Consumer Compliance Outlook: Second-Third Issue 2023

Top Federal Reserve Compliance Violations in 2022: Data Collection and Reporting Requirements of the Home Mortgage Disclosure Act

By Kenneth J. Benton, Principal Consumer Regulations Specialist, Federal Reserve Bank of Philadelphia, and Alinda Murphy, Lead Examiner and Supervisory Specialist, Federal Reserve Bank of Kansas City

In the First Issue 2023 of Consumer Compliance Outlook (CCO), Governor Michelle W. Bowman of the Board of Governors of the Federal Reserve System announced the changes CCO is implementing this year.1 In addition to our regular articles on federal consumer compliance laws and regulations, CCO will include data-driven articles that leverage the Federal Reserve System’s supervisory data and observations from conducting consumer compliance examinations of state member banks.2 To that end, CCO will be publishing articles on the top-cited violations in the prior year, including the nature of the violations, common mistakes, and risk mitigants. Financial institutions can use this information to help manage compliance risk.

As the examination data in Table 1 indicate, violations of the Home Mortgage Disclosure Act (HMDA) data collection and reporting requirements ranked first among the most cited violations.3 Over 59 percent of all violations cited by the Federal Reserve in 2022 involved inaccurate collection of residential mortgage data. Because fair lending examinations rely, in part, on HMDA data, examiners validate these data. Thus, it is important for financial institutions subject to data collection and reporting to ensure their compliance management systems are able to meet existing and future requirements.

Table 1: Top Consumer Violations in 2022 for State Member Banks



% of All Violations


Regulation C (Home Mortgage Disclosure), 12 C.F.R. 1003.4(a): requires a financial institution to collect specific data on applications for covered loans it receives, originates, and purchases for each calendar year.




Regulation BB (Community Reinvestment), 12 C.F.R. 228.42(a): requires a bank to collect and maintain specific data for each small business or small farm loan originated or purchased by the bank.




Regulation E (Electronic Fund Transfers), 12 C.F.R. 1005.11(c): requires a financial institution to perform an investigation and determine whether an error occurred within 10 business days of receiving a notice of error.




Regulation E (Electronic Fund Transfers Act), 12 C.F.R. 1005.11(d): requires a financial institution to respond to a consumer’s notice of error in writing if it determines no error occurred or an error occurred in a manner or amount different from the one the consumer described.




(tie) Fair Credit Reporting Act, 15 U.S.C. §1681m: requires a financial institution taking adverse action against a consumer based in whole or in part on information in a consumer report to provide an adverse action notice.




Regulation B (Equal Credit Opportunity Act), 12 C.F.R. 1002.7(d): prohibits a creditor from requiring the signature of an applicant’s spouse or other person, other than a joint applicant, on any credit instrument if the applicant qualifies under the creditor’s standards of creditworthiness for the amount and terms of the credit requested.




Regulation B (Equal Credit Opportunity Act), 12 C.F.R. 1002.9(a): requires a creditor to notify an applicant within 30 days after receiving a completed application concerning the creditor's approval of, counteroffer to, or adverse action on the application.




Regulation B (Equal Credit Opportunity Act), 12 C.F.R. 1002.14(a): requires a creditor to provide an applicant a copy of all appraisals and other written valuations developed in connection with an application for credit that is to be secured by a first lien on a dwelling.




Regulation X (Real Estate Settlement Procedures Act), 12 C.F.R. 1024.17(c): sets limits on the amount a servicer can require a borrower to deposit into any escrow account created in connection with a federally related mortgage loan.



Subtotal of top violations



Total of all violations cited in 2022


This is a two-part article that discusses the top HMDA violations based on Federal Reserve examination data. The first section dives deeper into the specifics of common HMDA data collection violations, while the second section provides sound practices on HMDA data collection.

Part 1 – Types of HMDA Violations

The majority of 2022 violations involve failure to properly collect and report the HMDA data fields for “covered loans”4 as §1003.4(a) of Regulation C requires.5

Loan Purpose: §1003.4(a)(3)

Whether the covered loan is, or the application is for, a home purchase loan, a home improvement loan, a refinancing, a cash-out refinancing, or for a purpose other than home purchase, home improvement, refinancing, or cash-out refinancing.

Examiners cited institutions for selecting the wrong “loan purpose” field when the purpose was a refinancing or a cash-out refinancing. The regulation defines refinancing as “a closed-end mortgage loan or an open-end line of credit in which a new, dwelling-secured debt obligation satisfies and replaces an existing, dwelling-secured debt obligation by the same borrower.”6 On the other hand, a loan is designated as a cash-out refinancing if it “is a refinancing as defined by §1003.2(p) and the institution considered it to be a cash-out refinancing in processing the application or setting the terms (such as the interest rate or origination charges) under its guidelines or an investor’s guidelines.” (Emphasis added). Thus, whether a loan is a cash-out refinance depends on the creditor’s internal standards instead of a specific regulatory definition. For example, one institution may establish a relatively high threshold for a loan to be considered a cash-out refinance, such as a refinance loan in which the borrower receives $25,000 or more at closing, while another institution may define it with a lower threshold, such as a loan providing the borrower $1,000 or more at closing.

Comment 4(a)(3) clarifies these definitions with three examples:

i. Assume a financial institution considers an application for a loan product to be a cash-out refinancing under an investor’s guidelines because of the amount of cash received by the borrower at closing or account opening. Assume also that under the investor’s guidelines, the applicant qualifies for the loan product and the financial institution approves the application, originates the covered loan, and sets the terms of the covered loan consistent with the loan product. In this example, the financial institution would report the covered loan as a cash-out refinancing for purposes of §1003.4(a)(3).

ii. Assume a financial institution does not consider an application for a covered loan to be a cash-out refinancing under its own guidelines because the amount of cash received by the borrower does not exceed a certain threshold. Assume also that the institution approves the application, originates the covered loan, and sets the terms of the covered loan consistent with its own guidelines applicable to refinancings other than cash-out refinancings. In this example, the financial institution would report the covered loan as a refinancing for purposes of §1003.4(a)(3).

iii. Assume a financial institution does not distinguish between a cash-out refinancing and a refinancing under its own guidelines, and sets the terms of all refinancings without regard to the amount of cash received by the borrower at closing or account opening, and does not offer loan products under investor guidelines. In this example, the financial institution reports all covered loans and applications for covered loans that are defined by §1003.2(p) as refinancings for purposes of §1003.4(a)(3).

Borrower Information: §1003.4(a)(10)

The following information about the applicant or borrower:

(i) Ethnicity, race, and sex, and whether this information was collected on the basis of visual observation or surname;

(ii) Age; and

(iii) Except for covered loans or applications for which the credit decision did not consider or would not have considered income, the gross annual income relied on in making the credit decision or, if a credit decision was not made, the gross annual income relied on in processing the application.

home mortgage disclosure act Gross Annual Income: Examiners cited institutions for reporting the gross income the borrower provided rather than the income the institution relied upon in the credit decision. Comment 4(a)(10)(iii)-1 clarifies this requirement:

When a financial institution evaluates income as part of a credit decision, it reports the gross annual income relied on in making the credit decision… If an institution relies on only a portion of an applicant’s income in its determination, it does not report that portion of income not relied on. For example, if an institution, pursuant to lender and investor guidelines, does not rely on an applicant’s commission income because it has been earned for less than 12 months, the institution does not include the applicant’s commission income in the income reported. Likewise, if an institution relies on the verified gross income of the applicant in making the credit decision, then the institution reports the verified gross income. (Emphasis added).

Credit Score: §1003.4(a)(15)

(i) Except for purchased covered loans, the credit score or scores relied on in making the credit decision and the name and version of the scoring model used to generate each credit score.

(ii) For purposes of this paragraph (a)(15), “credit score” has the meaning set forth in 15 U.S.C. 1681g(f)(2)(A).

Examiners observed lenders reporting the scoring model by the name of the credit reporting agency, such as TransUnion, when the regulation requires the institution to specifically identify the name and version of the scoring model used to generate each credit score. The Consumer Financial Protection Bureau (CPFB) has published a chart for institutions to use as a reference tool for data points required to be collected, recorded, and reported under Regulation C, which describes the codes that institutions can use to report the credit scoring model relied on in making the credit decision.7 For example, instead of reporting TransUnion as the credit reporting agency used, an institution could comply with the regulatory requirement by reporting Code 3 – FICO Risk Score Classic 04.

Examiners also observed institutions improperly reporting the credit score field as “N/A” even though it was not a circumstance in which the official interpretations clarify that N/A should be used, such as transactions for which no credit decision was made8 or transactions for which no credit score was relied on.9

Discount Points: §1003.4(a)(19)

For covered loans subject to the disclosure requirements in Regulation Z, 12 C.F.R. 1026.19(f), the points paid to the creditor to reduce the interest rate, expressed in dollars, as described in Regulation Z, 12 C.F.R. 1026.37(f)(1)(i), and disclosed pursuant to Regulation Z, 12 C.F.R. 1026.38(f)(1).

Lender Credits: §1003.4(a)(20)

For covered loans subject to the disclosure requirements in Regulation Z, 12 C.F.R. 1026.19(f), the amount of lender credits, as disclosed pursuant to Regulation Z, 12 C.F.R. 1026.38(h)(3).

Examiners observed errors for both of these fields when staff manually entered the data. Manual entry can increase the risk of institutions improperly reporting data fields — for example, an employee incorrectly entering the lender credit as $500 when it was actually $5,000. Institutions typically capture this information in their loan origination software (LOS) because discount points and lender credits are required information in both the “Loan Estimate” and the “Closing Disclosure” fields of the TILA/RESPA integrated disclosure forms. Institutions can help mitigate the risk of violating these requirements by populating this information from their LOS and eliminating the potential for error that manual entry of these fields introduces.

Business or Commercial Purpose: §1003.4(a)(38)

Whether the covered loan is, or the application is for a covered loan that will be, made primarily for a business or commercial purpose.

Examiners cited institutions for violating this requirement when they did not report covered loans made primarily for a business or commercial purpose. Often, the root cause of the violation was that bank staff did not understand the definition of a business or commercial purpose loan. To clarify the meaning, Comment 3(c)(10)-3 provides examples of loans that are not excluded from reporting under §1003.3(c)(10) because, although they primarily are for a business or commercial purpose, they also meet the definition of a home improvement loan under §1003.2(i), a home purchase loan under §1003.2(j), or a refinancing under §1003.2(p).

For additional clarification, Comment 3(c)(10)-4 provides examples of business or commercial purpose loans that are not reportable:

i. A closed-end mortgage loan or an open-end line of credit whose funds will be used primarily to improve or expand a business, for example to renovate a family restaurant that is not located in a dwelling, or to purchase a warehouse, business equipment, or inventory;

ii. A closed-end mortgage loan or an open-end line of credit to a corporation whose funds will be used primarily for business purposes, such as to purchase inventory; and

iii. A closed-end mortgage loan or an open-end line of credit whose funds will be used primarily for business or commercial purposes other than home purchase, home improvement, or refinancing, even if the loan or line of credit is cross-collateralized by a covered loan.

These examples provide helpful guidance for institutions to determine whether a commercial or business purpose loan is reportable because its purpose is primarily home purchase, home improvement, or refinancing.

Part 2 – Sound Practices to Mitigate HMDA Risks

Part 1 of this article provided detailed analyses of specific HMDA data collection and reporting inaccuracies. This section explores sound practices and possible enhancements to a bank’s compliance management system that can help ensure proper data collection and reporting. The information shared here draws substantially from CCO’s 2020 HMDA article, which discussed sound HMDA practices.10

Such practices can be particularly important in the current regulatory environment. In addition to the challenges of complying with the existing data collection and reporting requirements, many institutions will be subject to new requirements, such as the data collection and reporting requirements of §1071 of the Dodd–Frank Wall Street Reform and Consumer Protection Act for small business loans.11

Table 2 lists the processes examiners have observed at institutions with effective HMDA data collection and reporting processes. We then further describe examples of sound practices that an institution may implement for three of these processes — training, tools, and data verification — to promote effective compliance with HMDA requirements.

Table 2: Sound HMDA Practices — Ways to Strengthen the HMDA Process

Board and Senior Management Oversight ― Tone at the Top

  • Recognize the inherent risk of the HMDA process
  • Provide necessary human and capital resources
    • Commit on the front end to save human resources and capital on the back end

Policies, Procedures, and Limits ― Standardized Processes

  • Detail policies and procedures to ensure a consistent and repeatable process. Examples where standard procedures could be established include:
    • Application date and action taken date
    • Credit score
    • Points/fees

Policies, Procedures, and Limits ― Training

  • Conduct regular training specific to the individual contributor’s role in the process
  • Identify and train for difficult situations in the process
  • Include training when regulatory changes and/or procedural weaknesses are noted

Policies, Procedures, and Limits ― Tools

  • Provide flow charts, worksheets, job aids for staff
  • Distribute industry guidance, such as A Guide to HMDA: Getting It Right! and the annual Filing Instruction Guide

Risk Monitoring and Management Information Systems ― Risk-Based Monitoring

  • Institute a risk monitoring process commensurate with institutional risk; establish a lead or subject matter expert with ownership of the process
  • Monitor new applications to determine whether they are HMDA reportable

Internal Controls ― Data Verification

  • Develop an autonomous verification process to review source documents; do not rely on information on HMDA worksheets

Internal Controls ― Automation

  • Know how the institution’s core system interfaces with its HMDA data collection software

While this list is not exhaustive, most institutions can implement these practices, regardless of the size and structure of the institution’s HMDA program. It is important for an institution to determine its risk profile, assess the level of knowledge within the institution, commit the necessary resources to the compliance process, and apply the practices best suited for its level of risk and resources.


Regular in-depth training is an effective tool for an institution to help its staff understand HMDA reporting requirements and to ensure that the institution applies collection procedures consistently. Effective training is tailored to each individual’s role in the collection process and provides sufficient detail to aid staff in identifying the transactions to be reported and the data to be collected.

Effective training also helps staff understand regulatory requirements and internal HMDA procedures and can be particularly beneficial for explaining the nuanced data fields discussed in this article. As Regulation C has been amended several times in recent years, training is important to ensure that employees understand the latest requirements. For example, the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act12 exempted certain filers from collecting many of the data fields added in the 2015 amendment to Regulation C. Similarly, while a May 2020 final rule amended Regulation C to increase from 25 to 100 the threshold for reporting data about closed-end mortgage loans, a September 2022 court ruling vacated that portion of the rule, revising the reporting threshold back to 25 loans.13 Regular training helps staff stay up to date on the rules and helps create consistency among business lines and staff involved in the HMDA process.


Providing tools for staff, such as flow charts, worksheets, and industry materials, can aid an institution in the data collection process. Flow charts may include guidance that helps staff determine whether a transaction is HMDA reportable. HMDA worksheets are an effective way to help staff collect data on all key fields during the loan application process. Worksheets may include references on where to find information in the loan file or reminders about HMDA’s requirements. For example, the worksheet may indicate where to find the verified gross income in the file, depending on the loan type, and could include a reference of when income should be reported as “N/A.” Worksheets may also remind staff how to geocode the collateral securing the loan. Finally, providing staff with copies of industry guidance, such as A Guide to HMDA Reporting: Getting It Right! or the Home Mortgage Disclosure (Regulation C) Small Entity Compliance Guide, can also help staff understand HMDA data collection requirements, especially when they encounter unfamiliar or complex transactions.

Using an automated collection process reduces the burden of compiling HMDA data. Automated collection offers a consistent process using the information entered during loan origination as source documentation for HMDA data. The level of automated collection possible may vary by institution depending on factors such as origination volume and institutional complexity. Some financial institutions use their loan origination software to determine geocodes, while others use data collection software to compile the entire Loan Application Register.

Data Verification

Comprehensively reviewing HMDA data before submission by comparing the data collected with the data in the source files can help an institution increase the accuracy of the reported information and correct errors. Depending on the volume of data an institution collects, this process may involve testing through sampling. An effective verification process provides an institution with an opportunity to measure the accuracy of its collection and reporting processes and identify weaknesses. The verification process can also test the effectiveness of processes the institution uses to identify all applicable HMDA loans and non-originated applications.

Institutions can conduct data reviews internally or through a reputable third-party vendor. The strength of the institution’s data collection processes can help determine the scope and frequency of the review. The risk of HMDA noncompliance may be greater for institutions with a high origination volume or a decentralized collection process. Reviews may uncover errors that can range from simple typographical errors to more significant procedural errors that could lead to systemic reporting violations, data scrubs, and resubmission. Identification of errors or weaknesses during the review allows an institution the opportunity to correct the data before submission, assess the severity of the weaknesses, and take appropriate corrective actions to address the root cause. A thorough data verification process provides a last line of defense for HMDA reporters.

Concluding Remarks

As violations of HMDA data collection and reporting requirements are frequently cited across the federal banking agencies, and with new data collection requirements on the horizon, institutions may consider reviewing and validating their processes to ensure that they are accurately collecting and reporting HMDA data. Specific issues and questions about HMDA requirements should be raised with your primary regulator.


1 Governor Michelle W. Bowman, “Introducing Our New Format,” CCO (First Issue 2023).

2 The Federal Reserve is the primary federal regulator for state-chartered banks that are members of the Federal Reserve System (aka state member banks). The information is provided in the aggregate.

3 During 2022, Federal Reserve System examiners conducted 211 examinations. The table describes the most frequently cited violations in this period.

4 12 C.F.R. §1003.2(e).

5 12 C.F.R. §1003.4(a)

6 12 C.F.R. §1003.2(p).

7 See Reportable HMDA Data: A Regulatory and Reporting Overview Reference Chart.

8 Comment 4(a)(15)-4.

9 Comment 4(a)(15)-5.

10 Allison Burns and Angelo Parker, “HMDA Data Collection and Reporting: Keys to an Effective Program,” CCO (Fourth Issue 2020).

11 See the CFPB’s 2023 final rule on Small Business Lending under the Equal Credit Opportunity Act (Regulation B).

12 See “Compliance Alert,” CCO (First Issue 2019).

13 See Consumer Affairs letter 23-1, “Changes to Home Mortgage Disclosure Act (HMDA) Loan Volume Reporting Threshold for Closed-End Mortgage Loans” (January 31, 2023).