The Federal Financial Institutions Examination Council (FFIEC) has just issued an updated version of The Guide to HMDA Reporting: Getting It Right!

The Guide reflects the extensive changes to the Home Mortgage Disclosure Act rules that were adopted in October 2015 and became effective January 1, 2018.  Until now, the most recent version of the Guide was the April 2013 edition.

As previously reported, in December 2017 the CFPB announced that it intends to engage in a rulemaking to reconsider various aspects of the revised HMDA rules, such as the institutions that are subject to the rules, including the related transactional coverage tests, and the discretionary data points that were added to the statutory data points by the CFPB.  Any HMDA rule changes may require revisions to the Guide.

As expected, the Federal Financial Institution Examination Council (FFIEC) member agencies issued new data resubmission guidelines under the Home Mortgage Disclosure Act (HMDA) effective for the 2018 data collection year.  The change coincides with the substantial expansion of the HMDA data reporting fields that is effective January 1, 2018.

When examining an institution’s HMDA Loan Application Register (LAR), regulators will assess if the correction and resubmission of any data is required based on a review of a sample of reported loans.  Currently for institutions that have a total of less than 100,000 loans or applications on their annual LAR, which is the vast majority of HMDA reporting institutions, (1) an institution must correct and resubmit its entire LAR if 10% or more or of the entries in the sample contain errors, and (2) an institution must correct and resubmit an individual data field in the LAR if there are errors in that field with 5% or more of the entries in the sample.  An institution can be required to correct and resubmit data even if the 10% or 5% thresholds are not reached, if the errors would make analysis of the institution’s data unreliable.  Regulators will first assess a smaller set of entries in a LAR, and if one or no errors are found they typically cease the verification process at that point.

Under the new guidelines, there are revised thresholds for requiring resubmission, and for assessing if a full review of the sample will be performed based on errors in the initial smaller set of loans.  Assessment of the data will be conducted on an individual data field basis.  The new testing sample sizes and thresholds are as follows:

For institutions with fewer than 30 LAR entries, the resubmission threshold is still 3, so the effective resubmission threshold percentage is higher than 10%.  As is the case currently, even if the thresholds are not met an institution can be required to correct one or more data fields and resubmit one or more data fields in its HMDA LAR if examiners have a reasonable basis to believe that errors in the field or fields will likely make analysis of the HMDA data unreliable.

Under the revised guidelines, if an institution has a total of 1,000 entries on its LAR, the regulator would first review an initial sample of 35 loans.  If the regulator finds two or more errors in a data field, the regulator would then review the full 79 loan sample.  If four or more errors are found in any data field, the institution would be required to resubmit its LAR with the applicable data field corrected.

Unlike the current approach, under the new guidelines there are tolerances for certain data fields, and an error within the applicable tolerance will not be considered an error for either threshold.  The tolerances are as follows:

  • Date of Application: Three calendar days or less with regard to the date the application was received or date shown on application form and the date reported in the LAR.
  • Loan Amount: One thousand dollars or less in the amount of the covered loan or loan applied for and the amount reported in the LAR.
  • Date Action Taken: Three calendar days or less with regard to the date the action was taken and the date reported in the LAR, provided that the difference does not result in reporting data for the wrong calendar year.
  • Income: Errors in rounding the gross annual income relied upon to the nearest thousand.

Subject to an exception, for purposes of the guidelines a “data field” generally refers to an individual HMDA Filing Instructions Guide (FIG) field, and such fields are identified by a distinct Data Field Number and Data Field Name.  The July 2017 version of the FIG for data collected in 2018 is available here.    The exception is for information on the ethnicity or race of an applicant or borrower, for which a data field consists of a group of FIG fields as follows:

  • The Ethnicity of Applicant or Borrower data field group—comprised of six FIG fields with information on an applicant’s or borrower’s ethnicity (FIG Data Field Numbers 19-24);
  • The Ethnicity of Co-Applicant or Co-borrower data field group—comprised of six FIG fields with information on a co-applicant’s or co-borrower’s ethnicity (FIG Data Field Numbers 25-30);
  • The Race of Applicant or Borrower data field group—comprised of eight FIG fields with information on an applicant’s or borrower’s race (FIG Data Field Numbers 33-40); and
  • The Race of Co-Applicant or Co-borrower data field group—comprised of eight FIG fields with information on a co-applicant’s or co-borrower’s race (FIG Data Field Numbers 41-48)

If one or more of the six data fields for such a data field group has errors, this would count as one error.

 

The Federal Financial Institutions Examination Council (FFIEC), whose members include the CFPB, has finalized guidance setting forth a revised uniform interagency consumer compliance rating system (CCRS).  The revisions reflect changes in consumer compliance supervision since the current rating system was adopted in 1980.  The other FFIEC members are the Fed, FDIC, NCUA, OCC, and State Liaison Committee.  The FFIEC members plan to implement the revised rating system for consumer compliance examinations that begin on or after March 31, 2017.

The guidance states that as a FFIEC member, the CFPB will use the CCRS “to assign a compliance rating, as appropriate, for institutions with total assets of more than $10 billion, as well as for nonbanks for which it has jurisdiction regarding enforcement of Federal consumer financial laws as defined under the Dodd-Frank Act.”  (While the guidance refers to the CFPB’s “jurisdiction regarding enforcement,” it seems a more accurate reference would have been to the CFPB’s authority to supervise such entities for compliance with Federal consumer financial laws.)

The guidance also states that the prudential regulators will take into consideration any material supervisory information provided by the CFPB as it relates to covered supervisory activities or covered exams and that the CFPB will similarly take into consideration any material supervisory information provided by prudential regulators in appropriate supervisory situations.  It notes further that an institution with total assets of more than $10 billion can receive a consumer compliance rating from both its primary prudential regulator and the CFPB which is based on each agency’s review of the institution’s CMS and compliance with federal consumer protection laws falling under each agency’s jurisdiction.

In the Supplementary Information accompanying the final guidance, the FFIEC observes that when the current system was adopted, examinations focused more on transaction testing for regulatory compliance than on an institution’s compliance management system (CMS) to ensure compliance with regulatory requirements and prevent consumer harm.  The FFIEC states that the revised system is “designed to better reflect current consumer compliance supervisory approaches and to more fully align the [CCRS] with the Agencies’ current risk-based, tailored examination approaches” and  were “not developed with the intention of setting new or higher supervisory expectations for financial institutions and their adoption will represent no additional regulatory burden.”

The CCRS includes three categories of assessment factors: board and management oversight, compliance program, and violations of law and consumer harm.  The assessment factors in the three categories consist of the following:

  • To assess an institution’s board and management oversight, examiners will consider: oversight and commitment to the institution’s CMS; effectiveness of the institution’s change management process; comprehension, identification and management of risks arising from the institution’s products, services, and activities; and any corrective action undertaken as consumer compliance issues are identified.
  • To assess an institution’s compliance program, examiners will consider: whether the institution’s policies and procedures are appropriate to the risk in the institution’s products, services, and activities; the degree to which compliance training is current and tailored to risk and staff responsibilities; the sufficiency of monitoring, and if applicable, auditing, to encompass compliance risks; and the responsiveness and effectiveness of the consumer complaint resolution process.
  • To assess an institution’s violations of law and consumer harm, examiners will consider: the root causes of any violations identified during examinations; the severity of any consumer harm resulting from the violations; the duration of time over which the violations occurred; and the pervasiveness of the violations.  The CCRS includes incentives for self-identification and prompt correction of violations.

The revised rating system uses a scale of 1 through 5, with 1 representing the highest rating and lowest degree of supervisory concern and 5 representing the lowest rating and most critically deficient level of performance and thus the highest degree of supervisory concern.  An institution’s overall rating under the CCRS is intended to reflect a comprehensive evaluation of the institution’s performance under the rating system by considering the categories and assessment factors in the context of the institution’s size, complexity, and risk profile.

The CCRS does not assign specific numeric ratings to any of the above assessment factors and an institution’s rating is not be based on a numeric average or any other quantitative calculation.  As a result, an institution does not have to receive a satisfactory rating in all categories to receive an overall satisfactory rating.  Conversely, even if some assessments are rated as satisfactory, an institution can still receive an overall less than satisfactory rating.

On September 30, the CFPB released updated examination procedures for Military Lending Act (MLA) compliance. Compliance with the final rule amending the MLA, issued by the Department of Defense (DoD) in July 2015, was required for creditors of most consumer credit products as of this past Monday, October 3. The final rule applies to all consumer credit transactions or accounts for consumer credit “consummated or established” on or after October 3, 2016. The Bureau’s updated MLA exam procedures apply to examinations with review periods after that date.

The CFPB has enforcement authority for the MLA’s requirements and previously addressed compliance with the Act in its Short-Term, Small-Dollar Lending examination procedures. The updated procedures reflect the expanded scope of the MLA and are effectively a consolidated source of the DoD guidance on the final rule that we’ve received up to this point. The procedures cover the requirements of the final rule and include key portions of the supplementary information published in the final rule’s Federal Register notice as well as guidance provided in the DoD’s recent Interpretive Rule issued on August 26.

The CFPB’s updated MLA exam procedures place particular emphasis on Compliance Management System elements to implement and ensure compliance with the MLA and its regulations, including policies and procedures, training, monitoring and testing, and audit and corrective action. Specifically, the procedures direct examiners to evaluate the extent and adequacy of an institution’s policies and procedures related to mandatory loan disclosures, the calculation of MAPR, and covered-borrower identification.

The updated exam procedures also highlight some of the questions the DoD has left unanswered, such as how and for how long a creditor is required to maintain records for purposes of the safe harbor for covered-borrower identification, and the scope of the exemption for purchase money loans for auto finance transactions.

On September 29, the FFIEC released revised Interagency MLA examination procedures that appear parallel to those issued by the Bureau. The release of these updated procedures suggests that regulators do not intend to postpone transactional testing for MLA compliance as trade groups had requested. In contrast, the NCUA has instructed examiners to accept a credit union’s reasonable and good faith efforts to comply with the final rule during the first examination following the implementation date.

On September 20, 2016, Ballard Spahr attorneys conducted a webinar “The DoD’s 11th Hour Interpretive Rule For New MLA Rules,” which focused on the DoD’s interpretive guidance, lingering questions and concerns with the final rule, and compliance considerations and strategies.

The Federal Financial Institutions Examination Council (FFIEC), whose members include the CFPB, is proposing a new uniform interagency consumer compliance rating system to reflect changes in consumer compliance supervision since the current rating system was adopted in 1980.  The other FFIEC members are the Fed, FDIC, NCUA, OCC and State Liaison Committee.  The FFIEC states that the proposed revisions “were not developed to set new or higher supervisory expectations for financial institutions and their adoption will represent no additional regulatory burden.”  Comments on the proposal are due on or before July 5, 2016.

The rating system uses a scale of 1 through 5, with 1 representing the highest rating and lowest degree of supervisory concern and 5 representing the lowest rating and most critically deficient level of performance and thus the highest degree of supervisory concern.  In the proposal’s Supplementary Information, the FFIEC observes that when the current system was adopted, examinations focused more on transaction testing for regulatory compliance rather than on an institution’s compliance management system (CMS) to ensure compliance with regulatory requirements and prevent consumer harm.  The proposed changes to the rating system “are designed to more fully align” the rating system with the risk-based approach to consumer compliance examinations that the FFIEC agencies have adopted over the intervening years.

The proposed rating system would include three categories of assessment factors: board and management oversight, compliance program, and violations of law and consumer harm.  The assessment factors in the three categories would consist of the following:

  • To assess an institution’s board and management oversight, examiners would consider: oversight and commitment to the institution’s CMS; effectiveness of the institution’s change management process; comprehension, identification and management of risks arising from the institution’s products, services, and activities; and any corrective action undertaken as consumer compliance issues are identified.
  • To assess an institution’s compliance program, examiners would consider: whether the institution’s policies and procedures are appropriate to the risk in the institution’s products, services, and activities; the degree to which compliance training is current and tailored to risk and staff responsibilities; the sufficiency of monitoring, and if applicable, auditing, to encompass compliance risks; and the responsiveness and effectiveness of the consumer complaint resolution process.
  • To assess an institution’s violations of law and consumer harm, examiners would consider: the root causes of any violations identified during examinations; the severity of any consumer harm resulting from the violations; the duration of time over which the violations occurred; and the pervasiveness of the violations.  The rating system would include incentives for self-identification and prompt correction of violations.

An institution’s overall rating under the proposed system is intended to reflect a comprehensive evaluation of the institution’s performance under the rating system by considering the categories and assessment factors in the context of the institution’s size, complexity, and risk profile.  The proposed system would not assign specific numeric ratings to any of the above assessment factors and an institution’s rating would not be based on a numeric average or any other quantitative calculation.  As a result, an institution would not have to receive a satisfactory rating in all categories to receive an overall satisfactory rating.  Conversely, even if some assessments are rated as satisfactory, an institution can still receive an overall less than satisfactory rating.

On May 25, 2016, from 12:00 PM to 1:00 PM ET, Ballard Spahr attorneys will conduct a webinar on “How to Ace Your CFPB Exam.”  A link to register is available here.