Overview of HMDA

HMDA requires covered financial institutions to disclose information about their mortgage lending practices to regulators and the public. HMDA does not prohibit any mortgage lending practices or dictate how or when lending may occur. Yet the consequences of failing to comply with HMDA can be severe.

Federal and state agencies, and community “watch dog” organizations, depend on the availability of consistent, complete and accurate HMDA data to monitor and assess institutions’ compliance with the Equal Credit Opportunity Act, the Fair Housing Act and the Community Reinvestment Act (CRA), as well as state laws targeting the fair and equitable treatment of customers and serving the public good. This reliance on HMDA data is sure to increase with the addition of more detailed reporting. Because HMDA is closely related to laws aimed at serving the public good, violations of HMDA present a heightened risk of reputational harm, and systemic failures are increasingly likely to result in a cease-and-desist order.

Congress has revisited HMDA just twice since its enactment in 1975. Amendments made pursuant to the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 required covered institutions to collect and report new “data points” on borrower characteristics. In 2010, the Dodd-Frank Act transferred rulemaking authority for HMDA to the CFPB, expanded the reporting of “data points” on borrower characteristics, and authorized the CFPB to create additional reporting requirements through amendments to Regulation C, which implements HMDA.

Revised Rule

The CFPB finalized amendments to Regulation C in October 2015 with the stated goals of improving the HMDA data collected and streamlining and modernizing the manner in which financial institutions report that data. The bureau issued clarifications to the amendments on August 24, 2017. Although most of the revised requirements will go into effect on January 1, 2018, changes in the coverage of depository institutions became effective on January 1, 2017, and other changes will become effective in 2019 and 2020.

As discussed below, the volume and detail of additional information that institutions will need to begin collecting and reporting as of January 1 greatly exceeds what is currently required.

Who Reports HMDA Data?

The applicability of HMDA is triggered by an institution’s total asset size, location and other conditions. Covered institutions must collect and report information on their mortgage lending practices to the Federal Financial Institutions Examination Council (FFIEC), which administers the HMDA reporting process.

After screening covered institutions’ submitted Loan Application Register (LAR) data for errors, the FFIEC publishes the data online and makes copies available on CD-ROM. Covered institutions also are required to make LAR information available to the public upon request. After January 1, 2018, institutions will no longer be required to provide LAR data directly to the public. Rather, persons seeking HMDA information will be directed to a CFPB website where the information will be available.

The HMDA Rule modified the factors that trigger when a lender is covered by Regulation C. Under the revised regulation, all mortgage lenders fall into one of two types of covered institutions: (1) depository institutions (i.e., banks, savings associations and credit unions) or (2) non-depository institutions. Before January 1, 2017, all depository institutions were covered by Regulation C without exception. Under the revised regulation, a depository institution is only covered if it (1) meets the asset size, location, federally related, and loan activity tests stated in the regulation and (2) originated at least 25 home purchase loans (including refinancings) in both 2015 and 2016.

For non-depository institutions, effective on January 1, 2018, Regulation C will only apply if the institution (1) originated at least 25 covered closed-end loans or made at least 100 covered open-end lines of credit in both 2015 and 2016 and (2) meets the regulation’s location test (i.e., maintained a home or branch office in a metropolitan statistical area [MSA] during the reporting period).

For all financial institutions, the threshold number of home equity loans that triggers HMDA reporting has been increased from 100 loans to 500 loans for calendar years 2018 and 2019 as a result of clarifications to the HMDA Rule issued by the CFPB on August 24, 2017. For reporting years after 2019, the CFPB will either make the 500 loan threshold permanent or initiate an additional rulemaking to establish some other threshold.

General Requirements and New Data Points

All covered institutions must maintain a Loan Application Register (LAR). Under the existing reporting requirements, an institution must record information to its LAR regarding applications for, and originations and purchases of, three categories of mortgage loans: (1) home purchase loans, (2) home improvement loans and (3) home mortgage refinancings. The revised regulation more than doubles the number of data points that are required to be recorded from 23 to 48.

New or revised data points include, but are not limited to, applicant or borrower age, credit score, unique loan identifier, property value, application channel, points and fees, borrower-paid origination charges, discount points, lender credits, loan term, prepayment penalty, non-amortizing loan features, interest rate, and loan originator identifier. Covered institutions must also collect and report on the following data points under the existing regulation:

  • date of application

  • loan type

  • property type (single-family, multifamily)

  • loan purpose

  • occupancy of the mortgaged property (owner occupied or non-owner occupied)

  • loan amount

  • request for preapproval (if applicable)

  • credit action taken, including date of action

  • location of property (state, county, MSA and census tract)

  • ethnicity of borrower(s) (i.e., Hispanic or non-Hispanic)

  • race of borrower(s)

  • gender of borrower(s)

  • gross annual income of borrower(s)

  • if the loan was sold in the secondary market after origination, type of entity of purchaser

  • if the loan was denied, the reason(s) for denial (this field is optional for entities not regulated by the Officeof the Comptroller of the Currency)

  • rate spread (i.e., a reporting metric that compares the rate the borrower received to the prevailing rates in effect at the time of their loan application)

  • whether the loan is subject to the Home Ownership and Equity Protection Act of 1994

  • lien status (first or second lien).

These existing requirements have also been amended, and the revised rules and forms for collecting information on borrower characteristics concerning race, ethnicity and sex, which are collectively known as government monitoring information (GMI), are especially noteworthy due to the increased level of detail and complexity. Specifically, beginning next year, borrowers will be able to provide considerably more information regarding their race and/or ethnicity. For example, borrowers who identify themselves as Hispanic will have the option of indicating whether they are Mexican, Puerto Rican, Cuban or other, and the latter could include any specified ethnicity. Similarly, new options available to borrowers for self-identifying their race will include numerous subcategories. For example, borrowers who identify themselves as Asian will be able to disclose whether they are Asian Indian, Chinese, Japanese, Filipino, Korean, Vietnamese or “Other Asian.” In this regard, the revised regulation places no limits on the number of categories and subcategories a borrower may disclose. Finally, borrowers will be able to identify themselves only as Mexican, for example, and not identify their race.

As is currently the case, if a borrower declines to provide GMI during a face-to-face loan application, revised Regulation C allows the loan officer to record the borrower’s race or ethnicity based on visual observation. However, in such cases, the loan officer may not record his or her visual observations with respect to any of the newly added subcategories for race or ethnicity.

Although revised Regulation C does not require institutions to begin using the new GMI collection forms until January 1, 2018, institutions may deploy them sooner to assist loan officers in getting acquainted with them. In this regard, although the timing of most of the changes to Regulation C is determined based on when the loan decision occurs (e.g., loan applications received in late December 2017 may not be processed until January), the new rules for GMI will apply to all applications received on or after January 1.

Requests for Preapproval

Requests for mortgage loan preapprovals are only subject to reporting if the request resulted in a denial or an approval, or if the preapprovals were not accepted by the applicant. Reporting a preapproval that the applicant declined remains optional until January 1, 2018, after which reporting will be mandatory. (Note: a preapproval request that results in making a loan is likewise recorded, but is recorded as a loan instead of a preapproval.)

No reporting is required for preapproval requests involving (1) applications that were withdrawn or closed for incompleteness or (2) loans purchased from other institutions. Effective January 1, 2018, revised Regulation C will expressly exclude preapproval requests involving open-end lines of credit, reverse mortgages or loans secured by a multifamily dwellings.

Rate Spread

The rate spread — i.e., the difference between the annual percentage rate (APR) offered and the average prime offer rate (APOR) available in the market for a comparable transaction — is another data point where covered institutions will see significant changes to their reporting requirements. Specifically, under the existing rules, institutions are only required to record the rate spread if the subject loan’s APR exceeds the APOR by a certain percentage. Beginning on January 1, 2018, the rate spread will need to be reported for most loans. As a result, it is very important to understand how the rate spread is calculated.

The rate spread can be determined manually or by using the FFIEC’s online Rate Spread Calculator. The FFIEC’s website also provides APOR tables and a batch rate spread calculator for multiple loan calculations.

If an institution chooses to compute the APOR manually, it must first identify comparable transactions. For fixed-rate loans, the stated term (e.g., 15 years) is used to identify comparable loans. For open-end lines of credit and other loans without a defined term, loans with a 30-year fixed rate may be used as comparable transactions. For variable-rate loans, the initial period during which the APR will remain fixed must be treated as the “term” for purposes of comparisons. Finally, if the term in question does not involve whole years, the term must be rounded to the closest whole year for comparison purposes (e.g., 10 years and three months would be rounded to 10 years).

Once comparable transactions have been determined, the rate “set date” must be identified. This is typically the date on which the institution set the loan’s interest rate for the final time before closing. The final step in determining the APOR is to identify the most recent APOR as of the rate set date. These rates can be found in tables published on the FFIEC’s website.

Type of Purchaser

As noted above, effective January 1, 2018, covered institutions must report the type of purchaser for each reportable loan sold subsequent to origination or, if the loan was not sold, during the calendar year. In particular, it must be reported whether the loan was purchased by Fannie Mae, Ginnie Mae, Freddie Mac, Farmer Mac, private securitizer, commercial bank, savings bank, savings association, credit union, mortgage company, finance company, life insurance company, affiliate institution, or other type of purchaser. While this data point is fairly straightforward, there are some nuances that warrant further explanation.

If the institution knows or reasonably believes that the loan will be securitized by the purchaser, the loan should be reported as being purchased by a “private securitizer.” A private securitizer is an institution other than the government-sponsored enterprises (Fannie Mae, Ginnie Mae, Freddie Mac and Farmer Mac). If the institution is not reasonably certain that the purchaser will securitize the loan, the loan should be reported as being purchased by the applicable type of entity. Another point to consider is whether the purchaser fits within some other reportable category and is also a private securitizer. In that case, the loan should be reported as being purchased by a private securitizer.

An “affiliate institution” is a company that controls or is controlled by the covered institution. If the purchaser of the loan is an affiliate, but also fits into another reportable category, the purchaser should be reported as being an affiliate.

Finally, the purchaser should be reported as “not applicable” under certain circumstances, including if the application was denied, withdrawn, closed for incompleteness, or approved but not accepted. Another situation in which “not applicable” should be used is if the institution sells a portion of the loan, but retains majority ownership. In this regard, if the institution does sell all, or the majority interest in, the loan, but to more than one entity, the entity that purchased the greatest share should be reported as the purchaser.

Loan Amount

Under the existing rules, the loan amount reported is rounded the nearest thousandth. Revised Regulation C modifies this data point and requires reporting of the entire loan amount, rounded to the nearest whole number. Note that this data point should be reported even if the loan does not end in origination. If the loan was denied, the amount that the applicant applied for is reported. If a counteroffer was made and accepted, the amount of the counteroffer would be reported. Finally, if the counteroffer was denied, the amount that the applicant initially applied for should be reported.

Manner and Frequency of Reporting, and Publication

Beginning in 2019, the FFIEC will only accept LAR data that is reported electronically, which is already the common industry practice. In addition, as of January 1, 2020, the frequency of reporting for certain larger institutions will increase from annually to quarterly.


The volume of revisions to existing HMDA reporting requirements that will take effect on January 1, 2018 is massive, and the requirements highlighted above represent only a portion of the impending changes. Compliance with the new rules will require careful planning and a thorough mapping of the necessary changes from existing reporting practices, which are likely deeply engrained from having been in place unchanged for decades. Pepper Hamilton has experience advising clients on mortgage-related matters, including HMDA. If you have any questions, please contact the authors or another member of the Financial Services Practice Group.

Pepper Points

  • HMDA data offers a window to regulators and the public with respect to how well an institution is serving the mortgage lending needs of its community and complying with fair lending laws that prohibit unlawful discrimination. As a result, the adverse consequences of any material failures to comply are likely to be significant, regardless of whether the failures resulted from a good faith lack of understanding.

  • The profile of an institution for fair lending or CRA purposes may look materially different when further details on its mortgage lending practice are considered. For example, it may be revealed that certain subcategories within larger ethnic groups are being excluded from receiving mortgage loans. Moreover, mortgage lending within an ostensibly racially integrated census tract may be shown as concentrated within a majority-white neighborhood. All covered institutions should be analyzing how the new HMDA data will impact how their lending performance will appear to regulators and the public post-January 1, 2018.

  • The inclusion in HMDA data of the borrower’s street address, credit score and other highly sensitive information may necessitate the strengthening of existing controls for protecting HMDA data against the risk of unauthorized access and theft. Institutions should consider limiting access to HMDA data to just those employees with a bona fide need to know.