NCUA: HMDA Violations Thrive in Weak CMSs
Why do Home Mortgage Disclosure Act (HMDA) Loan Application Register (LAR) violations happen?
Weaknesses in compliance management systems (CMSs), according to Matthew Nixon, program officer in the National Credit Union Administration’s (NCUA) Office of Consumer Financial Protection.
Presenting his HMDA review observations during the 2019 Fair Lending Interagency Webinar last month, Nixon ran through five common violations and how a deficient CMS leads to the issue.
Before we talk about what CMS failures are most likely to result in these violations, let’s do a quick rundown of the elements of a CMS.
The primary functional regulators agree that there are two essential categories in a good CMS:
- Board and management oversight of change management, including:
- Knowledge of and commitment to the CMS.
- Effective change management process.
- Risk management.
- Self-identification and corrective actions.
- A compliance program, including:
- Policies and procedures.
- Monitoring and audit programs.
- Complaint resolution.
[Related Article: How to Buy CMS Software: 7 Key Features Every CMS Needs]
A Deeper Look at the Causes of 5 Common Violations
Who's Loan is It?
Sometimes there are multiple parties involved in originating a loan. In that case, the party responsible for making the credit decision is supposed to do the reporting. This ensures that an institution’s Fair Lending evaluations include only data for loans it actually made.
CMS Weakness: Why doesn’t this always happen? Nixon points to poor board and management oversight and lackluster compliance audit.
Both the board and management must be knowledgeable and committed to the CMS, encouraging a culture of compliance and allocating sufficient resources. There should also be comprehensive, timely, and successful systems for identifying and measuring compliance risk.
When an institution fails to report its loans or reports loans it didn’t make, these basic errors suggests a systemic problem that starts at the top and percolates down into a culture with a devil-may-care attitude towards discovering and correcting mistakes.
Pre-qualifications vs Preapprovals
FIs can be dinged for failing to report every required transaction. They can also be dinged for reporting the wrong transactions.
This is sometimes the case when it comes to pre-qualifications, which are not considered applications under HMDA. Pre-qualifications should not be reported, but preapprovals should be. When pre-qualifications are reported, it leads to LARs with missing data elements that could distort data analysis.
CMS Weakness: Poor training and failing to monitor and take corrective action.
Compliance training should be comprehensive, timely and tailored to staff job duties. This kind of oversight suggests staff wasn’t trained on the difference between pre-qualifications and preapprovals.
Meanwhile, management should be able to proactively identify compliance deficiencies, including violations of law or regulation, and then take prompt corrective action.
When Is a Loan “Withdrawn?”
An application is only officially withdrawn when the applicant expressly withdraws it before a credit decision is made. If a credit decision has been made, the loan should be reported as “denied” or “approved but not accepted.”
Improperly labeling loans can, once again, distort data analysis.
CMS Weakness: Mislabeling loans can be the result of poor training or failure to complete a thorough compliance audit.
Getting Race, Ethnicity & Sex Information Wrong
An analysis is only as accurate as the data inside it. When there are inconsistencies in the LAR, information about race/ethnicity is left out or there is only one entry when there should be more than one, it taints the data and the Fair Lending analysis.
CMS Weakness: Monitoring and corrective action and compliance audit.
Reporting the Correct NMLSR
Here’s another example of confusing the responsibilities of the originator. The loan originator’s Nationwide Mortgage Licensing System and Registry (NMLSR) ID should be reported. If an institution didn’t actually originate the loan, its NMLSR doesn’t belong on the LAR.
CMS Weaknesses: Training and compliance audit.
Ntrupoint Viewpoint: Having a strong CMS is the best defense against HMDA violations. Not only must there be a process for collecting, reviewing and submitting HMDA data, there must also be processes and controls to ensure data is accurate, training to ensure employees understand how to classify data, systems for identifying risks and weaknesses, and an appetite for self-identifying and correcting errors. This is only possible with the cultural and financial support of the board and management.
One method for self-identifying errors is analyzing your HMDA data and comparing it to peer groups. If you see a surprising trend or a comparison that just doesn’t make sense, it could indicate that you misreported data and it’s skewing your results.
As always, we are here to help identify disparities, reduce risk and answer all your HMDA questions. For more information on the 2018 HMDA Peer Data, download our Fast Facts Guide!