much detail as possible (for example, describing the document
and particular field to obtain the application date). This might
also involve formalizing procedures for other lending processes
in order to establish a well-defined source for HMDA data.
3. Establish appropriate accountability structures. Institutions
should put in place accountability structures that lay responsibility for accurate data on the lines of business via imbedded
review and control processes, rather than leaving it to the
compliance department. The compliance department should
conduct limited, sample-based and control-based testing
to confirm that the lines of business are submitting
accurate data, and hold the lines of business
responsible for making corrections to
data and, if necessary, the processes
around ensuring data accuracy. With
the high number of data points, it simply
is not feasible for the compliance department
to verify the accuracy of every field for every
LAR entry in most cases.
HMDA and the “Three Lines of Defense”
Effective compliance management often is described to include the three lines of defense:
1. The lines of business with day-to-day ownership and management over risks and controls;
2. The compliance function that supplies monitoring and oversight; and
3. Internal audit. Each of these lines should be involved in the
HMDA compliance process, with feedback loops leading to
re-evaluation of the various processes until an institution is
confident that its data is accurate.
In addition to data accuracy, all three lines also should con-
clude that all covered loans and applications are properly included
on or excluded from the LAR. While data quality certainly is
important, it also is vital that review processes are designed to
identify whether or not the correct loans and applications are
included on the LAR.
Preparing for the 2018
Reporting Deadline and 2019
The statements from the CFPB understandably are a cause for
relief, but it should not be read as fully immunizing covered institutions from noncompliance—the statement protects only those
institutions that can show good faith efforts toward compliance
and that do not have material errors. Technical misunderstandings
that result in data inaccuracies might not incur the same level of
attention from regulators that material errors might, but institutions should have defined processes for obtaining accurate data to
fill each field on their LARs. Evidence of sustainable compliance
will be important in demonstrating a good faith compliance effort.
What about 2019 reporting and beyond? Covered institutions
should not count on the same regulatory lenience. The lines of
business, along with their various service providers, should have
had time to work out the kinks, and regulators likely will expect a
much greater degree of data accuracy. Monitoring should uncover
far lower error rates, allowing the institution to move from a reactive whack-a-mole stance—trying to deal with multiple problems
popping up all over the place with no rhyme or reason—to more
of a “business as usual” approach that systematically addresses
individual issues that arise here and there.
The Future is Now.
When the 2015 Final Rule was released, its effective date seemed
far off, and the compliance statement likewise provided some
breathing room. If they have not already, covered institutions
should re-evaluate and finalize HMDA reporting processes as soon
as possible to enter the 2019 reporting year with an established
and sustainable HMDA compliance program. ■
ABOUT THE AUTHORS
JOE DURHAM, CRCM, CAMS, is a senior manager at Crowe LLP. He
can be reached at (616) 233-5624 or firstname.lastname@example.org.
PAUL OSBORNE, CPA, AMLP, CAMS, is a partner at Crowe LLP. He
can be reached at (317) 706-2601 or email@example.com.
1 The CFPB has been in a slow process of rebranding itself, and ABA will
begin using “Bureau of Consumer Financial Protection” and “BCFP” when
either ( 1) the Associated Press stylebook changes, or ( 2) the bureau updates
its website to reflect the different name. As of this edition’s printing, the
bureau’s website says “Consumer Financial Protection Bureau” and “CFPB.”
The ABA made this decision in April 2018 to minimize confusion for
readers who may be more familiar with the CFPB name.
2 “Bureau of Consumer Financial Protection Issues Statement on the
Implementation of the Economic Growth, Regulatory Relief, and Consumer
Protection Act Amendments to the Home Mortgage Disclosure Act,”
Consumer Financial Protection Bureau, July 5, 2018, https://www.
The Dodd-Frank Act
authority for HMDA
to the Consumer Financial
Protection Bureau (CFPB) and
amended the law to,
among other things,
expand the scope of information
that covered institutions
must report on covered
loans and applications.