<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

Fair Lending Risk Assessments: Everything You Need to Know

author
6 min read
May 20, 2025

Fair lending is a key focus for lenders committed to consumer protection and equity. Examiners continue to expect financial institutions (FIs) to demonstrate a strong, proactive approach. That means maintaining current, well-structured fair lending risk assessments.

So, what exactly is a fair lending risk assessment, and what should it include? This guide will answer key questions and outline the essential components to help your FI stay compliant and proactive.

Related: Top Takeaways from the 2024 Interagency Fair Lending Webinar

Table of Contents

What is a fair lending risk assessment?

A fair lending risk assessment is a structured review of an FI’s fair lending risk exposure. It aims to help teams understand inherent and residual fair lending risk, identify gaps in controls, highlight high-risk areas, and provide guidelines on mitigating risks. It also ensures that senior management and the board know any significant fair lending concerns.

A risk assessment typically consists of risks, controls, and control effectiveness assessments. Ultimately, the assessment asks, "What is the risk that our FI is discriminating against a protected class?"

Related: Fair Lending 101: Defining Fair Lending Audits, Risk Assessments, Self-Tests & More

How does a fair lending risk assessment work? 

Risk rating calculations for fair lending risk assessment include three key elements:

  • Inherent risk is the level of risk before any controls are applied. Products, services, market strategy, regulatory environment, and overall operations shape it.
  • Controls are the policies, systems, and procedures to reduce that risk, such as training programs and monitoring efforts.
  • Residual risk remains after those controls are considered.

Think of it like skydiving: Jumping out of a plane has a high inherent risk. But with a parachute and a trained guide (controls), the risk becomes manageable; that’s your residual risk.

Impact of Controls on Fair Lending Risk. When inherent risk is high and there are weak controls (depicted here as a small shield with a mouse icon), residual risk is high. When inherent risk is high and there are strong controls (depicted here as a large shield with a weight lifter icon), residual risk is lowerFair lending risk assessments differ by an FI’s size, products, and market. They usually involve reviewing policies, reports, training, exam results, data, and speaking with staff. The findings are shared in a report that outlines key risks, current controls, remaining risks, root causes, and practical, data-driven recommendations.

Related: Risk Management 101: Risk Assessments for Financial Institutions

Are fair lending risk assessments required? 

Any FI subject to fair lending laws should assess fair lending risk, including banks, credit unions, mortgage companies, indirect auto lenders, mortgage servicers, and other third parties involved in the lending process.

While no mandated format or specific tool is required, regulators expect institutions to assess fair lending risk. Each agency has its approach, so it’s essential to understand your primary regulator’s expectations and adhere to provided guidance, such as the Interagency Fair Lending Examination Guidelines. Fair lending laws also vary by state, so following the latest enforcement actions and receiving regulatory updates relevant to your FI’s services and geographic area are crucial.

Related: How to Keep Up with State Regulations

Who performs a fair lending risk assessment?

A fair lending risk assessment can be conducted internally or with support from a qualified third party. While regulators don’t mandate who leads the assessment, they will consider the credibility and objectivity of the individual or team conducting it. Internal compliance teams are well-positioned to lead these efforts, but it’s important to recognize that blind spots can exist, especially when risks are not yet fully surfaced.

Whether assessments are conducted in-house or with external support, they must be rigorous, well-documented, and aligned with regulatory expectations.

Related: To support compliance professionals in their work, Nrisk has tools, templates, and outlines designed to help FIs identify and evaluate fair lending risks thoroughly.

How often should my FI perform fair lending risk assessments?

Experts recommend conducting a fair lending risk assessment annually or more frequently when significant changes occur. These changes may include mergers, new products, market expansions, regulatory updates, increases in fair lending enforcement actions, product complexity, or exam findings. Annual assessments help FIs stay ahead of regulatory scrutiny and maintain a clear view of evolving risk, which is increasingly essential in a dynamic risk environment.

The good news is that fair lending analytics software can dramatically speed up the time for reviews, especially when the software comes with quarterly meetings with a fair lending expert.

What are the key areas of fair lending risk?

At a high level, your assessment should cover:

  • Inherent risk, mitigating controls, and residual risk
  • Control effectiveness assessments to evaluate how well the controls are mitigating identified risks
  • Each stage of the lending process across all loan types, not just Home Mortgage Disclosure Act (HMDA)-reportable loans
  • Your overall fair lending compliance management program, including governance and controls
  • Risks identified by regulators, prior exams, or past assessments

Key lending process areas to evaluate include:

  • Redlining is the illegal practice of denying or avoiding credit services in specific neighborhoods based on race, ethnicity, or other prohibited characteristics. You must evaluate your REMA (Reasonably Expected Market Area) and youmarketing and lending activity in majority-minority tracts.
  • Marketing and advertising should ensure that your marketing materials and channels reach all segments of your service area fairly without discouraging or excluding protected classes.
  • Steering refers to directing applicants to specific products, loan terms, or branches based on a protected characteristic. It ensures that borrowers have equal access to all appropriate credit options.
  • Pricing involves the interest rates, fees, and terms offered. Analyze whether similarly situated borrowers receive consistent pricing regardless of protected characteristics.
  • Underwriting is the process of evaluating loan applications for approval. Review policies and decisions — including those related to withdrawn and declined applications — to confirm that creditworthiness is judged without bias or discretion.
  • Servicing and loss mitigation cover account management after loan origination, including payment processing, customer service, and default handling. They also ensure fair treatment in hardship assistance, loan modifications, and collections practices.

When evaluating your compliance management system, consider policy management, monitoring and reporting, board and management oversight, pre-rollout product and service reviews, data analysis, and staff training.

Related: What is a Fair Lending Compliance Management System (CMS)?

Other risk factors to consider in your risk assessment

Regulatory compliance

  • Regulation B (ECOA): Consider individual and joint credit application practices, the accuracy and timeliness of action taken notices, and procedures for the monitoring and testing of compliance with fair credit decisions and practices.
  • Fair Housing Act (FHAct): Ensure your practices align with equal housing opportunity (including credit provided for housing) for protected classes, including persons with disabilities.
  • Regulation (HMDA): Confirm that Government Monitoring Information (GMI) and loan information are accurately and consistently collected and reported for reliable fair lending testing.

Lending channels and best practices

  • Indirect auto lending: Review practices for consistency and fairness, especially if third parties are involved.
  • Fintech partnerships: Assess how digital platforms and algorithms impact access and outcomes for protected classes.
  • Third-party relationships: Evaluate vendor and realtor oversight to ensure third parties follow fair lending laws.

Related: Is Your FI Complying with Fair Lending Laws? - Leverage Analytics

Pricing and staff

  • Employee and loan officer compensation: Ensure compensation structures do not incentivize discriminatory practices.
  • Loan Originator Office Location: Confirm that your loan origination staff is located in branches that will allow them to sufficiently serve majority-minority tracts. Recent consent orders call out the need for Loan officers to be in and/or assigned to MMCT branches and neighborhoods.
  • Pricing Exceptions: Confirm that borrowers are being priced (and fees applied) fairly and in accordance with policy.

High-risk areas 

  • Discretion: Policies or procedures that allow subjective decision-making can lead to inconsistent outcomes and fair lending risk.
  • Exceptions: Exceptions to policy, particularly in underwriting or servicing, should be tracked, explained, and monitored for patterns that may suggest bias.

Do all fair lending risk assessments include analysis?

Not all fair lending risk assessments include a complete data analysis, but it’s a critical tool for identifying potential discrimination. Disparities — differences in outcomes between a control group and a protected class — often reveal risks. While disparities don’t always indicate bias, data analysis is the only way to uncover and address potential issues.

My fair lending risk assessment identified risks — what do I do?

Don’t wait — take immediate action.

  • Report findings to your fair lending or compliance committee, senior management, and the board to ensure organizational awareness.
  • Prioritize identified risks based on their potential impact and likelihood, addressing the most critical areas first.
  • Determine the root cause of each finding to understand the source of the issue.
  • Update the risk assessment to add or modify risks and controls and re-evaluate the control effectiveness based on the changes.
  • Review and update related policies and procedures to align with the revised risk assessment and control environment.
  • Develop and implement tailored action plans for each risk, with clearly defined roles, responsibilities, and timelines.
  • Regularly monitor the effectiveness of corrective actions and adjust as necessary to maintain compliance and reduce fair lending risk.

The right automated fair lending software can streamline many tasks, from analyzing data to reporting.

Know what to look for in a solution? Review our buyer’s guide to get industry-specific expert advice on fair lending software.

Download Now


Subscribe to the Nsight Blog