MBA, Trade Groups Urge CFPB to Drop Proposed HMDA Guidance

The Mortgage Bankers Association and other industry trade groups told the Consumer Financial Protection Bureau its Proposed Guidance on loan-level Home Mortgage Disclosure Act Data raises “profound concerns about the risks to consumer privacy, of identity theft and fraud.”

In the letter, MBA; the American Bankers Association; the Consumer Bankers Association; the Consumer Mortgage Coalition; and the Housing Policy Council of the Financial Services Roundtable called on the CFPB to withdraw the Guidance and instead issue a formal rulemaking, as required under the Dodd-Frank Act, to address consumer privacy concerns.

The CFPB issued the Proposed Guidance (http://files.consumerfinance.gov/f/documents/201709_cfpb_hmda-disclosure-policy-guidance.pdf) in September, describing modifications the Bureau intends to apply to the loan-level HMDA data that financial institutions would report under HMDA before the data are disclosed to the public. The proposed policy guidance applies to HMDA data to be reported under Regulation C effective January 1; the CFPB would make these data available to the public beginning in 2019.

In the 2015 HMDA Final Rule, the CFPB interpreted HMDA to require that it use a “balancing test” to determine whether and how HMDA data should be modified prior to its public disclosure in order to protect applicant and borrower privacy while also fulfilling HMDA’s disclosure purposes. That balancing test is whether release of unmodified data creates risks to applicant and borrower privacy interests that are not justified by the benefits of such release to the public in light of the statutory purposes.

Under the Proposed Guidance, the CFPB would exclude certain loan-level data points from disclosure, modify some data points prior to disclosure and disclose other data points without modification.

The MBA/trade group letter notes consumers provide a wide range of financial and personal data to our lender and vendor members–“information that provides a clear financial and demographic profile of the borrower and the terms of the loans.” The letter notes five specific concerns with the Proposed Guidance:

–The CFPB has not engaged in the statutorily required rulemaking process for modification of itemized data. To rectify this, the trade groups said the CFPB must withdraw this Proposed Guidance and issue a formal Administrative Procedure Act-compliant rulemaking.

–The CFPB’s balancing test fails to consider real threats to consumers, as re-identification under the Proposed Guidance would be a virtual certainty. “Research has shown that re-identification is already highly possible, even using only the current public HMDA data,” the letter said. “It becomes significantly more attainable with any increase in data disclosures lacking sufficient masking. With advances in technology enabling easier re-identification, this concern transforms from a risk to a virtual certainty.”

To guard against invasions of privacy, identity theft and fraud, the letter recommends the CFPB should disclose the new data only in aggregate form, carefully designed to protect the financial interests of individual consumers.

–Data security is of the utmost importance, and CFPB should take steps to ensure this sensitive data is protected, including providing a comprehensive update of its data security practices and taking measures to restrict access and ensure the data is properly protected.

–The CFPB’s new data submission interface raises concerns about accessibility, functionality, data aggregation and storage and liability. The letter offers several suggestions for addressing these concerns, including providing for the ability to submit data incrementally and permitting the appending of earlier data.

–To improve public understanding of why lenders ask for certain information, the obligation to submit that information to CFPB and the statutory requirement for public disclosure, the trade groups ask the CFPB to engage in a public education initiative.