Disclosure of publicly identifiable information
by a cyberattack could trigger penalties under the
Gramm-Leach-Bliley Act. It requires the Federal
Trade Commission and other government agencies
to oversee the Act's financial privacy provisions.
FIVE LENDING WARNING SIGNS
Bank and non-bank lenders will need to capture
and report massive amounts of new data to stay in
compliance with changing HMDA rules. To prepare,
lenders should think though the warning signs
indicating potential fair lending weaknesses.
1. Data collection. Inaccurate data collection
could incur financial penalties and enforcement
actions. Having accurate data won’t be a safe
harbor if discrimination is found.
2. Data capture. Some core vendors will find it
difficult to capture the new data. Their systems
will need to be totally revamped.
3. Hiring and training. Are there ongoing violations
in certain branches or regions of the country?
If so, it may indicate a problem with hiring and
4. Lending practices. Are there disparities in your
acceptance/rejection of loan applicants and the
rates offered, beyond credit scores? Are certain
neighborhoods excluded from direct mail offers?
5. Marketing. Is your marketing compliant? Do loan
offers include local minorities and non-English
SIX STEPS TO MEETING
NEW HMDA REQUIREMENTS
1. Conduct an HMDA gap analysis or risk
assessment. Analyze the current HMDA
compliance program, taking a fresh look at
policies and procedures, training, and audit
practices to determine whether systems are
currently in compliance.
2. Ask vendors about their plans to meet new
HMDA requirements. Will they implement the
rules in a timely fashion or give new meaning to
the phrase “stress tests”?
3. Formulate a plan to close gaps based on
analysis. Should more people be included
in training? Is the training curriculum robust
enough? Is anything lacking?
4. Conduct HMDA data reviews. Every lender
should check data accuracy by performing
analyses and validating data accuracy.
5. Conduct ongoing monitoring. The compliance
system should be checked periodically to see
whether it works as intended. If not, lenders will
need to find the root cause of error. Was it a
system glitch? Training?
6. Establish regular internal and external audits.
Internal and external audits often uncover errors
not found by internal monitoring. They also
look at things through an examiner--rather than
A KEY PRIORITY FOR CFPB
Mortgage lending continues to be a priority
for the CFPB’s Office of Fair Lending, both in
supervision and enforcement. It’s focused on HMDA
data integrity and potential fair lending violations in
redlining, underwriting, and payments.
Examiners generally conduct two levels of
analysis: a baseline and regression analysis. If
anomalies are found in the baseline, they conduct
a regression analysis well before visiting a lender.
HMDA rule changes will provide them with every
characteristic used to underwrite and price a loan.
From there, they’ll be able to drill down further to
weed out or find further disparities. By the time
examiners show up at the door and ask for files,
they already have formed an opinion and simply are
looking for confirmation.
If they can prove discrimination, the next steps
include a consent order, enforcement actions, and
potential Department of Justice referral. Fines,
penalties, and settlements then become part of
the public record, thereby creating additional
reputational, legal, and financial risk. In 2015, fair
lending supervisory and public enforcement actions
against financial institutions generated nearly
$110 million in remediation and other monetary
DEVELOPING A SUSTAINABLE
Larger institutions generally have robust fair-lending systems, which sometimes can lead to
complacency and inadvertent violations. These