. Every year for all staff as a refresher
    1. Any time there are substantive changes on a federal level
  4. An annual independent review of your program to determine how well it is working, how up to date it is, and how well it is incorporated into the DNA of the company. Independent means “not you”, and it should be someone who is certified in this stuff.

While this sounds ominous, it is not. Because much of what the IRS folks are looking for does not happen routinely in our industry, your goal is to paint a clear picture for them of what actually does happen in your company. While this may be very little, that is important for them to see. In other words, you can say that you have not filed any 8300 forms ever, but your examiner will need to verify that. Better for you to hand them reports you have already looked at that support your statement than having them digging through your computer. Unless, of course, you want the IRS person digging through your computer…

You will need to be tracking any transactions that are large for your operation to make sure there are no trends or patterns that may lead a reasonable person to believe that money laundering could be occurring under your nose.

You will need to be checking all pawn and buy customers against the OFAC SDN list. This is a list of 15,000+ names that evolves almost daily. Fines are ridiculous if you give these folks money. Most pawn systems today will offer a way to check these. One charges for the service (I cannot get them to stop…) which is absurd since it is a federal mandate, but the rest offer something. It is your job to make sure you are paying attention to these. The argument that, “I never get any hits” is fine, but you must be able to prove this! Each software company provides this in different ways. Just because you pay a lot for your software by the way does NOT guarantee they do compliance stuff correctly. Compliance is not glamorous and it is not a huge selling point, so some of them have just put a mediocre solution together that in many cases is 50% there and then you get to push or pull it across the finish line.

Your pawn contract needs to have a ‘customer privacy policy’ somewhere in the small print. This is the same thing as the privacy statement you get from your bank or credit card company every year. You dutifully open it and then when you realize what it is, you throw it away. That piece of paper… At any rate, you must provide this statement to your customers at least once a year. Having it printed on the pawn contract fulfills this obligation. The other option is to hand a little piece of paper to every customer which will then end up on every counter in your building along with the floor and the parking lot.

You will need to be able to demonstrate that you have ‘know your customer’ and ‘enhanced due diligence’ protocols in place. Now the good news here, is that pawnshops overall do a stellar job here. Think about it. In most shops, before the customer ever hits the counter, they are explaining why they are in the shop again. We know, or think we know, their whole life story. To the extent that story never changes, AND nothing about the activity of the customer seems to contraindicate their story, you are fine. BUT you need to have trained your staff what to do if that story changes, AND you need to be able to prove that to the IRS examiner.

They will ask you about your ability to source inventory. In laymen’s terms, that means you must tell them where a ring they pick out of the case came from. If you have an inventory number that ties to a loan or buy number, you are in good shape. If you like to generate unique numbers and it will be hard to explain to that examiner where the item came from and most importantly, how much it cost, you may be walking right into a tax audit. If you are one of those stores that uses your pawn software only to manage the pawns and buys and you have a separate system for inventory, this is your warning to really consider how that looks to the IRS examiner. The old days of operating out of a cigar box…that will get you shut down now.

That is a solid amount of information and all around just the Title 31 AML exam. When it comes to compliance, this is the piece that must be intact and functioning. It is not enough to purchase the program and let it sit on the shelf. I have seen fines levied for $10,000 for folks who did that. That is one expensive AML program! In addition to the AML program, there are many more federal items, and we will not even go into ATF stuff. The other two biggest federal compliance pieces are TILA (Truth in Lending Act) and the MLA (Military Lending Act).

You need to have a reasonable system in place for identifying whether a customer is an MLA covered borrower. You do NOT have to run every single name against the Department of Defense website as was initially reported and to some degree I still stumble upon. You must make sure that your software prorates the military APR to a DAILY rate based on 36%/year. One major software company does not have this box checked in their settings and if you keep it that way you are overcharging these customers! You must provide a written AND oral disclosure of the Military APR since the contract language on the back will not line up with what was printed on the front. Burrell offers a great product just for this purpose (11-5560). Use it. You will need to retain ALL pawn tickets for 5 years from the date of final disposition. This is not read as 5 years from the date you wrote the ticket.

TILA is more about the statements on your contract and your understanding that a signed contract is EVERYTHING in a court of law. Make darn sure that your contract matches your systems and your laws. When the dust settles, whatever is on your contract will rule. When was the last time you actually read your pawn contract anyway? If you use a national company to produce your tickets like Burrell, Apperson, and Technology Media Group for example, then your tickets are likely in great shape. However, if you have gone the cheap route and used a local printer, I would take a serious look at that ticket and make sure you are covered. By taking a serious look I mean having someone who knows what they are doing and understands TILA requirements to look at that ticket.

Fun stuff, right? If you use someone who knows what they are doing to help you out, it is really not too difficult. But remember the old Fram marketing slogan, “You can pay me now…or you can pay me later”? It applies here. Your best bet is to have this in place 6 months before you get your Title 31 letter from the IRS, not after. Feel free to reach out if you want help!