Home Mortgage Disclosure Act: Getting It Right with New Rules | Wolters Kluwer
  • Insights

  • Home Mortgage Disclosure Act: Getting It Right with New Rules

    Amy Downey

    Amy Downey, JD, U.S. Banking and Regulatory Expert, Risk & Compliance

    Published November 01, 2016

    Since the final, new data collection rules for the Home Mortgage Disclosure Act were announced in the fall of 2015, much has been written broadly about the contents of the rule and the implications once the rules go into effect January 1, 2018. However, comparatively little has been provided in terms of the decisions that financial institutions need to consider now in order to ready their program over the next year. In my work with lenders—many who are fully in the midst of creating their implementation plans—I see firsthand the benefits of early preparation and organizational coordination. This article provides guidance to move you to the next phase of your HMDA 2018 implementation plan—creating policy decisions.

    HMDA: Origins and Evolution

    First, a little context is helpful. Enacted by Congress in 1975, the Home Mortgage Disclosure Act (“HMDA”) embodies a financial institution’s lending performance, highlights its operational capability to accurately collect a string of data points, and provides regulatory bodies a mechanism to measure an institution’s compliance capabilities. HMDA is the recordkeeping and reporting mechanism of the Fair Housing Act (FHA) and Equal Credit Opportunity Act (ECOA). Its purpose is:

    1. To help determine whether financial institutions are serving the housing needs of the communities and neighborhoods in which they are located
    2. To assist public officials in determining the neighborhoods that would benefit from public and private investments, and
    3. To assist in identifying possible discriminatory lending patterns and enforcing anti-discrimination laws.[1]

    While HMDA and its reporting requirements have been around since the 1970’s, recent changes implemented by the Dodd-Frank Act have everyone yearning for simpler times. Effective January 1, 2018, lenders will be required to collect information for 25 completely new data points. While the total number of HMDA fields is often cited as 48, in reality the total possible number of required data points on any one record can be up to 110. The large difference in numbers is dependent on the type of loan, the number of borrowers, and how they answer certain questions. This distinction is important when building a data collection and monitoring program that meets examination expectations, which will be discussed further below.

    All of the data points—whether existing, modified, or new—can be grouped into four broad categories:[2]

    1. Information about applicants, borrowers, and the underwriting process, such as age, credit score, debt-to-income ratio, and automated underwriting system results
    2. Information about the features of the loan, such as additional pricing information, loan term, interest rate, introductory rate period, non-amortizing features, and the type of loan
    3. Information about the property securing the loan, such as construction method, property value, and additional information about manufactured and multifamily housing, and
    4. Certain unique identifiers, such as a universal loan identifier, property address, loan originator identifier, and a legal entity identifier for the financial institution.

    The Dodd-Frank changes to HMDA will increase the total number of lenders reporting information, as well as the type of information reported. The mere breadth and depth of the new data has grown exponentially. HMDA version 2018 includes applications, originations and purchases of consumer closed-end and open-end lines of credit secured by a dwelling for personal, family or household purposes. These consumer-based applications are reportable, regardless of the purpose of the loan, meaning that even if the loan is not for home purchase, home improvement or refinance, the loan may nevertheless be reportable as “Other.”& Business or commercial loans have both the loan purpose test and the dwelling secured test. Business or commercial purpose loans and lines of credit are reportable only if the purpose of the loan is for home purchase, home improvement, or refinance and the loan is secured by a dwelling.

    A dwelling is a residential structure, whether or not attached to real property and includes, but is not limited to, a detached home, an individual condominium or cooperative unit, a manufactured home or other factory-built home, or a multifamily residential structure or community.[3]

    The expanded definitions reach beyond the established mortgage lending procedures that most institutions have established. The new HMDA path winds through consumer lending, which is often performed on a decentralized basis at the branch level, and into the non-consumer center of commercial lending. Thus, the ability to properly collect the expanded data set has now spread beyond the compliance department and requires careful coordination across the entire organization.

    Understanding the Expectations

    According to the CFPB Supervision and Examination manual, “However compliance is managed, a provider of consumer financial products or services under the CFPB’s supervisory purview is expected to comply with Federal consumer financial laws and appropriately address and prevent violations of law and associated harms to consumers through its compliance management process.”[4] Examination procedures are a great checklist for building your organization’s HMDA implementation plan. According to the HMDA examination procedures, the CFPB will look at the following nine areas to assess your program:[5]

    1. Policies and procedures as well as training are adequate, on an ongoing basis, to ensure compliance with the Home Mortgage Disclosure Act and Regulation C
    2. Internal review procedures and audit schedules comprehensively cover all of the pertinent regulatory requirements associated with HMDA and Regulation C
    3. The audits or internal analysis performed include a reasonable amount of transactional analysis, written reports that detail findings, and recommendations for corrective actions
    4. Internal reviews include any regulatory changes that may have occurred since the prior examination
    5. The financial institution has assigned one or more individuals responsibility for oversight, data update, and data entry, along with timeliness of the financial institution’s data submission. Also determine whether the Board of Directors is informed of the results of all analyses
    6. The individuals who have been assigned responsibility for data entry receive appropriate training in the completion of the HMDA loan application register (LAR) and receive copies of Regulation C, Instructions for Completion of the HMDA-LAR (Appendix A), the Staff Commentary to Regulation C, and the FFIEC’s “Guide to HMDA Reporting: Getting it Right!” in a timely manner.

      Author’s Note: Appendix A is being removed under the HMDA Dodd-Frank amendments. The contents of Appendix A have been moved to the regulation text and commentary. Additionally, at this time the FFIEC’s “Guide to HMDA Reporting: Getting it Right!” has not been updated for the 2018 changes. Thus, the above language in Item #6 should be read as the final rule and documentation published by the CFPB.

    7. The institution has ensured effective corrective action in response to previously identified deficiencies
    8. The financial institution performs HMDA-LAR volume analysis from year-to-year to detect increases or decreases in activity for possible omissions of data, and
    9. The financial institution maintains documentation for those loans it packages and sells to other institutions.

    Regulators review a financial institution’s system for maintaining compliance with HMDA and Regulation C, and the above objectives, by reviewing policies and procedures along with any applicable audit and compliance program materials. Compliance can only be achieved through a strong Compliance Management System (“CMS”), which is the framework for not only establishing but demonstrating compliance. In a nutshell, a CMS (figure 1) shows:

    • How a supervised entity establishes its compliance responsibilities
    • Communicates those responsibilities to employees
    • Ensures that responsibilities for meeting legal requirements and internal policies are incorporated into business processes
    • Reviews operations to ensure responsibilities are carried out and legal requirements are met
    • Takes corrective action, and
    • Updates tools, systems, and materials, as necessary.

    figure 1

    Building Your HMDA Program

    We are about one year away from the kickoff of HMDA version 2018. A general understanding of the law and the field modifications should be complete, and your HMDA governance and implementation committee activities well underway. Here are some guidelines to keep in mind as your team moves forward and implements updated policy and procedures, completes staff trainings, and checks and readjusts the program over the next year.

    A CMS establishes responsibility: Those making the loans – the line of business – have responsibility for the risk associated with data integrity.

    Policy, Policy, Policy: More than ever before, HMDA 2018 will require carefully thought-out and documented policies. Each line of business makes different types of loans under different requirements. It is possible that each business line may need its own policy and procedures, and training requirements. The nuances found within HMDA 2018, and in particular the staff commentary, will lead examiners to review and understand each lending institution’s policy and procedures. Some examples include:

    • Appendix B to Part 1003 subparagraph (9)(iii) outlines one of the collection rules for the race, sex and ethnicity fields. Understanding how to present and aggregate the data provided by the borrower(s) will be important. The instructions require that you report every aggregate race category selected by the applicant and, if one or more race subcategories are selected, you must report each subcategory selected except you must not report more than a total of five entries. If the borrower(s) selected more than five answers, there is a hierarchy. Aggregate fields are entered first. If the borrower(s) selected less than five aggregate categories, the remaining race fields—up to five in total—are filled in with the subcategory selections. If the borrower(s) filled in more than five selections, your policy dictates which of the additional subcategories are reported. A well thought-out policy will consider how to systematically achieve consistency and avoid inferences of discrimination.
    • Commentary paragraph 4(a)(23) outlines scenarios for how to report the debt-to-income ratio. This is a single field for each reported record. The borrower’s total monthly debt to total monthly income that was “relied on” in making the credit decision is reported. The documented “relied on” ratio that is reported is fact-dependent on whether it was calculated based on your requirements or an investors’, and which one was ultimately used to make the credit decision.
    • Many fields are reported as N/A if the loan is a business or commercial purpose loan and the borrower is not a natural person. Including rules in your data management system will help with data integrity. However, you should allow flexibility in case the borrower on the loan is a natural person, in which case additional reportable fields are required. If your lending includes this scenario, ensure you have forms and/or system capability to capture the fields when needed.
    • An understanding of the definition of specific words and the fact-specific scenarios in the commentary will be crucial to data accuracy. Additionally, in many cases, achieving compliance will go beyond merely establishing how data is collected. Instead, determining the final reportable answer will often be a combination of the data, loan documentation, and policy. For example, a refinancing is defined as “a closed-end mortgage loan or an open-end line of credit in which a new, dwelling-secured debt obligation satisfies and replaces an existing, dwelling-secured debt obligation by the same borrower.”[6] And how that refinancing is reported is dependent on scenarios. For example:
      • For refinancings involving more than one borrower, if one of the original borrowers is a borrower on the new obligation, the application/origination meets the “same borrower” requirement for “Refinancing” and “Cash-out refinancing”[7]
      • If a lender is “unconditionally obligated to refinance the obligation subject to conditions within the borrower’s control,” the application/origination is not a refinancing. Report the application/origination as “Other purpose”[8]
      • If a lender does not have a separate product for cash-out refinancings (for example, origination fees and/or interest rates that are different for refinancings that are not a cash-out), then that lender’s refinancings are all “Refinancings” even though there may be cash-out. Note also that even when lenders do have a separate cash-out refinancing product, those lenders often set thresholds for the amount of cash-out required, before the lender considers the application/origination a cash-out refinancing.[9]

    Identification and Assessment of risks: The complexity of the expanded data set and the tight interplay between business practice and written policy will require that the line of business and compliance department work together to identify the risks for accurate collection and submission. A HMDA process flow will highlight interdependencies and gaps in current processes. Each line of business subject to HMDA reporting should be involved in the collection and initial accuracy of the data. The line of business best understands how the data is collected (e.g. was a different interest rate charged because the borrower indicated cash back?) and how the documentation of that data will affect the accuracy of the data submitted.

    To achieve HMDA data accuracy, you should consider collecting additional data points that can validate the reportable fields. For example:

    • Age is to be reported in whole years, based on the date of application. Bringing in the date of birth of the borrower(s) will allow a comparison of the year in the date of birth to the year in the application date to ensure that the reported age is accurate.
    • Adding Method of Application (by phone, face-to-face, or by mail) allows a comparison to the reported race, sex and ethnicity to ensure that “information not provided” is not reported if the Method of Application equals face-to-face.
    • Sex includes option 6 - Applicant selected both male and female. Initially the borrower(s) selection of male and female will be collected in your system. These initial selections should be saved in order to validate the code 6 in the submission file.

    The ability to analyze pre-Dodd Frank and post-Dodd Frank HMDA files will also require the careful selection of additional data points. Some of the HMDA 2018 modified fields do not line up one-to-one with their predecessors—and systematically, on their own, will not facilitate a straight data conversion. Using Occupancy Type as an example, the previous code of 2—non-owner occupied—could translate to either a HMDA 2018 code of 2 or 3, depending on other characteristics of the loan. Additional information will be needed in order to merge and analyze records from the two data sets.

    figure 2

    Monitoring and Corrective Action

    Everyone in the organization must be aligned to help control and prevent HMDA collection and reporting glitches. To do so requires that the three lines of defense collaborate and ensure that the organization—bottom to the top—fully understands the HMDA changes. Your institution should have a broad understanding of the regulatory requirements so everyone can relate to and comply with the policies and procedures. This foundation will enable staff to better absorb the ongoing training sessions and to ask thoughtful questions--especially when well-established procedures from the past have changed (e.g., loan purpose reporting).

    Once this groundwork is laid, monitoring of the collected data for accuracy to the stated policy and procedures will highlight where additional training or amendments are needed to fine-tune the program, i.e. based on the continual circular pattern of the CMS framework (Figure 1). Your documented implementation plan should be tested through ongoing verification, reporting to goal and corrective action. These actions show that the change management process to implement the HMDA changes was thorough and solid.

    The decisions your financial institution makes now about which fields to collect—and how to monitor and analyze them—will set the foundation for your HMDA program for years to come. Those organizations that establish close collaboration between their lines of business, along with the compliance and audit departments, will be better prepared to absorb these changes into daily operational processes. In the end, a well-documented, policy-based HMDA program will allow you to confidently exclaim “Yes, we are in control of HMDA!”


    Amy Downey, JD, is a U.S. banking and regulatory expert at Wolters Kluwer. She uses her knowledge and experience as a former banker, corporate counsel, compliance manager, operations manager and consultant to help financial organizations implement programs and technology to support strong risk management practices and improved operational processes. She regularly helps financial institutions develop programs to minimize inherent risks related to fraud, predatory lending, fair lending, and HMDA and CRA requirements. Reach her at Amy.Downey@WoltersKluwer.com.

    [1]12 CFR 1003.1(b)

    [2]Summary of Final Rule I.B., Consumer Financial Protection Bureau.

    [3]12 CFR § 1003.2(f).

    [4] CFPB Examination and Supervisory Manual 2.0, page 34.

    [5]CFPB Examination and Supervisory Manual 2.0, HMDA Examination Procedures, page 324.

    [6]12 CFR §1003.2(p).

    [7]12 CFR Part 1003 Supplement No. I—Staff Commentary; Section 1003.2, Paragraph 2(p)-4.

    [8]12 CFR Part 1003 Supplement No. I—Staff Commentary; Section 1003.4, Paragraph 4(a)(3)-4.

    [9]12 CFR Part 1003 Supplement No. I—Staff Commentary; Section 1003.4, Paragraph 4(a)(3)-2.

  • Please take a moment and tell us what you think of our content.