What Went Wrong? CFPB Fines Bank $200,000 for HMDA Errors
Last week we answered all your most frequently asked questions about scrubbing Home Mortgage Disclosure Act (HMDA) data. This week we bring you a reminder that the consequences of failing to submit accurate HMDA data are steep—in this case, $200,000.
That’s the size of the civil money penalty the Consumer Financial Protection Bureau (CFPB) ordered a bank in Washington state to pay in a settlement alleging the bank violated HMDA (implemented by Regulation C) and the Consumer Financial Protection Act of 2010 (CFPA) by submitting mortgage-loan data riddled with errors. The bank will also have to develop a HMDA compliance management system.
The CFPB comes down hard on inaccurate HMDA data submissions because it interferes with the whole purpose of collecting data. HMDA data is collected so that both regulators and the public can uncover and take steps to stop home mortgage lending discrimination. It also helps determine if the credit needs of a community are being met. Inaccurate data results in an inaccurate analysis.
Let’s take a closer look at this penalty and what went wrong.
How Bad Were the HMDA Errors?
The bank did not make just a few errors—they made many.
An internal audit of the bank’s 2016 HMDA Loan Application Register (LAR) identified 40 errors in the 100 files that were selected for testing. That is a 40 percent error rate! 2017 was not any better. The CFPB’s review of 84 files in the inf 2017 HMDA LAR found 27 files with 58 errors—a 32 percent sample error rate, the CFPB says.
Even when the bank resubmitted its 2017 HMDA LAR, there were still significant errors that exceeded thresholds. The CFPB reviewed 81 files and found 21 errors in 13 files—a 16 percent sample error rate.
Why Did the CFPB Come Down So Hard?
You know that old expression, “Fool me once shame on you, fool me twice, shame on me?” Well, the CFPB has no intention of looking the other way when it comes to HMDA LAR data. The bank, on the other hand, appears to have not been taking data reporting seriously.
The bank was already under a 2013 CFPB consent order for violating HMDA and Reg C. That order required the bank to review, correct, and resubmit its 2011 HMDA LAR. With that order came a $34,000 civil money penalty.
When the CFPB discovered problems again, it was not in a forgiving mood. The CFPB concluded that “the errors were intentional and not bona fide errors.” Based on past performance, the bank knew there was a problem and it didn’t correct it. The CFPB says the bank should have implemented and maintained a CMS designed to avoid HMDA LAR errors.
A Flawed HMDA Compliance Management System
There was no single field that was identified as the cause of the HMDA data errors. The CFPB suggested that “broad CMS failures” and “lack of adequate resources” were the reasoning behind their conclusions. The multiple errors in many fields—not just one or two—and the lack of QC processes did not allow for timely identification and correction. These issues provided the CFPB with enough information to show the bank did not have an adequate system of monitoring controls to promptly identify and correct weaknesses and violations.
More specifically, in a recent consent order, the CFPB blamed the errors in the 2016 HMDA data on:
- Lack of appropriate staff
- Insufficient staff training
- Ineffective quality control
The 2017 errors were due to CMS weaknesses in:
- Board and management oversight
- Policies and procedures
When it came to 2017 resubmission, the bank relied on an incorrect policy, which directly led to errors.
Related: HMDA Violations Thrive in Weak CMSs
HMDA CMS Changes Required
The CFPB is demanding that these systemic shortfalls be remedied. The bank must develop, implement, and maintain a:
- HMDA compliance management system (CMS). Includes policies, procedures, and internal controls.
- Compliance audit program Regularly tests HMDA data integrity.
- Operating policies and training procedures. Ensures staff understanding of HMDA standards and reporting requirements.
3 Tips for Preventing HMDA Data Errors
How could this bank have prevented HMDA data errors and the civil money penalty?
1. Having a strong compliance management system that includes HMDA. The CFPB said the bank needs a HMDA compliance management system, but I wonder if it’s possible the bank needs a bank-wide CMS makeover. A good CMS would have helped the bank realize that its HMDA policies, procedures, and internal controls were weak or nonexistent. It makes me wonder: If there has not been strong oversight of HMDA, where else is compliance weak? This sounds like a problem that may need to be solved from the top.
2. Better findings management. Findings are serious. Findings from bank examiners are deadly serious. How is it that the bank did not successfully track remediation? It sounds like it needs a more formalized findings management system. If something this big fell through the cracks, what else has been overlooked and may come back to haunt them?
3. Use transmittal software that flags errors. Wouldn’t it be nice if there was a way to flag HMDA data errors before you upload your data? There already is! HMDA transmittal software can identify potential errors, letting a financial institution know that it needs to take a second look at its data and maybe even scrub it again. One simple product could have served as a final internal control.
Do you worry that your policies and procedures are not up to the task of ensuring compliance when it comes to HMDA, CRA, fair lending or any other area? Download our whitepaper, Policies as a Power Tool: Creating Policies that Get the Job Done.