Banking Exchange Magazine Logo

Uncovering expanded HMDA’s 5 hidden risks

2018 implementation date demands careful planning—and execution

  • |
  • Written by  Amy Downey, Wolters Kluwer Financial Services
  • |
  • Comments:   DISQUS_COMMENTS
Uncovering expanded HMDA’s 5 hidden risks

Two things are certain about the now-finalized Home Mortgage Disclosure Act changes:

• Change is inevitable.

• The Consumer Financial Protection Bureau views the expansion of required HMDA data collection fields as necessary to better understand the lending practices of financial institutions.

Once again, financial institutions face a monumental change to their operational processes and compliance programs. With new TILA-RESPA Integrated Disclosure (TRID) rules in effect and implementation underway, it is easy to become discouraged and say, “Oh no, not another one! We don’t have the resources to tackle this now, and we haven’t even explored where to start.”

It may be human nature to shift into wait-and-see mode during times of uncertainty, but as we’ve seen over the last few years with financial institutions preparing for the TRID rules, it pays to be prepared. This article provides thoughts for strategic plan goals you can work on now—and outlines five risks hidden in the final rule.

The clock is already ticking. Most provisions of the final rule will take effect on Jan. 1, 2018. Lenders will collect the new information in 2018 and then report this information by March 1, 2019. (At the end of the article there’s a summary of major changes under the new HMDA rules.)

Strategic plan for HMDA compliance—and its hidden risks

Institutions use strategic planning to capitalize on market opportunities facing their organization. Approaching HMDA compliance should be no different. Using a strategic plan to define goals and a sequence of steps to achieve them is how institutions can best tackle the expanded HMDA rules.

Strategic planning begins with the desired end goal clearly in mind, and works backward to one’s current state. If the desired outcome for a HMDA strategic plan is accurate and timely data for submission, exams, and analysis, then the first step is to understand what has changed, where you are today, and what gaps need to be addressed. Now is the time to start.

Strategic planning begins with identifying and addressing five hidden risks:

Hidden Risk #1:  Lack of executive understanding and support

Before defining the specific steps of your strategic plan, you first need executive recognition and buy-in. Senior leadership must understand that the new HMDA rules will represent a significant change, and one that your compliance team can’t navigate alone.

Some perspective: Taking only the Dodd-Frank Act portion of the HMDA changes, the list of changes is three times larger than the last time major changes were made to HMDA.

The scope and breadth of change is large not only because of the sheer quantity of required data fields, but also because the additional fields are completely intertwined with the origination process. This demands a holistic approach to managing a change of this magnitude. As your first line of defense, the line of business has to have responsibility and accountability for collecting and initially reviewing the fields. Then the Compliance department, the second line of defense, can conduct reviews and analysis of data quality.

With the final rule now in place, the process, outlined in this chart, can begin in earnest.

All organizations work off of budgeted resources that often reflect conflicting organizational priorities. Some items to consider as you define goals for a HMDA strategic plan are:

1. Staffing

• Do you have trained, knowledgeable staff to implement the changes, or do you need assistance?

• Who will need training on the regulatory changes? On the operational changes?

• Do you have analytical staff to handle the increased analysis?

2. Technology

• Do your loan origination systems need updating?

• Does your data management system need updating? Will it be ready? Will it mitigate the risks identified in your analysis?

3. Operational

• Do forms need updating?

• Do you have the proper controls in place?

• Can you audit the process?

Hidden Risk #2: Differing data sets over multiple years

This risk is two-fold. The first aspect deals with applications that start in one year but whose final action occurs in the following year. The second aspect deals with aggregating data for examinations and analysis that contain different data sets and codes.

To illustrate, let’s use a three-year period (2017, 2018, 2019), with the assumption that Year 3 (2019) is the year of submission, and Year 2 (2018) is the first year in which the expanded data is required to be collected.

Loan applications that start in 2017 under the current HMDA rules don’t require the collection of the  new HMDA fields. However, if the final action for that application happens in 2018, the loan presumably becomes subject to the new expanded HMDA rules and the additional data points will be subject to reporting in 2019. If you are not prepared to collect  the expanded HMDA data points in your operational process in Year 1 (2017), then you may be left back-tracking to collect the required fields.

Strategic plan considerations might include:

1. What is the right point in time to update your processes and systems so that applications taken in 2017 can have the required data points collected? 

2. Does your normal lending process take 60 days? Longer?

3. Do your application forms or point-of-sale systems currently collect HMDA data on loan types where reporting may no longer be optional (i.e., home equity lines of credit)?

4. How will you manage if your applications or origination systems are not updated until 2018 and there are loans without the expanded fields collected? How will you go back to collect that information?

Another consideration, once you’ve determined how you’re going to collect the data, is to evaluate your organization’s capability to aggregate and analyze the collected data. Whether for purposes of generating internal performance metrics or in preparation for an examination, the data at some point will be aggregated from a year in which the expanded  fields and updated codes were not required (2017), and, subsequently, from a year in which the updates are required (2018).

No matter when you begin to collect the new fields, there will be the burden of reportable codes changing on a single field. For example, the “Occupancy” field is currently a list of three codes to account for the property being owner-occupied or not. The modified list will include codes to distinguish between principal or second residences and investment properties. Additionally, per the sample data collection form included in the final rule, there are a number of new Ethnicity and Race fields that an applicant can select. Will the data management system you are using have the ability to manage two sets of codes on the same field?

Hidden Risk #3: Operational process decisions

The next hidden risk, which further complicates the multi-year data scenario above, includes the operational process decisions that your institution needs to make, document, and train upon.

HMDA has always presented decision points that could differ from one institution to another, based on operational processes. Two examples include:

1. The application date for different point-of-sale methods, i.e. wholesale vs. internet vs. branch, and

2. The action and action date that is dependent on how you notify borrowers and document your process.

The expanded HMDA data requirements present additional, institution-specific decision points. Compliance officers, in collaboration with the line of business, will be challenged by the CFPB to define terms such as “closest in time” and “relied upon in the credit decision.” 

For example, the commentary for the “Automated Underwriting System and Recommendation” field includes the statement “if more than one used, report the one ‘closest in time’ to the credit decision.”

Other fields using similar language include the DTI (debt-to-income) ratio “relied upon” and the mortgage loan originator identifier with “primary responsibility” language. The definition for these terms will depend on your operational processes and will affect the way that data is reported. The final rule points out that a financial institution is in compliance if it establishes and follows a reasonable, written policy which defines these terms.

Hidden Risk #4: New lines of business reporters

Under the final rule, the fact that loans from the home equity or commercial lending departments may be reportable stands out as a huge risk.

In addition to not already having a defined HMDA data collection process, these areas are typically not on the same loan origination system, forms, or training plan. A goal of your strategic plan should be to understand how each line of business may be impacted by HMDA and how HMDA defines “reportable.”

Once these impacts are identified, the operational processes should be understood, documented and, to the degree possible, aligned. Questions to ask might include:

• Are the expanded fields available for collection on the existing application form or system?

• Do all departments take applications and process loans on the same forms and in the same systems? Or will data come from many sources?

• Are the processing, underwriting, and closing processes identical for each of these areas? Or could “relied upon” information be different in different workflows?

Documenting a holistic process flow will allow you to fully understand how closely the new requirements match with current origination processes—or if the changes will significantly impact those existing processes. These decisions, once determined, documented, and validated, can form the basis for staff training. And, as necessary, they can be tweaked and the cycle completed again.

This iterative process will allow for accurate and consistent HMDA data collection across your organization. Keep in mind that while HMDA data collection has been around for decades, it is hard to master and requires a constant and steady hand to keep the end goal in mind—accurate and timely data for submission, examination and analysis.

Hidden Risk #5: Expanded data, but still an incomplete story

Another goal of your strategic plan is to understand your data better than anyone else. HMDA data is the basis for Community Reinvestment Act (CRA) and fair lending exams.

Recently, the industry has seen a convergence of this data to form stories about lending practices, including lending discrimination cases that included elements of CRA requirements, and CRA reviews that were impeded by possible discrimination concerns.

Accuracy and submission naturally tend to take center stage when talking about an organization’s HMDA process, especially in a period of major changes. However, not knowing what the data say about the institution from all angles leaves your organization open to potential scrutiny, without the benefit of having an appropriate response. Now more than ever, institutions need a comprehensive understanding of their data, the compliance risks suggested, and the lending performance inferred.

From a fair-lending perspective, there will be more data, but it still doesn’t tell a complete story. However, the additional data generated and reported will be available for interpretation. Throughout the final rule, certain fields included commentary stating that the fields were necessary to further fair-lending analysis. While all data points are important, your strategic plan should include a step to analyze and understand these data points:

• Pre-approval

• Property location

• Rate spread

• HOEPA status

• Denial reasons

• Debt-to-Income ratio

• Pre-payment penalty term

• Combined loan-to-value (CLTV) ratio

• Total units

• Automated underwriting system and recommendations

In speeches, CFPB leaders have indicated that HMDA is a disclosure law that relies upon public scrutiny for its effectiveness.

In other words, the data submitted by financial institutions is intended to be analyzed and scrutinized outside of the institution.

That doesn’t mean you have no control over the story that is told. All strong compliance programs include a step to write your own story. Your analytical staff should know your data better than anyone else, including your regulator. When conducted proactively, HMDA data analysis can help you monitor your lending goals, your CRA goals, and your fair and responsible banking initiatives.

Key is in the planning

Cultivating an enterprise-wide understanding of the magnitude of the change will be one of the biggest and most important challenges for Compliance. Be proactive and prepare your strategic plan now, outline the specific steps to achieve your goal, and build understanding across your organization.

Only with enterprise-wide preparation, commitment, and follow-through will you achieve accurate and timely expanded HMDA data that supports your lending initiatives—and documents the success of those acts.

RESOURCES: What’s changing under HMDA?

Changes going into effect, per the Dodd-Frank Act:

1. Unique identifiers such as universal loan identifier, mortgage loan originator identifier, and parcel identifier

2. Age of the applicant

3. Credit score

4. Total points and fees

5. Prepayment penalty term

6. Loan term

7. Rate spread

8. Introductory rate period

9. Non-fully amortizing payment characteristics such as balloon payment, interest-only payment, negative amortization, and other non-amortizing features

10. Property value

11. Application channel

Changes added by CFPB as necessary to provide better information about the mortgage market:

1. Denial reasons (no longer optional)

2. Total loan costs

3. Total discount points

4. Interest rate

5. Debt-to-income ratio

6. Combined loan-to-value ratio

7. Manufactured home loan data, such as legal classification and construction method

8. Multi-family loan data, such as the number of affordable units

9. Total number of units

10. Automated underwriting system (AUS) and recommendation

11. Reporting by a flag whether a loan is a reverse mortgage, an open-end line of credit, or made primarily for business or commercial purposes . Open-end lines of credit are no longer optional.

About the author

Amy Downey, an attorney, is a regulatory expert at Wolters Kluwer Financial Services. Prior to almost a decade with the company, she worked for banks and mortgage companies in compliance, legal, and operational positions.

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo