Compliance Blog

Written by Eliott C. Ponte, Law Clerk

It is that time of the year! The bees are buzzing, the cherry blossoms are blooming, and people from weird sounding companies are demanding your credit union send them your public Home Mortgage Disclosure Act (HMDA) data. Yea, that third thing only happens to compliance officers! As people who support compliance officers, we here at NAFCU have noticed an uptick in questions relating to disclosing modified HMDA information to private for-profit companies who plan to use this data to make more money. Thus, I thought it would be a good topic to blog about.

Avid readers of this blog and NAFCU certified compliance officers are aware that Regulation C implements the requirements of the HMDA, which requires certain credit unions and credit union service organizations to report data about home purchase and home improvement loans they originate, purchase, or for which they receive applications. Some credit unions are exempt from this reporting requirement, but for brevity, I do not discuss exemptions in this post. For those of you who are not exempt (you and the companies requesting your data know who you are), you may receive one or two letters from various companies demanding that your credit union transmit your 2013 modified HMDA information immediately.

Who are these companies and what do they want with your data?

If you ask an employee from one of these companies to describe what its company does, he/she will say that their company is a privately held corporation that conducts research for, and on behalf of, their interested clients, consumer groups, and the industry. They might also highlight that they produce articles, or “white papers,” from this data that is used by everyone in the industry. I, however, would describe them a little differently: these companies are private research/marketing companies that operate under the guise that they are researchers interested in writing “academic” or “white papers” on the data they collect. Moreover, these companies collect and compile data submitted by your credit union, other credit unions, banks, etc., to resell to third parties. The information is then used by purchasers for various things. For instance, industry analysis’s may use the information for publication, consumer groups use the information to monitor the directions of the market, and large banks or other lenders use the information to see what might be a new source revenue or to target loans to purchase. Either way you look at it, the company is interested in your data because it can make money. But hey, this is America and our capitalistic drive is what makes this country great.

Now to the burning question: Does my credit union have to comply with the request?

The short answer: Yes, you are required to disclose modified HMDA information to the public, but not in the manner these companies describe. According to 12 C.F.R. Part 1003.5(c), modified HMDA information is to be made available to the public, which would include these privately held companies that seek to compile the data to resell to third parties. Moreover, your credit union is required to “make its modified register available following the calendar year for which the data are compiled, by March 31 for a request received on or before March 1, and within thirty calendar days for a request received after March 1^st.” 12 C.F.R. Part 1003.5(c). That is, you have to disclose this information unless the company withdraws its request (I explain more below).

So what kind of data must you prepare to disclose to these companies?  According to the regulation, your credit union must disclose modified HMDA information.” Modified HMDA information is described in the regulation as the information found in its loan/application register “after removing the following information regarding each entry: [1] The application or loan number, [2] the date that the application was received, and [3] the date action was taken.” 12 C.F.R. Part 1003.5(c). How you disclose this data, however, is a business decision to be made by your credit union.  The regulation only requires that the information is made available in your credit union’s office for inspection and copying.  12 C.F.R. Part 1003.5(d),

The companies requesting the data would like you to believe that your credit union must submit the data electronically, perhaps via email or disk. While the regulation does require credit unions to make their information available to the public, it does not state how the data needs to be transmitted. Thus, you could transmit the data by mailing them a paper print out and be in compliance with the regulation. Alternatively, your credit union could require that a representative of the requesting company travel to your credit union’s offices and make copies of the modified HMDA information.  Certainly, the companies requesting the data want your credit union to submit the data electronically because it is simpler and more cost effective for them, and your credit union may find that transmitting the data electronically is cheaper and more efficient; nevertheless, the choice is with your credit union to determine the best way to transmit the data. 

If you think preparing or mailing this information is a cost your credit union should not bear, there is a regulation for that! Specifically, 12 C.F.R. Part 1003.5(d), which states:

(d) Availability of data. A financial institution shall make its modified register available to the public for a period of three years and its disclosure statement available for a period of five years. An institution shall make the data available for inspection and copying during the hours the office is normally open to the public for business. It may impose a reasonable fee for any cost incurred in providing or reproducing the data.

Thus, your credit union can require the company send your credit union payment to cover the reasonable costs in preparing the requested data. Reasonable costs is not defined in the regulation or in the staff commentary, thus the credit union will have to use its best judgment when requesting reasonable costs. 

If your credit union is hesitant to give its modified HMDA information to a private company that may take your data and sell it to third parties, requesting reasonable fees to be paid prior to the transmission might cause the requesting company to withdraw its request. For instance, before your credit union sends the modified HMDA information, your credit union should determine the costs associated (i.e., the postage to ship, the cost to print, etc.) and send a letter that requests the reasonable costs be paid to the credit union. If the requesting company does not respond, your credit union would need to make a business decision as to whether the company’s lack of response is a withdrawal of their request for the modified HMDA information. Of course, your credit union should document your request (save copies of the letter, note the time and date of any phone calls, etc.).

In sum, you credit union is not required to send modified HMDA information to these companies, but is required to disclose this information to the public.  How your credit union discloses this information is a business decision.   In addition, your credit union is neither required to bear the costs of transmitting/coping the information, nor must comply with how the information is sent to the company, if it chooses to send the information to the company.