AML Compliance Checklist for CRE Professionals
New AML rules for real estate professionals are now in effect. Since March 1, 2026, the FinCEN Residential Real Estate Rule mandates reporting the beneficial owners of all-cash property transactions involving entities or trusts. Non-compliance can lead to penalties starting at $1,394 per violation, climbing to $250,000 for willful breaches, plus potential prison time.
Here’s what you need to know:
- Key Regulations: The Bank Secrecy Act, USA PATRIOT Act, and Anti-Money Laundering Act of 2020 set the framework for compliance.
- Risk Assessment: Focus on high-risk clients, such as those from high-risk regions or using shell companies.
- Due Diligence: Collect detailed documentation for both individuals and entities, including beneficial ownership information.
- Transaction Monitoring: Use automated tools to flag suspicious activity and file reports within required timelines.
- Recordkeeping: Retain all AML-related documents for five years.
Adhering to these rules not only avoids penalties but also builds trust with investors. Use technology like CoreCast for efficient compliance management.
AML Compliance Framework for Real Estate Professionals: 5 Essential Steps
New Anti-Money Laundering Regulations for Residential Real Estate Transfers
sbb-itb-df8a938
Risk Assessment Procedures
Understanding and managing risk is a cornerstone of effective AML (Anti-Money Laundering) efforts. Not all clients or transactions pose the same level of risk, which is why a risk-based approach is so effective. This method allows you to focus resources where they’re most needed - applying stricter scrutiny to high-risk scenarios while simplifying procedures for lower-risk cases. This step is essential for meeting AML compliance requirements and sets the foundation for implementing targeted due diligence measures.
Identifying High-Risk Transactions and Clients
Spotting high-risk transactions and clients begins with identifying key warning signs. Geography often plays a critical role - transactions linked to countries with weak AML controls or high corruption levels require extra attention. Similarly, deals involving politically exposed persons (PEPs) or high-ranking foreign officials should trigger Enhanced Due Diligence (EDD). Other red flags include the use of shell companies, trusts, or layered corporate structures that obscure the true beneficial owner[3][4].
Transaction patterns can also reveal elevated risk. For instance, properties sold at prices far above or below market value without clear justification might indicate price manipulation. Large cash payments, especially those exceeding $300,000 in U.S. cities covered by FinCEN Geographic Targeting Orders, demand further scrutiny[4]. Additional red flags include rapid property flipping, complex financing arrangements with offshore entities, and clients unwilling to provide proper identification or documentation for their funds[3][4].
Real-world cases highlight the importance of recognizing these signals. In 2018, Paul Manafort laundered millions through real estate by using shell companies to hide ownership[3]. More recently, in December 2024, the UK Financial Conduct Authority secured convictions against WealthTek after illicit funds totaling £806,500 and £3.9 million were funneled through property purchases. These cases underscore how failures to verify sources of funds and beneficial ownership can lead to substantial legal and reputational risks[4].
Developing a Risk-Based Approach
A one-size-fits-all approach doesn’t work for AML compliance. Instead, segment clients into low, medium, and high-risk categories to tailor your due diligence efforts. For low-risk clients, standard Customer Due Diligence (CDD) may be sufficient, involving basic identity and address verification. However, high-risk scenarios call for Enhanced Due Diligence (EDD), which digs deeper into the source of wealth, checks media for negative coverage, and identifies ultimate beneficial owners[3][4].
For high-risk cases, additional steps are critical. These include verifying funding sources, screening clients against PEP and sanctions lists, and assigning a Money Laundering Reporting Officer (MLRO) to oversee AML systems[4][5]. While compliance costs can range from $15,589 to $23,384 annually per entity[6], investing in these measures is crucial to safeguarding your business from financial crime and regulatory penalties.
Customer Due Diligence (CDD) and KYC Requirements
A strong foundation of documentation is essential for effective Customer Due Diligence (CDD) and Know Your Customer (KYC) processes. Together, these procedures form the core of your AML (Anti-Money Laundering) compliance efforts. They go far beyond simply meeting regulatory requirements - they serve as your primary defense against financial crimes. This is especially critical, considering that over $2.6 billion has been laundered through U.S. commercial real estate over the past two decades [9].
Required Documentation for CDD
The type of documentation you need depends on whether you're dealing with individual investors or business entities.
For individual investors, focus on the following:
- A government-issued photo ID
- Proof of residential address
- Date of birth
- Tax Identification Number (TIN) or Social Security Number (SSN)
To further prevent impersonation, consider biometric verification methods like a liveness selfie [10].
For business entities, the requirements are more complex. In addition to basic identification, collect:
- Company incorporation documents
- Business registration records
- Ownership structure charts
- Details about the nature of the business and its revenue model
You'll also need Beneficial Ownership Information (BOI) for anyone owning 25% or more of the entity. For each Ultimate Beneficial Owner (UBO), gather their legal name, date of birth, residential address, and a unique identifier, such as a TIN [8].
If you're handling trust transactions, ensure you document the settlor, trustee, beneficiaries, trust title, execution date, and the source of funds. Under the FinCEN Real Estate Report guidelines (effective March 1, 2026), verify the "signing individual" - the person authorized to act on behalf of the transferee entity or trust - by collecting their name, address, and TIN [8].
Additionally, keep detailed records of the transaction itself. This includes the total purchase price, payment methods, and the accounts and financial institutions involved in transferring funds. Such documentation creates a clear audit trail. Finally, screen all clients and UBOs against OFAC sanctions lists, Politically Exposed Persons (PEP) databases, and adverse media sources to identify potential risks early on.
Enhanced Due Diligence (EDD) for High-Risk Clients
When dealing with high-risk clients - such as PEPs, individuals from high-risk jurisdictions, or those using complex offshore structures - standard CDD measures aren't enough. Enhanced Due Diligence (EDD) requires a deeper dive into the client's background. This includes conducting thorough background checks, in-person or video interviews, and collecting additional documents like tax filings, utility bills, and financial records to verify both Source of Funds (SoF) and Source of Wealth (SoW).
Understanding the difference between SoF and SoW is crucial. SoF focuses on the immediate origin of funds for a specific transaction, which might involve reviewing bank statements or sale contracts. SoW, on the other hand, investigates how the client accumulated their overall wealth over time, often requiring records such as inheritance documents, tax returns, or evidence from business sales [11].
To go even further, use Open-Source Intelligence (OSINT) to explore beyond standard databases. This involves analyzing the deep web, news archives, and even social media to uncover potential hidden risks. Implement ongoing monitoring with rule-based alerts to detect unusual transaction patterns and reassess the client's AML controls regularly. The stakes are high - civil penalties for willful AML violations can reach the greater of $278,937 or the total transaction amount, while criminal violations can result in fines up to $250,000 and up to five years in prison [8].
Transaction Monitoring and Reporting
After establishing strong CDD and EDD processes, the next step is ongoing transaction monitoring. This isn’t a one-and-done task - it’s a continuous effort to track client activities and detect suspicious patterns before they lead to regulatory violations. With money laundering posing a persistent global threat, this vigilance forms the backbone of the best practices outlined below.
Transaction Monitoring Best Practices
To create an effective monitoring system, start by defining clear thresholds and parameters. These thresholds should cover transaction size, frequency, and geographic locations to help identify high-risk activities. For instance, transactions that are unusually large, happen in quick succession, or involve high-risk jurisdictions should raise red flags.
Automated systems are key to handling large transaction volumes while minimizing false positives. Recent enforcement actions have highlighted the importance of real-time, automated monitoring tools. Regularly updating thresholds based on historical data and new trends ensures the system stays relevant. A risk-based approach is essential - focus resources on higher-risk profiles, such as cross-border transactions or shell companies, while streamlining processes for lower-risk customers[12][13].
Suspicious Activity Reporting (SAR) Guidelines
Once suspicious transactions are flagged, timely and accurate reporting becomes critical. Under the updated FinCEN rule, certain real estate professionals now need to file "Real Estate Reports", a specialized type of Suspicious Activity Report tailored for the industry. FinCEN projects that 800,000 to 850,000 transactions annually will require these reports[15].
The reporting process follows a specific hierarchy. It starts with the settlement agent listed on the settlement statement, followed by the person who prepared the statement, the individual filing the deed, the title insurance issuer, the largest funds disburser, the title examiner, and finally, the person preparing the deed[15][2]. Organizations can also use a Written Designation Agreement to assign one person within this hierarchy as the responsible party for a transaction[15][14][1].
Reports must be submitted by the last day of the month following the closing month, or within 30 days after the closing - whichever comes later[15][14][1]. A Real Estate Report can include up to 111 data fields, though most transactions require completing 40–60 fields[15]. Before submission, a mandatory quality assurance review ensures the report narratives are clear and actionable for law enforcement[13]. In 2022, FinCEN received over 3.6 million SARs, emphasizing the need for accurate and precise reporting[13].
Non-compliance carries steep penalties. Civil penalties for negligence are approximately $1,400 per violation, while willful violations can result in fines up to $250,000 and a five-year prison sentence[15][1]. Repeated negligence can lead to penalties as high as $108,489[15][1].
Documentation and Recordkeeping Standards
Accurate and thorough recordkeeping is a cornerstone of AML compliance, just like risk assessment and due diligence. To meet audit requirements, maintaining well-organized records is non-negotiable. The FinCEN Real Estate Reporting Rule, effective March 1, 2026 [15], outlines specific retention requirements.
Retention Requirements for AML Records
All AML compliance documents - such as Written Designation Agreements, beneficial ownership certifications, and due diligence records - must be kept for five years from the date of signing [15]. These records should include comprehensive transaction details, such as:
- Property addresses and legal descriptions
- Closing dates and purchase prices
- Payment methods and the institutions involved
For beneficial owners (those holding 25% or more ownership or substantial control), additional information must be retained, including their full legal names, dates of birth, residential addresses, citizenship, and Taxpayer Identification Numbers.
"The Reporting Person and each party to an agreement designating a Reporting Person must retain a copy of said agreement, as well as a copy of any beneficial ownership certification form provided to the Reporting Person for five years from the date of signing." - McDermott Will & Emery [17]
Failing to comply with these requirements can lead to severe consequences. Civil penalties for negligent recordkeeping violations start at approximately $1,394 per violation, while willful violations may result in fines up to $250,000 and up to five years of imprisonment [15][16].
Organizing and Securing Compliance Records
Sensitive data, such as Taxpayer Identification Numbers and dates of birth, should never be stored in email systems [15]. Instead, use encrypted, centralized compliance software that ensures data security, provides an audit trail, and protects against unauthorized access. This is especially critical given the estimated 800,000–850,000 transactions annually now subject to these stringent recordkeeping standards.
To ensure consistency, standardize documentation protocols for all transactions. When multiple professionals are involved in a closing, establish clear Written Designation Agreements upfront to prevent duplicate filings or compliance gaps [15][16]. Additionally, conducting annual internal audits can help identify weaknesses in documentation practices and improve the overall effectiveness of your compliance systems. This structured approach to recordkeeping forms a solid foundation for broader AML compliance efforts.
Using Technology and Tools for AML Compliance
Relying on manual spreadsheets and emails just doesn't cut it anymore - especially with the sheer volume of transactions required under the FinCEN Rule. Today’s AML compliance demands real-time monitoring, automated sanctions screening, and centralized case management. The right technology can slash compliance costs by up to 50% [18], safeguard your reputation, and build trust with regulators. Tools like CoreCast have become essential for tackling these challenges.
Using CoreCast for Transaction Monitoring
CoreCast, a real estate intelligence platform from The Fractional Analyst, helps CRE professionals shift from reactive to proactive compliance strategies. The platform continuously monitors transactions, flagging unusual activities like sudden large transfers or complex fund layering. By taking a risk-based approach, it categorizes clients into low, medium, or high-risk tiers, so you can focus Enhanced Due Diligence (EDD) efforts where they’ll have the most impact [19][20].
One standout feature is its relationship mapping, which identifies hidden links to high-risk individuals or sanctioned entities [19]. For high-net-worth investors, CoreCast goes a step further, verifying source-of-wealth through authenticated profiles - helping you meet stricter scrutiny requirements. Regularly fine-tuning monitoring thresholds based on emerging risks and historical data helps reduce false positives, keeping your team focused on actual threats [21][13]. Plus, CoreCast integrates seamlessly with your existing AML processes, reinforcing earlier risk assessments and recordkeeping practices.
Improving Investor Reporting with Automated Tools
Transaction monitoring is just one piece of the puzzle. Automated investor reporting is another crucial component of a strong compliance framework. Clear and accurate communication with investors not only builds trust but also simplifies audit compliance. Tools from The Fractional Analyst automate data aggregation, ensuring consistent and error-free reporting for both investors and lenders. This automation eliminates manual errors and creates the kind of transparent audit trail regulators expect.
Conclusion
AML compliance is not just a regulatory requirement - it’s a safeguard for your business and a way to build trust with investors. With the FinCEN rule taking full effect on March 1, 2026, an estimated 800,000 to 850,000 transactions annually will demand detailed reporting [15]. Civil penalties for violations start at about $1,400, but deliberate breaches can escalate to $250,000 in fines and up to five years in prison [15][8].
To stay compliant, focus on the essentials: risk assessments, due diligence, monitoring, and thorough recordkeeping. These steps form your frontline defense. Compliance isn’t a one-time task - it requires regular updates to audits and processes to keep up with changing regulations [7][4]. Always verify the beneficial owners for property purchases involving corporations or trusts, and maintain clear, accurate reporting systems [15][8]. By integrating these elements into your operations, you ensure a proactive approach that meets industry expectations.
"FinCEN's goal is simple: make it harder for bad actors to hide behind anonymous entities and easier for legitimate professionals to help protect the integrity of the market." - Monaco Cooper Lamme & Carr, PLLC [15]
Technology is a powerful ally in this effort. Tools like CoreCast from The Fractional Analyst automate key tasks such as transaction monitoring, sanctions screening, and investor reporting. This reduces human error and simplifies compliance processes. With global real estate money laundering estimated at $1.6 trillion annually [7], adopting a proactive compliance strategy isn’t just essential - it’s a smart way to stay competitive in an increasingly scrutinized industry.
FAQs
Does the March 1, 2026, FinCEN rule apply to commercial real estate deals?
Yes, the March 1, 2026, FinCEN rule applies to specific non-financed residential real estate transfers that involve entities or trusts. In some cases, it may also cover commercial real estate transactions if they meet the outlined reporting criteria. It's important to carefully review the rule’s details to see if your transaction falls under these requirements.
Who is responsible for filing the Real Estate Report on a transaction?
Certain professionals handling residential real estate closings and settlements are tasked with filing the Real Estate Report. Under FinCEN's final rule, which takes effect on March 1, 2026, these individuals must electronically submit reports and keep records to meet anti-money laundering (AML) requirements.
What’s the simplest way to collect and verify beneficial ownership for entities and trusts?
To simplify the process, consider using a straightforward reporting system to collect detailed disclosures. Make sure to identify the legal entity or trust involved, as well as its direct and indirect beneficial owners, as outlined by FinCEN's AML regulations. This method ensures compliance standards are met effectively while keeping the information accurate.