Disclosure of Loan-Level HMDA Data

Download PDF
Federal RegisterSep 25, 2017
82 Fed. Reg. 44586 (Sep. 25, 2017)

AGENCY:

Bureau of Consumer Financial Protection.

ACTION:

Notice of proposed policy guidance with request for public comment.

SUMMARY:

The Bureau of Consumer Financial Protection (Bureau) is proposing policy guidance that would describe modifications that the Bureau intends to apply to the loan-level HMDA data that financial institutions will report under the Home Mortgage Disclosure (Regulation C) before the data is disclosed to the public. The proposed policy guidance applies to HMDA data to be reported under Regulation C effective January 1, 2018. The Bureau will make this data available to the public beginning in 2019.

DATES:

Comments must be received on or before November 24, 2017.

ADDRESSES:

You may submit comments, identified by Docket No. CFPB-2017-0025, by any of the following methods:

  • Email: FederalRegisterComments@cfpb.gov. Include Docket No. CFPB-2017-0025 in the subject line of the email.
  • Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
  • Mail: Monica Jackson, Office of the Executive Secretary, Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 20552.
  • Hand Delivery/Courier: Monica Jackson, Office of the Executive Secretary, Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 20552.

Instructions: All submissions should include the agency name and docket number or Regulatory Information Number (RIN). Because paper mail in the Washington, DC area and at the Bureau is subject to delay, commenters are encouraged to submit comments electronically. In general, all comments received will be posted without change to http://www.regulations.gov. In addition, comments will be available for public inspection and copying at 1700 G Street NW., Washington, DC 20552, on official business days between the hours of 10 a.m. and 5:00 p.m. Eastern Time. You can make an appointment to inspect the documents by telephoning 202-435-7275.

All comments, including attachments and other supporting materials, will become part of the public record and subject to public disclosure. Sensitive personal information, such as account numbers or Social Security numbers, should not be included. Comments will not be edited to remove any identifying or contact information.

FOR FURTHER INFORMATION CONTACT:

David Jacobs, Counsel, or Laura Stack, Senior Counsel, Office of Regulations, at 202-435-7700 or https://reginquiries.consumerfinance.gov/.

SUPPLEMENTARY INFORMATION:

I. Summary

The Home Mortgage Disclosure Act (HMDA) requires certain financial institutions to collect, report, and disclose data about their mortgage lending activity on an ongoing basis to both Federal regulators and the general public. The home mortgage market is the country's single largest market for consumer financial products and services, with $10 trillion outstanding. It is a critical source of wealth-building for both individual families and communities, and has a substantial impact on the nation's economy as evidenced by its role in triggering in 2008, the worst financial crisis since the Great Depression. As of 2015, 48 million consumers had a mortgage, representing 65 percent of all owner-occupied homes.

Federal Reserve Bank of St. Louis, Board of Governors of the Federal Reserve System (US), “Mortgage Debt Outstanding by Type of Property: One- to Four-Family Residences (MDOTP1T4FR),” https://fred.stlouisfed.org/series/MDOTP1T4FR (last updated June 9, 2017).

U.S. Census Bureau, “Selected Housing Characteristics: 2011-2015 American Community Survey 5-Year Characteristics,” https://factfinder.census.gov/faces/tableservices/jsf/pages/productview.xhtml?src=bkmk (last visited Aug. 31, 2017).

HMDA is implemented by Regulation C, which describes its purposes as helping to determine whether financial institutions are serving the housing needs of their communities; assisting public officials in distributing public-sector investment so as to attract private investment to areas where it is needed; and assisting in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. As described further below, public disclosure of HMDA data is central to the achievement of the statutory goals established by Congress.

In 2010, Congress enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), which amended HMDA to require collection of additional mortgage market data and transferred HMDA rulemaking authority and other functions from the Board of Governors of the Federal Reserve System (Board) to the Bureau. On October 28, 2015, the Bureau published a final rule amending Regulation C (2015 HMDA Final Rule) to implement the Dodd-Frank Act amendments. In the 2015 HMDA Final Rule, the Bureau interpreted HMDA, as amended by the Dodd-Frank Act, to require that the Bureau use a balancing test to determine whether and how HMDA data should be modified prior to its disclosure to the public in order to protect applicant and borrower privacy while also fulfilling HMDA's public disclosure purposes. The Bureau interpreted HMDA to require that public HMDA data be modified when the release of the unmodified data creates risks to applicant and borrower privacy interests that are not justified by the benefits of such release to the public in light of the statutory purposes.

This proposed Policy Guidance describes the Bureau's application of the balancing test to date and the loan-level HMDA data that it proposes to make available to the public beginning in 2019, with respect to data compiled by financial institutions in or after 2018, including modifications that the Bureau intends to apply to the data. In developing this guidance, the Bureau has consulted with the prudential regulators—Board, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency—the Department of Housing and Urban Development, and the Federal Housing Finance Agency. The Bureau proposes to publicly disclose the loan-level HMDA data reported under the 2015 HMDA Final Rule with the following modifications. First, the Bureau proposes to modify the public loan-level HMDA data to exclude: The universal loan identifier; the date the application was received or the date shown on the application form; the date of action taken by the financial institution on a covered loan or application; the address of the property securing the loan or, in the case of an application, proposed to secure the loan; the credit score or scores relied on in making the credit decision; the unique identifier assigned by the Nationwide Mortgage Licensing System and Registry for the mortgage loan originator; and the result generated by the automated underwriting system used by the financial institution to evaluate the application. The Bureau also intends to exclude free-form text fields used to report the following data: Applicant or borrower race; applicant or borrower ethnicity; the name and version of the credit scoring model used to generate each credit score or credit scores relied on in making the credit decision; the principal reason or reasons the financial institution denied the application, if applicable; and the automated underwriting system name.

Second, the Bureau proposes to modify the public loan-level HMDA data to reduce the precision of most of the values reported for the following data fields. With respect to the amount of the covered loan or the amount applied for, the Bureau proposes to disclose the midpoint for the $10,000 interval into which the reported value falls. The Bureau also proposes to indicate whether the reported value exceeds the applicable dollar amount limitation on the original principal obligation in effect at the time of application or origination as provided under 12 U.S.C. 1717(b)(2) and 12 U.S.C. 1454(a)(2). With respect to the age of an applicant or borrower, the Bureau proposes to bin reported values into the following ranges, as applicable: 25 to 34, 35 to 44, 45 to 54, 55 to 64, and 65 to 74; bottom-code reported values under 25; top-code reported values over 74; and indicate whether the reported value is 62 or higher. With respect to the ratio of the applicant's or borrower's total monthly debt to the total monthly income relied on in making the credit decision, the Bureau proposes to disclose without modification reported values greater than or equal to 40 percent and less than 50 percent; bin reported values into the following ranges, as applicable: 20 percent to less than 30 percent; 30 percent to less than 40 percent; and 50 percent to less than 60 percent; bottom-code reported values under 20 percent; and top-code reported values of 60 percent or higher. With respect to the value of the property securing the covered loan or, in the case of an application, proposed to secure the covered loan, the Bureau proposes to disclose the midpoint for the $10,000 interval into which the reported value falls.

This proposed Policy Guidance is exempt from notice and comment rulemaking requirements under the Administrative Procedure Act pursuant to 5 U.S.C. 553(b). It is non-binding in part to preserve flexibility to revise the modifications to be applied to the public loan-level HMDA data as necessary to maintain a proper balancing of the privacy risks and benefits of disclosure, especially in the event the Bureau becomes aware of new facts and circumstances that might contribute to privacy risks. However, the Bureau invites public comment on the proposed Policy Guidance to provide transparency, obtain public feedback on its application of the balancing test, and improve the Bureau's decisionmaking. This proposal does not re-open any portion of the 2015 HMDA Final Rule, and the Bureau does not intend in this proposal to revisit any decisions made in that rulemaking.

II. Background

A. HMDA's Purposes and the Public Disclosure of HMDA Data

The Home Mortgage Disclosure Act (HMDA), 12 U.S.C. 2801 et seq., requires certain financial institutions to collect, report, and disclose data about their mortgage lending activity on an ongoing basis to both Federal regulators and the general public. HMDA is implemented by Regulation C, 12 CFR part 1003. HMDA identifies its purposes as providing the public and public officials with sufficient information to enable them to determine whether financial institutions are serving the housing needs of the communities in which they are located, and to assist public officials in their determination of the distribution of public sector investments in a manner designed to improve the private investment environment. In 1989, Congress expanded HMDA to require, among other things, financial institutions to report racial characteristics, gender, and income information on applicants and borrowers. In light of these amendments, the Board subsequently recognized a third HMDA purpose of identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes, which now appears with HMDA's other purposes in Regulation C.

Financial Institutions Reform, Recovery, and Enforcement Act, Public Law 101-73, section 1211, 103 Stat. 183, 524-26 (1989).

54 FR 51356, 51357 (Dec. 15, 1989) (codified at 12 CFR 1003.1(b)(1)) (Bureau's post-Dodd-Frank Act Regulation C).

Public disclosure of HMDA data is central to the achievement of HMDA's goals. Since HMDA's enactment in 1975, the data financial institutions are required to disclose under HMDA and Regulation C have been expanded, public access to HMDA data has increased, and the formats in which HMDA data have been disclosed to the public have evolved to provide more useful information to the public and public officials. Amendments to the statute and Regulation C over time illustrate the importance of public access to HMDA data to fulfill the statute's purposes.

As originally promulgated, HMDA and Regulation C required a covered financial institution to make available to the public at its home and branch offices a “disclosure statement” reflecting aggregates of certain mortgage loan data. In 1980, Congress amended HMDA to increase the public's access to and the utility of the aggregated HMDA data. First, Congress amended HMDA section 304 to require that the Federal Financial Institutions Examination Council (FFIEC) implement a system to facilitate public access to the data required to be disclosed under the statute, and provided that such system must include arrangements for a “central depository of data” in each standard metropolitan statistical area (MSA). In amending Regulation C to implement this requirement, the Board noted that “the principal benefit of the central repository system is that users of HMDA data will be able to obtain all of the various institutions' disclosure statements at one location. The current system requires users to contact the institutions on an individual basis to obtain the disclosure data. Second, the 1980 HMDA amendments required that the FFIEC compile annually for each MSA aggregate data by census tract for all financial institutions required to disclose data under HMDA, and produce tables indicating, for each MSA, aggregate lending patterns for various categories of census tracts grouped according to location, age of housing stock, income level, and racial characteristics. A principal benefit cited to support these requirements was that the utility of individual institutions' disclosure statements “would be enhanced if they could be compared to aggregate [MSA] lending patterns.”

12 CFR part 203.

Housing and Community Development Act, Public Law 96-399, section 340, 94 Stat. 1614 (1980).

46 FR 11780, 11786 (Feb. 10, 1981).

Housing and Community Development Act, Public Law 96-399, section 34010, § 340, 94 Stat. 1614 (1980).

46 FR 11780, 11786 (Feb. 10, 1981).

In 1989, as noted above, Congress amended HMDA to expand the data financial institutions were required to disclose to the public. In addition to requiring that financial institutions disclose data concerning the race, sex, and income of applicants and borrowers, the 1989 amendments required that institutions disclose data on loan applications in addition to originations and purchases. In implementing these amendments in Regulation C, the Board required financial institutions to report HMDA data to their supervisory agencies on a loan-by-loan and application-by-application basis using the “loan/application register” format. Commenters on the Board's proposal to amend Regulation C to implement the 1989 amendments urged the Board to require that financial institutions make their loan/application registers available to the public to provide for more meaningful analysis of the data than that permitted by the required aggregate disclosures. The Board declined to require that financial institutions make available to the public their loan/application registers, but in 1990 the FFIEC announced that it believed public disclosure of the reported loan-level HMDA data to be “consistent with the congressional intent to maximize the utilization of lending data” and that it would make all reported HMDA data available to the public in a loan-level format, after deleting three fields to protect applicant and borrower privacy. The FFIEC first disclosed the reported loan-level HMDA data to the public in October 1991.

Financial Institutions Reform, Recovery and Enforcement Act, Public Law 101-73, section 1211, 103 Stat. 183 (1989).

12 CFR 203.4, 203.5; see also 54 FR 51356, 51359-60 (Dec. 15, 1989).

54 FR 51356, 51360-61 (Dec. 15, 1989).

55 FR 27886, 27888 (July 6, 1990). In announcing that the loan-level data submitted to the supervisory agencies on the loan/application register would be made available to the public, the FFIEC noted that “[a]n unedited form of the data would contain information that could be used to identify individual loan applicants” and that the data would be edited prior to public release to remove the application identification number, the date of application, and the date of final action.

The following year, Congress amended HMDA to require that each financial institution make available to the public its “loan application register information” for each year as early as March 31 of the succeeding year, as required under regulations prescribed by the Board. New section 304(j) directed the Board to require such deletions from the loan application register information made available to the public as the Board determined to be appropriate to protect any privacy interest of any applicant, and identified as appropriate for deletion the same three fields the FFIEC had determined should be deleted from the loan-level HMDA data it disclosed to the public. A House Report characterizes the 1992 amendment to HMDA as making “changes . . . to ensure that the public receives useful and timely information regarding the lending records of financial institutions.” The Board implemented this amendment by requiring that financial institutions make their “modified” loan/application registers available to the public after deleting the same fields deleted from the loan-level HMDA data disclosed by the FFIEC.

Housing and Community Development Act, Public Law 102-550, section 932, 106 Stat. 3672 (1992).

HMDA section 304(j) identifies as appropriate for deletion “the applicant's name and identification number, the date of the application, and the date of any determination by the institution with respect to such application.”

H. Rept. 102-760 (1992).

See 12 CFR 1003.5(c) (Bureau's successor Regulation C, which restates the Board's predecessor Regulation C). Section 1003.5(c) requires that, before making its loan/application register available to the public, a financial institution must delete three fields to protect applicant and borrower privacy: Application or loan number, the date that the application was received, and the date action was taken.

Today, HMDA data are the preeminent data source that regulators, researchers, economists, industry, and advocates use to achieve HMDA's purposes and to analyze the mortgage market. HMDA and current Regulation C continue to require that data be made available to the public in both aggregate and loan-level formats. Each financial institution is required to make its modified loan/application register available to the public, with three fields deleted to protect applicant and borrower privacy, and also make available to the public a disclosure statement prepared by the FFIEC that shows the financial institution's HMDA data in aggregate form. In addition, the FFIEC makes available to the public disclosure statements for each financial institution, aggregate reports for each MSA and metropolitan division (MD) showing lending patterns by certain property and applicant characteristics, and the loan-level dataset containing all reported HMDA data for the preceding calendar year, modified to protect applicant and borrower privacy (the agencies' loan-level release).

Home Mortgage Disclosure Act (HMDA), 12 U.S.C. 2801 et seq., as implemented by Regulation C, 12 CFR part 1003. “Current Regulation C” as used herein refers to Regulation C in effect as of the date of publication of this proposed Policy Guidance.

HMDA section 304(j)(2)(B); 12 CFR 1003.5(c).

HMDA section 304(k); 12 CFR 1003.5(b).

HMDA section 304(f); 12 CFR 1003.5(f).

HMDA section 310; 12 CFR 1003.5(f).

55 FR 27886 (July 6, 1990) (announcing that the loan-level HMDA data submitted on the loan/application register would be made available to the public after deletion of three fields to protect applicant and borrower privacy).

B. The Dodd-Frank Act and Amendments to HMDA and Regulation C

In 2010, the Dodd-Frank Act, which amended HMDA and also transferred HMDA rulemaking authority and other functions from the Board to the Bureau, was enacted into law. Among other changes, the Dodd-Frank Act again expanded the scope of information relating to mortgage applications and loans that must be collected, reported, and disclosed under HMDA and authorized the Bureau to require financial institutions to collect, report, and disclose additional information. The Dodd-Frank Act amendments to HMDA also added new section 304(h)(1)(E), which directs the Bureau to develop regulations, in consultation with the agencies identified in section 304(h)(2), that “modify or require modification of itemized information, for the purpose of protecting the privacy interests of the mortgage applicants or mortgagors, that is or will be available to the public.” Section 304(h)(3)(B), also added by the Dodd-Frank Act, directs the Bureau to “prescribe standards for any modification under paragraph (1)(E) to effectuate the purposes of [HMDA], in light of the privacy interests of mortgage applicants or mortgagors. Where necessary to protect the privacy interests of mortgage applicants or mortgagors, the Bureau shall provide for the disclosure of information . . . in aggregate or other reasonably modified form, in order to effectuate the purposes of [HMDA].”

Dodd Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1376, 1980, 2035-38, 2097-101 (2010).

These agencies are the prudential regulators—the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency—and the Department of Housing and Urban Development. Together with the Bureau, these agencies are referred to herein as “the agencies.”

Section 304(h)(3)(A) provides that a modification under section 304(h)(1)(E) shall apply to information concerning “(i) credit score data . . . in a manner that is consistent with the purpose described in paragraph (1)(E); and (ii) age or any other category of data described in paragraph (5) or (6) of subsection (b), as the Bureau determines to be necessary to satisfy the purpose described in paragraph (1)(E), and in a manner consistent with that purpose.”

On August 29, 2014, the Bureau published proposed amendments to Regulation C (2014 HMDA Proposed Rule) to implement the Dodd-Frank Act amendments and to make additional changes. After careful consideration of comments received on its proposal, the Bureau published a final rule on October 28, 2015 (2015 HMDA Final Rule) amending Regulation C. The 2015 HMDA Final Rule implements the Dodd-Frank Act amendments and makes other changes to Regulation C. Most provisions of the 2015 HMDA Final Rule go into effect on January 1, 2018 and apply to data financial institutions will collect beginning in 2018 and will report beginning in 2019.

79 FR 51732 (Aug. 29, 2014).

Home Mortgage Disclosure (Regulation C), 80 FR 66128 (Oct. 28, 2015); see also 80 FR 69567 (Nov. 10, 2015) (making technical corrections).

Certain amendments to the definition of financial institution went into effect on January 1, 2017. See 12 CFR 1003.2; 80 FR 66128, 66308 (Oct. 28, 2015).

Beginning in 2018, with respect to data compiled in 2017 and later, financial institutions will file their HMDA data with the Bureau. The Bureau will collect and process HMDA data on behalf of the FFIEC and the agencies.

The 2015 HMDA Final Rule addressed the public disclosure of HMDA data in two ways. First, the 2015 HMDA Final Rule made changes to financial institutions' public disclosure obligations under Regulation C. Under the 2015 HMDA Final Rule, the public disclosure of HMDA data is shifted entirely to the agencies. Effective with respect to HMDA data compiled in 2017 and later, financial institutions will no longer be required to provide their modified loan/application registers and disclosure statements directly to the public and will be required instead to provide only a notice advising members of the public seeking their data that it may be obtained on the Bureau's Web site. In addition to reducing burden on financial institutions associated with their disclosure of HMDA data, the 2015 HMDA Final Rule eliminates risks to financial institutions associated with errors in preparing their modified loan/application registers that could result in the unintended disclosure of data. Further, the 2015 HMDA Final Rule allows decisions with respect to what to include on the modified loan/application register to be made in conjunction with decisions regarding the agencies' loan-level data release, providing flexibility and allowing for consistency with respect to both releases. This shift of responsibility also permits the Bureau to consider modifications to protect applicant and borrower privacy that preserve data utility but that may be burdensome for financial institutions to implement. Finally, shifting the disclosure of HMDA data to the agencies will allow for easier adjustment of privacy protections applied to disclosures of loan-level HMDA data as privacy risks and potential uses of HMDA data evolve.

Also in the 2015 HMDA Final Rule, in consultation with the agencies and after notice and comment, the Bureau interpreted HMDA, as amended by the Dodd-Frank Act, to require that the Bureau use a balancing test to determine whether and how HMDA data should be modified prior to its disclosure to the public in order to protect applicant and borrower privacy while also fulfilling HMDA's public disclosure purposes. The Bureau interpreted HMDA to require that public HMDA data be modified when the release of the unmodified data creates risks to applicant and borrower privacy interests that are not justified by the benefits of such release to the public in light of the statutory purposes. In such circumstances, the need to protect the privacy interests of mortgage applicants or mortgagors requires that the itemized information be modified. This binding interpretation implemented HMDA sections 304(h)(1)(E) and 304(h)(3)(B) because it prescribed standards for requiring modification of itemized information, for the purpose of protecting the privacy interests of mortgage applicants and borrowers, that is or will be available to the public. The 2015 HMDA Final Rule's interpretation of HMDA section 304(h)(1)(E) and 304(h)(3)(B) to require a balancing test is a regulation that limits the Bureau's discretion with respect to public release of HMDA data. The standards impose binding obligations on the Bureau to evaluate the HMDA data, individually and in combination, to assess whether and how HMDA data should be modified prior to its disclosure to the public in order to protect applicant and borrower privacy while also fulfilling HMDA's public disclosure purposes. The standards for modification of itemized information that is or will be available to the public apply to all data reported under the 2015 HMDA Final Rule.

80 FR 66128, 66134 (Oct. 28, 2015).

Id.

Id. at 66133, 66252 (noting that the Bureau's application of the balancing test would include data fields currently disclosed on the modified loan/application register and in the agencies' loan-level release).

Part III of this proposed Policy Guidance describes the Bureau's application of the balancing test to date and its proposals concerning the public disclosure of the loan-level HMDA data that will be reported to the agencies pursuant to Regulation C as amended by the 2015 HMDA Final Rule. Part IV of this proposed Policy Guidance addresses other considerations related to the disclosure of HMDA data, including the disclosure of aggregate HMDA data.

The Bureau received some comments on the 2014 HMDA Proposed Rule suggesting that disclosure of certain HMDA data fields could reveal confidential business information and that such data fields should not be disclosed to the public in order to protect such information. The Bureau notes that HMDA requires modification of the HMDA data to protect the privacy interests of applicants and borrowers without mentioning the protection of confidential business information. Although the balancing test adopted in the 2015 HMDA Final Rule addresses risks to applicant and borrower privacy created by the disclosure of HMDA data, the modifications resulting from its application may mitigate some of the confidentiality concerns raised by commenters.

As discussed above and also below in part IV.C, HMDA and Regulation C require the FFIEC to make available to the public certain aggregated data. The FFIEC, the Bureau, and the other agencies continue to evaluate options for disclosure of the required aggregates of data that will be reported under the 2015 HMDA Final Rule.

III. Application of the Balancing Test

A. The Balancing Test

As noted above, in the 2015 HMDA Final Rule, the Bureau interpreted HMDA to require that public HMDA data be modified when the disclosure of the unmodified data creates risks to applicant and borrower privacy interests that are not justified by the benefits of such disclosure to the public in light of the statutory purposes. Considering the public disclosure of the loan-level HMDA dataset as a whole, risks to applicant and borrower privacy interests arise under the balancing test only where the disclosure of the unmodified loan-level HMDA dataset may both substantially facilitate the identification of an applicant or borrower in the data and disclose information about the applicant or borrower that is not otherwise public and may be harmful or sensitive. Thus, under the balancing test, risks to applicant and borrower privacy interests would not arise if a loan-level dataset substantially facilitated the identification of applicants and borrowers in the data but revealed no information about applicants and borrowers that was harmful or sensitive and not otherwise public. Alternatively, risks to applicant and borrower privacy interests would not arise under the balancing test if a loan-level dataset contained harmful or sensitive information about applicants and borrowers that was not otherwise public but it was not possible to identify an applicant or borrower in the dataset.

80 FR 66128, 66134 (Oct. 28, 2015).

Accordingly, under the balancing test, the disclosure of the loan-level HMDA dataset creates risks to applicant and borrower privacy interests only where at least one data field or a combination of data fields in the dataset substantially facilitates the identification of an applicant or borrower, and at least one data field or combination of data fields discloses information about the applicant or borrower that is not otherwise public and may be harmful or sensitive. At the individual data field level, a field may create “re-identification risk” by substantially facilitating the identification of an applicant or borrower in the HMDA data (for example, as discussed below, because it may be used to match a HMDA record to an identified record), or may create “risk of harm or sensitivity” by disclosing information about the applicant or borrower that is not otherwise public and may be harmful or sensitive. Assessing the risks to applicant and borrower privacy under the balancing test requires an evaluation of the unmodified HMDA dataset as a whole and of the individual data fields contained in the dataset.

Where the public disclosure of the unmodified loan-level HMDA dataset would create risks to applicant and borrower privacy, the balancing test requires that the Bureau consider the benefits of disclosure to HMDA's purposes and, where these benefits do not justify the privacy risks the disclosure would create, modify the dataset to appropriately balance the privacy risks and disclosure benefits. An individual data field is a candidate for potential modification under the balancing test if its disclosure in unmodified form would create a risk of re-identification or a risk of harm or sensitivity.

As discussed further below, with respect to the HMDA data that will be reported to the agencies under the 2015 HMDA Final Rule and based on its analysis to date, the Bureau believes that public disclosure of the unmodified loan-level dataset, as a whole, would create risks to applicant and borrower privacy interests under the HMDA balancing test. This is due to the presence in the dataset of individual data fields that the Bureau believes would create re-identification risk and the presence of individual data fields that the Bureau believes are not currently public and would create a risk of harm or sensitivity. The Bureau thus has applied the balancing test to determine whether and how it should modify the HMDA data that will be reported under the 2015 HMDA Final Rule before it is disclosed to the public. Based on its analysis, the Bureau believes that the balancing test requires the loan-level HMDA dataset to be modified before it is disclosed to the public to reduce risks to applicant and borrower privacy created by disclosure and appropriately balance them with the benefits of disclosure for HMDA's purposes. The Bureau proposes to modify the public loan-level dataset as described in this proposed Policy Guidance. The Bureau believes that the modifications to the loan-level HMDA dataset proposed in this Policy Guidance would reduce risks to applicant and borrower privacy and appropriately balance them with the benefits of disclosure for HMDA's purposes. The Bureau seeks comment on all aspects of this proposed Policy Guidance, including its analysis of risks to applicant and borrower privacy, its application of the balancing test, and its proposed modifications.

With respect to data compiled in 2018 or later, this proposed Policy Guidance describes the modifications the Bureau proposes to apply to the agencies' loan-level release and to each financial institution's modified loan/application register. The terms “loan-level dataset” and “loan-level data” used herein refer to HMDA data disclosed on the loan level, whether the data are those submitted by an individual financial institution or by all reporting financial institutions.

This part III.A describes the benefits of public disclosure of the data that will be reported under the 2015 HMDA Final Rule, the risks to applicant and borrower privacy that may be created by the public disclosure of the unmodified HMDA data that the Bureau has considered, and the Bureau's approach to balancing these benefits and risks. Part III.B describes the application of the balancing test to the data that will be reported under the 2015 HMDA Final Rule and the Bureau's proposed modifications to the loan-level HMDA data that will be disclosed to the public.

Disclosure Benefits

Under the balancing test, the Bureau considers the benefits of disclosure of the loan-level HMDA data to the public. As described above, HMDA has a long history of providing the public with information about mortgage lending activity, and Congress has repeatedly amended the statute to increase the scope and utility of the data disclosed to the public. Users of HMDA data have relied on this information to help achieve HMDA's purposes: Helping to determine whether financial institutions are serving the housing needs of their communities; assisting public officials in distributing public-sector investment so as to attract private investment to areas where it is needed; and assisting in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. Today, HMDA data are the preeminent data source that regulators, researchers, economists, industry, and advocates rely on to achieve HMDA's purposes and to analyze the mortgage market.

For more information about the history and benefits of HMDA, see the supplementary information to the Bureau's 2014 HMDA Proposed Rule, 79 FR 51732, 51735-36 (Aug. 29, 2014), and the Bureau's 2015 HMDA Final Rule, 80 FR 66128, 66129-31 (Oct. 28, 2015).

Community groups, researchers, and public officials have used HMDA data to help determine whether financial institutions are serving the housing needs of their communities. For example, HMDA data have enabled community groups to understand the magnitude of disinvestment within minority neighborhoods. Public officials have relied on HMDA data to compare the lending activity of financial institutions to the credit needs of communities and to examine whether minority communities were disproportionately affected by foreclosures following the financial crisis. Further, community groups relied on HMDA data to document the rise in subprime lending among minority communities in the years before the financial crisis.

See John Goering and Ron Wienk, “Mortgage Lending, Racial Discrimination and Federal Policy,” at 10 (Urban Inst. Press 1996).

Robert B. Avery & Thomas M. Buynak, “Economic Review—Mortgage Redlining: Some New Evidence,” at 18-32 (Fed. Reserve Bank of Cleveland, Working Paper No. 0013-0281, 1981), available at https://fraser.stlouisfed.org/scribd/?item_id=4183&filepath=/files/docs/publications/frbclevreview/rev_frbclev_198102.pdf;; Carolina Reid and Elizabeth Laderman, “The Untold Costs of Subprime Lending: Examining the Links Among Higher-Priced Lending, Foreclosures and Race in California” (Fed. Reserve Bank of S.F., Working Paper No. 2009-09, 2009), available at https://iasp.brandeis.edu/pdfs/Author/reid-carolina/The%20Untold%20Costs%20of%20Subprime%20Lending%203.pdf.

“Home Mortgage Disclosure Act: Newly Collected Data and What It Means,” Hearing on the 2004 Home Mortgage Disclosure Act before the Subcomm. on Fin. Servs. and Consumer Credit of the H. Comm. on Fin. Servs., 109th Cong. 4 (2006) (written testimony of Calvin Bradford, President, Calvin Bradford Assocs., Ltd., on behalf of the Nat'l Fair Hous. Alliance).

Public officials also have used HMDA data to develop and allocate housing and community development investments. For example, local governments have used HMDA data to characterize neighborhoods for purposes of determining the most effective use of housing grants, to select financial institutions for contracts and participation in local programs, and to identify a need for homebuyer counseling and education. Similarly, the Department of Housing and Urban Development used HMDA data to develop the formula by which funding would be provided to communities suffering from foreclosures and abandonment under the Neighborhood Stabilization Program.

See City of Albuquerque, Dep't of Family and Comty. Hous., “Five Year Consolidated Housing Plan and Workforce Housing Plan (2008-2012),” at 100 (2008), available at http://www.cabq.gov/family/documents/ConsolidatedWorkforceHousingPlan20082012final.pdf;; City of Antioch, Cal., “Fiscal Year 2012-2013: Consolidated Annual Performance Evaluation Report,” at 29 (2012), available at http://ci.antioch.ca.us/CitySvcs/CDBGdocs/CAPER%20FY%2012-13.pdf;; City of Lawrence, Mass., “HUD Consolidated Plan 2010-2015,” at 68 (2010), available at http://www.cityoflawrence.com/Data/Sites/1/documents/cd/Lawrence_Consolidated_Plan_Final.pdf.

See U.S. Dep't of Housing and Urban Dev., “Neighborhood Stabilization Program Formula Methodology” (2008), available at https://www.huduser.gov/portal/datasets/NSP.html.

HMDA data have also been used by public officials, researchers, and community groups to identify potentially discriminatory lending patterns and to enforce antidiscrimination statutes. For example, researchers, journalists, and public officials relied on HMDA data along with other publicly available data to identify racial disparities in mortgage lending between neighborhoods in Atlanta, Detroit, and Boston. Since Congress amended HMDA to require reporting of the race, gender, and income of individual applicants and borrowers, the expanded HMDA data have been used to identify potential discriminatory lending practices. Community groups have used the data to monitor fair lending within their communities and enter into agreements with financial institutions to ensure that the local needs were being served in a responsible manner. HMDA data also played an important role in recent enforcement actions by the Illinois and New York Attorneys General related to discriminatory mortgage lending. The Bureau and other regulators regularly rely on HMDA data in fair lending analyses, including in identifying possible discriminatory practices such as illegal redlining.

Bill Dedman, “The Color of Money,” (parts 1-4), Atlanta Journal-Const., May 1-4, 1988; David Everett et al., “The Race for Money,” (parts 1-4), Detroit Free Press, July 24-27, 1988; Bill Dedman, “Blacks Turned Down for Home Loans from S&Ls Twice as Often as Whites,” Atlanta Journal-Const., Jan. 22, 1989; Katharine Bradbury et al., “Geographic Patterns of Mortgage Lending in Boston, 1982-1987,” New Eng. Econ. Rev., (1989). These reports and studies helped motivate Congress to amend HMDA to improve publicly available information about lending practices through the Financial Institutions Reform, Recovery, and Enforcement Act of 1989.

Federal Institutions Reform, Recovery, and Enforcement Act, Public Law 101-73, section 1211, § 304, 103 Stat. 183, 524-26 (1989).

For example, researchers have found evidence that, in many cases, an applicant's race alone influenced whether the applicant was denied credit. See, e.g., Alicia H. Munnell et al., “Mortgage Lending in Boston: Interpreting the HMDA Data,” at 22 (Am. Econ. Rev., Fed. Reserve Bank of Boston Working Paper 92-7 (1992); James H. Carr & Isaac F. Megbolugbe, “The Federal Reserve Bank of Boston: Study on Mortgage Lending Revisited,” 4 J. of Hous. Res. 2, at 277 (1993).

See Adam Rust, “A Principle-Based Redesign of HMDA and CRA Data in Revisiting the Community Reinvestment Act: Perspectives on the Future of the Community Reinvestment Act,” at 179 (Fed. Reserve Banks of Bos. and S.F. 2009).

Yana Kunichoff, “Lisa Madigan credits Reporter with initiating largest discriminatory lending settlements in U.S. history,” Chicago Rep. (June 14, 2013), available at http://www.chicagonow.com/chicago-muckrakers/2013/06/lisa-madigan-credits-reporter-with-initiating-largest-discriminatory-lending-settlements-in-u-s-history/;;; Press Release, N.Y. State Off. of the Att'y Gen., “Attorney General Cuomo Obtains Approximately $1 Million For Victims Of Greenpoint's Discriminatory Lending Practices” (July 16, 2008), available at http://www.ag.ny.gov/press-release/attorney-general-cuomo-obtains-approximately-1-million-victims-greenpoints.

Although certain regulators have access to the non-public HMDA data, their analyses also rely heavily on data fields that are publicly disclosed.

In enacting the Dodd-Frank Act in 2010, Congress expanded the data financial institutions are required to collect, report, and disclose under HMDA and authorized the Bureau to require additional information. The Bureau's 2015 HMDA Final Rule amended Regulation C to implement the Dodd-Frank Act amendments and address the informational shortcomings exposed by the financial crisis to better meet the needs of the public, public officials, and regulators. Although the 2015 HMDA Final Rule did not address the specific data fields that would be disclosed to the public in the loan-level HMDA data, the rule required the collection and reporting of a number of data fields which, if publicly disclosed, would improve the ability of HMDA data users to fulfill HMDA's purposes.

For example, mandatory reporting of information about the reasons for denial of a loan application, combined with data fields used to make underwriting decisions, would improve the ability to understand lenders' decision-making and to identify possible discriminatory lending patterns in underwriting. Pricing information, such as rate spread for additional types of loans, total loan costs, total discount points, lender credits, and interest rate, would allow users to better understand pricing decisions and the cost of credit to mortgage borrowers. Information about manufactured housing and multifamily financing would allow users to better understand important sources of housing for low-income and potentially financially vulnerable borrowers, which helps users determine whether financial institutions are serving the housing needs of their communities and helps public officials target public investment to better attract private investment. Information about the ages of applicants or borrowers and disaggregated racial and ethnic information would assist in identifying potentially discriminatory lending patterns and help determine whether financial institutions are serving the housing needs of their communities. Data fields about occupancy status and home-equity lines of credit provide information about potentially speculative purchases of housing and the degrees of leverage borrowers are undertaking. This information would better allow users to identify trends in the mortgage market that may increase systemic risk to the overall economy. Understanding these risks helps public officials distribute public-sector investment and helps users determine whether financial institutions are serving the housing needs of their communities.

Today, HMDA data represent a public good that responds to the fact that private lenders do not, in the ordinary course, make information about their loans and lending decisions publicly available. HMDA provides the only source of loan-level mortgage data with comprehensive national coverage that is free and easily accessible to the public. Other publicly available mortgage datasets lack information crucial for HMDA's purposes that is found in the HMDA data, such as the race, ethnicity, and sex of applicants and borrowers. Private data vendors sell several large datasets that typically contain data collected from the largest mortgage loan servicers or securitizers, but none of these datasets match the coverage of the HMDA data. These private datasets also typically lack information that identifies individual lenders and therefore cannot be used to study whether specific lenders are meeting community needs or may be making discriminatory credit decisions. Additionally, the Bureau is aware of no private dataset that includes information about applications that do not result in originated loans. By including applications in addition to originated and purchased loans, HMDA provides a near-census of the mortgage market that allows users to draw a detailed picture of the supply and demand of mortgage credit at various levels of geographic and lender aggregation. Finally, unlike the HMDA data, private datasets are costly for subscribers, creating a substantial hurdle for many community groups, government agencies, and researchers that wish to access them.

HMDA data also benefit users by addressing the information asymmetries present in credit markets. The degree of control that lenders exercise over the mortgage lending process gives them a significant information advantage over borrowers, researchers, and other members of the public. This advantage can contribute to certain types of lender behavior, such as discrimination or predatory lending, that conflict with the best interests of borrowers and the housing needs of communities. The relative difference in information may also lead to herding behavior where both lenders and consumers pursue risky mortgage loans based primarily on the popularity of these products, creating substantial systemic risk to the mortgage market and the financial system. Publicly available mortgage data increase transparency in the mortgage market, narrowing the information gap between lenders and borrowers, community groups, and public officials. Greater information can enable these latter parties to advocate for financial institutions to maintain fair practices and serve the housing needs of their communities, and can increase the prospect of self-correction by financial institutions. Additional information also helps to reduce the herding behavior of both lenders and borrowers, reducing systemic risk.

Risks to Applicant and Borrower Privacy Interests

The Bureau has considered the risks to applicant and borrower privacy that may be created by the public disclosure of the HMDA data that will be reported to the agencies under the 2015 HMDA Final Rule. Based on its analysis to date, the Bureau believes that public disclosure of the unmodified loan-level dataset, as a whole, would create risks to applicant and borrower privacy interests under the HMDA balancing test. As described in more detail below, this is due to the presence in the dataset of individual data fields that the Bureau believes would create re-identification risk and the presence of individual data fields that the Bureau believes would create a risk of harm or sensitivity. However, the Bureau believes that the modifications to the loan-level HMDA dataset proposed in this Policy Guidance would reduce these risks to applicant and borrower privacy and appropriately balance them with the benefits of disclosure for HMDA's purposes.

Re-Identification Risk

In evaluating the potential re-identification risk presented by the disclosure of the unmodified loan-level HMDA data that will be reported under the 2015 HMDA Final Rule, the Bureau has considered the data fields contained in the dataset, the likely methods by which applicants and borrowers could be identified in the dataset, the nature and availability of additional datasets that may be useful to the re-identification of HMDA data, and the incentives and capabilities of persons interested in re-identification. The Bureau uses the term “adversary” when referring to such persons. The term is not intended to indicate that the adversary's motives are necessarily malicious or adverse to the interests of the individuals in the dataset.

See, e.g., Nat'l Inst. of Standards Tech., “De-Identification of Personal Information (2015),” available at http://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf (using “adversary” to refer to an entity attempting to re-identify data).

In the HMDA context, the Bureau is concerned about two re-identification scenarios. First, an adversary may use common data fields to match a HMDA record to a record in another dataset that contains the identity of the applicant or borrower. Second, an individual may rely on pre-existing personal knowledge to recognize an applicant or borrower's record in the unmodified HMDA data.

Under the first scenario, it may be possible to match a HMDA record to a record from an identified dataset directly, or data fields from additional datasets may need to be matched to the HMDA record to complete the match to the identified record. However, successfully re-identifying a HMDA record would require several steps and may present a significant challenge. First, an adversary generally would have to isolate a record that is unique within the HMDA data. A HMDA record is unique when the values of the data fields associated with it are shared by no other HMDA record. But a HMDA record's uniqueness alone would not automatically result in its re-identification; an adversary would have to find a record corresponding to the applicant or borrower in another dataset that shares data fields with the unique HMDA record that permit the records to be matched. Once a unique HMDA record has been matched to a corresponding record, an adversary would possess any additional fields found in the corresponding record but not found in the HMDA record, such as the identity of the applicant or borrower. However, even after accomplishing such a match, an adversary might not have accurately re-identified the true applicant or borrower to whom the HMDA record relates.

If the corresponding record lacks the name of the applicant or borrower, an adversary may be able to use data fields from the corresponding record to match to a record in another identified dataset.

For example, if the corresponding record is not the only record in the other dataset that shares certain data fields with the unique HMDA record, an adversary would have to make a probabilistic determination as to which corresponding record belongs to the applicant or borrower. Also, depending on the coverage of the other dataset, a corresponding record may be unique in the other dataset but not unique in the general population.

The HMDA data that will be reported under the 2015 HMDA Final Rule, like the data reported under current Regulation C, contain data fields that create re-identification risk. First, the HMDA data display a high level of record uniqueness. As explained above, record uniqueness alone does not mean that a record can be re-identified, but a unique HMDA record could be matched to a corresponding record in another dataset that is available to an adversary. In the HMDA context, the Bureau believes that particularly relevant sources of identified data for matching purposes are publicly available real estate transaction records and property tax records. Although there is variance by jurisdiction, such records are often available electronically and typically identify a borrower through documents such as the mortgage or deed of trust. These documents typically include the loan amount, the financial institution, the unique identifier assigned to the mortgage originator, the borrower's name, and the property address, and may include other information. Because some of these data fields are also present in the HMDA data, the Bureau believes that the release of loan-level HMDA data without any modifications would create a risk that these public records could be directly matched to a HMDA record to re-identify an applicant or borrower.

In 2005, researchers at the Board found that “[m]ore than 90 percent of the loan records in a given year's HMDA data are unique—that is, an individual lender reported only one loan in a given census tract for a specific loan amount.” Robert B. Avery et al., “New Information Reported under HMDA and Its Application in Fair Lending Enforcement,” at 367 Fed. Reserve Bulletin (Summer 2005), available at http://www.federalreserve.gov/pubs/bulletin/2005/3-05hmda.pdf.

None of the public or private datasets discussed herein include information about applications that do not result in originated mortgage loans. The Bureau believes that the lack of public information about applications would significantly reduce the likelihood that an adversary could match the record of a HMDA loan application that was not originated to an identified record in another dataset. Therefore, the Bureau believes that the risk of re-identification to applicants is significantly lower than the risk to borrowers. However, some of the information contained in the unmodified HMDA data for applicants may permit an adversary to re-identify an applicant despite the lack of publicly available real estate records reflecting the transaction. For example, if an applicant withdraws an application and obtains a loan secured by the same property from another institution, it may be possible to link the HMDA data for the withdrawn application with the data for the origination, as much of the property and borrower information will be identical.

Other publicly available sources of data similar to those included in the HMDA data that will be reported under the 2015 HMDA Final Rule include loan-level performance datasets made available by the Government-Sponsored Enterprises (GSEs) and mortgage-backed securities datasets made available by the Securities and Exchange Commission through the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system. The loan-level performance datasets include data fields similar to those that will be included in the unmodified HMDA data, such as credit score, loan amount, interest rate, debt-to-income ratio, combined loan-to-value ratio, and loan-to-value ratio. The mortgage-backed securities dataset includes similar information, such as the credit score, loan amount, lien status, property value, and debt-to-income ratio. These datasets are available online with limited restrictions on access. But these datasets do not include the name of the borrower; as described above, this means that an adversary who is able to match a record in one of these datasets to a record in HMDA would need to make an additional match to an identified dataset to re-identify a borrower. And some of these datasets contain restrictions on use, such as a prohibition on attempting to re-identify individual borrowers.

SE.C., “Electronic Data Gathering, Analysis, and Retrieval (EDGAR),” https://www.sec.gov/edgar.shtml (last visited January 26, 2017); Fannie Mae, “Fannie Mae Single-Family Loan Performance Dataset,” http://www.fanniemae.com/portal/funding-the-market/data/loan-performance-data.html (last visited Jan. 26, 2017); Freddie Mac, “Single Family Loan-Level Dataset,” http://www.freddiemac.com/news/finance/sf_loanlevel_dataset.html (last visited Jan. 26, 2017); Ginnie Mae, “Data Dictionaries,” http://www.ginniemae.gov/investors/disclosures_and_reports/Pages/Disclosure-Data-Dictionaries.aspx (last visited Jan. 26, 2017).

See, e.g., Freddie Mac, “Terms for Single-Family Loan-Level Dataset Registration and Login Pages,” https://freddiemac.embs.com/FLoan/HistoricalDataTerms.html (last visited Mar. 20, 2017).

Private datasets that could be matched to the HMDA data are also available. For example, data brokers collect information about consumers from a wide range of sources and sell it for a variety of purposes, including marketing, identity verification, and fraud detection. These datasets typically include data collected from commercial, government, and other publicly available sources and may contain data about mortgage loan borrowers, including age, income, loan-to-value ratio, property value, loan amount, address, race, ethnicity, and origination date. Other datasets specific to mortgage loans are provided for purposes of evaluating mortgage-backed securities, identifying marketing opportunities, or analyzing market trends. These datasets may include loan amount, interest rate, credit score, negative amortization features, and closing date. Some of these datasets include the names of consumers, although others contain de-identified loan-level mortgage data. However, these datasets may contain contractual restrictions on use and re-disclosure, including prohibiting their use for re-identification purposes, and may be cost-prohibitive for many potential adversaries.

See generally Fed. Trade Comm'n, “Data Brokers: A Call for Transparency and Accountability,” (May 2014), available at https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf (describing the types of products offered and the data sources used by data brokers).

In addition to considering the steps an adversary would need to complete to re-identify the HMDA data and the various data sources that may be required to accomplish re-identification, including their limitations, the Bureau also has considered the capacity, incentives, and characteristics of potential adversaries, including those that may attempt re-identification for harmful purposes. The Bureau believes that some potential adversaries may be interested in re-identifying the HMDA data for marketing or other commercial purposes. For example, the unmodified HMDA data contain information about applicants and borrowers, and features of the loans they obtained or applied for, that the Bureau believes would have commercial appeal for marketing and advertising. Although extensive data about identified consumers is already available to marketers, the Bureau believes that at least some of the HMDA data that may be useful to marketers are typically not publicly available from any source for marketing purposes, are available in limited circumstances, or may be less reliable or precise than the HMDA data may be perceived to be. These potential adversaries could possess the resources to use private datasets in addition to publicly available records to re-identify the HMDA data. However, the Bureau has considered the extent to which much of the commercial benefit to be obtained by re-identifying the HMDA data may be more readily available from private datasets to which these potential adversaries already have access without the need for recourse to the HMDA data. In many cases, information from other datasets may be timelier than that found in the HMDA data, where the delay between action taken on a loan and disclosure of the loan-level HMDA data ranges from 3 to 15 months. Further, some of these potential adversaries may refrain from re-identifying the HMDA data for reputational reasons or because they have agreed to restrictions on using data from the additional datasets described above for re-identification purposes.

For example, a marketer currently may obtain from a consumer reporting agency a “prescreened” list of consumers meeting certain criteria, such as a minimum credit score, only for the purpose of making a “firm offer of credit or insurance.” 15 U.S.C. 1681b(c), 1681a(l).

For example, private datasets may only contain an estimate of the household income, while the HMDA data contains the gross annual income relied on by the financial institution, which may be more accurate.

Additionally, although most academics, researchers, and journalists use HMDA data only for HMDA purposes or market monitoring, some may be interested in re-identifying the HMDA data for purposes of research. These persons may differ in their capacity to re-identify an applicant or borrower in the HMDA data. The Bureau believes that those who lack resources are likely to attempt to match a HMDA record to publicly available datasets such as real estate transaction records, while those with relatively greater resources may also rely on private datasets. However, as mentioned above, some private datasets may have contractual terms prohibiting their use for re-identification purposes. Further, those academics or journalists with significant resources may be affiliated with organizations that have reputational or institutional interests that would not be served by re-identifying the HMDA data. These factors may reduce the risk of re-identification by such persons.

The Bureau has considered whether parties intending to commit identity theft or financial fraud may have the incentive and capacity to re-identify the HMDA data. As discussed further below, the Bureau believes that the HMDA data would be of minimal use for these purposes. For example, the HMDA data will not include information typically required to open new accounts in a consumer's name, such as Social Security number, date of birth, place of birth, passport number, or driver's license number, nor will they include information useful to perpetrate existing account fraud, such as account numbers or passwords. Further, these potential adversaries are not law abiding and may have easier, albeit illegal, ways to secure data for these purposes than attempting to re-identify loan-level HMDA data. The resources of these potential adversaries likely vary, so some may be able to use private datasets in addition to publicly available records to re-identify the HMDA data were they to attempt to do so.

In addition to the possibility of re-identifying borrowers through matching HMDA data to other datasets, some potential adversaries may be able to re-identify a particular applicant or borrower in the HMDA data by relying on personal knowledge about the applicant or borrower. As noted above, the Bureau believes that the HMDA data display a high level of record uniqueness, and the unmodified HMDA data include location and demographic information, such as race, sex, ethnicity, and age, that may be known to a potential adversary who is familiar with a specific applicant or borrower. Therefore, such a potential adversary may be able to re-identify a known applicant or borrower even if traditionally identifying information is not disclosed and without attempting to match a HMDA record to an identified record. This potential adversary could include a neighbor or acquaintance of the applicant or borrower, and the interest in re-identification may range from mere curiosity to the desire to embarrass or otherwise harm the applicant or borrower. Although these potential adversaries may lack the sophistication or resources required to re-identify a HMDA record by matching it to other datasets, they may possess a high level of specific knowledge about the characteristics of a particular applicant or borrower. Because the pre-existing personal knowledge possessed by such a potential adversary is typically limited to information about a single individual, or a small number of individuals, any re-identification attempt by such a potential adversary would likely target or impact a limited number of individuals. Although the Bureau believes that location and demographic information may be more likely to be known than other information in the HMDA data, it is impossible to predict the exact content of any pre-existing personal knowledge that such a potential adversary may possess. This uncertainty creates challenges for evaluating the degree to which individual data fields contribute to the risk of re-identification by such a potential adversary.

For example, although the Bureau is aware of no dataset with detailed information on mortgage loan applicants, an adversary with personal knowledge of an applicant could identify an applicant in the HMDA data.

Risk of Harm or Sensitivity

The Bureau has considered whether, if a loan-level record in the HMDA dataset were re-identified, HMDA data that will be reported under the 2015 HMDA Final Rule would disclose information about the applicant or borrower that is not otherwise public and may be harmful or sensitive. To the extent a HMDA record could be associated with an identified applicant or borrower and could also be successfully matched to another de-identified dataset to re-identify such a dataset, harmful or sensitive information in that dataset that is not otherwise public may also be disclosed. The Bureau has considered whether the HMDA data could be used for harmful purposes such as perpetrating fraud or identity theft against an applicant or borrower or for targeted marketing of products and services that may pose risks that are not apparent. The Bureau has also considered whether certain HMDA data fields may be viewed as sensitive if associated with a particular applicant or borrower, even where the disclosure of the data field is unlikely to lead to financial or other tangible harms. In evaluating the potential sensitivity of a data field, the Bureau has also considered whether disclosure of the data field could cause dignity or reputational harm or embarrassment, or could be considered outside of societal or cultural expectations with respect to what information is available to the general public.

As noted above, today, significant amounts of identifiable data concerning consumers is available to the general public, including in public records. Identifiable consumer information is also available from commercial data sources with varying barriers to access and restrictions on use. In evaluating the risk of harm or sensitivity created by the public disclosure of loan-level HMDA data, the Bureau's analysis has considered the degree to which such disclosure would increase these risks to applicant and borrower privacy compared to the risks that already exist, absent the public availability of the data in HMDA. Accordingly, the Bureau has considered whether the data that will be reported under the 2015 HMDA Final Rule are typically publicly available in an identifiable form and, if so, any barriers to accessing the information or restrictions on its use. Depending on the nature and extent of the public availability of a particular data field, the Bureau generally considers public availability to reduce any risk of harm or sensitivity that may be created by the public disclosure of the data field in the loan-level HMDA data. For example, although some borrowers may consider the amount of their mortgage to be sensitive, the Bureau believes that this information is often publicly available and considers such availability to reduce the risk of harm or sensitivity that may be created by the disclosure of this unmodified data field in the HMDA data. In other words, if potentially harmful or sensitive information about an applicant or borrower is already available to the general public, disclosure of that information in the loan-level HMDA data creates less risk of additional harm or sensitivity than if the data were otherwise not publicly available about the applicant or borrower.

In evaluating the risk of harm or sensitivity created by the disclosure of the loan-level HMDA data, the Bureau also has considered the likelihood that the loan-level HMDA data would be re-identified and used for harmful purposes or to embarrass or damage the reputation of an applicant or borrower. As discussed above, the Bureau generally believes that successful re-identification of loan-level HMDA data would require several steps and may represent a significant challenge. Even where an adversary is able to match a HMDA record to a record in an identified dataset, the adversary still may not have accurately identified the true applicant or borrower to whom the HMDA record relates. To the extent that the risk that re-identification would be accomplished is low, the risk of disclosing harmful or sensitive information is reduced.

The Bureau believes that the unmodified loan-level HMDA data that will be reported under the 2015 HMDA Final Rule would be of minimal use for purposes of perpetrating identity theft or financial fraud against applicants and borrowers. As noted above, the HMDA data will not include information typically required to open new accounts in a consumer's name, such as Social Security number, date of birth, place of birth, passport number, or driver's license number, nor do they include information useful to perpetrate existing account fraud, such as account numbers or passwords. Although almost any information relating to an individual could at least theoretically be used by an adversary seeking to steal the identity of or commit fraud against the individual, the Bureau does not believe that disclosure of the HMDA data would be likely to increase information available for these purposes. For example, the HMDA data will include the name of the financial institution and other details about the loan terms that could be used in a phishing attack against an applicant or borrower by a perpetrator pretending to be the financial institution, but data that could be used for this purpose are often already available in publicly available real estate transaction records. The Bureau has also considered whether the HMDA data could be used for knowledge-based authentication purposes, but believes the data are unlikely to increase information available that is typically used for such purposes.

As noted above, however, to the extent a HMDA record could be associated with an identified applicant or borrower and could also successfully be matched to a de-identified dataset to re-identify such a dataset, harmful or sensitive information in that dataset that is not otherwise public may also be disclosed.

Phishing is an attempt by a perpetrator to obtain sensitive information, such as account numbers or passwords, by masquerading as a legitimate company. Phishing is typically conducted by fraudulent email messages appearing to come from a legitimate company that direct the recipient to a spoofed Web site or otherwise get the recipient to divulge private information. The perpetrators then use this private information to commit identity theft.

Knowledge-based authentication (KBA) is a method of authentication which seeks to prove the identity of someone accessing a service, such as an account at a financial institution. KBA requires the knowledge of information about a particular individual to prove that a person attempting to access a service is the individual. “Static” KBA, also known as “shared secrets,” relies on information initially shared by the individual to the provider of the service, such as an answer to a question, which is later retrieved when an individual seeks to access the service. “Dynamic” KBA uses knowledge questions to verify identity but does not require the individual to have provided the questions and answers beforehand. Dynamic KBA questions are compiled from data known to or obtained by the institution, such as transaction history or data from credit reports.

The Bureau believes that some of the unmodified loan-level HMDA data would provide information that is not already public and could be used to target applicants and borrowers for marketing, including marketing for products and services that may pose risks that are not apparent. As noted above, the unmodified HMDA data would provide information about an applicant's or borrower's financial condition and, with respect to a borrower, details about the loan obtained. The Bureau believes that, at least for a period of time after the loan-level HMDA data are disclosed, this information may be useful to those looking to offer financial products and services or otherwise improve market segmentation. Although these data could be used to market products and services that would be beneficial for applicants and borrowers, perhaps increasing competition among lenders that could help consumers receive the best loan terms possible, they could also be used to target potentially vulnerable consumers with marketing for products and services that may pose risks that are not apparent. For example, certain information about a loan might be perceived to reveal information about a borrower's sophistication as a consumer of financial products and services, and information about a borrower's financial condition may suggest vulnerability to scams relating to debt relief or credit repair.

Finally, the Bureau believes that some of the unmodified loan-level HMDA data that will be reported to the agencies under the 2015 HMDA Final Rule would be considered sensitive by most consumers. In assessing whether a data field creates a risk of sensitivity, the Bureau has considered if its disclosure could lead to dignity or reputational harm or embarrassment, or could be considered outside of societal or cultural expectations with respect to what information is available to the general public.

Balancing Risks and Benefits

In applying the balancing test, the Bureau has considered the risks to applicant and borrower privacy interests that would be created by the public disclosure of the unmodified loan-level HMDA data that will be reported under the 2015 HMDA Final Rule and the benefits of such disclosure in light of HMDA's purposes. As discussed above, assessing risks to applicant and borrower privacy under the balancing test requires an evaluation of the unmodified HMDA dataset as a whole and of the individual data fields contained in the dataset. In developing this proposal, the Bureau reviewed the contribution of each data field, individually and in combination, toward the potential re-identification of an applicant or borrower in the HMDA dataset. As described above, for purposes of the HMDA balancing test, a significant re-identification risk is created by uniqueness in the HMDA data among data fields that are also found in other records that identify an applicant or borrower. The Bureau has reviewed the availability of public records in several jurisdictions and has also considered qualitative factors such as the capacity, incentives, and characteristics of potential adversaries that may be interested in re-identification, the public availability of HMDA data fields in other datasets, the barriers to obtaining these datasets, and the degree to which the other datasets are identifiable. The Bureau has also considered whether certain data fields may be more likely than others to be known by a potential adversary with personal knowledge about the applicant or borrower.

The Bureau also considered whether disclosure of the loan-level HMDA data, if it were to be re-identified, would reveal information about the applicant or borrower that is not otherwise public and may be harmful or sensitive. As described above, this consideration involved reviewing the potential for disclosure to cause financial fraud or identity theft, harmful targeted marketing, or sensitivity concerns. The Bureau considered the nature of potential harms that might result from disclosure of each data field individually and in combination, and the strength of the field's contribution to such harms. The Bureau also considered whether each data field is typically publicly available in identified records and, if so, any barriers to accessing the information or restrictions on its use.

In addition, the Bureau evaluated the contribution of the data fields, both individually and in combination, toward the purposes of HMDA: Helping to determine whether financial institutions are serving the housing needs of their communities; assisting public officials in distributing public-sector investment so as to attract private investment to areas where it is needed; and assisting in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. Every HMDA data field provides benefits to achieving the statutory purposes, but different data fields may provide more value for certain statutory purposes or types of analyses. Data fields were examined for both current and potential uses.

For data fields the public disclosure of which the Bureau preliminarily believes would create risks to applicant and borrower privacy interests, either because a field increases re-identification risk or poses a risk of harm or sensitivity, the Bureau has weighed these risks against the benefits of disclosure. Where the Bureau has preliminarily determined that the disclosure of an individual data field, alone or in combination with other fields, would create risks to applicant and borrower privacy that are not justified by the benefits of disclosure to HMDA's purposes, the Bureau has considered whether it could appropriately balance the privacy risks and disclosure benefits through strategies such as binning, rounding, and top- and bottom-coding, or whether the public dataset should be modified by excluding the field. The Bureau has also evaluated the risks and benefits of disclosing a data field in light of the proposed modifications considered for the other data fields. The Bureau is mindful of the connection between the risk of re-identification and the risk of harm or sensitivity. To the extent that the risk of re-identification created by disclosure of the HMDA data is reduced, the risk of disclosing harmful or sensitive information is also reduced. Conversely, to the extent that the public loan-level HMDA data do not disclose information that is harmful or sensitive, the consequences of re-identification are reduced. Where the Bureau has preliminarily determined that some modification of a data field is appropriate, the Bureau's consideration of the available forms of modification for the HMDA data is also informed by the operational challenges associated with various forms of modification and the need to make financial institutions' modified loan/application registers available to the public by March 31 following the calendar year for which the data are reported.

Binning, sometimes known as recoding or interval recoding, allows data to be shown clustered into ranges rather than as precise values. Top- and bottom-coding masks the precise values of a data field that appear above or below a certain threshold.

As discussed below in part IV.B, the Bureau will make a modified loan/application register for each financial institution available on its Web site by March 31 following the calendar year for which the information was compiled. With respect to data compiled in 2018 or later, this proposed Policy Guidance describes the modifications the Bureau proposes to apply to each financial institution's modified loan/application register, with the possible exception of modifications to reflect whether the loan amount is above the applicable dollar amount limitation on the original principal obligation in effect at the time of application or origination as provided under 12 U.S.C. 1717(b)(2) and 12 U.S.C. 1454(a)(2), which may be disclosed later than March 31. HMDA data is reported by March 1 of the year following the calendar year for which the information was compiled, leaving the Bureau as little as 30 days to prepare each financial institution's modified loan/application register.

B. Application of the Balancing Test to Loan-Level HMDA Data

As described above, the Bureau has interpreted HMDA to require that public HMDA data be modified when the release of the unmodified data creates risks to applicant and borrower privacy interests that are not justified by the benefits of such release to the public in light of HMDA's purposes. Based on its analysis to date, the Bureau believes that public disclosure of the unmodified loan-level data that will be reported to the agencies under the 2015 HMDA Final Rule, as a whole, would create risks to applicant and borrower privacy interests under the HMDA balancing test. This is due to the presence in the data of individual data fields that the Bureau believes would create re-identification risk and the presence of individual data fields that the Bureau believes would create a risk of harm or sensitivity. The Bureau has applied the balancing test to determine whether and how to modify the HMDA data that will be reported under the 2015 HMDA Final Rule before it is disclosed to the public and is seeking comment on its proposed modifications.

For the reasons discussed below, based on its application of the balancing test, the Bureau proposes to exclude or otherwise modify the following data fields in the loan-level HMDA data disclosed to the public: Universal loan identifier (ULI), application date, loan amount, action taken date, property address, age, credit score, debt-to-income ratio, property value, the unique identifier assigned by the Nationwide Mortgage Licensing System and Registry for the mortgage loan originator (NMLS ID); and automated underwriting system (AUS) result. The Bureau also proposes to exclude the content of free-form text fields used in certain instances to report the following data: Race, ethnicity, name and version of credit score model, reason for denial, and AUS system name. The Bureau proposes to publicly disclose without modification the remaining data reported to the agencies under the 2015 HMDA Final Rule. As discussed above, HMDA and Regulation C require the FFIEC to make available to the public certain aggregated data. The Bureau, in consultation with the other agencies, intends to evaluate options for providing the HMDA data, including the modified data, to the public in aggregated form, including through the aggregated data products the FFIEC is required to make available and other vehicles.

See part IV.C, below.

The Bureau acknowledges that the proposed modifications would not completely eliminate risks to applicant and borrower privacy that would likely be created by the disclosure of loan-level HMDA data, but the Bureau believes that these modifications would reduce such risks to the extent necessary to appropriately balance them with the benefits of disclosure for HMDA's purposes. The Bureau believes that, to the extent that the public disclosure of the loan-level HMDA data, modified as proposed, would create risks to applicant and borrower privacy, such risks would be justified by the benefits of such release to the public in light of HMDA's purposes.

The Bureau has considered whether, in light of what it believes to be a reduced risk of re-identification for HMDA records reflecting an application where no loan was originated, more data could be disclosed without modification for those records. As discussed above, the Bureau believes that the lack of publicly available information about applications would make it significantly more difficult for an adversary to re-identify an applicant by matching a HMDA record to a record from an identified dataset. However, the Bureau believes that some risk of re-identification by matching may remain in some circumstances, and notes that an adversary's personal knowledge may also permit re-identification of an application record. Further, the possibility that transactions could be reported as applications in error and be subsequently corrected in a resubmission would create risk that the previously-applied modifications would no longer be appropriate; the previously-disclosed HMDA data would have revealed information creating risks to applicant and borrower privacy that would not be justified by the benefits of disclosure. Finally, an approach requiring that different types of records in the dataset are subject to different modifications would be operationally challenging and costly to implement. In light of these privacy and operational concerns, the Bureau is not proposing this approach at this time, but invites comment on it.

See supra note 53.

The Bureau seeks comment on all aspects of its analysis and the modifications it proposes to apply to the public loan-level HMDA dataset under the balancing test. The Bureau notes that, even after it finalizes this Policy Guidance, it intends to continue to monitor developments affecting the application of the balancing test to the HMDA data. The privacy landscape is constantly evolving, and risks to applicant and borrower privacy created by the disclosure of loan-level HMDA data may change as the result of technological advances and other external developments. For example, a new source of publicly available records may become available, increasing or decreasing privacy risks under the balancing test, or the Bureau may discover evidence suggesting that individuals are using the HMDA data in unforeseen, potentially harmful ways. Potential uses of the loan-level HMDA data in furtherance of the statute's purposes may also evolve, such that the benefits associated with the disclosure of certain data may increase to an extent that justifies providing more information to the public. For example, a new loan program may emerge with debt-to-income ratio requirements that increase the benefits of releasing more precise information about the debt-to-income ratios of applicants or borrowers than the Bureau proposes herein to release. Such developments and other changed circumstances may require that, even after this proposed Policy Guidance is finalized, the Bureau revisit the conclusions previously reached based on the application of the balancing test in order to ensure the appropriate protection of applicant and borrower privacy in light of HMDA's purposes.

The Bureau is proposing this Policy Guidance to provide transparency, obtain public feedback, and improve the Bureau's decisionmaking. This proposed Policy Guidance and any final Policy Guidance concerning the public disclosure of loan-level HMDA data are non-binding in part because flexibility to revise the modifications proposed to apply to the public loan-level HMDA data is necessary to maintain a proper balancing of the privacy risks and benefits of disclosure, especially in the event the Bureau becomes aware of new facts and circumstances that might contribute to privacy risks. However, except where not practical, unnecessary, or where public interest requires otherwise, the Bureau intends to seek public input on any future revisions to modifications to the public loan-level HMDA it might consider.

Data To Be Disclosed in the Loan-Level HMDA Data Without Modification

As discussed above, the 2015 HMDA Final Rule requires financial institutions to report information about originations and purchases of mortgage loans, as well as mortgage loan applications that do not result in originations. The Bureau proposes to disclose the following data fields to the public as reported, without modification:

As mentioned above and discussed further below, the Bureau proposes not to disclose free-form text fields used in certain instances to report the following data: The name and version of the credit scoring model, race, ethnicity, reasons for denial, and AUS name.

  • The following information about applicants, borrowers, and the underwriting process: Income, sex, race, ethnicity, name and version of the credit scoring model, reasons for denial, and AUS name.
  • The following information about the property securing the loan: Census tract, State, county, occupancy type, construction method, manufactured housing secured property type, manufactured housing land property interest, and total units.
  • The following information about the application or loan: Loan term, loan type, loan purpose, application channel, whether the loan was initially payable to the financial institution, whether a preapproval was requested, action taken, type of purchaser, lien status, prepayment penalty term, introductory rate period, interest rate, rate spread, total loan costs or total points and fees, origination charges, total discount points, lender credits, HOEPA status, balloon payment, interest-only payment, negative amortization, other non-amortizing features, combined loan-to-value ratio, open-end line of credit flag, business or commercial flag, and reverse mortgage flag.
  • The following information about the lender: Legal Entity Identifier (LEI), and financial institution name.

Many of these data fields were adopted in the 2015 HMDA Final Rule, while several are already required to be reported under current Regulation C. All of the data fields required by current Regulation C listed above are currently disclosed as reported without modification in the modified loan/application register that each financial institution makes available to the public and in the agencies' loan-level release. For the reasons discussed below, the Bureau proposes to publicly disclose the data fields listed above without modification in the loan-level HMDA data and requests comment on its proposal.

The only data fields excluded from the public loan-level HMDA data under current Regulation C are the identifying number for the loan or loan application, the application date, and the action taken date.

With the exception of LEI, financial institution name, census tract, income, action taken (where the loan is denied), and reasons for denial, which are discussed further below, the Bureau believes that disclosure of the data fields listed above would likely present low risk to applicant and borrower privacy. First, the Bureau believes that, if the HMDA data were re-identified, disclosure of most of these data fields would likely create minimal, if any, risk of harm or sensitivity to applicants or borrowers. These fields include basic information about the features of the loan or the property securing the loan—such as the application channel, loan term, and lien status—rather than information about personal characteristics or financial condition of the applicant or borrower, and the Bureau believes that applicants and borrowers are unlikely to consider the disclosure of this information to be sensitive. Further, the Bureau is aware of no clear advantage provided by most of these data fields for targeted marketing of products and services that may pose risks that are not apparent. The Bureau believes that certain fields about the loan, such as the pricing data fields, and certain fields about the borrower, such as ethnicity and race, may create relatively more risk of harm or sensitivity, but that these fields still present low privacy risk. Second, the Bureau believes that disclosure of most of these data fields would likely create minimal, if any, risk of substantially facilitating the re-identification of applicants and borrowers in the HMDA data. Most of these data fields are not found in publicly available sources of records that contain the identity of an applicant or borrower; without such an identified publicly available record, an adversary would experience substantial difficulty attempting to re-identify an applicant or borrower by matching a HMDA record using these data fields. Certain data fields may create relatively more risk of re-identification because they contain values that are not widely shared among applicants or borrowers, such as an ethnic and racial category, but the Bureau believes these fields still present low re-identification risk. As described above, public disclosure of these low-risk data fields benefits users in determining whether financial institutions are serving the housing needs of their communities; in distributing public-sector investment so as to attract private investment to areas where it is needed; and in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. To the extent that disclosure of these fields would create risk to applicant and borrower privacy, the Bureau believes the risks would be justified by the benefits of disclosure.

Although the Bureau believes that ethnic and racial categories are not found in publicly available sources of identified records, comparing the ethnicity and race found in the HMDA record to the surname found in an identified public record may help an adversary narrow the range of public records against which to match a HMDA record. Information on surnames, in other contexts, has proven useful to proxy for ethnicity or race. The Bureau also believes that ethnicity and racial category may be more likely to be known by adversaries with personal knowledge of the applicant or borrower than other fields listed above. The Bureau seeks comment in particular on whether this risk is heightened with respect to disaggregated ethnicity and race and whether these disaggregated fields should be treated differently than aggregated ethnicity and race.

The Bureau believes that disclosure of the following data fields listed above would likely substantially facilitate the re-identification of applicants or borrowers: LEI, financial institution name, and census tract. The Bureau believes that publicly available real estate transaction records such as mortgages and deeds of trust typically contain the identity of the borrower, the name of the financial institution, and the property address, from which an adversary may derive the census tract. Although the uniqueness of a HMDA record will vary by census tract, the Bureau believes that these data fields could be used by an adversary to match a HMDA record to an identified public record.

The Bureau also believes that, if the HMDA data were re-identified, disclosure of the following data fields listed above would likely create a risk of harm or sensitivity: Income, action taken (where the loan is denied), and reasons for denial. These data fields are not otherwise available to the general public in an identified form without barriers to access or use restrictions. The Bureau believes that these data fields would likely be considered sensitive by many if not most consumers. Many consumers avoid sharing their incomes, even with personal acquaintances. The fact that a financial institution denied an application and some of the reasons for denial, such as employment history, credit history, debt-to-income ratio, or insufficient cash, could reveal negative details about a consumer's personal financial situation. The Bureau also believes that these data fields could be used for harmful purposes, such as targeted marketing of products and services that may pose risks that are not apparent.

The Bureau believes that, although estimates of income may be available in private datasets, reliable income information typically is not available to the general public without barriers to access or use restrictions. The HMDA data will include the gross annual income relied on in making the credit decision, which may be more accurate.

The Bureau believes that consumers may still consider income information to be sensitive even though it is rounded to the nearest thousand when reported by financial institutions.

The Bureau notes that the fact that a loan was denied and the reasons for denial are reported only for applications that have been denied. As discussed above, the Bureau believes that the risk of re-identification of applicants where a loan is not originated is significantly lower than the risk to borrowers. Because these data fields are difficult to associate with an identified applicant or borrower, the Bureau believes that the risk of harm or sensitivity created by their disclosure is reduced.

The Bureau nonetheless believes that these risks to applicant and borrower privacy are justified by the benefits of disclosure in light of HMDA's purposes. For years, these data fields have proven critical for furthering HMDA's purposes. For example, the ability to identify the financial institution by name is critical for users to evaluate the lending practices of a financial institution. The census tract is essential for users to determine the availability of credit in certain communities and to identify potentially discriminatory lending patterns at the community level. Information about income ensures that users who are evaluating potential disparities in underwriting or pricing are comparing applicants or borrowers with similar incomes, thereby controlling for a factor that might provide a legitimate explanation for such disparities. Income data can also allow users to determine the availability of credit to consumers and communities of various income levels. Finally, action taken and reasons for denial, combined with underwriting information, help users compare the outcomes received by applicants and borrowers to identify potential disparities between similarly qualified applicants. The reasons for denial also help users understand why a particular loan application was denied and identify potential barriers in access to credit.

Several data fields adopted in the 2015 HMDA Final Rule are closely related to, or extensions of, data fields reported under current Regulation C. Specifically, the LEI will replace the current reporter's ID, and reasons for denial may currently be reported at the option of the financial institution. However, financial institutions supervised by the OCC and the FDIC currently are required by those agencies to report denial reasons. 12 CFR 27.3(a)(1)(i), 128.6, 390.147.

The LEI would enhance identification by allowing users to link the reporting financial institution to its corporate family. If the financial institution name is publicly disclosed, the LEI creates minimal, if any, additional privacy risk.

The Bureau believes that, under the balancing test, the benefits of public disclosure of these data fields to HMDA's purposes would justify the risks to applicant and borrower privacy such disclosure would likely create. In forming its proposal to publicly disclose these data fields without modification, the Bureau considered modifications that would reduce the risks to applicant and borrower privacy while preserving the benefits of disclosure. However, with the exception of income and census tract, which have for years proven critical for furthering HMDA's purposes, no modifications other than exclusion from the public loan-level HMDA data are reasonably available for these data fields. Therefore, modification in these circumstances would eliminate public utility of these data fields entirely. The Bureau seeks comment on its proposal to publicly disclose these fields without modification in the loan-level HMDA data.

Data To Be Excluded or Otherwise Modified in the Loan Level HMDA Data

Universal Loan Identifier

The 2015 HMDA Final Rule requires financial institutions to report a universal loan identifier (ULI) for each covered loan or application that can be used to identify and retrieve the application file. The 2015 HMDA Final Rule sets forth detailed requirements concerning the ULI to be assigned and reported. A ULI must begin with the financial institution's LEI, followed by up to 23 additional characters to identify the covered loan or application, and then end with a two-character check digit calculated according to the methodology prescribed in appendix C of the 2015 HMDA Final Rule. In addition, a ULI must be unique within the institution and must not contain any information that could be used to directly identify the application or borrower. Institutions reporting a loan for which a ULI was previously assigned and reported must report the ULI that was previously assigned and reported for the loan. The ULI will be submitted as an alphanumeric field. The requirement to report a ULI replaces the requirement under current Regulation C that a financial institution report an identifying number for the loan or loan application. The loan or loan application number is currently excluded from both the modified loan/application register that each financial institution makes available to the public and the agencies' loan-level release. The Bureau added the requirement to report a ULI to implement the Dodd-Frank Act's amendment to HMDA providing for the collection and reporting of, “as the Bureau may determine to be appropriate, a universal loan identifier.”

12 CFR 1003.4(a)(1)(i) (effective January 1, 2018).

Id.

Bureau of Consumer Fin. Prot., “Filing instructions guide for HMDA data collected in 2018—OMB Control #3170-0008,” at 14, 48 (Jan. 2017), available at http://www.consumerfinance.gov/data-research/hmda/static/for-filers/2018/2018-HMDA-FIG.pdf.

12 U.S.C. 2803(b)(6)(G).

For the reasons given below, the Bureau believes that, depending on how financial institutions will use ULIs once they are adopted for HMDA purposes, disclosing the ULI in the loan-level HMDA data could substantially facilitate the re-identification of an applicant or borrower and that this risk would not be justified by the benefits of the disclosure. Therefore, until information is available concerning how financial institutions use ULIs other than for HMDA purposes, the Bureau proposes to modify the loan-level HMDA dataset made available to the public by excluding the ULI.

A ULI would allow users to track over time a loan reported in HMDA data by different financial institutions. Using a ULI, a user could identify a loan originated by a HMDA reporter that is later purchased by another HMDA reporter, then sold and purchased again by yet another HMDA reporter. Understanding a loan's history would assist in identifying whether financial institutions are serving the housing needs of their communities. Widespread adoption of ULIs to identify mortgage loans in other datasets also could allow users to track a loan from “cradle to grave,” i.e., to link information disclosed in the public HMDA data with information found in other datasets, such as datasets reflecting loan performance.

The Bureau believes that, depending on how financial institutions use ULIs other than for HMDA purposes, public disclosure of a ULI in the loan-level HMDA data could create a significant risk of re-identification. If financial institutions include ULIs on loan documents that are made publicly available, the Bureau believes that disclosure of the ULI in the public loan-level HMDA data would substantially facilitate the re-identification of HMDA records. As discussed above, many jurisdictions publicly disclose real estate transaction records in an identified form, such as mortgages and deeds of trust, and the Bureau believes that many financial institutions include loan numbers on these publicly-recorded documents. The Bureau believes that financial institutions may replace the loan numbers currently assigned to mortgage loans with ULIs and that, if they do, the ULI likely will be included on publicly-recorded loan documents. Especially in light of the uniqueness of a ULI, a ULI on a publicly-recorded loan document could be used to match a HMDA record to an identified public record directly and reliably.

For example, in response to concerns about implications under the Gramm-Leach-Bliley Act (GLBA) of the “longstanding common practice for a mortgage lender to place the borrower's account number on a mortgage loan document to enable the document to be tracked and place in the proper file once the document is recorded and returned from the recording office,” Federal regulators issued guidance in 2001 opining that such practice does not violate the GLBA. See Letter from Fed. Reserve Board, Fed. Dep. Ins. Corp., Nat'l Credit Union Admin., Off. of the Comptroller of the Currency, Off. of Thrift Supervision, and Fed. Trade Comm'n (Sept. 4, 2001).

In response to comments, the Bureau noted in the supplementary information to the 2015 HMDA Final Rule that a financial institution may use a ULI for both HMDA purposes and the loan identification number prescribed by Regulation Z § 1026.37(a)(12). 80 FR 66128, 66177 (Oct. 28, 2015).

The Bureau notes that the FFIEC excluded identifying numbers for loans and applications from the agencies' loan-level HMDA data release because the data field could be used to identify an applicant or borrower in the data. Similarly, Congress later identified applicant “identification number” as a field that the Board should consider deleting from the modified loan/application register in order to protect the privacy of applicants and borrowers. In implementing this amendment to HMDA, the Board required that financial institutions remove “application or loan number” from the modified loan/application register before making it available to the public.

The FFIEC noted that “[a]n unedited form of the data would contain information that could be used to identify individual loan applicants” and that the data would be edited prior to public release to remove the application identification number, the date of application, and the date of final action. 55 FR 27886, 27888 (July 6, 1990).

HMDA section 304(j), added by the Housing and Community Development Act, section 932(a), 106 Stat. 3672, 3889 (1992).

The Bureau believes that a ULI would disclose minimal, if any, information about an applicant or borrower that may be harmful or sensitive. A ULI is associated with a particular application or loan. As noted above, the 2015 HMDA Final Rule prohibits a financial institution from including in a ULI assigned to an application or loan information about the applicant or borrower that could be used to directly identify the applicant or borrower. Commentary to this provision clarifies that “information that could be used to directly identify the applicant or borrower includes but is not limited to the applicant's or borrower's name, date of birth, Social Security number, official government-issued driver's license or identification number, alien registration number, government passport number, or employer or taxpayer identification number.” Although the Bureau believes that financial institutions may include information within a ULI that is pertinent to the institution's operations, as some do now with respect to loan numbers, it does not believe that such information would be considered sensitive or could be used for harmful purposes.

Comment 4(a)(1)(i)-2 (effective Jan. 1, 2018).

The Bureau has considered whether a modification to the public loan-level HMDA dataset other than exclusion of the ULI would appropriately reduce the privacy risks created by the disclosure of the ULI in the loan-level data while maintaining some utility for HMDA's purposes. For example, the Bureau has considered whether it could, in the loan-level HMDA data disclosed to the public, replace the reported ULI with a different unique number, such as a hashed value. The Bureau also has considered whether it might use some other means to link HMDA records sharing the same ULI without revealing the ULI itself. The Bureau is unable to identify a feasible modification at this time, however. The Bureau believes at this time that, under the balancing test, excluding the ULI is a modification to the public loan-level HMDA data that appropriately balances the risks to applicant and borrower privacy and the benefits of disclosure. The Bureau seeks comment on this proposal.

A hashed value would be based on the ULI and created by a secure hash algorithm. A hash algorithm is designed to be non-invertible, meaning that the original value, in this case the actual ULI, could not be derived from the hashed value. The hashed value would only appear in the HMDA data; as it would not appear in public records, it could not be used to re-identify the HMDA record.

Application Date

The 2015 HMDA Final Rule requires financial institutions to report, except for purchased covered loans, the date the application was received or the date shown on the application form. This date will be submitted by financial institutions as the exact year, month, and day, in the format of YYYYMMDD. Financial institutions are required to report this data field under current Regulation C. The Board amended Regulation C in 1989 to require reporting of the date the application was received as part of its implementation of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA), which expanded HMDA to include data on applications, as well as data on the race, gender, and income of individual applicants and borrowers. The application date is currently excluded from both the modified loan/application register that each financial institution makes available to the public and the agencies' loan-level release.

12 CFR 1003.4(a)(1)(ii) (effective Jan. 1, 2018).

Supra note 83 at 49.

Financial Institutions Reform, Recovery, and Enforcement Act, Public Law 101-73, section 1211, 103 Stat. 183, 524-26 (1989); 54 FR 51356 (Dec. 15, 1989).

For the reasons given below, the Bureau believes that disclosing the application date in the loan-level HMDA data released to the public would likely substantially facilitate the re-identification of an applicant or borrower and that this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the loan-level HMDA data made available to the public by excluding the date the application was received.

The application date may be useful for identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. In enacting the FIRREA amendments to HMDA, Congress sought to improve the ability of HMDA users to identify possible discriminatory lending patterns by expanding HMDA to allow for comparison of accepted and rejected applications. The date of application furthered the purposes underlying this expansion. The application date helps ensure that users are comparing applicants or borrowers who applied for loans during similar dates, thereby controlling for factors that might provide a legitimate explanation for disparities, such as different market interest rates over different time periods. Users of HMDA data may also use the application date, in combination with the action taken date, to screen for delays between application and action dates that appear to exist on prohibited bases.

H. Rept. 101-209, at 463-65 (1989).

The Bureau believes that public disclosure of application date would likely substantially facilitate the re-identification of an applicant or borrower in the HMDA data. Disclosing the date of application would increase the ability of an adversary to associate a HMDA record with an applicant or borrower by matching it to an identified publicly available record. As discussed above, many jurisdictions publicly disclose real estate transaction records in an identified form, such as mortgages or deeds of trust. These records contain the date that the lender and borrower entered into or executed the agreement. This date is correlated with the application date data field, which reflects either the date the application was received or the date shown on the application form. Therefore, an adversary could use the date of application, combined with other data fields, to narrow the range of identified public records against which to compare the HMDA data, increasing the likelihood of matching records.

The Bureau notes that the FFIEC excluded the application date from the agencies' loan-level HMDA data release because the data field could be used to re-identify a particular applicant or borrower in the data. Similarly, when Congress directed that the Board require deletions from the loan-level HMDA data financial institutions must make available to the public to protect the privacy of applicants and borrowers, it identified the application date in particular as one field to be considered for deletion.

The FFIEC noted that “[a]n unedited form of the data would contain information that could be used to identify individual loan applicants” and that the data would be edited prior to public release to remove the application identification number, the date of application, and the date of final action. 55 FR 27886, 27888 (July 6, 1990).

Housing and Community Development Act, Public Law 102-550, section 932(a), 106 Stat. 3672, 3889 (1992).

If the HMDA data were re-identified, the Bureau believes that application date would likely disclose minimal, if any, information about an applicant or borrower that may be harmful or sensitive. Application date is not an inherently sensitive data field. Unlike other dates, such as date of birth, the date of application contains no intrinsic connection to an individual. Instead, the information is associated with an applicant or borrower for only a single transaction in the context of mortgage lending. Further, the Bureau believes that the date of application would be unlikely to be used for targeted marketing of products and services that may pose risks that are not apparent.

HMDA data is disclosed annually based on the calendar year in which action is taken on an application. Although the Bureau proposes not to disclose the application date, the year of the loan-level HMDA data will often correspond to the year in which the application was received. The Bureau considered binning the values reported for the application date into quarterly or semi-annual intervals. However, the Bureau believes that quarterly intervals would fail to reduce re-identification risk adequately and that, compared to not disclosing application date, the gains in data utility that semi-annual intervals might allow do not justify the increase in privacy risk. Disclosing the date of application in quarterly intervals would provide an individual with a narrower range of identified public records against which to compare the HMDA data. And although disclosing application dates in semi-annual intervals would reduce re-identification risk as compared to quarterly intervals, the Bureau believes it would only marginally increase the utility over the current, annual intervals while still increasing privacy risk. Users would need a narrower range to help ensure that they were comparing applicants who applied under similar market conditions. The Bureau believes at this time that, under the balancing test, excluding the application date is a modification to the public loan-level HMDA data that appropriately balances the risks to applicant and borrower privacy and the benefits of disclosure. The Bureau seeks comment on this proposal.

The Bureau previously identified quarterly release of the loan-level HMDA data as a potential privacy concern. 80 FR 66128, 66243 (Oct. 28, 2015).

Loan Amount

The 2015 HMDA Final Rule requires financial institutions to report the amount of the covered loan or the amount applied for. For closed-end mortgage loans, open-end lines of credit, and reverse mortgages, this amount is the amount to be repaid as disclosed on the legal obligation, the amount of credit available to the borrower, and the initial principal limit, respectively. The loan amount will be submitted by financial institutions in numeric form reflecting the exact dollar amount of the loan. Financial institutions are required to report this data field under current Regulation C rounded to the nearest thousand. Although HMDA has always required financial institutions to report information about the dollar amount of a financial institution's mortgage lending activity, the Board amended Regulation C in 1989 to require reporting of the loan amount on a loan-level basis as part of its implementation of FIRREA.

12 CFR 1003.4(a)(7) (effective Jan. 1, 2018).

Supra note 83, at 51.

12 CFR 1003, Appendix A, I.A.20.

12 U.S.C. 2803

12 U.S.C. 2803

For the reasons given below, the Bureau believes that disclosing the loan amount in the loan-level HMDA data released to the public would likely substantially facilitate the re-identification of an applicant or borrower and that this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the loan-level HMDA dataset disclosed to the public by disclosing the midpoint for the $10,000 interval into which the reported loan amount falls and by indicating whether the loan amount exceeds the applicable dollar amount limitation on the original principal obligation in effect at the time of application or origination as provided under 12 U.S.C. 1717(b)(2) and 12 U.S.C. 1454(a)(2) (“GSE conforming loan limit”). For example, for a reported loan amount of $117,834, the Bureau would disclose $115,000 as the midpoint between values equal to $110,000 and less than $120,000.

The dollar amount limitation on the original principal obligation as provided under 12 U.S.C. 1717(b)(2) and 12 U.S.C. 1454(a)(2) refers to the annual maximum principal loan balance for a mortgage acquired by Fannie Mae and Freddie Mac (the “GSEs”). The Federal Housing Finance Agency is responsible for determining the maximum conforming loan limits for mortgages acquired by the GSEs. See Press Release, Fed. Hous. Fin. Agency, “FHFA Announces Increase in Maximum Conforming Loan Limits for Fannie Mae and Freddie Mac in 2017” (Nov. 23, 2016) https://www.fhfa.gov/Media/PublicAffairs/Pages/FHFA-Announces-Increase-in-Maximum-Conforming-Loan-Limits-for-Fannie-Mae-and-Freddie-Mac-in-2017.aspx.

The loan amount is useful for determining whether financial institutions are serving the housing needs of their communities. By examining loan amount, users can better understand the amount of credit that financial institutions have made available to consumers in certain communities and the extent to which such institutions are providing credit in varying amounts. Loan amount is also beneficial for identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. For example, the loan amount allows users to divide the population of applicants or borrowers into segments that may be subject to different underwriting or pricing policies, such as those applying for non-conforming mortgage loans. Combined with the property value, the loan amount would also allow users to calculate a loan-to-value ratio, an important variable in underwriting. The loan amount and loan-to-value ratio would help ensure that users who are evaluating potential disparities in underwriting outcomes, pricing, or other terms and conditions are comparing applicants or borrowers who applied for or obtained loans with similar loan amount and loan-to-value ratios, thereby controlling for factors that might provide a legitimate explanation for disparities.

The Bureau believes that disclosing the exact loan amount would likely substantially facilitate the re-identification of an applicant or borrower. The loan amount is a numeric data field that will often consist of at least six digits, which increases its contribution to the uniqueness of a particular HMDA record. As discussed above, this information is also found in identified real estate transaction records such as mortgages and deeds of trust that are publicly disclosed by many jurisdictions. Therefore, in many cases, an adversary could use the exact loan amount, combined with other fields, to match a HMDA record to an identified publicly available record.

If the HMDA data were re-identified, the Bureau believes that loan amount would likely disclose minimal, if any, information about an applicant or borrower that may be harmful or sensitive. In some cases, high loan amounts, combined with other information, may be considered sensitive or may indicate financial vulnerability that could form the basis for targeted marketing of products and services that may pose risks that are not apparent. The loan amount may also at least theoretically be used for phishing attacks. However, the Bureau believes that loan amount is often already included in identified publicly available documents, such as the mortgage or deed of trust. The Bureau believes that this existing public availability decreases any potential sensitivity and harmfulness of disclosing loan amount in the HMDA data.

The Bureau believes that the loan-level HMDA data may be modified to appropriately reduce the privacy risks created by the public disclosure of the loan amount while preserving much of the benefits of the data field. The Bureau believes that disclosing the midpoint for the $10,000 interval into which the reported loan amount falls, and indicating whether the loan amount exceeds the applicable GSE conforming loan limit, provides enough precision to allow users to rely on loan amount to achieve HMDA's purposes. For example, $10,000 intervals will allow users to segment applicants and borrowers that may be subject to different underwriting or pricing policies. In fact, for intervals that include the applicable GSE conforming loan limit, an indication of whether the loan amount is above the applicable limit may provide greater precision than is provided by the loan-level HMDA data currently disclosed to the public, in which certain loan amounts above and below the applicable limit will round to the same thousand. $10,000 intervals will not allow users to calculate an exact loan-to-value ratio, although users may still derive an estimated loan-to-value ratio. However, the Bureau believes that releasing the combined loan-to-value ratio, as it proposes to do, will be more beneficial for fair lending purposes than the loan-to-value ratio that users would have calculated from the exact loan amount and property value. Disclosing loan amount in $10,000 intervals also decreases the ability of adversaries to match HMDA data to identified public records by reducing the uniqueness of a data field common to both datasets. Because the Bureau is also proposing to modify reported property value similarly, adversaries will be unable to use the combined loan-to-value ratio to reduce the effectiveness of the proposed modification by deriving the reported loan amount. Although the proposed modifications do not entirely eliminate the risk of re-identification that the Bureau believes would likely be created by the disclosure of loan amount information, the Bureau believes that the remaining risk would be justified by the benefits of disclosing loan amount with the proposed modifications.

Therefore, the Bureau believes at this time that, under the balancing test, modifying loan amount as described above appropriately balances the privacy risks and disclosure benefits. The Bureau seeks comment on this proposal, including the proposed $10,000 intervals to be used for binning, the proposal to disclose the midpoint for each interval, and the proposal to indicate whether the reported loan amount exceeds the applicable GSE conforming loan limit. Additionally, the Bureau seeks comment on whether to indicate that a reported loan amount exceeds the applicable limit for loans eligible for insurance by the Federal Housing Administration (FHA conforming loan limit). Factors not reflected in the HMDA data may affect the accuracy of any such indicator, such as whether the loan amount has been increased by the amount of any one-time or up-front mortgage insurance premium that will be financed as part of the loan, in which case the loan may be eligible for insurance despite appearing in the HMDA data to exceed the applicable FHA conforming loan limit. The Bureau seeks comment on the value of indicating whether the reported loan amount exceeds the FHA conforming loan limit in light of these limitations.

See 24 CFR 203.18.

24 CFR 203.18c.

Action Taken Date

The 2015 HMDA Final Rule requires financial institutions to report the date of action taken by the financial institution on a covered loan or application. For originated loans, this date is generally the date of closing or account opening. Regulation C provides some flexibility in reporting the date for other types of actions taken, such as applications denied, withdrawn, or approved by the institution but not accepted by the applicant. For example, for applications approved but not accepted, a financial institution may report “any reasonable date, such as the approval date, the deadline for accepting the offer, or the date the file was closed,” provided it adopts a generally consistent approach. This date is submitted by financial institutions as the exact year, month, and day, in the format of YYYYMMDD. Financial institutions are required to report this data field under current Regulation C. As with the application date, the Board added the requirement to report the action taken date as part of the amendments to Regulation C that implemented FIRREA. The action taken date is also currently excluded from both the modified loan/application register that each financial institution makes available to the public and the agencies' loan-level release.

12 CFR 1003.4(a)(8)(ii) (effective Jan. 1, 2018).

Comment 4(a)(8)(ii)-5 (effective Jan. 1, 2018).

Comment 4(a)(8)(ii)-4 (effective Jan. 1, 2018).

Supra note 83, at 52.

54 FR 51356 (Dec. 15, 1989).

For the reasons given below, the Bureau believes that disclosing the action taken date in the loan-level HMDA data released to the public would likely substantially facilitate the identification of an applicant or borrower and that this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the loan-level HMDA dataset made available to the public by excluding the date of action taken by the financial institution.

The action taken date may be useful for identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. The fair lending benefits provided by the date of action taken are similar to those provided by the date of application, described above. The action taken date helps ensure that users who are evaluating potential disparities in pricing or other terms and conditions are comparing applicants or borrowers who obtained loans on similar dates, thereby controlling for factors that might provide a legitimate explanation for such disparities, such as different market interest rates or different institutional practices over different time periods. Users of HMDA data may also use the date of action taken, in combination with application date, to screen for delays between application and action dates that appear to exist on prohibited bases.

The Bureau believes that disclosing the action taken date would likely substantially facilitate the re-identification of an applicant or borrower in the HMDA data. Disclosing the action taken date would increase the ability of an adversary to associate a HMDA record with an individual by matching it to an identified publicly available record. As explained above, many jurisdictions publicly disclose real estate transaction records in an identified form, such as mortgages or deeds of trust. These records contain the date that the lender and borrower entered into or executed the agreement, which, like the application date, is closely correlated with the action taken date. Indeed, because the action taken date for originated loans is generally the date of closing or account opening, in most cases these dates will be identical. Therefore, in many cases, an adversary could use the action taken date, combined with other data fields, to match a HMDA record to an identified public record.

The Bureau notes that, as with the application date, the FFIEC excluded the action taken date from the agencies' loan-level HMDA data release because the data field could be used to re-identify a particular applicant or borrower in the data. Similarly, Congress later identified the action taken date as one field that the Board should consider deleting from the modified loan/application register to protect the privacy of applicants and borrowers.

The FFIEC noted that “[a]n unedited form of the data would contain information that could be used to identify individual loan applicants” and that the data would be edited prior to public release to remove the application identification number, the date of application, and the date of final action. 55 FR 27886, 27888 (July 6, 1990).

Housing and Community Development Act, Public Law 102-550, section 932(a), 106 Stat. 3672, 3889 (1992).

If the HMDA data were re-identified, the Bureau believes that, similar to the application date, the action taken date would likely disclose minimal, if any, information about an applicant or borrower that may be harmful or sensitive. As with the application date, the action taken date is not an inherently sensitive data field; it is associated with an applicant or borrower for only a single transaction in the context of mortgage lending and does not reflect an intrinsic connection to an individual. Further, the Bureau believes that the action taken date would be unlikely to be used for targeted marketing of products and services that pose risks that may not be apparent.

Although the Bureau proposes not to disclose the action taken date, the loan-level data will disclose the year in which final action was taken. As with application date, the Bureau considered binning the values reported for action taken date into quarterly or semi-annual intervals. However, the Bureau believes that quarterly intervals would fail to reduce re-identification risk adequately and that, compared to not disclosing action taken date, the gains in data utility that semi-annual intervals might allow do not justify the increase in privacy risk. Disclosing the action taken date in quarterly intervals would still provide an individual with a narrow range of identified public records against which to compare the HMDA data. And although disclosing action taken dates in semi-annual intervals would reduce re-identification risk as compared to quarterly intervals, it would only marginally increase the utility over the current, annual intervals, while still increasing privacy risk. Users would need a narrower range to help ensure that they were comparing borrowers who obtained loans under similar market conditions. The Bureau believes at this time that, under the balancing test, excluding action taken date is a modification to the public loan-level HMDA data that appropriately balances the risks to applicant and borrower privacy and the benefits of disclosure. The Bureau seeks comment on this proposal.

However, as described above, the year of the loan-level HMDA data will disclose the year in which the action was taken. With respect to quarterly release of the HMDA data, the Bureau stated in the 2015 HMDA Final Rule that, based on its analysis to date, “disclosure of loan-level data with more granular date information than year of final action would create risks to applicant and borrower privacy that are not outweighed by the benefits of such disclosure.” 80 FR 66128, 66243 n.389 (Oct. 28, 2015).

Property Address

The 2015 HMDA Final Rule requires financial institutions to report the address of the property securing the loan or, in the case of an application, proposed to secure the loan. This address corresponds to the property identified on the legal obligation related to the covered loan. The format of the property address submitted by financial institutions will include, as applicable, the street address, city name, State name, and zip code. Financial institutions are not required to report this data field under current Regulation C. The Bureau added the requirement to report property address in the 2015 HMDA Final Rule to implement the Dodd-Frank Act's amendment to HMDA providing for the collection and reporting of, “as the Bureau may determine to be appropriate, the parcel number that corresponds to the real property pledged or proposed to be pledged as collateral.”

12 CFR 1003.4(a)(9)(i) (effective Jan. 1, 2018).

Comment 4(a)(9)(i)-1 (effective Jan. 1, 2018). For applications “the address should correspond to the location of the property proposed to secure the loan as identified by the applicant.”

Comment 4(a)(9)(i)-2 (effective Jan. 1, 2018).

For the reasons given below, the Bureau believes that disclosing the property address in the loan-level HMDA data released to the public would substantially facilitate the re-identification of an applicant or borrower and that this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the loan-level HMDA dataset made available to the public by excluding the property address.

The address of the property securing the loan would be useful for identifying possible discriminatory lending patterns. With the exact property address, users could examine these patterns at a finer level of detail than that permitted by the census tract or other geographic boundaries. More precise geographic identification would also better allow public officials to target geographic areas that might benefit from public or private sector investment. Users could also better determine whether financial institutions are serving the housing needs of their communities with information that would enable identification of specific neighborhoods and communities smaller than census tracts. Finally, the property address would allow users to understand better the amount of equity retained in that property over time by tracking multiple liens associated with the same dwelling. This information would help identify communities with overleveraged properties.

The Bureau believes that disclosure of the property address itself would likely present minimal, if any, risk of harm or sensitivity. Property owners' addresses are generally widely publicly available. As explained above, the Bureau considers this public availability to reduce the risk of harm and sensitivity from the release of this data field. However, the Bureau believes that the widespread availability of property addresses creates a significant risk of re-identification. The Bureau believes that adversaries could easily match the property address contained in the HMDA data to identified publicly available property address information. Property addresses are publicly available through a number of sources, including real estate transaction records, property tax records, reverse phone directories, online real estate databases, and online “people search” Web sites. Because the address disclosed under Regulation C typically would be identical to the address contained in these publicly available records, an adversary would know that any match was likely to be accurate. Therefore, disclosing the property address in the loan-level HMDA data would substantially facilitate the re-identification of an applicant or borrower. Further, even if disclosing the property address would not permit matching, the Bureau believes that the disclosure of the property address alone could be used in harmful ways. For example, disclosure of property address would allow an applicant or borrower to be targeted with marketing for products and services that may pose risks that are not apparent.

The Bureau understands that some jurisdictions may allow borrowers to prevent their identities from being disclosed in public records, and some applicants or borrowers, such as victims of domestic violence, may hide their addresses to prevent certain individuals from locating them in person or to prevent other unwanted intrusions upon the sanctuary or seclusion of their homes.

As an alternative to excluding the property address data field from the loan-level HMDA data released to the public, the Bureau considered releasing property address in a less granular form. For example, the Bureau could release geographic information that identifies the property securing the loan with less specificity. However, for most reportable transactions, Regulation C already requires reporting of three additional, less-precise geographic identifiers: (1) State; (2) county; and (3) census tract. As discussed above, the Bureau proposes to release these data fields without modification. Further, as discussed below in part IV.A, the Bureau proposes to identify in the public loan-level HMDA data the MSA or MD for each reported record. Other geographic identifiers exist with a level of precision between census tract and property address to which property addresses could be mapped, such as census block and census block group. However, the Bureau believes that these identifiers present similar re-identification risk to property address because they are sufficiently precise to enable an adversary to match them to publicly available property address information. The Bureau believes at this time that, under the balancing test, excluding property address is a modification to the public loan-level HMDA data that appropriately balances the risks to applicant and borrower privacy and the benefits of disclosure. The Bureau seeks comment on this proposal.

Age

The 2015 HMDA Final Rule requires financial institutions to report the age of an applicant or borrower. A financial institution complies with this requirement by reporting age, as of the application date reported, as the number of whole years derived from the date of birth as shown on the application form. The Bureau added the requirement in the 2015 HMDA Final Rule to report age to implement the Dodd-Frank Act's amendment to HMDA providing for the collection and reporting of age.

12 CFR 1003.4(a)(10)(ii) (effective Jan. 1, 2018).

Comment 4(a)(1)(ii)-1 (effective Jan. 1, 2018).

For the reasons given below, the Bureau believes that disclosing the applicant or borrower age in the loan-level HMDA data released to the public would likely disclose information about the applicant or borrower that is not otherwise public and may be harmful or sensitive and that this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the loan-level HMDA dataset disclosed to the public by binning and top- and bottom-coding age and by indicating whether the reported value is 62 or higher.

Applicant or borrower age would assist users in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. Age would be useful to evaluate potential age discrimination in lending. Disclosure of applicant or borrower age also would assist in identifying whether financial institutions are serving the housing needs of their communities, including the needs of various age cohorts.

For example, ECOA and Regulation B generally prohibit creditors from discriminating against applicants in credit transactions on the basis of age. 12 U.S.C. 1691(b)(1); 12 CFR 1002.4(a).

The Bureau believes that, if the HMDA data were re-identified, disclosure of applicant or borrower age would likely reveal information about the applicant or borrower that is not otherwise public and may be harmful or sensitive. The Bureau believes that, although information about an individual's age may be available for purchase under some circumstances, birth and similarly reliable records reflecting age typically are not available to the general public without barriers to access or use restrictions. The Bureau believes that age likely would be considered sensitive by many if not most consumers and that disclosure of an identified applicant's or borrower's age could lead to dignity harm or embarrassment. The Bureau believes that many consumers would consider the disclosure of identified age to the general public to be outside of societal and cultural expectations. The Bureau also believes that identified age could be used to target marketing to applicants and borrowers, including marketing for products and services that may pose risks that are not apparent, and that the inclusion of this data field in the public loan-level HMDA data would increase the risk of such uses compared to today. The Bureau notes that in section 304(h)(3)(A), added by the Dodd-Frank Act, Congress specifically identified age as a data field to which a modification under section 304(h)(1)(E) should apply if the Bureau determines it to be necessary to protect the privacy interests of applicants or borrowers.

The Bureau believes that public disclosure in the loan-level HMDA dataset of unmodified applicant or borrower age may create some risk of facilitating the re-identification of applicants and borrowers in the HMDA data, but that this field likely would not substantially facilitate re-identification. For example, though information about an individual's age may be available for purchase under some circumstances, the Bureau believes that an adversary typically would face difficulty attempting to re-identify an applicant or borrower in the HMDA data by using age to match HMDA records to other identified records. An applicant's or borrower's age may be more likely to be known than other HMDA data by a person with pre-existing knowledge of a specific applicant or borrower, however, and may help such an adversary to re-identify a particular applicant or borrower.

The Bureau believes that the loan-level HMDA data may be modified to appropriately reduce the privacy risks created by the public disclosure of age while preserving much of the benefits of the data field. The Bureau proposes to disclose age binned into the following ranges, as applicable: 25 to 34; 35 to 44; 45 to 54; 55 to 64; and 65 to 74. For example, a reported age of 52 would be shown in the public loan-level HMDA data as between 45 and 54. The Bureau also proposes to bottom-code age under 25 and to top-code age over 74. For example, a reported age of 22 would be shown in the public loan-level HMDA data as 24 or under. The Bureau proposes the particular intervals described above to allow HMDA data users to analyze HMDA data in combination with data found in other public data sources, such as U.S. Census Bureau data. Finally, the Bureau proposes to indicate whether a reported age is 62 or higher to enhance the utility of the data for identifying the particular fair lending risks that may be posed with regard to elderly populations. The Bureau recognizes that an effect of this indicator would be to divide the 55 to 64 bin into two bins, 55 to 61 and 62 to 64. The Bureau seeks comment on whether privacy risks created by such increased precision are justified by the benefits of disclosure in the proposed ranges. Specifically, the Bureau seeks comment on whether, instead of binning as proposed and indicating whether a reported age is 62 or higher, the Bureau should structure the bins to disclose reported ages of 55 to 74 in ranges of 55 to 61 and 62 to 74. The Bureau believes at this time that, under the balancing test, the proposed modifications to the public loan-level HMDA dataset would appropriately balance the risks to applicant and borrower privacy and the benefits of disclosure. The Bureau seeks comment on this proposal, including the proposal to bin age and the proposed intervals to be used for binning.

See, e.g., U.S. Census Bureau, “Age and Sex Composition: 2010,” at tbl. 2, available at https://www.census.gov/prod/cen2010/briefs/c2010br-03.pdf (disclosing age in five-year intervals, i.e., 25 to 29, 30 to 34, 35 to 40, etc.).

Credit Score

The 2015 HMDA Final Rule requires financial institutions to report, except for purchased covered loans, the credit score or scores relied on in making the credit decision and the name and version of the scoring model used to generate each credit score. It also provides that, for purposes of this requirement, “credit score” has the meaning set forth in section 609(f)(2)(A) of the Fair Credit Reporting Act (FCRA). The credit score or scores relied on in making the credit decision will be submitted as a numeric field, e.g., 650. A financial institution will submit a code from a specified list to indicate the name and version of the scoring model used to generate each credit score reported. The Bureau added the requirement in the 2015 HMDA Final Rule to report information about the credit score or scores relied on to implement the Dodd-Frank Act's amendment to HMDA providing for the collection and reporting of “the credit score of mortgage applicants and mortgagors, in such form as the Bureau may prescribe.”

12 CFR 1003.4(a)(15)(i) (effective Jan. 1, 2018).

Supra note 83, at 62-63.

Supra note 83, at 63-64.

For the reasons given below, the Bureau believes that disclosing the credit score or scores relied on in making the credit decision in the loan-level HMDA data released to the public would likely disclose information about the applicant or borrower that is not otherwise public and may be harmful or sensitive and that this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the public loan-level HMDA dataset by excluding the credit score or scores relied on in making the credit decision.

As noted above, the Bureau proposes to disclose without modification the reported name and version of the credit score model used.

The credit score or scores relied on in making the credit decision would assist users in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. Applicants' credit scores generally are considered to be important indicators of creditworthiness and are used in mortgage underwriting and pricing decisions. Disclosure of the credit score in the public loan-level HMDA data would help ensure that users are comparing applicants and borrowers with similar credit profiles, thereby controlling for factors that might provide a legitimate explanation for disparities in credit and pricing decisions. Credit scores would also assist in identifying whether financial institutions are serving the housing needs of their communities. For example, in order to serve the housing needs of particular communities, a financial institution may offer different types of loan products in communities with high numbers of borrowers with high credit scores than in communities with high numbers of borrowers with low credit scores.

The Bureau believes that, if the HMDA data were re-identified, disclosure of the credit score relied on in making the credit decision would likely disclose information about the applicant or borrower that is not otherwise public and may be harmful or sensitive. A credit score is a numerical summary of a consumer's apparent creditworthiness, based on the consumer's credit report, and reflects the likelihood relative to other consumers that the consumer will default on a credit obligation. Identified consumer credit scores and the consumer reports upon which they are based are not available to the general public. To the extent credit scores based on consumer reports are available for commercial purposes, they may be obtained under limited circumstances and are subject to restrictions on their use. The Bureau believes that most consumers consider their credit score to be very sensitive information. The Bureau believes that public disclosure of an applicant's or borrower's identified credit score could lead to dignity or reputational harm or embarrassment, and that many consumers would consider the disclosure of identified credit scores to the general public to be outside of societal and cultural expectations. The Bureau also believes that an identified credit score could be used to target marketing to applicants and borrowers, including marketing for products and services that may pose risks that are not apparent, and that the inclusion of this data field in the public loan-level HMDA data would increase the risk of such uses compared to today. The Bureau notes that in section 304(h)(3)(A), added by the Dodd-Frank Act, Congress specifically identified credit score as a data field to which a modification under section 304(h)(1)(E) should apply if the Bureau determines it to be necessary to protect the privacy interests of applicants or borrowers.

Credit scores based on consumer credit reports are consumer reports for purposes of the Fair Credit Reporting Act (FCRA). Accordingly, for example, they may be obtained from a consumer reporting agency only for a permissible purpose under the statute, such as in connection with an application for credit. See 12 U.S.C. 1681b(a).

For example, a marketer currently may obtain from a consumer reporting agency a “prescreened” list of consumers meeting certain criteria, such as a minimum credit score, only for the purpose of making a “firm offer of credit or insurance.” 15 U.S.C. 1681b(c), 1681a(l).

12 U.S.C. 2803(h)(3)(A)(i).

The Bureau has considered the extent to which the age of the loan-level HMDA data at the time it is disclosed may reduce the risk of harm or sensitivity created by the public disclosure of credit score were the HMDA data to be re-identified. For example, as noted above, timely data are essential for most marketing or advertising efforts, and the delay between the date a reported credit score is obtained by the financial institutions and public disclosure of the loan-level HMDA data on the modified loan/application register ranges from to 3 to 15 months. An applicant's or borrower's credit score may change enough over these time periods to reduce the usefulness of a score disclosed in the public HMDA data for marketing purposes. However, the Bureau does not believe that the passage of these time periods would reduce the risk of sensitivity created by the disclosure of credit score. For example, the Bureau does not believe that a borrower would consider the disclosure of her identified six-month-old credit score to be much less sensitive than disclosure of her current credit score; the potential for dignity or reputational harm or embarrassment from a neighbor or other acquaintance learning the information remains significant.

The Bureau believes that disclosure in the loan-level HMDA data of the credit score or scores relied on in making the credit decision creates minimal risk, if any, of substantially facilitating the re-identification of applicants and borrowers in the HMDA data. As discussed above, credit scores are not included in identified records available to the general public. A creditor or marketer may possess identified credit score information obtained in connection with, for example, an application for credit or a request for a prescreened list, but the Bureau does not believe that such information would be useful for purposes of re-identifying an applicant or borrower in the loan-level HMDA data. The variation in credit scoring models and versions, along with the likely difference in the dates that a credit score in the HMDA data and the credit score information in possession of a creditor or marketer were created, would make matching the credit score in loan-level HMDA data to such privately held information challenging and unreliable. The Bureau believes an adversary would face substantial difficulty attempting to re-identify an applicant or borrower by using credit score or scores relied on to match HMDA records to other identified records.

The Bureau considered whether modifications to the public loan-level HMDA dataset other than excluding credit score, such as binning or rounding of credit score, would appropriately reduce the privacy risks created by the disclosure of credit score in the loan-level data while maintaining some utility for HMDA's purposes. However, the Bureau believes that these strategies would not appropriately reduce the risk of harm or sensitivity and that the gains in data utility that these strategies might allow would not justify the privacy risk created by the disclosure of the modified field. For example, the Bureau believes that, even if it were to disclose in the loan-level HMDA data the credit score for a particular record as being in one of two or three large bins, this information would still create a significant sensitivity risk if the record were re-identified. The Bureau believes that the utility to HMDA's purposes of such binned credit score information would not justify these risks. The Bureau believes at this time that, under the balancing test, excluding credit score is a modification to the public loan-level HMDA data that appropriately balances the risks to applicant and borrower privacy and the benefits of disclosure. The Bureau seeks comment on this proposal.

Debt-to-Income Ratio

The 2015 HMDA Final Rule requires financial institutions to report, except for purchased covered loans, the ratio of the applicant's or borrower's total monthly debt to the total monthly income relied on in making the credit decision (debt-to-income ratio). The debt-to-income ratio relied on in making the credit decision will be submitted as a percentage. The Bureau added the requirement in the 2015 HMDA Final Rule to report information about the debt-to-income ratio relied on using its discretionary authority to require the reporting of “such other information as the Bureau may require” provided by the Dodd-Frank Act's amendment to HMDA.

12 CFR 1003.4(a)(23) (effective Jan. 1, 2018).

Supra note 83, at 36, 38.

HMDA section 304(b)(6).

For the reasons given below, the Bureau believes that disclosing the debt-to-income ratio relied on in making the credit decision in the loan-level HMDA data released to the public would likely disclose information about the applicant or borrower that is not otherwise public and may be harmful or sensitive and that, for certain debt-to-income ratio values, this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the loan-level HMDA dataset by binning and top- and bottom-coding certain debt-to-income ratio values.

The debt-to-income ratio relied on in making the credit decision would assist users in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. Applicants' debt-to-income ratios generally are considered to be important indicators of ability to repay and are used in mortgage underwriting decisions and some pricing decisions. Disclosure of debt-to-income ratio in the public loan-level HMDA data would help ensure that users are comparing applicants and borrowers with similar profiles, thereby controlling for factors that might provide a legitimate explanation for disparities in credit and pricing decisions. Debt-to-income ratio values that are at or close to regulatory or program benchmarks are especially critical to identifying possible discriminatory lending patterns. These benchmarks include, for example, the 43 percent debt-to-income limit for a qualified mortgage under Regulation Z and the debt-to-income ratio limits imposed by guarantors and investors. Disclosure of debt-to-income ratio also would assist in identifying whether financial institutions are serving the housing needs of their communities. For example, in order to serve the housing needs of particular communities, financial institutions may offer different types of loan products in communities with high numbers of borrowers with high debt-to-income ratios than in communities with high numbers of borrowers with low debt-to-income ratios.

See, e.g., Fannie Mae, “B3-6-02: Debt to Income Ratios,” (Aug. 30, 2016 ), available at https://www.fanniemae.com/content/guide/selling/b3/6/02.html.

The Bureau believes that, if the HMDA data were re-identified, disclosure of an applicant's or borrower's debt-to-income ratio relied on in making the credit decision would likely disclose information about the applicant or borrower that is not otherwise public and may be harmful or sensitive. The debt-to-income ratio generally reflects the amount of an applicant's or borrower's monthly debt, including the payment for the mortgage loan sought or originated, relative to his or her monthly income. In addition, when combined with other information that the Bureau proposes to publicly disclose in the loan-level HMDA data, such as information about the mortgage loan sought or originated and applicant or borrower income relied on in making the credit decision, disclosure of debt-to-income ratio may permit a user to approximate the amount of the applicant's or borrower's monthly debt excluding mortgage debt. Information about a consumer's debt is not available to the general public without barriers to access and restrictions on use. The Bureau believes that most consumers consider information about their debt to be sensitive information and that the public disclosure of an identified applicant's or borrower's debt-to-income ratio, especially at higher ratios, could lead to dignity or reputational harm or embarrassment. The Bureau also believes that, especially with respect to higher or lower debt-to-income ratios, identified information about an identified applicant's or borrower's debt could be used to target marketing to the applicant or borrower, including marketing for products and services that may pose risks that are not apparent.

The Bureau believes that disclosure in the loan-level HMDA data of the debt-to-income ratio relied on in making the credit decision creates minimal risk, if any, of substantially facilitating the re-identification of applicants and borrowers in the HMDA data. As mentioned above, information about a consumer's debts is not included in identified records available to the general public and, to the extent such information is available for commercial purposes, it generally may be obtained under limited circumstances and is subject to restrictions on its use. To the extent that a creditor possessed information about an applicant or borrower's debt or debt-to-income ratio, the Bureau does not believe that such information would be useful for purposes of re-identifying an applicant or borrower in the loan-level HMDA data. The variation in methods of calculating debt-to-income ratio along with changes in the ratio or the amount of debt over time would make using debt-to-income ratio in the public loan-level HMDA data to match to any privately held debt or debt-to-income ratio information challenging and unreliable. The Bureau believes an adversary would face substantial difficulty attempting to re-identify an applicant or borrower by using debt-to-income ratio or debt amount to match HMDA records to other identified records.

The Bureau believes that disclosing unmodified debt-to-income ratio values in the loan-level HMDA data released to the public would create risks to applicant and borrower privacy but that, with respect to debt-to-income values greater than or equal to 40 percent and less than 50 percent, these risks would be justified by the benefits of disclosure to HMDA's purposes. Debt-to-income ratio values in this range are generally at or close to regulatory and guarantor and investor program benchmarks and are especially critical to identifying possible discriminatory lending patterns because they may reveal non-discriminatory explanations for differential treatment. Accordingly, the Bureau proposes to release reported debt-to-income values of greater than or equal to 40 percent and less than 50 percent without modification.

With respect to all other debt-to-income ratio values, the Bureau believes that the risks to applicant and borrower privacy that would be created by the disclosure of the unmodified field likely would not be justified by the benefits of the disclosure, but that the loan-level HMDA data may be modified to appropriately reduce the privacy risks while preserving some of the benefits of the data field. The Bureau proposes to bin reported debt-to-income ratio values into the following ranges, as applicable: 20 percent to less than 30 percent; 30 percent to less than 40 percent; and 50 percent to less than 60 percent. For example, a reported debt-to-income ratio of 35 percent would be shown in the loan-level HMDA data disclosed to the public as a debt-to-income ratio of between 30 percent and less than 40 percent. The Bureau also proposes to bottom-code reported debt-to-income ratio values under 20 percent and to top-code reported debt-to-income ratios of 60 percent or higher. For example, a reported debt-to-income ratio of 63 percent would be shown in the public loan-level HMDA data as 61 percent or higher. The Bureau believes at this time that, under the balancing test, these modifications to the public loan-level HMDA data would appropriately balance the risks to applicant and borrower privacy and the benefits of disclosure.

The Bureau has considered whether it should disclose debt-to-income ratio at or close to 36 percent without modification. It is the Bureau's understanding that, for many financial institutions, debt-to-income ratio of 36 percent serves as an internal underwriting benchmark, so that the ability to identify whether an applicant's debt-to-income ratio is above or below this value would help users seeking to identify possible discriminatory lending patterns to control for factors that might provide a legitimate explanation for disparities in credit or pricing decisions. The Bureau seeks comment on whether the benefits of disclosing more granular information concerning debt-to-income ratio values at or around 36 percent would justify the risks to applicant and borrower privacy such disclosure would likely create and how such information should be disclosed.

For example, debt-to-income values of between 35 percent and 40 percent could be disclosed without modification, or the Bureau could indicate in the loan-level HMDA data disclosed to the public whether the reported debt-to-income ratio is 36 percent or higher.

The Bureau seeks comment on this proposal, including both the proposal to bin and top- and bottom-code certain debt-to-income values and the proposed intervals to be used for binning.

Property Value

The 2015 HMDA Final Rule requires financial institutions to report the value of the property securing the covered loan or, in the case of an application, proposed to secure the covered loan. Financial institutions will report the value relied on in making the credit decision, such as an appraisal value or the purchase price of the property. The property value will be reported in numeric form reflecting the exact dollar amount of the value relied on. The Bureau added the requirement to report the property value relied on in the 2015 HMDA Final Rule to implement the Dodd-Frank Act's amendment to HMDA providing for the collection and reporting of the value of the real property pledged or proposed to be pledged as collateral.

12 CFR 1003.4(a)(28) (effective Jan. 1, 2018).

Id.

Supra note 83, at 71.

Dodd-Frank Act section 1094(3)(A)(iv), 12 U.S.C. 2803(b)(6)(A).

For the reasons given below, the Bureau believes that disclosing the property value in the loan-level HMDA data released to the public would likely substantially facilitate the re-identification of an applicant or borrower and that this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the loan-level HMDA data by disclosing the midpoint for the $10,000 interval into which the reported property value falls. For example, for a property value of $117,834, the Bureau would disclose $115,000 as the midpoint between values equal to $110,000 and less than $120,000.

The property value data field would be useful for determining whether financial institutions are serving the housing needs of their communities. Users could better understand the values of properties for which financial institutions are (and are not) providing financing to consumers in certain communities. The property value, combined with the loan amount and combined loan-to-value ratio, can also be used to determine whether the property is subject to a second lien. Property value would also be beneficial for identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. Combined with the loan amount, the property value would allow users to calculate a loan-to-value ratio, an important variable in underwriting. The loan-to-value ratio would help ensure that users who are evaluating potential disparities in underwriting outcomes, pricing, or other terms and conditions are comparing applicants or borrowers who obtained or applied for loans with similar loan-to-value ratios, thereby controlling for factors that might provide a legitimate explanation for disparities.

The Bureau believes that disclosing the exact property value would likely substantially facilitate the re-identification of an applicant or borrower. As with loan amount, property value is a numeric data field that will often consist of at least six digits, which increases its contribution to the uniqueness of a particular HMDA record. As discussed above, many jurisdictions publicly disclose property tax records or real estate transaction records in an identified form, such as mortgages or deeds of trust. These records contain estimates of property value or information that is closely related to property value. Although the value of the property reflected in these public records generally will not be identical to the property value relied on by the financial institution in making the credit decision, the Bureau believes that it may be close enough to permit matching. Therefore, in many cases, an adversary could use the exact property value, combined with other fields, to match a HMDA record to an identified publicly available record.

If the HMDA data were re-identified, the Bureau believes that the property value would likely disclose minimal, if any, information about an applicant or borrower that may be harmful or sensitive. In some cases, the property value may be combined with other information to identify borrowers with high levels of equity, which information could be used to target borrowers with predatory lending offers. For most consumers, however, the Bureau believes that property value would be unlikely to be used for targeted marketing of products and services that pose risks that may not be apparent. Indeed, the Bureau believes that information about borrower equity is already available to many marketers and may be calculated or estimated from publicly available property tax or real estate transaction records that include loan amounts and property values, such as mortgages and real estate sales records. Estimates of property value are also available through online real estate databases.

The Bureau believes that the loan-level HMDA data may be modified to appropriately reduce the privacy risks created by the public disclosure of the property value while preserving much of the benefits of the data field. The Bureau believes that disclosing the midpoint for the $10,000 interval into which the reported property value falls provides enough precision to allow users to rely on property value to achieve HMDA's purposes. For example, $10,000 intervals will provide general information about values of properties for which financial institutions are providing financing. Such intervals will not allow users to calculate an exact loan-to-value ratio, although users may still derive an estimated loan-to-value ratio. However, the Bureau believes that releasing the combined loan-to-value ratio, as it proposes to do, will be more beneficial for fair lending purposes than the loan-to-value ratio that users would have calculated from the exact loan amount and property value. Disclosing the midpoint for the $10,000 interval into which the reported property value falls also decreases the ability of adversaries to match HMDA data to identified public records by reducing the uniqueness of a data field common to both datasets. Because the Bureau is also proposing to bin loan amount similarly, adversaries will be unable to use the combined loan-to-value ratio to reduce the effectiveness of the proposed modification by deriving the reported property value. Although such modifications do not entirely eliminate the risk of re-identification, the Bureau believes that the remaining risk would be justified by the benefits of disclosing the property value in $10,000 intervals. Therefore, the Bureau believes at this time that, under the balancing test, modifying property value as described above appropriately balances the privacy risks and disclosure benefits. The Bureau seeks comment on this proposal, including both the proposed $10,000 intervals to be used for binning and the proposal to disclose the midpoint for each interval.

Nationwide Mortgage Licensing System and Registry Identifier

The 2015 HMDA Final Rule requires financial institutions to report “the unique identifier assigned by the Nationwide Mortgage Licensing System and Registry [NMLSR ID] for the mortgage loan originator, as defined in Regulation G, 12 CFR 1007.102, or Regulation H, 12 CFR 1008.23, as applicable.” The NMLSR ID will be submitted by financial institutions in numeric form, such as 123450. The Bureau added the requirement to report the NMLSR ID in the 2015 HMDA Final Rule to implement the Dodd-Frank Act's requirement that financial institutions report, “as the Bureau may determine to be appropriate, a unique identifier that identifies the loan originator as set forth in section 1503 of the [Secure and Fair Enforcement for] Mortgage Licensing Act of 2008.”

12 CFR 1003.4(a)(34) (effective Jan. 1, 2018).

Supra note 83, at 75.

Dodd-Frank Act section 1094(3)(A)(iv), 12 U.S.C. 2803(b)(6)(F).

For the reasons given below, the Bureau believes that disclosing the NMLSR ID in the loan-level HMDA data released to the public would likely substantially facilitate the re-identification of an applicant or borrower and that this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the loan-level HMDA data by excluding the NMLSR ID.

The NMLSR ID would be useful for identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. The NMLSR ID would allow users to identify individual mortgage loan originators with primary responsibility over applications, originations, and purchased loans. This information would help public officials and members of the public to identify loan originators that are engaged in problematic business practices, which would provide a greater level of precision for understanding and correcting possible discriminatory lending patterns.

The Bureau believes that disclosing the NMLSR ID would likely substantially facilitate the re-identification of an applicant or borrower in the HMDA data. The NMLSR ID is required to appear on various documents associated with the loan, including the security instrument. As explained above, many jurisdictions publicly disclose these real estate transaction records in an identified form. Although the NMLSR ID is not unique to an individual HMDA record, it is unique to the mortgage loan originator who is unlikely to be associated with many loans for which the other HMDA data fields are identical. Therefore, in many cases, an adversary could use the NMLSR ID, combined with other data fields, to match a HMDA record to an identified public record.

If the HMDA data were re-identified, the Bureau believes that the NMLSR ID would likely disclose minimal, if any, information about an applicant or borrower that may be harmful or sensitive. The Bureau understands that the NMLSR ID may allow users to determine information that loan originators may consider sensitive. However, as explained in the 2015 HMDA Final Rule, because the Dodd-Frank Act explicitly amended HMDA to add a loan originator identifier, while at the same time directing the Bureau to modify or require modification of itemized information “for the purpose of protecting the privacy interests of the mortgage applicants or mortgagors,” the Bureau believes it is reasonable to interpret HMDA as not requiring modifications of itemized information to protect the privacy interests of mortgage loan originators, and that that interpretation best effectuates the purposes of HMDA. Rather, under the balancing test, the Bureau evaluates the risks to applicant and borrower privacy interests and the benefits of public disclosure in light of the statutory purposes. Because the NMLSR ID conveys no sensitive information about applicants or borrowers, the Bureau believes that disclosure of this data field would create minimal, if any, risk of harm or sensitivity under the balancing test. However, because the Bureau believes that disclosing the NMLSR ID in the loan-level HMDA data released to the public would likely substantially facilitate the re-identification of an applicant or borrower and that this risk would not be justified by the benefits of the disclosure, the Bureau proposes not to disclose in the loan-level HMDA data the NMLSR ID.

80 FR 66128, 66232 (Oct. 28, 2015).

The Bureau has considered whether a modification to the public loan-level HMDA dataset other than exclusion of the NMLSR ID would appropriately reduce the privacy risks created by disclosure while maintaining some utility for HMDA's purposes. For example, as with the ULI, the Bureau has considered whether it could, in the loan-level HMDA data disclosed to the public, replace the NMLSR ID reported to the regulators with a different unique number, such as a hashed value. The Bureau is unable to identify a feasible modification at this time, however. The Bureau believes at this time that, under the balancing test, excluding the NMLSR ID is a modification to the public loan-level HMDA data that appropriately balances the risks to applicant and borrower privacy and the benefits of disclosure. The Bureau seeks comment on this proposal.

Automated Underwriting System Result

The 2015 HMDA Final Rule requires that, except for purchased covered loans, financial institutions report “the name of the automated underwriting system used by the financial institution to evaluate the application and the result generated by that automated underwriting system.” The 2015 HMDA Final Rule defines “automated underwriting system” for the purposes of this requirement as “an electronic tool developed by a securitizer, Federal government insurer, or Federal government guarantor that provides a result regarding the credit risk of the applicant and whether the covered loan is eligible to be originated, purchased, insured, or guaranteed by that securitizer, Federal government insurer, or Federal government guarantor.” A financial institution will submit a code from a specified list to indicate the result or results generated by the AUS or AUSs used. Up to five AUS names and five AUS results may be reported. The Bureau added these requirements in the 2015 HMDA Final Rule using its discretionary authority to require the reporting of “such other information as the Bureau may require” provided by the Dodd-Frank Act's amendment to HMDA.

12 CFR 1003.4(a)(35)(i) (effective Jan. 1, 2018).

12 CFR 1003.4(a)(35)(ii) (effective Jan. 1, 2018).

Supra note 8, at 74-75. AUS result will be reported using the following codes: Code 1—Approve/Eligible; Code 2—Approve/Ineligible; Code 3—Refer/Eligible; Code 4—Refer/Ineligible; Code 5—Refer with Caution; Code 6—Out of Scope; Code 7—Error; Code 8—Accept; Code 9—Caution; Code 10—Ineligible; Code 11—Incomplete; Code 12—Invalid; Code 13—Refer; Code 14—Eligible; Code 15—Unable to Determine; Code 16—Other; Code 17—Not applicable. If the AUS result is not listed, the financial institution will submit code 16 for “other” and will report in a free-form text field the name and version of the scoring model used.

Comment 4(a)(35)-3 (concerning reporting of multiple AUS results); supra note 83, at 37-39, 73.

HMDA section 304(b)(6).

For the reasons given below, the Bureau believes that disclosing in the loan-level HMDA data released to the public the AUS result field would likely disclose information about the applicant or borrower that is not otherwise public and may be harmful or sensitive and that this risk would not be justified by the benefits of the disclosure. Therefore, the Bureau proposes to modify the public loan-level HMDA dataset by excluding the AUS result field.

As discussed above, the Bureau proposes to disclose AUS name.

The AUS result would assist users in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. The AUS result would assist in understanding a financial institution's underwriting decision-making and would help ensure that users are comparing applicants and borrowers with similar profiles, thereby controlling for factors that might provide a legitimate explanation for disparities in credit and pricing decisions.

The Bureau believes that, if the HMDA data were re-identified, disclosure of AUS result would likely disclose information about the applicant or borrower that is not otherwise public and may be harmful or sensitive. Applicants' AUS results are not available to the general public. An AUS result is based on a complex set of factors used to evaluate the credit risk associated with a loan. The traditional underwriting process often uses, among other things, loan-to-value ratio to evaluate collateral, credit score to evaluate creditworthiness and willingness to pay, and debt-to-income ratio to evaluate ability to pay. The result from an AUS reflects in a single indicator these and other factors used to evaluate the risk of the borrower and the eligibility of the loan to be purchased, insured, or guaranteed. The Bureau believes that, if a HMDA record were associated with an identifiable applicant or borrower, disclosure of a “negative” AUS result would reveal information that would likely be perceived as reflecting negatively on the applicant or borrower's willingness or ability to pay. The Bureau believes that most consumers would consider such information sensitive and that disclosure of this information could lead to dignity harm or embarrassment. The Bureau believes that this field also could be used to target marketing to applicants or borrowers, including marketing of products and services that may pose risks that are not apparent.

For example, a “refer with caution” result would indicate that the loan would need to be manually underwritten.

The Bureau believes that disclosure in the loan-level HMDA data of AUS result would create minimal, if any, risk of facilitating the re-identification of applicants and borrowers in the HMDA data. The Bureau believes that AUS results are not included in any public records or found in other datasets available to the public and that an adversary would face substantial difficulty attempting to re-identify an applicant or borrower by using AUS result to match HMDA records to other identified records.

The Bureau has considered whether modifications to the public loan-level HMDA data other than the exclusion of AUS result would appropriately reduce the privacy risks created by the disclosure of the AUS result while maintaining some utility for HMDA's purposes. However, the Bureau does not believe that AUS result can be modified in a manner that appropriately protects privacy and that also preserves utility. AUS result is a categorical field, as opposed to a numerical one, and thus cannot be binned or rounded. The Bureau believes at this time that, under the balancing test, excluding AUS result is a modification to the public loan-level HMDA data that appropriately balances the risks to applicant and borrower privacy and the benefits of disclosure. The Bureau seeks comment on this proposal.

Free-Form Text Fields

The 2015 HMDA Final Rule requires financial institutions to use free-form text fields to report certain data. For example, the 2015 HMDA Final Rule requires financial institutions to report, except for purchased covered loans, the credit score or scores relied on in making the credit decision and the name and version of the scoring model used to generate each credit score. A financial institution will submit a code from a specified list to indicate the name and version of the scoring model used to generate each credit score reported. If the name and version of the scoring model used to generate a credit score is not listed, the financial institution will submit the code for “other credit scoring model” and will report in a free-form text field the name and version of the scoring model used. Free-form text fields may also be used to report race, ethnicity, reason for denial, and AUS system name. The maximum number of characters for the AUS system name free-form text field and for the reason for denial free-form text field, including spaces, is 255; the maximum number of characters including spaces for all other free-form text fields is 100. Free-form text fields used to report race and ethnicity will be completed by applicants; all other free-form text fields will be completed by the financial institution.

12 CFR 1003.4(a)(15)(i) (effective Jan. 1, 2018).

Supra note 83, at 33-34, 63-64.

Id.

12 CFR 1003.4(a)(10)(i); s upra note 83, at 21-31.

12 CFR 1003.4(a)(10)(i); s upra note 83, at 17-20.

12 CFR 1003.4(a)(16); s upra note 83, at 35-36.

12 CFR 1003.4(a)(35)(i); s upra note 83, at 38-40.

Appendix B, paragraph 8 (effective Jan. 1, 2018).

Free-form text fields will allow the reporting of any information, including information that creates risks to applicant and borrower privacy. Given the volume of HMDA data reported each year, it will not be feasible for the Bureau to review the contents of each free-form text field submitted before disclosing the loan-level HMDA data to the public. The Bureau believes at this time that, under the balancing test, excluding free-form text fields is a modification to the public loan-level HMDA data that appropriately balances the risks to applicant and borrower privacy and the benefits of disclosure. The Bureau seeks comment on this proposal.

IV. Other Considerations Related to Disclosure

A. Additional Data

Current Regulation C requires financial institutions to report the location of the property to which the loan or application relates, by MSA or by Metropolitan Division, by State, by county, and by census tract, if the institution has a home or branch office in that MSA or Metropolitan Division. To reduce burden on financial institutions, the 2015 HMDA Final Rule eliminates from this provision the requirement to report the MSA or Metropolitan Division in which the property is located. The Bureau proposes to identify for each loan and application subject to this provision the MSA or Metropolitan Division in which the property securing or proposed to secure the loan is located and to include this information in the loan-level HMDA data disclosed to the public so that the utility of these currently disclosed data fields are preserved. The Bureau seeks comment on this proposal.

12 CFR 1003.4(a)(9)(ii) (effective Jan. 1, 2018); 80 FR 66128, 66187 (Oct. 28, 2015).

The FFIEC currently includes with the agencies' loan-level release the following census and income data: Population (total population in tract); Minority Population Percent (percentage of minority population to total population for tract, carried to two decimal places); FFIEC Median Family Income (FFIEC Median family income in dollars for the MSA/MD in which the tract is located (adjusted annually by FFIEC)); Tract to MSA/MD Median Family Income Percentage (percentage of tract median family income compared to MSA/MD median family income, carried to two decimal places); Number of Owner Occupied Units (number of dwellings, including individual condominiums, that are lived in by the owner); and Number of 1- to 4-Family units (dwellings that are built to house fewer than five families). These data are intended to provide additional context to the reported HMDA data. The Bureau proposes to continue to include these data in the loan-level HMDA data disclosed to the public. The Bureau seeks comment on this proposal.

For more information concerning these data, including the sources of these data, see Federal Financial Institutions Examination Council, “FFIEC Census and Demographic Data,” https://www.ffiec.gov/censusproducts.htm (last visited Mar. 20, 2017).

The FFIEC also currently includes with the agencies' loan-level release an application date indicator reflecting whether the application date was before January 1, 2004, on or after January 1, 2004, or not available. The Bureau believes that this indicator is no longer useful to analysis of the HMDA data and proposes to no longer include the application date indicator in the loan-level HMDA data disclosed to the public. The Bureau seeks comment on this proposal.

B. The Modified LAR and the Agencies' Loan-Level Release

As discussed above, HMDA requires that financial institutions make available to the public, upon request, “loan application register information” as defined by the Bureau and in the form required under regulations prescribed by the Bureau. This information must be made available as early as March 31 following the calendar year for which the information was compiled. In addition to the loan-level data made available by each financial institution on its modified loan/application register, the FFIEC currently makes available in September of each year the agencies' loan-level release, which is a loan-level dataset containing all reported HMDA data for the preceding calendar year.

HMDA section 304(j)(1). This requirement is implemented in 12 CFR 1003.5(c), which requires that each financial institution make available to the public its modified loan/application register, sometimes referred to as a “modified LAR.”

HMDA section 304(j)(5).

Under the 2015 HMDA Final Rule, financial institutions will no longer be required to provide their modified loan/application registers directly to the public and will be required instead to provide a notice advising members of the public seeking their data that it may be obtained on the Bureau's Web site. By March 31 following the calendar year for which the data was compiled, the Bureau will make available on the Bureau's Web site a modified loan/application register for each financial institution that timely submits its HMDA data. With respect to data compiled in 2018 or later, this proposed Policy Guidance describes the modifications the Bureau proposes to apply to each financial institution's modified loan/application register as well as to the agencies' loan-level release, with the possible exception of modifications to reflect whether the loan amount is above the applicable GSE conforming loan limit, which may be released later than March 31.

12 CFR 1003.5(c) (effective Jan. 1, 2018).

With respect to data that is submitted late, the Bureau intends to make available a modified loan/application register by March 31 whenever possible, or as soon thereafter as is feasible.

As noted above, HMDA data is reported by March 1 of the year following the calendar year for which the information was compiled, leaving the Bureau as little as 30 days to prepare each financial institution's modified loan/application register. The Bureau is exploring how best to provide the public with information concerning whether a loan is above the applicable GSE conforming loan limit.

C. Aggregate and Disclosure Reports

HMDA and Regulation C require the FFIEC to make available a disclosure statement for each financial institution each year. The statute and regulation also require the FFIEC to compile aggregate data by census tract for all financial institutions reporting under HMDA and to produce tables indicating aggregate lending patterns for various categories of census tracts grouped according to location, age of housing stock, income level, and racial characteristics. The FFIEC currently makes these aggregate data products available in September of each year reflecting HMDA data reported for the preceding calendar year.

12 U.S.C. 2803(k); 12 CFR 1003.5(b)(1) (effective Jan. 1, 2018).

12 U.S.C. 2809(a); 12 CFR 1003.5(f) (effective Jan. 1, 2018).

The FFIEC, the Bureau, and the other agencies continue to evaluate options for making available the disclosure statements and aggregate data required by HMDA and the 2015 HMDA Final Rule. The Bureau may also consider making available other data products to enhance understanding of the HMDA data and otherwise further the goals of the statute.

D. Restricted Access Program

As indicated in the supplementary information to the 2014 HMDA Proposed Rule and the 2015 HMDA Final Rule, the Bureau believes that HMDA's public disclosure purposes may be furthered by allowing academics and industry and community researchers to access the unmodified HMDA dataset through a restricted access program, for research purposes. The Bureau continues to evaluate whether access to unmodified HMDA data should be permitted through such a program, the options for such a program, and the risks and costs that may be associated with such a program.

V. Regulatory Requirements

The Bureau concludes that the proposed Policy Guidance on Disclosure of Loan-Level HMDA Data is a non-binding general statement of policy and/or a rule of agency organization, procedure, or practice exempt from notice and comment rulemaking requirements under the Administrative Procedure Act pursuant to 5 U.S.C. 553(b). Notwithstanding this conclusion, the Bureau invites public comment on the proposed Policy Guidance. Because no notice of proposed rulemaking is required, the Regulatory Flexibility Act does not require an initial or final regulatory flexibility analysis. The existing information collections contained in Regulation C have been approved by the Office of Management and Budget (OMB) and assigned OMB control number 3170-0008. The Bureau has determined that this proposed Policy Guidance does not impose any new or revise any existing recordkeeping, reporting, or disclosure requirements on covered entities or members of the public that would be collections of information requiring OMB approval under the Paperwork Reduction Act, 44 U.S.C. 3501, et seq. The Bureau has a continuing interest in the public's opinions regarding this determination. At any time, comments regarding this determination may be sent to the Consumer Financial Protection Bureau (Attention: PRA Office), 1700 G Street NW., Washington, DC 20552, or by email to CFPB_Public_PRA@cfpb.gov.

VI. Proposed Policy Guidance on Disclosure of Loan-Level HMDA Data

The text of the proposed Policy Guidance is as follows:

Policy Guidance on Disclosure of Loan-Level HMDA Data

A. Background

The Home Mortgage Disclosure Act (HMDA), 12 U.S.C. 2801 et seq., requires certain financial institutions to collect, report, and disclose data about their mortgage lending activity. HMDA is implemented by Regulation C, 12 CFR part 1003. HMDA identifies its purposes as providing the public and public officials with sufficient information to enable them to determine whether financial institutions are serving the housing needs of the communities in which they are located, and to assist public officials in their determination of the distribution of public sector investments in a manner designed to improve the private investment environment. In 1989, the Board of Governors of the Federal Reserve System (Board) recognized a third HMDA purpose of identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes, which now appears with HMDA's other purposes in Regulation C.

54 FR 51356, 51357 (Dec. 15, 1989) (codified at 12 CFR 1003.1(b)(1)) (Bureau's post-Dodd-Frank Act Regulation C).

In 2010, Congress enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). Among other changes, the Dodd-Frank Act expanded the scope of information relating to mortgage applications and loans that must be collected, reported, and disclosed under HMDA and authorized the Bureau to require financial institutions to collect, report, and disclose additional information. The Dodd-Frank Act amendments to HMDA also added new section 304(h)(1)(E), which directs the Bureau to develop regulations, in consultation with the agencies identified in section 304(h)(2), that “modify or require modification of itemized information, for the purpose of protecting the privacy interests of the mortgage applicants or mortgagors, that is or will be available to the public.” Section 304(h)(3)(B), also added by the Dodd-Frank Act, directs the Bureau to “prescribe standards for any modification under paragraph (1)(E) to effectuate the purposes of [HMDA], in light of the privacy interests of mortgage applicants or mortgagors. Where necessary to protect the privacy interests of mortgage applicants or mortgagors, the Bureau shall provide for the disclosure of information . . . in aggregate or other reasonably modified form, in order to effectuate the purposes of [HMDA].”

Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1376, 1980, 2035-38, 2097-101 (2010).

These agencies are the prudential regulators—the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency—and the Department of Housing and Urban Development. Together with the Bureau, these agencies are referred to herein as “the agencies.”

Section 304(h)(3)(A) provides that a modification under section 304(h)(1)(E) shall apply to information concerning “(i) credit score data . . . in a manner that is consistent with the purpose described in paragraph (1)(E); and (ii) age or any other category of data described in paragraph (5) or (6) of subsection (b), as the Bureau determines to be necessary to satisfy the purpose described in paragraph (1)(E), and in a manner consistent with that purpose.”

On October 28, 2015, the Bureau published a final rule amending Regulation C (2015 HMDA Final Rule) to implement the Dodd-Frank Act amendments and make other changes. Most provisions of the 2015 HMDA Final Rule go into effect on January 1, 2018, and apply to data financial institutions will collect beginning in 2018 and will report beginning in 2019.

80 FR 66128 (Oct. 28, 2015); see also 80 FR 69567 (Nov. 10, 2015) (making technical corrections).

Certain amendments to the definition of financial institution went into effect on January 1, 2017. See 12 CFR 1003.2 (effective Jan. 1, 2017); 80 FR 66128, 66308 (Oct. 28, 2015).

B. The Balancing Test

In the 2015 HMDA Final Rule, in consultation with the agencies and after notice and comment, the Bureau interpreted HMDA, as amended by the Dodd-Frank Act, to require that the Bureau use a balancing test to determine whether and how HMDA data should be modified prior to its disclosure to the public in order to protect applicant and borrower privacy while also fulfilling HMDA's public disclosure purposes. The Bureau interpreted HMDA to require that public HMDA data be modified when the release of the unmodified data creates risks to applicant and borrower privacy interests that are not justified by the benefits of such release to the public in light of the statutory purposes. In such circumstances, the need to protect the privacy interests of mortgage applicants or mortgagors requires that the itemized information be modified. This binding interpretation implemented HMDA sections 304(h)(1)(E) and 304(h)(3)(B) because it prescribed standards for requiring modification of itemized information, for the purpose of protecting the privacy interests of mortgage applicants and borrowers, that is or will be available to the public.

80 FR 66128, 66134 (Oct. 28, 2015).

The Bureau has applied the balancing test to determine whether and how to modify the HMDA data reported under the 2015 HMDA Final Rule before it is disclosed on the loan level to the public. This Policy Guidance describes the loan-level HMDA data that the Bureau intends to make available to the public beginning in 2019, with respect to data compiled by financial institutions in or after 2018, including modifications that the Bureau intends to apply to the data. The Bureau intends to continue to monitor developments affecting the application of the balancing test to the HMDA data and may reconsider whether and how to modify the HMDA data, based on the application of the balancing test, in order to ensure the appropriate protection of applicant and borrower privacy in light of HMDA's purposes. This Policy Guidance is non-binding in part because flexibility to revise the modifications to be applied to the public loan-level HMDA data is necessary to maintain a proper balancing of the privacy risks and benefits of disclosure.

C. Loan-Level HMDA Data To Be Disclosed to the Public

The Bureau intends to publicly disclose loan-level HMDA data reported pursuant to the 2015 HMDA Rule as follows:

1. Except as provided in paragraphs 2 through 6 below, the Bureau intends to disclose all data as reported, without modification.

2. The Bureau intends to exclude the following from the public loan-level HMDA data:

a. Universal loan identifier, collected pursuant to 12 CFR 1003.4(a)(1)(i);

b. The date the application was received or the date shown on the application form, collected pursuant to 12 CFR 1003.4(a)(1)(ii);

c. The date of action taken by the financial institution on a covered loan or application, collected pursuant to 12 CFR 1003.4(a)(8)(ii);

d. The address of the property securing the loan or, in the case of an application, proposed to secure the loan, collected pursuant to 12 CFR 1003.4(a)(9)(i);

e. The credit score or scores relied on in making the credit decision, collected pursuant to 12 CFR 1003.4(a)(15)(i);

f. The unique identifier assigned by the Nationwide Mortgage Licensing System and Registry for the mortgage loan originator, as defined in Regulation G, 12 CFR 1007.102, or Regulation H, 12 CFR 1008.23, as applicable, collected pursuant to 12 CFR 1003.4(a)(34);

g. The result generated by the automated underwriting system used by the financial institution to evaluate the application, collected pursuant to 12 CFR 1003.4(a)(35)(i); and

h. Free-form text fields used to report the following data: Applicant or borrower race, collected pursuant to 12 CFR 1003.4(a)(10)(i); applicant or borrower ethnicity, collected pursuant to 12 CFR 1003.4(a)(10)(i); name and version of the credit scoring model used to generate each credit score or credit scores relied on in making the credit decision, collected pursuant to 12 CFR 1003.4(a)(15)(i); the principal reason or reasons the financial institution denied the application, if applicable, collected pursuant to 12 CFR 1003.4(a)(16); and automated underwriting system name, collected pursuant to 12 CFR 1003.4(a)(35)(i).

3. With respect to the amount of the covered loan or the amount applied for, collected pursuant to 12 CFR 1003.4(a)(7), the Bureau intends to:

a. Disclose the midpoint for the $10,000 interval into which the reported value falls, e.g., for a reported value of $117,834, disclose $115,000 as the midpoint between values equal to $110,000 and less than $120,000; and

b. Indicate whether the reported value exceeds the applicable dollar amount limitation on the original principal obligation in effect at the time of application or origination as provided under 12 U.S.C. 1717(b)(2) and 12 U.S.C. 1454(a)(2).

4. With respect to the age of an applicant or borrower, collected pursuant to 12 CFR 1003.4(a)(10)(ii), the Bureau intends to:

a. Bin reported values into the following ranges, as applicable: 25 to 34; 35 to 44; 45 to 54; 55 to 64; and 65 to 74;

b. Bottom-code reported values under 25;

c. Top-code reported values over 74; and

d. Indicate whether the reported value is 62 or higher.

5. With respect to the ratio of the applicant's or borrower's total monthly debt to the total monthly income relied on in making the credit decision, collected pursuant to 12 CFR 1003.4(a)(23), the Bureau intends to:

a. Bin reported values into the following ranges, as applicable: 20 percent to less than 30 percent; 30 percent to less than 40 percent; and 50 percent to less than 60 percent;

b. Bottom-code reported values under 20 percent;

c. Top-code reported values of 60 percent or higher; and

d. Disclose, without modification, reported values greater than or equal to 40 percent and less than 50 percent.

6. With respect to the value of the property securing the covered loan or, in the case of an application, proposed to secure the covered loan, collected pursuant to 12 CFR 1003.4(a)(28), the Bureau intends to disclose the midpoint for the $10,000 interval into which the reported value falls, e.g., for a reported value of $117,834, disclose $115,000 as the midpoint between values equal to $110,000 and less than $120,000.

Dated: September 8, 2017.

Richard Cordray,

Director, Bureau of Consumer Financial Protection.

[FR Doc. 2017-20409 Filed 9-22-17; 8:45 am]

BILLING CODE 4810-AM-P