The Home Mortgage Disclosure Act (HMDA) is the record keeping and reporting mechanism of the Fair Housing Act and the Equal Credit Opportunity Act. Data provided through HMDA is available to the public and used by regulators, consumer groups and the public to monitor lending practices and enforce lending laws. Effective January 1, 2018, lenders are required to collect and report information on 25 new and 14 modified data points, meaning that a total of 110 data points can be required on a single file. The HMDA Loan-Application Register (LAR) will contain 48 fields in 2018.
HMDA information falls into four categories:
Why HMDA needs attention now
- Information about applicants, borrowers and the underwriting process. This includes Government Monitoring Information (GMI) about race, sex, national origin, ethnicity, and other demographic information
- Information about the features of the loan such as loan term, interest rate, amortization, and loan type
- Information about the property securing the loan such a property value, type, and location
- Unique identifiers about the loan and the lending organization.
Many lenders have a false sense of security regarding the new HMDA reporting requirements because they’ve been reporting HMDA data for decades or they are awaiting the current administration to change the requirements. But many institutions don’t have sufficient controls to ensure consistent and appropriate entry and reporting of HMDA data. As the number of required data points has increased, the opportunity for errors has also increased with it.
The good news? While many regulatory challenges confronting financial institutions require sophisticated analysis and judgement, compliance with HMDA simply requires a disciplined, effective data collection and hygiene effort. The bad news? Effective data practices are too often not adhered to by parties involved in the mortgage origination process (e.g., loan brokers, originators, etc.), leading to avoidable errors that can result in enforcement action and civil money penalties. Even if errors are caught and resolved before the institution is exposed to penalties, insufficient attention at the first line of defense creates unnecessary data cleanup responsibilities for compliance personnel, creating risk and inefficiencies that cost the institution time and money.
5 steps to effective HMDA compliance
- Build a strong compliance foundation. Effective HMDA compliance starts with a strong foundation. As part of your foundational effort, identify all record-keeping and record-generating systems and gain buy-in to your approach from top to bottom, starting with the first line of defense, which will be critical in implementing and enforcing the changes necessary to ensure effective HMDA data gathering and reporting. In addition to system identification it is also imperative that responsibilities are defined. These responsibilities can range from daily tasks in the first line of defense all the way to the business line and executive sponsors which have less frequent requirements. It is also critical that the timing of decisions and responses are documented so that the compliance program doesn’t get derailed by one delayed participant who fails to respond.
- Use the right tools. Too many financial institutions continue to rely on manual reviews of disparate spreadsheets and processes that require multiple data manipulations for managing HMDA compliance efforts. This ad hoc approach requires extensive manual data entry, which, with HMDA’s expanded data requirements, increases the odds of errors. Institutions should consider using a regulatory technology solution that will streamline the data entry effort, seamlessly collaborate their LAR validation efforts between team members, and deliver a submission-ready file. Process automation capabilities minimize front-end effort and help ensure accuracy and consistency, while visualization and analysis tools can help institutions derive new insights from their HMDA data.
- Ensure effective oversight. You need to establish clear accountability for the full chain of data collection, validation and reporting HMDA requires from start to finish. Who collects what data? Who is responsible for validation and, where necessary, correction? Who is responsible for the final signoff on data prior to submission and who makes the submission and when? The most effective HMDA compliance efforts push responsibility for the collection and integrity of HMDA data down to the first line of defense. This facilitates more efficient identification and remediation of data integrity issues and allows for corrective actions to be made quickly before they turn into larger problems. Develop a document matrix that clearly shows the source for all data, the specific processes and unique requirements of each business line, the validation process data goes through from capture to reporting, and documents the decisions your institution makes so you can back up the data you submit.
- Monitor for compliance and revision. You must closely monitor HMDA compliance to catch data issues early and trace them back to their root cause. Track performance from period to period—spikes in issues can be a clue to a systemic problems. Do your HMDA numbers align with your projections based on your evolving product and customer mix? Adjust your review cadence and sample sizes based on results to ensure identified issues are quickly and effectively remediated. This type of trending analysis can help you determine the amount and frequency of testing that your institutions should use to validate your HMDA data.
- HMDA training. Many of the personnel involved in HMDA data gathering and reporting have been involved with HMDA compliance for years and may have a lackadaisical attitude. You need to impress upon them the risk involved and how the expansion of data requirements significantly increases the chance of error. Once key issue? For the first time, HMDA includes free text fields. It is generally best to either disable these or train personnel not to fill them in. These fields deal with sensitive GMI—mistakes here could have real consequences. Off the shelf and overly generic trainings are no longer sufficient. Create training programs for each unique business unit and loan origination system. While online training may be cheaper, in-person training tailored to each function often has better results as employees tend to engage more in the topic and apply more of the information.
Expanded HMDA requirements present a real risk, but a risk that can be effectively managed with a disciplined HMDA compliance effort. Beefing up your HMDA compliance now is the best defense against HMDA problems later.
Need help creating a robust HMDA compliance program? Contact one of our HMDA experts
today to learn more.
What the Dodd-Frank rollback means for you
5 Key challenges for CECL compliance
Beyond regulatory-driven risk management
Senior Manager, Digital Transformation and Management
Principal, Compliance Risk Services