PERSON OF THE WEEK: Leonard Ryan is founder and president of QuestSoft, a provider of automated compliance software to the mortgage banking industry. MortgageOrb recently interviewed Ryan to get his perspective on how lenders should go about preparing for the newly expanded reporting requirements under the Home Mortgage Disclosure Act (HMDA) – and what their main concerns are.
Q: The Consumer Financial Protection Bureau (CFPB) in October finalized its rule for expanding HMDA reporting requirements for lenders. The new reporting requirements don’t kick into gear until January 2018. This gives lenders and their software partners more than two years to get ready. In your opinion, is this enough time? What will lenders have to do in order to be ready for these new rules? Will vendors have to be ready ahead of lenders, in this case? When should vendors get started, and when should lenders get started?
Ryan: The CFPB has a history of releasing regulations to the industry with what initially seems like more than enough time. I believe it has very good intentions. However, questions arise before the programming can begin, and soon, the missing pieces cause a much tighter implementation timeline. In this case, it is the fact that the application forms (RMLA) need to be changed at the same time, and the CFPB is really close, but it hasn’t released all of the resources that are needed to finalize loan origination system (LOS) vendor development plans.
Our company plans on releasing testing versions a year in advance to LOS developers and our customers to accelerate their development and so lenders can get their operations ready for the new rule. We are hopeful this ability to perform advance testing will ensure everyone is ready on time. Maybe my company and our approach can change CFPB Director Richard Cordray’s mind on the value and contribution of privately owned mortgage industry businesses.
Q: Would you say this new set of regulations is as onerous as the ability-to-repay/qualified mortgage (QM) rules that took effect early last year or the TILA-RESPA Integrated Disclosure (TRID) rule that took effect on Oct. 1? How does it compare in terms of preparation costs (investment in new systems and training)? How does it compare in terms of impact on operational costs? How does it compare in terms of the degree of regulatory risk it presents to lenders?
Ryan: The new rules are “different.” Although data elements have been almost tripled, many of those elements are fields that the industry uses today. Therefore, LOS’ will have an easier time than with TRID. In addition, unlike TRID and QM, HMDA is a post processing regulation, meaning you need a final action date to trigger the regulation. This allows lenders to fund loans first without interfering with the regulation.
However, HMDA has the potential to totally devastate a company through fines and public ridicule if the new data is not properly scrubbed. So the regulatory risk is huge. Therefore, lenders must start now to put in place their procedures to ensure the new data fields are accurate.
Q: Obviously, the data that lenders provide for the new HMDA reporting/collection fields needs to be accurate. Considering that the upload of the new HMDA data will be mostly automated, what challenges are there that could threaten data accuracy? How can lenders validate the accuracy of their own data?
Ryan: Most errors with data accuracy are from loans that fail to make it to the closing table. Because there is no further financial incentive for front line personnel to improve accuracy, these loans tend to be the types that are inaccurately reported.
Another challenge of the new regulations are simple fields, such as loan amount, that might have different meanings based on the loan type being funded. There are also plenty of new fields, along with fee fields for closed loans that must match disclosures.
My recommendation to lenders has been to start now with the new reportable fields that currently exist in your systems, take three or four at a time, and determine what is needed to improve the reporting accuracy of those fields. This way, there will be a much better chance of filing accurate reports with the expanded data.
Q: Do you have any idea as to how the CFPB might enforce data accuracy? Is there any method by which the CFPB can validate that the data being delivered by lenders is accurate? Also, what about data entry errors that occur on the Federal Financial Institutions Examination Council’s (FFIEC)/CFPB’s end? The new rule says the CFPB will be accountable for those errors – and there are reportedly already many errors in the database. What more can the FFIEC/CFPB do to make the HMDA database more accurate and reliable?
Ryan: Geo-coding is the main data point where accuracy from the government systems is ever brought into question. The error rate of the FFIEC geo-coder has, from our tests, been over 2%, but it also has been improving.
The CFPB has not indicated it is assuming responsibility for accuracy (providing a safe harbor) to anyone who uses its geo-coder for the census tract information and has never in the past. It has said that providing a parcel number would prove too difficult and, therefore, is asking for the complete address so it can determine that field.
Compliance companies such as QuestSoft pay for data that is more regularly updated and of high accuracy. But even then there are error rates. Databases have 300,000 or more updates per quarter, so this is more about managing acceptable error rates than perfection.
The CFPB is planning to query the industry next year or after to see if it should adjust the current error tolerance levels to accommodate the higher quantity of data.
Q: Security of the data has been an important topic for the industry – some have said that it would not be that hard to reverse-engineer the data in the database in order to tie it to individual homeowners – in other words, that the expanded database poses a serious privacy and security risk. Do you agree with this assessment? What more can be done to make the database secure?
Ryan: Absolutely. If there is a single topic I am passionate on, it is the area of limiting the expansion of the public file to protect borrower privacy. If, for example, the CFPB decides to publish critical underwriting fields (debt-to-income (DTI), loan-to-value (LTV), credit scores, age, etc.), it will be very easy to associate these fields with specific borrowers and create a nationwide database that marketers, foreign governments, criminals and others could use to target specific borrowers. Something as innocent as LTV could be quickly cross-referenced with specific loans using a county recorder’s public data. Add DTI, and you know the income and indebtedness of that borrower.
The CFPB is essentially establishing a massive internal database, profiling every American owning a property with a mortgage loan. Federal and state governments will be able to cross-check to the IRS – help Congress develop tax strategies based on disposable income disclosed on the mortgage application. The opportunities to extract almost every tax dollar possible are almost endless, especially because the data will no longer be general to a census tract but identify every home specifically to the loan.
To speak on how easy this will be, there are attorneys who today use the limited data in HMDA to reverse-engineer specific borrowers on a racial basis to bring them in to testify for fair lending lawsuits. The new HMDA data should be lawyer’s paradise for funding their personal estates.
Q: Your firm makes compliance software that facilitates the collection, reporting and storage of HMDA data – what additional measures will you have to take, as a software vendor, to ensure that the data stored in your systems, or in transit through your systems, is secure?
Ryan: We are one of the few vendors that has our lender customers store their data safely behind their own firewalls, and we only touch customer’s data for support purposes. That said, the new data includes large amounts of non-public information, so we will now limit all transmissions to fully encrypted options. Data protection and speed continue to be our advantage over Software-as-a-Service/Web-based systems.
Q: Richard Cordray, director of the CFPB, said during last year’s Mortgage Bankers Association’s Annual that the CFPB was disturbed by some vendors’ lack of preparation in getting ready for the TRID rule. He seemed to indicate that the CFPB is considering holding vendors accountable for errors that their systems cause and that have a direct impact on consumers. This would basically be a reversal of the bureau’s previous stance, under its third-party oversight guidelines, that only lenders are on the hook for errors, not their technology partners. Would you say mortgage software vendors should be concerned about Cordray’s comments? What, in your opinion, would happen to the mortgage landscape if the CFPB suddenly started going after mortgage software vendors for errors their systems cause?
Ryan: They definitely should be a concern. However, again, it does not help when a regulator pontificates a regulation then acts like the IRS support line in saying not to rely on its answers. As the industry has heard at conferences, there is high concern over regulation through litigation or corrective action.
Mortgage software vendors have been investing more money than ever in regulation. None of this helps the bottom line, and none of it gets one more person into a home. So, if the CFPB does want to change the dynamic and hold vendors responsible, we can expect a substantial increase in the cost of the software to cover that additional liability and risk.
Q: What about the recent changes with regard to which institutions most report data and those that are exempt – do you feel those changes are appropriate? Will exempting smaller institutions – of which there are many – compromise the data set?
Ryan: Personally, I thought the threshold should have been 50 or 100 loans per year on the closed loans side. The reporting of data by these institutions has no bearing on fair lending practices (who discriminates on volumes of two loans a month?), has no effect on home loan availability, and statistically accounts for under 1% of the total HMDA LAR records reported. I view the 25-record threshold as a welcome start.