Is Your Interface CFPB-Proof? What Mortgage Teams Need to Know About HMDA Compliance

The CFPB Stepped Back in 2025. State Regulators Did Not.

When Acting Director Russell Vought froze CFPB operations in February 2025 and proposed 90% staff reductions, many mortgage lenders breathed a sigh of relief. That relief was premature. HMDA reporting requirements survived untouched. The underlying statutes remain law. And state regulators moved fast to fill the federal gap.

Michigan's Attorney General reaffirmed enforcement under the state Consumer Protection Act. New York passed the FAIR Business Practices Act, expanding authority over unfair lending practices. California's DFPI accelerated investigations into mortgage origination. The Homebuyers Privacy Protection Act, signed September 2025, takes effect March 4, 2026, restricting trigger lead practices.

Your mortgage application interfaces need to handle HMDA data collection, fair lending documentation, and compliance evidence regardless of who enforces the rules. Here is how to build interfaces that satisfy any examiner who walks through the door.

HMDA Reporting Survives the CFPB Downsizing

The Home Mortgage Disclosure Act is a federal statute passed by Congress. The CFPB implements it through Regulation C, but the Bureau cannot eliminate the law through administrative action. The 2026 HMDA asset-size exemption threshold rose to $59 million, meaning more small lenders are exempt. Every lender above that threshold must still collect and report.

Regulation C requires mortgage lenders to collect data on loan applications, originations, and purchases. This includes borrower demographics, loan terms, property information, and denial reasons. Your application interface is where most of this data enters your system.

The CFPB Guidance Compendium covering October 2021 through January 2025 remains in effect. Reduced enforcement staff does not change the data reporting obligations.

State Enforcement Is Expanding Fast

As the federal backstop weakens, states are building their own enforcement capacity. A 2022 CFPB interpretive rule affirmed that state attorneys general can bring civil actions to enforce Consumer Financial Protection Act provisions, including UDAAP prohibitions. That delegation survives the current administration's policy shift.

Here is what is happening on the ground:

• New York passed the FAIR Business Practices Act. It bans unfair acts, not just deceptive ones. It raises fines and empowers both the AG and city-level enforcement.
• California finalized CCPA amendments requiring automated decision-making technology disclosure and annual cybersecurity audits for businesses handling high-risk personal data.
• Multi-state coordination through CSBS is moving toward "One Company, One Exam" frameworks that standardize examination formats.
• Former CFPB staff are joining state agencies, bringing federal-level expertise to local enforcement.

For multi-state lenders, this creates a patchwork of requirements. Your interfaces must capture the data that satisfies the strictest state, not just the current federal minimum.

Interface Data Collection Requirements for HMDA

Your mortgage application interface must capture HMDA-reportable data at the point of entry. Retrofitting data collection after the fact creates gaps that examiners will find.

Required HMDA Data Points

• Applicant demographics: race, ethnicity, sex collected using standardized HMDA categories
• Loan characteristics: loan type, purpose, amount, interest rate, loan term
• Property information: location, occupancy type, construction method
• Underwriting data: DTI ratio, CLTV, credit score model used
• Action taken: originated, approved not accepted, denied, withdrawn, incomplete
• Denial reasons: captured and reported for every denied application

Build these fields into your interface as required inputs. Do not allow loan officers to skip demographic collection or mark fields as "information not provided" without the borrower explicitly declining.

Fair Lending Fields Your Interface Must Capture

Fair lending compliance goes beyond HMDA data collection. Your interfaces must support consistent treatment across all applicants.

Build these safeguards into your application workflow:

• Standardized pricing disclosures that present rate options consistently to every borrower, regardless of demographic characteristics.
• Automated adverse action notices triggered by denial decisions, citing specific reasons from a pre-approved list.
• Exception tracking that logs every time a loan officer overrides automated pricing or underwriting recommendations. Examiners compare exception rates across demographic groups.
• Communication logs capturing what information was provided to each applicant and when. Disparate treatment claims often hinge on whether similarly situated borrowers received the same guidance.

6 Steps to Make Your Interface Audit-Proof

Step 1: Map every data field to its regulatory source. Create a crosswalk document that ties each field in your application interface to the specific regulation requiring it. HMDA, ECOA, TILA, RESPA, and state-specific requirements should all be mapped.

Step 2: Validate data at entry. Do not wait for quality control to catch missing or inconsistent data. Build validation rules into the interface that prevent incomplete applications from advancing to the next stage.

Step 3: Lock completed fields. Once a borrower submits demographic information, that data should be protected from editing by loan officers. Create a tamper-evident audit trail showing the original entry plus any subsequent changes with timestamps and user IDs.

Step 4: Automate compliance checks against current thresholds. The 2026 HMDA asset-size threshold is $59 million. QM points-and-fees caps, HOEPA triggers, and APR-to-APOR spreads all update annually. Your interface should reference current values, not hardcoded numbers from last year.

Step 5: Generate examiner-ready reports on demand. State examiners now demand campaign archives, NMLS identifier verification, and fair lending data with short turnaround times. Build report templates that pull directly from your interface data.

Step 6: Test your interface against real examination scenarios. Run mock examinations quarterly. Have your compliance team play the role of a state examiner and request the data they would ask for. Fix gaps before a real examiner finds them.

Building a Documentation Trail Examiners Trust

Compliance experts at RiskExec Connect 2025 put it plainly: "You can't eliminate the CFPB by waving a wand. The statutes and rules still exist." Lenders who cut compliance spending during enforcement pauses become primary targets when the pendulum swings back.

Build your documentation trail to survive any enforcement environment:

• Retain application data for at least 5 years with loan-level detail sufficient to reconstruct any decision.
• Log every interface interaction with timestamps, user identification, and IP addresses.
• Store denial reasons alongside the data that supported each decision.
• Archive disclosures as they were presented to borrowers, including version history when forms change.
• Maintain audit trails showing who accessed what data and when.

Consistency is protection. Document decisions the same way whether enforcement is aggressive or quiet. When oversight returns, your records will speak for themselves.

Frequently Asked Questions

Related Articles

• Bridging IT and Compliance in the Mortgage Industry with Microsoft Solutions
• Data-Driven Learning Dashboards for Mortgage Education and Compliance Using Power BI
• DLP and the Role of Technology in Modern Mortgage Compliance

Build Interfaces That Satisfy Any Examiner

The regulatory landscape did not simplify in 2025. It fragmented. Federal enforcement slowed, but state enforcement accelerated. The statutes remain law. The data requirements remain unchanged.

Your mortgage application interface is where compliance starts. Build it to capture the right data, generate the right reports, and produce the audit trail that any examiner expects.

Talk to a mortgage IT specialist about building compliance-ready interfaces for your lending operation.