Thursday, November 21, 2024

March 2019 OBA Legal Briefs

  • HMDA Reference Chart
  • Flood Update

HMDA Reference Chart

by Andy Zavoina

If your bank is a HMDA bank, congratulations, you’re a survivor and the 2018 Loan Application Register (LAR) is put to bed. I won’t mention that a first quarter review for 2019 is due in just a few weeks.

In a helpful way, the Consumer Financial Protection Bureau (Bureau) recently issued a resource document, the “Reportable HMDA Data: A Regulatory and Reporting Overview Reference Chart for HMDA Data Collected in 2019.” This reference chart may just help you out as you dig into this year’s HMDA records. The document includes changes to Reg C since HMDA was revised in 2015, through and including changes effective January 1, 2019, in accordance with the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA).  The latest Filing Instructions Guide (FIG) is referenced, and the document also includes information helping smaller filers know what to file as “not applicable” or “exempt.” This is an exemption applicable to the new data categories required by the Dodd-Frank Act and the HMDA rule as adopted by the Bureau when the bank’s applicable mortgage loans are below certain thresholds and certain Community Reinvestment Act rating criteria are met. More on this below, in case you are not sure if you meet the criteria. This chart does not replace the 2019 FIG, however, and it should be referenced for filing and LAR entry guidance as well.

As for banks qualifying for some LAR entry exemptions, there are several criteria which must be met. For closed-end mortgage loans, the partial exemption will apply if the bank originated fewer than 500 of these loans in each of the two prior calendar years.  For home equity lines of credit (HELOCs), the partial exemption will apply if the bank originated fewer than 500 HELOCs in each of the two prior calendar years.  The HELOC change will not initially affect reporting because, for 2018 and 2019, the threshold to report HELOCs is 500 transactions in each of those two calendar years under a temporary rule issued by the Bureau.

Even if your bank originates loans or HELOCS below the applicable threshold, HMDA’s partial exemption from reporting the new HMDA data categories does not apply if your bank received “Needs to Improve” rating during each of its two most recent CRA exams, or “Substantial Noncompliance” on its most recent CRA examination. Both the loan volume and CRA tests must be met.

The 2019 Chart provides information on how a lender opting to not report a Universal Loan Identifier for an application or loan under the exemption would report a Non-Universal Loan Identifier for the application or loan. It also includes additional guidance on reporting of the Credit Scoring Model and the reporting of the Automated Underwriting System result. The 38-page Chart may be found here: https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/cfpb_reportable-hmda-data_regulatory-and-reporting-overview-reference-chart-2019.pdf

Not related to the 2019 Chart, I’d like to bring out some recent HMDA and HMDA-related questions which may be of interest to bankers. The first addresses the new Uniform Residential Loan Application (URLA). Many bankers have asked when it should be used. The short answer is, beginning July of this year. According to Fannie Mae, as of February 26, 2019, it has published the final Direct Underwriter Specification of the test period, along with other updated resources supporting the redesigned URLA/Form 1003.

The URLA/Form 1003 is a standard form adopted by Fannie Mae and Freddie Mac (the Government-Sponsored Enterprises (GSEs

Fannie Mae also updated a FAQ page. Here are a few of importance to banks:
12) When will the GSEs require the updated AUS datasets to be delivered?

On February 1, 2020, lenders will be required to submit new applications using the updated AUS datasets based on MISMO v3.4. Applications received before February 1, 2020, that have not closed (e.g., loans for new construction) will be accepted in the existing data formats (1003 v3.2 flat file and MISMO v2.3.1 format for DU and the MISMO v2.4 for LP) until February 1, 2021, when only the datasets based on MISMO v3.4 may be submitted. This will provide lenders with the opportunity to close out their existing pipeline of loans which were previously submitted in the existing data formats.

An “Optional Use Period” for the updated AUS datasets begins on July 1, 2019, and ends on February 1, 2020. The GSEs recommend the industry use this time to:

  • Test POS/LOS updates
  • Test System dependencies to ensure the new data format flows through systems
  • Check Integration with the GSEs
  • Conduct training and plan for implementation rollout
  • Update policies and procedures as well as any customization they may need to do to support the new datasets.

Lenders may begin testing loan file submissions with each GSE at any time.

During the optional use period, the GSEs’ AUS systems will continue to accept the legacy formats (Fannie Mae: 1003 3.2 flat file, MISMO v2.3.1 / Freddie Mac: MISMO v2.4).

13) What should I be doing now to prepare for the redesigned URLA and updated AUS specifications?

The specific steps you should be taking at any given time will vary based on where your organization is in the planning and implementation process, but the following are some actions, at a high level, that will help you prepare:

  • Identify any data on the redesigned URLA that you do not currently collect and develop a plan to obtain that data.
  • If you use a technology solution provider, reach out to them to ensure they have copies of the updated AUS specifications. Determine the type and timeframe of testing you need to conduct with your vendor and work with them to understand when they expect to be ready to produce and receive the new data interface files. Remember, you are not mandated to start submitting loan application submission files to the GSEs’ AUS systems until February 1, 2020.
  • If you maintain your own system, work with internal technical and business analysts to scope and schedule the tasks necessary to process the updated AUS specifications.
  • Regularly check each GSE’s URLA/ULAD web page for additional updates to the AUS specifications to ensure you are using the most recent version. Reach out to your GSE representatives, as needed, to confirm requirements and arrange testing with the GSEs.

24) Can a lender submit the current AUS formats with the redesigned URLA? UPDATED

No, the redesigned URLA cannot be used with the existing AUS formats; new formats must be used due to the differences in the data collection between the redesigned URLA and the old URLA. The redesigned URLA may be used starting July 2019. Lenders using the redesigned URLA must use the updated AUS Specifications for each GSE – for Fannie Mae, DU Specification MISMO V3.4, and for Freddie Mac, Loan Product Advisor v5.0.0n.

The entire FAQ can be found at https://www.fanniemae.com/content/faq/urla-ulad-faqs.pdf.

Another question asked if the URLA/Form 1003 was required to be used for mortgage loans? The answer is No, it is not. It may be required by investors, however, as the URLA/Form 1003 is a “standardized” and accepted form; but if the bank has the required information for its real estate loan there is no format that is required under Regs B, C or Z, only certain pieces of information. The URLA/Form 1003 meets the information requirements.

As an example, national banks are overseen by the Office of the Comptroller of the Currency (OCC). National banks not subject to HMDA that received 50 or more home loan applications during the previous calendar year may choose either of the two recordkeeping systems. They may maintain HMDA-like records, or record and maintain the Monthly Home Loan Activity Format under the Fair Housing Home Loan Data System (12 CFR 27). This includes the number of applications received, closed, denied, and withdrawn. More specific information includes:

  • Application information including:
    – date of application
    – type of loan (purchase, construction-permanent, refinance)
    – any government insurance and type
    – is it an application or inquiry
    – case number
    – race/national origin
    – property location (complete street address and census if located in one in which the bank has an office)
  • If an appraisal is completed:
    • The appraised value; and
    • The census tract number, where available, for those properties that are in a Metropolitan Statistical Area (MA) in which the bank has a home office or branch office.
  • Disposition of loan application using the following categories:
    • Withdrawn before terms were offered;
    • Withdrawn after terms were offered;
    • Denied;
    • Terms offered and accepted by applicant(s).
  • If final terms are offered, whether or not accepted:
    • The loan amount.
    • Whether private mortgage insurance is required, and if so, the terms of the insurance.
    • Whether a deposit balance is required, and if so, the amount.
    • The note (simple) interest rate.
    • The number of months to maturity of the loan offered.
    • Points,
    • Commitment date.
  • The type of mortgage using the following categories:
    • Standard Fixed Payment;
    • Variable Rate;
    • Graduated Payment;
    • Rollover;
    • Other.
  • The name or identification of the bank office where the application was submitted.
  • Whenever credit is denied, copy of the Equal Credit Opportunity Act credit notice and statement of credit denial.
  • Any additional information used by the bank in determining whether or not to extend credit, or in establishing the terms.

As luck would have it, this information would be in your loan file and much of it would be on your URLA/Form 1003. National banks must attempt to gather the application information. I once asked my OCC examiner what “attempt to gather” meant and he replied that if we used the URLA/Form 1003 with the applicants, then we have met that “attempt to gather” standard.

Now, the longer answer to the original questions as to when may a bank start using the new URLA/Form 1003, the effective date on the form itself is July 2019 and it should not be used before that. The GSEs will require the use of the redesigned URLA for all new loan applications in February 2020, so your bank has time to train and adopt the new form. Now is the time to review the new form and understand what the changes are, what new data is requested, and how you will begin using the form. Your investors may be communicating with you already as to requirements they may have on usage.

Another HMDA question was about a credit score used by an investor. This investor required the credit score from a particular credit reporting agency and if the applicant or co-applicant had no score, to use 555 and both applicants’ scores were averaged with that single result being used in the credit decision. For example, Applicant 1 does not have a credit score and Applicant 2 has a score of 777. The average is calculated as 555+777=1332/2=666. The credit score is now 666. Is this reported on the LAR?

Generally, I would say the bank needs to report the scores from the bureau on the first two applicants. The methodology of the investor is separate from HMDA. But the plain text of Reg C says, as to the LAR entry: “(i) Except for purchased covered loans, the credit score or scores relied on in making the credit decision and the name and version of the scoring model used to generate each credit score.”

And the FIG states, “1. Credit Score of Applicant or Borrower. Enter, in numeral form, the credit score, or scores relied on in making the credit decision for the applicant or borrower, or of the first co-applicant or co-borrower, as applicable. If Regulation C requires your institution to report a single score that corresponds to multiple applicants or borrowers, report the score in either the applicant field or the co-applicant field. Or, enter the applicable Code from the following:

Code 7777—Credit score is not a number
Code 8888—Not applicable
Code 9999—No co-applicant
Code 1111—Exempt”

The bank used an average score, but also used a proxy score when no score existed. I question the categorization of “555” as credit score because for Reg C, a credit score means “a numerical value or a categorization derived from a statistical tool or modeling system used by a person who makes or arranges a loan to predict the likelihood of certain credit behaviors, including default (and the numerical value or the categorization derived from such analysis may also be referred to as a “risk predictor” or “risk score”); and

(ii) does not include—

(I) any mortgage score or rating of an automated underwriting system that considers one or more factors in addition to credit information, including the loan to value ratio, the amount of down payment, or the financial assets of a consumer; or

(II) any other elements of the underwriting process or underwriting decision.”

The bank and/or investor need to justify the proxy score, in my opinion, if it is to be reported. This may already be justified somewhere by the investor. You should ask the investor about it.

The commentary to Reg C at 1003.4(a)(15)3 has an example on this question, stating: “3. Credit score—multiple applicants or borrowers. In a transaction involving two or more applicants or borrowers for whom the financial institution obtains or creates a single credit score and relies on that credit score in making the credit decision for the transaction, the institution complies with § 1003.4(a)(15) by reporting that credit score for the applicant and reporting that the requirement is not applicable for the first co-applicant or, at the financial institution’s discretion, by reporting that credit score for the first co-applicant and reporting that the requirement is not applicable for the applicant. Otherwise, a financial institution complies with § 1003.4(a)(15) by reporting a credit score for the applicant that it relied on in making the credit decision, if any, and a credit score for the first co-applicant that it relied on in making the credit decision, if any. To illustrate, assume a transaction involves one applicant and one co-applicant and that the financial institution obtains or creates two credit scores for the applicant and two credit scores for the co-applicant. Assume further that the financial institution relies on a single credit score that is the lowest, highest, most recent, or average of all of the credit scores obtained or created to make the credit decision for the transaction. The financial institution complies with § 1003.4(a)(15) by reporting that credit score and information about the scoring model used for the applicant and reporting that the requirement is not applicable for the first co-applicant or, at the financial institution’s discretion, by reporting the data for the first co-applicant and reporting that the requirement is not applicable for the applicant. Alternatively, assume a transaction involves one applicant and one co-applicant and that the financial institution obtains or creates three credit scores for the applicant and three credit scores for the co-applicant. Assume further that the financial institution relies on the middle credit score for the applicant and the middle credit score for the co-applicant to make the credit decision for the transaction. The financial institution complies with § 1003.4(a)(15) by reporting both the middle score for the applicant and the middle score for the co-applicant.”

In this case I would still consider inquiring with the investor how the 555 was derived and how it qualifies as a credit score. If your bank is faced with this, it may also consider calling HMDA Help to determine if this is an acceptable method when only “one credit score is used.” That rule is typically applied when a tri-merge report is accessed and only one of the three scores is used. In this case you have one score and one proxy and then you average them, so it is a different application of this rule. The commentary also indicates how a bank reports when it “obtains or creates a single credit score and relies on that credit score in making the credit decision for the transaction” to ensure that this proxy is acceptable in the first place.

Credit scores must be supported by a statistically sound methodology. Any bank using a proxy number and reporting it as a credit score should be familiar with how it is derived and its proper and authorized use. HMDA does provide examples and one validated model may be used to create another. But the bank needs to know that what was done is compliant when the bank is making decisions based on one or more score models.

As this article goes to press in early March, I do notice some email auto-responses from compliance professionals who were heavy into HMDA indicating they’ll reply when they return from vacation. Take a rest, you’ve earned it. But as you prepare for Q1-2019 LAR reviews, be aware of the tools and the rules for 2019 records.

Flood Update

By Andy Zavoina

On February 12, 2019, the OCC, FRB, FDIC, FCA and NCUA (the Agencies), jointly published final rules on required acceptance of private flood insurance pursuant to the Biggert-Waters Act.  These rules will be effective July 1, 2019. The 90-page rule document has four main objectives:

  1. It implements the Biggert-Waters Act (from 2012) requirements that banks accept private flood policies that meet the criteria specified in the Act.
  2. It allows your bank to rely on an insurer’s written assurances that a private flood insurance policy does meet the Biggert-Waters criteria.
  3. It allows your bank to accept private flood insurance policies that do not meet the Biggert-Waters Act criteria, under certain conditions.
  4. It allows your bank to accept certain flood coverage plans provided by mutual aid societies, subject to agency approval.

The National Flood Insurance Program (NFIP) was first authorized in 1968. If you have been in real estate lending for any length of time, you are aware that the NFIP is in one of two states— funded, or not funded—and the latter means there is difficulty in closing loans requiring flood insurance.  As an example, just before the December-January federal government shutdown, the NFIP was temporarily funded. There was some confusion over whether flood insurance policies could be issued but that was resolved, and they could be. When the government reopened in late January, there was no additional funding for the NFIP, so as you read this, keep in mind the latest reauthorization for the NFIP expires on May 31, 2019.

The Biggert-Waters Act intended that by requiring banks to accept private insurance flood policies, the risk from payouts could be spread to other than the federal government. Initially the wording and practices in the industry made this difficult and that it why it has taken nine years to reach a final rule. But we are not out of the woods yet.

This final rule permits your bank to exercise discretion to accept flood insurance policies issued by private insurers as well as plans providing flood coverage issued by mutual aid societies, such as Amish Aid organizations, that do not meet the statutory definition of “private flood insurance.” This acceptance is subject to certain restrictions. Congress explicitly provided for private flood insurance to fulfill this requirement instead of the Standard Flood Insurance Policy (SFIP) from the NFIP, if the private flood insurance met the conditions defined in the statute.

The law (42 USC 4012a(b)(7)), defines private flood insurance. You can find the law here: https://www.law.cornell.edu/uscode/text/42/4012a.

The problem is that some insurance companies polices may not conform to this definition, it is not yet known if they will be made to conform, and banks may choose to not accept them as they fail to meet the mandatory acceptance criteria. The Agencies did not provide much latitude to allow nonconforming policies and the result is that some states insurance laws will have restrictions conflicting with these rules, such as to the filing of claims or cancellation of policies. The Agencies understand this and even stated in the final rule that “The Agencies recognize that there may be conflicts between the definition of ‘private flood insurance’ and State laws, and that the laws of certain States may prevent flood insurance policies issued by companies regulated by these States from meeting the definition of ‘private flood insurance.’ In such cases, regulated lending institutions are not required to accept policies that comply with State laws and conflict with the definition of ‘private flood insurance.’ However, as discussed in greater detail below, regulated lending institutions may still exercise their discretion to accept certain policies issued by private flood insurers, even if the policies do not conform to the definition of ‘private flood insurance.’ ”

The final rule does require some small changes to the statutory definition of private flood insurance and that is the Agencies’ way of adding clarity as an aid to compliance. As an example, the final rule adopted the proposed language as, “… the proposed rule defined ‘private flood insurance’ consistent with the statutory definition, with some clarifying edits, to mean an insurance policy that: (1) is issued by an insurance company that is licensed, admitted, or otherwise approved to engage in the business of insurance in the State or jurisdiction in which the property to be insured is located, by the insurance regulator of that State or jurisdiction or, in the case of a policy of difference in conditions, multiple peril, all risk, or other blanket coverage insuring nonresidential commercial property, is recognized, or not disapproved, as a surplus lines insurer by the State insurance regulator of the State or jurisdiction where the property to be insured is located; (2) provides flood insurance coverage that is at least as broad as the coverage provided under a standard flood insurance policy issued under the NFIP (SFIP), including when considering deductibles, exclusions, and conditions offered by the insurer; (3) includes a requirement for the insurer to give written notice 45 days before cancellation or non-renewal of flood insurance coverage to the insured and the regulated lending institution, or a servicer acting on the institution’s behalf; (4) includes information about the availability of flood insurance coverage under the NFIP; (5) includes a mortgage interest clause similar to the clause contained in an SFIP; (6) includes a provision requiring an insured to file suit not later than one year after the date of a written denial for all or part of a claim under a policy; and (7) contains cancellation provisions that are as restrictive as the provisions contained in an SFIP.”  This is very close to 42 USC 4012a(b)(7), linked above.

The term “as broad as” is used in the final rule and the law. The final rule provides that your bank need not accept policies with additional exclusions unless the exclusions actually provide more coverage to the policyholder, so it works in the policyholder’s favor, but takes nothing away from the bank. As an example, an SFIP policy will define what a covered “flood” is and a private policy must be as rigid but may go further and include more flood-like events in the coverage. The private policy must include the same types of coverage such as the building and contents at a minimum, but can include more. The deductibles must be no higher than an SFIP policy allows and the excluded losses can be no more restrictive than an SFIP policy, but can have variances that favor the policyholder and bank.

Recognizing that not all banks, especially smaller ones, may have personnel with the skillsets to recognize and compare the differences between a private policy and an SFIP policy, there is a compliance aid for mandatory acceptance.  Your bank may determine that a policy meets the definition of “private flood insurance” without further review so long as a prescribed statement is included within the policy or as an endorsement to the policy: “This policy meets the definition of private flood insurance contained in 42 U.S.C. 4012a(b)(7) and the corresponding regulation.” This statement need not be present to accept a policy, but if it is, the bank’s responsibilities are met as to ensure the compliance requirements are met. Note that a policy cannot be rejected simply because the statement is not there.

The bank does have discretionary acceptance authority if the policy does meet certain criteria:

(i) It provides coverage in the amount which must be at least equal to the lesser of the outstanding principal balance of the designated loan or the maximum limit of coverage available for the particular type of property under the Act;

(ii) Is issued by an insurer that is licensed, admitted, or otherwise approved to engage in the business of insurance by the insurance regulator of the State or jurisdiction in which the property to be insured is located; or in the case of a policy of difference in conditions, multiple peril, all risk, or other blanket coverage insuring nonresidential commercial property, is issued by a surplus lines insurer recognized, or not disapproved, by the insurance regulator of the State or jurisdiction where the property to be insured is located;

(iii) Covers both the mortgagor(s) and the mortgagee(s) as loss payees, except in the case of a policy that is provided by a condominium association, cooperative, homeowners association, or other applicable group and for which the premium is paid by the condominium association, cooperative, homeowners association, or other applicable group as a common expense; and

(iv) Provides sufficient protection of the designated loan, consistent with general safety and soundness principles, and the [financial institution] documents its conclusion regarding sufficiency of the protection of the loan in writing.

Why would a bank determine a private policy is not adequate? The Agencies note some factors but this is not a complete list. Consider:

  1. whether the flood insurance policy’s deductibles are reasonable based on the borrower’s financial condition;
  2. whether the insurer provides adequate notice of cancellation to the mortgagor and mortgagee to ensure timely force placement of flood insurance, if necessary;
  3. whether the terms and conditions of the flood insurance policy with respect to payment per occurrence or per loss and aggregate limits are adequate to protect the regulated lending institution’s interest in the collateral;
  4. whether the flood insurance policy complies with applicable State insurance laws; and
  5. whether the private insurance company has the financial solvency, strength, and ability to satisfy claims.

The final rule is available here, https://www.fdic.gov/news/news/press/2019/pr19006a.pdf . It certainly includes more information than is in this summary especially as to mutual aid societies which we do not have the space to discuss and may not be of key interest to our readers.