Some context: I'm a compliance officer at a NBFI (online lender) based in the U.S. All our borrowers are based in the U.S. Periodically, we have third parties paying off our borrowers' loans and these payoffs are overwhelmingly U.S. based. Our company uses a regulated bank for all its transactions, so all the wires associated with these loan payoffs are managed/performed through that regulated bank. We're not concerned with the payoffs from other regulated banks, as these are typically just your standard loan refi. However, sometimes we receive payments from non-bank third parties to payoff a borrower's loan. These non-bank third parties may be an individual, difficult to identify, are not reasonably connected to the borrower, etc.
Questions:
1. Are we required by OFAC or any other regulatory framework to do sanction screening or perform KYC (e.g. receive and verify ID) on these non-bank third parties PRIOR to accepting their payoffs?
2. If so, what is the regulation, guidance, etc?
3. If my company does accept a payment from a non-bank third party and that party happens to be on a sanction list, what is my company's liability?
I can't find any guidance from the BSA/AML Exam Manual and this is probably not a Foreign Corrupt Practices Act issue. Thanks for the help!