Fair Lending Risk Assessments: Everything You Need to Know

Cassandra Wayman and Monica Bolin

6 min read

May 20, 2025

Fair lending is a key focus for lenders committed to consumer protection and equity. Examiners continue to expect financial institutions (FIs) to demonstrate a strong, proactive approach. That means maintaining current, well-structured fair lending risk assessments.

So, what exactly is a fair lending risk assessment, and what should it include? This guide will answer key questions and outline the essential components to help your FI stay compliant and proactive.

Table of Contents

What is a fair lending risk assessment?
How does a fair lending risk assessment work?
Are fair lending risk assessments required?
Who performs a fair lending risk assessment?
How often should my FI perform fair lending risk assessments?
What are the key areas of fair lending risk?
Do all fair lending risk assessments include analysis?
My fair lending risk assessment identified risks — what do I do?

What is a fair lending risk assessment?

A fair lending risk assessment is a structured review of an FI’s fair lending risk exposure. It aims to help teams understand inherent and residual fair lending risk, identify gaps in controls, highlight high-risk areas, and provide guidelines on mitigating risks. It also ensures that senior management and the board know any significant fair lending concerns.

A risk assessment typically consists of risks, controls, and control effectiveness assessments. Ultimately, the assessment asks, "What is the risk that our FI is discriminating against a protected class?"

How does a fair lending risk assessment work?

Risk rating calculations for fair lending risk assessment include three key elements:

Inherent risk is the level of risk before any controls are applied. Products, services, market strategy, regulatory environment, and overall operations shape it.
Controls are the policies, systems, and procedures to reduce that risk, such as training programs and monitoring efforts.
Residual risk remains after those controls are considered.

Think of it like skydiving: Jumping out of a plane has a high inherent risk. But with a parachute and a trained guide (controls), the risk becomes manageable; that’s your residual risk.

Impact of Controls on Fair Lending Risk. When inherent risk is high and there are weak controls (depicted here as a small shield with a mouse icon), residual risk is high. When inherent risk is high and there are strong controls (depicted here as a large shield with a weight lifter icon), residual risk is lower Fair lending risk assessments differ by an FI’s size, products, and market. They usually involve reviewing policies, reports, training, exam results, data, and speaking with staff. The findings are shared in a report that outlines key risks, current controls, remaining risks, root causes, and practical, data-driven recommendations.

Are fair lending risk assessments required?

Any FI subject to fair lending laws should assess fair lending risk, including banks, credit unions, mortgage companies, indirect auto lenders, mortgage servicers, and other third parties involved in the lending process.

While no mandated format or specific tool is required, regulators expect institutions to assess fair lending risk. Each agency has its approach, so it’s essential to understand your primary regulator’s expectations and adhere to provided guidance, such as the Interagency Fair Lending Examination Guidelines. Fair lending laws also vary by state, so following the latest enforcement actions and receiving regulatory updates relevant to your FI’s services and geographic area are crucial.

Who performs a fair lending risk assessment?

A fair lending risk assessment can be conducted internally or with support from a qualified third party. While regulators don’t mandate who leads the assessment, they will consider the credibility and objectivity of the individual or team conducting it. Internal compliance teams are well-positioned to lead these efforts, but it’s important to recognize that blind spots can exist, especially when risks are not yet fully surfaced.

Whether assessments are conducted in-house or with external support, they must be rigorous, well-documented, and aligned with regulatory expectations.

Related: To support compliance professionals in their work, Nrisk has tools, templates, and outlines designed to help FIs identify and evaluate fair lending risks thoroughly.

How often should my FI perform fair lending risk assessments?

Experts recommend conducting a fair lending risk assessment annually or more frequently when significant changes occur. These changes may include mergers, new products, market expansions, regulatory updates, increases in fair lending enforcement actions, product complexity, or exam findings. Annual assessments help FIs stay ahead of regulatory scrutiny and maintain a clear view of evolving risk, which is increasingly essential in a dynamic risk environment.

The good news is that fair lending analytics software can dramatically speed up the time for reviews, especially when the software comes with quarterly meetings with a fair lending expert.

What are the key areas of fair lending risk?

At a high level, your assessment should cover:

Inherent risk, mitigating controls, and residual risk
Control effectiveness assessments to evaluate how well the controls are mitigating identified risks
Each stage of the lending process across all loan types, not just Home Mortgage Disclosure Act (HMDA)-reportable loans
Your overall fair lending compliance management program, including governance and controls
Risks identified by regulators, prior exams, or past assessments

Key lending process areas to evaluate include:

Redlining is the illegal practice of denying or avoiding credit services in specific neighborhoods based on race, ethnicity, or other prohibited characteristics. You must evaluate your REMA (Reasonably Expected Market Area) and youmarketing and lending activity in majority-minority tracts.
Marketing and advertising should ensure that your marketing materials and channels reach all segments of your service area fairly without discouraging or excluding protected classes.
Steering refers to directing applicants to specific products, loan terms, or branches based on a protected characteristic. It ensures that borrowers have equal access to all appropriate credit options.
Pricing involves the interest rates, fees, and terms offered. Analyze whether similarly situated borrowers receive consistent pricing regardless of protected characteristics.
Underwriting is the process of evaluating loan applications for approval. Review policies and decisions — including those related to withdrawn and declined applications — to confirm that creditworthiness is judged without bias or discretion.
Servicing and loss mitigation cover account management after loan origination, including payment processing, customer service, and default handling. They also ensure fair treatment in hardship assistance, loan modifications, and collections practices.

When evaluating your compliance management system, consider policy management, monitoring and reporting, board and management oversight, pre-rollout product and service reviews, data analysis, and staff training.

Other risk factors to consider in your risk assessment

Regulatory compliance

Regulation B (ECOA): Consider individual and joint credit application practices, the accuracy and timeliness of action taken notices, and procedures for the monitoring and testing of compliance with fair credit decisions and practices.
Fair Housing Act (FHAct): Ensure your practices align with equal housing opportunity (including credit provided for housing) for protected classes, including persons with disabilities.
Regulation (HMDA): Confirm that Government Monitoring Information (GMI) and loan information are accurately and consistently collected and reported for reliable fair lending testing.

Lending channels and best practices

Indirect auto lending: Review practices for consistency and fairness, especially if third parties are involved.
Fintech partnerships: Assess how digital platforms and algorithms impact access and outcomes for protected classes.
Third-party relationships: Evaluate vendor and realtor oversight to ensure third parties follow fair lending laws.

Pricing and staff

Employee and loan officer compensation: Ensure compensation structures do not incentivize discriminatory practices.
Loan Originator Office Location: Confirm that your loan origination staff is located in branches that will allow them to sufficiently serve majority-minority tracts. Recent consent orders call out the need for Loan officers to be in and/or assigned to MMCT branches and neighborhoods.
Pricing Exceptions: Confirm that borrowers are being priced (and fees applied) fairly and in accordance with policy.

High-risk areas

Discretion: Policies or procedures that allow subjective decision-making can lead to inconsistent outcomes and fair lending risk.
Exceptions: Exceptions to policy, particularly in underwriting or servicing, should be tracked, explained, and monitored for patterns that may suggest bias.

Do all fair lending risk assessments include analysis?

Not all fair lending risk assessments include a complete data analysis, but it’s a critical tool for identifying potential discrimination. Disparities — differences in outcomes between a control group and a protected class — often reveal risks. While disparities don’t always indicate bias, data analysis is the only way to uncover and address potential issues.

My fair lending risk assessment identified risks — what do I do?

Don’t wait — take immediate action.

Report findings to your fair lending or compliance committee, senior management, and the board to ensure organizational awareness.
Prioritize identified risks based on their potential impact and likelihood, addressing the most critical areas first.
Determine the root cause of each finding to understand the source of the issue.
Update the risk assessment to add or modify risks and controls and re-evaluate the control effectiveness based on the changes.
Review and update related policies and procedures to align with the revised risk assessment and control environment.
Develop and implement tailored action plans for each risk, with clearly defined roles, responsibilities, and timelines.
Regularly monitor the effectiveness of corrective actions and adjust as necessary to maintain compliance and reduce fair lending risk.

The right automated fair lending software can streamline many tasks, from analyzing data to reporting.

Know what to look for in a solution? Review our buyer’s guide to get industry-specific expert advice on fair lending software.

Subscribe to the Nsight Blog

All Topics Risk & Compliance Product Insight Banks Lending Compliance Credit Unions Risk Management Fair Lending Nfairlending Cluster: Risk Management Compliance Lending Compliance Management Integrated Risk Blog Regulatory Compliance Management News & Updates Nrisk HMDA Vendor Management Risk Mortgage Lenders Ncomply Business Resiliency CRA Lending Compliance Blog Third-Party Vendor Management Business Continuity Vendor CFPB Ncontinuity Cybersecurity Regulatory Updates Regulatory Compliance Fintech Nvendor Strategic Planning Ncyber Ntransmittal Compliance Management Audits & Findings OCC Company Culture Audit Nverify Exams FDIC Nfindings Business Continuity Management Findings NCUA Contract Management Employee Intranet Enterprise Risk Management Vendor Risk Management Contract FRB Findings Management Third-Party Vendors Vendor Risk Artificial Intelligence Compliance Risk FFIEC Ncontracts manager Wealth Management Audit Findings Regulatory Brief 1071 Access Control Board Portal Call Report Complaint Management Cybersecurity Assessment Digital Tansformation Due Diligence Efficiency Employee Engagement Exam findings FIEC Governance and Risk Management Inc. 5000 Integrated Risk Management Internal Audit Management Mortgage Lending Nboardportal Press Release Verify

Solutions

Integrated Risk Solutions

Vendor Solutions

Compliance Solutions

Lending Compliance

Vendor Due Diligence

Software Solutions

Risk Management Software

Vendor Management Software

Compliance Management Software

Continuity Management Software

Audit Management Software

Findings Management Software

Cybersecurity Assessment Software

Contract Assistant Software

Fair Lending Compliance Software

1071 Compliance Software

Employee Information Security Platform

Board Portal Software

Banks

Credit Unions

Mortgage Lenders

Fintech

Wealth Management

Blog

Webinars

Podcast

Regulatory News

Events

Nsider Community

Dig into our Certified Vendor Management Professional Training!

Featured Resources

Enforcement Action Tracker

April 2025 Regulatory Brief

1071 Compliance Updates

2025 Third-Party Risk Management Survey

Ncontracts Tools Got an Update with New Compliance & Risk Content

10 Best Practices for a Better Lending Compliance Program

Book: The Upside of Risk

Book: The Upside of Compliance

Resource Hub

About Us

News

Leadership

Partnerships

Join the Team

Ncontracts Highlights

Ncontracts Launches Nstitute & the Certified Vendor Management Professional (NCVMP) Certification

Ncontracts Named to Inc. 5000 for a Sixth Year

Event: Ngage 2025