Thursday, February 8, 2024

HMDA: Procedures & Internal Controls


I am a compliance analyst in our compliance department. We are getting ready to file our HMDA-LAR. Yesterday, our internal auditor requested an outline of the steps we take to evaluate our HMDA policies and procedures. 

Our compliance manager has put together a few bullet points. However, we need some procedures and internal controls that tell the internal auditors adequate measures are in place to ensure compliance. 

Mostly, our procedures are informal. We follow the HMDA guide and use HMDA reporting software. 

I am reaching out to you for guidance in putting together a list of HMDA procedures. 

What are some procedures and internal controls needed to comply with filing HMDA data? 


Compliance Solution: HMDA, CRA, Fair Lending

The Home Mortgage Disclosure Act (HMDA) requires certain financial institutions to collect, report, and disclose information about their mortgage lending activity. HMDA was enacted by Congress in 1975 and implemented by Regulation C.[i] Over the years, there have been numerous amendments, updates, and linkages to other Acts. HMDA is a disclosure law that relies upon public scrutiny for its effectiveness. 

Contrary to what some people think, HMDA does not prohibit any specific activity of lenders, nor does it establish a quota system for mortgage loans to be made in any geographic area. The federal supervisory agencies use HMDA data to support a variety of activities.[ii] For instance, some federal supervisory agencies use HMDA data as part of their fair lending examination process,[iii] and other agencies use HMDA data in conducting Community Reinvestment Act (CRA) performance evaluations.[iv] 

HMDA disclosures provide the public with information on the home mortgage lending activities of particular reporting entities and activity in their communities. These disclosures are used by local, state, and federal officials to evaluate housing trends and issues and by community organizations to monitor financial institutions' lending patterns. Because HMDA data serve numerous important purposes, validating the accuracy of HMDA data is a key element of the federal supervisory agencies' examination activities. 

For the purpose of this article, I will use the term "institution" to refer to an institution that is either a depository financial institution or a non-depository financial institution that is subject to Regulation C. An institution is required to comply with Regulation C only if it is a financial institution as that term is defined in Regulation C. The definition of financial institution includes depository and non-depository financial institutions, as those terms are separately defined in Regulation C.[v] It is beyond the scope of this response to delve into the method to identify whether an institution meets the definition. An institution utilizes certain coverage tests and thresholds to determine whether a financial institution is required to comply with Regulation C.[vi] 

If your internal auditor plans to review your procedures and internal controls, I suggest you let them know that Regulation C requires an institution to record the data about a covered loan or application on a Loan Application Register (LAR), hereinafter "HMDA-LAR," within 30 calendar days after the end of the calendar quarter in which the financial institution takes final action on the covered loan or application.[vii] An institution is not required to record all its HMDA data for a quarter on a single HMDA-LAR. Rather, it may record data on a single HMDA-LAR or may record data on one or more HMDA-LARs for different branches or different loan types (such as home purchase loans, home improvement loans, or loans on multifamily dwellings). State or federal regulations may require an institution to record its data on a HMDA-LAR more frequently. 

Depending on various criteria, under Regulation C, an institution must submit its annual HMDA-LAR in electronic format to its appropriate federal supervisory agency by March 1 of the year following the calendar year for which the data are collected.[viii] Certain institutions must file their HMDA-LAR quarterly and annually,[ix] where the institution reported at least 60,000 originated covered loans and applications (combined) for the preceding calendar year. 

Guidelines for Procedures and Internal Controls 

for HMDA Recording and Reporting 

I will provide a list of some procedures and internal controls to ensure compliance with HMDA and Regulation C. The list is not meant to be comprehensive. 

·       Whether the individual assigned responsibility for the institution's compliance with HMDA and Regulation C possesses an adequate level of knowledge and has established a method for staying abreast of changes to laws and regulations. 

·       If the institution ensures that individuals assigned compliance responsibilities receive adequate training to ensure compliance with the requirements of the regulation. 

·       Whether the individuals assigned responsibility for the institution's compliance with HMDA and Regulation C know whom to contact, at the financial institution or their supervisory agency, if they have questions not answered by the written materials. 

·       If the institution has established and implemented adequate controls to ensure separation of duties exists (i.e., data entry, review, oversight, and approval). 

·       Any internal reports or records documenting policy and procedure revisions and any informal self-assessment of the institution's compliance with the regulation. 

·       If the institution offers preapprovals, whether the institution's preapproval program meets the specifications detailed in the HMDA regulation. If so, whether the institution's policies and procedures provide adequate guidance for reporting preapproval requests that are approved or denied in accordance with the regulation. 

·       Whether the institution's policies and procedures address the reporting of (1) non-dwelling secured loans that are originated in whole or in part for home improvement and classified as such by the institution, and (2) dwelling-secured loans that are originated in whole or in part for home improvement, whether or not classified as such. 

·       Whether the institution established a method for determining and reporting the lien status for all originated loans and applications. 

·       Whether the institution's policies and procedures contain guidance for collecting ethnicity, race, and sex for all loan applications, including applications made by telephone, mail, and Internet. 

·       Whether the institution's policies and procedures address the collection of the rate spread (the difference between the APR and the average prime offer rate for a comparable transaction as of the date the interest rate is set) and whether the institution has established a system for tracking rate lock dates and calculating the rate spread. 

·       Whether the institution's policies and procedures address determining if a loan is subject to the Home Ownership and Equity Protection Act and the reporting of applications involving manufactured home loans. 

·       Whether the HMDA-LAR is updated within 30 days after the end of each calendar quarter. 

·       Whether data are collected at all branches, and if so, whether the appropriate personnel are sufficiently trained to ensure that all branches are reporting data under the same guidelines. 

·       Whether the institution's loan officers, including loan officers in the commercial loan department who may handle loan applications reportable under HMDA (including loans and applications for multifamily or mixed-use properties and small business refinances secured by residential real estate), are informed of the reporting requirements necessary to assemble the information. 

·       Whether the Board of Directors has established an independent review of the policies, procedures, and HMDA data to ensure compliance and accuracy and is advised each year of the accuracy and timeliness of the financial institution's data submissions. 

·       What procedures the institution has put in place to comply with the requirement to submit data in machine-readable form, and whether the institution has some mechanism in place to ensure the accuracy of the data that are submitted in machine-readable form. 

·       Whether the institution's loan officers are familiar with the disclosure, reporting, and retention requirements associated with the loan application registers and the FFIEC public disclosure statements. 

·       Whether the institution's loan officers are familiar with the disclosure statements that will be produced from the data. 

·       Whether the institution's loan officers and affected staff know that civil money penalties may be imposed when an institution has submitted erroneous data and has not established adequate procedures to ensure the accuracy of the data. 

·       Whether the institution's loan officers and affected staff know that correction and resubmission of erroneous data may be required when data are incorrectly reported for at least 5 percent of the loan application records. 

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group

[i] 12 CFR Part 1003

[ii] Home Mortgage Disclosure Act (HMDA), Consumer Financial Protection Bureau, September 2021. Also see 12 USC 2801–2810.

[iii] 15 USC 1691–1691f, 42 USC 3605, a nd 12 CFR 1002

[iv] 12 USC 2901–2908, and 12 CFR 25, 195, 228, and 345

[v] 12 CFR 1003.2(g)

[vi] HMDA Data Collection and Reporting: Keys to an Effective Program, Consumer Compliance Outlook, Fourth Issue 2020, published by the Philadelphia FRB, provides a good overview of coverage tests and thresholds, among other things.

[vii] 12 CFR 1003.4(f)

[viii] 12 CFR 1003.5(a)(1)(i)

[ix] Effective January 1, 2020.