Compliance Blog

Hi all! For those of you whom I have not yet had the pleasure of working with, my name is Jennifer Aguilar. I joined NAFCU's compliance team last month and am excited to be part of such a great team. I look forward to working with all of you in the near future!

As I am sure most of you know, HMDA's new rule begins to go into effect next year. With this year's reporting deadline in the rearview mirror, some of you may now be focusing on developing new procedures to ensure your credit union's compliance with the new HMDA rule. Last week, Nationstar Mortgage LLC was fined $1.75 million for failing to have proper HMDA compliance procedures in place. In light of this consent order and given that many are in the process of implementing new HMDA rules, I thought it would be useful to provide some information on what the CFPB considers "reasonable procedures."

HMDA Reporting Requirements. HMDA requires credit unions to collect certain "data regarding applications for, and originations and purchases of, home purchase loans, home improvement loans, and refinancings." See 12 C.F.R. § 1003.4(a). The data is collected throughout the year and reported on a loan/application register (LAR). The CFPB's HMDA Resubmission Schedule and Guidelines permit a certain percentage of errors in the reported data based on the number of LAR entries:

When a credit union submits data with an error rate above the permissible rate, the CFPB can require the credit union to correct and resubmit its data. In addition, the credit union may also be subject to an enforcement action for its HMDA violations. Section 1003.6(b) states that errors are not a violation of HMDA when the error was unintentional and the credit union "maintains procedures reasonably adapted to avoid such errors."

Nationstar Mortgage LLC. According to the Consent Order, Nationstar Mortgage (Nationstar) submitted LARs in 2012, 2013, and 2014 with error rates of 13%, 33%, and 21%, respectively. The CFPB found that Nationstar's HMDA compliance procedures were deficient in the following ways:

• No detailed and centralized data collection and validation procedures;
• Not clearly and consistently defining, with specificity, employee roles and responsibilities for data collection and reporting;
• Not performing tests, audits, or transaction tests of data;
• Allowing inconsistent data definitions among different lines of business;
• Inadequate monitoring of vendors; and
• Not implementing adequate measures to detect and prevent deficiencies.

As a result, Nationstar was required to review and correct its data for 2012, 2013, and 2014; develop a compliance plan that would ensure future HMDA compliance; and pay a civil money penalty of $1.75 million.

The Consent Order also outlined the minimum requirements of the compliance plan. Nationstar agreed to include steps to develop, implement, and maintain:

• Improvements to policies, procedures, and internal controls to ensure HMDA compliance;
• Improvements to programs that regularly test data integrity and instituting prompt corrective action to address errors;
• Improvements to operating policies and training procedures to ensure proper training at the beginning of employment and repeated at recurring intervals. Training should include HMDA reporting requirements and job-specific responsibilities to ensure accurate reporting;
• A compliance audit program led by an internal audit department.

This consent order provides an example of unreasonable procedures, but what exactly are reasonable procedures? The CFPB takes an institution-specific approach in determining whether a credit union's HMDA procedures are reasonable. In Bulletin 2013-11, the CFPB stated that compliance procedures should be based on the "scope, complexity, and size" of the institution's lending operations. The Bulletin also points out some features of an effective compliance program:

• Comprehensive policies, procedures, and internal controls to ensure on-going compliance with the collection and reporting requirements;
• Comprehensive and regular internal, pre-submission audits, to test and evaluate data accuracy, including recommendations for corrective action;
• Reporting systems that are appropriate given the volume of the institution’s lending operations;
• Individuals assigned responsibility for oversight, data entry, and data updates, including timely and accurate reporting of data;
• Appropriate, sufficient, and periodic training to ensure that responsible personnel understand HMDA and Regulation C standards and reporting requirements;
• Review regulatory changes;
• As appropriate, board and management oversight.

Additionally, reviewing the requirements for Nationstar's compliance plan can provide insight into what the CFPB looks for in reviewing compliance procedures.

Looking Forward. During the rulemaking process for the 2015 HMDA rule, the CFPB considered changes to section 1003.6. The CFPB received a number of comments related to data errors such as:

• New error guidelines are needed, especially since the number of individual data points will be significantly increasing under the new rule;
• Despite the importance of accurate data, the CFPB should continue to allow a certain percentage of errors given the number of people involved in the loan process and the costs of ensuring accurate data; and
• The CFPB should recognize that not all errors are due to deliberate omissions or deficient systems and that certain errors, such as judgement and data input errors, cannot be completely eliminated.

Ultimately, the CFPB decided that it could better address these concerns through its supervisory and enforcement powers rather than its rulemaking powers.