The Consumer Financial Protection Bureau (CFPB) proposed Friday to temporarily relax the scope of upcoming changes to Regulation C, which implements the Home Mortgage Disclosure Act (HMDA), by raising one threshold for HMDA reporting. Under Regulation C amendments previously finalized and scheduled to take effect in 2018, HMDA reporting requirements would apply to any financial institution originating 100 or more open-end home equity lines of credit (HELOCs) per year over the prior two years. Under the new proposal, the HMDA reporting requirements would apply through calendar year 2019 to institutions that originated 500 or more HELOCs per year over the prior two years. In the meantime, the CFPB would conduct further studies to help determine whether to permanently change this threshold.
This proposal has a very short comment period—it is open only until July 31. However, the CFPB plans to issue a separate request for comment, with a longer comment period, on whether and how the threshold should be permanently changed. Affected community banks and other smaller HELOC lenders therefore should stay alert for that proposal as well and be prepared to comment.
HMDA Compliance: Real Costs
The CFPB estimates that increasing the threshold from 100 to 500 HELOCs per year will still result in more than 75% of all HELOCs being subject to HMDA reporting, while saving more than 500 financial institutions from the costs of complying with HMDA. The CFPB notes anecdotal evidence that achieving HMDA compliance could cost smaller institutions $100,000 as a one-time cost and over $30,000 per year.
Whatever the actual numbers turn out to be, they are likely to be significant. The amount of information that must be collected and reported has expanded greatly through the most recent round of Regulation C amendments—25 new points of data must be recorded and reported, and requirements for 14 other items are expanded as well. Most of this data relates to the terms of the loan (such as interest rates, origination charges, financing charges, and interest rate variability) and underwriting factors (such as credit score, debt-to-income ratio, and loan-to-value ratio).
Preparing for HMDA Compliance
Much has been written about complying with these HMDA amendments, and the CFPB has devoted a section of its website to HMDA implementation issues, posting updates and resources to help financial institutions keep up with the changes. Financial institutions should therefore already be making significant progress towards ensuring compliance by the current January 1, 2018 implementation date. While further reprieves from the CFPB are possible, they cannot be guaranteed.
Along with addressing the specific challenges of preparing for compliance with the HMDA amendments, financial institutions should also keep some of the following larger concepts in mind during this process:
- Have a robust system for auditing and monitoring for HMDA compliance, including vendors. The complexity of the new requirements and the sheer volume of the data at issue make HMDA compliance mistakes more likely to happen. To lessen that risk, financial institutions must have effective HMDA audit and compliance programs to detect, avoid, and fix problems. Having effective programs like these can serve as a mitigating factor to regulators in the event errors do occur. The CFPB’s HMDA-related enforcement actions have frequently faulted the financial institution in question for not implementing adequate compliance monitoring. The program’s reach must extend to the institution’s vendors as well, especially given the integral roles that they can play in HMDA data collection.
- Implement training. HMDA requirements have always been highly technical and often confusing. The new amendments, by virtue of being new, are unfamiliar even to financial institution personnel with many years of HMDA compliance experience. Financial institutions should ensure that all relevant personnel receive sufficient training on the new requirements well in advance of the compliance date.
- Remember privacy. Some of the most significant privacy questions about the new reporting requirements are left for the CFPB to answer. It remains unclear how the CFPB will make HMDA data available while protecting consumer privacy, given that the new HMDA data points include enough specific information about the applicant that, together or alone, they could permit the personal identification of consumers. For the financial institutions collecting and reporting the data, the privacy and data security issues are more straightforward. Financial institutions should ensure that they treat HMDA data with the same privacy and data security protections afforded to other confidential consumer information under applicable state and federal laws. Institutions’ HMDA training should cover privacy issues. For example, staff should know to keep the HMDA universal loan identifier confidential and avoid using it for any purposes other than HMDA reporting.
- Use HMDA data to your advantage. The CFPB and other regulators will use HMDA data to monitor for potential concerns related to fair lending, predatory lending, and safety and soundness. Financial institutions themselves should likewise use this data in their own internal monitoring regarding such issues. And HMDA-reportable data can be used by financial institutions to better understand and serve their consumer markets, although institutions should be careful to ensure that they do not use information like race, ethnicity, sex, age, or credit score in a discriminatory or otherwise illegal fashion.