Compliance Blog

Dec 13, 2023

CFPB Orders Bank of America to Pay $12 million

On November 28, 2023, the Consumer Financial Protection Bureau (CFPB) announced a $12 million civil penalty and the filing of a consent order against Bank of America, N.A. (BoA) for allegedly reporting false mortgage data.

Alleged Conduct

In the Consent Order, CFPB alleges the following conduct:

·       Failed to accurately collect and report HMDA data:

o   When taking phone applications, BoA loan officers are required to ask for the ethnicity, race, and sex of the applicant;

o   If a loan applicant did not provide the information, the loan officers records “information not provided”;

o   In a 2013 internal audit, BoA found that loan officers had a high rate (13%) of reporting “information not provided” when reporting a loan applicant’s race or ethnicity;

o   BoA estimated that other large banks had a rate of 10%;

o   In response, BoA implemented a monitoring program that dropped the rate to 6% by 2016;

o   In 2016, BoA ended the monitoring program and the rate of reporting “information not provided” eventually reached 17% in 2020;

o   In 2020, BoA found that 113 loan officers reported that applicants chose not to provide their race and ethnicity on 100% of their applications;

o   In an internal audit, BoA found that some loan officers never asked for an applicant’s race, ethnicity, and sex.

o   In response to these issues, BoA re-implemented the monitoring program;

o   Despite the monitoring program and other measures, loan officers at BoA continued to record information not provided, even though they did not ask for the applicant’s race, ethnicity, and sex.

Credit unions may benefit from a review of the CFPB’s discussion on BoA’s conduct. The CFPB goes into greater detail on what BoA did wrong and credit unions can use this discussion to ensure that they do not make the same mistakes with their collection of required information that BoA allegedly did.

Proposed Judgment

If entered, the proposed judgment would require BoA and its staff to take the following actions:

·       Develop, implement, and maintain policies, procedures, and controls that ensure compliance with HMDA, including:

o   Training of loan officers and other employees responsible for collecting HMDA data related to an applicant’s ethnicity, race, and sex;

o   Provide such training to newly hired employees and other employees before they begin collecting HMDA data related to an applicant’s ethnicity, race, and sex and provide the training to relevant employees annually;

o   Electronically identify any phone calls on which HMDA data related to ethnicity, race, and sex is collected and recorded.

o   Record phone applications and conduct audits on a representative sample;

o   Provide monthly reports that show the information not provided rates;

o   Provide coaching to loan officers whose information not provided rates exceed a target rate set by BoA;

o   Review all phone applications for any loan officer who exceeds the target information not provided rate for at least three consecutive months;

o   Implement a progressive discipline plan for loan officers that show non-compliance with HMDA/Regulation C requirements for collecting ethnicity, race, and sex;

o   Document changes made to an applicant’s ethnicity, race, and sex during the application process;

o   Ensure that HMDA disclosure is identical for all types of applications including applications take by phone, in person, and online.

·       Within 90 days of the effective date of the consent order, BoA must draft and submit a comprehensive compliance plan;

·       BoA’s board of directors, or a committee, must ensure that BoA meets the requirements of the Consent Order;

·       Pay a civil penalty of $10,000,000 to the CFPB;

Credit unions may find a review of the CFPB’s discussion of the above penalties informative. Furthermore, while normally an enforcement action against a big bank is often due to some adverse action against consumers, it is understandable why BoA’s loan officers did not want to bring up ethnicity, race, and sex. I wouldn’t want to do it and many applicants probably don’t like it being brought up either. As such, credit unions may want to consider reviewing their HMDA reporting data and talking to loan officers regarding HMDA/Regulation C requirements.


🔄✨ Renew Your NCCO and/or NCBSO in Fort Lauderdale, FL!   

Renew your credentials for two years just by attending with no exams required October 1 – 3, 2024 in Fort Lauderdale, FL at the Regulatory Compliance and BSA Seminar. Don’t wait – this conference sold out quickly in 2023! 

About the Author

Keith Schostag, NCCO, Senior Regulatory Compliance Counsel, NAFCU


Keith Schostag joined NAFCU as regulatory compliance counsel in February 2021. In this role, Keith assists credit unions with a variety of compliance issues.

Read full bio