Each year, the Federal Financial Institutions Examination Council (FFIEC) updates its guidance on complying with the Home Mortgage Disclosure Act (HMDA)—with a little nudge in the title: “A Guide to HMDA Reporting: Getting It Right!” So, are you getting it right?
Getting it wrong carries consequences. In 2017 and 2019, for example, the Consumer Financial Protection Bureau (CFPB or bureau) levied penalties of $1.75 million each on two major mortgage companies for inaccuracies in data they’d submitted in prior years. It’s worth noting that, at the time the errors in question were made, it was actually easier to get it right. Soon after, in 2018, the data elements required in HMDA reports shot up from 39 to 110 (140, really, if you count logic fields).
Now, with the Biden administration and regulators focused on fair lending, it has become even more critical that lenders accurately report application data on the Loan Application Register (LAR). Officials use HMDA data to see how well lenders are serving communities’ housing needs, whether public sector funds are catalyzing community investments, and when lending patterns are potentially discriminatory. In compliance terms, HMDA data manifests adherence to fair lending rules and requirements. We have yet to see the results of examinations that occurred last year, but the consequences for getting HMDA wrong could be severe.
Background: Serial Changes
HMDA, originally enacted in 1975 and implemented by Regulation C, requires non-exempt financial institutions to maintain, report, and publicly disclose detailed information about mortgage applications. The bureau uses this information to understand what happened with the vast majority of mortgage applications and to compare the data from year to year to identify lending trends.
Following the mortgage crisis of 2007-2008, the bureau issued a final rule amending Regulation C in order to implement Dodd-Frank Reform Act amendments. The 2015 HMDA Final Rule established new transactional thresholds to determine whether a financial institution is required to collect and report data on open-end lines of credit or closed-end mortgage loans, implemented new data points specified in Dodd-Frank, added more data points using the bureau’s Dodd-Frank authority, and made revisions to preexisting data points, among other changes. The bureau further amended Regulation C in its August 2017 HMDA Final Rule to temporarily increase the threshold for open-end lines of credit to 500 applications for calendar years 2018 and 2019 and make other clarifications and changes. Additionally, the CFPB issued final rules amending Regulation C in October 2019 and April 2020.
These changes increased the amount and complexity of the data elements lenders have to report. While lenders were provided ample time to prepare for the changes, most were reliant on industry vendors to update the loan origination systems (LOS) they use. Consequently, lenders were sometimes forced to delay their implementation plans until just prior to the deadline. Some are still not aware of pitfalls in many vendors’ LOS updates. One example is a HMDA screen needing manual intervention to ensure data that exists elsewhere in the system is accurately reported to the electronically-generated LAR.
HMDA Exams Focus on Transaction Testing
There are multiple types of regulatory examinations that may include HMDA. These include state examinations, fair lending examinations, compliance management systems (CMS) examinations, and HMDA examinations, among others. All regulatory agencies focus on compliance with HMDA. CMS components, including effective change management, risk management, policies, procedures, and training, all play a vital role in ensuring that HMDA data is reported timely and accurately—as do internal audit programs.
The main component of a HMDA examination is transaction testing, although exams can also include reviews of policies, procedures, training, and data retention. Results of transaction testing may prompt an examiner to require that changes be made to the CMS in order to prevent future errors. Data reported on the LAR is verified with the source loan document files. Transaction testing error thresholds are small, often requiring resubmission for errors found in single data fields. Examiners may examine all data fields or only those deemed a priority. Note these may or may not be the key data fields defined in HMDA guidance.
Table 1 below shows the initial sample sizes and total samples sizes in accordance with the size of the LAR filed by the lender. Note the resubmission thresholds.
Table 1: HMDA Transaction Testing Sample Sizes and Thresholds[i]
# | A | B | C | D1 | D2 |
Applications | Total Sample Size | Initial Sample Size | Initial Sample Threshold (errors in 1 data field) | Resubmission Threshold (errors in 1 data field) # | Resubmission Threshold (errors in 1 data field) % |
25-50 | 30 | 15 | 2 | 3 | 10.0% |
51-100 | 30 | 20 | 2 | 3 | 10.0% |
101-130 | 47 | 29 | 2 | 3 | 6.4% |
131-190 | 56 | 29 | 2 | 3 | 5.4% |
191-500 | 59 | 30 | 2 | 3 | 5.1% |
501-100,000 | 79 | 35 | 2 | 4 | 5.1% |
100,001+ | 159 | 61 | 2 | 4 | 2.5% |
Source: CFPB
If the HMDA LAR for which the lender is being examined was over 100,000 records (all qualifying applications taken in that year), the examiner would select a sample size of 159. If a single data field had over two errors in the initial 61 records, the examiner would test the remaining 98 records. If no other errors were found, resubmission would not be required. If additional errors were found, the lender would be directed to correct the data field for all records and resubmit the data.
Data fields for applicant or borrower ethnicity and race are provided as an example in the Filing Instructions Guide (FIG) and are calculated according to Table 2 below.
Table 2: Sample Calculation of Error Rates for Applicant or Borrower Race
FIG Applicant or Borrower Race: 1 field | FIG Applicant or Borrower Race: 2 field | Race of Applicant or Borrower Data Field Group | |
Loan #1 | Error (Initial Sample) | 1 | |
Loan #2 | Error (Initial Sample) | 1 | |
Loan #3 | Error (Remaining Sample) | 1 | |
Loan #4 | Error (Remaining Sample) | Error (Remaining Sample) | 1 |
Total Errors | 4 |
Source: CFPB
What Is Going Wrong?
Some financial institutions are still not getting it right. Regulators are examining and requiring lenders to improve their CMS, correct their LARs, and resubmit data. Beyond the potential cost of civil money penalties, the cost of remediation can be high.
Violations that continue to plague filers include the following:
- Action taken – “Application withdrawn by applicant” continues to be incorrectly reported. The regulation is clear that this action taken should only be used if the application is “expressly withdrawn by the applicant before the financial institution makes a credit decision denying the application, before the financial institution makes a credit decision approving the application, or before the file is closed for incompleteness. Failure to have documentation in the file that states the borrower’s wish to withdraw can be deemed a violation.
The competitive 2021-2022 housing market made the situation more complex, particularly when buyers submit an application for a mortgage loan to purchase a home but find they must provide a cash offer in order to be considered by the seller. The buyer then obtains cash from other sources, purchases the home and seeks to recoup the cash through the existing mortgage application. Of course, the application’s purpose is no longer to purchase the property but to refinance it. If the existing application is to be dispositioned as “withdrawn,” the credit decision must not have been yet made and there should be documentation from the borrower affirmatively requesting to withdraw.
- Applications with multiple properties—While there are some data fields where only one of the multiple properties should be reported, most data fields such as loan amount, property value, and units should be reported in the aggregate.
- Failure to report certain transactions—Some lenders fail to report purchases or do not have enough data from selling entities to report the data accurately. Some fail to report applications because multiple parties were involved in originating the loan. If the lender makes the credit decision, the application is reportable. It is also critical to understand whether the lender has a preapproval program as defined by HMDA or if it merely accommodates applicants with a prequalification. Prequalifications are not reportable.
- Loan purpose (cash-out refinancing v. refinancing)—It is important lenders have a documented policy regarding what dollar amount at closing constitutes a cash-out refinancing purpose. Commercial applicants, business purpose loans, and mixed purpose loans continue to cause errors. Determining whether the loan is for a business purpose and whether it is reportable or not adds to the confusion. Each scenario must be evaluated carefully, and CFPB and industry guidance sought when in doubt.
- Failure to recognize the limitations of HMDA filing tools—Industry tools used to identify validity and quality checks, along with filing the LAR, are invaluable. However, they are limited to checking data for logical errors or mistakes that may need validation, such as a conventional loan whose amount is greater than published and approved loan limits. These tools do not alert filers to errors that may exist between the data on the LAR and the data located in the loan or application files. Getting the data right means more than relying on these data checking tools.
Best Practices for Getting It Right
The next deadline looming for annual filers is March 1, 2023, for applications and purchases received for 2022. For quarterly filers, the next deadlines are August 29, 2022 for quarter 2, November 29, 2022 for quarter 3, and March 1, 2023 for quarter 4 (part of annual filing). The Supplemental Guide for Annual Filers is available at s3.amazonaws.com/cfpb-hmda-public/prod/ help/supplemental-guide-for-quarterly-filers-for-2022.pdf.
Staffing and Training
It is important to have enough HMDA staff to support the size of the LAR. There should be dedicated HMDA staff to test, scrub, correct, and file the LAR. Training, a critical part of any CMS, should be provided to all originations staff, HMDA staff, compliance staff, and internal audit. It should be provided regularly (at least annually).
Scrubbing
Prior to filing the 2018 LAR, for example, most lenders, if possible, did a 100% scrub (correction of the LAR data to match origination documents). Many did this monthly or quarterly after a selected date when they thought most data fields had been corrected, if necessary, post-closing. Many built rules engines or additional systemic controls around ensuring that data was posted accurately to the LOS throughout the origination process.
In their 2022 LARs, filers should consider data scrubbing of selected populations or data fields based on transaction testing results. System releases that impact HMDA data should be reviewed and tested carefully to ensure accuracy of LAR data. Small filers may consider scrubbing their entire LARs to avoid data violations. Larger, quarterly files should consider monthly or quarterly scrubbing.
Testing
HMDA testing should be conducted in all three lines of defense: business units, compliance/risk management departments, and audit teams. As testing programs evolve, risk-based testing should be considered to test for high-risk data elements. Errors and omissions testing should also be conducted to ensure that all reportable applications are reported (testing for omissions) and that non-reportable applications are not reported (testing for errors).
Reporting
HMDA testing should be reported throughout the lines of defense and include reporting to the board. Ensure the LAR is submitted timely (i.e., by March 1stof the following calendar year).
Controls
Adding controls, whether manual, semi-automatic, or system controls based upon the results of scrubbing and testing, is critical to ensuring future HMDA data integrity. Controls implemented as part of remediation efforts should be holistic and sustainable. They should be validated and tested for a period of time after implementation.
Conclusion
Complying with HMDA can be complex. Managing the risks associated with incorrect reporting should be an enterprise-wide initiative including all three lines of defense, executive management and the board. Getting it right means right sizing, right training, right testing, right scrubbing, right reporting and right controls. Good luck with 2022 data.
[i] CFPB Supervision and Examination Manual HMDA Exam Procedures 2021-12