Contact Us

(Originally published in ABA Risk and Compliance, November/December 2023)

In lending, discretion can take several forms, including exceptions and overrides. An exception is an application whose outcome is not fully consistent with credit underwriting and pricing policies. The variation can be either in the underwriting outcome, or in loan terms and conditions, such as interest rate or fees. An override is a type of exception where the lender makes an underwriting decision or sets loan terms and conditions that are different from the outcome from the lender’s credit algorithms. Overrides can either be low side, where the application is treated more favorably than the algorithmic decision, or high side, where the application is treated less favorably than the algorithmic decision.

Excessive exceptions to established policies and procedures can be a sign of weaknesses in risk management. According to the Federal Reserve’s Commercial Bank Examination Manual (CBEM), one of the characteristics of strong risk management is that, “There are few exceptions to established policies and procedures, and none of these exceptions would likely lead to a significant loss to the organization.”[i] Conversely, the CBEM describes weak risk management by stating, “The internal control system may be lacking in important respects, particularly as indicated by continued control exceptions or by the failure to adhere to written policies and procedures. The deficiencies associated in these systems could have adverse effects on the safety and soundness of the institution . . .”[ii]

In fair lending, “discretion” is the equivalent of a “four-letter word.”  As a form of discretion, exceptions and overrides can be the source of significant fair lending risk. The FFIEC Interagency Fair Lending Examination Procedures,[iii] the Comptroller’s Handbook on Fair Lending,[iv] and the CFPB’s ECOA Baseline Examination Procedures[v] all identify exceptions as a source of fair lending risk. For example, three of the eight FFIEC Underwriting risk factors and two of the seven Pricing risk factors relate to exceptions, including credit scoring overrides.  The Appendix to the FFIEC Interagency Fair Lending Examination Manual includes monitoring the nature and frequency of exceptions and the sufficiency of documentation of the rationale for exceptions as principal policy issues.

Managing Risk

If your institution permits exceptions, including overrides, how should you manage the associated risk?

1. Start by reviewing policies and procedures, especially for consumer, mortgage, and small business lending. When an institution permits underwriting or pricing exceptions or overrides, policies and procedures should include clear guidance regarding when exceptions are permitted, what mitigating factors may be considered in granting exceptions, and limits on the number of underwriting exceptions or value of pricing exceptions permitted on a loan. Just like loan approval authority, a loan officer’s ability to grant exceptions should be limited and controlled.

2. It is a best practice to limit the volume of exceptions granted at the portfolio or product level. Excessive exceptions are an indicator of fair lending risk even when they are guided by clear policies and procedures. ().[vi] Excessive exceptions may also be an indicator of unsafe or unsound banking practices, as they can expose the lender to unrecognized or unwanted credit risk.

3. Exceptions should be monitored at the institution, portfolio, and product level by both unit and dollar volumes of exposure. Institutions may find it helpful to track exception types as well. Management and Board reporting should include the frequency and type of exceptions, as well as the performance of loans originated with exceptions. The Comptroller’s Handbook on Corporate and Risk Governance notes, “Performance and risk reports should enable the board to . . .monitor the types, volumes, and impacts of exceptions to policies and operating procedures.”[vii]

The FDIC Risk Management Manual of Examination Policies says accurate and timely reporting to management and the board of directors may include “The aggregate level of policy exceptions and the performance of that portfolio . . .” and notes “Prudent management and boards monitor compliance with internal policies and maintain reports of all exceptions to policy.”[viii]

4. Exception monitoring should be part of your fair lending compliance management system. Disparities in the distribution of exceptions and overrides on a prohibited basis are a source of fair lending risk. A concentration of high side overrides among protected class borrowers may be especially risky, as a high side override results in denying a request for credit that is approvable according to your loan policy. When monitoring exceptions, you should consider both the incidence of exceptions among each demographic group and the average value or number of exceptions received by each demographic group. Testing the incidence of exceptions indicates whether each demographic group is equally likely to receive an exception, while testing the value or number of exceptions reveals whether the extent of exceptions granted is similar across all demographic groups that receive exceptions. When conducting fair lending testing of exceptions, lenders should test high side and low side overrides separately.

5. Finally, lenders should periodically sample exceptions to assess the adequacy of the documentation supporting the exception and its mitigating factors. Missing or incomplete documentation increases the risk associated with exceptions.

Limiting and monitoring exceptions are components of both a strong fair lending compliance management system and robust credit risk management. If your institution permits exceptions, ensure that guidelines for granting exceptions are clear, limits are in place, monitoring, and testing for both fair lending and credit risk are conducted, and sufficient board and management reporting exists. Otherwise, exceptions may become exceptionally risky.


Lynn Woosley is a Managing Director with Asurity Advisors. She has more than 30 years’ risk management experience in both financial services and regulatory environments. She is an expert in consumer protection, including fair lending, fair servicing, community reinvestment, and UDAAP.

Before joining Asurity, Lynn led the fair banking practice for an advisory firm. She has also held multiple leadership positions, including Senior Vice President and Fair and Responsible Banking Officer, within the Enterprise Risk Management division of a top 10 bank. Prior to joining the private sector, Lynn served as Senior Examiner and Fair Lending Advisory Economist at the Federal Reserve Bank of Atlanta. Reach her at

[i], page 63

[ii], page 64



[v], page 16

[vi], page 16

[vii], page 30

[viii], pages 15 and 23

Washington, DC (February 8, 2024) - Asurity Technologies, LLC (“Asurity”), a leader in consumer lending compliance software, announced it has expanded its ecosystem with the establishment of Asurity Advisors, a separate business unit focused on meeting the advisory needs of financial institutions.

Asurity Advisors' experienced team of subject matter experts are dedicated to guiding banks, fintechs and other enterprises through the complexities of regulatory compliance, mitigating enterprise risks, and managing organizational change. Across these categories a broad array of specific service offerings will be available including, CMS reviews, fair and responsible banking advisory and analytics (HMDA, CRA modernization, Small Business Lending/1071), meeting the $10 billion threshold, and operational reviews/process improvements. In addition, the team stands ready to deliver outsourced services enabling institutions to meet pressing and time sensitive compliance requirements such as data integrity reviews, scrubs, and regulatory submissions. 

From the start, Asurity has been at the forefront of banking innovation, combining regulatory expertise with SaaS technology to help automate and streamline compliance processes. With its expansion into advisory services, Asurity now has the additional talent and specialized resources to comprehensively address the challenges facing all types of lenders.

Andy Sandler, Founder and CEO of Asurity, stated, “Since founding Asurity in 2015 our team has been focused on building an industry leading RegTech financial services business, one which has grown to include award-winning software products RiskExec, Propel, and RegCheck. Recently, our focus has been on recruiting to Asurity a team of top financial services and mortgage industry compliance and risk professionals who are laser focused on helping to build our software products, and on the delivery of efficient and cost-effective advisory services to financial institutions, independent mortgage companies and fintechs.  Market demand for our advisory services has exceeded expectations.  As a result, we decided now is the time to launch Asurity Advisors, a business unit dedicated to meeting financial institution advisory needs. Software and services team members will continue to actively participate in Asurity thought leadership initiatives including the Fair Lending Forum and RiskExec Connect."

"The launch of Asurity Advisors marks a pivotal moment in Asurity’s commitment to guiding clients through the evolving regulatory compliance landscape,” said Grace Brasington, Senior Managing Director at Asurity Advisors. “I am proud to lead a team that not only has years of real-world industry experience and expertise, but exemplifies integrity, and client-centricity. Backed by their knowledge and years of experience, this extraordinary team stands ready to deliver actionable, innovative solutions to our clients’ most pressing needs."

Dr. Anurag Agarwal, President of RiskExec, added, “I am thrilled with the launch of Asurity Advisors. Expanding our advisory service offerings further advances our organization’s holistic approach and commitment to delivering unparalleled services and solutions to our clients.”

For more information on Asurity Advisors, visit or email

Washington, DC (February 6, 2024) - Asurity Technologies, LLC (“Asurity”), a leader in consumer lending compliance software and advisory services is excited to announce the 2024 Fair Lending Forum, taking place April 29 - May 1, 2024 in Charlotte, NC.

Designed for lenders, compliance professionals, government regulators and others, the event will feature influential industry experts and thought leaders, presenting a diverse set of distinguished speakers including:

Dr. Anurag Agarwal, President of RiskExec, said, “As we navigate an increasingly complex regulatory environment, the Fair Lending Forum provides a venue for open dialogue, strategic discussion, and connection. It’s a unique chance for industry professionals to gain valuable insights into the current state and potential future of regulatory compliance that can inform their practices.” 

With discussions around the Community Reinvestment Act (CRA), Home Disclosure Mortgage Act (HMDA), Small Business Lending (SBL), Redlining, Loan Servicing, Artificial Intelligence (AI) and more, the Fair Lending Forum serves as a platform for practitioners to be informed on current and potential future regulations, discuss the latest topics in compliance, and provide invaluable networking opportunities.

Grace Brasington, who routinely advises consumer lenders on compliance and risk management matters and leads Asurity’s newly launched advisory business, Asurity Advisors, remarked, "The Fair Lending Forum serves as a crucial platform for industry leaders to come together and address the pressing issues. It is an opportunity to drive positive change, foster collaboration, and shape the future."

For more information and to register for the 2024 Fair Lending Forum, visit or email

As the submission March 1 deadlines loom for annual CRA and HMDA data reporting, Compliance Officers can sometimes feel a bit lost in the woods. While the details of filings are always important, it’s critical to take the time to pick your head up and look at your data at a macro level. This past year there has been a renewed focus by regulators to ensure financial institutions submit good, clean and logical HMDA and CRA data. In today’s blog, our experts outline some quick common-sense data checks that will strengthen your data reporting processes and ensure your submitted data is complete and cohesive. The guidance shared here can be coupled with required regulatory edit checks to ensure an accurate submission that reflects the lending of your institution. 

CRA Tips

  1. Evaluate the volume of unknown revenue (CRA Field Revenues = NA) in your file. Some institutions set tolerances of 5-10 percent for unknown revenue, however if reporting increases beyond these thresholds, processes and procedures should be established to improve revenue data collection. It's important to note that while reporting such data is a permissible reporting option, higher volumes of unknown revenue can adversely affect CRA exams by giving the impression the bank is not lending to small businesses.
  1. Consider the alignment of your data with your bank’s Call Report. We recognize CRA data is going to reflect only originations and purchases from the reporting year and the Call Report includes all outstanding loans in the bank’s portfolio. However, there should be some alignment between the submission file and Call Report. For instance, if you have small farm loans on your CRA loan register, there should be small farm loans on the bank’s Call Report. Misalignment between CRA data and the Call Report could suggest call coding or CRA loan coding errors, both of which would increase regulatory scrutiny or require data resubmission.
  1. Evaluate the total dollar volume of your lending and confirm your submission file reflects the requirement to report loan amount rounded to the nearest thousand. Errors in this requirement can be detected by considering the total amount of loans being reported. Does the volume reflect your understanding of your annual dollar volume? Accurately reporting your loan amounts is important for CRA exams and peer analysis. Ensure that your submission software accurately keeps the loan amount of every CRA record in thousands of dollars for submission.
  1. Evaluate the proportion of loans inside the bank’s assessment areas versus outside. Ideally, the bank’s assessment areas contain a substantial majority of the bank’s loans. While this is not defined in the 1995 CRA Rule, an institution is welcome to set their own thresholds for this figure. If a significant portion of loans are outside the bank’s assessment areas, the area delineations should be reevaluated. Additionally, it's important to note that CRA reporting requires reportable loans outside the bank’s CRA assessment areas to be reported. Out of assessment area loans should not be excluded from reporting and if you find they have been, now is a good time to improve processes to capture these loans. 
  1. Similar to ensuring you have reported loans both inside and outside the bank’s assessment areas is the requirement to report loans even when borrower revenue is greater than $1 million. Run examiner borrower distribution tables to ensure the volume of lending to businesses with revenue greater than $1 million mirrors the institution's business. Most institutions will have some volume of lending to businesses with revenue greater than $1 million. If your data suggests all businesses had revenue less than $1 million, this may appear favorable for performance but likely suggests errors in the population of loans reported.
  1. Make sure that the address on file for every small business and small farm CRA reportable record is accurate and produces a valid geocode. In recent years examinations have focused on the errors in geocoding and this can also affect your inside/outside assessment area ratios. Moreover, since these are originations and purchases, ungeocoded or partially geocoded records should be rare.


  1. Conduct appropriate omissions testing to ensure you have captured all reportable transactions and confirm you are not inadvertently excluding loans. Your institution should have a rigorous process for determining what constitutes a HMDA reportable loan and all required loans must be included in your annual filing based on the action taken date. Reconciling should include reviewing your current pipeline to ensure all loans have been adequately actioned in the year in which they occurred. Make sure there are no lingering files with valid withdrawal comments, or even leads that were full applications needing appropriate action taken. Additionally you should utilize available reports from your loan origination system to reconcile record counts from your system to the total records on your LAR.
  1. Ensure all regulatory edit checks have been audited. While validity edits must be corrected prior to submitting data, (the submission portal will reject any file where this type of edit exists) filers still need to pay particular attention to the quality edits and ensure this data has been reviewed and validated. The data triggering these edits is indeed submittable, however it is raising a flag the regulators believe to be worthy of a second look. Make sure the data triggering these edits is accurate before submitting and be prepared to provide an explanation.
  1. Review your address field for potential errors in formatting. Last spring many institutions received a notice from the CFPB warning that their LAR may contain “invalid entries” in the address field. These errors included reporting multiple addresses, multiple property numbers, missing information or place holders, non-standard addresses, and other potentially invalid data. Since there continues to be no official 2023 HMDA edit check to catch these errors, it is up to the institution to use any tools available to catch these.
  1. Look for anomalies in your data concerning both formatting and appropriate usage. While certain fields may allow reporting “Not Applicable” (NA) or even 0 as a value, make sure the usage of this value is appropriate for your institution. Certain data points may be permissible and appear reasonable, however a second look is often necessary to ensure it is in fact accurate. For example:
    1. Are there originations with 0% interest rates? While possible, it is unlikely a loan was originated at 0% and these records can have significant impact on pricing disparity tests further down the line of Compliance testing. 
    2. Are the race, ethnicity and/or gender fields partially marked NA where other information was provided? While this is valid if such records represent more than 10% of your LAR you should examine/retrain collection of these GMI fields.
    3. Is your denial reason supported by the data? For example, if the record is marked denied for debt-to-income(DTI), is the DTI field marked NA?  Or do you have a significant portion of records marked as denied for “other” reason?  Do you have denial reasons for a loan that is not marked denied? 
    4. Are all loan amounts consistently in dollars?  Verify there are no system transfers retaining the pre-2018 logic causing this to be rounded to thousands.
    5. Are all incomes provided reasonable for the specific loans?  Some loan origination systems will not allow a 0 or NA for income, so manual workarounds such as using “0.01” can cause inflated debt-to-income(DTI) values.  Check how many records have very small incomes, such as less than a value of 10
  1. Lastly, check to make sure your data makes sense for your institution’s products and practices. If your institution doesn’t have a preapproval program, make sure no loan actions have been reported with preapproval codes. If your institution does not offer second liens, or does not originate loans with combined loan-to-values over 100, check to be sure you are not reporting originations with this data. Do the common-sense checks to confirm all of your reporting is truly relevant.

It’s easy to lose sight of the forest through the trees during submission season. There are so many details to be mindful of and plenty of challenges at the application level that need to be attacked. But it’s important to take a step back and remember to look at the big picture. And most importantly, make sure to document and keep records of the lessons you are learning in these final days. Oftentimes final filing activities will reveal needs for process improvements and additional controls, but without documentation the swirl of submission can sweep away those valuable observations and gaps remain unplugged. Finally, just know that throughout the process, our RiskExec team stands ready to assist you. Don’t hesitate to reach out to us at  

RiskExec is a reporting and analysis platform for CRA, Small Business Lending, HMDA, Fair Lending, and Fair Servicing. With RiskExec's compliance reporting and analysis platform financial institutions can automate CRA, Small Business Lending, HMDA, Fair Lending, and Fair Servicing processes and also use mapping for visualizing loan data with sophisticated geocoding and customizable layers.

Sarah Brons is Senior Vice President of CRA Products and Services at RiskExec. She has more than 20 years of experience in financial services and regulatory compliance. Sarah is an expert in community reinvestment and community development and leads CRA product development.

Jesse Taylor is Director of Compliance Products and Services at RiskExec. She has over a decade of experience in Compliance and has served in Fair Lending leadership roles at both depository and non-depository institutions with LAR filing and analysis responsibilities for HMDA, Consumer, Auto, and other types of lending and servicing activity.

As of January 1, 2024, mortgage companies soliciting consumers in Illinois will need to ensure their marketing materials do not run afoul of the state’s new law designed to protect consumers from being misled.

The new law provides that any marketing materials from a mortgage company with no connection to the consumer’s existing mortgage company must comply with certain requirements intended to avoid misleading recipients of any such materials. As a result, any solicitation must clearly identify the name of the soliciting mortgage company and may not include language implying a response is required. The name of the consumer’s current mortgage company may not be used in any way to suggest the solicitation is from that company. Further, any such solicitations must be accompanied by language communicating that the solicitation is not from, or affiliated with, the consumer’s actual mortgage company.

The legislation, which went into effect on January 1, 2024, may be viewed in its entirety by visiting Illinois House Bill 2094.

Unlocking Insights: Analyzing the 2022 CRA Peer Data for Small Business, Small Farm and Community Development

On December 20, 2023, the three Federal banking agency members of the Federal Financial Institutions Examination Council (FFIEC) with Community Reinvestment Act (CRA) responsibilities — the Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) (The Agencies) — announced the public release of the 2022 Community Reinvestment Act (CRA) peer data. This dataset includes small business, small farm, and community development lending data reported by certain commercial banks and savings associations. RiskExec has been updated with this dataset and 2022 CRA reporting is available within the Peer Analysis module and CRA module’s small business and small farm reports. CRA Officers can now assess their respective institution’s lending in light of this updated peer data.

Evaluating the 2022 Data

The 2022 CRA peer data set includes data from financial institutions comprising over 8.9 million small business loans and over 200,000 small farm loans. For 2022, a total of 711 lenders reported data about originations and purchases of small loans to businesses (loans with original amounts of $1 million or less) and small farms (loans with original amounts of $500,000 or less), representing a 3.7 percent increase from the 685 lenders reporting data for 2021. Of the 711 institutions reporting 2022 data, 80 had assets below the mandatory reporting threshold and reported either voluntarily or because they elected to be evaluated as a “large” institution during CRA examinations. Since 2020, the volume of reporting financial institutions has increased.[1] In 2022, the volume of originations and purchases was down from 2021 and was closer to 2020 levels.

2020-2022 CRA Peer Data - Originations and Purchases (Count)
Reporting Financial Institutions687685711
Small Business8,375,7139,432,1238,883,889
Small Farm200,609255,435209,890

The amount of money borrowed has steadily declined over the last three years from a 2020 high point, which was largely due to lending from the U.S. Small Business Administration Paycheck Protection Program (PPP). PPP lending continued into 2021, but was phased out by May of that year.

2020-2022 CRA Peer Data - Originations and Purchases (Amount $mil)
Reporting Financial Institutions687685711
Small Business461,785371,043284,593
Small Farm15,12915,03114,640

Despite the increase in reporting lenders, loan volume by count and dollar amount declined in comparison to 2021, with small farm lending volumes declining most significantly since the prior year. Small farm originations and purchases decreased by about 18 percent and the dollar amount loans decreased by three percent from 2021 to 2022. The number of small business loans originated decreased by 6 percent relative to 2021. The dollar amount of small business loans originated decreased by 25 percent. The Agencies attribute the decrease in total number of small business loans originated, and especially the total dollar amount of small business loans originated, to the phasing out of PPP loans. The distribution of loan types remained consistent in comparison to the prior year with small business loans representing 98 percent of reported lending and small farm loans representing the remaining two percent.

It is also interesting to note that the number of “small” loans is increasing in proportion to the other larger loan amounts. In 2020, 88 percent of loans were small and, by 2022, that figure had increased to 94 percent. 

2020-2022 CRA Peer Data - Percent of Originations and Purchases (Count)
Loan Amount*SmallMediumLargeSmallMediumLargeSmallMediumLarge
Small Business87.
Small Farm78.113.48.483.99.86.380.111.97.9

*Loan Amount Key: Small: $100K or Less; Medium: $100,001K - $250K, Large: Loans Over $250K

In 2022, the reporting institutions had nearly 33 thousand community development loans totaling $152 billion. While the dollar amount of loans remained relatively stable since the prior year, the volume represents a 41 percent decline in community development loans compared to the 2021 CRA peer data. The Agencies suggest this decrease may also be attributable to the phasing out of the PPP lending. Many of the PPP loans that did not meet the size requirements of reportable small business loans met the qualifications for community development and were reported as such.

Next Steps for Institutions - Utilizing the Peer Data

The Agencies’ release of the 2022 CRA peer data presents an opportunity to review historical lending needs and prepare for future exams. The Agencies’ summary and the reports within RiskExec provide critical tools for analyzing this data and utilizing it to strengthen your CRA program.  As always, the RiskExec team is here to help should you have questions or would like assistance charting a different path forward with your CRA plans and operations.

RiskExec is a reporting and analysis platform for CRA, Small Business Lending, HMDA, Fair Lending, and Fair Servicing. With RiskExec's compliance reporting and analysis platform financial institutions can automate CRA, Small Business Lending, HMDA, Fair Lending, and Fair Servicing processes and also use mapping for visualizing loan data with sophisticated geocoding and customizable layers.

Sarah Brons

Sarah Brons is Senior Vice President of CRA Products and Services at RiskExec. She has more than 20 years of experience in financial services and regulatory compliance. Sarah is an expert in community reinvestment and community development and leads CRA product development.


RiskExec has recently been updated to include the following enhancements:

2022 Community Reinvestment Act (CRA) Peer Data Available in RiskExec

On December 20, 2023, the Federal Financial Institutions Examination Council (FFIEC) announced the availability of the 2022 Community Reinvestment Act (CRA) peer data. This dataset includes small business, small farm, and community development lending data reported by certain commercial banks and savings associations. RiskExec has now been updated with this dataset and 2022 CRA reporting is now available within the Peer Analysis module and CRA module small business and small farm reports.

Additionally, our team has reviewed the 2022 CRA peer data and provided an overview of changes over the last three years. You will find details in this blog post as well as some next steps for institutions when utilizing the data. Click here to learn more.

CRA Module

Call Code Field Added 

A new text field has been added to the CRA module called Call Code. This field can hold up to ten characters.
This field is located in the Other tab of the Loan Detail page. If a user has already created a User-Defined Field (UDF) for Call Code, that UDF will still be available and will not be affected by this update. We will start merging the UDF into the RiskExec core field over the next few weeks.

HMDA and CRA Modules

Edit Check Summary Update

The Edit Check Summary has been updated to include tooltips of each Level in the report. Hovering over a particular Level will display a description of what is causing this particular edit check to be triggered. For example, FIELD-Level edit checks are triggered by one, specific field in the application.

FFIEC and Manual Geocoding Report Update

The FFIEC Geocoding report and the Manual Geocoding Reports have been updated to include a search bar. Users can now search the list for a particular record using any of the address fields, geocoding fields, or the application number.

Redlining Module

New Analysis Measure: % Minority

% Minority has been added as an Analysis Measure to the Advanced Redlining Analysis setup. % Minority is defined in the FFIEC Census file as the percentage of the population that is not Non-Hispanic White.

Assessment Area Module

Housing Data By Tract Update

The Housing Data By Tract Report has been updated to include the following categories:

Washington, D.C. (December 19, 2023) - Asurity Technologies, LLC (“Asurity”), a leading provider of consumer lending compliance and risk management software, today announced the successful integration of its best-in-class mortgage loan compliance solution, RegCheck, with MeridianLink, a leading digital lending platform for financial institutions. The integration enables MeridianLink LOS users to achieve an exceptional level of transaction-specific visibility of risk and to gain efficiency in managing compliance reporting, streamlining processes, and reducing documentation.

RegCheck, recognized for its robust capabilities in ensuring individual loan-level compliance with mortgage industry applicable laws and regulations, enables loan officers and compliance specialists to accelerate loan closings with greater confidence and accuracy. Leveraging the advantages of innovative technology and deep domain expertise, RegCheck rapidly identifies root cause compliance failures in loan applications and pinpoints the specific data gaps that need to be addressed throughout the loan origination process, accelerating processing timelines, reducing errors - ultimately, making loans more serviceable and saleable.

Through the MeridianLink integration, RegCheck will offer users unparalleled features to enhance their mortgage loan compliance monitoring. Key features of the integration include:

Executive Vice President of Asurity Mortgage Group Software, Julia Sweeney, commented, "We are pleased to be partnering with MeridianLink. RegCheck’s integration with MeridianLink will foster significant advancement in mortgage loan compliance management. We are simplifying the process and empowering financial institutions to make informed decisions quickly and efficiently."

For more information about RegCheck, visit or email

On November 8, 2023, the Consumer Financial Protection Bureau (“CFPB”) entered into a consent order with a major bank to resolve allegations of violations of the Equal Credit Opportunity Act (“ECOA”) and Regulation B. Among other allegations, the CFPB asserted that the lender “failed to provide applicants with an accurate and adequate statement of the specific reasons for the adverse action when the applicant was denied based on Armenian national origin in violation of ECOA, 15 U.S.C. § 1691(d), and Regulation B, 12 C.F.R. § 1002.9(a)-(b) . . .”

The CFPB investigation concluded that credit card applicants of Armenian national origin were subjected to additional scrutiny, especially if the applicant lived in the Glendale, California, area, because the lender’s staff suspected an Armenian fraud ring was operating in the region. The suspicions of fraud resulted in longer application processing times, additional judgmental underwriting, approval with less favorable credit terms, and higher denial rates for both new credit cards and credit line increases. In addition, some applicants’ accounts were subjected to “blocks” of their credit cards, as well as line decreases or account closures.

However, applicants denied because of suspected fraud were not given accurate adverse action notices as required by ECOA and Regulation B. Internal messages among the lender’s employees revealed that pretextual denial reasons were used when an application was declined for possible credit abuse.

The consent order echoes concerns raised in the CFPB’s Summer 2023 edition of Supervisory Highlights regarding servicers’ failures to provide specific reasons for denial of consumer requests for loss mitigation assistance when reasons provided were deemed unduly vague.  The Bureau noted that such failures violated Regulation X (12 CFR 1024.41(b)(2)(i)(B)). In 2021, the CFPB’s 2021 lawsuit against a large fintech lender included allegations that nearly 72,000 adverse action notices inaccurately stated the principle reasons the credit applications were denied in violation of 12 C.F.R. § 1002.9(b)(2).

The CFPB is not the only federal financial institution regulator interested in the accuracy and timeliness of adverse action notices. In its most recent Fair Lending Report of the Consumer Financial Protection Bureau, the CFPB stated that the CFPB, the Federal Deposit Insurance Corporation, the Federal Reserve, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Farm Credit Administration had all cited supervised institutions for failures to provide accurate and timely adverse action notices among the most common violations of Regulation B and ECOA in 2022.

In addition to enforcement actions and informal guidance, the CFPB also issued Consumer Financial Protection Circular 2022-03 (“CFPC 2022-03”) to provide guidance on the requirements of ECOA and Regulation B when issuing adverse action notices in connection with credit decisions on complex algorithms. CFPC 2022-03 affirms that accurate and specific adverse action reasons are required even when credit decisions are based on complex or vended models. CFPC 2022-03 also notes that, “While some creditors may rely upon various post-hoc explanation methods, such explanations approximate models and creditors must still be able to validate the accuracy of those approximations, which may not be possible with less interpretable models.”

Taken together, it is clear that federal banking regulators are concerned with, and examining for, accuracy of adverse action notices. Given the current regulatory interest, lenders should review their practices related to adverse action notice accuracy and specificity. Any such review should consider the appropriateness of denial reasons provided, especially when non-credit factors, such as fraud, are the reason for denial. Additionally, compliance reviews should evaluate the accuracy of denial reasons provided when credit decisions are made using credit scores or other algorithms and the timeliness of adverse action notices provided to applicants.

Lynn Woosely

Lynn Woosley is a Managing Director with Asurity Advisors. She has more than 30 years’ risk management experience in both financial services and regulatory environments. She is an expert in consumer protection, including fair lending, fair servicing, community reinvestment, and UDAAP.

Before joining RiskExec, Lynn led the fair banking practice for an advisory firm. She has also held multiple leadership positions, including Senior Vice President and Fair and Responsible Banking Officer, within the Enterprise Risk Management division of a top 10 bank. Prior to joining the private sector, Lynn served as Senior Examiner and Fair Lending Advisory Economist at the Federal Reserve Bank of Atlanta.

RiskExec Release Notes - December 6, 2023

Redlining Module

RiskExec’s Redlining module has been updated to include additional measures to run an advanced analysis on. The Redlining Advanced Analysis setup now includes the following measures as options to select:

Please note that some of these measures are currently not available in mapping and will be added in a future release.

Fair Lending Module

Decisioning Regression Analysis Results: Highlighting Significant Model Agreement 

The results of regression analyses have been updated to include the Odds Ratio for each of the classifications tested in the outliers tabs. The Odds Ratio reflects the likelihood of the predicted event (i.e. outlier status) occurring in the protected class as compared to the control group.

HMDA, CRA, and 1071 SBL Modules

Create Export File

When generating a custom export format based on the report format on the application or loan list in the HMDA, CRA, or 1071 SBL modules, a user will no longer have to wait until all applications or loans have loaded. They will now have the ability to click on the “Create Export File” option and choose to export the report as either an Excel, CSV, or Text file. Once the export is finished it will be available to download from the Export tab.

1071 SBL Module

Standard Import Format

Users are now able to import their 1071 SBL data files using a standard 1071 SBL Import Format. This format uses all the fields and data specifications as in 1071 SBL Filing Instructions Guide (FIG).


Census Data Added to RiskExec

The following Census markers have been added to all modules for filtering and display in detailed screens.

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram