Compliance Technology, HMDA, RiskExec
With Great Data, Comes Great Responsibility: What to Do Now For HMDA 2018
Nov 02, 2017 • Asurity Technologies
“I speak from experience as far as the last time HMDA changed,” says Carl Pry, Managing Director of Treliant Risk Advisors and practice lead of the firm’s Fair Lending Practice, who experienced the financial crisis as a Senior Vice President and Compliance Manager for the Compliance and Control Division at KeyBank.
“It’s pretty much guaranteed most lenders and their systems will encounter issues.”
The HMDA 2018 rule changes have been lying in wait since the Dodd-Frank Act’s enactment. In the years since, lenders have continued submitting the required data fields for the required products. As a result, lenders do not have the processes or systems in place to gather or submit the new expanded field and product requirements.
This is a big deal for more reasons than one. Tech, timing, the volume of data required, and the addition of HELOCs as a required product pose a number of threats to the success of HMDA submissions and exams for lenders. While it sounds dire, there are ways to manage and minimize the risk of potential challenges.
Wrong time, wrong place.
As you may already know, the same individuals tasked with 2017 data submissions by March 1, 2018 must also collect HMDA data for credit decisions that occur after January 1, 2018. What this group may not consider is that during the last few months of each calendar year, IT departments freeze new requests and functionality additions to exclusively focus resources on properly producing and exporting 2017 data.
“IT departments effectively run banks, especially when it comes to operational capabilities.” - Carl Pry, Managing Director, Treliant Risk Advisors
“IT departments effectively run banks, especially when it comes to operational capabilities,” says Carl. “And they’re not normally going to make exceptions, especially for a compliance matter.”
HELOCs and mortgages typically close on different loan origination systems (LOS). For 2018, HELOC systems will need to be reconfigured to produce the data required for submission. Once the HELOC system and LOS are up-to-date, lenders will need to merge outputs from both systems to produce a single, comprehensive submission.
“The modified HELOC system and the combined output process are going to need extra testing,” stresses Carl. “It will be difficult to get both systems to submit properly since the functions aren’t what they’re used to.”
Testing new components on a technical system leads to a whole new set of unexpected bugs. Processing new data fields in the LOS for the first time will naturally lead to initial hiccups and technical failures. The majority of engineering and IT teams may be largely unavailable to address any bug reports beginning after Thanksgiving until after March 1.
Nonbanks are less equipped to integrate this new process because they have fewer resources with which to address regulatory changes of this scale, having only recently come under the purview of major regulators. As a result, they may have insufficient information and incompatible technology to start testing. If they do have the data, the process to check for errors will be less thorough because they lack the first, second, and third lines of defense employed by large banks with more structured compliance teams.
The challenge: Beginning after Thanksgiving through March 1, 2018, many loan and compliance officers will go through months of system testing with the understanding that any bugs identified during that freeze period will not be addressed by IT departments until after.
What you can do now: Use this time to run water through the pipes and test every new element, like credit scores and DTI, to ensure that they flow properly. The earlier testing begins, the more time will be available to find gaps and fix them in increments prior to the freeze.
More data, more problems.
The expanded definition of loan types required naturally leads to an increase in the number of submission errors and omissions. Distinguishing between these is notably important:
- An error is an entry on the HMDA LAR that is reported, but does not belong;
- An omission is an application that is not reported, but does in fact belong.
Many banks may include or exclude certain loan types and data points incorrectly as a result of the overwhelming magnitude in rule changes and additions.
The challenge: Expanded data and product requirements, such as HELOCs, and a new CFPB portal that requires 100% accuracy before allowing submissions present pain points for data integrity.
What you can do now: The CFPB will be looking for good-faith efforts. The better organized an institution’s preparation and efforts to comply, the more favorable the exam.
“Data integrity will be key to mitigating increased compliance risks."
“Data integrity will be key to mitigating increased compliance risks, and we know from the CFPB’s enforcement actions that they are focused on it,” explains Carl. One way to show good-faith is to employ an effective compliance management system (CMS). “Having a CMS that incorporates handling these changes demonstrates that you have the capabilities to manage what’s coming down the road.”
With great data, comes great responsibility.
In the past when a group or individual requested a lender’s LAR prior to it being made public in September of each year, the lender knew who asked for the data and exactly when they would receive it.
With the CFPB’s new submission tool, instead of heading to the bank for a copy of the HMDA LAR, anyone will be able to retrieve it from CFPB’s website. Public interest groups, newspapers, and competitors can download and model the data within hours rather than weeks and months.
“Don’t underestimate what people will do with that information,” warns Carl. “They’ll come after you just because they can.”
With easier access to data, the lending industry will be held even more accountable to the public.
The challenge: The increase in data required for submissions is not only about the CFPB, prudential regulators, examiners, or the exam itself anymore. It is about the public’s ability to access and evaluate the data.
What you can do now: Although this risk won’t appear until 2019, after 2018 data is published, don’t focus only on the exam. Begin collecting 2018 data with integrity and an understanding of ultimate transparency.