[Federal Register Volume 88, Number 104 (Wednesday, May 31, 2023)]
[Rules and Regulations]
[Pages 35150-35571]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-07230]



[[Page 35149]]

Vol. 88

Wednesday,

No. 104

May 31, 2023

Part III





Consumer Financial Protection Bureau





-----------------------------------------------------------------------





12 CFR Part 1002





Small Business Lending Under the Equal Credit Opportunity Act 
(Regulation B); Final Rule

  Federal Register / Vol. 88, No. 104 / Wednesday, May 31, 2023 / Rules 
and Regulations  

[[Page 35150]]


-----------------------------------------------------------------------

CONSUMER FINANCIAL PROTECTION BUREAU

12 CFR Part 1002

[Docket No. CFPB-2021-0015]
RIN 3170-AA09


Small Business Lending Under the Equal Credit Opportunity Act 
(Regulation B)

AGENCY: Consumer Financial Protection Bureau.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Consumer Financial Protection Bureau (CFPB or Bureau) is 
amending Regulation B to implement changes to the Equal Credit 
Opportunity Act (ECOA) made by section 1071 of the Dodd-Frank Wall 
Street Reform and Consumer Protection Act (Dodd-Frank Act). Consistent 
with section 1071, covered financial institutions are required to 
collect and report to the CFPB data on applications for credit for 
small businesses, including those that are owned by women or 
minorities. The final rule also addresses the CFPB's approach to 
privacy interests and the publication of data; shielding certain 
demographic data from underwriters and other persons; recordkeeping 
requirements; enforcement provisions; and the rule's effective and 
compliance dates.

DATES: 
    Effective date: This final rule is effective August 29, 2023.
    Compliance dates: Covered financial institutions must comply with 
the final rule beginning October 1, 2024, April 1, 2025, or January 1, 
2026, as set forth in Sec.  1002.114(b).

FOR FURTHER INFORMATION CONTACT: Camille Gray, Paralegal Specialist; 
Kris Andreassen, Pavitra Bacon, Joseph Devlin, Amy Durant, Angela Fox, 
Caroline Hong, David Jacobs, Kathryn Lazarev, Lawrence Lee, Adam Mayle, 
Kristen Phinnessee, or Melissa Stegman, Senior Counsels, Office of 
Regulations, at 202-435-7700 or https://reginquiries.consumerfinance.gov/. If you require this document in an 
alternative electronic format, please contact 
[email protected].

SUPPLEMENTARY INFORMATION: 

I. Summary of the Final Rule

    In 2010, Congress passed the Dodd-Frank Act. Section 1071 of that 
Act \1\ amended ECOA \2\ to require that financial institutions collect 
and report to the CFPB certain data regarding applications for credit 
for women-owned, minority-owned, and small businesses. Section 1071's 
statutory purposes are to (1) facilitate enforcement of fair lending 
laws, and (2) enable communities, governmental entities, and creditors 
to identify business and community development needs and opportunities 
of women-owned, minority-owned, and small businesses.
---------------------------------------------------------------------------

    \1\ Public Law 111-203, tit. X, section 1071, 124 Stat. 1376, 
2056 (2010), codified at ECOA section 704B, 15 U.S.C. 1691c-2.
    \2\ 15 U.S.C. 1691 et seq.
---------------------------------------------------------------------------

    Section 1071 specifies a number of data points that financial 
institutions are required to collect and report, and also provides 
authority for the CFPB to require any additional data that it 
determines would aid in fulfilling section 1071's statutory purposes. 
Section 1071 also contains a number of other requirements, including 
those that address restricting the access of underwriters and other 
persons to certain data; recordkeeping; publication of small business 
lending data; and modifications or deletions of data prior to 
publication in order to advance a privacy interest.
    Section 1071 directs the CFPB to prescribe such rules and issue 
such guidance as may be necessary to carry out, enforce, and compile 
data pursuant to section 1071, and permits it to adopt exceptions to 
any requirement or to exempt financial institutions from the 
requirements of section 1071 as it deems necessary or appropriate to 
carry out the purposes of section 1071. The CFPB is adding a new 
subpart B to Regulation B to implement the requirements of section 
1071. Key aspects of the CFPB's final rule are summarized below.
    As envisioned by Congress, the small business lending rule will 
create our nation's first consistent and comprehensive database 
regarding lending to small businesses, including small farms. This will 
fulfill section 1071's statutory purposes by allowing Federal, State, 
and local enforcement agencies to assess potential areas for fair 
lending enforcement and by enabling a range of stakeholders to better 
identify business and community development needs and opportunities for 
small businesses, including women-owned and minority-owned small 
businesses. The database, again as dictated by Congress, will not 
reveal privacy-protected information about any particular small 
business applicant, and small businesses will retain control over how 
much of their demographic information they choose to divulge. In 
addition, the CFPB believes that its final rule will help to sharpen 
competition in credit supply by creating greater transparency around 
small business lending.
    Scope. The CFPB is requiring financial institutions to collect and 
report data regarding applications for credit for small businesses, 
including those that are owned by women and minorities. The CFPB is not 
requiring financial institutions to collect and report data regarding 
applications for women-owned and minority-owned businesses that are not 
small. Because more than 99 percent of women-owned and minority-owned 
businesses are small businesses, covering small businesses necessarily 
means nearly all women-owned and minority-owned businesses will also be 
covered. The CFPB believes that this scope is consistent with the 
statute and will allow the rule to carry out section 1071's purposes 
without requiring collection of data that would be of limited utility.
    Covered financial institutions. Consistent with language from 
section 1071, a ``financial institution'' is defined to include any 
partnership, company, corporation, association (incorporated or 
unincorporated), trust, estate, cooperative organization, or other 
entity that engages in any financial activity. The rule thus applies to 
a variety of entities that engage in small business lending, including 
depository institutions (i.e., banks, savings associations, and credit 
unions),\3\ online lenders, platform lenders, community development 
financial institutions (both depository and nondepository 
institutions), Farm Credit System lenders, lenders involved in 
equipment and vehicle financing (captive financing companies and 
independent financing companies), commercial finance companies, 
governmental lending entities, and nonprofit nondepository lenders.\4\
---------------------------------------------------------------------------

    \3\ For purposes of this document, the Bureau is using the term 
depository institution to mean any bank or savings association 
defined by the Federal Deposit Insurance Act, 12 U.S.C. 1813(c)(1), 
or credit union defined pursuant to the Federal Credit Union Act, 12 
U.S.C. 1751 et seq., as implemented by 12 CFR 700.2. The Bureau 
notes that the Dodd-Frank Act defines a depository institution to 
mean any bank or savings association defined by the Federal Deposit 
Insurance Act, 12 U.S.C. 1811 et seq.; there, that term does not 
encompass credit unions. 12 U.S.C. 5301(18)(A), 1813(c)(1). To 
facilitate analysis and discussion, the Bureau is referring to banks 
and savings associations together with credit unions as depository 
institutions throughout this document, unless otherwise specified.
    \4\ The Bureau's rules, including this final rule to implement 
section 1071, generally do not apply to motor vehicle dealers, as 
defined in section 1029(f)(2) of the Dodd-Frank Act, that are 
predominantly engaged in the sale and servicing of motor vehicles, 
the leasing and servicing of motor vehicles, or both. 12 U.S.C. 
5519.

---------------------------------------------------------------------------

[[Page 35151]]

    The rule uses the term ``covered financial institution'' to refer 
to those financial institutions that are required to comply with its 
data collection and reporting requirements. A covered financial 
institution is defined as a financial institution that originated at 
least 100 covered credit transactions (rather than 25, as proposed) for 
small businesses in each of the two preceding calendar years. The CFPB 
is not adopting an asset-based exemption threshold for depository 
institutions, or any other general exemptions for particular categories 
of financial institutions.
    The final rule also permits creditors that are not covered 
financial institutions to voluntarily collect and report small business 
lending data in certain circumstances.
    Covered credit transactions. Covered financial institutions are 
required to collect and report data regarding covered applications from 
small businesses for covered credit transactions. A ``covered credit 
transaction'' is one that meets the definition of business credit under 
existing Regulation B, with certain exceptions. Transactions within the 
scope of the rule include loans, lines of credit, credit cards, 
merchant cash advances, and credit products used for agricultural 
purposes. The CFPB is excluding trade credit, public utilities credit, 
securities credit, and incidental credit as proposed. In addition, the 
CFPB has added exclusions for transactions that are reportable under 
the Home Mortgage Disclosure Act of 1975 (HMDA) \5\ and insurance 
premium financing. Consistent with the CFPB's proposal, factoring, 
leases, and consumer-designated credit that is used for business or 
agricultural purposes are also not covered credit transactions. In 
addition, the CFPB has made clear that purchases of originated covered 
credit transactions are not reportable.
---------------------------------------------------------------------------

    \5\ 12 U.S.C. 2801 et seq.
---------------------------------------------------------------------------

    Covered applications. A ``covered application''--which triggers 
data collection, reporting, and related requirements when submitted by 
a small business--is defined as an oral or written request for a 
covered credit transaction that is made in accordance with procedures 
used by a financial institution for the type of credit requested. This 
definition of covered application is largely consistent with the 
existing Regulation B definition of that term. However, certain 
circumstances are not covered applications for purposes of this rule, 
even if they are considered applications under existing Regulation B. 
Specifically, covered applications for purposes of this rule do not 
include (1) reevaluation, extension, or renewal requests on existing 
business credit accounts, unless the request seeks additional credit 
amounts; or (2) inquiries and prequalification requests.
    Small business definition. A covered financial institution is 
required to collect and report data on a covered application from a 
``small business,'' which the rule defines in accordance with the 
meaning of ``business concern or concern'' and ``small business 
concern'' under the Small Business Act \6\ and Small Business 
Administration (SBA) regulations. However, in lieu of using the SBA's 
size standards for defining a small business concern, the definition in 
this final rule looks to whether the business had $5 million or less in 
gross annual revenue for its preceding fiscal year. The CFPB believes 
that a straightforward $5 million threshold strikes the right balance 
in terms of broadly covering the small business credit market to 
fulfill section 1071's statutory purposes while meeting the SBA's 
criteria for an alternative size standard.\7\ The final rule also 
anticipates updates to this size standard, not more than every five 
years, to account for inflation. The SBA Administrator has approved the 
CFPB's use of this alternative size standard pursuant to the Small 
Business Act.\8\
---------------------------------------------------------------------------

    \6\ 15 U.S.C. 631 et seq.
    \7\ See 15 U.S.C. 632(a)(2)(C); 13 CFR 121.903.
    \8\ See 15 U.S.C. 632(a)(2)(C).
---------------------------------------------------------------------------

    Data to be collected and reported. The rule addresses the data 
points that must be collected and reported by covered financial 
institutions for covered applications from small businesses. Congress 
specifically enumerated many of these data points in ECOA section 
704B(e)(2); for the others, the Congress granted the CFPB express 
authority in 704B(e)(2)(H) to require financial institutions to compile 
and maintain, along with enumerated data points, a record of ``any 
additional data that the Bureau determines would aid in fulfilling the 
purposes'' of section 1071. Certain of these data points are or could 
be collected from the applicant; other data points are based on 
information within the financial institution's control. Covered 
financial institutions must not discourage an applicant from responding 
to requests for applicant-provided data and must otherwise maintain 
procedures to collect such data at a time and in a manner that are 
reasonably designed to obtain a response; when collecting data directly 
from the applicant, the rule identifies certain minimum provisions that 
must be included within financial institutions' procedures in order for 
them to be considered ``reasonably designed.'' The rule also addresses 
what financial institutions should do if, despite having such 
procedures in place, they are unable to obtain certain data from an 
applicant. Furthermore, the rule makes clear that a financial 
institution may rely on information from the applicant, or appropriate 
third-party sources, when compiling data. If the financial institution 
verifies particular information, however, it must report that verified 
information. Financial institutions are permitted to reuse previously 
collected data in certain circumstances, rather than having to request 
it from the applicant for each covered application.
    As noted above, the rule includes data points that are, or could 
be, provided by the applicant. Some data points specifically relate to 
the credit being applied for: the credit type (which includes 
information on the credit product, types of guarantees, and loan term); 
the credit purpose; and the amount applied for. There are also data 
points that relate to the applicant's business: census tract based on 
an address or location provided by the applicant; gross annual revenue 
for the applicant's preceding full fiscal year; the 3-digit North 
American Industry Classification System (NAICS) code for the applicant; 
the number of workers that the applicant has; the applicant's time in 
business; and the number of principal owners the applicant has.
    There are also applicant-provided data points on the demographics 
of the applicant's ownership: first, whether the applicant is a 
minority-owned business or a women-owned business, along with a new 
data field capturing whether the applicant is an LGBTQI+-owned 
business; and second, the ethnicity, race, and sex of the applicant's 
principal owners. The CFPB refers to these data points collectively as 
an applicant's ``protected demographic information.'' Principal owners' 
ethnicity and race will be collected from applicants using aggregate 
categories as well as disaggregated subcategories. Principal owners' 
sex/gender will be collected from applicants without using pre-defined 
response categories.
    The CFPB is not finalizing its proposed requirement to have 
financial institutions collect race and ethnicity via visual 
observation or surname if an in-person applicant does not provide any 
ethnicity, race, or sex information for any principal owners; instead, 
the final rule requires that these data be reported based only on 
information provided by the applicant.

[[Page 35152]]

    The CFPB is providing lenders with a sample data collection form, 
in both digital and paper form, to assist them in collecting protected 
demographic data from applicants. Although the contents of the sample 
form reflect certain legal requirements that financial institutions 
must follow, their use of the sample form is not itself required under 
the final rule. Rather, it is an available resource to financial 
institutions.
    In addition, the rule includes data points that will be generated 
or supplied solely by the financial institution. These data points 
include, for all applications: a unique identifier for each application 
for or extension of credit; the application date; the application 
method (that is, the means by which the applicant submitted the 
application); the application recipient (that is, whether the financial 
institution or its affiliate received the application directly, or 
whether it was received by the financial institution via a third 
party); the action taken by the financial institution on the 
application; and the action taken date. For denied applications, there 
is also a data point for denial reasons. For applications that are 
originated or approved but not accepted, there is a data point for the 
amount originated or approved, and a data point for pricing information 
(which includes, as applicable, interest rate, total origination 
charges, broker fees, initial annual charges, additional cost for 
merchant cash advances or other sales-based financing, and prepayment 
penalties).
    Firewall. The CFPB's rule implements a requirement in section 1071 
that certain data collected from applicants be shielded from 
underwriters and certain other persons (or, if a firewall is not 
feasible, a notice is given instead); the CFPB refers to this as the 
``firewall.''
    Generally, an employee or officer of a financial institution or a 
financial institution's affiliate that is involved in making any 
determination concerning a covered application is prohibited from 
accessing the applicant's responses to the inquiries about protected 
demographic information that the financial institution makes pursuant 
to the rule. This prohibition does not apply to an employee or officer, 
however, if the financial institution determines that employee or 
officer should have access to an applicant's responses to its inquiries 
regarding the applicant's protected demographic information and the 
financial institution provides a notice to the applicant regarding that 
access. The notice must be provided to each applicant whose information 
will be accessed or, alternatively, the financial institution could 
provide the notice to all applicants. The final rule does not require 
specific language for this notice but does provide sample language that 
a covered financial institution may use. The final rule also clarifies 
several key points of the firewall provision.
    Reporting data to the CFPB; publication of data by the CFPB and 
other disclosures; and privacy considerations. Financial institutions 
must collect small business lending data on a calendar year basis and 
report it to the CFPB on or before June 1 of the following year. 
Financial institutions reporting data to the CFPB are required to 
provide certain identifying information about themselves as part of 
their submission. The CFPB is releasing, concurrently with this final 
rule, technical instructions for the submission of small business 
lending data in a Filing Instructions Guide.\9\
---------------------------------------------------------------------------

    \9\ See CFPB, Small Business Lending Filing Instructions Guide, 
https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/.
---------------------------------------------------------------------------

    The CFPB will make available to the public, on an annual basis, the 
application-level data submitted to it by financial institutions, 
subject to modifications or deletions made by the CFPB, to advance 
privacy interests. To ease burden on covered entities, CFPB publication 
of application-level data will satisfy financial institutions' 
statutory obligation to make data available to the public upon request. 
At this time, the CFPB is not making a final decision on the best way 
to protect privacy interests through pre-publication modification and 
deletion of reported data. Assessing the many comments it received in 
this area, the CFPB is preliminarily of the view that its privacy 
assessment will focus primarily on whether (and, if so, how) small 
business lending data, individually or in combination with other data, 
pose re-identification risk for small businesses and, as a result, for 
their owners. The CFPB also anticipates taking account of compelling 
risks to financial institution privacy interests. The CFPB does not 
anticipate that it can carry out the necessary analysis of pre-
publication modifications and deletions without at least one full year 
of application-level data. The CFPB intends to further engage with 
stakeholders on the issue of data publication before it resolves on a 
particular approach to protecting privacy interests through 
modifications and deletions. Finally, the CFPB anticipates publishing 
select aggregate data--i.e., data that does not include application-
level information--before it publishes application-level data.
    In addition, the final rule prohibits a financial institution or 
third party from disclosing protected demographic information, except 
in limited circumstances. Specifically, the final rule prohibits 
financial institutions from disclosing or providing to third parties 
the protected demographic information collected pursuant to the rule, 
except to further compliance with ECOA or Regulation B or as required 
by law. The final rule also limits third parties' disclosure of 
protected demographic information.
    Recordkeeping, enforcement, and severability. The rule addresses 
issues related to recordkeeping, enforcement of violations, and 
severability. The CFPB is also finalizing provisions regarding 
treatment of bona fide errors under the rule in general along with 
several safe harbors for particular kinds of errors. Relatedly, as 
explained in part VII below, covered financial institutions will also 
have a 12-month grace period during which the CFPB--for institutions 
under its jurisdiction--will not assess penalties for errors in data 
reporting, and will conduct examinations only to assist institutions in 
diagnosing compliance weaknesses, to the extent that these institutions 
engaged in good faith compliance efforts.
    Effective and compliance dates, transitional provisions. This final 
rule will become effective 90 days after publication in the Federal 
Register. The CFPB is adopting a tiered compliance date schedule 
because it believes that smaller and mid-sized lenders would have 
particular difficulties complying within the single 18-month compliance 
period proposed in the NPRM. Compliance with the rule beginning October 
1, 2024 is required for financial institutions that originate the most 
covered credit transactions for small businesses. However, institutions 
with a moderate transaction volume have until April 1, 2025 to begin 
complying with the rule, and those with the lowest volume have until 
January 1, 2026. Covered financial institutions may begin collecting 
applicants' protected demographic information one year prior to their 
compliance date to help prepare for coming into compliance with this 
final rule. The CFPB is also adopting a new provision to permit 
financial institutions that do not have ready access to sufficient 
information to determine their compliance tier (or whether they are 
covered by the rule at all) to use reasonable methods to estimate their 
volume of originations to small businesses for this purpose.

[[Page 35153]]

    Compliance and technical assistance. The CFPB is supporting small 
business lenders with a variety of compliance and technical tools to 
help them determine if they are covered by this new rule, and if so 
when their obligations arise. For lenders that are covered, the agency 
is also making available a range of resources to assist with effective 
implementation of the rule, including a small entity compliance guide. 
These materials are available at https://www.consumerfinance.gov/compliance/compliance-resources/small-business-lending-resources/small-business-lending-collection-and-reporting-requirements. The CFPB is 
also launching a dedicated regulatory and technical support program 
that can provide oral and written assistance in response to stakeholder 
questions about collection and reporting obligations, and a range of 
technical resources to make it easier to report data to the CFPB. The 
support program and related materials are available at https://www.consumerfinance.gov/data-research/small-business-lending-data/. To 
further assist covered financial institutions that serve small business 
customers in their preferred languages, the CFPB will make the sample 
data collection form available in several languages. The CFPB is also 
planning to develop resources to help small businesses understand how 
their data are treated, the availability of the dataset, and the 
broader purposes of the rule.
    Use of technology partners and industry consortia for accurate, 
cost-efficient data collection and reporting. The final rule broadly 
permits financial institutions to work with third parties, including 
industry consortia, to develop services and technologies to aid in 
collecting and reporting data. So long as they meet the obligations 
stated in the rule, including collecting data in a manner that does not 
discourage small businesses from providing it, financial institutions 
are free to work with third parties to assist them with their 
compliance obligations, whether that is with respect to data 
collection, maintenance or reporting. The CFPB plans to work with 
consortia or other entities seeking to assist financial institutions to 
deploy industry-identified solutions. For example, the CFPB plans to 
provide Application Programming Interfaces in an open-source 
environment to assist financial institutions' technology partners to 
develop accurate and efficient data reporting tools.

II. Background

    As discussed above, in 2010, Congress enacted the Dodd-Frank Act. 
Section 1071 of the Dodd-Frank Act, which amended ECOA, requires 
financial institutions to collect and report to the CFPB data regarding 
applications for credit for women-owned, minority-owned, and small 
businesses. Section 1071 was adopted for the dual purposes of 
facilitating fair lending enforcement and enabling communities, 
governmental entities, and creditors to identify business and community 
development needs and opportunities of such businesses. Section 1071 
complements other Federal efforts to ensure fair lending and to promote 
community development for small businesses, including through ECOA, the 
Community Reinvestment Act of 1977 (CRA),\10\ and the Community 
Development Financial Institutions (CDFI) Fund.\11\
---------------------------------------------------------------------------

    \10\ 12 U.S.C. 2901 et seq.
    \11\ The Riegle Community Development Banking and Financial 
Institutions Act of 1994, 12 U.S.C. 4701 et seq., authorized the 
Community Development Financial Institution Fund (CDFI Fund). The 
CDFI Fund is discussed in more detail in part II.F.2.ii below.
---------------------------------------------------------------------------

    The collection and subsequent publication of more robust and 
granular data regarding credit applications for small businesses will 
provide much-needed transparency to the small business lending market. 
The COVID-19 pandemic has shown that transparency is essential, 
particularly at a time of crisis, when small businesses are in urgent 
need of credit to recover from economic shocks.
    In addition to informing policymaking, data collected under the 
final rule can help creditors identify potentially profitable 
opportunities to extend credit. As a result, small business owners 
stand to benefit from increased credit availability. More transparency 
will also allow small business owners to more easily compare credit 
terms and evaluate credit alternatives, helping them to find the credit 
product that best suits their needs at the best price. In these 
different ways, the data will help stakeholders to enhance business and 
community development, boosting broad-based economic activity and 
growth. Furthermore, in the years and decades to come, the collection 
and publication of these data will be helpful in identifying potential 
fair lending violations and otherwise facilitating the enforcement of 
anti-discrimination laws.

Overview

    Small businesses are a cornerstone of the U.S. economy. There were 
over 33 million small businesses in the U.S. in 2019, employing almost 
half of all private sector employees.\12\ Small businesses, 
particularly start-ups, also generated 62 percent of new jobs since 
1995.\13\ Small businesses were hit hard by two major shocks in the 
last two decades. First, the Great Recession, which began in 2007, 
disproportionately affected small businesses.\14\ Between 2007 and 
2009, employment at businesses with under 50 employees fell by 10.4 
percent, compared with 7.5 percent at larger firms,\15\ while between 
2008 and 2011, lending to small firms fell by 18 percent, compared with 
9 percent for all firms.\16\ Small businesses suffered again because of 
the COVID-19 pandemic. Around 40 percent of small businesses were at 
least temporarily closed in late March and early April 2020, due 
primarily to demand shocks and employee health concerns.\17\ Across the 
first year of the pandemic, some

[[Page 35154]]

200,000 more businesses exited the market relative to historic 
levels.\18\ It took until July 2021 for non-farm private sector jobs at 
establishments with fewer than 50 employees to recover to pre-pandemic 
levels.\19\ As of mid-2022, small business loan approvals (other than 
for government emergency programs) still remained below pre-pandemic 
levels.\20\
---------------------------------------------------------------------------

    \12\ Off. of Advocacy, Small Bus. Admin., 2022 Small Business 
Profile, at 2, 4 (Aug. 2022), https://cdn.advocacy.sba.gov/wp-content/uploads/2022/08/30121338/Small-Business-Economic-Profile-US.pdf (estimating 33.2 million small businesses in the United 
States, accounting for 46.4 percent of employees) (2022 Small 
Business Profile).
    \13\ Off. of Advocacy, Small Bus. Admin., Frequently Asked 
Questions About Small Business, at 1 (Dec. 2021), https://cdn.advocacy.sba.gov/wp-content/uploads/2021/12/06095731/Small-Business-FAQ-Revised-December-2021.pdf (SBA OA 2021 FAQs). See 
generally Cong. Rsch. Serv., Small Business Administration and Job 
Creation (updated Jan. 4, 2022), https://fas.org/sgp/crs/misc/R41523.pdf (discussing small business job creation); John 
Haltiwanger et al., Who Creates Jobs? Small Versus Large Versus 
Young, 95 Rev. Econ. Stat. 347, 347-48 (May 2013), https://direct.mit.edu/rest/article/95/2/347/58100/Who-Creates-Jobs-Small-versus-Large-versus-Young (finding that young firms, which are 
generally small, contribute disproportionately to both gross and net 
job creation).
    \14\ Jason Dietrich et al., CFPB, Data Point: Small Business 
Lending and the Great Recession, at 9 (Jan. 23, 2020), https://files.consumerfinance.gov/f/documents/cfpb_data-point_small-business-lending-great-recession.pdf (finding that small business 
lending fell sharply during the Great Recession and recovered 
slowly, still not reaching pre-Recession levels by 2017).
    \15\ Ay[scedil]eg[uuml]l [Scedil]ahin et al., Fed. Rsrv. Bank of 
N.Y., 17 Current Issues in Econ. & Fin., Why Small Businesses Were 
Hit Harder by the Recent Recession, at 1 (2011), https://www.newyorkfed.org/medialibrary/media/research/current_issues/ci17-4.pdf.
    \16\ Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How Did 
the Financial Crisis Affect Small Business Lending in the United 
States?, at 25-26 (Nov. 2012), https://www.microbiz.org/wp-content/uploads/2014/04/SBA-SmallBizLending-and-FiscalCrisis.pdf.
    \17\ Alexander W. Bartik et al., The Impact of COVID-19 on Small 
Business Outcomes and Expectations, 117 Proc. Nat'l Acad. Sci. 
17656, 17656 (July 2020), https://www.pnas.org/content/pnas/117/30/17656.full.pdf.
    \18\ Leland D. Crane et al., Bd. of Governors of the Fed. Rsrv. 
Sys., Finance and Economics Discussion Series, 2020-089, Business 
Exit During the COVID-19 Pandemic: Non-Traditional Measures in 
Historical Context, at 4 (2020), https://www.federalreserve.gov/econres/feds/files/2020089r1pap.pdf (estimating excess establishment 
exits and analyzing other estimates of small business exits during 
the pandemic). The paper defines ``exit'' as permanent shutdown and 
calculates ``excess'' exits by comparing the number of exits during 
the 12-month period from March 2020 to February 2021 with previous 
years. Id. at 2-4. See also Ryan A. Decker & John Haltiwanger, Bd. 
of Governors of the Fed. Rsrv. Sys., FEDS Notes, Business Entry and 
Exit in the COVID-19 Pandemic: A Preliminary Look at Official Data 
(May 6, 2022), https://www.federalreserve.gov/econres/notes/feds-notes/business-entry-and-exit-in-the-covid-19-pandemic-a-preliminary-look-at-official-data-20220506.html (estimating excess 
establishment exits to be roughly 181,000).
    \19\ ADP Rsch. Inst., ADP National Employment Report, https://adpemploymentreport.com/ (last visited Mar. 20, 2023) (seasonally 
adjusted non-farm private sector jobs at establishments with between 
1-49 employees as of July 1, 2021 as compared to March 1, 2020).
    \20\ Biz2Credit, Biz2Credit Small Business Lending Index Finds 
April 2021 Non-PPP Loan Approval Rates Move Little for All Types of 
Lenders (Apr. 2021), https://www.biz2credit.com/small-business-lending-index/april-2021; Biz2Credit, Biz2Credit Small Business 
Lending Index Finds Business Loan Approval Rates Rose at Small 
Banks, dipped at Big Banks in July 2022 (July 2022), https://www.biz2credit.com/small-business-lending-index/july-2022 (approvals 
as of July 2022).
---------------------------------------------------------------------------

    During the last two decades, the small business lending landscape 
has also transformed. Traditional providers--namely banks--
consolidated, leading to branch closures. The number of banks in the 
U.S. has declined from over 18,000 in 1986 to under 4,800 as of June 
30, 2022 and the number of branches declined by 14 percent from 2009 to 
2020.\21\ Meanwhile, new providers and products, such as online lenders 
and merchant cash advances, have become increasingly prevalent in the 
small business lending market. Financing by merchant cash advance 
providers is estimated to have increased from $8.6 billion in volume in 
2014 to $15.3 billion in 2017.\22\ From 2017 to 2019, the volume may 
have increased further to $19 billion.\23\ Meanwhile, financing 
provided by online ``fintech'' \24\ lenders is estimated to have 
increased from $1.4 billion \25\ in outstanding balances in 2013 to 
approximately $25 billion \26\ in 2019.
---------------------------------------------------------------------------

    \21\ Cong. Rsch. Serv., Small Business Credit Markets and 
Selected Policy Issues, at 6 (Aug. 20, 2019), https://fas.org/sgp/crs/misc/R45878.pdf (decline since 1986); Fed. Deposit Ins. Corp., 
Quarterly Banking Profile, at 6 (Aug. 2022), https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/2022jun/qbp.pdf (number of 
banks as of June 30, 2022); Bruce C. Mitchell et al., Nat'l Cmty. 
Reinvestment Coal., Relationships Matter: Small Business and Bank 
Branch Locations (Mar. 2021), https://ncrc.org/relationships-matter-small-business-and-bank-branch-locations/ (branch closures).
    \22\ PYMNTS, How Long Can MCAs Avoid the `Loan' Label? (Jan. 20, 
2016), https://www.pymnts.com/in-depth/2016/how-long-can-mcas-avoid-the-loan-label/.
    \23\ Paul Sweeney, Gold Rush: Merchant Cash Advances are Still 
Hot, deBanked (Aug. 18, 2019), https://debanked.com/2019/08/gold-rush-merchant-cash-advances-are-still-hot/. Although the article 
does not specify one way or the other, estimates by the underlying 
source, Bryant Park Capital, appear to reference origination volumes 
rather than outstanding balances. See Nimayi Dixit, S&P Glob. Mkt. 
Intel., Payment Fintechs Leave Their Mark On Small Business Lending 
(Aug. 28, 2018), https://www.spglobal.com/marketintelligence/en/news-insights/research/payment-fintechs-leave-their-mark-on-small-business-lending. Depending on credit multiplier effects, the value 
of annual origination volumes could be smaller or greater than 
outstanding balances. Without information on outstanding balances 
and for the purposes of calculating a market size for small business 
financing in 2019, the Bureau assumes in this paper a 1:1 ratio 
between annual origination volumes and outstanding balances for 
merchant cash advance products. See part II.D below for discussion 
of credit multiplier effects and for market size calculations for 
merchant cash advance and other small business financing products in 
2019.
    \24\ ``Fintechs'' have been defined as ``technology companies 
providing alternatives to traditional banking services, most often 
exclusively in an online environment,'' and may overlap in part with 
other categories of financial institutions, such as commercial 
finance companies and/or providers of specialized products, 
including factoring and merchant cash advances. Brett Barkley & Mark 
Schweitzer, The Rise of Fintech Lending to Small Businesses: 
Businesses' Perspectives on Borrowing, 17 Int'l J. Cent. Banking 35, 
35-36 (Mar. 2021), https://www.ijcb.org/journal/ijcb21q1a2.pdf.
    \25\ Id. (citing Katie Darden et al., S&P Glob. Mkt. Intel., 
2018 US Fintech Market Report, at 5, https://www.spglobal.com/marketintelligence/en/documents/2018-us-fintech-market-report.pdf 
(2018 US Fintech Market Report)). This figure annualizes $121 
million in estimated 2013 quarterly originations to $484 million in 
annual originations and scales up to estimated outstanding balances 
using the ratio between the FFIEC Call Report and the CRA data 
discussed in part II.D below.
    \26\ 2018 US Fintech Market Report at 6. This figure scales up 
$9.3 billion in estimated 2019 credit originations for small- to 
medium-sized enterprise borrowers to outstanding balances using the 
ratio methodology discussed in part II.D below.
---------------------------------------------------------------------------

    Regarding trends in the small business financing landscape, the 
shift away from traditional providers of small business credit toward 
newer types of providers gives rise to both potential harm and 
opportunity. In terms of potential harms, bank closures may have made 
it more difficult for small businesses, particularly those that are 
already underserved, to access credit and remain open--especially in 
low- and moderate-income areas and rural communities. Newer providers, 
often offering newer products, have less experience complying with both 
Federal and State lending laws and regulations than traditional 
providers. Differences in funding models may also make non-traditional 
credit providers less resilient than depository banks or credit unions 
during shocks to the financial system such as the onset of the COVID-19 
pandemic.\27\ Additionally, they may use complex algorithms and 
artificial intelligence, which may create or heighten ``risks of 
unlawful discrimination, unfair, deceptive, or abusive acts or 
practices . . . or privacy concerns.'' \28\ Opaque product terms and 
high costs can also trap business owners in cycles of debt. In terms of 
opportunity, some newer approaches may help applicants with low or 
nonexistent personal or business credit scores--including women and 
minorities who own or seek to start small businesses but on average 
have lower personal credit scores than male and white business owners 
\29\--to access credit.\30\ Non-traditional credit providers as well as 
digital offerings by traditional financial institutions may also help 
offset decreases in lending

[[Page 35155]]

associated with the closure of bank branches.\31\
---------------------------------------------------------------------------

    \27\ Itzhak Ben-David et al., Nat'l Bureau of Econ. Res., Why 
Did Small Business Fintech Lending Dry Up During March 2020, at 1-7 
(Sept. 2021), https://www.nber.org/system/files/working_papers/w29205/w29205.pdf (discussing how nondepository lenders faced a 
credit crunch in March 2020 that impaired their ability to continue 
funding small business borrowers despite increased demand due to the 
COVID-19 shock).
    \28\ 86 FR 16837, 16839 (Mar. 31, 2021); see also Rohit Chopra, 
CFPB, Remarks of Director Rohit Chopra at a Joint DOJ, CFPB, and OCC 
Press Conference on the Trustmark National Bank Enforcement Action 
(Oct. 22, 2021), https://www.consumerfinance.gov/about-us/newsroom/remarks-of-director-rohit-chopra-at-a-joint-doj-cfpb-and-occ-press-conference-on-the-trustmark-national-bank-enforcement-action/ 
(discussing risks of discriminatory bias from black box underwriting 
algorithms).
    \29\ Geng Li, Bd. of Governors of the Fed. Rsrv. Sys., FEDS 
Notes: Gender-Related Differences in Credit Use and Credit Scores 
(June 22, 2018), https://www.federalreserve.gov/econres/notes/feds-notes/gender-related-differences-in-credit-use-and-credit-scores-20180622.htm (finding that single women on average have lower credit 
scores than single men); Alicia Robb, Off. of Advocacy, Small Bus. 
Admin., Minority-Owned Employer Businesses and their Credit Market 
Experiences in 2017, at 4 (July 22, 2020), https://cdn.advocacy.sba.gov/wp-content/uploads/2020/07/22172533/Minority-Owned-Employer-Businesses-and-their-Credit-Market-Experiences-in-2017.pdf (finding that Black and Hispanic small business borrowers 
are disproportionately denied credit or discouraged from applying 
for credit on the basis of their credit score).
    \30\ See Jessica Battisto et al., Who Benefited from PPP Loans 
by Fintech Lenders?, Liberty St. Econ. (May 27, 2021), https://libertystreeteconomics.newyorkfed.org/2021/05/who-received-ppp-loans-by-fintech-lenders.html (Who Benefited from PPP Loans) 
(showing that online lenders were an important source of credit for 
Black owners during the COVID-19 pandemic.
    \31\ See Cong. Rsch. Serv., Fintech: Overview of Innovative 
Financial Technology and Selected Policy Issues, at 1 (Apr. 28, 
2020), https://crsreports.congress.gov/product/pdf/R/R46332.
---------------------------------------------------------------------------

    The precise impacts of these broader trends are not well understood 
at present because there are no comprehensive, comparable, and 
application-level data across the fragmented and complex small business 
lending market. Some small business lending data exist, provided in 
data reported to Federal regulators, but available data are incomplete 
in certain ways. Some do not include lending by certain categories of 
institutions, such as smaller depository institutions. And none include 
lending by nondepository institutions, which comprises almost half of 
all small business financing.\32\
---------------------------------------------------------------------------

    \32\ The Bureau estimates that nondepository private business 
financing totaled approximately $550 billion out of around $1.2 
trillion in total private outstanding balances in 2019 (47 percent). 
This $550 billion figure includes estimated financing by fintechs 
(around $25 billion), commercial finance companies (around $160 
billion), nondepository CDFIs (around $1.5 billion), merchant cash 
advance providers (around $19 billion), factors (around $100 
billion), equipment leasing providers (around $160 billion), 
nondepository mortgage lenders originating loans for 5+ unit 
residential developments (around $30 billion), and non-financial 
trade creditors (around $50 billion). There may additionally be 
lending that is not captured here by equipment and vehicle dealers 
originating loans in their own names. Public lenders include SBA, 
the Federal Housing Administration, Fannie Mae and Freddie Mac, and 
the Farm Credit System, with public lending totaling around $210 
billion in traditional lending programs plus $1 trillion in 
emergency COVID-19 SBA lending programs. See part II.D below for 
methodology and sources regarding market size estimates for each 
lending category.
---------------------------------------------------------------------------

    The datasets that do exist both over- and underestimate small 
business lending in certain respects by including small dollar loans to 
non-small businesses and by excluding larger loans to small 
businesses.\33\ Further, these datasets almost exclusively concern 
originated loans; they do not include information on applications that 
do not result in originated loans. Nor do they generally include 
borrower demographics. Other public, private, and nonprofit datasets 
offer only partial snapshots of particular areas of the market. 
Finally, much of the publicly available data are aggregated, which does 
not permit more granular, loan- or application-level analysis that 
would facilitate fair lending or business and community development 
analysis by stakeholders other than those that collected the data. See 
part II.B below for a detailed discussion on existing data on small 
business financing.
---------------------------------------------------------------------------

    \33\ See part II.B below.
---------------------------------------------------------------------------

    The remainder of this part II focuses on several broad topics that 
explain, in more detail, the need for the small business lending data 
that the CFPB's rule to implement section 1071 will provide: (A) 
improved understanding of the role of small businesses in the U.S. 
economy; (B) existing data on small business financing; (C) the 
landscape of small business financing; (D) estimating the size of the 
small business financing market despite limited data; (E) the 
particular challenges faced by women-owned, minority-owned, and 
LGBTQI+-owned small businesses; and (F) the purposes and impact of 
section 1071.

A. Small Businesses in the United States

    Small businesses are an important, dynamic, and widely diverse part 
of the U.S. economy. They are critical to employment, innovation, and 
economic growth and stability, both overall and specifically for 
minority, women, and LGBTQI+ entrepreneurs.
    The Small Business Act, as implemented by the Small Business 
Administration (SBA), defines a small business using size standards 
that generally hinge on the average number of employees or average 
annual receipts of the business concern and are customized industry by 
industry across 1,012 six-digit North American Industry Classification 
System (NAICS) codes.\34\ Size standards based on average number of 
employees are used in all industries in the manufacturing and wholesale 
trade sectors, as well as in certain industries across a variety of 
other sectors. Employee-based size standards range from 100 employees 
(used almost entirely in certain industries within the wholesale trade 
sector) to 1,500 employees (used in industries across a variety of 
sectors including, for example, petroleum refineries, automobile 
manufacturing, and greeting card publishers).\35\ Size standards based 
on average annual receipts are used in nearly all other industries, and 
range from $2.25 million (used in several industries in the crop 
production and animal production and aquaculture subsectors) to $47 
million (used in industries across a variety of sectors including, for 
example, passenger car leasing, television broadcasting, and general 
medical and surgical hospitals).\36\
---------------------------------------------------------------------------

    \34\ See Small Bus. Admin., Table of Small Business Size 
Standards Matched to North American Industry Classification System 
Codes (effective Mar. 17, 2023), https://www.sba.gov/sites/default/files/2023-03/Table%20of%20Size%20Standards_Effective%20March%2017%2C%202023%20%281%29%20%281%29_0.pdf.
    \35\ See id.
    \36\ A small number of industries use a size standard based on a 
metric other than average annual receipts or average number of 
employees. For example, the commercial banking industry (NAICS 
522110) is subject to an asset-based size standard. See id.
---------------------------------------------------------------------------

    Simpler definitions of what constitutes a small business are used 
in certain contexts. For example, in certain annual research releases 
the SBA Office of Advocacy defines a small business as one that has 
fewer than 500 employees.\37\ According to the Office of Advocacy, and 
based on this definition of a small business, in 2018 there were 32.5 
million such businesses in the U.S. that represent 99.9 percent of all 
U.S. firms and employ over 60 million Americans.\38\ Over six million 
of these small businesses have paid employees, while 26.5 million are 
non-employer businesses (i.e., the owner(s) are the only people 
involved in the business).\39\ From 1995 to 2020, small businesses, 
particularly young businesses and start-ups, created 12.7 million net 
new jobs in the U.S., while large businesses created 7.9 million.\40\
---------------------------------------------------------------------------

    \37\ See SBA OA 2021 FAQs at 1.
    \38\ See id.
    \39\ See id.
    \40\ See id.; see also Haltiwanger et al., 95 Rev. Econ. Stat. 
at 347-48 (finding that young firms, which are generally small, 
contribute disproportionately to both gross and net job creation).
---------------------------------------------------------------------------

    Nearly one third of all businesses are minority-owned and more than 
one third are women-owned, though minorities and women own a smaller 
share of employer firms. As of 2019, minorities owned around 1.1 
million employer firms in the U.S. (amounting to 18.7 percent of all 
employer firms) \41\ and, as of 2018, approximately 8.7 million non-
employer firms (33.6 percent of all non-employer firms).\42\ Likewise, 
as of 2019, women owned about 1.2 million employer firms (20.9 percent 
of all employer firms) \43\ and, as of 2018, approximately 10.9 million 
non-employer firms (41.0 percent of all non-employer firms).\44\ 
Additionally, in

[[Page 35156]]

2016 there were an estimated 1.4 million LGBTQI+ business owners in the 
United States.\45\
---------------------------------------------------------------------------

    \41\ See Press Release, U.S. Census Bureau, Census Bureau 
Releases New Data on Minority-Owned, Veteran-Owned and Women-Owned 
Businesses (Oct. 28, 2021), https://www.census.gov/newsroom/press-releases/2021/characteristics-of-employer-businesses.html (Census 
Bureau 2021 Minority- and Women-Owned Businesses Data).
    \42\ Minority Bus. Dev. Agency, U.S. Dep't of Com., All 
Minority-Owned Firms: Fact Sheet (June 10, 2022), https://www.mbda.gov/sites/default/files/2022-06/All%20Minority%20Owned%20Firms%20Fact%20Sheet%20-%20FINAL%206.10.2022.pdf (stating that the nearly 8.7 million 
minority non-employer firms in the U.S. generated $306.1 billion in 
revenues in 2018).
    \43\ See Census Bureau 2021 Minority- and Women-Owned Businesses 
Data.
    \44\ See Press Release, U.S. Census Bureau, Nonemployer 
Statistics by Demographics (Dec. 16, 2021), https://www.census.gov/newsroom/press-releases/2021/nonemployer-statistics-by-demographics.html (also stating that these firms collectively 
generated $300 billion in annual receipts). In 2017, nearly half of 
all women-owned non-employer firms generated less than $10,000 in 
annual receipts, while only 0.05 percent generated $1 million or 
more in receipts. See Press Release, Nat'l Women's Bus. Council, 
NWBC Shares 2017 Nonemployer Statistics by Demographics Estimates 
for Women-Owned Businesses (Dec. 17, 2020), https://www.nwbc.gov/2020/12/17/nwbc-shares-2017-nonemployer-statistics-by-demographics-estimates-for-women-owned-businesses/.
    \45\ Nat'l Gay & Lesbian Chamber of Com., America's LGBT 
Economy: The Premiere Report on the Impact of LGBT-Owned Businesses, 
at 2 (Jan. 2017), https://nglcc.org/wp-content/uploads/2022/02/REPORT-NGLCC-Americas-LGBT-Economy-1-1.pdf.
---------------------------------------------------------------------------

    Businesses are legally structured in several ways. In 2018, 87 
percent of non-employer businesses were sole proprietorships, which 
means that the business is not distinguishable from the owner for tax 
and legal purposes; the owner receives profits directly but is also 
legally responsible for the business's obligations.\46\ Seven percent 
of non-employer businesses were partnerships, which can be structured 
to limit the personal liability of some or all owners; limited partners 
may exchange control for limited liability, while general partners that 
run the business may remain personally liable.\47\ Six percent of non-
employer businesses were structured as corporations--4.5 percent are S-
corporations and 1.5 percent are C-corporations--which are independent 
legal entities owned by shareholders who are not personally liable for 
the corporation's obligations.\48\ In 2018, most small employer 
businesses were corporations, with 52.1 percent choosing to be S-
corporations and 15.3 percent preferring C-corporation status, although 
sole proprietorship and partnership structures remained relatively 
popular at 13.7 percent and 11.9 percent, respectively.\49\ By 
contrast, in 2017, 74.2 percent of large employer businesses chose to 
be C-corporations, with 9.3 percent preferring a partnership structure 
and 8.1 percent S-corporation status.\50\
---------------------------------------------------------------------------

    \46\ See SBA OA 2021 FAQs at 3.
    \47\ Id. at 4.
    \48\ Id.
    \49\ Id.
    \50\ Off. of Advocacy, Small Bus. Admin., Frequently Asked 
Questions About Small Business, at 4 (Oct. 2020), https://cdn.advocacy.sba.gov/wp-content/uploads/2020/11/05122043/Small-Business-FAQ-2020.pdf (SBA OA 2020 FAQs).
---------------------------------------------------------------------------

    Small businesses are particularly important in specific sectors of 
the economy. In 2019, in the services sector, small businesses supplied 
9.2 million healthcare and social services jobs (44 percent of all 
healthcare and social services jobs), 8.8 million accommodation and 
food services jobs (61 percent), and 5.7 million construction jobs (81 
percent).\51\ In the same year, in manufacturing, small businesses 
supplied 5.1 million manufacturing jobs (42 percent of all 
manufacturing jobs).\52\ Finally, in 2016, family farms with annual 
gross sales under $500,000 totaled over 91 percent out of 2.2 million 
farms,\53\ and small businesses provided over 137,000 agriculture, 
forestry, fishing and hunting jobs (84 percent of all agriculture, 
forestry, fishing and hunting jobs).\54\ As such, the financial health 
of small businesses is essential to the U.S. economy, especially to the 
supply of critical and basic goods and services--from producing food to 
serving it at restaurants, and from home building to healthcare.
---------------------------------------------------------------------------

    \51\ See 2022 Small Business Profile at 4.
    \52\ Id.
    \53\ Nat'l Inst. of Food & Agric., U.S. Dep't of Agric., Family 
Farms, https://nifa.usda.gov/family-farms (last visited Mar. 20, 
2023) (classifying family farms as any farm organized as a sole 
proprietorship, partnership, or family corporation. Family farms 
exclude farms organized as non-family corporations or cooperatives, 
as well as farms with hired managers).
    \54\ 2022 Small Business Profile at 4.
---------------------------------------------------------------------------

    Small businesses were especially hard-hit by the onset of the 
COVID-19 pandemic. At one point in the pandemic in April 2020, 20 
percent of self-employed workers had temporarily exited the labor 
market.\55\ Industries in which small businesses played a large role 
have been particularly impacted. For example, comparing April 2020 with 
April 2019, employment declined by almost 50 percent in the leisure and 
hospitality businesses (also declining by almost 50 percent among food 
services and drinking establishments within the leisure and hospitality 
industry), in which small businesses employ over 60 percent of 
workers.\56\ Women-, minority-, and LGBTQI+-owned small businesses were 
hit particularly hard. Between February and April 2020, some 373,000 
jobs were lost in child daycare services, a sector in which women-
ownership predominates and minority-ownership is very significant. Only 
54 percent of these jobs were recovered by the end of 2020.\57\ In 
2021, 85 percent of LGBTQI+-owned small businesses reported the 
pandemic was having a negative effect on their business, compared to 76 
percent of non-LGBTQI+-owned small businesses.\58\ Since 2022, small 
businesses have faced different economic shocks, including inflation 
and a shortage of labor, as the economy reopened and resurgent consumer 
demand has stretched still-fragile supply chains.\59\
---------------------------------------------------------------------------

    \55\ Daniel Wilmoth, Off. of Advocacy, Small Bus. Admin., The 
Effects of the COVID-19 Pandemic on Small Businesses (Issue Brief 
No. 16), at 5 (Mar. 2021), https://cdn.advocacy.sba.gov/wp-content/uploads/2021/03/02112318/COVID-19-Impact-On-Small-Business.pdf.
    \56\ Id. at 4. By the third quarter of 2020 many of these jobs 
had since returned as mandatory closure orders ended and the economy 
began to recover. Cf. Robert W. Fairlie et al., Nat'l Bureau of 
Econ. Res., Were Small Businesses More Likely to Permanently Close 
in the Pandemic, at 3, 14 (July 2022), https://www.nber.org/system/files/working_papers/w30285/w30285.pdf (finding a sharp increase in 
California business closures in the first and second quarters of 
2020 that reversed in the third quarter of 2020). However, small 
businesses still appear to have suffered more than large businesses. 
See id. (finding that small businesses experienced substantially 
higher closure rates than large businesses).
    \57\ Bureau of Labor Stat., COVID-19 Ends Longest Employment 
Recovery and Expansion in CES History, Causing Unprecedented Job 
Losses in 2020 (June 2021), https://www.bls.gov/opub/mlr/2021/article/covid-19-ends-longest-employment-expansion-in-ces-history.htm. An estimated 90 percent of childcare businesses are 
women-owned and over half of these owners are minority women. Cindy 
Larson & Bevin Parker-Cerkez, Investing in Child Care Fuels Women-
owned Businesses & Racial Equity, Loc. Initiatives Support Corp. 
(Mar. 8, 2022), https://www.lisc.org/our-stories/story/investing-child-care-fuels-women-owned-businesses-racial-equity/.
    \58\ Spencer Watson et al., LGBTQ-Owned Small Businesses in 
2021, Ctr. for LGBTQ Econ. Advancement & Rsch. And Movement 
Advancement Project, at 9 (July 2022), https://www.lgbtmap.org/file/LGBTQ-Small-Businesses-in-2021.pdf (using data from the Federal 
Reserve's Small Business Credit Survey, which began collecting 
demographic data on LGBTQ small business ownership in 2021).
    \59\ See William C. Dunkelberg & Holly Wade, Small Business 
Economic Trends, Nat'l Fed'n of Indep. Bus., at 2, 11, 19 (Aug. 
2022), https://assets.nfib.com/nfibcom/SBET-August-2022.pdf (finding 
that, out of 622 small businesses polled, 29 percent considered 
inflation their biggest problem, 49 percent had at least one 
unfilled job opening, and 32 percent reported that supply chain 
disruptions had a significant impact on their business).
---------------------------------------------------------------------------

B. Existing Data on Small Business Lending

    While small businesses are a critical part of the U.S. economy and 
require financial support, it is still true--as it was in 2017 when the 
CFPB published its White Paper on small business lending--that it is 
not possible with current data to confidently answer basic questions 
regarding the state of small business lending. This limitation is 
especially the case with regard to the ethnicity, race, and sex of 
small business owners, applications as opposed to originations, and for 
small business financing products that are not currently reported in 
Call Report data.\60\
---------------------------------------------------------------------------

    \60\ CFPB, Key dimensions of the small business lending 
landscape, at 39-40 (May 2017), https://files.consumerfinance.gov/f/documents/201705_cfpb_Key-Dimensions-Small-Business-Lending-Landscape.pdf (White Paper).
---------------------------------------------------------------------------

    Data on small business lending are fragmented, incomplete, and not 
standardized, making it difficult to

[[Page 35157]]

conduct meaningful comparisons across products and over time. Against 
this background, it is not hard to see why Congress believed that the 
collection of small business application data would serve to identify 
business and community development needs and opportunities. The lack of 
data hinders attempts by policymakers and other stakeholders to 
understand the size, shape, and dynamics of the small business lending 
marketplace, including the interaction of supply and demand, as well as 
potentially problematic lending practices, gaps in the market, or 
trends in funding that may be holding back some communities.\61\ For 
example, absent better data, it is hard to determine if relatively 
lower levels of bank loans to small businesses in the decade before the 
pandemic began were reflective of a net relative decline in lending to 
small businesses as compared to large businesses or rather a shift 
within small business lending from banks to nondepository lenders.\62\ 
To the extent there may have been a relative decline, it is difficult 
to assess if that decline affected certain types of small businesses 
more than others, including women-owned and minority-owned small 
businesses.\63\
---------------------------------------------------------------------------

    \61\ While Call Report and CRA data provide some indication of 
the level of supply of small business credit, the lack of data on 
small business credit applications makes demand for credit by small 
businesses more difficult to assess, including with respect to local 
markets or protected classes.
    \62\ Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How Did 
Bank Lending to Small Business in the United States Fare After the 
Financial Crisis?, at 26 (Jan. 2018), https://cdn.advocacy.sba.gov/wp-content/uploads/2019/05/09134658/439-How-Did-Bank-Lending-to-Small-Business-Fare.pdf (showing a decline in bank loans to small 
businesses from 2008 to 2015 from $710 billion to $600 billion). The 
level of bank lending to small businesses has recovered somewhat 
since a trough in 2012-13 that represented the lowest amount of 
lending since 2005. Fed. Deposit Ins. Corp., Quarterly Banking 
Profile, https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/timeseries/small-business-farm-loans.xlsx (last visited Mar. 20, 
2023).
    \63\ White Paper at 40.
---------------------------------------------------------------------------

    The primary sources of information on lending by depository 
institutions are the Federal Financial Institutions Examination Council 
(FFIEC) and National Credit Union Administration (NCUA) Consolidated 
Reports of Condition and Income (Call Reports), as well as reporting 
under the Community Reinvestment Act (CRA). Under the FFIEC and CRA 
reporting regimes, small loans to businesses of any size are used in 
whole or in part as a proxy for loans to small businesses. The FFIEC 
Call Report captures banks' outstanding number and amount of small 
loans to businesses (that is, loans originated under $1 million to 
businesses of any size; small loans to farms are those originated under 
$500,000).\64\ The CRA currently requires banks and savings 
associations with assets over a specified threshold to report loans in 
original amounts of $1 million or less to businesses; reporters are 
asked to indicate whether the borrower's gross annual revenue is $1 
million or less, if they have that information.\65\ The NCUA Call 
Report captures data on all loans over $50,000 to members for 
commercial purposes, regardless of any indicator about the business's 
size.\66\ There are no similar sources of information about lending to 
small businesses by nondepository institutions. The SBA also releases 
loan-level data concerning some of its loan programs, but these 
typically do not include demographic information, and cover only a 
small portion of the overall small business financing market.
---------------------------------------------------------------------------

    \64\ See Fed. Fin. Insts. Examination Council, Reporting Forms 
31, 41, and 51 (last updated Mar. 16, 2023), https://www.ffiec.gov/ffiec_report_forms.htm (FFIEC Call Report).
    \65\ See Fed. Fin. Insts. Examination Council, A Guide to CRA 
Data Collection and Reporting, at 11, 13 (2015), https://www.ffiec.gov/cra/pdf/2015_CRA_Guide.pdf (2015 FFIEC CRA Guide). 
Small business loans are currently defined for CRA purposes as loans 
whose original amounts are $1 million or less and that were reported 
on the institution's Call Report or Thrift Financial Report as 
either ``Loans secured by nonfarm or nonresidential real estate'' or 
``Commercial and industrial loans.'' Small farm loans are currently 
defined for CRA purposes as loans whose original amounts are 
$500,000 or less and were reported as either ``Loans to finance 
agricultural production and other loans to farmers'' or ``Loans 
secured by farmland.'' Id. at 11. The Federal agencies responsible 
for implementing the CRA have proposed to amend the CRA regulations 
to adopt the Bureau's definition of small business. 87 FR 33884 
(June 3, 2022).
    \66\ See Nat'l Credit Union Admin., Call Report Form 5300 
Instructions, at 74-84 (Mar. 31, 2022), https://www.ncua.gov/files/publications/regulations/call-report-instructions-march-2022.pdf 
(Call Report Form 5300 Instructions).
---------------------------------------------------------------------------

    These public data sources provide some of the most extensive 
information currently available on small business lending. However, 
they suffer from four material limitations: namely that the data 
capture only parts of the market, are published at a high level of 
aggregation, do not permit detailed analysis across the market, and 
lack standardization across different agencies.
    First, these datasets exclude entire categories of lenders. For 
example, banks under $1.384 billion in assets, as of 2022, do not have 
to report under the CRA.\67\ The FFIEC and NCUA Call Reports and CRA 
data do not include lending by nondepository financial institutions, 
which the CFPB estimates to represent 37 percent of the small business 
financing market and is rapidly growing.\68\
---------------------------------------------------------------------------

    \67\ Joint Press Release, Bd. of Governors of the Fed. Rsrv. 
Sys. & Fed. Deposit Ins. Corp., Agencies Release Annual Asset-Size 
Thresholds Under Community Reinvestment Act Regulations (Dec. 16, 
2021), https://www.federalreserve.gov/newsevents/pressreleases/bcreg20211216a.htm.
    \68\ Nondepository lending is estimated to total approximately 
$550 billion out of $1.5 trillion in total lending, excluding $1 
trillion in COVID-19 emergency program lending. See part II.D below 
(providing a detailed breakdown and methodology of estimates across 
lending products).
---------------------------------------------------------------------------

    Second, Federal agencies publish summary data at a high level in a 
manner that does not facilitate independent analysis by other agencies 
or stakeholders. The FFIEC and NCUA Call Reports and the CRA data are 
all available at a higher level of aggregation than loan-level, 
limiting fair lending and detailed geographic analyses since ethnicity, 
race, and sex as well as business location data are rarely disclosed.
    Third, the detailed data collected by these Federal sources have 
significant limitations as well, preventing any analysis into certain 
issues or types of borrowers, even by the regulators possessing these 
data. Neither Call Report nor CRA data include applications, which 
limits insights into any potential discrimination or discouragement in 
application processes as well as into the interaction between credit 
supply and demand. The FFIEC Call Report and CRA data separately 
identify loans of under $1 million in value and, among loans of under 
$1 million in value, CRA data also identify loans to businesses with 
annual revenues of $1 million or less (if the lender collects borrower 
revenue information).\69\ However, the Call Report definition of 
``small business loans'' as those with a loan size of $1 million or 
less at origination is both overinclusive, as it counts small loans to 
businesses of all sizes, and underinclusive, as it excludes loans over 
$1 million made to small businesses. Credit unions report any loans 
under $50,000 as consumer loans and not as commercial loans on the NCUA 
Call Report,\70\ potentially excluding from measurement an important 
source of funding for many small businesses, particularly the smallest 
and often most underserved.
---------------------------------------------------------------------------

    \69\ Fed. Fin. Insts. Examination Council, Schedule RC-C, Part 
II Loans to Small Businesses and Farms (2017), at 1, https://www.fdic.gov/regulations/resources/call/crinst-031-041/2017/2017-03-rc-c2.pdf (detailing the Call Report loan size threshold of $1 
million at origination for loans to small businesses); 2015 FFIEC 
CRA Guide at 11 (detailing the CRA size thresholds of $1 million 
both for loan amount at origination and for revenue of small 
business borrowers).
    \70\ Call Report Form 5300 Instructions at 44.
---------------------------------------------------------------------------

    Finally, the Federal sources of small business lending data are not

[[Page 35158]]

standardized across agencies and cannot be easily compared. For 
example, as noted above, the FFIEC Call Report collects small loans to 
businesses as a proxy for small business lending, whereas the NCUA Call 
Report collects loans to members for commercial purposes above $50,000 
but with no upper limit. The loan-level data for the Paycheck 
Protection Program offer an unprecedented level of insight into small 
business lending, but this dataset is a one-off snapshot into the 
market for a specific lending program at an acute moment of crisis and 
is also limited in utility by relatively low response levels to 
demographic questions concerning borrowers.\71\
---------------------------------------------------------------------------

    \71\ Zachary Warmbrodt, Tracking the Money: Bid to Make Business 
Rescue More Inclusive Undercut by Lack of Data, Politico (Mar. 2, 
2021), https://www.politico.com/news/2021/03/02/businesses-inclusive-coronavirus-relief-money-data-472539 (reporting that 75 
percent of Paycheck Protection Program loan recipients did not 
report their ethnicity and 58 percent did not reveal their gender); 
see also Rachel Atkins et al., Discrimination in Lending? Evidence 
from the Paycheck Protection Program, 58 Small Bus. Econ. 843, 844 
(Feb. 2022), https://link.springer.com/article/10.1007/s11187-021-00533-1 (finding that borrower business owner race was reported for 
only 10 percent of Paycheck Protection Program loans).
---------------------------------------------------------------------------

    The Federal government also conducts and releases a variety of 
statistics, surveys, and research reports on small business lending 
through the member banks for the Federal Reserve System, the FDIC, CDFI 
Fund, and the U.S. Census Bureau. These data sources offer insights 
into broad trends and specific small business lending issues but are 
less useful for detailed fair lending analyses or identification of 
specific areas, industries, or demographic groups being underserved. 
Periodic changes in survey methodology, sample sizes, and questions can 
also limit comparability and the ability to track developments over 
time.
    There are also a variety of non-governmental data sources, issued 
by both private and nonprofit entities, that cover small businesses 
and/or the small business financing market. These include datasets and 
surveys published by commercial data and analytics firms, credit 
reporting agencies, trade associations, community groups, and academic 
institutions. Certain of these data sources are publicly available and 
track specific topics, such as small business optimism,\72\ small 
business employment,\73\ rates of small business credit application 
approvals,\74\ and small business lending and delinquency levels.\75\ 
Other databases have more granularity and provide detailed information 
on individual businesses, including revenue, credit utilization, 
industry, and location.\76\
---------------------------------------------------------------------------

    \72\ Nat'l Fed'n of Indep. Bus., Small Business Optimism Index 
(July 2022), https://www.nfib.com/surveys/small-business-economic-trends/.
    \73\ ADP Rsch. Inst., Employment Reports, https://adpemploymentreport.com/ (last visited Mar. 20, 2023).
    \74\ Biz2Credit, Biz2Credit Small Business Lending Index, 
https://www.biz2credit.com/small-business-lending-index (last 
visited Mar. 20, 2023).
    \75\ PayNet, Small Business Lending Index, https://sbinsights.paynetonline.com/lending-activity/ (last visited Mar. 20, 
2023).
    \76\ See, e.g., Dun & Bradstreet, https://www.dnb.com/ (data 
provider and credit reporter); Data Axle, https://www.data-axle.com/ 
(data provider); Equifax, https://www.equifax.com/business/product/business-credit-reports-small-business/ (credit reporter); Experian, 
https://www.experian.com/small-business/business-credit-reports 
(credit reporter).
---------------------------------------------------------------------------

    While these non-public sources of data on small businesses may 
provide a useful supplement to existing Federal sources of small 
business lending data, these private and nonprofit sources often do not 
have lending information, may rely in places on unverified self-
reporting or research based on public internet sources, and/or narrowly 
limit use cases for parties accessing data. Further, commercial 
datasets are generally not free to public users and can be costly as 
well as have restrictions on their use, raising equity issues for 
stakeholders who cannot afford access or are not permitted to use the 
data for their desired purposes.

C. The Landscape of Small Business Finance

    Notwithstanding the lack of data on the market, it is clear that 
financing plays an important role in enabling small businesses to grow 
and contribute to the economy. When it is available, financing not only 
provides resources for small businesses to smooth cash flows for 
current operations, but also affords business owners the opportunity to 
invest in business growth. A study by a small business trade group 
found a correlation between small business owners' ability to access 
credit and their ability to hire.\77\ This same study found that, while 
not the sole cause, the inability to secure financing may have led 16 
percent of small businesses to reduce their number of employees and 
approximately 10 percent of small businesses to reduce employee 
benefits. Lack of access to financing also contributed to a further 10 
percent of small businesses being unable to increase store inventory in 
order to meet existing demand.\78\
---------------------------------------------------------------------------

    \77\ White Paper at 17.
    \78\ Id.
---------------------------------------------------------------------------

    To support their growth or to make it through harder times, small 
businesses look to a variety of funding sources. Especially when 
starting out, entrepreneurs often rely on their own savings and help 
from family and friends. If a business generates a profit, its owners 
may decide to reinvest retained earnings to fund further growth. 
However, for many aspiring business owners--and their personal 
networks--savings and retained earnings may not be sufficient to fund a 
new venture or grow it, leading owners to seek other sources of 
funding. This is particularly true for minority households and women-
led households, which on average have less wealth than white households 
and male-led households.\79\
---------------------------------------------------------------------------

    \79\ Emily Moss et al., The Black-White Wealth Gap Left Black 
Households More Vulnerable, Brookings Inst. (Dec. 8, 2020), https://www.brookings.edu/blog/up-front/2020/12/08/the-black-white-wealth-gap-left-black-households-more-vulnerable/ (detailing wealth gaps in 
2019 by race and sex that show white male households with more 
wealth than white female or Black male or female households at all 
age brackets). See also Erin Ruel & Robert Hauser, Explaining the 
Gender Wealth Gap, 50 Demography 1155, 1165 (Dec. 2012), https://read.dukeupress.edu/demography/article/50/4/1155/169553/Explaining-the-Gender-Wealth-Gap (finding a gender wealth gap of over $100,000 
in a longitudinal study over 50 years of a single age cohort in 
Wisconsin); Neil Bhutta et al., Bd. of Governors of the Fed. Rsrv. 
Sys., Disparities in Wealth by Race and Ethnicity in the 2019 Survey 
of Consumer Finances (Sept. 28, 2020), https://www.federalreserve.gov/econres/notes/feds-notes/disparities-in-wealth-by-race-and-ethnicity-in-the-2019-survey-of-consumer-finances-20200928.htm (finding median white family wealth in 2019 of 
$188,200 compared with $24,100 for Black families and $36,100 for 
Hispanic families).
---------------------------------------------------------------------------

    One such source of funding comes from others besides family and 
friends, whether high net worth individuals or ``angel investors,'' 
venture capital funds, or, in a more recent development usually 
facilitated by online platforms, via crowdsourcing from retail 
investors. Often, these early investments take the form of equity 
funding, which business owners are not obligated to repay to investors. 
However, equity funding requires giving up some ownership and control 
to investors, which some entrepreneurs may not wish to do. For small 
businesses, equity funding also tends to be somewhat more expensive 
than debt financing in the long run. This is for a number of reasons, 
including that loan interest payments, unlike capital gains, are tax-
deductible.\80\ Finally, equity investments from others besides family 
and friends are available to only a small fraction of small businesses.
---------------------------------------------------------------------------

    \80\ Jim Woodruff, The Advantages and Disadvantages of Debt and 
Equity Financing, CHRON (updated Mar. 4, 2019), https://smallbusiness.chron.com/advantages-disadvantages-debt-equity-financing-55504.html.
---------------------------------------------------------------------------

    Many small businesses instead seek debt financing from a wide range 
of

[[Page 35159]]

providers. These providers include depository institutions, such as 
banks, savings associations, and credit unions,\81\ as well as online 
lenders and commercial finance companies, specialized providers of 
specific financing products, nonprofits, and a range of government and 
government-sponsored enterprises, among others.
---------------------------------------------------------------------------

    \81\ For purposes of this document, the Bureau is using the term 
depository institution to mean any bank or savings association 
defined by section 3(c)(1) of the Federal Deposit Insurance Act, 12 
U.S.C. 1813(c)(1), or credit union defined pursuant to the Federal 
Credit Union Act, as implemented by 12 CFR 700.2. The Bureau notes 
that the Dodd-Frank Act defines a depository institution to mean any 
bank or savings association defined by the Federal Deposit Insurance 
Act; there, that term does not encompass credit unions. 12 U.S.C. 
5301(18)(A), 1813(c)(1). The Bureau is referring to banks and 
savings associations together with credit unions as depository 
institutions throughout this document, unless otherwise specified, 
to facilitate analysis and discussion.
---------------------------------------------------------------------------

    In the past, small businesses principally sought credit from banks; 
however, as banks have merged and consolidated, particularly in the 
wake of the Great Recession, they have provided less financing to small 
businesses.\82\ As noted earlier, the number of banks has declined 
significantly since a post-Great Depression peak in 1986 of over 18,000 
institutions to under 4,800 institutions as of June 30, 2022,\83\ while 
13,500 branches closed from 2009 to mid-2020, representing a 14 percent 
decrease.\84\ Although nearly half of counties either gained bank 
branches or retained the same number between 2012 and 2017, the 
majority lost branches over this period.\85\ Out of 44 counties that 
were deeply affected by branch closures, defined as having 10 or fewer 
branches in 2012 and seeing five or more of those close by 2017, 39 
were rural counties.\86\ Of rural counties, just over 40 percent lost 
bank branches in that period; the rural counties that experienced 
substantial declines in bank branches tend to be lower-income and with 
a higher proportion of African American residents relative to other 
rural counties,\87\ raising concerns about equal access to credit.
---------------------------------------------------------------------------

    \82\ Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How Did 
Bank Lending to Small Business in the United States Fare After the 
Financial Crisis?, at 26 (Jan. 2018), https://cdn.advocacy.sba.gov/wp-content/uploads/2019/05/09134658/439-How-Did-Bank-Lending-to-Small-Business-Fare.pdf (showing a decline in bank loans to small 
businesses from 2008 to 2015 from $710 billion to $600 billion). The 
level of bank lending to small businesses has recovered somewhat 
since a trough in 2012-13 that represented the lowest amount of 
lending since 2005. Fed. Deposit Ins. Corp., https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/timeseries/small-business-farm-loans.xlsx (last visited Mar. 20, 2023).
    \83\ Cong. Rsch. Serv., Small Business Credit Markets and 
Selected Policy Issues, at 6 (Aug. 20, 2019), https://fas.org/sgp/crs/misc/R45878.pdf (decline since 1986); Fed. Deposit Ins. Corp., 
Quarterly Banking Profile, at 7 (Aug. 2022), https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/2022jun/qbp.pdf (number of 
banks as of June 30, 2022).
    \84\ Bruce C. Mitchell et al., Nat'l Cmty. Reinvestment Coal., 
Relationships Matter: Small Business and Bank Branch Locations, at 6 
(2020), https://ncrc.org/relationships-matter-small-business-and-bank-branch-locations/ (stating that in 2009 there were 95,596 brick 
and mortar full-service branches or retail locations but, as of June 
30, 2020, that number had fallen to 82,086).
    \85\ Bd. of Governors of the Fed. Rsrv. Sys., Perspectives from 
Main Street: Bank Branch Access in Rural Communities, at 1, 3-4, 19 
(Nov. 2019), https://www.federalreserve.gov/publications/files/bank-branch-access-in-rural-communities.pdf.
    \86\ Id.
    \87\ Id.
---------------------------------------------------------------------------

    As banks have merged and the number of branches reduced, the share 
of banking assets has also become increasingly concentrated in the 
largest institutions, with banks of over $10 billion in assets 
representing 86 percent of all industry assets in 2021, totaling $20.3 
trillion out of $23.7 trillion.\88\ Nevertheless, banks of under $10 
billion in assets continue to hold approximately half of all small 
business loans (using the FFIEC Call Report definition of loans of 
under $1 million), highlighting the importance of smaller banks to the 
small business lending market.\89\ Since smaller bank credit approvals 
have traditionally been close to 50 percent, while large banks approve 
only 25-30 percent of applications, bank consolidation may have 
implications for small business credit access.\90\ Since institutions 
under $1.384 billion in assets currently are not required to report on 
lending under the CRA,\91\ it is difficult to precisely quantify the 
negative impact of bank consolidation and shuttered branches on small 
business lending and access to credit in local areas.\92\ 
Qualitatively, community banks typically receive high satisfaction 
scores among small business borrowers, reflecting their greater 
commitment to relationship banking, a model of banking ``used to serve 
families, businesses, and communities as individuals, with an emphasis 
on providing customized help, rather than assembly line service.'' \93\
---------------------------------------------------------------------------

    \88\ Fed. Deposit Ins. Corp., Bank Data and Statistics, https://www.fdic.gov/bank/statistical/ (last visited Mar. 20, 2023); see 
also Cong. Rsch. Serv., Small Business Credit Markets and Selected 
Policy Issues, at 6 (Aug. 20, 2019), https://fas.org/sgp/crs/misc/R45878.pdf (stating that banks over $10 billion held 84 percent of 
all industry assets in 2018).
    \89\ Speech by Board Governor Lael Brainard: Community Banks, 
Small Business Credit, and Online Lending (Sept. 30, 2015), https://www.federalreserve.gov/newsevents/speech/brainard20150930a.htm. 
Banks with under $10 billion in assets are often referred to as 
``community banks.'' Cong. Rsch. Serv., Over the Line: Asset 
Thresholds in Bank Regulation, at 2-3 (May 3, 2021), https://fas.org/sgp/crs/misc/R46779.pdf (noting that the Board of Governors 
of the Federal Reserve System (Board) and the Office of the 
Comptroller of the Currency (OCC) define community banks as having 
under $10 billion in assets, although there may be other criteria, 
with the FDIC considering also geographic footprint and a relative 
emphasis on making loans and taking deposits as opposed to engaging 
in securities and derivatives trading).
    \90\ Biz2Credit, Biz2Credit Small Business Lending Index, 
https://www.biz2credit.com/small-business-lending-index (last 
visited Mar. 20, 2023). These historical approval rates are 
reflected in pre-pandemic Small Business Lending Index releases by 
Biz2Credit. See, e.g., Biz2Credit, Small Business Loan Approval 
Rates at Big Banks Remain at Record High in February 2020: 
Biz2Credit Small Business Lending Index, https://www.biz2credit.com/small-business-lending-index/february-2020 (last visited Mar. 20, 
2023) (showing large bank approvals of 28.3 percent in February 2020 
and of 27.2 percent in February 2019 and smaller bank approvals of 
50.3 percent in February 2020 and of 48.6 percent in February 2019).
    \91\ See part II.B above.
    \92\ Bruce C. Mitchell et al., Nat'l Cmty. Reinvestment Coal., 
Relationships Matter: Small Business and Bank Branch Locations (Mar. 
2021), https://ncrc.org/relationships-matter-small-business-and-bank-branch-locations/.
    \93\ Rohit Chopra, CFPB, Prepared Remarks of CFPB Director Rohit 
Chopra in Great Falls, Montana on Relationship Banking and Customer 
Service (June 14, 2022), https://www.consumerfinance.gov/about-us/newsroom/prepared-remarks-of-cfpb-director-rohit-chopra-in-great-falls-montana-on-relationship-banking-and-customer-service/; see 
also 87 FR 36828, 36829 (June 21, 2022) (stating that relationship 
banking is ``an aspirational model of banking that meets its 
customers' needs through strong customer service, responsiveness, 
and care''); Cong. Rsch. Serv., Over the Line: Asset Thresholds in 
Bank Regulation, at 3 (May 3, 2021), https://fas.org/sgp/crs/misc/R46779.pdf (stating that community banks are more likely to engage 
in relationship-based lending).
---------------------------------------------------------------------------

    In contrast to banks, credit unions increased their small business 
lending from $30 billion in 2008 to $71 billion in 2021.\94\ Like 
community banks, credit

[[Page 35160]]

unions typically receive high satisfaction scores among small business 
borrowers, reflecting more high-contact, relationship-based lending 
models.\95\
---------------------------------------------------------------------------

    \94\ Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How Did 
Bank Lending to Small Business in the United States Fare After the 
Financial Crisis?, at 51 (Jan. 2018), https://cdn.advocacy.sba.gov/wp-content/uploads/2019/05/09134658/439-How-Did-Bank-Lending-to-Small-Business-Fare.pdf ($30 billion in lending in 2008); Calculated 
from NCUA Call Report data accessed on October 18, 2022 ($71 billion 
in lending in 2021). The Bureau notes that, as discussed in part 
II.B above, credit unions only report credit transactions made to 
members for commercial purposes with values over $50,000. The Bureau 
uses this value as a proxy for small business credit. The Bureau 
acknowledges that the true value of small business credit extended 
by credit unions may be different than what is presented here. For 
example, this proxy may overestimate the value of outstanding small 
business credit because some members are taking out loans for large 
businesses. Alternatively, this proxy may underestimate the value of 
outstanding small business credit if credit unions originate a 
substantial number of small business loans with origination values 
of under $50,000. For this analysis, the Bureau includes all types 
of commercial loans to members except construction and development 
loans and multifamily residential property. This includes loans 
secured by farmland; loans secured by owner-occupied, non-farm, non-
residential property; loans secured by non-owner occupied, non-farm, 
non-residential property; loans to finance agricultural production 
and other loans to farmers; commercial and industrial loans; 
unsecured commercial loans; and unsecured revolving lines of credit 
for commercial purposes.
    \95\ Fed. Rsrv. Banks, Small Business Credit Survey, 2021 Report 
On Employer Firms, at 28 (2021), https://www.fedsmallbusiness.org/survey/2021/report-on-employer-firms.
---------------------------------------------------------------------------

    Certain banks and credit unions choose to be mission-based lenders, 
as CDFIs or minority depository institutions.\96\ Mission-based lenders 
focus on providing credit to traditionally underserved and low-income 
communities and individuals to promote community development and expand 
economic opportunity, making them a relatively smaller by dollar value 
but essential part of the small business lending market. There were 
almost 1,400 CDFIs (over half of which are depository institutions) as 
of August 2022 and over 140 minority depository institutions as of 
March 2022.\97\
---------------------------------------------------------------------------

    \96\ Minority depository institutions are depository 
institutions that are majority-owned by socially and economically 
disadvantaged individuals or that have a majority-minority board of 
directors and serve a predominantly minority community. Fed. Deposit 
Ins. Corp., Minority Depository Institutions: Structure, 
Performance, and Social Impact, at 1 (2019), https://www.fdic.gov/regulations/resources/minority/2019-mdi-study/full.pdf. Minority 
depository institutions focus more than other banks on minority and 
low- and moderate-income communities. See id. at 1, 5. CDFI banks 
are certified through the U.S. Department of the Treasury by 
demonstrating they serve low-income communities. CDFI Fund, CDFI 
Certification, https://www.cdfifund.gov/programs-training/certification/cdfi (last visited Mar. 17, 2023).
    \97\ CDFI Fund., CDFI Certification, https://www.cdfifund.gov/programs-training/certification/cdfi (last visited Mar. 20, 2023); 
Fed. Deposit Ins. Corp., Minority Depository Institutions Program 
(last visited Mar. 20, 2023), https://www.fdic.gov/regulations/resources/minority/mdi.html.
---------------------------------------------------------------------------

    During a period in which depository institutions have been 
providing relatively less funding to small businesses,\98\ some small 
businesses have increasingly relied on nondepository institutions for 
financing. Since nondepositories typically do not report their small 
business financing activities to regulators, there are no authoritative 
sources for either the number of such entities or the dollar value of 
financing they provide to small businesses.\99\ However, what data are 
available make clear that nondepository online lenders are increasing 
their share of the small business financing market.\100\
---------------------------------------------------------------------------

    \98\ See Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How 
Did Bank Lending to Small Business in the United States Fare After 
the Financial Crisis?, at 26 (Jan. 2018), https://cdn.advocacy.sba.gov/wp-content/uploads/2019/05/09134658/439-How-Did-Bank-Lending-to-Small-Business-Fare.pdf (showing a decline in 
bank loans to small businesses from 2008-15 from $710 billion to 
$600 billion). The level of bank lending to small businesses has 
recovered somewhat since a trough in 2012-13 that represented the 
lowest amount of lending since 2005. See also Fed. Deposit Ins. 
Corp., https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/timeseries/small-business-farm-loans.xlsx (last visited Mar. 20, 
2023) (tabulating outstanding balances for credit extended to small- 
and non-small business lending by banks and thrifts over time).
    \99\ See part II.B above.
    \100\ See part II.D below.
---------------------------------------------------------------------------

    Whether depository or nondepository, each provider of small 
business financing may assess a variety of different criteria to 
determine whether and on what terms to grant an extension of credit or 
other financing product, including business and financial performance, 
the credit history of the business and its owner(s), the time in 
business, and the industry, among other factors. Protections such as 
guarantees, collateral, and insurance can mitigate perceived risks, 
potentially enabling a lender to offer better terms or facilitating an 
extension of credit that would otherwise not meet lending limit or 
underwriting criteria. Often, government agencies--including the SBA, 
Federal Housing Administration, and USDA--guarantee or insure loans to 
encourage lenders to provide credit to borrowers that may not otherwise 
be able to obtain credit, either on affordable terms and conditions or 
at all.\101\ Different lenders also employ diverse methods for 
assessing risk, with smaller banks generally relying more on 
traditional underwriting methods and typically managing multi-product 
relationships. Online lenders increasingly use complex algorithms, 
automation, and even artificial intelligence to assess risk and make 
underwriting decisions, with originations typically being less 
relationship-based in nature.
---------------------------------------------------------------------------

    \101\ Cong. Rsch. Serv., Small Business Administration 7(a) Loan 
Guaranty Program (updated June 30, 2022), https://fas.org/sgp/crs/misc/R41146.pdf (discussing the SBA's flagship 7(a) loan guarantee 
program); U.S. Dep't of Hous. & Urban Dev., Descriptions Of 
Multifamily Programs, https://www.hud.gov/program_offices/housing/mfh/progdesc (last visited Mar. 20, 2023) (listing Federal Housing 
Administration mortgage insurance programs for 5+ unit residential 
developments); Farm Serv. Agency, U.S. Dep't of Agric., Guaranteed 
Loan Program Fact Sheet (Mar. 2020), https://www.fsa.usda.gov/Assets/USDA-FSA-Public/usdafiles/FactSheets/guaranteed_loan_program-factsheet.pdf (discussing the USDA's Farm Service Agency guaranteed 
loan program).
---------------------------------------------------------------------------

    As well as diversity in underwriting methodology and criteria, 
there are also considerable differences across small business financing 
products and providers with respect to pricing methods and repayment 
structures. As a result, it can be challenging to compare the 
competitiveness of product pricing and terms. Term loans, lines of 
credit, and credit cards typically disclose annualized interest rates; 
leases often take into account depreciation; factoring products 
discount an invoice's value and add a fee; and merchant cash advances 
apply a multiple to the value of the up-front payment.\102\ Moreover, 
providers may add additional fees that are not standardized within 
industries, much less across them.
---------------------------------------------------------------------------

    \102\ See part II.D below for definitions of the different 
product categories.
---------------------------------------------------------------------------

D. Estimating the Size and Scope of the Small Business Financing Market

    In light of the lack of data and the heterogeneity of products and 
providers within the small business financing market, it can be 
difficult to get a clear sense of the size and scope of the market. In 
this part, the CFPB describes its estimates of the total outstanding 
balances of credit in the market, the number of institutions that are 
active in the small business financing market, and how the CFPB arrived 
at these estimates. Where possible, the CFPB tries to estimate the 
state of the small business financing market at the end of 2019 in 
order to estimate the state of the market during the year prior to the 
onset of the COVID-19 pandemic.
    One challenge is that some of the data report the dollar value of 
originations and some report outstanding balances. For the purposes of 
this exercise and for most, but not all, products, the CFPB assumes 
that for every $1 originated in the market in a given year, there is 
approximately a corresponding $3 of outstanding balances. This 
assumption is based on the ratio of the 2019 FFIEC Call Report data, 
which totaled $721 billion in outstanding balances on bank loans to 
small businesses and small farms, and the 2019 CRA data, which recorded 
$264 billion in bank loan originations to small businesses and small 
farms.\103\ This assumption is limited by the extent to which other 
small business financing products differ from loans and lines of 
credit, which make up the majority of financing products captured by 
the FFIEC Call Report data and the CRA data.\104\
---------------------------------------------------------------------------

    \103\ FFIEC Call Report data records outstanding balances on 
loans with origination amounts less than $1 million across 
Commercial & Industrial, Nonfarm Nonresidential, Agricultural, and 
Secured by Farmland lending categories. See FDIC Quarterly Banking 
Profile Time Series, https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/timeseries/small-business-farm-loans.xlsx (last 
visited Mar. 20, 2023).
    \104\ FFIEC Call Report data and CRA data on small business 
credit products also include business credit card products, but 
loans and lines of credit made up $713 billion out of $775 billion 
in outstanding balances on bank, savings association, and credit 
union loans to small businesses in 2019. One important caveat to 
this assumption is that products with materially shorter average 
term lengths, for example credit cards, factoring products, and 
merchant cash advances, may have an inverse ratio of originations to 
outstanding balances. For example, top issuers of general-purpose 
credit cards recorded purchase volumes of two to seven times their 
outstanding balances in 2020. Nilson Report, Issue 1192, at 6 (Feb. 
2021), https://nilsonreport.com/publication_newsletter_archive_issue.php?issue=1192. If business-
purpose credit cards, factoring products, and merchant cash advances 
behaved similarly with respect to the ratio of originations to 
outstanding balances, then for every $1 originated in the market in 
a given year, there could be a corresponding $0.14-0.50 in 
outstanding balances for such products ($1 divided by two to seven).

---------------------------------------------------------------------------

[[Page 35161]]

    As detailed in this section, the CFPB estimates that the market for 
small business financing products totaled $1.4 trillion in outstanding 
balances in 2019. The CFPB estimates that small business financing by 
depository institutions makes up just over half of small business 
financing by private institutions. In 2020 and 2021, COVID-19 emergency 
lending programs added a further $1 trillion to this value, bringing 
the overall size of the small business financing market up to $2.4 
trillion. However, by July 2022, over $740 billion in Paycheck 
Protection Program loans had been forgiven, bringing the total market 
size back below $1.7 trillion.\105\ Below, the CFPB estimates the 
market share for different small business financing products.
---------------------------------------------------------------------------

    \105\ Pandemic Response Accountability Comm., Paycheck 
Protection Program: Loan Forgiveness by the Numbers (July 2022), 
https://www.pandemicoversight.gov/media/file/ppp-loan-forgiveness-fact-sheet-july-2022-updatepdf.
---------------------------------------------------------------------------

    Since the available data regarding depository institutions' small 
loans to businesses address term loans, lines of credit, and credit 
cards together, the respective shares of these three products in the 
overall small business financing market are difficult to assess. As 
detailed in this part, the CFPB estimates that together, private term 
loans and lines of credit constitute the largest small business credit 
product by value, totaling approximately $770 billion in outstanding 
balances in 2019. As of July 2022, outstanding balances for Economic 
Impact Disaster Loan Program and Paycheck Protection Program loans 
totaled $260 billion, bringing the total value of all outstanding loans 
and lines of credit to around $1 trillion.\106\
---------------------------------------------------------------------------

    \106\ Id.
---------------------------------------------------------------------------

    Lending by banks, saving associations, and credit unions comprises 
the largest part of this total amount for private term loans and lines 
of credit. Using FFIEC Call Report data for December 2019, the CFPB 
estimates that banks and savings associations accounted for a total of 
about $721 billion in outstanding credit to small businesses and small 
farms as of December 2019.\107\ Using NCUA Call Report data for 
December 2019, the CFPB estimates that credit unions accounted for a 
total of about $55 billion in outstanding credit to members for 
commercial purposes.\108\ From this value, the CFPB subtracts $62 
billion in credit card lending to arrive at $713 billion in outstanding 
balances for term loans and lines of credit. From this value, the CFPB 
further subtracts $134 billion in SBA guaranteed loans to arrive at 
$580 billion in outstanding balances for private term loans and lines 
of credit extended by depository institutions (i.e., banks, savings 
associations, and credit unions) as of December 2019.
---------------------------------------------------------------------------

    \107\ Calculated from FFIEC Call Report data accessed on October 
18, 2022. The CFPB notes that, as discussed in part II.B above, 
these estimates rely on small loans to businesses as a proxy for 
loans to small businesses. As such, the CFPB acknowledges that the 
true outstanding value of credit extended to small businesses by 
such institutions may be different than what is presented here. For 
example, the small loans to businesses proxy would overestimate the 
value of outstanding credit if a significant number of small loans 
to businesses and farms are to businesses or farms that are actually 
large. Alternatively, the proxy would underestimate the value of 
outstanding credit to small businesses if a significant number of 
businesses and farms that are small under the rule take out loans 
that are larger than $1 million or $500,000, for businesses and 
farms, respectively.
    \108\ Calculated from NCUA Call Report data accessed on October 
18, 2022.
---------------------------------------------------------------------------

    The remaining $190 billion in outstanding balances for private term 
loans and lines of credit was extended by various nondepository 
institutions, namely commercial finance companies, online lenders, and 
nondepository CDFIs.\109\
---------------------------------------------------------------------------

    \109\ There may additionally be lending that is not captured 
here by equipment and vehicle dealers originating loans in their own 
names.
---------------------------------------------------------------------------

    Commercial finance companies specialize in financing equipment and 
vehicle purchases. The CFPB estimates that the value of outstanding 
balances on credit extended by commercial finance companies totaled 
approximately $160 billion. Using data from the Board's Finance Company 
Business Receivables data on owned assets as of December 2019, the CFPB 
estimates commercial finance companies outstanding credit for 
commercial purposes as the value of retail motor vehicle loans plus 
equipment loans and other business receivables, which totaled about 
$215 billion.\110\ The CFPB further assumes that about 75 percent of 
this value, or $162 billion, can be attributed to loans to small 
businesses.\111\
---------------------------------------------------------------------------

    \110\ Bd. of Governors of the Fed. Rsrv. Sys., Finance 
Companies--G.20 (updated Aug. 17, 2022), https://www.federalreserve.gov/releases/g20/hist/fc_hist_b_levels.html. The 
Bureau does not include leases, since they are already counted 
within the product category of equipment and vehicle leasing, or 
wholesale loans, which it assumes are typically made to non-small 
businesses.
    \111\ This methodology is consistent with the approach taken by 
Gopal and Schnabl (2020).
---------------------------------------------------------------------------

    Typical ``fintech'' providers are characterized primarily by 
providing financial services exclusively in an online environment.\112\ 
The CFPB estimates that total outstanding loan balances for such 
providers reached around $25 billion in 2019. Using this estimate, the 
CFPB scales up an estimated $9.3 billion in credit originations by 
online platform lenders to small and medium enterprises in 2019 to $25 
billion in estimated outstanding balances, under the assumptions 
discussed above.\113\ At the beginning of the COVID-19 pandemic and 
associated financial crisis, these lenders originated around $22 
billion in Paycheck Protection Program loans to small businesses from 
March to August 2020 \114\ and likely continued to originate billions 
more during the third wave of Paycheck Protection Program loans in 
2021, which represents an almost 90 percent increase or more in 
outstanding balances since 2019.\115\ This follows already rapid growth 
from $1.4 billion in estimated outstanding balances in 2013.\116\
---------------------------------------------------------------------------

    \112\ Barkley & Schweitzer, 17 Int'l J. Cent. Banking at 35-36.
    \113\ See 2018 US Fintech Market Report at 6. The Bureau notes 
that this figure may underestimate the total value of such lending 
because it focuses on platform lenders and may overestimate the 
value of lending to small businesses because it also includes credit 
to medium businesses. Additionally, the Bureau notes that fintechs 
often offer products besides loans and lines of credit, and that 
there is no clear demarcation between fintech, commercial finance 
company, and merchant cash advance provider, limiting the precision 
of market size estimates. Finally, fintechs often sell loans once 
originated to other entities, securitize their originations, or 
purchase loans that banks have originated, which may further present 
challenges to the precision of market size estimates for this market 
segment.
    \114\ Small Bus. Admin., Paycheck Protection Program (PPP) 
Report (approvals through 12 p.m. EST Apr. 16, 2020), https://www.sba.gov/sites/default/files/2020-06/PPP%20Deck%20copy-508.pdf; 
Small Bus. Admin., Paycheck Protection Program (PPP) Report 
(approvals through Aug. 8, 2020), https://www.sba.gov/sites/default/files/2020-08/PPP_Report%20-%202020-08-10-508.pdf.
    \115\ Per the program's intent, many Paycheck Protection Program 
loans have been forgiven since the program began, which likely means 
that outstanding balances on Paycheck Protection Program loans 
extended by online lenders have since declined. See Pandemic 
Response Accountability Comm., Paycheck Protection Program: Loan 
Forgiveness by the Numbers (July 2022), https://www.pandemicoversight.gov/media/file/ppp-loan-forgiveness-fact-sheet-july-2022-updatepdf (reporting that $742 billion in Paycheck 
Protection Program loans had been forgiven by July 2022).
    \116\ Barkley & Schweitzer, 17 Int'l J. Cent. Banking at 35-36 
(citing 2018 US Fintech Market Report at 5). This figure annualizes 
$121 million in estimated 2013 quarterly originations to $484 
million in annual originations and scales up to estimated 
outstanding balances using the ratio between the FFIEC Call Report 
and the CRA data discussed above.

---------------------------------------------------------------------------

[[Page 35162]]

    The CFPB estimates the value of outstanding balances on credit 
extended by nondepository CDFIs to small business borrowers to be 
around $1.5 billion. Using reporting by the CDFI Fund for 2019, the 
CFPB scales down the outstanding balances for loan funds of $13.8 
billion and for venture capital funds of $0.3 billion by the proportion 
of all CDFI lending attributable to business borrowers, which totaled 
$15.4 billion out of $141.2 billion.\117\
---------------------------------------------------------------------------

    \117\ CDFI Fund, CDFI Annual Certification and Data Collection 
Report (ACR): A Snapshot for Fiscal Year 2019, at 17, 22 (Oct. 
2020), https://www.cdfifund.gov/sites/cdfi/files/2021-01/ACR-Public-Report-Final-10292020-508Compliant.pdf. To the extent that CDFI loan 
funds and venture capital funds extend credit to business customers 
at different rates than CDFI banks and credit unions, this 
calculation may over- or underestimate the value of lending to small 
businesses by nondepository CDFIs. This figure also assumes that all 
CDFI lending is for small businesses.
---------------------------------------------------------------------------

    Categorized here separately so as to distinguish residential from 
non-residential loans, the CFPB estimates outstanding balances for 
loans on 5+ unit residential dwellings to total over $30 billion.\118\ 
The CFPB scales up $11 billion in 2019 annual originations on loans of 
under $1 million in value at origination for 5+ unit residential 
dwellings to $30 billion in estimated outstanding balances, using the 
ratio between the FFIEC Call Report and the CRA data discussed 
above.\119\
---------------------------------------------------------------------------

    \118\ Depository institutions, discussed above, extend a 
sizeable proportion of loans for 5+ unit residential dwellings; both 
nondepository and depository institutions are included in the total 
for 5+ unit outstanding balances.
    \119\ See Mortg. Bankers Ass'n, Annual Report on Multi-Family 
Lending--2019, at 5 (2020), https://www.mba.org/store/products/research/general/report/2019-annual-report-on-multifamily-lending. 
This includes both private loans, estimated at around $18 billion, 
and loans extended by Fannie Mae, Freddie Mac, and the Federal 
Housing Administration, estimated at around $13 billion. The share 
of 5+ unit residential dwelling loans of all sizes extended by 
governmental or government-sponsored entities was 41 percent. The 
Bureau assumes for the purposes of this exercise that the same share 
is reflected in loans of under $1 million in value at origination, 
although arguably this share would be higher if government and 
government-sponsored entities extended disproportionately smaller 
dollar value loans on average. There is also a substantial market 
for commercial real estate besides 5+ unit residential dwellings not 
captured here due to a lack of data on loans of small size or to 
small businesses. See Mortg. Bankers' Ass'n, MBA: Commercial, 
Multifamily Mortgage Bankers Originated $683B in 2021; Total Lending 
Tally Reaches $891B (Apr. 15, 2022), https://newslink.mba.org/mba-newslinks/2022/april/mba-newslink-friday-apr-15-2022/mba-commercial-multifamily-mortgage-bankers-originated-683b-in-2021-total-lending-tally-reaches-891b/ (estimating the volume of commercial real estate 
lending of any size to be $890.6 billion in 2021, of which 
multifamily lending accounted for $376 billion).
---------------------------------------------------------------------------

    Also categorized separately from depository institution totals so 
as to distinguish private from government and government-sponsored 
loans, the CFPB estimates that outstanding balances for loans extended 
by the SBA and the Farm Credit System totaled around $200 billion in 
2019.\120\
---------------------------------------------------------------------------

    \120\ The grand total for lending by government and government-
sponsored entities would be approximately $210 billion, including 5+ 
unit residential dwelling loans extended by Fannie Mae, Freddie Mac, 
and the Federal Housing Administration, which are separately 
recorded within the 5+ unit residential dwelling loan product 
category.
---------------------------------------------------------------------------

    The SBA, through its traditional 7(a), 504, and microloan programs 
as well as the Economic Impact Disaster Loan Program and funding for 
Small Business Investment Companies, is the largest governmental lender 
by value, with $143.5 billion in outstanding balances at the end of 
fiscal 2019.\121\ As part of the Federal government's response to the 
COVID-19 pandemic, during 2020 and 2021 SBA lending increased in size 
by over $1 trillion due to the Paycheck Protection Program, which 
totaled almost $800 billion, and the Economic Impact Disaster Loan 
Program, which totaled $210 billion.\122\ However, as noted above, over 
$740 billion in Paycheck Protection Program loans had been forgiven as 
of July 2022, bringing SBA outstanding loan balances back down.\123\
---------------------------------------------------------------------------

    \121\ Small Bus. Admin., Small Business Administration Loan 
Program Performance (effective Mar. 31, 2022), https://www.sba.gov/document/report-small-business-administration-loan-program-performance. SBA guaranteed loans comprised $134 billion out of this 
total, which amount has been deducted from the totals for depository 
institutions to avoid double counting.
    \122\ Small Bus. Admin., Paycheck Protection Program (PPP) 
Report (approvals through May 31, 2021), https://www.sba.gov/sites/default/files/2021-06/PPP_Report_Public_210531-508.pdf; Small Bus. 
Admin., Disaster Assistance Update--Nationwide COVID EIDL, Targeted 
EIDL Advances, Supplemental Targeted Advances (June 3, 2021), 
https://www.sba.gov/sites/default/files/2021-06/COVID-19%20EIDL%20TA%20STA_6.3.2021_Public-508.pdf; Small Bus. Admin., 
Disaster Assistance Update--Nationwide EIDL Loans (Nov. 23, 2020), 
https://www.sba.gov/sites/default/files/2021-02/EIDL%20COVID-19%20Loan%2011.23.20-508_0.pdf.
    \123\ Pandemic Response Accountability Comm., Paycheck 
Protection Program: Loan Forgiveness by the Numbers (July 2022), 
https://www.pandemicoversight.gov/media/file/ppp-loan-forgiveness-fact-sheet-july-2022-updatepdf.
---------------------------------------------------------------------------

    The Farm Credit System is another important government-related part 
of the small business credit landscape. The CFPB estimates that Farm 
Credit System lenders had around $55 billion in outstanding balances of 
credit extended to small farms in 2019. Using the same small loan to 
farms proxy as is used in the FFIEC Call Report, the CFPB estimates 
credit to farms with an origination value of less than $500,000. Based 
on the Farm Credit System's 2019 Annual Information Statement of the 
Farm Credit System, the CFPB estimates that outstanding balances of 
such small credit to farms totaled $55 billion at the end of 2019.\124\ 
The CFPB notes that, as with the FFIEC Call Report proxy, this number 
may include credit to non-small farms and may exclude larger credit 
transactions extended to small farms. Considering credit extended with 
an origination value of between $500,000 and $5 million would increase 
the market size by $86 billion to $141 billion.\125\
---------------------------------------------------------------------------

    \124\ Fed. Farm Credit Banks Funding Corp., Farm Credit 2019 
Annual Information Statement of the Farm Credit System, at 54 (Feb. 
28, 2020), https://www.farmcreditfunding.com/ffcb_live/investorResources/informationStatements.html.
    \125\ Id.
---------------------------------------------------------------------------

    Mostly extended by depository institutions, the CFPB estimates that 
the market for small business credit cards totaled over $60 billion in 
outstanding balances for 2020.\126\ Using data from Y-14 Form 
submissions to the Federal Reserve Board, the CFPB estimates the value 
of outstanding balances for small business credit card accounts where 
the loan is underwritten with the sole proprietor or primary business 
owner as an applicant.\127\
---------------------------------------------------------------------------

    \126\ See Bd. of Governors of the Fed. Rsrv. Sys., Report Forms 
FR Y-14M, https://www.federalreserve.gov/apps/reportingforms/Report/Index/FR_Y-14M (last updated Sept. 12, 2022). The Board's data are 
received from bank holding companies over $50 billion in assets, 
which represent 70 percent of outstanding balances for consumer 
credit cards; the corresponding percent of balances captured for 
small business cards is not known, so the total small business-
purpose credit card market could be substantially higher or lower. 
See CFPB, The Consumer Credit Card Market, at 18 (Aug. 2019), 
https://files.consumerfinance.gov/f/documents/cfpb_consumer-credit-card-market-report_2019.pdf.
    \127\ Off. of Mgmt. & Budget, Instructions for the Capital 
Assessments and Stress Testing Information Collection (Reporting 
Form FR-Y14M), OMB No. 7100-0341, at 148 (Mar. 2020), https://omb.report/icr/202101-7100-006/doc/108187801.
---------------------------------------------------------------------------

    Equipment and vehicle leasing, whereby businesses secure the right 
to possess and use a piece of equipment or vehicle for a term in return 
for consideration, is another important product category that is 
estimated to value roughly $160 billion in outstanding balances in 
2019. The CFPB estimates the total size of the equipment and vehicle 
leasing market for all sized businesses in 2019 to be approximately 
$900 billion.\128\ The CFPB further assumes that small businesses 
comprise around 18 percent of the total

[[Page 35163]]

equipment and vehicle leasing market.\129\
---------------------------------------------------------------------------

    \128\ See Equip. Leasing & Fin. Found., Horizon Report, https://www.leasefoundation.org/industry-resources/horizon-report/ (last 
updated Apr. 22, 2021).
    \129\ See Karen Mills, Harvard Bus. Sch., State of Small 
Business Lending, at 29 (July 2014), https://www.hbs.edu/ris/Supplemental%20Files/15-004%20HBS%20Working%20Paper%20Chart%20Deck_47695.pdf (estimating 
equipment leasing outstanding balances for small business borrowers 
at approximately $160 billion at Dec. 31, 2013); Monitor Daily, SEFI 
Report Finds Strong Performance Despite Challenges (Oct. 21, 2014), 
https://www.monitordaily.com/news-posts/sefi-report-finds-strong-performance-despite-challenges/ ($903 billion market in 2014, 
commensurate with an 18 percent market share for small business 
borrowers at the time of the Karen Mills report).
---------------------------------------------------------------------------

    Factoring is a similarly significant product type, estimated at 
around $100 billion in market size for 2019.\130\ In a factoring 
transaction, factors purchase, at a discount, a legally enforceable 
claim for payment (i.e., accounts receivables or invoices) for goods 
already supplied or services already rendered by a business for which 
payment has not yet been made in full; hence, a factor's risk related 
to repayment lies with the business's customer and not the business 
itself. In most cases, specific companies, called factors, provide 
factoring products.
---------------------------------------------------------------------------

    \130\ See Secured Fin. Found., 2019 Secured Finance: Market 
Sizing & Impact Study Extract Report, at 7 (June 2019), https://www.sfnet.com/docs/default-source/data-files-and-research-documents/sfnet_market_sizing___impact_study_extract_f.pdf?sfvrsn=72eb7333_2. 
This study estimated the total volume of the U.S. factoring market 
to be $101 billion. To the extent that factoring volumes differ from 
outstanding balances, the value of outstanding balances may be 
higher or lower than this estimate. Also, this estimate captures 
factoring for business borrowers of all sizes, not just small 
business borrowers. The CFPB assumes that most factoring is provided 
to small business customers.
---------------------------------------------------------------------------

    The market for merchant cash advances continues to develop rapidly 
and data are even more scarce than for other segments of the small 
business lending market. This limits the reliability of estimates as to 
the merchant cash advance market's size. The CFPB estimates the 2019 
market size to be around $20 billion.\131\ The merchant cash advance 
market is also of particular significance for smaller and traditionally 
underserved businesses that may not qualify for other types of 
credit.\132\ Merchant cash advances are typically structured to provide 
a lump sum payment up front (a cash advance) in exchange for a share of 
future revenue until the advance, plus an additional amount, is repaid. 
Unlike the majority of other small business financing products, 
merchant cash advances typically purport to be for short 
durations.\133\ The CFPB understands that merchant cash advances also 
tend to be relatively high-cost products.\134\ Several States, 
including New York and California, are implementing laws that will 
require providers of ``sales-based financing,'' such as merchant cash 
advances, as well as other nondepositories to provide disclosures 
(including estimated APR in some States) similar to those required 
under the Truth in Lending Act (TILA),\135\ which generally only 
applies to consumer credit.\136\
---------------------------------------------------------------------------

    \131\ Paul Sweeney, Gold Rush: Merchant Cash Advances are Still 
Hot, deBanked (Aug. 18, 2019), https://debanked.com/2019/08/gold-rush-merchant-cash-advances-are-still-hot/. BPC estimates appear to 
reference origination volumes rather than outstanding balances. See 
Nimayi Dixit, S&P Glob. Mkt. Intel., Payment Fintechs Leave Their 
Mark On Small Business Lending (Aug. 28, 2018), https://www.spglobal.com/marketintelligence/en/news-insights/research/payment-fintechs-leave-their-mark-on-small-business-lending. 
Depending on credit multiplier effects, the value of annual 
origination volumes could be smaller or greater than outstanding 
balances. Without information on outstanding balances and for the 
purposes of calculating a market size for small business financing 
in 2019, the CFPB assumes in this paper a 1:1 ratio between annual 
origination volumes and outstanding balances for merchant cash 
advance products. See above for discussion of credit multiplier 
effects.
    \132\ Cf. Barbara Lipman & Ann Marie Wiersch, Bd. of Governors 
of the Fed. Rsrv. Sys., Uncertain Terms: What Small Business 
Borrowers Find When Browsing Online Lender websites, at 3 (Dec. 
2019), https://www.federalreserve.gov/publications/files/what-small-business-borrowers-find-when-browsing-online-lender-websites.pdf 
(observing that online lenders, including providers of merchant cash 
advance products, position themselves as offering financing to 
borrowers underserved by traditional lenders).
    \133\ See id. (stating that merchant cash advances are generally 
repaid in three to 18 months).
    \134\ Id. (stating that annual percentage rates on merchant cash 
advance products can exceed 80 percent or rise to triple digits). 
See also Fed. Trade Comm'n, `Strictly Business' Forum, Staff 
Perspective, at 5 (Feb. 2020), https://www.ftc.gov/system/files/documents/reports/staff-perspective-paper-ftcs-strictly-business-forum/strictly_business_forum_staff_perspective.pdf (observing 
stakeholder concern about the high-cost of merchant cash advances 
that can reach triple digit annual percentage rates).
    \135\ 15 U.S.C. 1601 et seq.
    \136\ New York State law requires that providers of ``sales-
based financing'' provide disclosures to borrowers that include 
calculations of an estimated annual percentage rate in accordance 
with the CFPB's Regulation Z, 12 CFR part 1026. See N.Y. S.898, 
section 803(c) (signed Jan. 6, 2021) (amending S.5470-B), https://legislation.nysenate.gov/pdf/bills/2021/s898. The New York 
Department of Financial Services is currently developing regulations 
to implement the law. See N.Y. Dep't of Fin. Servs., Proposed 
Financial Services Regulations, https://www.dfs.ny.gov/industry_guidance/regulations/proposed_fsl. Similarly, California's 
Department of Financial Protection and Innovation has adopted 
regulations to implement a California law requiring disclosures by 
commercial financing companies, including those providing sales-
based financing. See 10 Cal. Code Reg. 900(a)(28) (effective Dec. 9, 
2022) (defining sales-based financing as ``a commercial financing 
transaction that is repaid by a recipient to the financer as a 
percentage of sales or income, in which the payment amount increases 
and decreases according to the volume of sales made or income 
received by the recipient'' and including ``a true[hyphen]up 
mechanism''); 10 Cal. Code Reg. 914 and 940 (requiring sales-based 
financing providers disclosure estimated annual percentage rate 
according to Regulation Z, 12 CFR part 1026). Under these laws, 
providers of commercial financing generally will be required to 
disclose: (1) the total amount financed, and the amount disbursed if 
it is different from the total amount financed; (2) the finance 
charge; (3) the APR (or the estimated APR for sales-based financing 
and factoring transactions), calculated in accordance with TILA and 
Regulation Z; (4) the total repayment amount; (5) the term (or the 
estimated term for sales-based financing) of the financing; (6) 
periodic payment amounts; (7) prepayment charges; (8) all other fees 
and charges not otherwise disclosed; and (9) any collateral 
requirements or security interests. See Cal. S.B. 1235 (Sept. 30, 
2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July 
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B. 
Other States, including Virginia and Utah, have passed commercial 
financing disclosure laws that do not require disclosure of the APR. 
See Virginia H. 1027 (enacted Apr. 11, 2022), https://lis.virginia.gov/cgi-bin/legp604.exe?221+ful+CHAP0516; Utah S.B. 183 
(enacted Mar. 24, 2022), https://le.utah.gov/~2022/bills/static/
SB0183.html.
---------------------------------------------------------------------------

    Finally, trade credit is another significant market, which the 
Bureau estimates to total $51 billion in outstanding balances in 2019. 
The Bureau estimates the trade credit market size by adding the total 
accounts payable for businesses under $1 million in annual 
revenue.\137\ Considering the total value of accounts payable for 
businesses between $1 million and $5 million would increase the market 
size by $88 billion.\138\ Trade credit is an often informal, business-
to-business transaction, usually between non-financial firms whereby 
suppliers allow their customers to acquire goods and/or services 
without requiring immediate payment.
---------------------------------------------------------------------------

    \137\ See Fundbox/PYMNTS.com, The Trade Credit Dilemma, at 11 
(May 2019), https://www.pymnts.com/wp-content/uploads/2019/05/Trade-Credit-Dilemma-Report.pdf (estimating accounts payable for 
businesses with revenue of under $250,000 at $6.7 billion and for 
businesses with revenue of $250,000 to $999,000 at $44.6 billion).
    \138\ Id. The trade credit market is estimated to total $1.6 
trillion across all business sizes in the United States. In the 
overall $1.4 trillion market size total for all small business 
financing products, the CFPB has included only the trade credit 
market for businesses of up to $1 million in revenue for consistency 
with its White Paper.
---------------------------------------------------------------------------

    The CFPB estimates that there were approximately 8,200 financial 
institutions extending small business financing in 2019, almost 80 
percent of which were depository institutions.\139\
---------------------------------------------------------------------------

    \139\ This number has increased from 8,100 financial 
institutions estimated in the NPRM for two reasons related to the 
number of nondepository financial institutions participating in the 
credit market for 5+ unit residential dwellings in 2019. First, the 
CFPB revised its methodology for excluding depository institutions 
from the total number of participants active in the credit market 
for 5+ unit residential dwellings, as detailed below. Second, the 
NPRM total for all financial institutions active in the small 
business financing market included only those nondepository 
financial institutions participating in the credit market for 5+ 
unit residential dwellings estimated to be covered by the proposed 
rule rather than all those active in the market at all.

---------------------------------------------------------------------------

[[Page 35164]]

    Based on FFIEC Call Report data for December 2019, the CFPB 
estimates that about 5,100 banks and savings associations were active 
in the small business lending market, out of a total of about 5,200 
banks and savings associations.\140\ The CFPB assumes that a bank or 
savings association is ``active'' in the market if it reports a 
positive outstanding balance of small loans, lines of credit, and 
credit cards to businesses.
---------------------------------------------------------------------------

    \140\ Calculated from FFIEC Call Report data accessed on October 
18, 2022. Although 2019 figures are used here for consistency across 
types of lenders, consolidation among depository institutions has 
continued since 2019. As of June 30, 2022, 4,692 commercial banks or 
savings associations and 1,575 credit unions reported a positive 
outstanding balance of small loans, lines of credit, and credit 
cards to businesses. Calculated from FFIEC Call Report data accessed 
on October 14, 2022.
---------------------------------------------------------------------------

    Based on the NCUA Call Report data for December 2019, the CFPB 
estimates that about 1,200 out of 5,300 total credit unions were active 
in the small business lending market.\141\ The CFPB defines a credit 
union as ``active'' in the market if it reported a positive number of 
originations of loans, lines of credit, and credit cards to members for 
commercial purposes in 2019.
---------------------------------------------------------------------------

    \141\ Nat'l Credit Union Admin., 2019 Call Report Quarterly 
Data, https://www.ncua.gov/analysis/credit-union-corporate-call-report-data/quarterly-data (last updated Mar. 8, 2023). (One hundred 
twelve credit unions were not federally insured as of December 2019 
but are included here as depository institutions. Calculated from 
NCUA Call Report data accessed on June 8, 2021.) Although 2019 
figures are used here for consistency across types of lenders, 
consolidation among depository institutions has continued since 
2019. As of June 30, 2022, 1,120 credit unions reported a positive 
number of originations of loans, lines of credit, and credit cards 
to members for commercial purposes during the first half of 2022. 
This number was calculated from NCUA Call Report data accessed on 
October 14, 2022.
---------------------------------------------------------------------------

    The CFPB estimates that there were about 1,900 nondepository 
institutions active in the small business financing market in 
2019,\142\ accounting for around $550 billion in outstanding credit to 
small businesses. This total number of nondepository institutions 
includes approximately 300 commercial finance companies, 30 or more 
online lenders, 340 nondepository CDFIs, 150 nondepository mortgage 
lenders in the multifamily market, 100 merchant cash advance providers, 
700-900 factors, at least 100 government lenders, and 72 Farm Credit 
System institutions.
---------------------------------------------------------------------------

    \142\ There may also be cooperative or nonprofit lenders as well 
as equipment and vehicle finance dealers originating in their own 
name that are not captured by the CFPB in these figures. For 
example, by searching Uniform Commercial Code (UCC) filings, Manasa 
Gopal and Philipp Schnabl identified 19 cooperative lenders that 
originated at least 1,500 loans over the period from 2006 to 2016. 
Manasa Gopal & Philipp Schnabl, The Rise of Finance Companies and 
FinTech Lenders in Small Business Lending, N.Y.U. Stern Sch. of 
Bus., at 18 (May 13, 2020), https://ssrn.com/abstract=3600068. 
Additionally, these figures do not include trade creditors, which 
are non-companies that extend credit by allowing customers a period 
of time in which to pay and which are much greater in number since 
the practice is widespread across the economy. This number has 
increased from 1,800 financial institutions estimated in the NPRM 
for two reasons related to the number of nondepository financial 
institutions participating in the credit market for 5+ unit 
residential dwellings in 2019. First, the CFPB revised its 
methodology for excluding depository institutions from the total 
number of participants active in the credit market for 5+ unit 
residential dwellings, as detailed below. Second, the Notice of 
Proposed Rulemaking total for all nondepository financial 
institutions active in the small business financing market included 
only those nondepository financial institutions participating in the 
credit market for 5+ unit residential dwellings that were estimated 
to be covered by the proposed rule rather than all those active in 
the market at all.
---------------------------------------------------------------------------

    The Bureau estimates that about 300 commercial finance companies 
were engaged in small business lending in 2019.\143\ The Bureau also 
estimates there to be about 30 or more online lenders that were active 
in the small business lending market in 2019, not including merchant 
cash advance providers.\144\
---------------------------------------------------------------------------

    \143\ See id. By searching UCC filings, Manasa Gopal and Philipp 
Schnabl identified almost 300 commercial finance companies, 
including both independent and captive finance companies, with at 
least 1,500 small business loans between 2006 and 2016. This figure 
combines 192 independent finance companies with 95 captive finance 
companies. Since this estimate captures only those commercial 
finance companies averaging at least 150 loans per year over the 
2006 to 2016 period, it may exclude smaller volume lenders and 
should be considered conservative.
    \144\ Id. Using the same methodology as for commercial finance 
companies, Gopal and Schnabl identified 19 fintech companies. The 
CFPB conservatively increases this estimate to 30 to account for 
rapid growth in the industry from 2016 to 2019. Since this estimate 
captures only those fintechs averaging at least 150 loans per year 
over the 2006 to 2016 period, it may exclude smaller volume lenders 
and should be considered conservative. On the other hand, since 
2019, the COVID-19 economic shock may have led to some fintechs 
scaling back or exiting the small business financing market. See, 
e.g., Ingrid Lunden, Amex Acquires SoftBank-backed Kabbage After 
Tough 2020 for the SMB Lender, TechCrunch (Aug. 17, 2020), https://techcrunch.com/2020/08/17/amex-acquires-softbank-backed-kabbage-after-tough-2020-for-the-smb-lender/ (noting that Kabbage 
temporarily shut down credit lines to small businesses during April 
2020 and then spun off its small business loan portfolio when it was 
subsequently acquired by American Express).
---------------------------------------------------------------------------

    The Bureau estimates that 340 nondepository CDFIs were engaged in 
small business lending in 2019. Both depository and nondepository 
institutions can be CDFIs. Depository CDFIs are counted in the numbers 
of banks, savings associations, and credit unions engaged in small 
business lending. According to the CDFI Fund, 487 nondepository funds 
(i.e., loan funds and venture capital funds) reported as CDFIs in 
2019.\145\ Of these, 340 institutions reported that business finance or 
commercial real estate finance were a primary or secondary line of 
business in 2019.\146\
---------------------------------------------------------------------------

    \145\ CDFI Fund, CDFI Annual Certification and Data Collection 
Report (ACR): A Snapshot for Fiscal Year 2019, at 8 (Oct. 2020), 
https://www.cdfifund.gov/sites/cdfi/files/2021-01/ACR-Public-Report-Final-10292020-508Compliant.pdf.
    \146\ Id. at 15-16.
---------------------------------------------------------------------------

    The Bureau estimates that about 150 nondepository mortgage lenders 
participated in the credit market for 5+ unit residential dwellings in 
2019.\147\ In its 2019 Multifamily Lending Report, the Mortgage Bankers 
Association lists annual multifamily lending volumes by institution, 
including a distinction for loans of under $1 million in value at 
origination.\148\ Using the same small loan to business proxy as is 
used in the FFIEC Call Report, the Bureau estimates the number of 
nondepository mortgage lenders by counting the number of institutions 
that appear on this list that are not depository institutions and that 
extended at least two loans in 2019.\149\
---------------------------------------------------------------------------

    \147\ Nondepository lenders providing financing for commercial 
real estate transactions besides 5+ unit residential dwellings are 
not separately captured here but often overlap with those lenders 
providing financing for 5+ unit residential dwellings. See Com. 
Prop. Exec., Top 20 Commercial Mortgage Banking and Brokerage Firms 
of 2022 (Jan. 3, 2022), https://www.commercialsearch.com/news/top-20-commercial-mortgage-banking-and-brokerage-firms-of-2022/ (listing 
top commercial real estate lenders and identifying sectors financed 
by lender).
    \148\ See Mortg. Bankers Ass'n, Annual Report on Multi-Family 
Lending--2019, at 9-66 (2020), https://www.mba.org/store/products/research/general/report/2019-annual-report-on-multifamily-lending. 
In the Notice of Proposed Rulemaking, the CFPB had estimated 
nondepository financial institutions participating in the credit 
market for 5+ unit residential dwellings by excluding financial 
institutions included in the above-cited report with the word 
``bank'' or ``credit union'' in the institution name and further 
manually removing around ten more institutions that appeared to be 
depository institutions at first glance. To improve accuracy, for 
the Final Rule the CFPB has manually coded all 2,588 institutions in 
the above-cited report to exclude any institutions that are banks, 
savings associations, credit unions, or farm credit associations but 
which do not have the word ``bank'' or ``credit union'' in the 
institution name as recorded in the report. As a result, the total 
number of nondepository financial institutions active in this market 
fell from 270 to 150.
    \149\ The CFPB counts institutions extending at least two loans 
of any size in order to estimate institutions extending at least one 
small loan, based on the assumption that some 50 percent of these 
loans may have been for values greater than $1 million.
---------------------------------------------------------------------------

    Data from UCC filings indicates that about 100 institutions were 
active in the market for providing merchant cash advances to small 
businesses in 2021.\150\
---------------------------------------------------------------------------

    \150\ deBanked, UCC-1 and UCC-3 Filings by Merchant Cash Advance 
Companies & Alternative Business Lenders, https://debanked.com/merchant-cash-advance-resource/merchant-cash-advance-ucc/ (last 
visited Mar. 20, 2023).

---------------------------------------------------------------------------

[[Page 35165]]

    The Bureau estimates the number of factors in 2019 to be between 
700-900 and assumes that most factors were providing financing to small 
business.\151\
---------------------------------------------------------------------------

    \151\ See Secured Fin. Found., 2019 Secured Finance: Market 
Sizing & Impact Study Extract Report, at 15 (June 2019), https://www.sfnet.com/docs/default-source/data-files-and-research-documents/sfnet_market_sizing___impact_study_extract_f.pdf?sfvrsn=72eb7333_2 
(estimating the number of factors at between 700 and 900).
---------------------------------------------------------------------------

    Finally, many government agencies and government-sponsored 
enterprises provide or facilitate a significant proportion of small 
business credit. As the flagship government lender, the SBA managed in 
2019 a portfolio of over $140 billion in loans to small businesses, to 
which it added over $1 trillion in loans extended as part of the COVID-
19 emergency lending programs. (As noted above, over $740 billion in 
Paycheck Protection Program loans had been forgiven as of July 2022, 
bringing SBA outstanding loan balances back down.\152\) Across Federal, 
State, and municipal governments, the Bureau estimates that there are 
likely over 100 government small business lending programs.\153\ 
Additionally, the Farm Credit System reports that, as of December 2019, 
the Farm Credit System contained a total of 72 banks and 
associations.\154\ All of these Farm Credit System institutions were 
engaged in lending to small farms in 2019.\155\
---------------------------------------------------------------------------

    \152\ Pandemic Response Accountability Comm., Paycheck 
Protection Program: Loan Forgiveness by the Numbers (July 2022), 
https://www.pandemicoversight.gov/media/file/ppp-loan-forgiveness-fact-sheet-july-2022-updatepdf.
    \153\ In addition to several Federal small business lending 
programs, States and major municipalities also often have one or 
more programs of their own. One State and one municipal program in 
each State would already total 100 government lending programs 
across Federal, State, and municipal governments.
    \154\ Fed. Farm Credit Banks Funding Corp., Farm Credit 2019 
Annual Information Statement of the Farm Credit System, at 7 (Feb. 
28, 2020), https://www.farmcreditfunding.com/ffcb_live/serve/public/pressre/finin/report.pdf?assetId=395570. The CFPB notes that Farm 
Credit System banks do not report FFIEC Call Reports and are thus 
not counted in the number of banks and savings associations 
discussed above.
    \155\ Calculated from Young, Beginning, and Small Farmer Report 
data accessed on June 17, 2022, https://reports.fca.gov/CRS/search-institution.aspx.
---------------------------------------------------------------------------

E. Challenges for Women-Owned, Minority-Owned, and LGBTQI+-Owned Small 
Businesses

    Within the context of small business financing, women-owned, 
minority-owned, and LGBTQI+-owned small businesses often face 
relatively challenges than their counterparts to obtain credit. In line 
with congressional purpose, information collected about these 
businesses may provide opportunities for community development lending, 
and the information collected may be particularly important to support 
fair lending analysis and enforcement.
    Women-owned, minority-owned, and LGBTQI+-owned small businesses 
have smaller cash reserves on average, leaving them less able to 
weather credit crunches. For example, in February 2021, 39 percent of 
women-owned businesses had one month or less in cash reserves, compared 
with 29 percent of men-owned firms.\156\ And in around 90 percent of 
majority Black and Hispanic communities, most businesses have fewer 
than 14 days of cash buffer, while this is true of only 35 percent of 
majority white communities.\157\ As a result, many small businesses, 
especially those owned by women, minorities, and LGBTQI+ individuals, 
may have a greater need for financing in general and particularly 
during economic downturns.
---------------------------------------------------------------------------

    \156\ Eric Groves, Cash Strapped SMBs, While 75% Of PPP Is Still 
Available, Alignable (Feb. 9, 2021), https://www.alignable.com/forum/alignable-road-to-recovery-report-february-2021.
    \157\ JPMorgan Chase Inst., Place Matters: Small Business 
Financial Health in Urban Communities, at 5 (Sept. 2019), https://www.jpmorganchase.com/content/dam/jpmc/jpmorgan-chase-and-co/institute/pdf/institute-place-matters.pdf. See also Diana Farrell et 
al., JP Morgan Chase Inst., Small Business Owner Race, Liquidity, 
and Survival, at 5 (July 2020), https://www.jpmorganchase.com/content/dam/jpmc/jpmorgan-chase-and-co/institute/pdf/institute-small-business-owner-race-report.pdf (finding in a sample of firms 
founded in 2013 and 2014 that after one year in business white-owned 
firms had on average 19 cash buffer days compared to 14 for 
Hispanic-owned firms and 12 for Black-owned firms).
---------------------------------------------------------------------------

    Policy responses to support small businesses in economic downturns 
may struggle to reach small businesses owned by women, minorities, and 
LGBTQI+ individuals. For example, although LGBTQI+-owned small 
businesses were more likely to apply for Paycheck Protection Program 
loans, they were less likely to receive all of the funds that they 
applied for, and more likely to have gotten none of the funding they 
applied for.\158\
---------------------------------------------------------------------------

    \158\ Spencer Watson et al., LGBTQ-Owned Small Businesses in 
2021, Ctr. for LGBTQ Econ. Advancement & Rsch. and Movement 
Advancement Project, at 8 (July 2022), https://www.lgbtmap.org/file/LGBTQ-Small-Businesses-in-2021.pdf (using data from the Federal 
Reserve's Small Business Credit Survey, which began collecting 
demographic data on LGBTQ small business ownership in 2021).
---------------------------------------------------------------------------

    Established relationships between applicants and lenders were often 
critical to approvals in the earliest period of Paycheck Protection 
Program underwriting; \159\ many minority-owned \160\ and women-owned 
\161\ businesses did not have such relationships. Minority borrowers 
with limited English proficiency may also have faced difficulties 
overcoming language barriers,\162\ particularly during the first round 
of the Paycheck Protection Program in April 2020 when application 
materials had not yet been translated from English.\163\ Further, many 
minority-owned and women-owned firms are sole proprietorships and 
independent contractors, both of which received delayed access to 
Paycheck Protection Program loans.\164\
---------------------------------------------------------------------------

    \159\ Sara Savat, Who you know matters, even when applying for 
PPP loans, The Source, Newsroom, Wash. Univ. in St. Louis (Feb. 15, 
2021), https://source.wustl.edu/2021/02/who-you-know-matters-even-when-applying-for-ppp-loans/ (previous lender relationship increased 
likelihood of obtaining a Paycheck Protection Program loan by 57 
percent). See generally 86 FR 7271, 7280 (Jan. 27, 2021) (noting 
that many lenders restricted access to Paycheck Protection Program 
loans to existing customers, which may run a risk of violating ECOA 
and Regulation B).
    \160\ Claire Kramer Mills, Fed. Rsrv. Bank of N.Y., Double 
Jeopardy: COVID-19's Concentrated Health and Wealth Effects in Black 
Communities, at 6 (Aug. 2020), https://www.newyorkfed.org/medialibrary/media/smallbusiness/DoubleJeopardy_COVID19andBlackOwnedBusinesses (arguing that a lack 
of strong banking relationships among Black-owned firms may have led 
to relatively lower rates of access to Paycheck Protection Program 
loans for such firms); Fed. Rsrv. Banks, Small Business Credit 
Survey: 2021 Report on Firms Owned by People of Color, at ii (Apr. 
15, 2021), https://www.fedsmallbusiness.org/survey/2021/2021-report-on-firms-owned-by-people-of-color (Small Business Credit Survey of 
Firms Owned by People of Color) (finding that ``firms owned by 
people of color tend to have weaker banking relationships'').
    \161\ Cf. Mariel Padilla, `I feel like I'm drowning': Women 
Business Owners Keep Hitting New Barriers to Federal Loan Aid, 19th 
(Apr. 23, 2021), https://19thnews.org/2021/04/women-small-businesses-loan/ (stating that historically higher rates of loan 
denials for women of color than for white men result in less 
established banking relationships and thereby reduced access to 
Federal support disbursed through banks).
    \162\ See Emily Ryder Perlmeter, Fed. Rsrv. Bank of Dallas, How 
PPP Loans Eluded Small Businesses of Color (Nov. 29, 2021), https://www.dallasfed.org/cd/communities/2021/1129 (detailing language 
barriers among small business owners of color seeking Paycheck 
Protection Program loans, particularly Hispanic and Asian owners who 
were not fluent in English).
    \163\ See Press Release, Rep. Judy Chu, House Dems Urge SBA to 
Translate Resources into 10 Most Common Languages (Apr. 9, 2020), 
https://chu.house.gov/media-center/press-releases/house-dems-urge-sba-translate-resources-10-most-common-languages.
    \164\ Greg Iacurci, Coronavirus loan program delayed for 
independent contractors and self-employed workers, CNBC (Apr. 3, 
2020), https://www.cnbc.com/2020/04/03/delays-in-sba-loans-for-independent-contractors-self-employed-workers.html; see also Mariel 
Padilla, `I feel like I'm drowning': Women Business Owners Keep 
Hitting New Barriers to Federal Loan Aid, 19th (Apr. 23, 2021), 
https://19thnews.org/2021/04/women-small-businesses-loan/ (stating 
that non-employer businesses affected by restrictions on sole 
proprietor and independent contractor access to Paycheck Protection 
Program loans are disproportionately owned by women and minorities).

---------------------------------------------------------------------------

[[Page 35166]]

    Applicants whose owners belong to protected categories may have 
received different program outcomes when applying for Paycheck 
Protection Program loans, although limitations in demographic 
information for Paycheck Protection Program loans have hindered fair 
lending analyses.\165\ Even for such firms that did obtaining Paycheck 
Protection Program loans, they may have faced different outcomes with 
respect to loan forgiveness.\166\
---------------------------------------------------------------------------

    \165\ Rocio Sanchez-Moyano, Fed. Rsrv. Bank of S.F., Paycheck 
Protection Program Lending in the Twelfth Federal Reserve District 
(Mar. 3, 2021), https://www.frbsf.org/community-development/publications/community-development-research-briefs/2021/february/ppp-lending-12th-district/ (citing matched-pair audit studies that 
found discouragement and provision of incomplete information for 
minority business owners seeking Paycheck Protection Program loans); 
86 FR 7271, 7280 (Jan. 27, 2021) (noting that facially neutral 
Paycheck Protection Program policies such as limiting loans to 
businesses with pre-existing relationships may run a risk of 
violating ECOA and Regulation B due to a disproportionate impact on 
a prohibited basis).
    \166\ For example, Black-owned firms applied to fintechs for 
Paycheck Protection Program loans at a high rate and certain 
fintechs or banks that partnered with fintechs have also had a high 
rate of unforgiven Paycheck Protection Program loans. See Max Reyes, 
Bank Behind Fintech's Rise Reels in Billions in Pandemic's Wake, 
Bloomberg (Aug. 22, 2022), https://www.bloomberg.com/news/articles/2022-08-21/bank-behind-fintech-s-rise-reels-in-billions-in-pandemic-s-wake (reporting that, as of July 2021, the share of unforgiven 
Paycheck Protection Program loans at Kabbage, a fintech, and at 
Cross River, a bank that partnered with fintechs, was 34 percent and 
16 percent, respectively); Who Benefited from PPP Loans (showing 
that Black-owned firms applied to fintechs at higher rates than 
other firms).
---------------------------------------------------------------------------

    As demonstrated by the impact of the COVID-19 pandemic on small 
businesses, small business lending data are essential to better 
understand the small business financing landscape to maintain and 
expand support for this key part of the U.S. economy.

F. The Purposes and Impact of Section 1071

    The Dodd-Frank Act sets forth the Bureau's purposes and mission. It 
provides that a key component of the Bureau's fair lending work is to 
ensure fair, equitable, and nondiscriminatory access to credit for both 
individuals and their communities.\167\ And in passing section 1071, 
Congress articulated two purposes for requiring the Bureau to collect 
data on small business credit applications and loans--to ``facilitate 
enforcement of fair lending laws'' and to ``enable communities, 
governmental entities, and creditors to identify business and community 
development needs and opportunities of women-owned, minority-owned, and 
small businesses.'' \168\ Although the Dodd-Frank Act does not further 
explain or clarify these dual statutory purposes, other Federal laws 
shed light on both purposes. That is, a set of existing Federal laws 
form the backdrop for the use of small business lending data collected 
and reported pursuant to section 1071 to facilitate the enforcement of 
fair lending laws, and to identify business and community development 
needs and opportunities across the United States.
---------------------------------------------------------------------------

    \167\ See 12 U.S.C. 5493(c)(2)(A) (directing the Office of Fair 
Lending and Equal Opportunity to provide ``oversight and enforcement 
of Federal laws intended to ensure the fair, equitable, and 
nondiscriminatory access to credit for both individuals and 
communities that are enforced by the Bureau,'' including ECOA and 
the Home Mortgage Disclosure Act).
    \168\ ECOA section 704B(a).
---------------------------------------------------------------------------

1. Facilitating Enforcement of Fair Lending Laws
    Congress intended for section 1071 to ``facilitate enforcement of 
fair lending laws,'' \169\ which include ECOA, the Home Mortgage 
Disclosure Act of 1975 (HMDA),\170\ the Fair Housing Act,\171\ and 
other Federal and State anti-discrimination laws.
---------------------------------------------------------------------------

    \169\ Id.
    \170\ 12 U.S.C. 2801 et seq.
    \171\ 42 U.S.C. 3601 through 3619.
---------------------------------------------------------------------------

i. Equal Credit Opportunity Act (ECOA)
    ECOA, which is implemented by Regulation B, applies to all 
creditors. Congress first enacted ECOA in 1974 to require financial 
institutions and other firms engaged in the extension of credit to 
``make credit equally available to all creditworthy customers without 
regard to sex or marital status.'' \172\ Two years later, Congress 
expanded ECOA's scope to include age, race, color, religion, national 
origin, receipt of public assistance benefits, and exercise of rights 
under the Federal Consumer Credit Protection Act.\173\
---------------------------------------------------------------------------

    \172\ Public Law 93-495, tit. V, section 502, 88 Stat. 1500, 
1521 (1974).
    \173\ See Equal Credit Opportunity Act Amendments of 1976, 
Public Law 94-239, section 701(a), 90 Stat. 251, 251 (1976).
---------------------------------------------------------------------------

    ECOA makes it unlawful for any creditor to discriminate against any 
applicant with respect to any aspect of a credit transaction (1) on the 
basis of race, color, religion, national origin, sex (including sexual 
orientation, gender identity, and sex characteristics),\174\ marital 
status, or age (provided the applicant has the capacity to contract); 
(2) because all or part of the applicant's income derives from any 
public assistance program; or (3) because the applicant has in good 
faith exercised any right under the Federal Consumer Credit Protection 
Act.\175\
---------------------------------------------------------------------------

    \174\ In March 2021, the CFPB issued an interpretive rule 
clarifying that the scope of ECOA's and Regulation B's prohibition 
on credit discrimination on the basis of sex encompasses 
discrimination based on sexual orientation and gender identity, 
including discrimination based on actual or perceived nonconformity 
with sex-based or gender-based stereotypes and discrimination based 
on an applicant's associations. 86 FR 14363 (Mar. 16, 2021). See 
also Press Release, CFPB, CFPB Clarifies That Discrimination by 
Lenders on the Basis of Sexual Orientation and Gender Identity Is 
Illegal (Mar. 9, 2021), https://www.consumerfinance.gov/about-us/newsroom/cfpb-clarifies-discrimination-by-lenders-on-basis-of-sexual-orientation-and-gender-identity-is-illegal/. The interpretive 
rule states that an example of discriminatory sex-based or gender-
based stereotyping occurs if a small business lender discourages a 
small business owner appearing at its office from applying for a 
business loan and tells the prospective applicant to go home and 
change because, in the view of the creditor, the small business 
customer's attire does not accord with the customer's gender. 86 FR 
14363, 14365 (Mar. 16, 2021). As discussed further in the section-
by-section analysis of Sec.  1002.102(k) and (l), regarding the 
definitions of LGBTQI+ individual and LGBTQI+-owned business, 
respectively, the CFPB interprets ECOA's and Regulation B's 
prohibitions on the basis of sex to also include sex 
characteristics, including intersex traits.
    \175\ 15 U.S.C. 1601 et seq.
---------------------------------------------------------------------------

    Multiple Federal regulators can enforce ECOA and Regulation B and 
apply various penalties for violations. The enforcement provisions and 
penalties for those who violate ECOA and Regulation B are set forth in 
15 U.S.C. 1691e(b) and 12 CFR 1002.16. Violations may also result in 
civil money penalties, which are governed by 12 U.S.C. 5565(c)(3). The 
CFPB and multiple other Federal regulators have the statutory authority 
to bring actions to enforce the requirements of ECOA.\176\ These 
regulators have the authority to engage in research, conduct 
investigations, file administrative complaints, hold hearings, and 
adjudicate claims through the administrative enforcement process 
regarding ECOA. Regulators also have independent litigation authority 
and can file cases in Federal court alleging violations of fair lending 
laws under their jurisdiction. Like other Federal regulators who are 
assigned enforcement authority under section 704 of ECOA, the CFPB is 
required to refer matters to the Department of Justice (DOJ) when it 
has reason to believe that a creditor has engaged in a pattern or 
practice of lending

[[Page 35167]]

discrimination.\177\ Private parties may also bring claims under the 
civil enforcement provisions of ECOA, including individual and class 
action claims against creditors for actual and punitive damages for any 
violation of ECOA.\178\
---------------------------------------------------------------------------

    \176\ These regulators include the OCC, the Board, the FDIC, the 
NCUA, the Surface Transportation Board, the Civil Aeronautics Board, 
the Secretary of Agriculture, the Farm Credit Administration, the 
Securities and Exchange Commission, the SBA, the Secretary of 
Transportation, the CFPB, and the FTC. See 15 U.S.C. 1691c; 
Regulation B Sec.  1002.16(a). Motor vehicle dealers are subject to 
the Board's Regulation B (12 CFR part 202); the CFPB's rules, 
including this rule to implement section 1071, generally do not 
apply to motor vehicle dealers, as defined in section 1029(f)(2) of 
the Dodd-Frank Act, that are predominantly engaged in the sale and 
servicing of motor vehicles, the leasing and servicing of motor 
vehicles, or both. 12 U.S.C. 5519.
    \177\ See 15 U.S.C. 1691e(h).
    \178\ 15 U.S.C. 1691e(a); Regulation B Sec.  1002.16(b)(1).
---------------------------------------------------------------------------

ii. Home Mortgage Disclosure Act (HMDA)
    HMDA, implemented by the CFPB's Regulation C (12 CFR part 1003), 
requires lenders who meet certain coverage tests to report detailed 
information to their Federal supervisory agencies about mortgage 
applications and loans at the transaction level. These reported data 
are a valuable resource for regulators, researchers, economists, 
industry, and advocates assessing housing needs, public investment, and 
possible discrimination as well as studying and analyzing trends in the 
mortgage market for a variety of purposes, including general market and 
economic monitoring. There is potential overlap between what is 
required to be reported under HMDA and what is covered by section 1071 
for certain mortgage applications and loans for women-owned, minority-
owned, and small businesses.
    A violation of HMDA and Regulation C is subject to administrative 
sanctions, including civil money penalties. Compliance is enforced by 
the CFPB, the U.S. Department of Housing and Urban Development (HUD), 
the FDIC, the Board, the National Credit Union Administration (NCUA), 
or the Office of the Comptroller of Currency (OCC). These regulators 
have the statutory authority to bring actions to enforce the 
requirements of HMDA and to engage in research, conduct investigations, 
file administrative complaints, hold hearings, and adjudicate claims 
through the administrative enforcement process regarding HMDA.
iii. Fair Housing Act
    Title VIII of the Civil Rights Act of 1968, as amended (Fair 
Housing Act), prohibits discrimination in the sale, rental, or 
financing of dwellings and in other housing-related activities because 
of race, color, religion, sex (including sexual orientation and gender 
identity),\179\ disability,\180\ familial status, or national 
origin.\181\ The Fair Housing Act \182\ and its implementing 
regulations specifically prohibit discrimination in the making of 
loans,\183\ the purchasing of loans,\184\ and in setting the terms and 
conditions for making loans available,\185\ without reference to 
consumers, legal entities, or the purpose of the loan being made, 
although these prohibitions relate exclusively to dwellings.\186\
---------------------------------------------------------------------------

    \179\ See U.S. Dep't of Hous. & Urban Dev., Implementation of 
Executive Order 13988 on the Enforcement of the Fair Housing Act 
(Feb. 11, 2021), https://www.hud.gov/sites/dfiles/PA/documents/HUD_Memo_EO13988.pdf.
    \180\ The CFPB uses the term ``disability'' to refer to what the 
Fair Housing Act and its implementing regulations describe as a 
``handicap'' because that is the preferred term. See, e.g., Hunt v. 
Aimco Props., L.P., 814 F.3d 1213, 1218 n.1 (11th Cir. 2016) (noting 
the term disability is generally preferred over handicap).
    \181\ 42 U.S.C. 3601 through 3619, 3631.
    \182\ 42 U.S.C. 3605(b) (noting that for purposes of 3605(a), a 
``residential real estate-related transaction'' includes the making 
or purchasing of loans or providing other financial assistance for 
purchasing, constructing, improving, repairing, or maintaining a 
dwelling, or transactions secured by residential real estate).
    \183\ 24 CFR 100.120.
    \184\ 24 CFR 100.125.
    \185\ 24 CFR 100.130.
    \186\ A ``dwelling,'' as defined by the Fair Housing Act, is any 
building, structure, or portion thereof which is occupied as, or 
designed or intended for occupancy as, a residence by one or more 
families, and any vacant land which is offered for sale or lease for 
the construction or location thereon of any such building, 
structure, or portion thereof. 42 U.S.C. 3602(b).
---------------------------------------------------------------------------

    The DOJ and HUD are jointly responsible for enforcing the Fair 
Housing Act. The Fair Housing Act authorizes the HUD Secretary to issue 
a Charge of Discrimination on behalf of aggrieved persons following an 
investigation and a determination that reasonable cause exists to 
believe that a discriminatory housing practice has occurred.\187\ The 
DOJ may bring lawsuits where there is reason to believe that a person 
or entity is engaged in a ``pattern or practice'' of discrimination or 
where a denial of rights to a group of persons raises an issue of 
general public importance,\188\ or where a housing discrimination 
complaint has been investigated by HUD, HUD has issued a Charge of 
Discrimination, and one of the parties to the case has ``elected'' to 
go to Federal court.\189\ In Fair Housing Act cases, HUD and the DOJ 
can obtain injunctive relief, including affirmative requirements for 
training and policy changes, monetary damages and, in pattern or 
practice cases, civil penalties.\190\
---------------------------------------------------------------------------

    \187\ 42 U.S.C. 3610(g)(1) and (2).
    \188\ See 42 U.S.C. 3614(a).
    \189\ 42 U.S.C. 3612(o)(1).
    \190\ See 42 U.S.C. 3612, 3614.
---------------------------------------------------------------------------

    Upon receipt of a complaint alleging facts that may constitute a 
violation of the Fair Housing Act or upon receipt of information from a 
consumer compliance examination or other source suggesting a violation 
of the Fair Housing Act, Federal executive agencies forward such facts 
or information to HUD and, where such facts or information indicate a 
possible pattern or practice of discrimination in violation of the Fair 
Housing Act, to the DOJ.\191\ Private parties may also bring claims 
under the civil enforcement provisions of the Fair Housing Act.\192\
---------------------------------------------------------------------------

    \191\ 59 FR 2939, 2939 (Jan. 17, 1994).
    \192\ See 42 U.S.C. 3613.
---------------------------------------------------------------------------

iv. Other Fair Lending Laws
    Several other Federal statutes seek to promote fair lending. The 
CRA affirmatively encourages institutions to help to meet the credit 
needs of the entire community served by each institution covered by the 
statute, and CRA ratings take into account lending discrimination by 
those institutions.\193\ (See part II.F.2.i below for additional 
discussion of the CRA.) The Americans with Disabilities Act of 1990 
prohibits discrimination against persons with disabilities in the 
provision of goods and services, including credit services.\194\ 
Sections 1981 \195\ and 1982 \196\ of the Federal Civil Rights Acts are 
broad anti-discrimination laws that have been applied to many aspects 
of credit transactions.\197\
---------------------------------------------------------------------------

    \193\ See 12 U.S.C. 2901 et seq.
    \194\ See 42 U.S.C. 12101 et seq.
    \195\ 42 U.S.C. 1981(a).
    \196\ 42 U.S.C. 1982.
    \197\ See, e.g., Juarez v. Soc. Fin., Inc., No. 20-CV-03386-HSG, 
2021 WL 1375868, at *7 (N.D. Cal. Apr. 12, 2021) (denying motion to 
dismiss section 1981 claim and finding that ``the ECOA was not 
intended to limit any of the broad protections afforded by Sec.  
1981''); Perez v. Wells Fargo & Co., No. 17-CV-00454-MMC, 2017 WL 
3314797, at *3 (N.D. Cal. Aug. 3, 2017) (denying motion to dismiss 
for section 1981 claim and rejecting contention that ECOA superseded 
section 1981, noting that, although ECOA was a more specific 
statute, ECOA did not conflict with the section 1981 claims because 
``[a] creditor can comply with Sec.  1981 and the ECOA by not 
discriminating on the basis of any of the categories listed in the 
two statutes''); Jackson v. Novastar Mortg., Inc., 645 F. Supp. 2d 
636 (W.D. Tenn. 2007) (motion to dismiss claim that defendants 
violated sections 1981 and 1982 by racial targeting and by offering 
credit on less favorable terms on the basis of race denied); Johnson 
v. Equicredit Corp., No. 01-CIV-5197, 2002 U.S. Dist. LEXIS 4817 
(N.D. Ill. Mar. 22, 2002) (predatory lending/reverse redlining case 
brought pursuant to section 1981); Hargraves v. Cap. City Mortg. 
Corp., 140 F. Supp. 2d 7 (D.D.C. 2000) (predatory lending/reverse 
redlining case brought under both sections 1981 and 1982), 
reconsideration granted in part, denied in part, 147 F. Supp. 2d 1 
(D.D.C. 2001) (section 1981 claim dismissed for lack of standing, 
but not section 1982 claim); Doane v. Nat'l Westminster Bank USA, 
938 F. Supp. 149 (E.D.N.Y. 1996) (mortgage redlining case brought 
under sections 1981 and 1982); Fairman v. Schaumberg Toyota, Inc., 
No. 94-CIV-5745, 1996 U.S. Dist. LEXIS 9669 (N.D. Ill. July 10, 
1996) (section 1981 suit over allegedly predatory credit scheme 
targeting African Americans and Hispanics); Steptoe v. Sav. of Am., 
800 F. Supp. 1542 (N.D. Ohio 1992) (mortgage redlining case brought 
under sections 1981 and 1982 and the Fair Housing Act); Evans v. 
First Fed. Sav. Bank of Ind., 669 F. Supp. 915 (N.D. Ind. 1987) 
(section 1982 can be used in mortgage lending discrimination case); 
Assocs. Home Equity Servs. v. Troup, 778 A.2d 529 (N.J. 2001) 
(predatory lending/reverse redlining case brought pursuant to 
section 1981).

---------------------------------------------------------------------------

[[Page 35168]]

    Many States and municipalities have also enacted fair lending, fair 
housing, and/or civil rights laws (often modeled on their Federal 
counterparts) that broadly prohibit credit discrimination, including 
protections for business credit.\198\
---------------------------------------------------------------------------

    \198\ See, e.g., Cal. Civ. Code 51 and 51.5 and Cal. Gov't Code 
12955; Colo. Rev. Stat. 24-34-501(3) and 5-3-210; Conn. Gen. Stat. 
46a-81e, 46a-81f, and 46a-98; Del. Code Ann. tit. 6, 4604; D.C. Code 
2-1402.21; Haw. Rev. Stat. 515-3 and 515-5; 775 Ill. Comp. Stat. 5/
1-102, 5/1-103, 5/4-102, 5/3-102, and 5/4-103; Iowa Code 216.8A and 
216.10; Me. Rev. Stat. tit. 5, 4553(5-C) and (9-C), 4595 to 4598, 
and 4581 to 4583; Md. Code Ann. State Gov't 20-705, 20-707, and 20-
1103; Mass. Gen. Laws ch. 151B, 4(3B), (14); Minn. Stat. 363A.03 
(Subd. 44), 363A.09(3), 363A.16 (Subds. 1 and 3), and 363A.17; N.H. 
Rev. Stat. Ann. 354-A:10; N.J. Stat. Ann. 10:5-12(i); N.M. Stat. 
Ann. 28-1-7; N.Y. Civ. Rights Law 40-c(2); N.Y. Exec. Law 296-A; Or. 
Rev. Stat. 174.100(7) and 659A.421; R.I. Gen. Laws 34-37-4(a) 
through (c), 34-37-4.3, and 34-37-5.4; Va. Code Ann. 6.2-501(B)(1), 
15.2-853, and 15.2-965; Vt. Stat. Ann. tit. 8, 10403 and tit. 9, 
2362, 2410, and 4503(a)(6); Wash. Rev. Code 49.60.030, 49.60.040 
(14), (26), and (27), 49.60.175, and 49.60.222; Wis. Stat. 106.50 
and 224.77. There are also a number of municipalities that have 
enacted credit discrimination ordinances. See, e.g., Austin City 
Code 5-1-1 et seq.; N.Y.C. Admin. Code 8-101 and 8-107 et seq.; S.F. 
Police Code 3304(a) et seq.
---------------------------------------------------------------------------

v. Facilitating Enforcement
    To achieve the congressionally mandated purpose of facilitating 
enforcement of fair lending laws, the Bureau must collect and make 
available sufficient data to help the public and regulators identify 
potentially discriminatory lending patterns that could constitute 
violations of fair lending laws. Financial regulators and enforcement 
agencies need a consistent and comprehensive dataset for all financial 
institutions subject to reporting in order to also use these data in 
their prioritization, peer analysis, redlining reviews, and screening 
processes to select institutions for monitoring, examination, or 
investigation. Data collected pursuant to section 1071 will facilitate 
more efficient fair lending examinations. For example, regulators will 
be able to use pricing and other data to prioritize fair lending 
examinations--without such data, some financial institutions might face 
unnecessary examination burden while others whose practices warrant 
closer review may not receive sufficient scrutiny.
    Moreover, as discussed in part V below, the Bureau believes 
specific aspects of the rule offer particular benefits for the 
enforcement of fair lending laws. For example, the inclusion of pricing 
data such as interest rate and fees will provide information on 
disparities in pricing outcomes, and data such as gross annual revenue, 
denial reasons, and time in business will enable a more refined 
analysis and understanding of disparities in both underwriting and 
pricing outcomes. While these data alone generally will not establish 
compliance with fair lending laws, regulators, community groups, 
researchers, and financial institutions will be able to use the data to 
identify potential disparities in small business lending based on 
disaggregated categories of race and ethnicity. Overall, the data 
collected and reported under the rule will allow, for the first time, 
for comprehensive and market-wide fair lending risk analysis that 
enables a better understanding of disparities in both underwriting and 
pricing outcomes.
2. Identifying Business and Community Development Needs and 
Opportunities
    The second congressionally mandated purpose of section 1071 is to 
enable communities, governmental entities, and creditors to identify 
business and community development needs and opportunities of women-
owned, minority-owned, and small businesses.\199\ While section 1071 
does not expressly define the phrase ``business and community 
development needs,'' other Federal statutes and regulations, including 
the CRA and the Riegle Community Development and Regulatory Improvement 
Act of 1994,\200\ reference or define the phrases ``business 
development'' and ``community development'' and can help explain what 
it means to enable communities, governmental entities, and creditors to 
``identify business and community development needs and 
opportunities.''
---------------------------------------------------------------------------

    \199\ ECOA section 704B(a).
    \200\ Public Law 103-325, tit. I, section 102, 108 Stat. 2160, 
2163 (1994) (12 U.S.C. 4701 through 4719).
---------------------------------------------------------------------------

    The Bureau believes, based on its consideration of these other 
Federal statutes and regulations, that its rule implementing section 
1071 will provide more data to the public--including communities, 
governmental entities, and creditors--for analyzing whether financial 
institutions are serving the credit needs of their small business 
customers. In addition, with data provided under this rule, the public 
will be better able to understand access to and sources of credit in 
particular communities or industries, such as a higher concentration of 
risky loan products in a given community, and to identify the emergence 
of new loan products, participants, or underwriting practices. The data 
will not only assist in identifying potentially discriminatory 
practices, but will contribute to a better understanding of the 
experiences that members within certain communities may share in the 
small business financing market.
    Increased transparency about application and lending practices 
across different communities will improve credit outcomes, and thus 
community and business development. Lenders will be able to better 
understand small business lending market conditions and determine how 
best to provide credit to borrowers, where currently they cannot 
conduct very granular or comprehensive analyses because the data on 
small business lending are limited. As reduced uncertainty helps 
lenders to identify potentially profitable opportunities to extend 
responsible and affordable credit, small businesses stand to benefit 
from increased credit availability. Transparency will also allow small 
business owners to more easily compare credit terms and evaluate credit 
alternatives; without these data, small business owners are limited in 
their ability to shop for the credit product that best suits their 
needs at the best price.
i. Community Reinvestment Act (CRA)
    The CRA, a part of the Housing and Community Development Act, was 
passed by Congress in 1977, which found that ``regulated financial 
institutions have continuing and affirmative obligation to help meet 
the credit needs of the local communities in which they are 
chartered.'' \201\ As such, one of the statutory purposes of the CRA is 
to encourage such institutions to help meet the credit needs of the 
local communities in which they are chartered consistent with the safe 
and sound operation of such institutions.\202\
---------------------------------------------------------------------------

    \201\ 12 U.S.C. 2901(a)(3).
    \202\ 12 U.S.C. 2901(b).
---------------------------------------------------------------------------

    The legislative history for the CRA suggests that the concerns 
motivating its passage included certain practices by banks including 
redlining (i.e., declining to extend credit in neighborhoods populated 
by ethnic or racial minorities) \203\ and community disinvestment 
(i.e., taking deposits from lower-income areas, often populated by 
ethnic or racial minorities, without

[[Page 35169]]

extending credit or banking services to residents of those areas).\204\ 
The CRA requires the ``appropriate Federal financial supervisory 
agency'' of a given depository institution to ``prepare a written 
evaluation of the institution's record of meeting the credit needs of 
its entire community, including low- and moderate-income 
neighborhoods.'' \205\ These requirements were first implemented by a 
1978 rulemaking,\206\ and were amended in 1995 \207\ and 2005.\208\ 
These rulemakings, adopted by each of the agencies responsible for 
ensuring compliance with the CRA, established specific performance 
measures,\209\ requiring banks to disclose information about their 
efforts to meet community credit needs via small business, small farm, 
and community development lending.\210\
---------------------------------------------------------------------------

    \203\ See H.R. Rep. No. 561, 94th Cong., 1st Sess. 4 (1975) 
(``[The practice of redlining] increasingly has served to polarize 
elements of our society . . . . As polarization intensifies, 
neighborhood decline accelerates.''), reprinted in 1975 U.S.C.C.A.N. 
2303, 2305-06.
    \204\ Robert C. Art, Social Responsibility in Bank Credit 
Decisions: The Community Reinvestment Act One Decade Later, 18 Pac. 
L.J. 1071, 1076-77 & n.23 (1987) (citing 123 Cong. Rec. S8958 (daily 
ed. June 6, 1977), which stated that Sen. Proxmire, the 
congressional sponsor of the Act described redlining as ``the fact 
that banks and savings and loans will take their deposits from a 
community and instead of reinvesting them in that community, they 
will invest them elsewhere, and they will actually or figuratively 
draw a red line on a map around the areas of their city,'' further 
noting that those lines are drawn ``sometimes in the inner city, 
sometimes in the older neighborhoods, sometimes ethnic and sometimes 
black . . . .'').
    \205\ 12 U.S.C. 2906(a)(1).
    \206\ 43 FR 47144 (Oct. 12, 1978).
    \207\ 60 FR 22156 (May 4, 1995).
    \208\ 70 FR 44256 (Aug. 2, 2005).
    \209\ 12 CFR 228.11.
    \210\ See, e.g., 12 CFR 25.42, 228.11.
---------------------------------------------------------------------------

    The agencies tasked with ensuring compliance--including the 
OCC,\211\ the Board,\212\ and the FDIC \213\--evaluate each insured 
depository institution's record in helping meet the credit needs of its 
entire community.\214\ Overall, the CRA and its regulations generate 
data that help agencies and the public at large identify instances of 
redlining, community disinvestment, and geographical areas that are 
``banking deserts.'' \215\ The CRA regulations of the Board and the 
FDIC currently have the same definitions of ``community development'' 
that include banking and credit services that support the following: 
(1) affordable housing for low- and moderate-income individuals; \216\ 
(2) community services for low- and moderate-income individuals; \217\ 
(3) activities that promote economic development by financing small 
business and small farms; \218\ and (4) activities that revitalize or 
stabilize low- and moderate-income geographies, disaster areas, and 
certain distressed or underserved middle-income areas based on other 
factors.\219\
---------------------------------------------------------------------------

    \211\ 12 CFR part 25.
    \212\ 12 CFR part 228.
    \213\ 12 CFR parts 345, 195.
    \214\ Most specifically, that record is taken into account in 
considering an institution's application for deposit facilities, 
including mergers and acquisitions with other financial institutions 
and the opening of bank branches.
    \215\ OCC regulations define ``CRA desert'' as an area that has 
``significant unmet community development or retail lending needs'' 
and where: (1) Few banks have branches or non-branch deposit-taking 
facilities, (2) There is ``less retail or community development 
lending than would be expected based on demographic or other 
factors,'' or (3) The area ``lacks community development 
organizations or infrastructure.'' 12 CFR 25.03.
    \216\ 12 CFR 228.12(g)(1), 345.12(g)(1).
    \217\ 12 CFR 228.12(g)(2), 345.12(g)(2).
    \218\ 12 CFR 228.12(g)(3), 345.12(g)(3).
    \219\ 12 CFR 228.12(g)(4), 345.12(g)(4).
---------------------------------------------------------------------------

    In May 2022, the Board, FDIC and OCC issued an interagency notice 
of proposed rulemaking for amendments to update and expand the existing 
CRA regulations (2022 CRA NPRM).\220\ In the 2022 CRA NPRM, these three 
agencies proposed a number of revisions to the agencies' CRA rules, 
including a number of key changes relating to how the agencies defined 
community development and how the agencies intended to measure the 
community development activity of depository institutions.\221\
---------------------------------------------------------------------------

    \220\ Bd. of Governors of the Fed. Rsrv. Sys.; Fed. Deposit Ins. 
Corp.; and Off. of the Comptroller of the Currency, Treasury, 
Community Reinvestment Act, Joint Proposed Rule, 87 FR 33884 (June 
3, 2022).
    \221\ 87 FR 33884, 33885 (June 3, 2022).
---------------------------------------------------------------------------

    In the 2022 CRA NPRM, the agencies recognized the value of data to 
be collected under the Bureau's small business lending rule for 
assessing efforts at addressing community small business and small farm 
credit needs, proposing to incorporate aspects of the Bureau's rule 
into their CRA rules. First, the agencies proposed to define the terms 
``small business'' and ``small farm'' consistent with the Bureau's 
proposal under section 1071, i.e., as those having gross annual 
revenues of $5 million or less in the preceding fiscal year.\222\
---------------------------------------------------------------------------

    \222\ Id. at 33890.
---------------------------------------------------------------------------

    Further, the 2022 CRA NPRM proposed to eliminate the current CRA 
small business and small farm data collection and reporting 
requirements,\223\ to be replaced in the long term by the Bureau's 
small business lending data collection and reporting requirements.\224\ 
The agencies noted that this proposed approach is responsive to various 
stakeholders' requests that the agencies coordinate the small business 
and small farm definitions across the CRA and section 1071 rulemakings. 
The agencies also observed that their proposal would reduce burden 
related to data collection and reporting, particularly if institutions 
could submit data for CRA purposes under the format of the Bureau's 
small business lending rule.\225\ Data collected pursuant to section 
1071 would be used to measure individual bank performance in CRA 
assessments, and to establish the agencies' benchmarks against which 
bank CRA performance would be measured for purposes of the small farm 
and small business portions of the retail lending tests.\226\
---------------------------------------------------------------------------

    \223\ Id. at 33930.
    \224\ Id. at 33997.
    \225\ Id. at 33928
    \226\ Id. at 33941.
---------------------------------------------------------------------------

    Finally, the agencies proposed that if both the CRA and section 
1071 rulemakings were finalized, the agencies would make the compliance 
date for the CRA amendments that hinge upon the Bureau's section 1071 
rulemaking similar to the compliance date for the Bureau's final 
rule.\227\
---------------------------------------------------------------------------

    \227\ Id. at 33930.
---------------------------------------------------------------------------

ii. Community Development Financial Institution Fund (CDFI Fund)
    The Riegle Community Development and Regulatory Improvement Act of 
1994 authorized the CDFI Fund.\228\ In passing that statute, Congress 
found that many of the Nation's urban, rural, and Native American 
communities face ``critical social and economic problems arising in 
part from the lack of economic growth, people living in poverty, and 
the lack of employment and other opportunities.'' \229\
---------------------------------------------------------------------------

    \228\ 12 U.S.C. 4701(b).
    \229\ 12 U.S.C. 4701(a)(1).
---------------------------------------------------------------------------

    To address these problems, Congress created the CDFI Fund to 
``promote economic revitalization and community development'' through 
investment in and assistance to CDFIs, including enhancing the 
liquidity of CDFIs.\230\
---------------------------------------------------------------------------

    \230\ 12 U.S.C. 4701(b).
---------------------------------------------------------------------------

    The concept of community development is central to the operation of 
the CDFI Fund. While CDFI Fund regulations do not directly define that 
term, any entity applying for CDFI certification must have ``promoting 
community development'' as its ``primary mission.'' \231\ In making 
this determination, the CDFI Fund considers whether the activities of 
the entity are purposefully directed toward improving the social and/or 
economic conditions of underserved people, which may include low-income 
persons or persons who lack adequate access to capital and financial 
services and residents of

[[Page 35170]]

economically distressed communities.\232\
---------------------------------------------------------------------------

    \231\ 12 CFR 1805.201(b)(1).
    \232\ Id.
---------------------------------------------------------------------------

    The CDFI Fund collects data from the recipients of its financial 
and technical assistance, shedding some light on the extent of 
community development in the areas where CDFIs operate.\233\ The CDFI 
Fund also publishes the data it receives with appropriate redactions to 
protect privacy interests.\234\ However, given that CDFIs comprise a 
relatively small share of the overall small business lending market, 
1071 data will materially enhance understanding of the broader extent 
of community development outside of areas where CDFIs already operate. 
These data will also likely augment the data the CDFI Fund already 
receives.
---------------------------------------------------------------------------

    \233\ 12 CFR 1805.803(e) (requiring recipients of technical and 
financial assistance to provide to the CDFI Fund certain information 
and documentation).
    \234\ 12 CFR 1805.803(e)(4).
---------------------------------------------------------------------------

    In May 2020, the CDFI Fund issued a request for comment on several 
aspects of its CDFI program, including proposed changes to the 
application for certification, as well as proposed changes to the data 
collection and reporting processes of the CDFI Fund. The RFI proposed a 
number of other revisions to the data collection and reporting regime 
in May 2020, including the automation of key elements of existing 
reporting and improvements to data quality.\235\
---------------------------------------------------------------------------

    \235\ CDFI Fund, Annual Certification and Data Collection Report 
Changes (2020), https://www.cdfifund.gov/sites/cdfi/files/documents/annual-certification-report-2020-final.pdf.
---------------------------------------------------------------------------

    In October and November 2022, the CDFI Fund announced that based on 
public comments, it had revised its proposed changes to the application 
for certification, and data collection and reporting requirements, 
subject to another round of public comment prior to the anticipated 
implementation of changes in April 2023.\236\ The CDFI Fund released a 
preview of changes to the application requirements.\237\ One change to 
the Primary Mission portion of the application, which asks whether an 
applicant is focused on the mission of community development, would be 
the addition of bright-line questions related to an organization's 
lending and financing practices.\238\ Specifically, an applicant can be 
disqualified from CDFI certification if financial products or practices 
it offers are harmful to low-income and underserved communities.\239\ 
The bright-line questions the new certification application would ask 
include whether, amongst other things, applicants consider a small 
business borrower's ability to repay a loan on its terms,\240\ whether 
they have accommodative or concessionary policies or programs for 
struggling borrowers, and whether loans priced above 36 percent APR 
meet certain safety and consumer protection standards.
---------------------------------------------------------------------------

    \236\ The CDFI Fund released a preview of the final 
certification application, pending OMB approval. CDFI Fund, CDFI 
Certification Application Preview (Oct. 2022), https://www.cdfifund.gov/sites/cdfi/files/2022-10/CDFI_Certification_Application_Preview_Final_10322.pdf.
    \237\ CDFI Fund, CDFI Fund Advance Look: Preview the Revisions 
to the New CDFI Certification Application (Oct. 4, 2022), https://www.cdfifund.gov/news/487.
    \238\ CDFI Fund, Community Development Financial Institution 
Certification Application: Overview of Final Revisions and 
Modifications (Oct. 5, 2022), https://www.cdfifund.gov/sites/cdfi/files/2022-10/CDFI_Certification_Application_Overview_FINAL.pdf.
    \239\ Id. at 23-31.
    \240\ Id. at 27.
---------------------------------------------------------------------------

    In October 2022, the CDFI Fund also published revisions to the 
Target Market requirements of the application for CDFI 
certification.\241\ Currently, an applicant must demonstrate that it 
serves at least one eligible Target Market (either an Investment Area 
or a Targeted Population). The revisions, if finalized, would eliminate 
the geographical boundaries and mapping requirements for most Target 
Markets, replacing these requirements with customized investment areas. 
In late October 2022, the CDFI Fund published a proposed list of pre-
approved methodologies to identify target markets.\242\ These 
methodologies include determining whether most recipients of a CDFI 
applicant's funds--whether individuals, for-profit entities, or non-
profit entities--are members of certain demographic groups (African 
American, Hispanic, Native American, Native Hawaiian, Native Alaskan, 
Other Pacific Islanders, people with disabilities, certified CDFIs, 
low-income targeted populations).\243\ These data are collected using a 
variety of overlapping methods specific to each demographic status, 
including self-reporting,\244\ in-person or photo-identification-based 
visual observation,\245\ surname analysis,\246\ government-issued or 
Tribal-issued identification to demonstrate affiliation,\247\ and/or 
income and residence or business location.\248\
---------------------------------------------------------------------------

    \241\ CDFIs must service either certain investment areas or 
targeted populations.
    \242\ CDFI Fund, CDFI Target Market Assessment Methodologies, 
Notice and Request for Comment. 87 FR 63852 (Oct. 20, 2022). 
Comments were due by December 19, 2022. The notice refers to a 
separate document with the target market methodologies. CDFI Fund, 
Proposed Pre-Approved Target Market Assessment Methodologies (Oct. 
19, 2022), https://www.cdfifund.gov/sites/cdfi/files/2022-10/Proposed_PreApproved_TM_Assessment_Methodologies_FINAL.pdf.
    \243\ Id.
    \244\ See, e.g., id. at 1 (African American), 3 (Hispanic), 10 
(non-Hawaiian Pacific Islander), 12 (disability status).
    \245\ See, e.g., id. at 1 (African American), 3 (Hispanic), 12 
(disability status).
    \246\ See, e.g., id. at 3 (Hispanic); see also List of Hispanic 
Surnames for OTP-Hispanic Pre-Approved Assessment Methodology, 
https://www.cdfifund.gov/sites/cdfi/files/2022-10/OTP_Hisp_HispanicSurnameList_2010Census.xlsx (list of qualifying 
Hispanic surnames).
    \247\ See, e.g., CDFI Fund, Proposed Pre-Approved Target Market 
Assessment Methodologies, at 1 (Oct. 19, 2022), https://www.cdfifund.gov/sites/cdfi/files/2022-10/Proposed_PreApproved_TM_Assessment_Methodologies_FINAL.pdf 
(reporting for African American recipients of funds).
    \248\ Id. at 14 (low-income individuals or entities).
---------------------------------------------------------------------------

    The most recently published amendments to the application 
requirements remain under consideration by the CDFI Fund.\249\
---------------------------------------------------------------------------

    \249\ The CDFI Fund paused acceptance of new applications for 
CDFI certification in October 2022 and will reopen for new 
applications once the revisions to the application for certification 
and the transaction-level data collection and reporting regimes are 
finalized. While initially anticipating that it would finalize 
changes to the application process in April 2023 after receiving 
public comments, the CDFI Fund issued a statement in January 2023 
that it had received a robust response to the request for comments 
on the revised application and reporting tools, and that 
consideration of these comments, while not requiring a lengthy 
delay, would require postponement of the new application and 
associated reporting tools beyond April 2023. CDFI Fund, An Update 
on the CDFI Fund's Certification Application Review Process (Jan. 
24, 2023), https://www.cdfifund.gov/news/501.
---------------------------------------------------------------------------

3. Impact of Small Business Lending Data Under Section 1071
    The Bureau's implementation of section 1071 will provide on an 
annual basis application-level data on small business credit, including 
certain protected demographic information. This will include 
information on applications for credit that are originated, as well as 
those that are denied, withdrawn, incomplete, or approved by the 
financial institution but not accepted by the applicant. This 
information will enable stakeholders of all kinds in the small business 
lending market to gain insight into trends in small business lending. 
It will also provide insight into the interaction of supply and demand 
for small business credit over time.
    In terms of facilitating fair lending enforcement, interested 
government agencies and other stakeholders will be able to use data 
collected and reported under this final rule to identify possible fair 
lending risks using statistical methods.
    Regarding the identification of business and community development 
needs, small business lending data collected and reported under this 
final rule will help government entities and

[[Page 35171]]

public and private lenders identify and target sub-segments of the 
market that remain underserved, facilitating entrepreneurship and 
business development in those communities. By reducing uncertainty 
about the conditions of the small business lending market, data 
collected under the final rule can help creditors identify potentially 
profitable opportunities to extend responsible and affordable credit, 
potentially increasing credit availability to small businesses. 
Increased transparency, in turn, will also help small business 
borrowers to understand what credit is available and on what terms, 
thereby improving their ability to access the credit they need and 
further serving community and business development goals.
    The Bureau believes that small business lending data will come to 
play an important role for the small business lending market, as HMDA 
data have done for the mortgage market. HMDA data have provided 
lenders, community groups, and others the tools to identify and address 
fair lending risks and strengthen fair lending oversight and 
enforcement. In a similar way, these data will allow diverse 
stakeholders to analyze lending patterns that are potentially 
discriminatory. By identifying and addressing discriminatory small 
business lending practices, the Bureau will help to ensure fair, 
equitable, and nondiscriminatory access to credit for both individuals 
and their communities.\250\
---------------------------------------------------------------------------

    \250\ See 12 U.S.C. 5493(c)(2)(A).
---------------------------------------------------------------------------

    HMDA data have also proven effective in creating transparency in 
the mortgage market that improves the understanding of credit needs, 
where they may remain unmet, and the relationship between mortgage 
lending and community development. The Bureau believes that small 
business lending data collected and reported under this final rule will 
provide the Bureau and other stakeholders with critical insights into 
the small business lending market. The COVID-19 pandemic has shown that 
transparency is essential at a time of crisis, when small businesses 
may be in urgent need of credit in order to recover from economic 
shocks.
    The advancement of both statutory purposes of section 1071--
facilitating fair lending enforcement and identifying business and 
community development needs--in turn will support small businesses 
across all sectors of the economy, which are fundamental to the 
economic health of the U.S. and which have been hard hit by recent 
economic and financial crises. Given the critical importance of small 
businesses to economic growth and wealth creation, that will also help 
the economy as a whole.

III. Summary of the Rulemaking Process

    In the years leading up to the release of the CFPB's NPRM to 
implement section 1071 of the Dodd-Frank Act, the CFPB held over 100 
outreach meetings regarding the rulemaking with financial institutions, 
trade associations, community groups, researchers, governmental 
entities, and other stakeholders. The CFPB also took a number of other 
steps, beyond individual stakeholder meetings, to solicit feedback more 
broadly from the public on a rule to implement section 1071. Most 
recently, the CFPB received public comments on its NPRM. Each of these 
efforts are discussed in turn below.

A. Pre-Proposal Outreach and Engagement

    Request for information, field hearing, and white paper on small 
business lending. On May 10, 2017, the CFPB published a request for 
information regarding the small business lending market \251\ in which 
it sought public comment to understand more about the products that are 
offered to small businesses, the financial institutions that offer such 
credit, the small business lending data that currently are used and may 
be maintained by financial institutions, the potential complexity and 
cost of small business data collection and reporting, and privacy 
concerns related to the disclosure purposes of section 1071.\252\ On 
the same date, the CFPB held a field hearing regarding section 1071 at 
which the request for information was announced and then-Director 
Richard Cordray noted the importance of a section 1071 rulemaking given 
the absence of systematic data on how small businesses are faring and 
whether or how much they are being held back by financing 
constraints.\253\ Finally, at the same time, the CFPB also published 
its White Paper on small business lending,\254\ which reflected the 
initial findings of its research providing a preliminary understanding 
of the small business lending environment, with a particular emphasis 
on lending to women-owned and minority-owned small businesses.
---------------------------------------------------------------------------

    \251\ 82 FR 22318 (May 15, 2017).
    \252\ In response to the request for information, the CFPB 
received over 2,000 comments in total, and over 100 unique comments 
offering detailed substantive responses on the topics raised in the 
request for information. These comments from the public helped to 
inform the CFPB's approach in its SBREFA Outline. See CFPB, Request 
for Information Regarding the Small Business Lending Market, Docket 
ID CFPB-2017-0011, https://www.regulations.gov/docket/CFPB-2017-0011.
    \253\ See CFPB, Prepared Remarks of CFPB Director Richard 
Cordray at the Small Business Lending Field Hearing (May 10, 2017), 
https://www.consumerfinance.gov/about-us/newsroom/prepared-remarks-cfpb-director-richard-cordray-small-business-lending-field-hearing/.
    \254\ CFPB, Key dimensions of the small business lending 
landscape (May 2017), https://files.consumerfinance.gov/f/documents/201705_cfpb_Key-Dimensions-Small-Business-Lending-Landscape.pdf 
(White Paper).
---------------------------------------------------------------------------

    1071 symposium. In November 2019, the CFPB held a symposium on 
section 1071 to assist it in its policy development process and to 
receive feedback from experts, including academic, think tank, consumer 
advocate, industry, and government experts in the small business 
lending arena.\255\ The symposium had two panels. The first panel 
focused on the evolution in the small business lending marketplace. The 
second panel included a discussion surrounding the implementation of 
section 1071, including issues raised in response to the CFPB's request 
for information.
---------------------------------------------------------------------------

    \255\ CFPB, Symposium: Section 1071 of the Dodd-Frank Act (held 
Nov. 6, 2019), https://www.consumerfinance.gov/about-us/events/archive-past-events/cfpb-symposium-section-1071-dodd-frank-act/.
---------------------------------------------------------------------------

    Small Business Advisory Review Panel. Under the Small Business 
Regulatory Enforcement Fairness Act of 1996 (SBREFA),\256\ which 
amended the Regulatory Flexibility Act (RFA), the CFPB must convene and 
chair a Small Business Advisory Review Panel (Panel) if it is 
considering a proposed rule that could have a significant economic 
impact on a substantial number of small entities.\257\ The Panel 
considers the impact of the proposals under consideration by the CFPB 
and obtains feedback from representatives of the small entities that 
would likely be subject to the rule. The Panel is comprised of a 
representative from the CFPB, the Chief Counsel for Advocacy of the 
Small Business Administration (SBA), and a representative from the 
Office of Information and Regulatory Affairs (OIRA) in the Office of 
Management and Budget (OMB). Representatives from 20 small businesses 
were selected as small entity representatives for this SBREFA process. 
These individuals represented small businesses that are financial 
institutions--including community banks, credit unions, community 
development financial institutions (CDFIs), financial technology firms, 
and commercial finance companies--that

[[Page 35172]]

would likely be directly affected by a rule implementing section 1071.
---------------------------------------------------------------------------

    \256\ Public Law 104-121, 110 Stat. 857 (1996).
    \257\ 5 U.S.C. 609(b).
---------------------------------------------------------------------------

    On September 15, 2020, the CFPB issued its Outline of Proposals 
under Consideration and Alternatives Considered (SBREFA Outline) for 
its rulemaking pursuant to section 1071, a detailed document that 
discusses (1) the relevant law, (2) the regulatory process, (3) the 
rule proposals the CFPB was considering, and (4) an economic analysis 
of the potential impacts of those proposals on directly affected small 
entities.\258\
---------------------------------------------------------------------------

    \258\ CFPB, Small Business Advisory Review Panel for Consumer 
Financial Protection Bureau Small Business Lending Data Collection 
Rulemaking, Outline of Proposals Under Consideration and 
Alternatives Considered (Sept. 15, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-sbrefa_outline-of-proposals-under-consideration_2020-09.pdf (SBREFA Outline). See also 
CFPB, Consumer Financial Protection Bureau Releases Outline of 
Proposals Under Consideration to Implement Small Business Lending 
Data Collection Requirements (Sept. 15, 2020), https://www.consumerfinance.gov/about-us/newsroom/cfpb-releases-outline-proposals-implement-small-business-lending-data-collection-requirements/.
---------------------------------------------------------------------------

    The CFPB convened the Panel for this proposed rule on October 15, 
2020 and held a total of four meetings with small entity 
representatives during October 19-22, 2020, conducted online via video 
conference (Panel Outreach Meetings). In preparation for the Panel 
Outreach Meetings and to facilitate an informed and detailed discussion 
of the proposals under consideration, discussion questions for the 
small entity representatives were included throughout the SBREFA 
Outline.\259\
---------------------------------------------------------------------------

    \259\ These questions also appeared in a shorter Discussion 
Guide for Small Entity Representatives. See CFPB, Small Business 
Advisory Review Panel for Consumer Financial Protection Bureau Small 
Business Lending Data Collection Rulemaking, Discussion Guide for 
Small Entity Representatives (Sept. 15, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-sbrefa_discussion-guide_2020-09.pdf.
---------------------------------------------------------------------------

    In advance of the Panel Outreach Meetings, the CFPB, SBA Office of 
Advocacy, and OIRA held a series of video conferences with the small 
entity representatives to describe the Small Business Review Process, 
obtain important background information about each small entity 
representative's current business practices, and begin discussions on 
selected portions of the proposals under consideration.
    All 20 small entity representatives participated in the Panel 
Outreach Meetings. Representatives from the CFPB, SBA Office of 
Advocacy, and OIRA provided introductory remarks. The meetings were 
then organized around discussions led by the CFPB about each aspect of 
the proposals under consideration and the potential impact on small 
businesses. The CFPB also invited small entity representatives to 
submit written feedback by November 9, 2020; most did so.
    On December 15, 2020, the CFPB released the Final Report of the 
Small Business Review Panel on the CFPB's Proposals Under Consideration 
for the Small Business Lending Data Collection Rulemaking (SBREFA Panel 
Report).\260\ This report includes a summary of the feedback received 
from small entity representatives during the panel process (including 
oral feedback received during the pre-Panel video conferences and Panel 
Outreach Meetings, as well as timely submitted written feedback) and 
findings and recommendations made by the Panel.\261\ As required by the 
RFA, the CFPB considered the Panel's findings in its initial regulatory 
flexibility analysis, as set out in part VIII of the NPRM.
---------------------------------------------------------------------------

    \260\ CFPB, Final Report of the Small Business Review Panel on 
the CFPB's Proposals Under Consideration for the Small Business 
Lending Data Collection Rulemaking (Dec. 14, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-sbrefa-report.pdf 
(SBREFA Panel Report). See also CFPB, Consumer Financial Protection 
Bureau Releases Report on Implementing the Dodd-Frank Act's Small 
Business Lending Data Collection Requirement (Dec. 15, 2020), 
https://www.consumerfinance.gov/about-us/newsroom/consumer-financial-protection-bureau-releases-report-on-implementing-the-dodd-frank-acts-small-business-lending-data-collection-requirement/. 
The CFPB's SBREFA Outline and related materials, as well as the 
CFPB's presentation slides framing the discussion during the Panel 
Outreach Meetings, are appended to the SBREFA Panel Report. See 
SBREFA Panel Report at app. C through F.
    \261\ The written feedback from small entity representatives is 
appended to the SBREFA Panel Report. See id. at app. A.
---------------------------------------------------------------------------

    The CFPB also invited other stakeholders to submit feedback on the 
SBREFA Outline by December 14, 2020. The CFPB received approximately 60 
submissions from a variety of other stakeholders, including financial 
institutions, trade associations, community groups, a think tank, and a 
government agency.\262\
---------------------------------------------------------------------------

    \262\ Feedback received from these stakeholders on the SBREFA 
Outline is available on the public docket for the NPRM. See https://www.regulations.gov/docket/CFPB-2021-0015/document?documentTypes=Supporting%20%26%20Related%20Material.
---------------------------------------------------------------------------

    The CFPB considered the feedback it received from small entity 
representatives, the findings and recommendations of the Panel, and the 
feedback from other stakeholders in preparing the NPRM. The feedback, 
findings, and recommendations were summarized throughout the NPRM where 
relevant.
    One-Time Cost Survey. On July 22, 2020, the CFPB released a 
voluntary survey to measure the one-time costs of compliance with an 
eventual small business lending data collection rule.\263\ The 
objective of the survey was to solicit, from institutions offering 
small business credit products that could potentially be covered by 
this rule, information about potential one-time costs to prepare to 
collect and report data. The deadline for responses was October 16, 
2020. The CFPB received responses from 105 financial institutions.\264\ 
The results of the survey inform the CFPB's analyses of the potential 
impacts of the rule as set out in parts IX and X below.
---------------------------------------------------------------------------

    \263\ CFPB, Survey: Small Business Compliance Cost Survey (July 
22, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-survey_2020-10.pdf.
    \264\ See part VI below for additional details regarding this 
survey.
---------------------------------------------------------------------------

    ECOA request for information. On July 28, 2020, the CFPB issued a 
request for information to seek public input on ECOA and Regulation 
B.\265\ In this request for information, the CFPB sought public comment 
on a number of topics, including small business lending and the ways 
that the CFPB, in light of its authority under ECOA and Regulation B, 
might support efforts to meet the credit needs of small businesses, 
particularly those that are minority-owned and women-owned.\266\
---------------------------------------------------------------------------

    \265\ CFPB, Consumer Financial Protection Bureau Requests 
Information on Ways to Prevent Credit Discrimination and Build a 
More Inclusive Financial System (July 28, 2020), https://www.consumerfinance.gov/about-us/newsroom/cfpb-rfi-prevent-credit-discrimination-build-more-inclusive-financial-system/.
    \266\ 85 FR 46600, 46602 (Aug. 3, 2020).
---------------------------------------------------------------------------

B. Ongoing Outreach and Engagement

    Ongoing outreach. The CFPB conducts outreach to industry and other 
stakeholders to understand their experiences with the small business 
finance market, economic conditions, and the collection and reporting 
of data regarding that market. A particular near-term priority in the 
CFPB's recent outreach has been the impacts of the pandemic and the 
effectiveness of the Federal government's response. Findings from 
outreach activities inform the CFPB on matters affecting the small 
business sector.
    Technical outreach. In the months before the publication of the 
NPRM, the CFPB began conducting technical outreach with third-party 
software providers that serve financial institutions and software and 
technology staff from financial institutions that are likely to have to 
report small business lending data to the CFPB. With these software 
vendors and technical staff, the CFPB has held and, after publication 
of this final rule, will continue to hold discussions concerning

[[Page 35173]]

the technical systems and procedures the CFPB will provide for 
financial institutions to submit their data. The CFPB intends to 
understand the technology solutions currently provided by vendors to 
support the small business lending activities of financial 
institutions, as well as their experience in providing financial 
institutions with technical support for previous data collection 
regulations. The CFPB believes this information will be helpful in 
informing the CFPB in its design and implementation of a platform for 
intake and processing of data to help the platform integrate, to the 
extent possible, with existing systems and data collection procedures. 
These discussions also serve to raise awareness of technology providers 
as to their potential future role in supporting the rule as well as the 
lead time that may be necessary for some or all affected financial 
institutions to come into compliance with the requirements of this 
final rule. This outreach process is ongoing and will continue after 
the publication of this final rule.
    Sample data collection form usability testing. After the NPRM was 
released, the CFPB, after the appropriate notice in the Federal 
Register, and a 30-day comment period, sought and received OMB approval 
to conduct several rounds of message and user testing research related 
to the sample form.\267\ The CFPB conducted qualitative research to 
learn about the experience of filling out the sample data collection 
form and to explore design options. The CFPB engaged a vendor to 
conduct interviews with small business stakeholders and listening 
sessions with small business owners to test different versions of the 
introductory language on the sample data collection form. The CFPB also 
conducted qualitative user interviews with small business owners to 
test their reactions to different versions of the sample data 
collection form. In addition to comments received in response to the 
CFPB's proposed sample data collection form as part of the NPRM, the 
feedback gathered as part of these testing efforts was also considered 
by the CFPB in finalizing the sample data collection form issued with 
this final rule. The CFPB is releasing a report, simultaneously with 
the issuance of this final rule, summarizing the findings from all 
three rounds of qualitative research testing.\268\
---------------------------------------------------------------------------

    \267\ 87 FR 37504 (June 23, 2022).
    \268\ CFPB, User testing for sample data collection form for the 
small business lending final rule (Mar. 2023), https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------

C. Notice of Proposed Rulemaking

    On September 1, 2021, the CFPB issued its proposal to implement 
section 1071. The NPRM was published in the Federal Register on October 
8, 2021,\269\ and the public comment period closed on January 6, 
2022.\270\ The CFPB received approximately 2,100 comments on the 
proposal during the comment period.\271\ Approximately 650 of these 
comments were unique, detailed comment letters representing diverse 
interests. These commenters included lenders such as banks and credit 
unions, CDFIs, community development companies, Farm Credit System 
lenders, online lenders, and others; national and regional industry 
trade associations; software vendors; business advocacy groups; 
community groups; research, academic, and other advocacy organizations; 
members of Congress; Federal and State government offices/agencies; 
small businesses; and individuals.
---------------------------------------------------------------------------

    \269\ 86 FR 56356 (Oct. 8, 2021).
    \270\ The CFPB set the length of the comment period on the 
proposal at 90 days from the date on which it was published in the 
Federal Register. The CFPB received several written requests to 
extend the comment period. The CFPB believes that the 90-day comment 
period set forth in the NPRM (along with the 38 days that elapsed 
between the CFPB's issuance of the NPRM on September 1, 2021 and its 
publication in the Federal Register on October 8, 2021) gave 
interested parties sufficient time to consider the CFPB's proposal 
and prepare their responses, and thus did not extend the comment 
period beyond January 6, 2022.
    \271\ See https://www.regulations.gov/docket/CFPB-2021-0015/comments.
---------------------------------------------------------------------------

    The remaining comments included some duplicate submissions (i.e., 
letters with the same content from the same commenter submitted through 
multiple channels, or letters with the same content submitted by 
multiple people on behalf of the same commenting organization) as well 
as comments that were part of several comment submission campaigns 
organized by industry or community groups. Such comment campaigns 
typically advocated for or against particular provisions in the NPRM 
and urged additional changes. These comments were considered by the 
CFPB along with all other comments received, including any additional 
remarks included in otherwise identical comment letters.
    In addition, the CFPB also considered comments received after the 
comment period closed via approximately 17 ex parte submissions and 
meetings.\272\ Materials on the record, including all ex parte 
submissions and summaries of ex parte meetings, are available on the 
public docket for this rulemaking.\273\
---------------------------------------------------------------------------

    \272\ CFPB, Policy on Ex Parte Presentations in Rulemaking 
Proceedings, 82 FR 18687 (Apr. 21, 2017).
    \273\ See https://www.regulations.gov/docket/CFPB-2021-0015/comments.
---------------------------------------------------------------------------

    The CFPB received comments on all aspects of the proposed rule, as 
well as on the proposed approach to protecting privacy interests via 
modification or deletion of data prior to publication, and on its 
analyses of the proposed rule's impacts. Relevant information received 
via comment letters, as well as ex parte submissions, is discussed 
below in the section-by-section analysis and subsequent parts of this 
document, as applicable. The CFPB considered all the comments it 
received regarding the proposal, made certain modifications, and is 
adopting the final rule as described in part V below. Comments relevant 
to the CFPB's approach to privacy are discussed in part VIII and 
regarding its impact analyses in parts IX to XI.

IV. Legal Authorities

    The Bureau is issuing this final rule pursuant to its authority 
under section 1071. Some aspects of this rule are also adopted under 
the Bureau's more general rulemaking authorities in ECOA. Congress 
enacted ECOA to prohibit discrimination against any applicant, 
regarding any aspect of a credit transaction, on the basis of, amongst 
other characteristics, race, color, religion, national origin, and 
sex.\274\ The Bureau has certain oversight, enforcement, and 
supervisory authority over ECOA requirements and has rulemaking 
authority under the statute.
---------------------------------------------------------------------------

    \274\ 15 U.S.C. 1691(a)(1).
---------------------------------------------------------------------------

    ECOA is implemented in Regulation B.\275\ Among other things, 
Regulation B generally prohibits creditors from inquiring about an 
applicant's race, color, religion, national origin, or sex, with 
limited exceptions, including if it is required by law.\276\
---------------------------------------------------------------------------

    \275\ 12 CFR part 1002.
    \276\ Regulation B Sec.  1002.5(a)(2).
---------------------------------------------------------------------------

    As discussed above, in the Dodd-Frank Act Congress amended ECOA by 
adding section 1071, which directs the Bureau to adopt regulations 
governing the collection and reporting of small business lending data. 
Specifically, section 1071 requires financial institutions to collect 
and report to the Bureau certain data on applications for credit for 
women-owned, minority-owned, and small businesses.\277\ Congress 
enacted section 1071 for the purpose of (1) facilitating enforcement of 
fair lending laws and (2) enabling communities, governmental entities, 
and creditors to identify business and

[[Page 35174]]

community development needs and opportunities of women-owned, minority-
owned, and small businesses.\278\ The Bureau often refers to these as 
section 1071's fair lending purpose and its business and community 
development purpose, respectively.
---------------------------------------------------------------------------

    \277\ ECOA section 704B.
    \278\ ECOA section 704B(a).
---------------------------------------------------------------------------

    To advance these statutory purposes, section 1071 grants the Bureau 
general rulemaking authority for section 1071, providing that the 
Bureau shall prescribe such rules and issue such guidance as may be 
necessary to carry out, enforce, and compile data pursuant to section 
1071.\279\ ECOA section 704B(g)(2) also permits the Bureau to adopt 
exceptions to any requirement of section 1071 and to conditionally or 
unconditionally exempt any financial institution or class of financial 
institutions from the requirements of section 1071, as the Bureau deems 
necessary or appropriate to carry out the purposes of section 1071. The 
Bureau principally relies on its 704B(g)(1) authority in this proposed 
rule and relies on 704B(g)(2) when proposing specific exceptions or 
exemptions to section 1071's requirements. Section 704B(g)(3) directs 
the Bureau to issue guidance designed to facilitate compliance with the 
requirements of section 1071.
---------------------------------------------------------------------------

    \279\ ECOA section 704B(g)(1).
---------------------------------------------------------------------------

    In addition, section 703(a) of ECOA gives the Bureau broad 
authority to prescribe regulations to carry out the purposes of ECOA, 
including provisions that in the judgment of the Bureau are necessary 
or proper to effectuate the purposes of ECOA, to prevent circumvention 
or evasion thereof, or to facilitate or substantiate compliance 
therewith. That section also states that the Bureau may provide for 
such adjustments and exceptions for any class of transactions, as in 
the judgment of the Bureau are necessary or proper to effectuate the 
purposes of ECOA, to prevent circumvention or evasion thereof, or to 
facilitate or substantiate compliance therewith.
    Section 1071 establishes requirements or obligations for financial 
institutions that the Bureau is implementing in this final rule. These 
provisions include the requirement in ECOA section 704B(b) that a 
financial institution shall inquire whether an applicant for credit is 
a women-owned, minority-owned, or small business; that a financial 
institution must maintain a record of responses to such inquiry, 
separate from the application; that an applicant may refuse to provide 
any information requested regarding the inquiry under 704B(b); that a 
financial institution must limit access of loan underwriters, or other 
officers or employees of the financial institution or any affiliate, to 
applicant responses to inquiries under 704B(b); and that if a financial 
institution determines that a loan underwriter or other officer or 
employee should have access to any information provided by the 
applicant pursuant to a request under 704B(b) that the financial 
institution shall provide notice to the applicant of the access of the 
underwriter to such information, along with notice that the financial 
institution may not discriminate on the basis of such information.\280\
---------------------------------------------------------------------------

    \280\ ECOA section 704B(b)(1) and (2), (c), (d)(1) and (2).
---------------------------------------------------------------------------

    ECOA section 704B(e)(1) directs financial institutions to compile 
and maintain, in accordance with regulations of the Bureau, records of 
the information provided by applicants for credit pursuant to a request 
under 704B(b). Section 704B(e)(2) requires that the information 
compiled and maintained under 704B(e)(1) be itemized in order to 
clearly and conspicuously disclose an enumerated list of data points. 
Section 704B(e)(2)(H) requires financial institutions to compile and 
maintain any additional data that the Bureau determines would aid in 
fulfilling the purposes of section 1071.
    Several provisions of section 1071 expressly refer to regulations 
to be promulgated by the Bureau to implement certain requirements, 
including in ECOA section 704B(e)(1) regarding how financial 
institutions must compile and maintain data pursuant to section 1071, 
and in 704B(f)(2)(B) and (C) regarding the form of information made 
available by financial institutions to the public and the form and 
manner in which the Bureau itself should make data available to the 
public generally.
    Two provisions expressly give the Bureau discretion with respect to 
public availability of small business lending data. Specifically, ECOA 
section 704B(e)(4) states that the Bureau may, at its discretion, 
delete or modify data before making it available to the public if the 
Bureau determines that the deletion or modification of the data would 
advance a privacy interest. Section 704B(f)(3) gives the Bureau the 
discretion to compile and aggregate data for its own use, as well as to 
make public such compilations of aggregate data.

V. Section-by-Section Analysis

Overview

    In this Overview of part V, the CFPB first provides some background 
regarding section 1071, a discussion of the Home Mortgage Disclosure 
Act of 1975 (HMDA), and a brief summary of the final rule. Each 
regulatory provision of the final rule, along with its rationale and 
relevant feedback received through the public comment process, is 
discussed in detail in the section-by-section analyses that follow. The 
CFPB has made several major, and a number of minor, adjustments to the 
rule in response to comments received on the proposal. Major changes 
are noted in the summary of the final rule below; all changes are 
discussed in detail in the section-by-section analyses that follow.
    Next, the CFPB discusses the high-level and general comments 
received in response to the NPRM. The CFPB also addresses several 
issues for which there is no corresponding regulatory text or 
commentary. Finally, the CFPB discusses the conforming amendments it is 
making to existing Regulation B.

A. Introduction to Section 1071

    As discussed above, section 1071 of the Dodd-Frank Act requires 
that financial institutions collect and report to the CFPB certain data 
regarding applications for credit for women-owned, minority-owned, and 
small businesses. Section 1071's statutory purposes are to (1) 
facilitate enforcement of fair lending laws, and (2) to enable 
communities, governmental entities, and creditors to identify business 
and community development needs and opportunities of women-owned, 
minority-owned, and small businesses.
    Section 1071 specifies a number of data points that financial 
institutions are required to collect and report, and also provides 
authority for the CFPB to require any additional data that it 
determines would aid in fulfilling section 1071's statutory purposes. 
Section 1071 also contains a number of other requirements, including 
those that address restricting the access of underwriters and other 
persons to certain data and publication of data. In addition, section 
1071 permits the CFPB to modify or delete data prior to publication if 
it determines that such a deletion or modification would advance a 
privacy interest.
    Section 1071 directs the CFPB to prescribe such rules, and issue 
such guidance as may be necessary to carry out, enforce, and compile 
data pursuant to section 1071. It also permits the CFPB to adopt 
exceptions to any requirement

[[Page 35175]]

or to exempt financial institutions from the requirements of section 
1071 as it deems necessary or appropriate to carry out the purposes of 
section 1071. Section 1071 also directs the CFPB to issue guidance 
designed to facilitate compliance with the requirements of section 
1071. As discussed in part IV above and throughout the section-by-
section analyses in this part V, the CFPB's rule implements these 
statutory provisions.

B. Section 1071 and HMDA

    HMDA is a data collection and reporting statute that requires 
certain depository institutions and for-profit nondepository 
institutions to collect, report, and disclose data about originations 
and purchases of mortgage loans, as well as mortgage loan applications 
that do not result in originations (for example, applications that are 
denied or withdrawn).\281\ The CFPB's Regulation C, 12 CFR part 1003, 
implements HMDA. In light of certain similarities between section 1071 
and HMDA as data collection and reporting statutes with different 
markets but similar fair lending enforcement and community development 
purposes, the CFPB's section-by-section analyses in this part V 
sometimes discusses how similar provisions are addressed in the context 
of HMDA. Of course, the markets to which HMDA and section 1071 apply 
are also different in significant respects, and those differences are 
reflected between the present rule and Regulation C, as discussed 
further in the section-by-section analyses in this part V.
---------------------------------------------------------------------------

    \281\ 12 U.S.C. 2801 et seq.
---------------------------------------------------------------------------

    HMDA and Regulation C's purposes are: (1) to help determine whether 
financial institutions are serving their communities' housing needs; 
(2) to assist public officials in distributing public investment to 
attract private investment; and (3) to assist in identifying potential 
discriminatory lending patterns and enforcing antidiscrimination 
statutes.
    A covered institution for purposes of HMDA reporting is a 
depository or nondepository institution that meets the relevant 
coverage criteria set forth in the regulation. A covered transaction 
under HMDA is generally a loan or line of credit secured (or, for 
applications, proposed to be secured) by a lien on a dwelling, that is 
not specifically excluded under Regulation C Sec.  1003.3(c). The data 
points generally required to be reported about each covered transaction 
can be grouped into four broad categories: \282\ information about the 
applicants, borrowers, and underwriting process, information about the 
property securing the loan or proposed to secure the loan, information 
about the features of the loan, certain unique identifiers.
---------------------------------------------------------------------------

    \282\ Under the Economic Growth, Regulatory Relief, and Consumer 
Protection Act, Public Law 115-174, 132 Stat. 1296 (2018), as 
implemented in Regulation C Sec.  1003.3(d), certain HMDA-covered 
institutions may be eligible for partial exemptions from some of the 
HMDA reporting requirements and only certain covered loans and 
applications are covered under partial exemptions. If a covered loan 
or application is covered under a partial exemption, the covered 
institution is not required to collect, record, and report certain 
data points.
---------------------------------------------------------------------------

    Covered institutions are required to submit their HMDA data by 
March 1 following the calendar year for which data are collected. 
Covered institutions with larger volumes of covered loans and 
applications are required to submit their HMDA data for each of the 
first three quarters of the year in addition to their annual 
submission.
    Following the calendar year in which HMDA data are collected, a 
covered institution's disclosure statement \283\ and modified loan/
application register become publicly available on the FFIEC's HMDA 
Platform.\284\ Aggregate reports for each Metropolitan Statistical Area 
and Metropolitan Division that show lending patterns by property 
location, age of housing stock, and income level, sex, ethnicity, and 
race are also publicly available on the same platform, which also 
allows users to create custom datasets, reports, and visualizations 
from the HMDA data.
---------------------------------------------------------------------------

    \283\ A disclosure statement contains aggregated data derived 
from loan-level data.
    \284\ A HMDA loan/application register contains the record of 
information required to be collected and the record submitted 
annually or quarterly, as applicable. A modified loan/application 
register is a covered institution's loan/application register 
modified by the CFPB, on its website, to protect applicant and 
borrower privacy. The CFPB interprets HMDA, as amended by the Dodd-
Frank Act, to call for the use of a balancing test to determine 
whether and how HMDA data should be modified prior to its disclosure 
to the public in order to protect applicant and borrower privacy 
while also fulfilling HMDA's public disclosure purposes. See 80 FR 
66127, 66133-34 (Oct. 28, 2015). In December 2018, the CFPB issued 
final policy guidance describing the modifications the CFPB intends 
to apply to the loan-level HMDA data that covered institutions 
report before the data are disclosed publicly. See 84 FR 649 (Jan. 
31, 2019).
---------------------------------------------------------------------------

    HMDA data are the primary source of information for regulators, 
researchers, economists, industry, and advocates analyzing the mortgage 
market both for HMDA's purposes and for general market monitoring. HMDA 
data are used by the Federal supervisory agencies to support a variety 
of activities. For example, Federal supervisory agencies use HMDA data 
as part of their fair lending \285\ examination process, and also use 
HMDA data in conducting CRA \286\ performance evaluations. HMDA data 
provide the public with information on the home mortgage lending 
activities of particular reporting entities and on activity in their 
communities. These data are used by local, State, and Federal officials 
to evaluate housing trends and issues and by community organizations to 
monitor financial institution lending patterns.
---------------------------------------------------------------------------

    \285\ See ECOA (15 U.S.C. 1691 through 1691f), Regulation B (12 
CFR part 1002), and the Fair Housing Act (42 U.S.C. 3605, 24 CFR 
part 100).
    \286\ 12 U.S.C. 2901 through 2908, and 12 CFR parts 25, 195, 
228, and 345.
---------------------------------------------------------------------------

C. Summary of the Final Rule

    The CFPB is adding a new subpart B to Regulation B to implement the 
requirements of section 1071. The CFPB is also making some conforming 
amendments to existing Regulation B. The CFPB's final rule is 
summarized below, in the order of the section-by-section analyses in 
this part V that follow.
1. General Provisions (Sec. Sec.  1002.5(a)(4), 1002.101, and 1002.102)
    Changes to existing Regulation B. The CFPB is amending existing 
Sec.  1002.5(a)(4) to expressly permit voluntary collection and 
reporting of information regarding the ethnicity, race, and sex of 
applicants' principal owners, or whether the applicant is a minority-
owned, women-owned, or LGBTQI+-owned business, in certain 
circumstances.
    The Bureau is also making other nonsubstantive conforming edits in 
existing Regulation B to maintain consistency and avoid confusion.
    Authority, purpose, and scope (Sec.  1002.101). Section 1002.101 
sets forth the authority, purpose, and scope for subpart B. Among other 
things, this section states section 1071's two statutory purposes of 
facilitating enforcement of fair lending laws and enabling communities, 
governmental entities, and creditors to identify business and community 
development needs and opportunities of women-owned, minority-owned, and 
small businesses.
    Definitions (Sec.  1002.102). Section 1002.102 includes a number of 
definitions for terms used in subpart B, which generally fall into 
several categories. First, some definitions refer to terms defined 
elsewhere in subpart B--specifically, terms of particular importance 
including business, covered application, covered credit transaction, 
covered financial institution, financial institution, and small 
business. Second,

[[Page 35176]]

some definitions refer to terms defined elsewhere in existing 
Regulation B (i.e., business credit, credit, and State) or other 
regulations (i.e., a portion of the definitions of small business and 
affiliate reference an SBA regulation). Finally, the remaining terms 
are defined in Sec.  1002.102, including applicant, closed-end credit 
transaction, LGBTQI+ individual, LGBTQI+-owned business, minority-owned 
business, open-end credit transaction, principal owner, small business 
lending application register, women-owned business, and a portion of 
the definition of affiliate.
2. Coverage (Sec. Sec.  1002.103 Through 1002.106)
    Covered applications (Sec.  1002.103). Section 1002.103 defines 
what is, and is not, a covered application under subpart B; this 
definition triggers data collection and reporting requirements under 
subpart B for covered financial institutions. The CFPB is defining a 
covered application in Sec.  1002.103(a) as an oral or written request 
for a covered credit transaction that is made in accordance with 
procedures used by a financial institution for the type of credit 
requested. A covered application does not include (1) reevaluation, 
extension, or renewal requests on an existing business credit account, 
unless the request seeks additional credit amounts; and (2) inquiries 
and prequalification requests.
    Covered credit transactions and excluded transactions (Sec.  
1002.104). The CFPB is requiring that covered financial institutions 
collect and report data for all covered applications from small 
businesses for transactions that meet the definition of business credit 
under existing Regulation B, with certain exceptions. Section 
1002.104(a) defines the term covered credit transaction as an extension 
of business credit that is not an excluded transaction under Sec.  
1002.104(b). Loans, lines of credit, credit cards, and merchant cash 
advances (including credit transactions for agricultural purposes) all 
fall within the scope of the rule. Section 1002.104(b) excludes from 
the requirements of subpart B trade credit, HMDA-reportable 
transactions, insurance premium financing, public utilities credit, 
securities credit, and incidental credit. Factoring, leases, consumer-
designated credit used for business or agricultural purposes, and 
credit transaction purchases, purchases in a pool of credit 
transactions, and purchases of a partial interest in a credit 
transaction also are not covered credit transactions.
    Covered financial institutions and exempt institutions (Sec.  
1002.105). The CFPB is defining in Sec.  1002.105(a) the term financial 
institution, consistent with the definition in section 1071, as any 
partnership, company, corporation, association (incorporated or 
unincorporated), trust, estate, cooperative organization, or other 
entity that engages in any financial activity. Under this definition, 
subpart B's requirements apply to a variety of entities that engage in 
small business lending, including depository institutions (i.e., banks, 
savings associations, and credit unions), online lenders, platform 
lenders, CDFIs, Farm Credit System lenders, lenders involved in 
equipment and vehicle financing (captive financing companies and 
independent financing companies), commercial finance companies, 
governmental lending entities, and nonprofit nondepository lenders. 
Subpart B does not cover motor vehicle dealers.\287\ Section 
1002.105(b) defines the term covered financial institution as a 
financial institution that originated at least 100 covered credit 
transactions for small businesses in each of the two preceding calendar 
years. Only financial institutions that meet this loan-volume threshold 
are required to collect and report small business lending data under 
subpart B.
---------------------------------------------------------------------------

    \287\ Regulation B does not apply to a person excluded from 
coverage by section 1029 of the Consumer Financial Protection Act of 
2010, title X of the Dodd-Frank Wall Street Reform and Consumer 
Protection Act, Public Law 111-203, 124 Stat. 1376, 2004 (2010).
---------------------------------------------------------------------------

    Business and small business definitions (Sec.  1002.106). Section 
1002.106 adopts the SBA's definitions of ``business concern or 
concern'' and ``small business concern'' as set out in the Small 
Business Act and SBA regulations. Notwithstanding the small business 
size standards established by SBA regulations, for purposes of subpart 
B, a business is a small business if its gross annual revenue is $5 
million or less for its preceding fiscal year. The SBA Administrator 
has approved the CFPB's use of this alternate small business size 
standard pursuant to the Small Business Act. Every five years after 
January 1, 2025, the need to adjust the gross annual revenue threshold 
for inflation or deflation will be determined using the Consumer Price 
Index for all Urban Consumers.
3. Compiling, Maintaining, and Reporting Small Business Lending Data 
(Sec. Sec.  1002.107 Through 1002.111)
    Compilation of reportable data (Sec.  1002.107). Section 1002.107 
addresses several aspects of collecting data on covered applications 
from small businesses. Section 1002.107(a) requires financial 
institutions to compile and maintain the data points enumerated in 
Sec.  1002.107(a)(1) through (20). These data points must be collected 
and reported in accordance with the rule and the Filing Instructions 
Guide that the CFPB will provide for the appropriate filing year. 
Certain of these data points are or could be collected from the 
applicant (or otherwise determined based on information from 
appropriate third-party sources); other data points are based on 
information within the financial institution's control. Appendix E 
provides a sample data collection form for requesting protected 
demographic information. Although the form reflects a number of legal 
requirements applicable to collection, use of the form itself is not 
mandatory. It is intended as an available implementation resource for 
lenders, who can make use of it if they so choose.
    Section 1002.107(c)(1) provides that covered financial institutions 
must not discourage an applicant from responding to requests for 
applicant-provided data and must otherwise maintain procedures to 
collect such data at a time and in a manner that are reasonably 
designed to obtain a response. Where data are collected directly from 
the applicant, Sec.  1002.107(c)(2) identifies certain minimum 
provisions that must be included within financial institutions' 
procedures in order for them to be considered ``reasonably designed.'' 
The rule also addresses what financial institutions should do if, 
despite having such procedures in place, they are unable to obtain 
certain data from an applicant. Pursuant to Sec.  1002.107(b), 
financial institutions are permitted to rely on information from the 
applicant or appropriate third-party sources, although for most data 
points if the financial institution verifies the information provided 
it must report the verified information. Section 1002.107(d) permits 
financial institutions to reuse certain previously collected data in 
certain circumstances.
    Firewall (Sec.  1002.108). Section 1002.108 implements section 
1071's requirement that certain data collected pursuant to section 1071 
be shielded from certain persons if feasible; the CFPB refers to this 
as the ``firewall.'' Pursuant to Sec.  1002.108(b), if an employee or 
officer of a covered financial institution or a covered financial 
institution's affiliate is involved in making any determination 
concerning a covered application from a small business, that employee 
or officer is prohibited from accessing the applicant's responses to 
regarding

[[Page 35177]]

protected demographic information requested under this final rule.
    However, pursuant to Sec.  1002.108(c), this prohibition does not 
apply to an employee or officer if the financial institution determines 
that employee or officer should have access to the applicant's 
responses to the financial institution's inquiries regarding the 
applicant's protected demographic information, and the financial 
institution provides a notice to the applicant regarding that access. 
The notice must be provided to each applicant whose information will be 
accessed or, alternatively, the financial institution may also provide 
the notice to applicants whose responses will not or might not be 
accessed. For example, a financial institution could provide the notice 
to all applicants or all applicants for a specific type of product. The 
CFPB is providing sample language that a financial institution can, but 
is not required to, use for this notice.
    Reporting of data to the Bureau (Sec.  1002.109). Section 1002.109 
addresses several aspects of covered financial institutions' 
obligations to report small business lending data to the CFPB. First, 
Sec.  1002.109(a) provides that data must be collected on a calendar 
year basis and reported to the CFPB on or before June 1 of the 
following year. Section 1002.109(a) also addresses collection and 
reporting requirements of subsidiaries of financial institutions and 
reporting requirements of financial institutions where multiple 
financial institutions are involved in a transaction. Second, the CFPB 
lists in Sec.  1002.109(b) the information that financial institutions 
are required to provide about themselves when reporting data to the 
CFPB, including the financial institution's name, headquarters address, 
contact person, Federal prudential regulator, institutional 
identifiers, parent entity information, as well as information on the 
type of financial institution it is, and whether it is reporting 
covered applications voluntarily. Finally, Sec.  1002.109(c) addresses 
technical instructions for the submission of data to the CFPB, 
including information about the Filing Instructions Guide, which the 
CFPB will provide for the appropriate year.
    Publication of data and other disclosures (Sec.  1002.110). Section 
1002.110 addresses several issues regarding the publication of small 
business lending data. Section 1002.110(a) provides that the CFPB will 
make available to the public, on an annual basis, the data submitted to 
it by financial institutions. These data will be made available subject 
to deletions or modifications made by the CFPB, if the CFPB determines 
that such deletions or modifications would advance a privacy interest. 
Part VIII below discusses the CFPB's preliminary assessment of how best 
to determine appropriate pre-publication modifications and deletions, 
particularly in light of re-identification risk to small businesses and 
their owners. Section 1002.110(b) provides that the CFPB may compile 
and aggregate data submitted by financial institutions and may publish 
such compilations or aggregations.
    Section 1002.110(c) requires a covered financial institution to 
publish on its website a statement that its small business lending 
data, as modified by the CFPB, are or will be available from the CFPB. 
Section 1002.110(d) sets forth when a covered financial institution 
shall make this statement available and how long the financial 
institution shall maintain the statement on its website. These 
requirements satisfy financial institutions' statutory obligation to 
make data available to the public upon request.
    Finally, Sec.  1002.110(e) prohibits a financial institution or 
third party from disclosing protected demographic information, except 
in limited circumstances. Section 1002.110(e)(1) prohibits a financial 
institution from disclosing or providing to a third party the protected 
demographic information it collects pursuant to the rule, except to 
further compliance with ECOA or Regulation B or as required by law. 
Section 1002.110(e)(2) prohibits a third party that obtains protected 
demographic information for the purpose of furthering compliance with 
ECOA and Regulation B from any further disclosure of such information, 
except to further compliance with ECOA and Regulation B or as required 
by law.
    Recordkeeping (Sec.  1002.111). Section 1002.111 addresses several 
aspects of the recordkeeping requirements for small business lending 
data. First, Sec.  1002.111(a) requires a covered financial institution 
to retain evidence of compliance with subpart B, which includes a copy 
of its small business lending application register, for at least three 
years after the register is required to be submitted to the CFPB 
pursuant to Sec.  1002.109. Second, Sec.  1002.111(b) requires a 
covered financial institution to maintain, separately from the rest of 
an application for credit and accompanying information, an applicant's 
responses to a financial institution's inquiries regarding the 
applicant's protected demographic information. Finally, Sec.  
1002.111(c) requires that, in compiling, maintaining, and reporting its 
small business lending application register, as well as the separately 
maintained protected demographic information pursuant to Sec.  
1002.111(b), a financial institution may not include any personally 
identifiable information concerning any individual who is, or is 
connected with, an applicant.
4. Other Provisions (Sec. Sec.  1002.112 Through 1002.114)
    Enforcement (Sec.  1002.112). Section 1002.112 addresses several 
issues related to the enforcement of subpart B. First, Sec.  
1002.112(a) states that a violation of section 1071 or subpart B is 
subject to administrative sanctions and civil liability as provided in 
sections 704 and 706 of ECOA. Second, Sec.  1002.112(b) provides that a 
bona fide error in compiling, maintaining, or reporting data with 
respect to a covered application is an error that was unintentional and 
occurred despite the maintenance of procedures reasonably adapted to 
avoid such an error. Such an error is presumed not to violate ECOA or 
subpart B if the number of such errors do not exceed the thresholds set 
forth in appendix F. Third, Sec.  1002.112(c) identifies four safe 
harbors under which certain errors--specifically those regarding the 
application date, census tract, and NAICS code data point, along with 
incorrect determinations of small business status, covered transaction, 
and covered application--do not constitute violations of ECOA or 
subpart B. Relatedly, in part VII below, the CFPB discusses its 
intention to consider, for financial institutions subject to the CFPB's 
jurisdiction, good faith efforts to comply with the rule and will not 
generally assess penalties for errors in data reporting. The CFPB will 
conduct examinations on data during the grace period to assist 
institutions in diagnosing compliance weaknesses.
    Severability (Sec.  1002.113). Section 1002.113 provides that any 
provision of subpart B, or any application of a provision, is stayed or 
determined to be invalid, it is the CFPB's intent that the remaining 
provisions shall continue in effect.
    Effective date, compliance date, and special transitional rules 
(Sec.  1002.114). Section 1002.114 addresses several issues related to 
the rule's effective date, when covered financial institutions are 
required to comply with the rule, and associated transitional rules. 
Section 1002.114(a) provides that this final rule will become effective 
90 days after publication in the Federal Register. However, pursuant to 
Sec.  1002.114(b) compliance with the final rule is based on a tiered 
compliance date schedule.

[[Page 35178]]

Compliance with the rule beginning October 1, 2024 is required for 
covered financial institutions that originate the most covered credit 
transactions for small businesses. However, institutions with a 
moderate transaction volume have until April 1, 2025 to begin complying 
with the rule, and those with the lowest volume have until January 1, 
2026. Next, Sec.  1002.114(c) provides certain transitional provisions 
that permit covered financial institutions to begin collecting 
protected applicants' demographic information beginning 12 months prior 
to their applicable compliance dates. Finally, Sec.  1002.114(c) also 
permits financial institutions that do not have ready access to 
sufficient information to determine their compliance tier (or whether 
they are covered by the rule at all) to use any reasonable method to 
estimate their volume of originations to small businesses for this 
purpose.

D. High-Level and General Comments

1. High-Level and General Comments on the NPRM
    High-level and general comments received on the NPRM are discussed 
here, followed by a discussion of comments specifically addressing 
implementation issues and comments regarding section 1071's overlap 
with other data reporting regimes. Comments received on specific 
aspects of the Bureau's proposed rule are discussed in the section-by-
section analyses that follow in this part V. Comments regarding the 
privacy analysis are addressed in part VIII below, and regarding the 
Bureau's analysis of impacts in parts IX through XI.
Comments Received
    Support for section 1071's statutory purposes was nearly universal 
amongst commenters, at least at a high level of generality. (See also 
the section-by-section analysis of Sec.  1002.101 below.) The vast 
majority of industry commenters praised the purposes of the rule, and 
the intentions behind section 1071 and ECOA generally, while offering 
criticisms of specific provisions of the proposed rule.
    Broad support. A number of commenters offered general support for 
the rule, including its scope and its purposes. For example, a trade 
association stated its appreciation for the comprehensive nature of the 
proposed rule, noting that the Bureau conducted extensive outreach and 
worked at ensuring proper and effective rulemaking consistent with 
legislative intent while allowing for technical improvements and 
practical considerations. A community group stated that to achieve the 
community development and fair lending purposes of the statute, the 
data collected and reported under the rule needs to be comprehensive in 
its coverage of lenders and must capture key credit underwriting 
factors as controls for analyses of gender and racial disparities in 
lending. The commenter also stated that the Bureau recognized that 
annual disclosure of lending data by the vast majority of small 
business lenders is a prerequisite for adequate oversight, given that 
existing data are insufficient. The commenter further explained that 
existing data consist of periodic surveys that are not usually lender 
specific and that are inconsistent in the amount of detail provided on 
key underwriting variables needed for analyses of community needs and 
fair lending compliance.
    A number of commenters offered more specific support for the rule's 
purposes. One trade association noted that its members have been active 
in the development of policy supporting section 1071, including 
participation as small entity representatives during the SBREFA 
process. A number of banks, a credit union, and several trade 
associations expressed support for the statutory purposes of section 
1071 and the Bureau's proposed rule. One trade association stated that 
the NPRM was a key opportunity to explore lending data and expand 
responsible small business lending, which was important to the 
financial well-being in the communities served by its members, as well 
as stability of the overall financial system.
    A cross-sector group of lenders, community groups, and small 
business advocates stated that it is critical to require lenders to 
collect and report applicant data for as many small minority-owned and 
small women-owned businesses as possible, to uphold congressional 
intent and establish a comprehensive database.
    Several commenters focused on the importance of the fair lending 
purpose of section 1071. One trade association stated its unequivocal 
agreement with the purpose of preventing discrimination on the basis of 
ethnicity, race, and sex, and noted that CDFI lenders share the 
Bureau's core value of protecting consumers by providing fair and 
transparent financial products and services to all customers.
    A number of commenters, including community banks, credit unions, 
and trade associations, offered their appreciation for the stated 
intentions of the rule in the NPRM--to support fair lending and 
business and community development--but expressed concern about the 
effect of the rule as proposed on lending and compliance costs. A bank 
stated that, while it supported the statutory goals of section 1071, 
the proposed rule would result in restricted, higher-priced credit for 
the groups the proposal is meant to benefit. A trade association for 
community banks likewise supported the proposed rule and the 
congressional intent behind section 1071, but asserted it was necessary 
to fine-tune specific proposed provisions to mitigate costs and ensure 
small business lenders remain active, particularly those serving the 
most underserved markets. Another trade association supported the goals 
of the NPRM, but worried that the proposed would unduly burden credit 
unions and would discourage them from offering business credit.
    Broad criticisms. Some industry commenters expressed disagreement 
with the enactment of section 1071 and therefore opposed the rule in 
its entirety. One lender opposed the rule on the grounds that it 
already complies with fair lending laws, and that the rule would force 
a choice between compliance and market exit. Another argued that the 
Dodd-Frank Act may have intended that section 1071 create a HMDA-like 
data reporting mechanism, but warned that small business lending is not 
``cookie-cutter,'' is not automated, and is highly relationship driven. 
Another commenter claimed that it would be impossible to derive any 
meaningful or statistically valid conclusions from a comparison of 
small business loans.
    A credit union stated that the publication of data collected and 
reported pursuant to section 1071 would not permit it to better 
identify its members' unmet small business lending needs aside from 
confirming if there is a significant difference in the number of 
business borrowers that are female or of a specific race.
    One trade association noted that credit unions may only serve their 
members and are limited by Federal statute in their ability to offer 
business loans; as a result, data collected from them would not be 
comparable to data collected from lenders without similar limitations 
in who they may serve.
    Other commenters, without specifically opposing the enactment of 
section 1071, expressed more general concerns about the NPRM. Trade 
associations for online lenders supported the policy goals of the NPRM 
and also believed that modifications should be made to support 
responsible innovation in banking without unintentionally stifling the 
efficiency and innovation that digital lending

[[Page 35179]]

platforms can provide. A bank supported the enforcement of fair lending 
laws and appreciated the Bureau's dedication to better supporting small 
businesses, but was concerned about aspects of the NPRM. A One 
commenter inquired as to why the Bureau, in charge of consumer 
financial protection, was concerned with business loans, and claimed 
that the Bureau was engaged in overreach.
    The role of online lenders. Two trade associations suggested that 
online and ``fintech'' lenders were important to expanding access to 
financing, particularly for Black- and Hispanic-owned businesses. These 
commenters expressed their support for greater transparency and 
expanding access to sustainable and fair credit in small business 
lending. They also asserted that women-owned and minority-owned small 
businesses were disadvantaged in applying for small business lending at 
traditional banks, and that nontraditional online lenders play a 
crucial role in modernizing financial services and improving access and 
outcomes for small businesses. One of the commenters noted that, in 
particular, the use of artificial intelligence, machine learning, and 
alternative data would expand lending to minority-owned small 
businesses.
    Uniqueness of small business lending. One bank stated that it was 
hard to perform comparative analysis on small business loans because 
they are unique and manually unwritten. Further, the commenter stated 
that the absence of certain credit criteria or metrics--such as 
collateral, loan-to-value, debt-to-income, debt service coverage ratio 
and the like--in the data points to be collected by the rule could 
cause reviewers of published data, such as consumer groups and agency 
examiners, to draw incorrect conclusions on variances in rates and 
terms of loans.
    Data accuracy. A bank and a trade association asserted that the 
Bureau's final rule should focus on ensuring the collection and 
reporting of high-quality data that maximizes data accuracy and 
reliability. These commenters noted that inaccurate, unreliable, and 
poor-quality data could undermine the statutory purposes of section 
1071, which the commenters said were to promote access to credit for 
minority-owned and women-owned small businesses. They further stated 
that poor data quality could also lead to misguided and factually 
unsupported fair lending allegations, which could damage the 
reputations of responsible lenders and subject them to unnecessary 
investigative burdens and lawsuits, all of which could undermine the 
Bureau's credibility and waste the Bureau's time and resources. Based 
on these premises, the commenters sought the elimination of certain 
provisions which they believed would undermine the collection of 
accurate, reliable, high-quality data (discussed in the applicable 
section-by-section analyses that follows).
    Specific uses of small business lending data. Two trade 
associations urged the Bureau to explain how it would use the data 
collected under this rule, including how it would analyze data 
collected by the rule. One claimed that the NPRM did not outline 
potential uses for small business lending data, and asserted that the 
Bureau should provide notice and comment on potential uses of the rule, 
even after the issuance of the final rule. The commenter stated that it 
is important for the Bureau to issue guidance on how it plans to 
analyze data reported under the rule, including how it will assess 
whether lenders appropriately serve relevant markets, which can vary 
significantly by lending product.
    The other commenter stated that the Bureau should clearly indicate 
how implementing the proposed framework will advance fairness and 
understanding of small business credit needs, that requirements should 
tie to satisfying stated objectives and designed no more broadly than 
necessary to reduce unnecessary costs to small business lenders. The 
commenter stated its belief that by clearly indicating how it will use 
data it collects, including whether and how it will make such 
information public, the Bureau will allow stakeholders to assess better 
the costs and benefits of the overall framework. Additionally, the 
Bureau should carefully consider potential unintended consequences--
especially related to data publication--that could reduce small 
business credit access and chill further innovation aimed at better 
serving small businesses.
Responses to Comments Received
    The Bureau agrees with the general comments made in favor of 
keeping the scope of the proposed rule broad. In general, the Bureau 
believes that broad coverage of institutions and products as requested 
by a number of commenters is consistent with the statutory purposes of 
section 1071. The Bureau does not believe that a more limited approach 
to scope--including the various limitations on the coverage of certain 
types of financial institutions and products--would be consistent with 
the statutory purposes of section 1071. The Bureau addresses these 
issues directly in the section-by-section analyses of proposed 
Sec. Sec.  1002.104 and 1002.105 below.
    Broad support. Regarding the comment on the scope of the rule, that 
the Bureau should continue to monitor U.S. Census data to ensure that 
its definition of small business in this rule continues in the future 
to be inclusive enough such that the proportion of non-small minority-
owned businesses do not exceed 1 percent of all businesses, the Bureau 
believes that its adoption of an inflation-adjustment for the gross 
annual revenue threshold in the definition of small business under 
Sec.  1002.106(b) should help ensure that, over time, the proportion of 
businesses covered by the rule does not decline. In any case, the 
Bureau will monitor data concerning the prevalence of small businesses 
in the context of the economy at large.
    Broad criticism. Regarding the comment of a lender that it already 
complies with fair lending laws, the Bureau notes that continuing 
enforcement of fair lending laws, and tools such as this data 
collection rule that facilitate such enforcement, remains necessary 
because while the commenter may comply with fair lending laws, some 
lenders may not and a subset of those may repeatedly violate fair 
lending laws. Additionally, enabling identification of business and 
community development needs and opportunities is an independent purpose 
of the statute. Compliance with fair lending laws does not necessarily 
permit creditors, communities, and governmental entities to identify 
business and community development needs and opportunities. As to the 
assertion that the rule would force a choice between compliance and 
market exit, the Bureau's decision to increase the originations 
threshold from 25 to 100 transactions will mitigate any risk of such 
disruptions, even if slight or speculative. Regarding the comment that 
small business lending is more individualized and highly relationship 
driven, the Bureau agrees this is true for much small business lending 
and the final rule is crafted to acknowledge this, as discussed in the 
section-by-section analyses that follow. But that does not prevent 
small business lending data from facilitating fair lending enforcement 
and identifying business and community development needs and 
opportunities.
    As to comments that quarrel with the statutory mandate and question 
the utility of the data in general terms, the Bureau is bound by the 
statute and congressional intent. Additionally, many described 
potentially helpful uses of the data.

[[Page 35180]]

    Regarding the assertion that the Dodd-Frank Act was only intended 
to regulate larger institutions, and that smaller lenders should be 
exempted from the rule to avoid harming those the Act was intended to 
protect, the Bureau notes that while much of the Dodd-Frank Act 
explicitly addresses larger entities, section 1071 does not contain 
such limitations. Nonetheless, Bureau has made changes in the final 
rule in response to public comment that will have the effect of 
reducing compliance burden on small lenders. For example, the Bureau 
has raised the coverage threshold from 25 to 100 originations for 
purposes of determining which financial institutions must comply with 
the rule, provided longer compliance periods for lenders with lower 
volumes of small business lending, and provided for a variety of safe 
harbors and a good faith error provision which will provide some leeway 
to smaller-volume lenders. The Bureau implemented these changes in the 
final rule to limit its impact on institutions with lower volumes of 
lending to small businesses. The Bureau has also complied with the 
Dodd-Frank Act requirements under SBREFA and the RFA to assess and 
mitigate any impact on smaller financial institutions.
    The Bureau addresses the effect of the rule on lending and 
compliance costs, in its impact analyses in parts IX and X below. 
Regarding the commenter that stated that the rule would not meet its 
purposes and would result in restricted, higher-priced credit to the 
very groups the proposal is meant to benefit, the Bureau's analysis 
suggests that any changes in the cost of credit would be small and 
unlikely to lead to a significant change in the per-unit cost of loans 
to individual applicants even from the smallest lenders. The Bureau has 
made various changes from the proposal in finalizing this rule intended 
to mitigate costs for smaller-volume lenders serving small businesses 
in response to comments expressing concern that credit unions and other 
financial institutions remain active small business lenders.
    Regarding the concern that data from credit unions would not be 
comparable to data collected from other kinds of lenders, the Bureau 
observes that, under Sec.  1002.109(b), lenders must provide 
information on financial institution type. Credit unions thus must 
self-identify themselves in submitting data to the Bureau, and the 
various limitations on lending by credit unions can be taken into 
account in analyses of data collected and reported under this rule.
    Regarding the comment that the rule should be modified to support 
responsible innovation in banking without unintentionally stifling the 
efficiency and innovation that online lenders may provide, the Bureau 
agrees that it does not wish to stifle responsible innovation. The 
Bureau has endeavored to be responsive to these concerns in the final 
rule; to the extent that specific concerns were raised, they are 
addressed in other provisions of this preamble. Regarding the comment 
that the rule as proposed was too complex even for most forward-
leaning, technologically adept financial institutions, the Bureau 
disagrees, noting that while this rule is new, it is not dissimilar to 
other similar data collection regulations in complexity, such as those 
for HMDA, CRA, and the CDFI Fund. Further, the Bureau has made a number 
of changes to this final rule to make compliance easier for smaller-
volume lenders, or to exclude them from reporting requirements 
entirely.
    Regarding the comment asserting that the Bureau was overreaching by 
regulating business loans, the Bureau notes that section 1071 
explicitly requires the Bureau promulgate a rule to collect data on 
applications for business credit.
    The role of online lenders. Regarding assertions made that nonbank 
online lenders were important to expanding access to financing for 
Black- and Hispanic-owned businesses in particular, that traditional 
lenders provided fewer loans to women-owned and minority-owned small 
businesses, and that technology improved access and outcomes for small 
businesses, the Bureau believes that the broader conclusion to draw 
from these assertions is that the data that will be collected under 
this rule is needed to assess and further analyze such claims.
    Uniqueness of small business lending. Regarding the comment that it 
is not possible to perform comparative analysis on small business loans 
because they are unique and manually unwritten, the Bureau disagrees. 
Other commenters, as set out in the section-by-section analysis of 
Sec.  1002.101, stated that the data points proposed in the NPRM are 
fulsome and can contribute to sophisticated analysis and comparison of 
small business loans. Regarding the comment that the Bureau cannot make 
comparisons absent additional credit metrics beyond those it proposed 
to collect and that other reviewers of published data could draw 
incorrect conclusions, the Bureau does not agree that additional credit 
metrics are necessary in order to draw meaningful analyses from the 
data. While the Bureau believes, all things equal, that additional data 
points would enrich the analysis for users of the data, the Bureau also 
believes that certain of these metrics can be derived, at least in 
part, from other data points, and it notes that other commenters 
varyingly opposed any data points proposed pursuant to ECOA section 
704B9(e)(2)(H) or requested that the Bureau collect as few data points 
as possible. Industry comments were also contradictory on this point; 
while many commenters suggested the Bureau had proposed too many data 
points, commenters also asserted that the Bureau was not collecting 
enough data to draw proper conclusions. The Bureau believes its final 
rule strikes an appropriate balance between comprehensiveness and 
minimizing burden and complexity to financial institutions.
    Data accuracy. Regarding comments that the final rule should focus 
on ensuring the collection and reporting of high-quality data, the 
Bureau agrees. To this end, it has adjusted various provisions in the 
final rule in response to comments received. In addition, other 
changes, while made for other reasons, render moot certain comments on 
accuracy concerns. For example, the decision not to finalize the 
proposed visual observation and surname requirement, discussed in the 
section-by-section analysis of Sec.  1002.107(a)(19)), moots the 
relevance of comments about the accuracy of visual observation.
    Specific uses of small business lending data. Regarding the comment 
that the Bureau should have explained and provided an opportunity for 
notice and comment for its intended uses of the data collected under 
this rule, the Bureau disagrees, both that it did not explain what the 
data would be used for, and that it is obligated to identify specific 
uses of the data or to provide the public an opportunity to comment on 
proposed specific uses of the data. Initially, section 1071 itself 
establishes the intended purposes and uses of the collection and 
publication of the data--namely, the facilitation of fair lending 
enforcement and the identification of business and community 
development needs and opportunities. Next, while section 1071 requires 
the Bureau to collect and publish data on small business lending 
applications, it does not require the Bureau to identify its intended 
uses of the data. Moreover, even if the Bureau articulates specific 
uses of the data, as the statute explicitly provides, the Bureau is not 
the only intended user of the data. Enforcement of fair lending laws 
includes ECOA, which is enforced not only by the Bureau but by many 
other Federal

[[Page 35181]]

agencies.\288\ Further, for purposes of identifying business and 
community development needs and opportunities, the statute specifically 
names communities, governmental entities, and creditors as potential 
users of the data collected under this rule. Thus, even if the Bureau 
disclosed its intended uses--which could change over time depending on 
the data received and the needs identified--other stakeholders could 
make different use of the data.
---------------------------------------------------------------------------

    \288\ See 15 U.S.C. 1691c (listing Federal agencies with 
authority to enforce ECOA), 1691e (providing private attorneys, the 
Department of Justice, and the Department of Housing and Urban 
Development the authority to bring civil suits to enforce ECOA).
---------------------------------------------------------------------------

    Regarding comments about how the Bureau intends to make the data 
public, including whether and how it will make such information public, 
and that the Bureau should carefully consider potential unintended 
consequences especially related to data publication, the Bureau 
describes its intended privacy analysis in part VIII below. Regarding 
concerns that the Bureau might reduce small business credit access and 
chill further innovation aimed at better serving small businesses, the 
Bureau has considered various comments concerning access to credit and 
innovation, which it addresses throughout the section-by-section 
analyses below.
2. Comments Regarding Implementation
Comments Received
    Several commenters said that the Bureau should provide additional 
implementation or guidance resources about the final rule, specific 
parts of the rule, or regarding how the rule applies in specific 
situations. Some of these commenters requested specific forms of 
guidance or specific resources, such as frequently asked questions, 
guides, or templates. One commenter said that the final rule should 
have a table of contents. Some commenters said that the Bureau should 
provide training on collecting and reporting data or training on how to 
comply with the rule generally. One commenter said the Bureau should 
develop a data literacy program. Another commenter said that the Bureau 
should use all of its available tools to educate and support lenders 
and their vendors, including no-action letters, advisory opinions, 
webinars, guides, and other materials.
    Some commenters requested specific content in implementation and 
guidance resources. Many commenters requested additional guidance on 
specific requirements or data points, and those comments generally are 
addressed in the relevant section-by-section analyses later in this 
part V. Additionally, one commenter said that the Bureau should develop 
materials showing how to do the research needed to find appropriate 
regulation sections and related commentary. The same commenter said 
that implementation and guidance resources should provide examples. 
Another commenter said that implementation resources should address 
matters not typically addressed in supervision guides. A few other 
commenters said that implementation materials should be detailed and/or 
comprehensive.
    A few commenters said that implementation materials and guidance 
should be provided at specific points in time. Two commenters requested 
that the Filing Instructions Guide be provided at least six months 
before data collection is required, and another commenter said that the 
Filing Instructions Guide should be provided early in the 
implementation process. This commenter also said that the compliance 
date should take into account the delayed availability of the Filing 
Instructions Guide. A different commenter said that guidance should be 
provided before, during, and after the compliance date.
    A few commenters said that the Bureau should develop outreach 
programs or provide additional access to Bureau staff to address 
questions or issues that arise during implementation of the rule. One 
commenter said that the Bureau should commit to a formal request for 
comments on all facets of implementation and compliance with the rule. 
This commenter also said that the Bureau should dedicate staff to 
provide definitive answers to industry members that contact the Bureau 
and that it should not be possible for community banks to be criticized 
or penalized for following the instructions or answers obtained from 
Bureau staff. Another commenter said that, during the implementation 
period, the Bureau should regularly communicate with vendors and 
covered financial institutions and consider reasonable extensions of 
the rule's compliance date if issues that could affect industry 
preparedness arise.
    Another commenter said that the Bureau should create a compliance 
liaison office that has the primary goal of supporting industry in 
their regulatory submissions and fair lending analyses. This commenter 
said that this liaison office would require multiple types of 
specialists in order to function properly and would need ties to other 
teams so that feedback loops work properly. This commenter further said 
that questions on specific data entry topics should be saved and 
communicated to the Office of Regulations and others at the Bureau. The 
commenter said that Bureau guidance provided to individual industry 
members should be converted into frequently asked questions and tagged 
for purposes of amending existing regulations. The commenter further 
said providing verbal guidance is helpful, but slow, and potentially 
inconsistent. This commenter also alleged that the Bureau does not 
track data related to questions received and asserted that such lack of 
tracking limits the responsiveness of the Bureau in adapting 
regulations to properly include current industry practices. A different 
commenter said that the Bureau should consider holding a series of 
public meetings or hearings to take testimony from small businesses, 
lenders, and trade associations regarding the impact that 
implementation of the proposed rule will have on each group as well as 
on the privacy risks inherent in the proposed data collection and 
public reporting by the Bureau.
    Finally, there were two comments on supervision and enforcement 
related issues. These commenters said that the Bureau should coordinate 
with other Federal agencies to develop model examination procedures in 
advance of the Bureau publishing a final rule. One of these commenters 
further predicted that, absent a clear description of the methodologies 
that might be employed to perform fair lending analysis, there would 
likely be a period where prudential regulators' examination 
expectations are in flux and, perhaps, materially inconsistent.
Responses to Comments Received
    The CFPB aims to provide a wide variety of guidance about the 
legislative rules it issues pursuant to the Administrative Procedure 
Act. Although this guidance may include materials such as advisory 
opinions, interpretive rules, and general statements of policy, the 
CFPB's guidance more often includes other materials and activities that 
generally reiterate requirements or positions that previously have been 
announced in a legislative rule or elsewhere (hereinafter 
``implementation resources''). These implementation resources include 
such documents and materials as rule summaries, compliance guides, 
checklists, factsheets, frequently asked questions, institutional and 
transactional coverage charts, webinars, and other compliance aids 
directed to regulated entities, the general public, or agency staff 
(e.g., staff manuals). In recent years, the CFPB has

[[Page 35182]]

developed a process for preparing and releasing these implementation 
resources. For rules such as this one, the CFPB generally engages in a 
phased approach and attempts to provide various implementation 
resources throughout the implementation period and for some period 
after the compliance date.
    The CFPB has provided, simultaneously with this rule's release, a 
Filing Instructions Guide, an executive summary, and other resources to 
help financial institutions understand and comply with the final rule. 
These materials are available on the CFPB's website.\289\
---------------------------------------------------------------------------

    \289\ See https://www.consumerfinance.gov/compliance/compliance-resources/small-business-lending-resources/small-business-lending-collection-and-reporting-requirements.
---------------------------------------------------------------------------

    Additionally, the CFPB is planning to release a Small Entity 
Compliance Guide. This Small Entity Compliance Guide will provide a 
detailed and comprehensive summary of the rule's requirements, will 
include examples, and will be separate from and different than any 
examination manuals or other supervisory materials. The CFPB also 
anticipates providing other written implementation resources to assist 
industry, vendors, and others. When providing implementation resources, 
the CFPB will consider all of its available tools and select the tool 
that it believes is best suited to the content that the CFPB is 
addressing in the guidance as well as the timing of the guidance. 
Individuals who would like to be notified when the CFPB releases 
additional implementation resources or other guidance can sign up to 
receive notifications. However, with regard to one commenter's request, 
the CFPB does not anticipate developing materials attempting to show 
members of industry how to conduct research. The CFPB believes that 
such materials are outside the scope of the CFPB's implementation and 
guidance function and are regularly provided by other sources.
    With regard to the comments addressing outreach, the CFPB notes 
that it has and anticipates that it will continue to engage in ongoing 
outreach related to this rulemaking. As discussed in part III above, 
the CFPB engaged in considerable outreach to industry and other 
stakeholders in the years leading up to issuing this final rule, and 
intends to continue to engage with industry, along with vendors and 
other stakeholders, as they prepare to comply with the rule. With 
regard to one commenter's request that the CFPB hold a series of public 
meetings or hearings to take testimony from small businesses, lenders, 
and trade associations regarding the impact that implementation of the 
proposed rule will have on each group prior to issuance of the final 
rule, the CFPB did not believe this was needed given the number of 
substantive comment letters it received and the opportunity provided to 
stakeholders to submit comments on the proposed rule and its potential 
impact. Nonetheless, as described in part III.B above, the CFPB has 
been conducting technical outreach with third-party software providers 
that serve financial institutions and software and technology staff 
from financial institutions that are likely to have to report small 
business lending data to the CFPB. With these software vendors and 
technical staff, the CFPB has held and, after publication of this final 
rule, will continue to hold discussions concerning the technical 
systems and procedures the CFPB will provide for financial institutions 
to submit data. The CFPB expects that its outreach efforts will provide 
a channel of communication for industry, vendors, and other parties to 
constructively provide feedback on the CFPB's existing implementation 
resources as well as provide direction for future implementation 
resources.
    As set out in more detail above, some commenters said that the CFPB 
should provide staff to address questions or issues that arise during 
implementation of the rule. One commenter suggested that the CFPB 
develop a compliance liaison office. Similar to what it has done with 
inquiries about HMDA/Regulation C, the CFPB anticipates that it will 
use its regulatory inquiries function to assist individual inquirers 
who have specific questions about the rule or how to submit data 
pursuant to the rule. This function is designed to provide inquirers 
with brief, informal assistance on regulatory or technical issues. 
However, in part because of Administrative Procedure Act constraints, 
the CFPB cannot provide binding or official interpretations through 
this informal function. In addition, there are other limits on the 
regulatory inquiries function and on the CFPB's other implementation 
resources. For example, the CFPB does not provide legal advice through 
the regulatory inquiries function.
    In addition, the CFPB already reviews the inquiries it receives and 
uses information gleaned from those reviews to help the CFPB prioritize 
provision of various other types of guidance. Thus, when the CFPB 
receives multiple individual inquiries about the same topic, the CFPB 
often prioritizes that topic for webinars and various forms of written 
guidance, potentially culminating in revisions to the Official 
Interpretations or the regulatory text after a notice-and-comment 
process. Thus, as requested by one commenter, the CFPB already tracks 
data regarding the inquiries it receives and, as appropriate given the 
nature of the inquiries and the CFPB's resources, uses them as a basis 
for frequently asked questions, other implementation resources, or 
other action. The CFPB anticipates doing the same with inquiries 
received about this rule.
    With regard to the comments related to supervision, the CFPB notes 
that it will coordinate with other Federal agencies to develop 
examination procedures in connection with the rule, and anticipates 
publishing such procedures in advance of the rule's first compliance 
date.
3. Comments Regarding Overlaps With Other Data Reporting Regimes
Comments Received
    General comments. Several commenters cast the overlap between this 
rule and other Federal data collection rules in a positive light. A 
community group and a CDFI lender observed that small business lending 
data are collected piecemeal and haphazardly across multiple agencies--
including the Federal bank agencies, the SBA, and the CDFI Fund--and 
that this rule could be used to consolidate small business lending data 
reporting across agencies to reduce administrative burden by satisfying 
requirements across programs for various CRA and fair lending uses.
    Two commenters noted that the existence of other data collection 
regimes, including Federal reporting requirements and private-sector 
reporting (such as HMDA; the SBA 7(a), 504, and Community Advantage 
Loan programs; CDFI Fund reporting; the Wells Fargo Diverse Community 
Capital Program; and the Paycheck Protection Program) suggested that 
compliance with this rule is feasible because these other data 
collections make this rule well-understood in conceptual, 
technological, and procedural terms. One commenter noted that these 
other data collections cover all but three of the data points in the 
NPRM (application method, application recipient, and denial reasons).
    Several commenters stated their appreciation for the Bureau's 
attempts to harmonize this rule with others and avoid duplicative data 
reporting. One bank noted that avoiding duplicative reporting was 
critical for community banks, for which even slight differences in 
reporting rules would be

[[Page 35183]]

burdensome, taking away from time that could be spent with customers.
    Many other commenters, including lenders, trade associations, a 
business advocacy group, and a group of State banking regulators, noted 
the overlap between this rule and other data collection regimes, and 
requested that the Bureau harmonize this rule with other similar data 
reporting regulations, with which lenders were familiar, to minimize 
challenges, complexity, duplication, potential burden on lenders, and 
potential errors in the data. These commenters named HMDA/Regulation C, 
CRA, FFIEC Call Reports, Regulation B/ECOA, and FinCEN's Beneficial 
Ownership Rule as specific examples of other rules that the required 
harmonization with this rule and that, in many cases, the Bureau itself 
identified as overlapping.
    Commenters argued that, by borrowing from existing frameworks or 
systems, the Bureau could reduce complexity and facilitate industry 
compliance, allowing financial institutions to leverage existing 
processes, training and institutional knowledge. For instance, some 
commenters suggested that the thresholds in this rule be aligned with 
those of HMDA and CRA. Other commenters suggested that the Bureau could 
adopt the framework in FinCEN's beneficial ownership rule for this 
rule's method of determining minority-owned and women-owned status, 
rather than layering on a new definition of ``primary owners,'' which 
they suggested would add unneeded complexity to the loan origination 
process.
    Industry commenters also asserted that by aligning this rule with 
existing rules, such as HMDA and CRA, the Bureau could avoid imposing 
inconsistent or duplicative reporting requirements to avoid errors from 
regulatory confusion and urged the Bureau to avoid requiring lenders to 
report different data for the same transaction.
    Several other commenters identified other concerns with overlapping 
reporting. One bank noted that, while the Bureau tried to harmonize its 
requirements with other rules, even slight deviations between rules 
cause problems, which may confuse customers and make them more likely 
to refuse to provide data. Another bank noted that some HMDA and CRA 
data aggregation and submission systems rely upon identifiers to 
separate and process these different datasets, which the bank suggested 
was another reason to keep loans reportable under this rule separate 
from those reportable under HMDA.
    A number of industry commenters and a group of State banking 
regulators requested that the Bureau not require financial institutions 
that already report data to duplicate their work. One stated that banks 
already report a significant amount of data to prudential regulators, 
and that the Bureau should eliminate duplicative reporting. Other 
commenters asked that the Bureau work with Federal agencies to align 
this rule with the FFIEC Call Report, and CRA and HMDA regulations to 
avoid duplication, reduce compliance burden, and reduce the potential 
for data errors. Two banks urged the Bureau to exempt loans reportable 
under other data reporting regimes, such as HMDA- and CRA-reportable 
loans. Another noted that its staff is trained on the established 
requirements of HMDA and CRA, and that removing duplicative or 
inconsistent requirements would reduce compliance costs, providing 
savings that could be passed on to the borrowers. Two community-
oriented lenders suggested that the Bureau exempt all credit 
applications under Federal agency programs, as the data points proposed 
in this rule are already collected by that loan program's oversight 
agency (i.e., SBA, USDA, etc.).
    Two industry commenters suggested that the Bureau should first use 
existing small business lending data published by the government and 
private sector before collecting additional data, thereby assessing the 
small business finance market without negatively impacting providers of 
capital to entrepreneurs. One bank asserted that the Bureau itself 
admitted it had enough data to analyze the small business lending 
market, and that the rule should focus on collecting data from non-
depository institutions, as it would be duplicative to collect data 
from depositories, which provide data via the FFIEC and NCUA Call 
Reports and already have a history of being regulated.
    Some industry commenters generally requested that the Bureau work 
out inconsistencies between this rule and other data collection 
regimes. Some offered more specific requests for harmonization. One 
suggested more alignment in terms of scope, coverage and exemptions 
between this rule, HMDA and CRA. Another commenter identified 
inconsistencies with existing Regulation B, citing the difference 
between its small business definition ($1 million or less in revenue) 
and the NPRM's proposed definition ($5 million or less). A CDFI lender 
observed that CDFIs report lending activity to the CDFI Fund, SBA, CRA, 
Opportunity Finance Network's annual member survey, and credit 
reporting agencies, and requested that the Bureau standardize data 
formats to match those used in CDFI Fund reporting to streamline data 
collection and minimize burden on CDFIs.
    HMDA. A number of commenters identified overlap between this rule 
and HMDA/Regulation C, and noted that duplicative data would published 
in two places. Some industry commenters requested that the Bureau avoid 
inconsistent and duplicative reporting by excluding from HMDA reporting 
transactions reportable under this rule. Two trade association 
suggested a parallel rulemaking to amend Regulation C, timed with the 
release of this final rule.
    On the other hand, other commenters suggested that HMDA-reportable 
loans should be excluded from this rule to avoid duplicative reporting, 
undue compliance burden, and regulatory confusion. A business advocacy 
group noted that the Bureau itself identified the overlap between HMDA-
reportable loans and loans covered by this rule. A trade association 
suggested the Bureau could narrowly tailor an exemption by apply the 
rule only to financial institutions that report data under HMDA, 
without an exclusion for HMDA-reportable loans by lenders that are not 
HMDA reporters, arguing that a narrowly tailored exclusion would serve 
the statutory purposes of the rule because commercial mortgage loans 
for small businesses would be captured under HMDA or this rule. A bank 
believed that duplicative reporting of HMDA-reportable applications did 
not serve the statutory purposes of the rule. A large bank disagreed 
with the Bureau's assertion that excluding HMDA-reportable transactions 
from this rule would add complexity to the analysis of data by 
requiring lenders to find and delete HMDA-reportable transactions from 
its submission to the Bureau; the bank argued that duplicative 
reporting was more complex. One lender stated that farm credit data are 
already collected from Farm Credit System lenders subject to HMDA.
    A number of commenters identified, generally, inconsistencies 
between the proposed requirements for this rule and those of HMDA/
Regulation C. Many industry commenters pointed out that many proposed 
data points in the NPRM would be similar to data points in Regulation 
C, and expressed concern that any differences in reporting requirements 
for these data points would lead to confusion and data errors. Two 
trade associations asserted that the overlap in data would create 
significant

[[Page 35184]]

and needless complexities for covered lenders, and noted that there 
were inconsistencies between the rules despite the Bureau's attempts to 
limit them.
    Several lenders requested that the Bureau harmonize this rule with 
Regulation C to the extent possible if no exemptions were possible. A 
large bank asked that the Bureau harmonize several data points--action 
taken, application date, and ethnicity, race, and sex of principal 
owners--because lenders would be able to collect these data just once 
for each small business applicant, increasing efficiency in the 
application process and facilitating compliance.
    Some commenters addressed overlap between specific data points 
proposed in the NPRM and existing data point requirements under 
Regulation C. A number of industry commenters noted that for census 
tract, HMDA uses the tract where collateral is located while the Bureau 
proposed to use a waterfall approach of several addresses. Two lenders 
pointed out that HMDA does not have the firewall requirement proposed 
for this rule in the NPRM; one of these commenters suggested that the 
final rule follow the HMDA approach (no firewall) for HMDA-reportable 
loans.
    On the reporting of ethnicity, race, and sex of principal owners, 
two lenders noted that this rule and HMDA offer different answer 
choices. One of the commenters noted that lenders would provide two 
separate questionnaires regarding ethnicity, race, and sex for a single 
loan application, which could confuse applicants and make them decline 
to answer either one.
    Several lenders noted that the proposed visual observation and 
surname provision, which does not require its use to determine the sex 
of a principal owner, was not aligned with the visual observation and 
surname requirement under Regulation C, which does require its use to 
determine the sex of a mortgage applicant. One stated that this 
disparity would cause confusion and errors in data collection. Another 
stated that for a loan application covered by both rules, the disparity 
would mean complying with one rule and violating the other.
    Regarding credit purpose, a bank noted that a loan to a small 
business to purchase, improve, or refinance an apartment building would 
require different information to be collected and reported under both 
rules.
    On action taken, one bank noted a disparity between the approaches 
of the proposed rule (one option for ``incomplete'' as an action taken) 
and of Regulation C (two different incompleteness options--one for a 
loan denial and the other for file closure) that it believed would 
cause difficulty, despite agreeing with the proposed rule's approach. 
Another bank noted that the proposed rule would require collection of 
gross annual revenue for the past fiscal year, while Regulation C 
requires the income used for the credit decision.
    Community Reinvestment Act. A number of commenters noted the 
similarities between the small business and small farm data collected 
under CRA and this rule and suggested eliminating duplication. One 
community group stated that the data for this rule should replace CRA 
data, noting that this rule could replace the inconsistent, duplicative 
and inefficient collection of small business lending data with a 
comprehensive database. The commenter stated that lenders and community 
groups both would prefer to consult with one database than to contend 
with two or more that are collected annually, and that this rule is 
likely to capture more data than the current CRA system. A bank 
suggested eliminating CRA reporting requirement as data collected under 
this rule would duplicate and surpass the CRA data points, but would 
not be interoperable as each rule would require different formatting, 
rounding, or coding. A minority business advocacy group and a joint 
letter from community and business advocacy groups requested that 1071 
data be used for CRA examinations, just as HMDA data are. These 
commenters noted that current small business small farm data for CRA 
examinations is limited and not a good indication of whether lenders 
serve the most vulnerable businesses, and that the more robust dataset 
to be collected under this rule would be a better indicator.
    One bank asked that the Bureau work with other Federal regulators 
to eliminate duplication with CRA data reporting, noting that CRA data 
already provides a good picture of lending to small business including 
agriculture. Another bank suggested that the Bureau, rather than create 
a new data collection requirement, exempt federally insured 
depositories and work with other Federal regulators to enrich existing 
CRA reporting to include the data the Bureau wants to collect under 
section 1071. The commenter noted that insured depositories already 
have robust CRA reporting systems, and generally already collect and 
report data required by the NPRM to meet CRA obligations. The bank 
stated that the use of CRA systems to report 1071 data would result in 
the faster delivery of information the Bureau needs at lower cost to 
reporters. The bank also suggested that the CFPB should focus this rule 
on non-depository institutions that do not now have robust reporting 
requirements. The commenter also stated that institutions are already 
comfortable with CRA reporting and understand how regulators use such 
information, but noted that they did not understand how data collected 
pursuant to section 1071 would be used and was concerned the Bureau 
would use it to retaliate and micromanage lenders, as it did in the 
consumer lending space.
    A number of lenders asked that the Bureau work collaboratively with 
the prudential regulators to eliminate inconsistencies and duplication 
with CRA data reporting. A CDFI lender asserted that successful 
implementation of this rule would necessitate coordination of data 
requirements and encouraged the Bureau to coordinate with the CRA 
agencies to align rules to ensure that lenders covered by CRA continue 
to meet credit and community development needs of small businesses, 
particularly those owned by women and minorities. One bank noted that 
duplicate and inconsistent requirements would increase the compliance 
burden on lenders as well as data errors, and that inconsistent data 
reporting would require more resources without adding value. A bank 
stated that inconsistent definitions could cause community stakeholders 
to misinterpret data and draw incorrect conclusions regarding a 
lender's performance.
    One bank supported a more streamlined approach taking advantage of 
existing CRA processes and definitions to reduce costs and burdens 
related to this rule, which in turn would ease burdens on lenders and 
reduce costs that would ultimately be passed on to the borrower. 
Another commenter suggested that the Bureau work closely with the 
agencies working on the modernization of CRA rules to reduce 
duplication and the friction caused by differences between the rules.
    A number of commenters identified specific areas of inconsistency 
between the CRA and this rule. Several banks and a trade association 
noted that the small business definition proposed in the NPRM, 
businesses with gross annual revenue greater than $5 million, was 
inconsistent with the CRA definition, which included an asset threshold 
and originated loans less than $1 million. One bank stated that this 
discrepancy was likely to cause staff confusion and possible data 
integrity issues. A trade association requested that the Bureau adopt 
the CRA's small business definition using a loan size of $1 million

[[Page 35185]]

and other Federal laws to create alignment for those lenders that 
already comply with existing regulations, and that a focus on 
businesses with $1 million in revenues would support the Bureau's goal 
of promoting small business lending in underserved areas to underserved 
small businesses, that are more likely to be closer to $1 million 
rather than $5 million in revenue. Two banks stated that banks may 
receive more CRA credit for small business loans originated to 
businesses with $1 million or less in gross annual revenues.
    Several commenters noted that the rule proposed a waterfall 
approach to using addresses to determine census tract, while CRA 
regulations inquire only about where loan funds are used. One bank 
commented that this meant that a single loan could result in the 
reporting of different census tracts for purposes of the two rules. 
Another bank suggested that a better way to achieve consistency with 
CRA was to allow lenders reporting under this rule to choose which of 
the three addresses to use and require the institution to report which 
address type it used.
    Some industry commenters noted that the Bureau reduce its gross 
annual revenue threshold for its small business definition under this 
rule from $5 million to $1 million to align with CRA. A trade 
association noted that the $1 million threshold would align with the 
threshold for FFIEC Call Reports and for existing Regulation B, which 
requires tracking of loans to businesses with $1 million or less in 
revenue for purposes of sending adverse action notices under Sec.  
1002.9(a)(3). The commenter also stated that using this threshold would 
also mean that other data from this rule could be compared with CRA 
data, leading to a better evaluation of a bank's small business lending 
performance.
    One bank stated that a discrepancy between this rule and CRA on the 
revenue threshold could lead to errors, given the many manual processes 
still used. Another bank asserted that a $5 million threshold would 
capture applications from businesses it did not consider small.
    Several trade associations claimed that the proposed rule did not 
treat renewals and extensions the way CRA regulations do.
    SBA. Several commenters stated that SBA-reportable loans should be 
exempt from the rule, including loans under the SBA 7(a) and 504 
programs. One commenter stated that the Bureau should work with SBA to 
select reportable data elements and then obtain them from the SBA on 
loans and application denials to ease the reporting burden of SBA 
lenders, and that the majority of applications are already captured by 
third-party lending partners in the 504 program.
    One bank stated that the Bureau's proposed small business 
definition is too broad and may capture entities that are not true 
small businesses. The commenter originated many multi-family loans to 
entities formed for the sole purpose of investing in real estate, not 
to run a small business, and asserted that the proposed definition 
would capture entities not consistent with SBA's definition of small 
business based on number of employees by industry and would be 
consistent with the spirit of section 1071, and that this would skew 
data.
    FinCEN. One bank stated that data reported under this rule would be 
better provided through other means, such as FinCEN's recent business 
database and registry.
    CDFI Fund. Some commenters, including a number of community-
oriented lenders and community groups, stated that the Bureau should 
work with the CDFI Fund to streamline integrating the data from this 
rule with that of the CDFI Fund. Several commenters stated that new 
requirements from the CDFI Fund will likely expand transaction level 
reporting requirements to all certified CDFIs. One CDFI lender noted 
that the CDFI Fund's review and improvement to its current annual 
reporting process could create an opportunity to harmonize its 
definition, types of data collection, and timing of reporting with the 
Bureau. Another CDFI lender stated that the Bureau should work with the 
CDFI Fund to ensure that reporting requirements are aligned; CDFIs are 
currently required by Federal law to collect, maintain, and report 
specific demographic data about small businesses and consumers to 
ensure they serve their target communities. Several others stated that 
the Bureau should work with the CDFI Fund and loan software providers 
to streamline the process of integrating new data collection processes 
into existing systems. Some commenters noted that certain CDFIs must 
report data points such as interest rate, origination, points and fees, 
amortization type, loan term, and payment dates to the CDFI Fund. 
Several also pointed out that some CDFIs also report on loans to the 
SBA, to Federal prudential banking regulators pursuant to the CRA, and 
to a non-profit's annual member survey.
    One lender stated that CDFIs have long sought guidance from the 
Bureau on compliance with overlapping statutory requirements from the 
CDFI Fund, ECOA, and Regulation B, and recommended that the Bureau use 
this rulemaking process to clarify data collection requirements in 
coordination with the CDFI Fund to avoid potential conflicts.
    Several commenters said that some CDFIs will have to adjust 
processes and systems to comply with this rule, that the CDFI industry 
uses several different loan software products, and providers 
continually modify systems to comply with the CDFI Fund's reporting 
requirements.
    One commenter stated that the Bureau should collect credit score, 
as CDFI Fund does, because it permits an ``apples-to-apples'' 
comparison of loans to help determine if small businesses that have 
historically struggled to access responsible loans receive credit on 
identical terms as white-owned businesses. The commenter also said that 
the burden to collect this would be minimal, as many CDFIs already 
report it to the CDFI Fund.
    Farm Credit. An agricultural lender stated that a lack of 
understanding of the Farm Credit System by the Bureau would have 
unintended and detrimental consequences for those lenders' customers. 
The lender noted that these lenders institutions already report lending 
on Young, Beginning and Small lending efforts and volume (12 CFR 
614.4165) to the Farm Credit Administration.
    Agency cooperation. One bank suggested that the Bureau work with 
SBA to create more women-owned and minority-owned business programs, 
such as diversity loan programs to help the underserved, noting that 
the Dodd-Frank Act was passed as a reaction to the practices of larger 
lenders but would affect smaller lenders disproportionately.
    A State financial regulator requested that the Bureau work with 
State regulators to provide them data. The commenter noted that the 
NPRM proposed modifications or deletions to protect privacy interests 
but was silent on whether the Bureau would share unredacted data with 
State regulators, and urged the Bureau to include in the final rule 
express language permitting the Bureau to share data collected under 
this rule with State regulators in accordance with information sharing 
agreements. The commenter noted that such data will help State 
regulators identify fair lending violations and enforce anti-
discrimination laws.
Responses to Comments Received
    General comments on overlap. The CFPB acknowledges the general 
comments concerning the overlap between this rule and other data

[[Page 35186]]

collection regimes, and general requests that the Bureau harmonize this 
rule with other similar data reporting regulations. The CFPB recognizes 
the overlap with other rules and in this final rule has made attempts 
to minimize the challenges, complexity, and duplication of effort, as 
well as potential errors in the data. In some instances, duplicate 
reporting will be eliminated--this rule will not require the reporting 
of any HMDA-reportable applications, and proposed amendments to CRA 
regulations would eliminate reporting on small business and small farm 
reporting to be replaced exclusively by data from this rule. In 
addition, the CFPB attempted wherever possible (i.e., consistent with 
its statutory authorities under this rule) to borrow concepts or 
structures from other rules, such as FinCEN's customer due diligence 
rule. The CFPB also intends to continue to coordinate with other 
agencies to further harmonize this final rule with other similar 
regulations.
    Regarding the requests that the Bureau not require financial 
institutions that already report data to duplicate their work, or that 
the Bureau exempt all loan applications under Federal agency programs, 
the CFPB has made certain adjustments in the final rule. As noted 
above, duplicate reporting will be eliminated for HMDA-reportable loans 
and, pursuant to proposed amendments to CRA regulations, under the CRA. 
However, other data reporting regulations have purposes sufficiently 
different from those of this rule such that the regulations are not 
completely overlapping, and that the simple elimination of one of the 
two reporting requirements would not advance both regulations. For 
instance, data reported via FFIEC Call Reports are not motivated only 
by considerations of fair lending and community development. In 
addition, such other reporting requirements address only originations, 
while section 1071 requires reporting on applications.
    Regarding the comment that the Bureau should first use existing 
small business lending data generated by the government and private 
sector before collecting additional data, Congress disagreed when it 
passed section 1071 calling for data on small business lending 
applications. Existing data capture only limited application-level data 
on lending to small businesses by depository institutions, and hardly 
any application-level data on lending to small businesses by non-
depository institutions.
    Regarding requests that the CFPB work out inconsistencies between 
this rule and other data collection regimes, and that the Bureau 
standardize data formats to match those used in other data reporting, 
especially for CDFIs, the CFPB has attempted to do so in this final 
rule where consistent with section 1071's statutory purposes. In 
addition, the CFPB intends to work with agencies and other sources of 
small business lending data to explore other possible avenues for 
additional standardization.
    HMDA. Regarding the identification of overlap between this rule and 
HMDA/Regulation C, and the requests to avoid duplicative reporting, the 
CFPB is exempting HMDA-reportable transactions from the requirements of 
this rule. This new provision would have the effect of eliminating 
inconsistencies between the two rules, the duplication of data 
collection and reporting, and potential data errors. However, the 
Bureau is not adopting a more narrowly tailored exclusion that would 
not apply to HMDA-reportable loans by financial institutions that are 
not HMDA reporters. For the reasons set out in the section-by-section 
analysis of Sec.  1002.104(b)(2), the CFPB has determined that trying 
to close all potential data gaps would defeat the purpose of trying to 
alleviate concerns from commenters about having to implement and 
maintain two separate reporting systems. The CFPB's decision to exempt 
HMDA-reportable transactions also renders moot comments concerning 
inconsistencies between specific data points in Regulation C and those 
proposed for this rule, along with the firewall requirement.
    Community Reinvestment Act. Regarding the comments identifying the 
similarities between the data required by this rule and the 
requirements of the CRA, and the request that the data of this rule 
replace the data for the CRA, the CFPB notes that, as stated in part 
II.F.2.i above, the CRA agencies have issued a proposed rule that, 
amongst other things, would exclusively rely on 1071 data for its 
assessment of the small business and small farm lending activities of 
banks, replacing the existing CRA data requirements based on Call 
Reports and other sources. The CFPB believes that when the final rule 
amending the CRA requirements is issued, duplication between the CRA 
and this rule will be eliminated, as requested by numerous commenters, 
including industry and community groups. As some community groups 
suggested, the CRA proposal contemplates using 1071 data for CRA 
examinations in the manner that HMDA data are currently used in CRA 
examinations. The CFPB agrees with these commenters that 1071 data 
would be more robust than the data currently collected under existing 
CRA rules.
    Regarding the various request that the Bureau work with other 
Federal regulators to eliminate duplication, the CFPB observes that the 
CRA agencies appear to intend with their proposed rule to eliminate 
duplicative reporting by both relying on the Bureau's small business 
lending data and eliminating any independent data collection 
requirement. The CFPB intends to continue cooperating with the CRA 
agencies to ensure coordination between this rule and amendments to the 
CRA regulations, especially those concerning potentially duplicative 
reporting.
    Regarding the comments that the Bureau should exempt lenders that 
report under the CRA, the CFPB does not believe such an exemption would 
be appropriate. In addition, in light of the CRA's proposal to use data 
collected and reported pursuant to section 1071, the result of such an 
exemption might be that no small business lending data would be 
collected for such institutions.
    Regarding the comments that identified specific inconsistencies 
between the CRA and this rule, the CFPB does not disagree that the 
inconsistencies identified exist but notes that the CRA's proposal that 
the CRA agencies rely exclusively on 1071 data for their analysis of 
small business and small farm lending would render these 
inconsistencies moot because only 1071 data would exist. Regarding the 
comment that the Bureau should reduce its gross annual revenue 
threshold for its small business definition under this rule from $5 
million to $1 million to align with FFIEC Call Reports and for 
Regulation B, the CFPB is not doing so for the reasons set out in the 
section-by-section analysis of Sec.  1002.106(b). The CFPB believes 
that a small business definition with a lower threshold would not 
further the statutory purposes of the rule because it would reduce the 
amount of data collected concerning lending to many businesses that, 
according to other metrics would still be considered small though above 
$1 million in revenue. In addition, the Bureau believes that analyses 
seeking to match or compare data from this rule that are interoperable 
with small business lending data from FFIEC need only screen this 
rule's data for gross annual revenue of less than $1 million, which 
this rule requires as a data point. For instance, the CRA NPRM proposes 
screening the 1071 data for loans to small businesses and small farms 
under $1 million revenue for purposes of certain parts of CRA 
examinations.
    SBA. The CFPB is not exempting SBA-guaranteed loans from reporting

[[Page 35187]]

under this rule. For its 7(a) and 504 programs, the SBA only collects 
and publishes a subset of the data required by this rule for 
originations. Still, the CFPB intends to coordinate with SBA to try to 
reduce duplicative reporting.
    FinCEN. Regarding the comment that the data reported under this 
rule would be better provided through other means, such as via FinCEN's 
recent business database and registry, the CFPB understands that 
database is not set up to receive small business lending data.
    CDFI Fund. Regarding comments that the Bureau should work with the 
CDFI Fund to harmonize reporting under the CDFI Fund's Transaction 
Level Report requirements with this rule, the CFPB agrees to coordinate 
with the CDFI Fund to determine where it is possible to avoid 
duplicative or inconsistent reporting of data and how to resolve any 
overlapping statutory requirements. The CFPB observes that it may not 
be possible to simply eliminate duplicate reporting, as with HMDA or 
CRA reporting, given the differences in purposes and the requirements 
of the CDFI Fund compared to those of this rule. Regarding comments 
that the Bureau should work with loan software providers, the CFPB 
agrees and intends to meet with software providers as it develops the 
small business lending data submission platform to determine how 
reporting can be streamlined for CDFIs that must report small business 
lending data to various agencies, such as the CFPB under this rule, the 
SBA, and the CDFI Fund.
    Regarding the comment that the Bureau should collect credit score, 
as CDFI Fund does, the CFPB notes that, as stated in the section-by-
section analysis of Sec.  1002.107(a), the CFPB believes that this data 
point--which the CFPB would also have to collect from other financial 
institutions that may have operations quite different from CDFIs--could 
be quite complicated and involve complex sub-fields, which could pose 
operational difficulties for financial institutions in collecting and 
reporting this information.
    Farm Credit. Regarding the comments that the Bureau's lack of 
understanding of the Farm Credit System would have unintended and 
detrimental consequences for FCS customers, and that the FCS lenders 
already report data to the Farm Credit Administration, the CFPB has 
consulted with FCS lenders, and believes that its approach will result 
in consistency across the data collected under this rule, more robust 
fair lending analyses and transparency into opportunities for small 
farms, and a more even playing field for compliance across all 
financial institutions.
    Agency cooperation. Regarding the comment that the Bureau work with 
SBA to create more women-owned and minority-owned business programs, 
the CFPB regularly engages with other Federal regulators on a range of 
work that implicates its statutory mission; that includes, as 
appropriate, the SBA. Regarding the request that the Bureau provide 
small business lending data to State regulators, the CFPB agrees that 
doing so would likely be consistent with the statutory purposes of the 
rule. The CFPB will engage with State and Federal regulators regarding 
their access to small business lending data collected under this final 
rule, while ensuring that data security and data privacy are 
appropriately protected.

E. Cross-Cutting Interpretive Issues

1. The Bureau's Approach to Non-Small Women-Owned and Minority-Owned 
Businesses in This Rulemaking
    ECOA section 704B(b) states that ``in the case of any application 
to a financial institution for credit for [a] women-owned, minority-
owned, or small business,'' the financial institution must ``inquire 
whether the business is a women-owned, minority-owned or small 
business. . . .'' As explained below, the Bureau proposed to require 
financial institutions to collect and report data regarding 
applications for credit for small businesses; the Bureau did not, 
however, propose to require financial institutions to collect and 
report data with respect to applicants that are not small businesses.
    The Bureau believed that section 1071 was ambiguous with respect to 
its coverage of applications for credit for non-small women- or 
minority-owned businesses, and the Bureau therefore proposed to 
interpret this ambiguity pursuant to ECOA section 704B(g)(1). The 
Bureau acknowledged that the plain language of 704B(b) could be read to 
require financial institutions to collect information from all women-
owned and minority-owned businesses, including those that are not small 
businesses. But based on a close consideration of the text, structure, 
and purpose of the statute, and the interactions between section 1071 
and other provisions of ECOA and Regulation B, the Bureau believed that 
the statute's coverage of, and Congress's intent with respect to, data 
regarding non-small businesses was ambiguous. The Bureau proposed this 
approach as an interpretation of the statute pursuant to its authority 
under 704B(g)(1), and, in the alternative, pursuant to both its 
authority under 704B(g)(2) to adopt exceptions to any requirement of 
section 1071 as the Bureau deems necessary or appropriate to carry out 
the purposes of section 1071 and its implied de minimis authority.
    The Bureau sought comment on its proposed approach to limiting the 
scope of data collection pursuant to subpart B to covered applications 
for small businesses, but not women- or minority-owned businesses that 
are not small.
    Several commenters, including industry and community groups, 
supported limiting the scope of data collection as the Bureau proposed. 
In particular, a cross-sector group of lenders, community groups, and 
small business advocates stated that the Bureau had taken a reasonable 
and adequately comprehensive approach in proposing to include only 
minority- and women-owned businesses that are ``small,'' as this would 
cover 99.9 percent of all minority- and women-owned businesses. The 
group further noted that the Bureau should continue to monitor the U.S. 
Census Bureau's Annual Business Survey and adjust this requirement if 
minority- or women-owned businesses that are not considered ``small'' 
exceed 1 percent. In contrast, a State financial regulator commented 
that data collection on non-small women- or minority-owned businesses 
was important for fair lending enforcement purposes and would provide 
for better consistency with States pursuing similar information 
collection requirements. In response to the latter comment, the Bureau 
notes that such data collection would be of limited utility in light of 
section 1071's statutory purposes because, as discussed below, the lack 
of a control group (i.e., data on non-small businesses that are neither 
women-owned nor minority-owned) would limit such data's utility for 
fair lending enforcement purposes. For the reasons set forth herein, 
the Bureau is finalizing the approach to non-small women-owned and 
minority-owned businesses as proposed.
    The Bureau interprets ECOA section 704B(b) and (b)(1) to require 
that financial institutions first determine whether an applicant is a 
small business within the scope of the rule's data collection before 
making the required inquiries that would otherwise be prohibited by 
existing Regulation B. There is a general prohibition in existing 
Regulation B (in Sec.  1002.5(b)) which states that a ``creditor shall 
not inquire about the race, color, religion, national origin, or sex of 
an applicant or any other person in connection with a credit 
transaction, except if expressly permitted to do so by law or 
regulation.

[[Page 35188]]

    In the introductory language to ECOA section 704B(b), Congress 
instructed that section 1071's data collection regime applies only ``in 
the case of any application to a financial institution for credit for 
women-owned, minority-owned, or small business'' (emphasis added). The 
Bureau believes that ``in the case of'' indicates Congress's intent to 
limit application of section 1071 to these types of businesses, rather 
than requiring financial institutions to make 1071-related inquiries of 
all business applicants for credit.\290\ The next paragraph 
(704B(b)(1)) does not use the conditional phrase ``in the case of'' 
used in 704B(b); rather, it instructs a financial institution to 
``inquire.'' The Bureau believes that the instruction to ``inquire'' in 
704B(b)(1) is intended to provide the necessary exception to Regulation 
B's general prohibition against ``inquir[ing]'' as to protected 
demographic information in connection with a credit transaction.\291\ 
Indeed, absent section 1071's lifting of the prohibition, generally, a 
financial institution could not determine, or even ask about, an 
applicant's women- or minority-owned business status, because doing so 
would necessarily constitute ``inquir[ing] about the race, color, 
religion, national origin, or sex of an applicant'' in violation of 
existing Sec.  1002.5(b). The Bureau believes that Congress likely 
intended to ensure that financial institutions could determine whether 
section 1071's data collection and reporting requirements apply to an 
applicant without risking a violation of other provisions of ECOA and 
Regulation B.
---------------------------------------------------------------------------

    \290\ Merriam-Webster defines ``case'' as meaning ``a set of 
circumstances or conditions,'' ``a situation requiring investigation 
or action (as by the police),'' or ``the object of investigation or 
consideration,'' https://www.merriam-webster.com/dictionary/case 
(last visited Mar. 20, 2023).
    \291\ As discussed in greater detail in the next section, the 
fact that the language of ECOA section 704B(b)(1) is designed to 
expressly permit inquiry into protected demographic information, 
which would otherwise be prohibited by existing Sec.  1002.5(b), is 
also evidenced by the statute's three provisions creating special 
protections for responses to the inquiry: 704B(b)(2) requires that 
responses to inquiries about protected demographic information 
remain separate from the application and accompanying information; 
704B(c) requires that applicants have a right to refuse to answer 
the inquiry about protected demographic information; and 704B(d) 
requires that certain underwriters or other employees involved in 
making determinations on an application not have access to the 
responses to inquiries about protected demographic information.
---------------------------------------------------------------------------

    However, unlike with women- and minority-owned business status, 
there is no legal impediment to a financial institution determining 
whether an applicant is a small business, and financial institutions 
can make that determination as a threshold matter without risking 
running afoul of ECOA and Regulation B. Therefore, the Bureau believes 
that the scope of the introductory ``in the case of'' language in ECOA 
section 704(b) is ambiguous as to coverage of non-small women- and 
minority-owned businesses. To resolve this ambiguity, the Bureau 
applies its expertise to interpreting the language and structure of 
section 1071 within the context of the general prohibition on inquiring 
into protected demographic information in existing Sec.  1002.5(b), and 
concludes that ECOA section 704B(b)(1) is best read as only referring 
to questions about applicants' protected demographic information (i.e., 
women- and minority-owned business status as well as the ethnicity, 
race, and sex of the principal owners of the business). The Bureau 
believes 704B(b)'s more general ``in the case of'' language should be 
understood to indicate the conditions under which data collection 
should take place, and requires financial institutions to make a 
threshold determination that an applicant is a small business before 
proceeding with an inquiry into the applicant's protected demographic 
information.
    A requirement to collect and report data on applications for women-
owned and minority-owned businesses that are not small businesses could 
affect all aspects of financial institutions' commercial lending 
operations while resulting in limited information beyond what would 
already be collected and reported about women-owned and minority-owned 
small businesses. Indeed, as a cross-sector group of lenders, community 
groups, and small business advocates highlighted, approximately 99.9 
percent of women- and minority-owned business are small.\292\ In 
addition, financing for large businesses can be much more varied and 
complex than are the products used for small business lending The 
Bureau will continue to observe the market on this issue.
---------------------------------------------------------------------------

    \292\ In the U.S. Census Bureau's 2018 Annual Business Survey, 
5.7 million firms (99.6 percent of all employer firms) are small, as 
defined within that survey as having fewer than 500 employees. That 
same definition covers one million minority-owned employer firms 
(99.9 percent of all minority-owned firms) and 1.1 million women-
owned employer firms (99.9 percent of all women-owned firms). See 
U.S. Census Bureau, 2018 Annual Business Survey (ABS)--Company 
Summary (2018), https://www.census.gov/data/tables/2018/econ/abs/2018-abs-company-summary.html.
---------------------------------------------------------------------------

    The Bureau also notes that the collection of data on applications 
for non-small women- or minority-owned businesses would not carry out 
either of section 1071's statutory purposes because the data would be 
of only limited usefulness for conducting the relevant analyses of non-
small businesses. Such analyses would necessitate comparing data 
regarding non-small women-owned and minority-owned business applicants 
to data regarding non-small non-women-owned and non-minority-owned 
business applicants, in order to control for lending outcomes that 
result from differences in applicant size. But section 1071 does not 
require or otherwise address the collection of data for non-small 
business applicants that are not women- or minority-owned. Therefore, 
the resulting dataset will lack a control group, arguably the most 
meaningful comparator for any data on non-small women- or minority-
owned businesses. It is unlikely that Congress intended, and the 
statute is reasonably read not to require, the collection of data that 
would be of limited utility.\293\
---------------------------------------------------------------------------

    \293\ See, e.g., Pub. Citizen v. U.S. Dep't of Just., 491 U.S. 
440, 454 (1989) (``Where the literal reading of a statutory term 
would `compel an odd result,' Green v. Bock Laundry Machine Co., 490 
U.S. 504, 509 (1989), we must search for other evidence of 
congressional intent to lend the term its proper scope.'').
---------------------------------------------------------------------------

    Finally, the Bureau notes that the title of section 1071 is ``Small 
Business Data Collection,'' and section 1071 amends ECOA to add a new 
section titled ``Small Business Loan Data Collection.'' In the presence 
of ambiguity, these titles provide some additional evidence that 
Congress did not intend the statute to authorize the collection of data 
on businesses that are not small.\294\
---------------------------------------------------------------------------

    \294\ Almendarez-Torres v. United States, 523 U.S. 224, 234 
(1998) (`` `[T]he title of a statute and the heading of a section' 
are `tools available for the resolution of a doubt' about the 
meaning of a statute.'') (quoting Bhd. of R.R. Trainmen v. Balt. & 
Ohio R.R., 331 U.S. 519, 529 (1947)).
---------------------------------------------------------------------------

    For these reasons, the Bureau interprets ECOA section 704B(b) to 
cover the collection only of data with respect to small businesses, 
including those that are women- and minority-owned. Likewise, as 
discussed immediately below in E.2 of this Overview to part V, the 
Bureau is clarifying that the 704B(b)(1) inquiry, when applicable, 
pertains to an applicant's minority-owned business status and women-
owned business status, as well as an applicant's LGBTQI+-owned business 
status, along with the ethnicity, race, and sex of its principal 
owners. For the same reasons, the Bureau believes that not requiring 
the collection of data with respect to applications for non-small 
businesses would be necessary or appropriate to carry out the purposes 
of section 1071; in the alternative, the Bureau exercises its exception 
authority in 704B(g)(2) to effectuate this outcome. Finally, because

[[Page 35189]]

the Bureau believes that the collection of data on non-small women- and 
minority-owned businesses would ``yield a gain of trivial or no 
value,'' in the alternative the Bureau exercises its implied de minimis 
authority to create this exception.\295\
---------------------------------------------------------------------------

    \295\ Waterkeeper All. v. EPA, 853 F.3d 527, 530 (D.C. Cir. 
2017) (quoting Pub. Citizen v. FTC, 869 F.2d 1541, 1556 (D.C. Cir. 
1989)); see Alabama Power Co. v. Costle, 636 F.2d 323, 360-61 (D.C. 
Cir. 1979).
---------------------------------------------------------------------------

2. The Meaning of ``Information Requested Pursuant to Subsection (b)''
    Four different provisions of section 1071 refer to or rely on 
``information requested pursuant to subsection (b)'' or similar 
language. First, ECOA section 704B(b)(2) provides that financial 
institutions must ``maintain a record of the responses to such 
inquiry'' and keep those records separate from the application and 
information that accompanies it. Second, 704B(c) states that applicants 
for credit ``may refuse to provide any information requested pursuant 
to subsection (b).'' Third, 704B(d) requires financial institutions to 
limit the access of certain employees to ``information provided by the 
applicant pursuant to a request under subsection (b),'' with certain 
exceptions. Fourth, 704B(e) instructs financial institutions that 
``information provided by any loan applicant pursuant to a request 
under subsection (b) . . . shall be itemized in order to clearly and 
conspicuously disclose'' data including the loan type and purpose, 
amount of credit applied for and approved, and gross annual revenue.
    In light of these four disparate provisions, the Bureau believes 
that section 1071 is ambiguous with respect to the meaning of ``any 
information provided by the applicant pursuant to a request under 
subsection (b).'' \296\ On the one hand, ECOA section 704B(b)(1) 
directs financial institutions to inquire whether a business is ``a 
women-owned, minority-owned, or small business,'' so the phrase could 
be interpreted as referring only to those three data points. Section 
704B(e), however, indicates that the scope of 704B(b) could be much 
broader; it suggests that all of the information that financial 
institutions are required to compile and maintain--not simply an 
applicant's status as a women-owned, minority-owned, or small 
business--constitutes information provided by an applicant ``pursuant 
to a request under subsection (b).'' But as noted above, information 
deemed provided pursuant to subsection (b) is subject to the notable 
protections of separate recordkeeping under 704B(b)(2), a right to 
refuse under 704B(c), and the firewall under 704B(d). Applying these 
special protections to many of the data points in 704B(e), such as 
gross annual revenue or amount applied for, would be extremely 
difficult to implement, because this information is critical to 
financial institutions' ordinary operations in making credit decisions. 
Additionally, 704B(e) describes as ``provided by any loan applicant'' 
under 704B(b) data points that plainly must come from the financial 
institution itself, such as application number and action taken, 
further suggesting that Congress viewed this term as encompassing more 
information than lies within the four corners of 704B(b)(1). Finally, 
as noted above, the circular structure of 704B(b) complicates the 
question of what constitutes information provided ``pursuant to a 
request under subsection (b).'' Read together, the introductory 
language in 704B(b) and (b)(1) direct financial institutions, ``in the 
case of'' a credit application ``for [1] women-owned, [2] minority-
owned, or [3] small business,'' to ``inquire whether the business is a 
[1] women-owned, [2] minority-owned, or [3] small business.'' The 
Bureau believes that this circularity further demonstrates the 
ambiguity of the phrase ``pursuant to a request under subsection (b).''
---------------------------------------------------------------------------

    \296\ The Bureau does not believe that the minor linguistic 
variations in these four provisions themselves have significance.
---------------------------------------------------------------------------

    The Bureau believes that it is reasonable to resolve these 
ambiguities by giving different meanings to the phrase ``any 
information provided by the applicant pursuant to a request under 
subsection (b)'' (or similar) with respect to ECOA section 704B(e) as 
opposed to 704B(b)(2), (c), and (d).\297\ With respect to 704B(e), the 
Bureau interprets the phrase to refer to all the data points now 
articulated in proposed Sec.  1002.107(a). Section 704B(e) is the 
source of financial institutions' obligation to ``compile and 
maintain'' data that they must then submit to the Bureau, so it would 
be reasonable to interpret this paragraph as referring to the complete 
data collection Congress devised in enacting section 1071.
---------------------------------------------------------------------------

    \297\ While there is a presumption that a phrase appearing in 
multiple parts of a statute has the same meaning in each, ``this is 
no more than a presumption. It can be rebutted by evidence that 
Congress intended the words to be interpreted differently in each 
section, or to leave a gap for the agency to fill.'' Catskill 
Mountains Chapter of Trout Unlimited, Inc. v. EPA, 846 F.3d 492, 532 
(2d Cir. 2017) (citing Env't Def. v. Duke Energy Corp., 549 U.S. 
561, 575 (2007)). Here, the Bureau believes Congress indicated such 
an intention by using the same phrase in the substantially different 
contexts of providing special protections for protected demographic 
information on the one hand and ``itemiz[ing]'' all collected data 
on the other.
---------------------------------------------------------------------------

    But with respect to the three statutory provisions creating special 
protections for certain information--the firewall in ECOA section 
704B(d), separate recordkeeping in 704B(b)(2), and the right to refuse 
in 704B(c)--the Bureau interprets the phrase to refer to the data 
points in Sec.  1002.107(a)(18) (women-owned and minority-owned 
business statuses, along with the new LGBTQI+-owned business status), 
and (a)(19) (ethnicity, race, and sex of principal owners).\298\ Each 
of these data points requests protected demographic information that 
has no bearing on the creditworthiness of the applicant, about which 
existing Sec.  1002.5(b) would generally prohibit the financial 
institution from inquiring absent section 1071's mandate to collect and 
report that information, and with respect to which applicants are 
protected from discrimination. The Bureau accordingly believes that it 
is reasonable to apply section 1071's special-protection provisions 
only to this information, regardless of whether the statutory authority 
to collect it originates in 704B(b)(1) (women-owned and minority-owned 
business statuses), 704B(e)(2)(H) (LGBTQI+-owned business status), or 
704B(e)(2)(G) (ethnicity, race, and sex of principal owners). The 
Bureau similarly believes that it would have been unreasonable for 
Congress to have intended that these special protections would apply to 
any of the other data points now proposed in Sec.  1002.107(a), which 
the financial institution is permitted to request regardless of 
coverage under section 1071 which are not the subject of Federal 
antidiscrimination law, and many of which financial institutions 
currently use for underwriting and other purposes.
---------------------------------------------------------------------------

    \298\ The Bureau's interpretations with respect to a separate 
data point for small business status are discussed in the next 
section.
---------------------------------------------------------------------------

    The Bureau implements these interpretations of ``information 
requested pursuant to subsection (b),'' and any relevant comments 
received, in several different section-by-section analyses. With 
respect to ECOA section 704B(e), the Bureau discusses its 
interpretation of the phrase in the section-by-section analysis of 
Sec.  1002.107(a). The Bureau's interpretation of 704B(d)'s firewall 
requirement is addressed at greater length in the section-by-section 
analysis of Sec.  1002.108, and the Bureau's interpretation of the 
separate recordkeeping requirement in 704B(b)(2) is addressed in the 
section-

[[Page 35190]]

by-section analysis of Sec.  1002.111(b). The right to refuse in 
704B(c) is discussed in the section-by-section analyses of the data 
points that the Bureau deems subject to the right to refuse: Sec.  
1002.107(a)(18) (women-owned, minority-owned, and LGBTQI+-owned 
business statuses) and (19) (ethnicity, race, and sex of principal 
owners).
3. No Collection of Small Business Status as a Data Point
    The Bureau notes that neither of its interpretations of 
``information requested pursuant to subsection (b)'' reference a 
specific data point for an applicant's status as a small business, nor 
did the Bureau otherwise include in proposed Sec.  1002.107(a) that 
financial institutions collect, maintain, or submit a data point whose 
sole function is to state whether the applicant is or is not a small 
business.
    The Bureau's definition of small business in final Sec.  1002.106, 
which is based on an applicant's gross annual revenue, renders 
redundant any requirement that financial institutions collect a 
standalone data point whose sole purpose is to state whether an 
applicant is a small business. Indeed, under the definition of small 
business, when a financial institution asks an applicant its gross 
annual revenue, that question is functionally identical to asking, 
``are you a small business?'' The Bureau believes that it is a 
reasonable interpretation of ECOA section 704B(b)'s query as to small 
business status for that question to take the form of, ``what is your 
gross annual revenue?'' \299\ Furthermore, as discussed above with 
respect to the Bureau's approach to non-small women- and minority-owned 
businesses, the Bureau interprets financial institutions' data 
collection obligations as attaching only in the case of applications 
from small businesses; if a financial institution determines that an 
applicant is not a small business, none of the obligations under this 
rule would apply. As such, a standalone data point that serves only to 
designate whether a business qualifies as small for purposes of the 
rule would be redundant with the mere fact that the data collection 
occurs at all, as well as with the collection of gross annual revenue.
---------------------------------------------------------------------------

    \299\ The financial institution could ask, in order to make an 
initial determination as to whether the rule applies, whether the 
applicant's gross annual revenue in its last full fiscal year was $5 
million or less. If it was, the financial institution would need to 
request the specific revenue amount to comply with final Sec.  
1002.107(a)(14), along with the other applicant-provided data points 
specified in final Sec.  1002.107(a).
---------------------------------------------------------------------------

    The Bureau sought comment on whether a standalone data point solely 
dedicated to small business status might nonetheless be useful and, if 
so, how it might be implemented. The Bureau received no comments on 
this issue.
    The Bureau acknowledges that the plain language of ECOA section 
704B(b) could be read to require financial institutions to ask 
applicants subject to the data collection the precise question, ``are 
you a small business?'' Upon further analysis, however, the Bureau 
believes that Congress's intended treatment of small business status as 
a standalone data point is ambiguous. As described in more detail above 
with respect to the rulemaking's coverage of women- and minority-owned 
businesses that are not small, 704B(b)'s introductory language and 
704B(b)(1) appear to require financial institutions to know the answer 
to whether an applicant is women-owned, minority-owned, or small before 
they make their inquiry; to resolve this ambiguity, the Bureau 
interprets 704B(b)'s introductory language and 704B(b)(1) to require 
that financial institutions first straightforwardly assess whether an 
applicant is a small business before proceeding to inquire into the 
applicant's protected demographic information that would otherwise be 
prohibited by existing Sec.  1002.5(b).
    Pursuant to its authority under ECOA section 704B(g)(1) to 
prescribe such rules as may be necessary to carry out, enforce, and 
compile data pursuant to section 1071, the Bureau interprets 704B(b) 
and (b)(1) to obviate the need for financial institutions to collect a 
standalone data point whose sole purpose is to note an applicant's 
small business status. For the same reasons, the Bureau believes that 
not requiring the collection of a separate data point on small business 
status would be necessary or appropriate to carry out the purposes of 
section 1071; therefore, in the alternative, the Bureau is exercising 
its exception authority in 704B(g)(2) to effectuate this outcome. 
Finally, because the Bureau believes that the collection of a 
standalone data point on small business status would ``yield a gain of 
trivial or no value,'' in the alternative, the Bureau exercises its 
implied de minimis authority to create this exception.\300\
---------------------------------------------------------------------------

    \300\ Waterkeeper All., 853 F.3d at 530 (quoting Pub. Citizen, 
869 F.2d at 1556); see Alabama Power, 636 F.2d at 360-61.
---------------------------------------------------------------------------

F. Conforming Amendments to Existing Regulation B

    As discussed above, the Bureau is implementing section 1071 in a 
new subpart B of Regulation B. The content of existing Regulation B is 
becoming subpart A of Regulation B. This change does not affect the 
current section numbering in Regulation B. The Bureau believes it is 
appropriate to make this rule a part of Regulation B, as section 1071 
is a part of ECOA.
    The Bureau sought comment on whether it should instead codify its 
rule to implement section 1071 as a free-standing regulation with its 
own CFR part and, if so, why. A bank commenter supported the location 
of this rule within a new subpart B to Regulation B, noting that 
lenders often overlook that Regulation B applies to business as well as 
consumer credit. The commenter also noted that the intent of section 
1071, to provide all credit applicants fair and equitable treatment and 
credit, makes Regulation B the natural place for this rule, rather than 
a free-standing regulation, which would generate unnecessary confusion.
    As noted above and as discussed in more detail below, the Bureau is 
amending existing Sec.  1002.5(a)(4) and commentary for existing Sec.  
1002.5(a)(2) and (4) to expressly permit under certain circumstances 
voluntary collection of minority-owned, women-owned, and LGBTQI+-owned 
business status, and the ethnicity, race, and sex of applicants' 
principal owners in accordance with the requirements of subpart B.
    In addition, the Bureau is revising certain references to the 
entire regulation (which use the terms ``regulation'' or ``part'') in 
existing Regulation B to instead refer specifically to subpart A. The 
Bureau is likewise adding additional specificity in certain provisions 
in existing Regulation B to avoid confusion. The Bureau does not intend 
to make any substantive changes with these revisions, but rather 
intends to maintain the status quo. The Bureau is making the following 
changes:
    In Sec.  1002.1(a), regarding authority and scope, the Bureau is 
changing two references to ``part'' to instead refer to ``subpart,'' 
regarding the application of what is now subpart A to creditors.
    In Sec.  1002.2, regarding definitions, the introductory text 
states that definitions contained therein apply to Regulation B, unless 
the context indicates otherwise. The Bureau is adding ``or as otherwise 
defined in subpart B'' for clarity.
    In Sec.  1002.12(b)(1) introductory text, (b)(2) introductory text, 
(b)(3) through (5) and (7), regarding record retention, the Bureau is 
adding ``or as otherwise provided in subpart B'' to indicate that 
subpart B may provide different record retention requirements than what 
is set forth in those paragraphs for business credit. The Bureau is 
also changing a reference to ``this rule'' in comment

[[Page 35191]]

12(b)(7)-1 to instead refer to existing Sec.  1002.12(b)(7) regarding 
retention of prescreened credit solicitations, to avoid confusion with 
subpart B's treatment of solicitations.
    Finally, Sec.  1002.13 addresses information for monitoring 
purposes for credit secured by an applicant's dwelling. The Bureau is 
revising comment 13(b)-5, which addresses applications made through 
unaffiliated loan shopping services, to refer to subpart A of 
Regulation B instead of the entirety of Regulation B, for clarity. The 
existing comment also refers to applications received by creditors 
subject to HMDA and associated data collection requirements; the Bureau 
is also adding to the end of the comment an additional sentence noting 
that creditors that are covered financial institutions under subpart B 
of this regulation may also be required to collect, report, and 
maintain certain data, as set forth in subpart B of Regulation B.

Subpart A--General

Section 1002.5 Rules Concerning Requests for Information

5(a) General Rules
5(a)(4) Other Permissible Collection of Information
Background
    ECOA prohibits creditors from discriminating against applicants, 
with respect to any aspect of a credit transaction, on the basis of--
among other characteristics--race, color, religion, national origin, 
sex, marital status, or age.\301\ It also states that making an inquiry 
under 15 U.S.C. 1691c-2 (that is, section 1071), in accordance with the 
requirements of that section, shall not constitute discrimination for 
purposes of ECOA.\302\ Regulation B, in existing Sec.  1002.5(b), 
generally prohibits a creditor from inquiring about certain protected 
demographic information in connection with a credit transaction. 
Existing Sec.  1002.5(a)(2), however, expressly permits collection of 
such otherwise prohibited information if required by a regulation, 
order, or agreement to monitor or enforce compliance with Regulation B, 
ECOA, or other Federal or State law or regulation.
---------------------------------------------------------------------------

    \301\ 15 U.S.C. 1691(a).
    \302\ 15 U.S.C. 1691(b)(5).
---------------------------------------------------------------------------

    In 2017, the Bureau amended Regulation B, adding Sec.  1002.5(a)(4) 
to expressly permit creditors to collect ethnicity, race, and sex from 
mortgage applicants in certain cases where the creditor is not required 
to report under HMDA and Regulation C.\303\ For example, existing Sec.  
1002.5(a)(4) expressly permits the collection of ethnicity, race, and 
sex information for certain transactions for which Regulation C permits 
optional reporting. However, nothing in existing Regulation B (or in 
ECOA) expressly permits collection and reporting of protected 
demographic data for financial institutions that are not required to 
report certain data under section 1071.
---------------------------------------------------------------------------

    \303\ Equal Credit Opportunity Act (Regulation B) Ethnicity and 
Race Information Collection, 82 FR 45680, 45684 (Oct. 2, 2017).
---------------------------------------------------------------------------

    During the SBREFA process, some small entity representatives, 
primarily small CDFIs and mission-oriented community banks, stated that 
they would be inclined to collect and report small business lending 
data to the Bureau even if not required to do so, such as if they fell 
under loan-volume thresholds. These small entity representatives 
expressed an intent to report data even if not required to out of a 
belief in the importance and utility of these data.
Proposed Rule
    The Bureau proposed to amend existing Sec.  1002.5(a)(4) to add 
three provisions (in proposed Sec.  1002.5(a)(4)(vii), (viii), and 
(ix)) that would permit certain creditors that are not covered 
financial institutions under the rule to collect small business 
applicants' protected demographic information under certain 
circumstances. The Bureau also proposed to add comment 5(a)(2)-4 and to 
revise existing comment 5(a)(4)-1 to provide guidance on these proposed 
exemptions.
    Proposed Sec.  1002.5(a)(4)(vii) would have permitted a previously 
covered financial institution to collect demographic information 
pursuant to subpart B for covered applications for up to five years 
after it fell below the loan-volume threshold of proposed Sec.  
1002.105(b), provided that it does so in accordance with the relevant 
requirements of proposed subpart B.
    Proposed Sec.  1002.5(a)(4)(viii) would have provided that a 
creditor in its first year of exceeding the covered financial 
institution loan-threshold in Sec.  1002.105(b) may, in the second year 
collect demographic information pursuant to subpart B for covered 
applications, provided that it does so in accordance with the relevant 
requirements of proposed subpart B.
    Proposed Sec.  1002.5(a)(4)(ix) would have permitted a financial 
institution not covered by the rule that wishes to voluntarily report 
small business lending data to collect applicants' protected 
demographic information without violating Regulation B. Unlike 
creditors subject to proposed Sec.  1002.5(a)(4)(vii) or (viii), a 
creditor seeking to voluntarily collect applicant's protected 
demographic information under proposed Sec.  1002.5(a)(4)(ix) would 
also be required to report it to the Bureau.
    Existing comment 5(a)(4)-1 addresses recordkeeping requirements for 
ethnicity, race, and sex information that is voluntarily collected for 
HMDA under the existing provisions of Sec.  1002.5(a)(4). The Bureau 
proposed revising this comment by adding to it a parallel reference to 
proposed subpart B, along with a statement that the information 
collected pursuant to proposed subpart B must be retained pursuant to 
the requirements set forth in proposed Sec.  1002.111.
    Proposed comment 5(a)(2)-4 would have explained that proposed 
subpart B of Regulation B generally requires creditors that are covered 
financial institutions as defined in proposed Sec.  1002.105(a) to 
collect and report information about the ethnicity, race, and sex of 
the principal owners of applicants for certain small business credit, 
as well as whether the applicant is a minority-owned business or a 
women-owned business as defined in proposed Sec.  1002.102(m) and (s), 
respectively. The Bureau proposed this comment for parity with existing 
comment 5(a)(2)-2, which addresses the requirement to collect and 
report information about the ethnicity, race, and sex of applicants 
under HMDA. Existing comment 5(a)(2)-3 explains that persons such as 
loan brokers and correspondents do not violate ECOA or Regulation B if 
they collect information that they are otherwise prohibited from 
collecting, where the purpose of collecting the information is to 
provide it to a creditor that is subject to HMDA or another Federal or 
State statute or regulation requiring data collection.
    The Bureau sought comment on its three proposed provisions to be 
added to existing Sec.  1002.5(a)(4), and associated commentary, 
including whether there were other specific situations to add to the 
list of provisions in Sec.  1002.5(a)(4) to permit the collection of 
applicants' protected demographic information pursuant to section 1071, 
and whether any similar modifications to other provisions were 
necessary. In particular, the Bureau sought comment on whether it 
should add another provision to Sec.  1002.5(a)(4) relating to proposed 
Sec.  1002.114(c)(1), wherein the Bureau proposed to permit financial 
institutions to collect, but would not require them

[[Page 35192]]

to report, applicants' protected demographic information prior to the 
compliance date.
Comments Received
    The Bureau received comments on this provision from several 
industry commenters, a business advocacy group, and a community group. 
The community group supported the reasoning and approach of the 
proposed provisions. The commenter inquired whether the provisions 
would allow for voluntary reporting of only the protected demographic 
data, or all data points, noting that if the Bureau intended only to 
permit voluntary data collection of demographic information that it 
would not make sense to permit publication of these data points, and 
that the usefulness of such incomplete data would be limited. A 
business advocacy group applauded the Bureau for the proposed 
provisions and recommended that the Bureau add incentives for voluntary 
disclosure of data for those financial institutions, but asked that the 
incentives not distort the purposes of the regulation by encouraging 
lenders to report inaccurate or untrue data to reap the benefits of the 
incentive to report.
    A community group commented that the Bureau should permit voluntary 
collection not only by financial institutions not covered by the rule, 
but also should permit covered financial institutions to collect data 
on consumer credit used to fund small businesses.\304\
---------------------------------------------------------------------------

    \304\ The Bureau addresses comments regarding the reporting of 
non-covered products in the section-by-section analysis of Sec.  
1002.104(b), under the heading Voluntary Reporting. While the final 
rule does not permit the voluntary reporting of non-covered 
products, the Bureau has implemented a safe harbor in Sec.  
1002.112(c)(4) for financial institutions that collect data on 
applications for products that turn out not to be covered credit 
transactions.
---------------------------------------------------------------------------

    Two agricultural lenders requested that the Bureau exempt Farm 
Credit System (FCS) lenders entirely from coverage under the rule while 
also adding a provision to the proposed voluntary reporting provisions 
stating that FCS lenders may submit a supplemental voluntary collection 
of data that is not otherwise already being provided to the public.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing 
amendments to existing Sec.  1002.5(a)(4) introductory text and three 
provisions (in final Sec.  1002.5(a)(4)(vii), (viii), and (ix)) that 
permit certain creditors that are not covered financial institutions 
under the rule to collect small business applicants' protected 
demographic information under certain circumstances. The Bureau is also 
adopting new Sec.  1002.5(a)(4)(x) to similarly address information 
collected about multiple co-applicants. The Bureau is finalizing 
comment 5(a)(2)-4 along with its revision to existing comment 5(a)(4)-1 
providing guidance on these new exemptions. The Bureau is additionally 
revising existing comment 5(a)(2)-3, as discussed below. These 
provisions contain updated cross-references to other sections in the 
final regulatory text and commentary, as well as addition of LGBTQI+-
owned business status to accompany references to women- and minority-
owned business statuses.
    Final Sec.  1002.5(a)(4)(vii) provides that a creditor that was 
required to report small business lending data pursuant to final Sec.  
1002.109 for any of the preceding five calendar years but is not 
currently a covered financial institution under final Sec.  1002.105(b) 
may collect protected demographic information pursuant to subpart B for 
covered applications from small businesses as defined in final 
Sec. Sec.  1002.103 and 1002.106(b) if it complies with the 
requirements of subpart B as otherwise required for covered financial 
institutions pursuant to final Sec. Sec.  1002.107(a)(18) and (19), 
1002.108, 1002.111, and 1002.112 for those applications. Final Sec.  
1002.5(a)(4)(vii) also states that such a creditor is permitted, but 
not required, to report data to the Bureau collected pursuant to 
subpart B if it complies with the requirements of subpart B as 
otherwise required for covered financial institutions pursuant to 
Sec. Sec.  1002.109 and 1002.110.
    The Bureau anticipates that some creditors that are no longer 
covered financial institutions and thus no longer required to report 
data in a given reporting year may prefer to continue to collect 
applicants' protected demographic information in the event they become 
a covered financial institution again, in order to maintain consistent 
compliance standards from year to year. As it did in a similar context 
for HMDA reporting, the Bureau believes that permitting such collection 
for five years provides an appropriate time frame under which a 
financial institution should be permitted to continue collecting the 
information without having to change its compliance processes. The 
Bureau believes that a five-year period is sufficient to help an 
institution discern whether it is likely to have to report small 
business lending data in the near future but not so long as to permit 
it to collect such information in a period too attenuated from previous 
reporting.
    Final Sec.  1002.5(a)(4)(viii) provides a creditor that exceeded 
the loan-volume threshold in the first year of the two-year threshold 
period provided in final Sec.  1002.105(b) may, in the second year, 
collect protected demographic information pursuant to subpart B for 
covered applications from small businesses as defined in final 
Sec. Sec.  1002.103 and 1002.106(b) if it complies with the 
requirements of subpart B as otherwise required for covered financial 
institutions pursuant to final Sec. Sec.  1002.107(a)(18) and (19), 
1002.108, 1002.111, and 1002.112 for that application. Final Sec.  
1002.5(a)(4)(viii) also states that such a creditor is permitted, but 
not required, to report data to the Bureau collected pursuant to 
subpart B if it complies with the requirements of subpart B as 
otherwise required for covered financial institutions pursuant to 
Sec. Sec.  1002.109 and 1002.110. The Bureau believes that this 
provision will benefit creditors when the creditor has not previously 
reported small business lending data but expects to be covered in the 
following year and wishes to prepare for that future reporting 
obligation. For example, where a creditor surpasses the loan-volume 
threshold of final Sec.  1002.105(b) for the first time in a given 
calendar year, it may wish to begin collecting applicants' protected 
demographic information for covered applications received in the next 
calendar year (second calendar year) so as to ensure its compliance 
systems are fully functional before it is required to collect and 
report information pursuant to subpart B in the following calendar year 
(third calendar year).
    Final Sec.  1002.5(a)(4)(ix) provides that a creditor that is not 
currently a covered financial institution under final Sec.  
1002.105(b), and is not otherwise a creditor to which final Sec.  
1002.5(a)(4)(vii) or (viii) applies, may collect protected demographic 
information pursuant to subpart B for covered applications from small 
businesses as defined in final Sec. Sec.  1002.103 and 1002.106(b) for 
a transaction if it complies with the requirements of subpart B as 
otherwise required for covered financial institutions pursuant to final 
Sec. Sec.  1002.107 through 1002.112 for that application. Voluntarily 
reported data pursuant to final Sec.  1002.5(a)(4)(ix) may add some 
information that otherwise would not be collected and reported, and 
which would further both the statutory purposes of section 1071 without 
requiring reporting from very low-volume financial institutions that 
may find it difficult or costly to report data.
    The Bureau is finalizing Sec.  1002.5(a)(4)(ix) in response to 
feedback from some small entity

[[Page 35193]]

representatives and other stakeholders at SBREFA, as well as several 
NPRM commenters, that indicated lenders might want to collect and 
report small business lending data even if they were not required to do 
so.
    New Sec.  1002.5(a)(4)(x) provides that a creditor that is 
collecting information pursuant to subpart B or as described in 
Sec. Sec.  1002.5(a)(4)(vii) through (ix) for covered applications from 
small businesses as defined in Sec. Sec.  1002.103 and 1002.106(b) 
regarding whether an applicant for a covered credit transaction is a 
minority-owned business, a women-owned business, or an LGBTQI+-owned 
business, and the ethnicity, race, and sex of the applicant's principal 
owners may also collect that same information for any co-applicants 
provided that it also complies with the relevant requirements of 
subpart B of this part or as described in paragraphs (a)(4)(vii) 
through (ix) of this section with respect to those co-applicants.
    The Bureau is adding Sec.  1002.5(a)(4)(x) to permit creditors to 
collect information pursuant to subpart B regarding co-applicants for a 
covered application for a small business. Existing Sec.  1002.5(a)(4) 
does not explicitly address whether creditors have permission to 
collect demographic information for co-applicants for a covered 
application for a small business, and the Bureau implements new Sec.  
1002.5(a)(4)(x) to remove any doubt that creditors that are permitted 
to collection information pursuant to subpart B on an applicant for 
covered applications for a small business pursuant to Sec. Sec.  
1002.5(a)(4)(vii) through (ix) is also permitted to collect such 
information for co-applicants as well, even if the financial 
institution will only report information regarding a single designated 
applicant per new comment 103(a)-10. As described below, final comment 
103(a)-10 provides that if a covered financial institution receives a 
covered application from multiple businesses that are not affiliates, 
it shall compile, maintain, and report data for only a single applicant 
that is a small business. The Bureau believes that it may be easier and 
more efficient for financial institutions to request the same 
information of all co-applicants--new Sec.  1002.5(a)(4)(x) will enable 
financial institutions to collect small business lending data from 
unreported co-applicants without violating ECOA and Regulation B's 
general prohibition against collecting protected demographic 
information.
    The Bureau believes that it is an appropriate use of its statutory 
authority under sections 703(a) and 704B(g)(1) of ECOA to permit 
creditors to collect, and for Sec.  1002.5(a)(4)(ix) report, protected 
demographic information in the manner set out in Sec.  
1002.5(a)(4)(vii) through (x). These provisions will effectuate the 
purposes of and facilitate compliance with ECOA and is necessary to 
carry out, enforce, and compile data pursuant to section 1071. Section 
1002.5(a)(4)(vii) will permit creditors to collect information without 
interruption from year to year, thereby facilitating compliance with 
the rule's data collection requirements and improving the quality and 
reliability of the data collected. Section 1002.5(a)(4)(viii) improves 
the quality and reliability of the data collected by financial 
institutions that may be transitioning into being required to collect 
and report 1071 data, and will provide a creditor assurance of 
compliance with existing Sec.  1002.5 regardless of whether it actually 
becomes subject to subpart B reporting at the end of the two-year 
threshold period. Section 1002.5(a)(4)(ix) will potentially increase 
the collection of additional information and amount of data available 
for analysis, thereby advancing the purposes of section 1071. Finally, 
Sec.  1002.5(a)(4)(x) will permit collection of demographic information 
for co-applicants, thereby reducing operational complexity to allow 
creditors to focus on data quality and reliability. The Bureau also 
believes that these provisions are narrowly tailored and preserves and 
respects the general limitations in existing Sec.  1002.5(b) through 
(d).
    The Bureau is also revising existing comment 5(a)(2)-3, which 
explains that persons such as loan brokers and correspondents do not 
violate ECOA or Regulation B if they collect information that they are 
otherwise prohibited from collecting, where the purpose of collecting 
the information is to provide it to a creditor that is subject to HMDA 
or another Federal or State statute or regulation requiring data 
collection. The Bureau stated its belief in the NPRM that the reference 
to ``another Federal statute or regulation'' adequately encompassed 
section 1071 and subpart B, and thus did not propose to amend this 
existing comment. However, upon further reflection, the Bureau has 
determined to revise the provision specifically to reference subpart B 
for the sake of further clarity and the avoidance of doubt that loan 
brokers and other persons collecting applicants' protected demographic 
information on behalf of covered financial institutions pursuant to 
this final rule are not violating ECOA or Regulation B by doing so. The 
Bureau believes that it is an appropriate use of its general authority 
under ECOA sections 703(a) and 704B(g)(1) to permit such persons to 
collect protected demographic information on behalf of covered 
financial institutions, as such collection will effectuate the purposes 
of and facilitate compliance with ECOA and is necessary to carry out, 
enforce, and compile data pursuant to section 1071.
    The Bureau is finalizing comment 5(a)(2)-4, which defines the 
phrase ``information required by subpart B,'' with revisions to add 
cross-references to LGBTQI+-owned businesses, as defined in Sec.  
1002.102(l). Final comment 5(a)(2)-4 addresses the requirement under 
this final rule that creditors that are covered financial institutions 
as defined in Sec.  1002.105(a) collect and report information about 
the ethnicity, race, and sex of the principal owners of applicants for 
certain small business credit, as well as whether the applicant is a 
minority-owned business, a women-owned business, or an LGBTQI+-owned 
business, as defined in Sec.  1002.102(m), (s), and (l), respectively. 
The Bureau is finalizing this comment for parity with existing comment 
5(a)(2)-2, which addresses the requirement to collect and report 
information about the ethnicity, race, and sex of applicants under 
HMDA. The Bureau believes that it is an appropriate use of its general 
authority under ECOA sections 703(a) and 704B(g)(1) to specify the 
meaning of ``information required by subpart B,'' by adding comment 
5(a)(2)-4 and that the clarity and certainty this provision adds will 
effectuate the purposes of and facilitates compliance with ECOA and is 
necessary to carry out, enforce, and compile data pursuant to section 
1071.
    Finally, the Bureau is finalizing its revisions to existing comment 
5(a)(4)-1 as proposed. The existing comment establishes recordkeeping 
requirements for ethnicity, race, and sex information that is 
voluntarily collected for HMDA under the existing provisions of Sec.  
1002.5(a)(4). The revisions to comment 5(a)(4)-1 likewise provide that 
protected demographic information that is not required to be collected 
pursuant to subpart B may nevertheless be collected under the 
circumstances set forth in Sec.  1002.5(a)(4) without violating 
existing Sec.  1002.5(b), and that the information collected pursuant 
to this final rule must be retained pursuant to the requirements set 
forth in final Sec.  1002.111. The Bureau is revising this comment to 
provide for parity between this final rule and existing references to 
voluntary collection of data pursuant to HMDA. The Bureau believes that 
these

[[Page 35194]]

revisions are an appropriate use of its general authority under ECOA 
sections 703(a) and 704B(g)(1) as these revisions provide clarity and 
certainty to financial institutions in their voluntary collection of 
applicants' protected demographic information. Such clarity and 
certainty effectuate the purposes of and facilitates compliance with 
ECOA and these revisions are necessary to carry out, enforce, and 
compile data pursuant to section 1071.
    Regarding a commenter's request to clarify whether these amendments 
permit voluntary reporting only as to data points concerning protected 
demographic data, the Bureau observes that nothing prohibits creditors 
from collecting any of the information set forth in final Sec.  
1002.107, other than the protected demographic information in Sec.  
1002.107(a)(18) and (19). Creditors that choose to collect protected 
demographic information pursuant to final Sec.  1002.5(a)(4)(ix) must 
comply with Sec.  1002.109 (along with other specified provisions), 
which means that they must collect and report all the required data 
specified in final Sec.  1002.107.
    The Bureau is not adding incentives for voluntary disclosure of 
data for creditors that are not covered financial institutions, as 
suggested by one commenter. It appears, based on SBREFA and NPRM 
comments, that some creditors already have an incentive to collect and 
report small business lending data pursuant to section 1071 even if 
they are not covered financial institutions under the rule; it is 
unclear what additional incentives the Bureau could offer to encourage 
other creditors to do the same. Regarding ensuring that reported data 
are not distorted, however, the Bureau notes that voluntary reporters 
must identify themselves as such pursuant to final Sec.  
1002.109(b)(10) and, a creditor voluntarily collecting and reporting 
data pursuant to final Sec.  1002.5(a)(4)(ix) must do so in compliance 
with Sec. Sec.  1002.107 through 1002.112 and 1002.114.
    Regarding the comment that the visual observation and surname 
requirement would cause certain covered institutions to violate the 
prohibition in 12 CFR 202.5(b) from inquiring about the race, color, 
religion, national origin, or sex of an applicant or any other person 
in connection with a credit transaction, the Bureau notes that the 
concern is moot because the Bureau is not finalizing its proposed 
provisions for collecting principal owners' ethnicity and race via 
visual observation or surname in certain circumstances. (See the 
section-by-section analysis of Sec.  1002.107(a)(19) for a detailed 
discussion of this change.) In any case, a creditor is permitted to 
make such inquiries under existing Sec.  1002.5(a)(2), given that the 
provision permits the collection of demographic information when 
required to do so by another law or regulation (which includes this 
rule).
    The Bureau addresses potential voluntary collection and reporting 
of data regarding non-covered products, including consumer-designated 
credit used for small business purposes, in the section-by-section 
analysis of Sec.  1002.104(b) below. Based on its determination not to 
permit voluntary collection of data for such non-covered products, the 
Bureau is not adding an additional provision to Sec.  1002.5(a)(4) to 
address such collection.
    As discussed in the section-by-section analyses of Sec. Sec.  
1002.104(a) and 1002.105(b), the Bureau is not excluding agricultural 
lending or FCS lenders from coverage under this final rule. The 
commenter's request to permit supplemental voluntary collection and 
reporting of data by exempt FCS lenders if such data are not otherwise 
already being provided to the public is thus moot. Of course, any FCS 
lenders that are not covered financial institutions could nonetheless 
voluntarily collect and report data pursuant to final Sec.  
1002.5(a)(4)(ix).

Subpart B--Small Business Lending Data Collection

Section 1002.101 Authority, Purpose, and Scope

    Proposed Sec.  1002.101 would have set forth the authority, 
purpose, and scope for proposed subpart B. The Bureau sought comment on 
its proposed approach to this section, including whether any other 
information on the rule's authority, purpose, or scope should be 
addressed herein.
    The Bureau did not receive any comments specifically regarding its 
recitation of the authority, purpose, and scope of subpart B. Comments 
addressing the authority, purpose, and scope of section 1071 and this 
final rule as a general matter are addressed in D.1 in the Overview to 
this part V above.
    The Bureau is finalizing Sec.  1002.101 as proposed. Final Sec.  
1002.101(a) provides that subpart B is issued by the Bureau pursuant to 
section 704B of ECOA (15 U.S.C. 1691c-2), and states that, except as 
otherwise provided therein, subpart B applies to covered financial 
institutions, as defined in Sec.  1002.105(b), other than a person 
excluded from coverage of this part by section 1029 of the Dodd-Frank 
Act. Final Sec.  1002.101(b) sets out section 1071's two statutory 
purposes of facilitating fair lending enforcement and enabling the 
identification of business and community development needs and 
opportunities for women-owned, minority-owned, and small businesses.

Section 1002.102 Definitions

    The Bureau is finalizing a number of definitions for terms used in 
subpart B, in Sec.  1002.102.\305\ These definitions generally fall 
into several categories. First, some definitions in final Sec.  
1002.102 refer to terms defined elsewhere in subpart B--specifically, 
the terms business, covered application, covered credit transaction, 
covered financial institution, financial institution, and small 
business are defined in final Sec. Sec.  1002.106(a), 1002.103, 
1002.104, 1002.105(b), 1002.105(a), and 1002.106(b), respectively. 
These terms are of particular importance in subpart B, and the Bureau 
is defining them in separate sections, rather than in Sec.  1002.102, 
for ease of reading.
---------------------------------------------------------------------------

    \305\ The Bureau notes that there are certain terms defined in 
subpart B outside of final Sec.  1002.102. This occurs where a 
definition is relevant only to a particular section. For example, 
the firewall provisions in final Sec.  1002.108 use the phrases 
``involved in making any determination concerning a covered 
application'' and ``should have access.'' Those phrases are defined 
in Sec.  1002.108(a). Such definitions are discussed in detail in 
the section-by-section analyses of the provisions in which they 
appear.
---------------------------------------------------------------------------

    Second, some terms in final Sec.  1002.102 are defined by cross-
referencing the definitions of terms defined in existing Regulation B--
specifically, business credit, credit, and State are defined by 
reference to existing Sec.  1002.2(g), (j), and (aa), respectively. 
Similarly, a portion of the small business and affiliate definitions 
refer to the SBA's regulation at 13 CFR 121.103. These terms are each 
used in subpart B, and the Bureau believes it is appropriate to 
incorporate them into the subpart B definitions in this manner.
    Finally, the remaining terms are defined directly in final Sec.  
1002.102. These include applicant, closed-end credit transaction, 
LGBTQI+ individual, LGBTQI+-owned business, minority-owned business, 
open-end credit transaction, principal owner, small business lending 
application register, and women-owned business, as well as a portion of 
the definition of affiliate. Some of these definitions draw on 
definitions in existing Regulation B or elsewhere in Federal laws or 
regulations.
    The Bureau believes that basing this rule's definitions on 
previously defined terms (whether in Regulation B or regulations 
promulgated by another agency), to the extent possible, will

[[Page 35195]]

minimize regulatory uncertainty and facilitate compliance, particularly 
where the other regulations are likely to apply to the same 
transactions. As discussed further below, in certain instances, the 
Bureau is deviating from the existing definitions for purposes of this 
rule.
    These definitions are each discussed in detail below. The Bureau is 
finalizing these definitions pursuant to its authority under ECOA 
section 704B(g)(1) to prescribe such rules and issue such guidance as 
may be necessary to carry out, enforce, and compile data pursuant to 
section 1071. In addition, the Bureau is finalizing certain of these 
definitions to implement particular definitions in section 1071 
including the statutory definitions set out in 704B(h). Any other 
authorities that the Bureau is relying on to finalize certain 
definitions are discussed in the section-by-section analyses of those 
specific definitions.
102(a) Affiliate
Proposed Rule
    The Bureau proposed Sec.  1002.102(a) to define ``affiliate'' based 
on whether the term is used to refer to a financial institution or to 
an applicant.
    Proposed Sec.  1002.102(a) would have defined ``affiliate'' with 
respect to a financial institution as any company that controls, is 
controlled by, or is under common control with, another company, as set 
forth in the Bank Holding Company Act of 1956.\306\ Existing Regulation 
B does not define affiliate. This proposed definition would have 
provided a consistent approach with the Bureau's Regulation C, which 
applies the term to financial institutions, as defined in Regulation C, 
for certain reporting obligations.\307\
---------------------------------------------------------------------------

    \306\ 12 U.S.C. 1841 et seq.
    \307\ See Regulation C comment 4(a)(11)-3.
---------------------------------------------------------------------------

    Proposed Sec.  1002.102(a) would have defined ``affiliate'' with 
respect to a business or an applicant as having the same meaning as 
described in 13 CFR 121.103, which is an SBA regulation titled ``How 
does SBA determine affiliation?'' The proposed definition would have 
provided consistency with the Bureau's proposed approach to what 
constitutes a small business for purposes of section 1071 in proposed 
Sec.  1002.106(b). Proposed Sec.  1002.107(a)(14) would have permitted, 
but not required, a financial institution to report the gross annual 
revenue for the applicant in a manner that includes the revenue of 
affiliates as well. In proposed Sec.  1002.107(a)(16), workers for 
affiliates of the applicant would be counted in certain circumstances 
for the number of workers data point.
    The Bureau sought comment on its proposed approach to this 
definition.
Comments Received
    Several industry commenters provided feedback on the Bureau's 
proposed definition of ``affiliate.'' A joint letter from several trade 
associations asked the Bureau to provide clarification on how the 
definition of ``affiliate'' applies in the context of commercial real 
estate lending. Two other commenters objected to the Bureau's proposed 
reference to the SBA definition to determine affiliate of a small 
business because it can be changed by the SBA and the commenters 
recommended that the Bureau simplify the definition.
    The Bureau did not receive comments on the proposed definition of 
``affiliate'' with respect to a financial institution.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.102(a) as proposed. The Bureau believes it is appropriate to 
define ``affiliate'' with respect to financial institutions to be 
consistent with the approach in the Bureau's Regulation C, and received 
no comments suggesting it should do otherwise. The consistency with an 
existing regulatory definition may help provide clarity for financial 
institutions when determining their responsibilities under this final 
rule.
    Regarding commenters' suggestions to simplify the definition of 
``affiliate,'' the Bureau does not believe it would be appropriate to 
deviate from the SBA's definition for determining who is an affiliate 
with respect to a business or an applicant. ECOA section 704B(h)(2) 
defines the term ``small business'' as having the same meaning as 
``small business concern'' in section 3 of the Small Business Act.\308\ 
Consistent with the statute, the Bureau's definitions of business and 
small business in final Sec.  1002.106 refer to definitions in the 
SBA's regulations, of which the SBA's definition of affiliate in 13 CFR 
121.103 is a part. The Bureau believes that defining ``affiliate'' in 
this manner is appropriate and necessary to maintain consistency with 
the SBA's definitions. In addition, the Bureau believes that using a 
commonly known existing regulatory definition will facilitate 
compliance with reporting obligations under this final rule. Finally, 
the Bureau believes the SBA's definition of affiliate is sufficiently 
broad to afford financial institutions flexibility in the small 
business size determination process, as discussed below in the section-
by-section analysis of Sec.  1002.106(b).
---------------------------------------------------------------------------

    \308\ 15 U.S.C. 632.
---------------------------------------------------------------------------

    The Bureau addresses the comment regarding how the definition of 
``affiliate'' applies in the context of commercial real estate lending 
in the section-by-section analysis of Sec.  1002.106(b)(1) below.
102(b) Applicant
    Proposed Sec.  1002.102(b) would have defined ``applicant'' to mean 
any person who requests or who has received an extension of business 
credit from a financial institution. The term ``applicant'' is 
undefined in section 1071. Proposed Sec.  1002.102(b) was based on the 
definition of applicant in existing Regulation B, though for 
consistency with other parts of the proposed rule, it added a 
limitation that the credit be business credit and uses the term 
financial institution instead of creditor. It also omitted the 
references to other persons who are or may become contractually liable 
regarding an extension of credit such as guarantors, sureties, 
endorsers, and similar parties. The Bureau acknowledged that including 
other such persons could exceed the scope of the data collection 
anticipated by section 1071. Including them could also make the data 
collection more difficult as financial institutions might need to 
report data points (such as gross annual revenue, NAICS code, time in 
business, and others) regarding multiple persons in connection with a 
single application. The Bureau believed that collecting such 
information on guarantors, sureties, endorsers, and similar parties 
would likely not support section 1071's business and community 
development purpose.
    The Bureau sought comment on its proposed approach to this 
definition and received one comment in response. The commenter 
requested that the Bureau clarify that loans jointly made to multiple 
borrowers, where one or more of the borrowers may qualify as a small 
business under the rule but are not the primary business(es) seeking 
the funding, are not subject to the reporting requirements.
    For the reasons discussed herein, the Bureau is finalizing Sec.  
1002.102(b) as proposed. The Bureau believes it is appropriate to base 
the definition of applicant for purposes of new subpart B on the 
definition of applicant in existing Regulation B, with the limitation 
that the credit be business credit and using the term financial 
institution instead of creditor. The Bureau likewise believes that it 
is appropriate to limit the definition of applicant in subpart B to 
only those persons who request, or have

[[Page 35196]]

received, an extension of business credit from a financial institution. 
As such, the definition of applicant in final Sec.  1002.102(b) does 
not include other persons who are or may become contractually liable 
regarding an extension of business credit such as guarantors, sureties, 
endorsers, and similar parties. As stated in final comment 102(b)-1, in 
no way are the limitations to the term applicant in Sec.  1002.102(b) 
intended to repeal, abrogate, annul, impair, change, or interfere with 
the scope of the term applicant in existing Sec.  1002.2(e) as 
applicable to existing Regulation B.
    In response to the comment regarding loans jointly made to multiple 
borrowers, the Bureau does not believe that a modification to the 
definition of applicant is necessary. Rather, the Bureau is adding 
comment 103(a)-10 to address data collection and reporting if a covered 
financial institution receives a covered application from co-applicant 
businesses that are not affiliates, as defined in final Sec.  
1002.102(a). Final comment 103(a)-10 provides that if a covered 
financial institution receives a covered application from multiple 
businesses that are not affiliates, as defined by final Sec.  
1002.102(a), it shall compile, maintain, and report data pursuant to 
final Sec. Sec.  1002.107 through 1002.109 for only a single applicant 
that is a small business, as defined in final Sec.  1002.106(b). A 
covered financial institution shall establish consistent procedures for 
designating a single small business for purposes of collecting and 
reporting data under subpart B in situations where there is more than 
one small business co-applicant, such as reporting on the first small 
business listed on an application form. In addition, the Bureau notes 
that--if the applicants are affiliated entities--the rule already 
permits consideration of affiliates' revenues in determining whether a 
business qualifies as small. See the section-by-section analyses of 
Sec. Sec.  1002.106(b) and 1002.107(a)(14) for additional discussion of 
affiliate revenue.
102(c) Business
    Final Sec.  1002.102(c) refers to Sec.  1002.106(a) for a 
definition of the term ``business.'' See the section-by-section 
analysis of Sec.  1002.106(a) for a detailed discussion of that 
definition.
102(d) Business Credit
    Proposed Sec.  1002.102(d) would have referred to existing Sec.  
1002.2(g) for a definition of the term ``business credit.'' The term 
``credit'' is undefined in section 1071. Section 1071 does not use the 
term ``business credit,'' though it does define ``small business loan'' 
as a loan made to a small business. Existing Sec.  1002.2(g) defines 
``business credit'' as ``refer[ring] to extensions of credit primarily 
for business or commercial (including agricultural) purposes, but 
excluding extensions of credit of the types described in Sec.  
1002.3(a)-(d),'' i.e., public utilities credit, securities credit, 
incidental credit, and government credit.
    The Bureau received two comments specific to its proposed 
definition of business credit. These two commenters, both credit union 
trade associations, expressed support for the proposed definition, 
stating that it was familiar to credit unions and encompasses the most 
common business credit products aimed at small business borrowers. The 
Bureau also received numerous comments related to its proposed coverage 
of agricultural credit, parts of which also touched on the proposed 
definition of ``business credit''; these comments are discussed below 
in the section-by-section analysis of Sec.  1002.104(a).
    The Bureau is finalizing Sec.  1002.102(d) as proposed. Final Sec.  
1002.102(d) points to existing Sec.  1002.2(g) in defining the term 
``business credit.'' The Bureau believes it is appropriate to define 
business credit by reference to the existing definition in Regulation 
B, which incorporates by reference the meaning of ``credit,'' as 
defined in existing Sec.  1002.2(j). For clarity and completeness, as 
discussed below, the Bureau is also adopting existing Regulation B's 
definition of credit. The Bureau's final rule uses the term business 
credit principally in defining a covered credit transaction in Sec.  
1002.104(a).
    The Bureau notes that existing Sec.  1002.2(g) excludes public 
utilities credit, securities credit, incidental credit, and government 
credit (that is, extensions of credit made to governments or 
governmental subdivisions, agencies, or instrumentalities--not 
extensions of credit made by governments), as defined in existing Sec.  
1002.3(a) through (d), from certain aspects of existing Regulation 
B.\309\ For the purpose of subpart B, the Bureau is both incorporating 
existing Sec.  1002.2(g)--which already includes partial carveouts for 
public utilities credit, securities credit, and incidental credit--and 
also finalizing complete exclusions for these types of credit from the 
definition of a covered credit transaction in Sec.  1002.104(b). For 
clarity, the Bureau is separately defining these terms in Sec.  
1002.104(b) and explains the rationales for excluding each of them in 
the section-by-section analysis of Sec.  1002.104(b) below. The Bureau 
is not adopting an exclusion for extensions of credit made to 
governments or governmental subdivisions, agencies, or 
instrumentalities, because governmental entities do not constitute 
small businesses under the final rule.\310\
---------------------------------------------------------------------------

    \309\ As explained in existing comment 3-1, under Sec.  1002.3, 
procedural requirements of Regulation B do not apply to certain 
types of credit. The comment further states that all classes of 
transactions remain subject to Sec.  1002.4(a) (the general rule 
barring discrimination on a prohibited basis) and to any other 
provision not specifically excepted.
    \310\ Government entities are not ``organized for profit'' and 
thus are not a ``business concern'' under final Sec.  1002.106(a).
---------------------------------------------------------------------------

102(e) Closed-End Credit Transaction
    Proposed Sec.  1002.102(e) would have stated that a closed-end 
credit transaction means an extension of credit that is not an open-end 
credit transaction under proposed Sec.  1002.102(n). The term ``closed-
end credit transaction'' is undefined in section 1071. The Bureau's 
proposal would have specified different requirements for collecting and 
reporting certain data points based on whether the application is for a 
closed-end credit transaction or an open-end credit transaction. The 
definition of open-end credit transaction was addressed in proposed 
Sec.  1002.102(n).
    The Bureau sought comment on its proposed approach to the 
definition of a closed-end credit transaction. The Bureau received no 
comments and is finalizing Sec.  1002.102(e) with one revision for 
clarity. The Bureau is revising the definition of a closed-end credit 
transaction to mean an extension of business credit that is not an 
open-end credit transaction under Sec.  1002.102(n). The Bureau 
believes this definition is reasonable as it aligns with the definition 
of ``open-end credit transaction'' in final Sec.  1002.102(o), and that 
such alignment will minimize confusion and facilitate compliance.
102(f) Covered Application
    Final Sec.  1002.102(f) refers to Sec.  1002.103 for a definition 
of the term ``covered application.'' See the section-by-section 
analysis of Sec.  1002.103 for a detailed discussion of that 
definition.
102(g) Covered Credit Transaction
    Final Sec.  1002.102(g) refers to Sec.  1002.104 for a definition 
of the term ``covered credit transaction.'' See the section-by-section 
analysis of Sec.  1002.104 for a detailed discussion of that 
definition.

[[Page 35197]]

102(h) Covered Financial Institution
    Final Sec.  1002.102(h) refers to Sec.  1002.105(b) for a 
definition of the term ``covered financial institution.'' See the 
section-by-section analysis of Sec.  1002.105(b) for a detailed 
discussion of that definition.
102(i) Credit
    Proposed Sec.  1002.102(i) would have referred to existing Sec.  
1002.2(j) for a definition of the term ``credit.'' The term ``credit'' 
is undefined in section 1071. Existing Sec.  1002.2(j), which largely 
follows the definition of credit in ECOA,\311\ defines ``credit'' to 
mean the right granted by a creditor to an applicant to defer payment 
of a debt, incur debt and defer its payment, or purchase property or 
services and defer payment therefor. The Bureau sought comment on its 
proposed approach to this definition.
---------------------------------------------------------------------------

    \311\ See 15 U.S.C. 1691a. Existing Regulation B uses the term 
``applicant'' instead of ``debtor.''
---------------------------------------------------------------------------

    The Bureau received several comments regarding its proposed 
definition of ``credit.'' A few community groups expressed general 
support for a broad definition of credit. To ensure adequate coverage 
for future products, one commenter suggested defining credit to also 
cover situations where money is transmitted to a recipient but the 
money still effectively belongs to the transmitter and is to be repaid 
according to certain terms. Another commenter advocated for a credit 
definition that included as many lenders (and financing companies that 
are not technically lenders) as possible within the scope of this 
rulemaking, even when such companies are providing financing in a 
format that, according to the commenter, is not technically credit (the 
commenter offered cash advance and factoring companies as examples).
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.102(i) as proposed. Section 1002.102(i) refers to existing Sec.  
1002.2(j) for a definition of the term ``credit.'' The Bureau believes 
that aligning to the implemented definition of credit in ECOA \312\ for 
purposes of subpart B will help to foster consistency with existing 
Regulation B. The term credit in subpart B is used in the context of 
what constitutes a covered credit transaction--that is, whether the 
application is reportable under this final rule. See the section-by-
section analysis of Sec.  1002.104 below for a detailed discussion of 
what does, and does not, constitute a covered credit transaction for 
purposes of this final rule.
---------------------------------------------------------------------------

    \312\ See id. Existing Regulation B closely aligns with the 
definition of credit in ECOA, with some technical revisions and use 
of the term ``applicant'' instead of ``debtor.''
---------------------------------------------------------------------------

102(j) Financial Institution
    Final Sec.  1002.102(j) refers to Sec.  1002.105(a) for a 
definition of the term ``financial institution.'' See the section-by-
section analysis of Sec.  1002.105(a) for a detailed discussion of that 
definition.
102(k) LGBTQI+ Individual and 102(l) LGBTQI+-Owned Business
Proposed Rule
    ECOA section 704B(e)(2)(H) authorizes the Bureau to require 
financial institutions to compile and maintain ``any additional data 
that the Bureau determines would aid in fulfilling the purposes of this 
section.'' In the NPRM, the Bureau sought comment on whether it should 
adopt a data point to collect an applicant's lesbian, gay, bisexual, 
transgender, or queer plus (LGBTQ+)-owned business status, similar to 
its proposal for collecting minority-owned business status and women-
owned business status under proposed Sec.  1002.107(a)(18) and (19). 
The Bureau also sought comment on whether including this question, 
along with others, would improve data collection or otherwise further 
section 1071's purposes, as well as whether it would pose any 
particular burdens or challenges for industry.\313\
---------------------------------------------------------------------------

    \313\ 86 FR 56356, 56482 (Oct. 8, 2021).
---------------------------------------------------------------------------

    This section-by-section analysis of Sec.  1002.102(k) and (l) 
discusses the Bureau's definition of LGBTQI+ individual and the related 
definition of LGBTQI+-owned business, respectively. Collection of 
LGBTQI+-owned business status is addressed in the section-by-section 
analysis of Sec.  1002.107(a)(18).
Comments Received
    The Bureau received comments from several lenders, individual 
commenters, and community and advocacy groups as to whether the Bureau 
should adopt a data point to collect an applicant's ``LGBTQ+-owned 
business'' status.\314\ As explained further in the section-by-section 
analysis of Sec.  1002.107(a)(18), some of these commenters did not 
support including such a data point in the final rule (and thus did not 
make any suggestions for how an LGBTQ+-owned business should be 
defined). One commenter opposed collecting LGBTQ+ data without a 
corresponding proposal to modify the definition of minority-owned 
business.
---------------------------------------------------------------------------

    \314\ The terms ``LGBT,'' ``LGBTQ,'' ``LGBTQ+,'' and 
``LGBTQIA+'' are used in this preamble to reflect the specific terms 
used by commenters, the conditions or titles of any cited research, 
or (particularly for ``LGBTQ+'') the Bureau's request for comment in 
the NPRM.
---------------------------------------------------------------------------

    In contrast, other commenters supported requiring the collection 
and reporting of applicants' LGBTQ+-owned business status information. 
As discussed further in the section-by-section analysis of Sec.  
1002.107(a)(18), commenters generally explained that collecting such 
data would enhance fair lending enforcement and identify credit needs 
for these small businesses.
    Most of these commenters generally echoed the Bureau's use of the 
term ``LGBTQ+-owned business'' status in expressing their support for 
the data point. Several recommended that the Bureau require financial 
institutions' inquiries about such status to include a definition of 
the status and give applicants response options specifically indicating 
that they are or are not such a business, similar to the Bureau's 
proposed approach for requesting information about applicants' 
minority-owned and women-owned business status.
    One commenter suggested that the Bureau use the phrase ``LGBTQI+-
owned business'' and include a definition in the final rule. The 
commenter recommended that the Bureau define the term as a business 
where (1) more than 50 percent of the ownership or control of which is 
held by one or more individuals self-identifying as lesbian, gay, 
bisexual, transgender, queer, or intersex and (2) more than 50 percent 
of the net profit or loss accrues to one or more individuals self-
identifying as lesbian, gay, bisexual, transgender, queer, or intersex. 
The commenter stated that this definition is similar to the definitions 
of minority-owned and women-owned businesses and consistent with other 
Federal government and expert practice and recommendations as well as 
the definition of ``LGBTQ-owned business'' in Federal legislation that 
was pending at that time.\315\
---------------------------------------------------------------------------

    \315\ The commenter cited the LGBTQ Business Equal Credit 
Enforcement and Investment Act, H.R. 1443, 117th Cong. (2021), 
https://www.congress.gov/bill/117th-congress/house-bill/1443/text 
(which would have amended ECOA section 704B to, among other things, 
require financial institutions to inquire whether a business is a 
``LGBTQ-owned'' business).
---------------------------------------------------------------------------

Final Rule
    As discussed further in part II above and the section-by-section 
analysis of Sec.  1002.107(a)(18) below, the Bureau believes that the 
collection of an applicant's LGBTQI+-owned business status will aid in 
fulfilling the purposes of section 1071, by facilitating evaluations of 
potential discriminatory

[[Page 35198]]

lending practices on the basis of sex in violation of fair lending laws 
and helping communities, governmental entities, and creditors identify 
needs and opportunities of small businesses. Thus, the Bureau is 
adopting Sec.  1002.102(k) and (l) pursuant to its authority under ECOA 
section 704B(e)(2)(H) to require financial institutions to compile and 
maintain any additional data that the Bureau determines would aid in 
fulfilling the purposes of section 1071 and its authority under ECOA 
section 704B(g)(1) to prescribe such rules and issue such guidance as 
may be necessary to carry out, enforce, and compile data pursuant to 
the statute. The Bureau is not, as suggested by one commenter, 
including LGBTQI+ status in the definition of minority-owned business, 
but is, as requested by multiple commenters, adopting a definition of 
LGBTQI+ owned business that largely parallels the definition of a 
minority-owned business.
    For the reasons set forth herein, the Bureau is defining ``LGBTQI+ 
individual'' in final Sec.  1002.102(k) as including an individual who 
identifies as lesbian, gay, bisexual, transgender, queer, or intersex. 
The Bureau is defining the term ``LGBTQI+-owned business'' in final 
Sec.  1002.102(l) as ``a business for which one or more LGBTQI+ 
individuals hold more than 50 percent of its ownership or control, and 
for which more than 50 percent of the net profits or losses accrue to 
one or more such individuals.'' Both definitions are being included to 
facilitate the requirement in final Sec.  1002.107(a)(18) that 
financial institutions collect an applicant's minority-owned, women-
owned, and LGBTQI+-owned business statuses.
    The Bureau agrees with a commenter's suggestion to use the term 
``LGBTQI+-owned business''--including an ``I'' to capture intersex 
individuals--instead of ``LGBTQ+-owned business.'' \316\ The Bureau 
believes that the term ``LGBTQI+-owned business'' better reflects the 
Bureau's intent to be broadly inclusive.
---------------------------------------------------------------------------

    \316\ Explicit inclusion of intersex individuals within the 
scope of the definitions for LGBTQI+ individual and LGBTQI+-owned 
business is consistent with the prohibitions against discrimination 
on the basis of ``sex'' under ECOA and Regulation B. Sex 
characteristics including intersex traits are ``inextricably bound 
up with'' sex,'' Bostock v. Clayton Cty., 140 S. Ct. 1731, 1742 
(2020), and ``cannot be stated without referencing sex,'' Grimm v. 
Gloucester Cty. Sch. Bd., 972 F.3d 586, 608 (4th Cir. 2020) (quoting 
Whitaker v. Kenosha Unified Sch. Dist. No. 1 Bd. of Educ., 858 F.3d 
1034, 1051 (7th Cir. 2017)).
---------------------------------------------------------------------------

    The Bureau notes that in user testing it conducted to assist its 
understanding of small business applicants' potential experience using 
the sample data collection form in the summer and fall of 2022, a few 
users were confused by the term ``LGBTQI+-owned business.'' \317\ 
Therefore, and consistent with commenters' suggestions, final comments 
102(l)-2 and 107(a)(18)-2 explain that a financial institution must 
provide the definition of LGBTQI+-owned business when inquiring as to 
the applicant's business ownership status pursuant to final Sec.  
1002.107(a)(18). A financial institution may use the definition as set 
forth on the sample data collection form at appendix E. Final comment 
102(l)-2 also clarifies that a financial institution must provide the 
definition of LGBTQI+ individual under final Sec.  1002.102(k) if asked 
by the applicant, but does not need to do so unless asked.
---------------------------------------------------------------------------

    \317\ CFPB, User testing for sample data collection form for the 
small business lending final rule at app. C, at 3, 8 (Mar. 2023), 
https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------

    Final comment 102(l)-2 clarifies that the definition of LGBTQI+-
owned business is used only when an applicant determines if it is such 
a business for purposes of final Sec.  1002.107(a)(18). The financial 
institution is not permitted or required to make its own determination 
as to whether an applicant is a LGBTQI+-owned business.
    In line with commenters' suggestions, the definition for LGBTQI+-
owned business in final Sec.  1002.102(l) parallels concepts in the 
Bureau's definitions for minority-owned business and women-owned 
business in final Sec.  1002.102(m) and (s), respectively. The final 
rule's LGBTQI+-owned business definition incorporates the same two-
prong approach as the other business status definitions, with more than 
50 percent ownership or control as the first prong and more than 50 
percent of net profits or losses as the second prong.
    The commentary for final Sec.  1002.102(l) generally mirrors the 
commentary for the minority-owned business and women-owned business 
definitions in the final rule.\318\ Final comment 102(l)-1 explains 
that a business must satisfy both prongs of the definition to be a 
LGBTQI+-owned business--that is, (A) more than 50 percent of the 
ownership or control is held by one or more LGBTQI+ individuals, and 
(B) more than 50 percent of the net profits or losses accrue to one or 
more LGBTQI+ individuals. Final comment 102(l)-1 clarifies that the 
first prong of the definition can be met through either the control or 
ownership requirements (as do final comments 102(m)-1 and 102(s)-1).
---------------------------------------------------------------------------

    \318\ For discussion of comments as to the concepts of ownership 
and control in the LGBTQI+-owned business definition, the Bureau 
refers to discussion of these concepts in the section-by-section 
analyses of Sec.  1002.102(m) and (s) regarding the definitions for 
minority-owned business and women-owned business.
---------------------------------------------------------------------------

    Final comments 102(l)-3 through -6 mirror the corresponding 
commentary for the definitions of minority-owned business and women-
owned business and provide clarifications of terms used and the 
concepts of ownership, control, and accrual of net profits or losses.
102(m) Minority-Owned Business
Proposed Rule
    As discussed further herein, the final rule combines proposed Sec.  
1002.102(l) (minority individual) into final Sec.  1002.102(m) to 
streamline the rule and facilitate compliance.
    ECOA section 704B(b)(1) requires financial institutions to inquire 
whether applicants for credit are minority-owned businesses. For 
purposes of the financial institution's inquiry under 704B(b), 
704B(h)(5) defines a business as a minority-owned business if (A) more 
than 50 percent of the ownership or control is held by one or more 
minority individuals, and (B) more than 50 percent of the net profit or 
loss accrues to one or more minority individuals. Section 1071 does not 
expressly define the related terms of ``ownership'' or ``control,'' nor 
does it describe what it means for net profits or losses to accrue to 
an individual. Section 704B(h)(4) defines the term ``minority'' as 
having the same meaning as in section 1204(c)(3) of the Financial 
Institutions Reform, Recovery, and Enforcement Act of 1989 
(FIRREA).\319\ That statute defines ``minority'' to mean any Black 
American, Native American, Hispanic American, or Asian American.\320\ 
While section 1071 uses the term ``minority individual'' in 704B(h)(5), 
it does not define that term.
---------------------------------------------------------------------------

    \319\ Public Law 101-73, section 1204(c)(3), 103 Stat. 183, 521 
(1989) (12 U.S.C. 1811 note).
    \320\ Id.
---------------------------------------------------------------------------

    Proposed Sec.  1002.102(l)--definition of minority individual. 
Proposed Sec.  1002.102(l) would have clarified that the term 
``minority individual'' means a natural person who is American Indian 
or Alaska Native, Asian, Black or African American, Native Hawaiian or 
Other Pacific Islander, and/or Hispanic or Latino. As explained in the 
NPRM, the Bureau believed that these categories represent contemporary, 
more specific delineations of the categories described in section 
1204(c)(3) of FIRREA. Proposed comment 102(1)-2

[[Page 35199]]

would have clarified that a multi-racial or multi-ethnic person is a 
minority individual. Proposed comment 102(1)-1 would have clarified 
that this definition would be used only when an applicant determines 
whether it is a minority-owned business pursuant to proposed Sec. Sec.  
1002.102(m) (definition of minority-owned business) and 1002.107(a)(18) 
(data point for minority-owned business status). Proposed comment 
102(1)-3 would have clarified the relationship of the definition of 
minority individual to the disaggregated subcategories used to 
determine a principal owner's ethnicity and race.
    The Bureau sought comment on its proposed approach to this 
definition, including its proposed clarification of the definition of 
minority individual, and requested comment on whether additional 
clarification was needed. The Bureau also sought comment on whether the 
definition of minority individual should include a natural person who 
is Middle Eastern or North African, and whether doing so should be 
dependent on whether Middle Eastern or North African is added as an 
aggregate category for purposes of proposed Sec.  1002.107(a)(20).\321\
---------------------------------------------------------------------------

    \321\ The Bureau received a number of comments regarding whether 
Middle Eastern or North African should be added as an aggregate 
category. Those comments are discussed in the section-by-section 
analysis of Sec.  1002.107(a)(19).
---------------------------------------------------------------------------

    Proposed Sec.  1002.102(m)--definition of minority-owned business. 
Proposed Sec.  1002.102(m) would have defined a minority-owned business 
as a business for which more than 50 percent of its ownership or 
control is held by one or more minority individuals, and more than 50 
percent of its net profits or losses accrue to one or more minority 
individuals. Proposed comment 102(m)-1 would have explained that a 
business must satisfy both prongs of the definition to be a minority-
owned business--that is, (A) more than 50 percent of the ownership or 
control is held by one or more minority individuals, and (B) more than 
50 percent of the net profits or losses accrue to one or more minority 
individuals.
    Proposed comment 102(m)-2 would have clarified that the definition 
of minority-owned business is used only when an applicant determines if 
it is a minority-owned business for purposes of proposed Sec.  
1002.107(a)(18). A financial institution would provide the definition 
of minority-owned business when asking the applicant to provide 
minority-owned business status pursuant to proposed Sec.  
1002.107(a)(18), but a financial institution would not be permitted or 
required to make its own determination regarding whether an applicant 
is a minority-owned business for this purpose.
    Proposed comment 102(m)-3 would have further noted that a financial 
institution would be permitted to assist an applicant when determining 
whether it is a minority-owned business but would not be required to do 
so, and could provide the applicant with the definitions of ownership, 
control, and accrual of net profits or losses set forth in proposed 
comments 102(m)-4 through -6. Additionally, for purposes of reporting 
an applicant's minority-owned business status, a financial institution 
would rely on the applicant's determinations of its ownership, control, 
and accrual of net profits and losses.
    The Bureau proposed to clarify ``ownership'' and ``control'' using 
concepts from the beneficial ownership requirements in FinCEN's 
customer due diligence rule.\322\ Proposed comment 102(m)-4 would have 
clarified that a natural person owns a business if that natural person 
directly or indirectly, through any contract, arrangement, 
understanding, relationship or otherwise, has an equity interest in the 
business. Proposed comment 102(m)-4 would have also provided examples 
of ownership and clarified that, where applicable, ownership would need 
to be traced or followed through corporate or other indirect ownership 
structures for purposes of proposed Sec. Sec.  1002.102(m) and 
1002.107(a)(18). Proposed comment 102(m)-5 would have clarified that a 
natural person controls a business if that natural person has 
significant responsibility to manage or direct the business, and would 
have provided examples of natural persons who control a business. 
Proposed comment 102(m)-6 would have clarified that a business's net 
profits and losses accrue to a natural person if that natural person 
receives the net profits or losses, is legally entitled or required to 
receive the net profits or losses, or is legally entitled or required 
to recognize the net profits or losses for tax purposes.
---------------------------------------------------------------------------

    \322\ See 31 CFR 1010.230 (describing the beneficial ownership 
requirements for legal entity customers). The Department of the 
Treasury's Financial Crimes Enforcement Unit (FinCEN) recently 
issued a final rule to implement requirements regarding reporting of 
beneficial ownership information pursuant to the Corporate 
Transparency Act, 31 U.S.C. 5336. See 87 FR 59498 (Sept. 30, 2022). 
While FinCEN's final rule does not include changes to the current 
customer due diligence rule, FinCEN has indicated its intent to 
revise the customer due diligence rule in a future rulemaking. See 
id. at 59507. FinCEN's final rule includes definitions for 
beneficial owner that will be different from what currently exists 
in the customer due diligence rule, as to both control and 
ownership, when the rule goes into effect on January 1, 2024. See 
id. at 59594. However, the final rule does not change the 25 percent 
threshold for determining ownership. See id.
---------------------------------------------------------------------------

    The Bureau sought comment on the proposed definition of minority-
owned business and possible alternatives that may clarify the term in 
order to help ensure that small business applicants can determine 
whether they are minority-owned businesses for purposes of data 
collection pursuant to section 1071.
Comments Received
    Proposed Sec.  1002.102(l)--definition of minority individual. The 
Bureau received comments regarding the definition of minority 
individual from several industry commenters and community groups.
    One community group stated that the Bureau's proposal to mirror 
HMDA with respect to the definition of minority individual is desirable 
because HMDA's racial and ethnic categories are reasonably 
comprehensive, and using the same categories eases reporting 
requirements and creates consistency for applicants. A group of trade 
associations and a bank supported the Bureau's proposal to define a 
minority individual using only aggregate ethnicity and race categories, 
stating that doing so will help lessen confusion. Another bank 
requested clarification on who is considered multi-racial or multi-
ethnic for purposes of the rule.
    Proposed Sec.  1002.102(m)--definition of minority-owned business. 
The Bureau received comments regarding the definition of minority-owned 
business from lenders, trade associations, and community groups.
    One community group stated that the collection of data on minority-
owned businesses, along with the collection of data on women-owned 
businesses, will help illustrate the experience of firms owned by women 
of color who likely face even higher barriers to accessing small 
business credit than those firms not owned by women of color. The 
commenter noted that these firms comprise a significant portion of 
small businesses and there are a greater proportion of women of color 
who own businesses than the share of white-owned businesses owned by 
women. Another requested that the Bureau add an ``I don't know'' 
response to the list of possible responses, as there may be applicants 
who cannot make a legal conclusion as to whether the small business is 
minority-owned. A trade association asserted that inquiring about the 
ethnicity (or gender) of business owners is contrary to the 
expectations of financial institutions and applicants alike.

[[Page 35200]]

    Regarding the proposed requirement that in order to be considered a 
minority-owned business, one or more minority individuals must hold 
more than 50 percent of the ownership or control of the business, the 
Bureau received comments from several community groups and lenders in 
support. Conversely, a trade association and a bank urged the Bureau to 
revise the requirement such that one or more minority individuals must 
hold ``50 percent or more'' of the ownership or control because the 
statutory definition may result in underreporting for equal 
partnerships with mixed race partners and this would, they said, slant 
the statistical picture.
    Regarding the proposed requirement that in order to be considered a 
minority-owned business, more than 50 percent of the net profit or loss 
must accrue to one or more minority individuals, a community group 
stated that the definition is appropriate to prevent illusory 
``ownership'' by a minority individual. Several other commenters also 
supported the definition.
    Several industry commenters requested that the Bureau not include 
the requirement that more than 50 percent of the net profits or losses 
must accrue to one or more minority individuals. Some of these 
commenters stated that the initial prong of the definition requiring 
more than 50 percent of ownership or control by a minority individual 
is sufficient for determining ownership and would reduce complexity for 
borrowers. A CDFI lender stated that defining ownership based on a 
profit and loss calculation may not fully serve the objectives of the 
statute, and asked the Bureau to consider the CDFI Fund definition of 
minority-owned business.\323\ Several commenters also argued that the 
net profits or losses prong complicates the definition, could result in 
inaccurate data collection, implicates the limited understanding of 
many small business owners regarding the meaning of net profits and 
losses as well as the sensitive nature of these issues, and concluded 
that many small business owners will not understand the definition as 
provided and will, as a result, decline to answer the question.
---------------------------------------------------------------------------

    \323\ The community group cited to the September 2021 CDFI 
Transactional Level Report Data Point Guidance, which provides 
guidance on providing transactional level report data. Under 
``Minority Owned or Controlled,'' the guidance states to ``[r]eport 
whether the investee/borrower is more than 50% owned or controlled 
by one or more minorities. If the business is a for-profit entity, 
report whether more than 50% of the owners are minorities. If the 
business is a nonprofit entity, report whether more than 50% of its 
Board of Directors are minorities.'' CDFI Fund, CDFI Transactional 
Level Report Data Point Guidance, at 33 (Sept. 2021), https://www.cdfifund.gov/sites/cdfi/files/2021-08/CDFITLRGuidance_Final_Sept2021.pdf.
---------------------------------------------------------------------------

    A bank asked for clarification whether data (specifically 
demographic data) collected in prior years could be reused, and what to 
do if there are multiple collections. Specifically, the commenter gave 
an example of an applicant that provides demographic information for 
one application, and then chooses not to provide information for a 
subsequent application, and asking which collection should be 
reported.\324\ A trade association stated that it is possible in 
certain states for a third party non-owner to act as trustee of a 
trust, and that the Bureau should change a comment example to clarify 
whether it is the Bureau's intent to presume that the trustee of a 
trust is the owner. Another bank also asserted that requiring banks to 
collect such information is costly to banks, customers, and 
communities. A group of trade associations asserted that the commentary 
should be revised to explicitly state that a financial institution must 
provide an applicant with the applicable definition.
---------------------------------------------------------------------------

    \324\ See the section-by-section analysis of Sec.  1002.107(d) 
regarding the use of previously collected data.
---------------------------------------------------------------------------

    Several industry commenters supported the proposal to rely solely 
on the data provided by the applicant and that financial institutions 
should not be required to verify any such information provided by the 
applicant. With respect to self-certification of minority-owned 
business status, two trade associations supported permitting credit 
applicants to self-certify that 50 percent or more of the net profit or 
loss accrues to one or more minority individuals, rather than lenders 
needing to verify this information. Another trade association asserted 
that the applicant should solely determine whether the individual 
owners are multi-ethnic or multi-racial individuals and the financial 
institution should not be required to otherwise verify or report any 
information other than that supplied by the applicant.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.102(m) with a number of revisions to the regulatory text and 
commentary to incorporate the definition of minority individual. The 
Bureau has made these changes to streamline the rule and facilitate 
compliance. The Bureau is otherwise finalizing the associated 
commentary with a minor adjustment for clarity.
    Final Sec.  1002.102(m) defines a minority-owned business as a 
business for which one or more American Indian or Alaska Native, Asian, 
Black or African American, Native Hawaiian or Other Pacific Islander, 
or Hispanic or Latino individuals hold more than 50 percent of its 
ownership or control and for which more than 50 percent of the net 
profits or losses accrue to one or more such individuals. Final comment 
102(m)-1 explains that a business must satisfy both prongs of the 
definition to be a minority-owned business--that is, (A) more than 50 
percent of the ownership or control is held by one or more such 
individuals, and (B) more than 50 percent of the net profits or losses 
accrue to one or more such individuals. Final comment 102(m)-1 includes 
an additional sentence to clarify that a business that is controlled by 
an individual with the characteristics listed in the regulatory text 
satisfies this prong of the definition even if none of the individuals 
with ownership in the business satisfies those characteristics.
    Final comment 102(m)-2 clarifies that the definition of minority-
owned business is used only when an applicant determines if it is a 
minority-owned business for purposes of final Sec.  1002.107(a)(18), 
and is finalized with an adjustment made for clarity. Final comment 
102(m)-3 is finalized as proposed and notes that a financial 
institution is permitted to assist an applicant when determining 
whether it is a minority-owned business but is not required to do so, 
may provide the applicant with the definitions of ownership, control, 
and accrual of net profits or losses set forth in final comments 
102(m)-4 through -6, and that, for purposes of reporting an applicant's 
minority-owned business status, a financial institution relies on the 
applicant's determinations of its ownership, control, and accrual of 
net profits and losses.
    Final comment 102(m)-4, finalized with minor edits for consistency 
and clarity, provides examples of ownership and clarifies that, where 
applicable, ownership needs to be traced through corporate or other 
indirect ownership structures. With regard to a commenter's assertion 
that, in certain states, a trustee could act as a third party non-owner 
trustee of a trust, the Bureau believes the trustee would be considered 
an owner for purposes of this definition. Final comment 102(m)-4 also 
clarifies (as it did in the Bureau's proposal) that a trustee is 
considered the owner of a trust.
    Final comment 102(m)-5 clarifies that an individual controls a 
business if that individual has significant responsibility

[[Page 35201]]

to manage or direct the business, while final comment 102(m)-6 
clarifies that a business's net profits and losses accrue to an 
individual if that individual receives the net profits, is legally 
entitled or required to receive the net profits or losses, or is 
legally entitled or required to recognize the net profits or losses for 
tax purposes. Both comments are finalized with minor edits for 
consistency and clarity.
    Final comments 102(m)-7 and -8 are adopted from the commentary to 
proposed Sec.  1002.102(l) (respectively, proposed comments 102(l)-2 
and -3). Final comment 102(m)-7 clarifies that an individual who is 
multi-racial or multi-ethnic constitutes an individual for which the 
definition of minority-owned business may apply, depending on whether 
the individual meets the other requirements of the definition. Final 
comment 102(m)-8 clarifies that the relationship of the ethnicity and 
race categories used in this section are aggregate ethnicity and race 
categories and are the same aggregate categories (along with Not 
Hispanic or Latino for ethnicity, and White for race) to collect an 
applicant's principal owners' ethnicity and race pursuant to final 
Sec.  1002.107(a)(19). Final comment 102(m)-8 is revised from proposed 
comment 102(l)-3 to more clearly state the relationship of the 
ethnicity and race disaggregated subcategories in this comment to those 
used in final Sec.  1002.107(a)(19). Proposed comment 102(l)-1 was not 
finalized because it was no longer relevant once the definition of 
minority individual was incorporated into the minority-owned business 
definition.
    With respect to the categories of persons that constitute 
minorities for purposes of determining minority-owned business status, 
the Bureau believes its clarified terminology in final Sec.  
1002.102(m), which uses the aggregate ethnicity and race categories set 
forth in existing Sec.  1002.13(a)(1)(i) and appendix B to Regulation 
C, will avoid the potentially confusing situation where an applicant is 
presented one set of aggregate ethnicity and race categories when 
answering questions about the principal owners' ethnicity and race 
pursuant to final Sec.  1002.107(a)(19) (which also uses the same 
aggregate ethnicity and race categories) \325\ but is asked to use a 
different set of aggregate categories when indicating whether the 
business is a minority-owned business. It also avoids creating a 
situation where a financial institution is required to use different 
aggregate ethnicity and race categories when complying with different 
portions of Regulation B and, if applicable, Regulation C. This 
consistency across ethnicity and race data collection regimes will also 
allow for better coordination among data users when reviewing 
data.\326\ Further, the Bureau believes that these categories represent 
contemporary, more specific delineations of the categories described in 
section 1204(c)(3) of FIRREA.\327\
---------------------------------------------------------------------------

    \325\ The Bureau notes that while the aggregate ethnicity and 
race categories are the same among final Sec.  1002.107(a)(19), 
existing Sec.  1002.13(a)(1)(i), and appendix B to Regulation C, the 
disaggregated race subcategories that an applicant may use to 
respond to a financial institution's inquiry as to its principal 
owners' race under final Sec.  1002.107(a)(19) differ (i.e., due to 
the addition of disaggregated Black or African American race 
subcategories) from the disaggregated race subcategories in existing 
Sec.  1002.13(a)(1)(i), and appendix B to Regulation C. See the 
section-by-section analysis of Sec.  1002.107(a)(19).
    \326\ For example, OMB uses these same categories for the 
classification of Federal data on race and ethnicity. See Off. of 
Mgmt. & Budget, Revisions to the Standards for the Classification of 
Federal Data on Race and Ethnicity, 62 FR 58785 (Oct. 30, 1996).
    \327\ See, e.g., 80 FR 36356 (June 24, 2015) (NCUA interpretive 
ruling and policy statement implementing an identical FIRREA 
definition of minority using this same modern technology).
---------------------------------------------------------------------------

    The Bureau does not believe it would be appropriate to deviate from 
the statutory definition of a minority-owned business in the various 
ways some commenters suggested, and the Bureau's authority to deviate 
from the statutory language is limited. The Bureau also believes that 
many small business applicants already respond to questions about who 
owns and who controls a business entity when completing customer due 
diligence forms or otherwise responding to questions related to that 
rule and thus will be familiar with these concepts. Although the 
customer due diligence rule does not address the second prong of the 
definition regarding accrual of net profits or losses, final comment 
102(m)-6 provides a comprehensive explanation of this prong of the 
definition.
    With regard to comments urging the Bureau to remove the prong 
requiring that more than 50 percent of its net profits or losses accrue 
to one or more minority individuals in order to be considered a 
minority-owned business, aside from the Bureau's limited authority to 
deviate from the statutory language, the Bureau finds that this prong 
is necessary to prevent illusory ``ownership'' claims by ``straw'' 
owners.
    Finally, with regard to commenters' requests for further 
clarification, in accordance with ECOA section 704B(g)(3), the Bureau 
may release material, as part of its regulatory implementation 
strategy, to assist both financial institutions with complying with the 
requirements of Sec.  1002.102(m) and small businesses in understanding 
this definition.
102(n) Open-End Credit Transaction
    Proposed Sec.  1002.102(n) would have stated that an open-end 
credit transaction means an open-end credit plan as defined in 
Regulation Z Sec.  1026.2(a)(20), but without regard to whether the 
credit is consumer credit, as defined in Sec.  1026.2(a)(12), is 
extended by a creditor, as defined in Sec.  1026.2(a)(17), or is 
extended to a consumer, as defined in Sec.  1026.2(a)(11). The term 
``open-end credit transaction'' is undefined in section 1071. The 
Bureau's proposal would have specified different rules for collecting 
and reporting certain data points based on whether the application is 
for a closed-end credit transaction or an open-end credit transaction.
    The Bureau sought comment on its proposed approach to this 
definition. The Bureau received no comments and is finalizing Sec.  
1002.102(n) as proposed. The Bureau believes this definition is 
reasonable because it aligns with the definition of ``open-end credit 
transaction'' in Regulation Z Sec.  1026.2(a)(20), and that such 
alignment will minimize confusion and facilitate compliance.
102(o) Principal Owner
Proposed Rule
    ECOA section 704B(e) requires financial institutions to compile and 
maintain the ethnicity, race, and sex of an applicant's principal 
owners. However, section 1071 does not expressly define who is a 
principal owner of a business. Proposed Sec.  1002.102(o) would have 
defined principal owner in a manner that is, in part, consistent with 
the beneficial ownership requirements in FinCEN's customer due 
diligence rule.\328\ Specifically, a natural person would be a 
principal owner if the natural person directly owns 25 percent or more 
of the equity interests of the business. Further, as noted in proposed 
comment 102(o)-1, a natural person would need to directly own an equity 
share of 25 percent or more in the business in order to be a principal 
owner. The Bureau also

[[Page 35202]]

proposed that entities not be considered principal owners and indirect 
ownership by individuals likewise not be considered when determining if 
someone is a principal owner for purposes of collecting and reporting 
principal owners' ethnicity, race, and sex or the number of principal 
owners. Thus, when determining who is a principal owner, ownership 
would not be traced through multiple corporate structures to determine 
if a natural person owns 25 percent or more of the applicant's equity 
interests. Additionally, because only a natural person would be a 
principal owner for purposes of the rule, entities such as trusts, 
partnerships, limited liability companies, and corporations, would not 
be principal owners.
---------------------------------------------------------------------------

    \328\ See 31 CFR 1010.230 (describing the beneficial ownership 
requirements for legal entity customers). As noted above, FinCEN 
recently issued a final rule to implement requirements regarding 
reporting of beneficial ownership information pursuant to the 
Corporate Transparency Act. See 87 FR 59498 (Sept. 30, 2022). That 
final rule does not amend the current customer due diligence rule 
(although FinCEN has indicated that it will be revised at a later 
point). See 87 FR 59498, 59507. Notably, however, FinCEN's final 
rule did not change the 25 percent threshold for determining 
ownership. See id. at 59594.
---------------------------------------------------------------------------

    Proposed comment 102(o)-2 would have clarified that a financial 
institution would provide an applicant with the definition of principal 
owner when asking the applicant to provide the number of its principal 
owners pursuant to proposed Sec.  1002.107(a)(20) and the ethnicity, 
race, and sex of its principal owners pursuant to proposed Sec.  
1002.107(a)(19). Proposed comment 102(o)-2 would have also explained 
that if a financial institution meets in person with a natural person 
about a covered application, the financial institution may be required 
to determine if the natural person with whom it meets is a principal 
owner in order to collect and report the principal owner's ethnicity 
and race based on visual observation and/or surname. Additionally, 
proposed comment 102(o)-2 would have noted that if an applicant does 
not provide the number of its principal owners in response to the 
financial institution's request pursuant to proposed Sec.  
1002.107(a)(21), the financial institution may need to determine the 
number of the applicant's principal owners and report that information 
based on other documents or information.
    The Bureau explained that aligning the proposed definition of 
principal owner with the 25 percent ownership definition in the 
customer due diligence rule would likely be familiar to most financial 
institutions and applicants. The customer due diligence rule is broadly 
in use and banks, credit unions, and certain other financial 
institutions must comply with that rule. Further, the Bureau believed 
that applicants, as a general matter, would be more likely to be 
familiar with customer due diligence requirements than SBA or CDFI Fund 
requirements because they have to complete customer due diligence forms 
before opening an initial account (i.e., loan or deposit account) at a 
bank or at certain other institutions. However, unlike the customer due 
diligence rule, due to potential complications with collecting 
ethnicity, race, and sex information for principal owners, the Bureau 
proposed that individuals that only indirectly own 25 percent or more 
of an applicant's equity interests, as well as entities and trusts, 
would not be considered principal owners for purposes of the rule. The 
Bureau sought comment on its proposed definition, including its 
proposal to not include individuals that only indirectly own 25 percent 
or more of an applicant's equity interests as principal owners.
Comments Received
    The Bureau received comments on this aspect of the proposal from a 
number of banks, trade associations, community groups, and a business 
advocacy group. Some of the industry commenters and a community group 
supported the Bureau's proposed definition for principal owner. A group 
of trade associations agreed with the Bureau's proposal to align, in 
part, the definition with the customer due diligence rule, stating that 
financial institutions are already familiar with ownership concepts 
through that rule. Trade association commenters also supported the 
Bureau's proposal not to include entities and indirect ownership by 
natural persons, with one stating that the concepts of ownership by 
entities and indirect ownership would add unnecessary complexity to the 
Bureau's final rule and another noting that its members found them 
difficult concepts to explain and determine. The community group 
supporting the Bureau's proposed definition for principal owner stated 
that the proposed definition made intuitive sense, as 25 percent is a 
significant amount of ownership.
    Several other industry commenters did not support the Bureau's 
proposed definition. Specifically, these commenters requested that the 
Bureau look to and align with all the concepts of the customer due 
diligence rule. The commenters stated that because financial 
institutions and customers are familiar with the customer due diligence 
rule and financial institutions already identify principal owners 
thereunder, consistency between the two regulatory regimes would reduce 
complexity and facilitate compliance. A business advocacy group stated 
that aligning the rules completely would allow financial institutions 
to leverage existing processes and training and focus on customer needs 
rather than regulatory interpretation. Another commenter argued that a 
new definition for principal owner under the rule would add unnecessary 
complexity to the loan origination process. A lender specifically 
suggested that financial institutions be required to identify and 
verify the identity of each individual who owns 25 percent or more of 
the entity, and one individual who controls the entity, as is required 
under the customer due diligence rule. Another commenter similarly 
argued for replicating this requirement for the rule, arguing that 
financial institutions would not find it challenging to trace indirect 
ownership because they already do so under the customer due diligence 
rule, that the approach would be familiar to small business applicants 
structured as legal entities, and that small businesses that are not 
legal entities (e.g., sole proprietorships) likely would not have 
complicated equity structures.
    Two industry commenters that supported aligning principal owner 
definition in the Bureau's rule more closely with the customer due 
diligence rule than proposed by the Bureau also expressed concern that 
differences in the definition between the regulatory regimes would lead 
to customer confusion. One of these commenters argued that confusion 
would likely result for applicants who will be asked to provide 
information about principal owners under both rules at the same point 
of the origination process. The other asserted that confusion as a 
result of different definitions would increase the possibility that 
customers would refuse to provide information.
    A bank commented that the Bureau's proposal did not provide enough 
guidance or procedures for how financial institutions should handle 
reporting for small business applicants whose principal owner(s) are a 
separate corporate entity or trust.
    Another bank stated that financial institutions should not be 
required to determine the ownership of small businesses, which it said 
the proposed rule would require.
    A trade association, which requested an exclusion for applications 
from trusts from coverage under the final rule, raised a question about 
who should be considered a principal owner of a trust for data 
collection purposes, such as whether they should be the settlors, 
beneficiaries, trustees, or some combination thereof.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing its 
definition of principal owner in Sec.  1002.102(o) and associated 
commentary with certain adjustments. The Bureau believes it is 
appropriate to align, in part, its

[[Page 35203]]

definition of principal owner with the 25 percent ownership concept in 
FinCEN's customer due diligence rule given financial institutions' and 
applicants' likely familiarity with that rule's requirements.\329\ The 
Bureau does not believe, however, that its definition must completely 
match the ownership and control requirements in the customer due 
diligence rule as urged by some commenters. While differences between 
similar concepts in different regulatory regimes may lead to some 
initial confusion, particularly as financial institutions (as well as 
small business applicants) already familiar with the customer due 
diligence rule implement this final rule's requirements, the Bureau 
believes that adding the concepts of indirect ownership by natural 
persons, as well as ownership by entities or trusts, to the definition 
of principal owner would add unnecessary complexity to this final rule.
---------------------------------------------------------------------------

    \329\ 86 FR 56356, 56395 (Oct. 8, 2021).
---------------------------------------------------------------------------

    Generally, FinCEN's customer due diligence rule defines a 
beneficial owner as not just any individual who directly owns 25 
percent or more of a legal entity, but also includes individuals who 
indirectly have that amount of ownership in the entity, such as through 
multiple corporate structures.\330\ If a trust directly or indirectly 
owns 25 percent or more of the entity, the trustee is considered to be 
a beneficial owner.\331\ In addition to ownership, the customer due 
diligence rule also looks to control. A beneficial owner also includes 
the single individual with significant responsibility to control, 
manage, or direct the entity.\332\
---------------------------------------------------------------------------

    \330\ 31 CFR 1010.230(d)(1). See also Fin. Crimes Enf't Network, 
U.S. Dep't of Treas., FinCEN Guidance FIN-2018-G001: Frequently 
Asked Questions Regarding Customer Due Diligence Requirements for 
Financial Institutions 3 (Apr. 3, 2018), https://www.fincen.gov/sites/default/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf. 
Certain legal entities are exempted from the rule. 31 CFR 
1010.230(e)(2).
    \331\ 31 CFR 1010.230(d)(3).
    \332\ 31 CFR 1010.230(d)(2).
---------------------------------------------------------------------------

    The Bureau does not believe that it would be appropriate for the 
rule's definition of principal owner to incorporate indirect ownership 
and control, as suggested by some commenters. This final rule requires 
covered financial institutions to collect and report the ethnicity, 
race, and sex of small business applicants' principal owners and 
includes the definition of principal owner at Sec.  1002.102(o) for the 
purpose of facilitating financial institutions' and applicants' ability 
to provide such information. The Bureau believes that a simpler 
definition for principal owner that aligns with the customer due 
diligence rule's general 25 percent or more ownership concept, but 
which only applies to individuals (not entities or trusts) with direct 
ownership, will encourage applicants to provide their principal owners' 
ethnicity, race, and sex and facilitate more accurate reporting. With 
the simpler definition for principal owner, applicants do not need to 
first make potentially difficult determinations about which individuals 
indirectly own or control the small business before providing such 
individuals' ethnicity, race, and sex information.
    The Bureau does not believe differences between the customer due 
diligence beneficial owner definition and the principal owner 
definition in this rule will lead applicants to refuse to provide their 
principal owners' ethnicity, race, and/or sex information, as suggested 
by one commenter. In contrast, the Bureau believes that its principal 
owner definition is less complicated and easier to understand and is 
more likely to facilitate applicants' willingness to provide their 
principal owners' information.
    With respect to a commenter's assertion that the NPRM did not 
provide enough guidance or procedures for how financial institutions 
should handle reporting for small business applicants whose principal 
owner(s) are a separate corporate entity or trust, under the final rule 
(as generally in the proposal), only individuals are considered 
principal owners. Thus, entities, such as trusts, partnerships, limited 
liability companies, and corporations, are not principal owners. Final 
comment 107(a)(19)-10 clarifies that if an applicant has fewer than 
four principal owners (e.g., because only one individual owns 25 
percent or more of the equity interests of the small business), the 
financial institution reports ethnicity, race, and sex information for 
the number of principal owners that the applicant has identified and 
reports that the ethnicity, race, and sex fields for additional 
principal owners are ``not applicable.'' (In the NPRM, this 
clarification generally appeared in proposed appendix G, instruction 
25.)
    Relatedly, as discussed in the section-by-section analysis of Sec.  
1002.106(a), a trust may also be a small business applicant (as opposed 
to a trust that is an owner of small business applicant) under the 
final rule. In this case, as was noted by a trade association 
commenter, it is unclear who should be considered a principal owner for 
the purpose of principal owners' ethnicity, race, and sex information. 
The Bureau has added new comment 102(o)-2 clarifying that if a trust is 
an applicant for a covered credit transaction, a trustee is considered 
an owner of the trust, to align with commentary accompanying the 
definitions for LGBTQI+-owned business, minority-owned business, and 
women-owned business.
    As to a commenter's concern that the rule would require financial 
institutions to determine the ownership of a business, it is unclear as 
to the specific aspect of the Bureau's proposal to which the commenter 
was referring. Under the Bureau's proposal (as in the final rule), a 
financial institution would collect and report the following 
information related to the ownership of an applicant: the applicant's 
status as a minority-owned and/or women-owned small business (as well 
as LGBTQI+-owned business status), the number of principal owners, and 
the ethnicity, race, and sex of those principal owners. A financial 
institution can rely (and, in fact, for the protected demographic 
information, must rely) upon an applicant's self-reported information. 
This aspect of those data points has been substantially finalized as 
proposed. Final comment 107(a)(18)-9, regarding the collection and 
reporting of women-owned, minority-owned, and LGBTQI+-owned business 
status information clarifies that a financial institution must only 
report an applicant's responses, even if it verifies or otherwise 
obtains such information. Final comment 107(a)(20)-2, regarding the 
collection and reporting of the number of an applicant's principal 
owners, also provides that a financial institution may rely upon an 
applicant's statements or information to report such information. It 
further provides that the financial institution is not required to 
verify the number of an applicant's principal owners, but if it does 
so, then it must report the verified information. Thus, a financial 
institution is not required to make its own determinations about the 
ownership of a business under the final rule.\333\
---------------------------------------------------------------------------

    \333\ The Bureau notes, however, that as part of its proposal 
requiring financial institutions to collect principal owners' 
ethnicity and race via visual observation or surname in certain 
circumstances, a financial institution would have needed to 
determine if a representative of the applicant with whom it was 
meeting in person was a principal owner. As discussed in the 
section-by-section analysis of Sec.  1002.107(a)(19) below, the 
Bureau is not finalizing this requirement. Thus, to the extent the 
comment was referring to this aspect of the proposal, the 
commenter's concern has been rendered moot.
---------------------------------------------------------------------------

    In light of the foregoing, the text of final Sec.  1002.102(o) and 
final comment 102(o)-1 generally remain unchanged from the proposal, 
though upon further consideration the Bureau has changed the reference 
to ``natural person'' in the

[[Page 35204]]

proposed definition and related comment to ``individual'' in the final 
rule. In user testing conducted on versions of the Bureau's proposed 
sample data collection form at appendix E, users expressed confusion 
about the term ``natural person.'' \334\ The Bureau does not believe 
that there is a meaningful difference between the terms ``individual'' 
and ``natural person'' and as a result has decided to use the term 
``individual'' in the definition for comprehensibility.
---------------------------------------------------------------------------

    \334\ CFPB, User testing for sample data collection form for the 
small business lending final rule at app. B, at 12, 15 (Mar. 2023), 
https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------

    The Bureau is finalizing proposed comment 102(o)-2, renumbered as 
final comment 102(o)-3, to explain the purpose of the definition of 
principal owner; the Bureau has revised this comment to reflect other 
changes in the rule.
102(p) Small Business
    Final Sec.  1002.102(p) refers to Sec.  1002.106(b) for a 
definition of the term ``small business.'' See the section-by-section 
analysis of Sec.  1002.106(b) for a detailed discussion of that 
definition.
102(q) Small Business Lending Application Register
    Proposed Sec.  1002.102(q) would have defined the term ``small 
business lending application register'' or ``register'' as the data 
reported, or required to be reported, annually pursuant to proposed 
Sec.  1002.109. This definition referred only to the data that is 
reported, or required to be reported, annually; it did not refer to the 
data required to be collected and maintained (prior to reporting).\335\ 
The Bureau sought comment on its proposed definition of ``small 
business lending application register'' or ``register'' in proposed 
Sec.  1002.102(q). The Bureau received no comments on this definition, 
and therefore is finalizing Sec.  1002.102(q) as proposed.
---------------------------------------------------------------------------

    \335\ In contrast, the term ``Loan/Application Register'' in 
Regulation C Sec.  1003.2(k) refers to both the record of 
information required to be collected pursuant to Sec.  1003.4 as 
well as the record submitted annually or quarterly, as applicable, 
pursuant to Sec.  1003.5(a).
---------------------------------------------------------------------------

102(r) State
    Proposed Sec.  1002.102(r) would have referred to existing Sec.  
1002.2(aa) for a definition of the term ``State.'' Existing Sec.  
1002.2(aa) defines the term as any State, the District of Columbia, the 
Commonwealth of Puerto Rico, or any territory or possession of the 
United States. The Bureau requested comment on its proposed approach to 
this definition, but did not receive any feedback. The Bureau is 
finalizing Sec.  1002.102(r) as proposed. The Bureau believes that, 
being consistent with existing Regulation B, this definition will be 
familiar to financial institutions.
102(s) Women-Owned Business
Proposed Rule
    ECOA section 704B(b)(1) requires financial institutions to inquire 
whether applicants for credit are women-owned businesses. For purposes 
of the financial institution's inquiry under 704B(b), 704B(h)(6) 
defines a business as a women-owned business if (A) more than 50 
percent of the ownership or control is held by one or more women, and 
(B) more than 50 percent of the net profit or loss accrues to one or 
more women. Section 1071 does not expressly define the related terms of 
``ownership'' or ``control,'' nor does it describe what it means for 
net profits or losses to accrue to an individual.
    Proposed Sec.  1002.102(s) would have defined a women-owned 
business as a business for which more than 50 percent of its ownership 
or control is held by one or more women, and more than 50 percent of 
its net profits or losses accrue to one or more women. Proposed comment 
102(s)-1 would have explained that a business must satisfy both prongs 
of the definition to be a women-owned business--that is, (A) more than 
50 percent of the ownership or control is held by one or more women, 
and (B) more than 50 percent of the net profits or losses accrue to one 
or more women.
    Proposed comment 102(s)-2 would have clarified that the definition 
of women-owned business is used only when an applicant determines if it 
is a women-owned business for purposes of proposed Sec.  
1002.107(a)(19). A financial institution would have provided the 
definition of women-owned business when asking the applicant to provide 
women-owned business status pursuant to proposed Sec.  1002.107(a)(19), 
but a financial institution would not have been permitted or required 
to make its own determination regarding whether an applicant is a 
women-owned business for this purpose.
    Proposed comment 102(s)-3 would have further noted that a financial 
institution would be permitted to assist an applicant when determining 
whether it is a women-owned business but would not be required to do 
so, and could provide the applicant with the definitions of ownership, 
control, and accrual of net profits or losses set forth in proposed 
comments 102(s)-4 through -6. Additionally, for purposes of reporting 
an applicant's women-owned business status, a financial institution 
would rely on the applicant's determinations of its ownership, control, 
and accrual of net profits and losses.
    The Bureau proposed to clarify ``ownership'' and ``control'' using 
concepts from FinCEN's customer due diligence rule. Proposed comment 
102(s)-4 would have clarified that a natural person owns a business if 
that natural person directly or indirectly, through any contract, 
arrangement, understanding, relationship or otherwise, has an equity 
interest in the business. Proposed comment 102(s)-4 would have also 
provided examples of ownership and clarified that, where applicable, 
ownership would need to be traced or followed through corporate or 
other indirect ownership structures for purposes of proposed Sec. Sec.  
1002.102(s) and 1002.107(a)(19). Proposed comment 102(s)-5 would have 
clarified that a natural person controls a business if that natural 
person has significant responsibility to manage or direct the business 
and would provide examples of natural persons who control a business. 
Proposed comment 102(s)-6 would have clarified that a business's net 
profits and losses accrue to a natural person if that natural person 
receives the net profits, is legally entitled or required to receive 
the net profits or losses, or is legally entitled or required to 
recognize the net profits or losses for tax purposes.
    The Bureau sought comment on the proposed definition of women-owned 
business and possible alternatives that may clarify the term in order 
to help ensure that small business applicants can determine whether 
they are women-owned businesses for purposes of data collection 
pursuant to section 1071.
Comments Received
    The Bureau received comments regarding the definition of a women-
owned business from a number of banks, trade associations, and 
community groups.
    One community group requested that the Bureau add an ``I don't 
know'' response to the list of possible responses, as there may be 
applicants who cannot make a legal conclusion as to whether the small 
business is women-owned.
    Regarding the proposed requirement that to be considered a women-
owned business, one or more women must hold ``more than 50 percent'' of 
the ownership or control, the Bureau received several comments from 
community groups and a CDFI lender

[[Page 35205]]

supporting this requirement. A trade association stated that the Bureau 
should revise the requirement to state that one or more women must hold 
``50 percent or more'' of the ownership or control because the 
statutory definition may result in underreporting for equal 
partnerships with mixed gender partners.
    Regarding the proposed requirement that to be considered a women-
owned business, more than 50 percent of the net profit or loss must 
accrue to one or more women, one community group stated that the 
statutory definition is appropriate to prevent illusory ``ownership'' 
by one or more women. Another commenter supported the definition.
    Some commenters stated that the Bureau should not include the 
statutory definition requirement that more than 50 percent of the net 
profit or loss must accrue to one or more women. A number of commenters 
stated that the initial prong of the definition requiring more than 50 
percent of ownership or control by a woman is sufficient for 
determining ownership and would reduce complexity for borrowers. A CDFI 
lender stated that defining ownership on a profit and loss calculation 
may not fully serve the objectives of the statute, and asked the Bureau 
to consider the CDFI Fund definition of women-owned business.\336\ 
Several industry commenters asserted that the net profits or losses 
prong complicates the definition, can result in inaccurate data 
collection (for example, in spousal relationships where each partner 
equally owns and controls a small business), implicates the limited 
understanding of many small business owners regarding the meaning of 
net profits and losses as well as the sensitive nature of these issues, 
and that many small business owners will not understand the definition 
as provided and will, as a result, decline to answer the question.
---------------------------------------------------------------------------

    \336\ The community group cited to the September 2021 CDFI 
Transactional Level Report Data Point Guidance, which provides 
guidance on providing transactional level report data. Under ``Women 
Owned or Controlled,'' the guidance states to ``[r]eport whether the 
investee/borrower is more than 50% owned or controlled by one or 
more women. If the business is a for-profit entity, report whether 
more than 50% of the owners are women. If the business is a 
nonprofit entity, report whether more than 50% of its Board of 
Directors are women.'' CDFI Fund, CDFI Transactional Level Report 
Data Point Guidance, at 33 (Sept. 2021), https://www.cdfifund.gov/sites/cdfi/files/2021-08/CDFITLRGuidance_Final_Sept2021.pdf.
---------------------------------------------------------------------------

    A bank asked for clarification whether data (specifically 
demographic data) collected in prior years could be reused, and what to 
do if there are multiple collections. Specifically, the commenter gave 
an example of an applicant that provides demographic information for 
one application, and then chooses not to provide information for a 
subsequent application, and asking which collection should be 
reported.\337\ A trade association stated that it is possible in 
certain States for a third party non-owner to act as trustee of a 
trust, and that the Bureau should change a comment example to clarify 
whether it is the Bureau's intent to presume that the trustee of a 
trust is the owner. Another bank also asserted that requiring banks to 
collect such information is costly to banks, customers, and 
communities. A group of trade associations asserted that the commentary 
should be revised to explicitly state that a financial institution must 
provide an applicant with the applicable definition.
---------------------------------------------------------------------------

    \337\ See the section-by-section analysis of Sec.  1002.107(d) 
for a discussion on the use of previously collected data.
---------------------------------------------------------------------------

Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.102(s) with one addition and one minor adjustment for clarity, 
along with several non-substantive technical revisions to update 
citations to other provisions.
    Final Sec.  1002.102(s) defines a women-owned business as a 
business for which more than 50 percent of its ownership or control is 
held by one or more women, and more than 50 percent of its net profits 
or losses accrue to one or more women. Final comment 102(s)-1 explains 
that a business must satisfy both prongs of the definition to be a 
women-owned business and includes an additional sentence to clarify 
that a business that is controlled by a woman or by women satisfies 
this prong of the definition even if none of the individuals with 
ownership in the business are women.
    Final comment 102(s)-2 clarifies that the definition of women-owned 
business is used only when an applicant determines if it is a women-
owned business for purposes of final Sec.  1002.107(a)(18), and is 
finalized as proposed with the exception of one small adjustment for 
clarity.
    Final comment 102(s)-3 is finalized as proposed and notes that a 
financial institution is permitted to assist an applicant when 
determining whether it is a women-owned business but is not required to 
do so, may provide the applicant with the definitions of ownership, 
control, and accrual of net profits or losses set forth in final 
comments 102(s)-4 through -6, and that, for purposes of reporting an 
applicant's women-owned business status, a financial institution relies 
on the applicant's determinations of its ownership, control, and 
accrual of net profits and losses.
    Final comment 102(s)-4 is finalized with an updated cross-reference 
and minor edits for consistency and clarity. It provides examples of 
ownership and clarifies that, where applicable, ownership needs to be 
traced or followed through corporate or other indirect ownership 
structures. With regard to a commenter's assertion that, in certain 
states, a trustee could act as a third party non-owner trustee of a 
trust, the Bureau believes that in such circumstances, the trustee 
would be considered an owner for purposes of this definition. Final 
comment 102(s)-4 also clarifies (as it did in the Bureau's proposal) 
that a trustee is considered the owner of a trust.
    Final comment 102(s)-5 clarifies that an individual controls a 
business if that individual has significant responsibility to manage or 
direct the business, while final comment 102(s)-6 clarifies that a 
business's net profits and losses accrue to an individual if that 
individual receives the net profits or losses, is legally entitled or 
required to receive the net profits or losses, or is legally entitled 
or required to recognize the net profits or losses for tax purposes. 
Both comments are finalized with minor edits for consistency and 
clarity.
    The Bureau does not believe that it would be appropriate to deviate 
from the statutory definition of women-owned business, as suggested by 
some commenters, and notes that the Bureau's authority to deviate from 
the statutory language is limited. The Bureau also believes that many 
small business applicants already respond to questions about who owns 
and who controls a business entity when completing customer due 
diligence forms or otherwise responding to questions related to that 
rule and thus will be familiar with the concepts therein. Although the 
customer due diligence rule does not address the second prong of the 
definition regarding accrual of net profits or losses, final comment 
102(s)-6 provides a comprehensive explanation of this prong of the 
definition.
    With regard to comments urging the Bureau to remove the prong 
requiring that more than 50 percent of its net profits or losses accrue 
to one or more women in order to be considered a women-owned business, 
the Bureau finds that this prong is necessary to prevent illusory 
``ownership'' claims by ``straw'' owners.
    Finally, in accordance with ECOA section 704B(g)(3), the Bureau may

[[Page 35206]]

release material, as part of its regulatory implementation strategy, to 
assist both financial institutions in complying with the requirements 
of Sec.  1002.102(s) and small businesses in understanding this 
definition.
Proposed Definition of Dwelling
    Proposed Sec.  1002.102(j) would have referred to Regulation C 
Sec.  1003.2(f) for a definition of the term ``dwelling.'' That 
provision defines dwelling to mean a residential structure, whether or 
not attached to real property. The term includes but is not limited to 
a detached home, an individual condominium or cooperative unit, a 
manufactured home or other factory-built home, or a multifamily 
residential structure or community. Proposed comment 102(j)-1 would 
have provided that Bureau interpretations that appear in supplement I 
to part 1003 containing official commentary in connection with Sec.  
1003.2(f) are generally applicable to the definition of a dwelling in 
proposed Sec.  1002.102(j). Proposed comment 102(j)-2 would have 
clarified that the definition of dwelling under existing Sec.  
1002.14(b)(2) applies to relevant provisions under existing Regulation 
B, and proposed Sec.  1002.102(j) is not intended to repeal, abrogate, 
annul, impair, or interfere with any existing interpretations, orders, 
agreements, ordinances, rules, or regulations adopted or issued 
pursuant to existing Sec.  1002.14(b)(2). The Bureau did not receive 
any comments on this aspect of the proposal.
    The Bureau is not finalizing its proposed definition of 
``dwelling.'' The need for the Bureau to adopt its own definition of 
``dwelling'' in this rulemaking is obviated by the Bureau's decision in 
this final rule to not require reporting of transactions that would 
constitute ``covered loans'' under Regulation C. That decision is 
discussed in detail in the section-by-section analysis of Sec.  
1002.104 below. The Bureau understands that there may be limited 
instances where a dwelling is used as collateral for a covered credit 
transaction that does not fall under the definition of a Regulation C 
covered loan because it does not involve the purchase, improvement, or 
refinance of a dwelling--for example, where a small business seeks to 
use their primary dwelling as collateral to obtain working capital such 
as inventory. In this example, the transaction would only be reported 
under the final rule, not under Regulation C, with a credit purpose of 
working capital (includes inventory or floor planning) per final 
comment 107(a)(6)-1. Taking into account these limited circumstances, 
the Bureau believes that adopting the Regulation C definition of 
dwelling is no longer necessary to minimize the compliance risks that 
would have arisen from having to report a transaction under both 
Regulation C and this final rule.

Section 1002.103 Covered Applications

    ECOA section 704B(b) requires that financial institutions collect, 
maintain, and report to the Bureau certain information regarding ``any 
application to a financial institution for credit.'' For covered 
financial institutions, the definition of ``application'' will trigger 
data collection and reporting obligations with respect to covered 
credit transactions. However, section 1071 does not expressly define 
``application.''
    The Bureau is finalizing Sec.  1002.103 and associated commentary 
with minor revisions for clarity and consistency, to define what is, 
and is not, a covered application for purposes of subpart B pursuant to 
its authority in ECOA section 704B(g)(1) to prescribe such rules and 
issue such guidance as may be necessary to carry out, enforce, and 
compile data pursuant to section 1071. Final Sec.  1002.103(a) provides 
a general definition of the term ``covered application,'' followed by a 
list of the circumstances that are not covered applications in final 
Sec.  1002.103(b). For the reasons discussed below, the Bureau believes 
that its determinations as to what does and does not constitute a 
covered application for purposes of this rulemaking constitute 
reasonable interpretations of an ``application'' as used in section 
1071.
103(a) Covered Application
Proposed Rule
    The Bureau proposed to define a covered application in Sec.  
1002.103(a) as an oral or written request for a covered credit 
transaction that is made in accordance with procedures used by a 
financial institution for the type of credit requested. As noted above, 
the term ``application'' is undefined in section 1071. The Bureau 
believed its proposed definition of the term was reasonable, 
particularly as it would align with the similar definition of 
``application'' in existing Sec.  1002.2(f). The Bureau also proposed 
commentary to accompany this definition.
    In considering the proposed definition of a ``covered 
application,'' the Bureau believed that incomplete and withdrawn 
applications--which would have generally been captured under proposed 
Sec.  1002.103(a)--would be essential to the purposes of section 1071 
as a tool to identify potential discrimination and to better understand 
the credit market. The definition of ``covered application'' in 
proposed Sec.  1002.103(a), which was similar to the definition of 
``application'' in existing Sec.  1002.2(f), would have also been 
familiar to creditors and would have provided flexibility to 
accommodate different application processes.
    The Bureau recognized that the proposed definition of ``covered 
application'' in Sec.  1002.103(a), while flexible, would have meant 
that data collection and reporting may be triggered at different times 
for different financial institutions and different types of covered 
credit transactions. While the proposed definition of ``covered 
application'' would not have provided a bright-line rule, the Bureau 
believed the proposed definition would have been familiar to financial 
institutions and would have provided consistency with similar 
definitions found in existing Regulation B and Regulation C.
    As discussed in the NPRM, the Bureau also considered proposing 
several other options for defining a ``covered application.'' First, 
the Bureau considered triggering collection and reporting based on a 
``completed application,'' which is defined in existing Sec.  1002.2(f) 
as an application in which the creditor has received ``all the 
information that the creditor regularly obtains and considers'' in 
evaluating similar products. As noted in the NPRM, the Bureau did not 
propose to use the definition of ``completed application'' in existing 
Sec.  1002.2(f) for its definition of covered application in subpart B, 
as doing so would have excluded incomplete applications and many 
withdrawn applications that may reflect demand for credit or potential 
discrimination during the application process. The Bureau also 
considered proposing to define ``covered application'' as a set of 
specific data points that, if collected, would trigger a duty to 
collect and report small business lending data. As noted in the NPRM, 
the Bureau did not propose this approach for several reasons, including 
that it would have introduced a new regulatory definition of 
``application,'' would have led to operational changes and complexities 
for financial institutions, and could have led to increased evasion.
    Proposed comments 103(a)-1 through -3 would have provided 
additional guidance on identifying what is a ``covered application.'' 
Proposed comments 103(a)-4 through -6 would have addressed how a 
financial institution reports multiple covered credit transaction 
requests at one time or a request for a credit transaction that results 
in the origination of multiple

[[Page 35207]]

covered credit transactions. Proposed comment 103(a)-7 would have 
addressed how a financial institution would report applications where 
there is a change in whether the applicant is requesting a covered 
credit transaction.
    The Bureau sought comment on its proposed definition of a covered 
application in Sec.  1002.103(a) and associated commentary. The Bureau 
also sought comment on the advantages and disadvantages of collecting 
data on incomplete or withdrawn applications, as well as how collection 
would or would not further the purposes of section 1071. In addition, 
the Bureau sought comment on reporting of multiple lines of credit on a 
single credit account, including how financial institutions internally 
consider multiple lines of a credit on a single account and the 
Bureau's approach in proposed comment 103(a)-6.
Comments Received
    The Bureau received comments on its proposed approach to defining a 
covered application from a wide range of lenders, trade associations, 
community groups, and a business advocacy group. The overwhelming 
majority of commenters to address the issue, including most industry 
commenters and some community groups, generally supported the Bureau's 
proposal to define a ``covered application'' largely consistent with 
the existing Regulation B definition. Several of these commenters 
stated that lenders are familiar with the existing Regulation B 
definition and so implementing it within this rule would minimize the 
need for additional training or new procedures. Commenters also stated 
that the proposed definition is a flexible one that can accommodate the 
variety of small business lenders, products, and processes that exist 
in the marketplace, and thus avoids a one-size-fits-all approach that 
would be unworkable in small business lending. Several lenders and 
trade associations urged the Bureau to finalize proposed comment 
103(a)-1, which would have provided that a financial institution has 
latitude to establish its own application process or procedures, 
including designating the type and amount of information it will 
require from applicants. Some of these commenters also stated that the 
proposed comment is consistent with longstanding interpretation of 
existing Regulation B and that the flexibility is critical given the 
unique nature of commercial credit applications. A community bank 
stated that defining an application based on a set of specific data 
points would be inappropriate for commercial lending, which is less 
standardized than consumer mortgage lending. The bank further noted 
that defining an application based on a standardized set of data points 
would be unnecessary so long as each data point has a ``not 
applicable'' or ``not received'' choice for incomplete applications, 
which the commenter emphasized would be important to capture.
    Some community groups and community-oriented lenders expressed 
support for the Bureau's proposed definition because it would capture 
applicants that do not make it to a completed application, and 
therefore potentially help identify barriers to credit early in the 
application process. These commenters argued that the proposed 
definition would further the purposes of section 1071, including by 
identifying potential bias, discouragement, or other discrimination. 
Similarly, some community-oriented lenders stated that the proposed 
definition would strike the right balance of triggering data collection 
and reporting requirements only after there is an actual request for 
credit, but still early enough in the process to capture most 
incomplete, withdrawn, and denied applications.
    One community group expressed concern about the lack of 
standardization under the proposed definition, but ultimately concluded 
that the proposed definition makes sense and any concerns could be 
allayed through monitoring. The commenter expressed understanding for 
the desire to follow current lender procedures for defining an 
application based on existing Regulation B, though noted that how a 
lender defines an application should have enough standardization to 
generate consistent data and be early enough in the process to capture 
incomplete and withdrawn applications, which are necessary to identify 
discouragement. The commenter also expressed support for the idea that 
peer comparisons may be a reasonable way to check a financial 
institution's method of defining an application; for example, by 
analyzing whether a financial institution has abnormally high rates of 
approval or low rates of incomplete applications.
    A number of industry commenters, including community banks, credit 
unions, and trade associations, described the small business 
application process as informal and consultive. These commenters 
explained that the application process often does not involve a written 
application or a ``formal'' application, can be months-long, and often 
involves extensive back-and-forth communications between the lender and 
the small business, including in-person meetings, phone calls, texts, 
and emails. One commenter noted that many loans are funded without any 
``application,'' but rather based on the business's existing 
relationship with the institution and financial information on file. 
Some commenters described how the application process can start 
informally from a conversation, a general inquiry, or as an offshoot to 
deposit activity. Commenters explained that a business will bring in 
financial statements, tax returns, business plans, and other documents, 
which will be reviewed by the financial institution in order to analyze 
and generate the most appropriate package to fit the credit needs of 
the business. Several banks stated that business customers will often 
``shop around'' with multiple financial institutions to get the best 
terms. Several commenters stated that small business lending often 
involves a lot of ``hand holding'' and lender involvement to reach a 
point where a formal application or a particular product and terms can 
be considered. Industry commenters also stated that commercial business 
customers are unique and each requires an individualized approach based 
on the characteristics of the business and the products of interest. 
Several commenters also noted that the small business lending process 
differs from mortgage lending, which is highly regimented and uniform.
    A number of community banks and other industry commenters expressed 
concern that the Bureau's rule implementing section 1071 would 
standardize and formalize the small business application process 
(which, they asserted, would be to its detriment); they predicted that 
business customers would be unhappy with the more rigid lending 
structure, and may avoid seeking credit altogether. These commenters 
expressed concern that small business lending would become impersonal 
and ``form centric,'' and that it would change the fundamental 
relationship between lender and borrower, including the personalized 
attention and advice currently provided by lenders. Many of these 
commenters stated the view that the rule's data collection and 
reporting requirements would cause them to lose flexibility and adopt 
``check-the-box'' criteria that is at odds with how community banks 
conduct business. Several commenters were concerned that at the start 
of an inquiry, a lender would need to implement a written application 
or other formalized method to collect the required data and that by 
doing so, conversations will turn into implied commitments. Commenters 
also stated

[[Page 35208]]

the belief that lenders would implement a more rigid application 
process in order to avoid triggering data collection and reporting 
requirements under the Bureau's rule. Several other commenters argued 
that data collection and reporting obligations would require lenders to 
rebuild their loan application process and incur additional training 
and other costs, would reduce the availability of credit, and would 
give large banks an unfair advantage because such entities will have an 
easier time implementing the requirements of the Bureau's rule for 
online applications.
    Most of these commenters' concerns were directed at small business 
lending data collection and reporting generally, and not specifically 
at the proposed definition of a covered application. However, a few 
commenters urged the Bureau to finalize a more concrete definition of 
covered application due to the concern that a subjective definition 
would be difficult for financial institutions' employees to implement. 
One commenter was also concerned about how its practices would be 
reviewed by the subjective judgment of examiners. Another commenter 
cautioned against reporting of oral applications, noting that it could 
lead to inaccurate data if an answer is misheard or mistyped.
    Some industry commenters, including trade associations for 
community banks, credit unions, and online lenders, requested the 
Bureau define a covered application consistent with existing Regulation 
B's ``completed application'' definition in existing Sec.  1002.2(f), 
which would require reporting only when the lender has received all the 
information that the creditor regularly obtains and considers in 
evaluating applications for the amount and type of credit requested 
(i.e., enough information to make a credit decision). These commenters 
argued that triggering data collection and reporting off an ``oral or 
written request'' would be unrealistic, unworkable, and too open-ended. 
One commenter stated that a mere request is not something a lender can 
act or report on because there is insufficient information at that 
point to make the required reporting. Another commenter said that 
lenders need clear guidance on what events trigger data collection and 
the completed application definition would provide the most uniformity 
across products and financial institutions. Another commenter stated 
that using the completed application definition would avoid collecting 
data on incomplete applications, which often come from ``unengaged'' 
applicants. This commenter also noted that collecting 1071 data could 
lead to applicant confusion as to why personal information is being 
collected, which could lead to more incomplete applications. The 
commenter further argued that completed applications are the most 
essential data to capture in small business lending, that there is no 
indication Congress intended section 1071 to mirror HMDA or existing 
Regulation B, and that discouragement can be investigated using other 
1071 data and existing examination authorities. Similarly, two industry 
commenters opposed requiring reporting on incomplete or withdrawn 
applications, arguing that reporting such transactions would not serve 
the purposes of section 1071, would create additional operational and 
regulatory burden, and that the focus of the Bureau's rule should be on 
declined and originated applications. Another urged the Bureau to avoid 
triggering collection based on when a credit check is pulled, noting 
that financial institutions may often conduct a soft pull credit check 
outside the application process.
    In contrast, some community group commenters argued that the 
proposed definition of covered application would be too narrow, and 
requested that a covered application include all communications where a 
business inquires about credit and seeks a credit decision. In support, 
the commenters pointed to research identifying discrimination in the 
pre-application stage. As noted above, other community group commenters 
supported the Bureau's proposed definition of a covered application, 
stressing the need to capture applications that do not make it to a 
completed application.
    The Bureau received several comments on certain aspects of its 
proposed commentary to Sec.  1002.103(a). A community bank and a 
community group supported proposed comment 103(a)-4, which would have 
provided that if an applicant makes a request for two or more covered 
credit transactions at one time, the financial institution reports each 
request for a covered credit transaction as a separate covered 
application. The bank stated that while the proposed approach would 
result in more work for the financial institution, it would lead to 
more accurate reporting (since each request would generate different 
reported data) and the approach would be similar to how data are 
reported under Regulation C. The community group commenter stated that 
it would be a reasonable approach and would accurately reflect the 
varied credit needs of applicants. A group of community group 
commenters supported the Bureau's proposed approach to require 
reporting of separate applications where an applicant seeks two or more 
products at one time, but requested that where the applicant only seeks 
one product, but is not sure about the type of product, it should only 
be reported as a single covered application. These commenters also 
noted a concern that the language in proposed comment 107(a)(5)-2 
requiring lenders to maintain reasonable procedures designed to collect 
data, including regarding the credit product requested, would require 
the lender to identify each product that would be acceptable to the 
applicant, and if multiple, report them as separate covered 
applications.
    In response to the Bureau's request for comments as to how a 
financial institution should report applications where there is a 
change in whether the request for credit involves a covered credit 
transaction, which was addressed in proposed comment 103(a)-7, the 
Bureau received feedback from trade associations and a business 
advocacy group. These commenters opposed reporting on a transaction in 
which the product ultimately pursued is not a covered credit 
transaction. They argued that financial institutions should not be 
required to report on non-covered credit transactions, collecting 
partial data on a product that is not a covered transaction would 
affect data quality and be of low value, and doing so would not advance 
the purposes of section 1071. Two of the commenters sought 
clarification or a safe harbor providing that if a financial 
institution collects data on an application that the financial 
institution anticipates will be covered by the Bureau's rule 
implementing section 1071 at the time of collection, but ultimately is 
not covered, the initial collection does not violate existing 
Regulation B. Otherwise, the Bureau did not receive any additional 
comments directly discussing proposed comment 103(a)-7 and limited 
reporting of non-covered credit products, despite seeking comment on 
the advantages and disadvantages of requiring full or limited reporting 
where an applicant initially seeks a product that is a covered credit 
transaction, but ultimately is offered and accepts a product that is 
not reportable.
    Although the Bureau did not seek comment on the issue, a couple 
commenters asked how to report on an application made jointly by 
multiple business co-applicants. An agricultural lender requested that, 
if an application is submitted by more than one business, the financial 
institution be permitted to treat all co-applicants as one applicant 
when determining whether a borrower is a ``small business.'' The 
commenter

[[Page 35209]]

also asked the Bureau to clarify how to identify whether the 
application is from a minority-owned or women-owned business where one, 
but not all, co-applicants are minority- and women-owned businesses. 
Another commenter requested that the Bureau clarify that loans jointly 
made to multiple businesses, where one or more of the co-applicants may 
qualify as a small business under the rule, but are not the primary 
business seeking the funding, are not subject to data collection and 
reporting requirements.
    Several commenters asked the Bureau to clarify certain scenarios 
related to a covered application, including clarifying that certain 
scenarios are not covered applications. Several industry commenters 
were concerned that language in the NPRM's preamble--noting that ECOA 
section 704B(b)(1) provides that an ``application'' triggering data 
collection and reporting obligations occurs without regard to whether 
such application is received in person, by mail, by telephone, by 
electronic mail or other form of electronic transmission, or by any 
other means--may be interpreted to require a financial institution to 
accept an application through all of these channels. One commenter 
asked for clarification whether a covered application includes an 
incomplete application where the information provided is insufficient 
to render a credit decision by the lender. A trade association 
representing online lenders asked the Bureau to expressly exclude from 
the definition of a covered application the circumstance where a 
business populates certain information on a web page, but does not 
follow through with submitting the form to the financial institution. 
The commenter argued that it would be very burdensome for the financial 
institution to capture such circumstances as reportable transactions 
and that attempting to do so would result in misleading, erroneous, and 
unhelpful data. A couple commenters requested certain additional 
exclusions from the definition of covered application, including for 
HMDA reporters, co-branded and private label credit cards, and 
purchased loans.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.103(a) as proposed to define a ``covered application'' as an oral 
or written request for a covered credit transaction that is made in 
accordance with procedures used by a financial institution for the type 
of credit requested. As described above, the overwhelming majority of 
commenters, including industry and community group commenters, 
supported this definition. As noted by some commenters, the definition 
will be familiar to creditors, provides flexibility to accommodate 
different application procedures and lending models (including written 
and oral applications), and will capture incomplete and withdrawn 
applications, which are essential data for identifying potential 
barriers to credit, including potential discrimination. Final Sec.  
1002.103(a) will also align with the similar definition of 
``application'' in existing Sec.  1002.2(f), which is reasonable given 
the term ``application'' is otherwise undefined in ECOA and section 
1071. Finally, the Bureau believes this approach strikes an appropriate 
balance by triggering data collection and reporting requirements only 
after there is a request for credit (using procedures defined by the 
financial institution), but still early enough in the process to 
capture most incomplete, withdrawn, and denied applications, which are 
essential data to the purposes of section 1071.
    A number of industry commenters, particularly smaller institutions 
that engage in relationship lending, described the application process 
as informal, high-touch, and involving extensive back-and-forth. The 
Bureau believes the final definition of covered application can work 
well within the heterogeneous and sometimes iterative context of small 
business lending. Indeed, final Sec.  1002.103(a) defines covered 
application in a manner that provides financial institutions 
flexibility to define an application based on its own unique business 
model. Thus, while a financial institution must have some type of 
trigger or tipping point within its process when an applicant has made 
a request for credit in accordance with its procedures, therefore 
triggering a ``covered application,'' financial institutions have 
leeway on how precisely to define that tipping point, provided it 
occurs in the early stages of the process before a financial 
institution has begun meaningfully evaluating or underwriting the 
request.\338\ Moreover, as noted above, creditors complying with 
existing Regulation B should be familiar with this definition, and have 
already incorporated it in some manner into their processes.\339\ In 
response to industry commenters' concern that data collection and 
reporting under this final rule will standardize and formalize small 
business lending, the Bureau notes that most of this feedback was not 
directed at the proposed definition of a ``covered application,'' but 
rather at the overall data collection and reporting regime. Indeed, 
some of the commenters raising these concerns also expressly supported 
the proposed definition of a covered application. Moreover, in response 
to commenters' general concerns that data collection and reporting 
under this rule will standardize and formalize small business lending, 
the Bureau does not believe that collection of certain data points will 
necessitate that lenders to fundamentally alter how they conduct 
business. Moreover, section 1071 is a congressional mandate; the Bureau 
has sought to implement it in a manner that furthers the purposes of 
the statute while reducing unnecessary burden.
---------------------------------------------------------------------------

    \338\ The Bureau recognizes that the flexibility provided in 
final Sec.  1002.103(a), which defines a covered application, may 
result in data collection and reporting obligations being triggered 
at different times for different financial institutions and 
different types of covered credit transactions. For example, for a 
financial institution that defines an application under its 
procedures as the submission of a standard form either online or in-
person, a ``covered application'' will be triggered when an 
applicant submits the form. In contrast, another financial 
institution may not use a standard form and instead define an 
application as a request for credit only when the applicant 
authorizes the creditor to pull a credit check on the business and 
principal owners to allow the creditor to determine whether the 
business, in particular, qualifies for a particular product. In that 
circumstance, a ``covered application'' will not be triggered until 
that process was satisfied. Using the same example, if the financial 
institution orally collects certain information from a prospective 
applicant (such as gross annual revenue and business location) and 
discusses with the prospective applicant potential credit product 
options offered by the financial institution, no ``covered 
application'' will be triggered until the prospective applicant 
indicates that it wants to proceed to apply for credit and 
authorizes the financial institution to pull a credit check. 
Similarly, if a prospective applicant merely expresses interest in 
knowing the types of products that the creditor offers--not yet 
focusing on any particular type of covered credit transaction and 
not yet interested in submitting a ``covered application''--the 
interaction also will not be reportable under this example.
    \339\ The Bureau believes that business creditors should be 
familiar with operationalizing this definition based on their 
experience providing adverse action notices under existing 
Regulation B, which can be triggered in relation to an incomplete 
application. See Sec.  1002.9(a)(1) and (c) (requiring notice within 
30 days after taking adverse action on an incomplete application or 
30 days after receiving an incomplete application). The Bureau 
believes that financial institutions may also be familiar with 
Regulation C's definition of ``application,'' which generally aligns 
with existing Sec.  1002.2(f)'s definition of the term. See Sec.  
1003.2(b) (generally defining an ``application'' as ``an oral or 
written request for a covered loan that is made in accordance with 
procedures used by a financial institution for the type of credit 
requested''); see also Regulation C comment 2(b)-1 (noting that 
Bureau interpretations that appear in the official commentary to 
Regulation B are generally applicable to the definition of 
application under Regulation C).

---------------------------------------------------------------------------

[[Page 35210]]

    Several commenters had specific suggestions or concerns regarding 
the definition of a covered application. Regarding several commenters' 
concern that the definition is too subjective, the Bureau notes that a 
bright-line definition would likely impose a more rigid process on 
financial institutions that would be difficult to implement given the 
heterogenous nature of small business lending. Moreover, as noted 
above, the definition used in final Sec.  1002.103(a) should be 
familiar to financial institutions and will provide consistency with 
existing Regulation B and Regulation C. The Bureau is also not adopting 
existing Regulation B's definition of a ``completed application,'' as 
urged by some commenters. Although the Bureau agrees that a ``completed 
application'' definition would provide greater uniformity, the 
definition would exclude incomplete applications and most withdrawn 
applications. The Bureau believes including such applications is 
essential to the purposes of section 1071, as it may reflect demand for 
credit and potential discrimination early in the application process. 
As to the commenters who took issue with the proposed covered 
application definition precisely because it includes incomplete and 
withdrawn applications, the Bureau believes collecting data on such 
applications is likewise essential for the purposes of section 1071 and 
may reveal important trends or information on why small businesses 
initially seek credit, but ultimately do not complete the application 
process.
    On the other hand, the Bureau does not believe it would be 
appropriate to expand the definition of ``covered application'' to 
include all communications where a business inquires about credit and 
seeks a decision. Although discrimination may occur in the pre-
application phase, the Bureau believes that it could be very difficult 
as an operational matter for financial institutions to collect 1071 
data whenever a business expresses any interest in credit, no matter 
how preliminary or informal the request, and that could require 
reporting of transactions with missing, unavailable, or erroneous data. 
As discussed below in the section-by-section analysis of Sec.  
1002.103(b), the Bureau is excluding inquiries and prequalification 
requests from the definition of a covered application; many of the 
reasons for those exclusions are relevant here as well and thus the 
Bureau is not broadening the general definition of a covered 
application. In response to a commenter's concern about reporting of 
oral applications, the Bureau notes that it is the responsibility of 
the financial institution to ensure that it accurately collects and 
reports required data pursuant to final Sec.  1002.107, no matter the 
method of application. Commenter requests for certain additional 
exclusions from the definition of covered application, including for 
HMDA reporters, co-branded and private label credit cards, and 
purchased loans, are addressed in more detail in the section-by-section 
analysis of Sec.  1002.104 below.
    Several commenters asked the Bureau to clarify certain scenarios 
related to a covered application. First, in response to several 
industry commenters' concerns that the language in the NPRM's preamble 
discussing ECOA section 704B(b)(1) could be interpreted to require a 
financial institution to accept an application through all of these 
channels, the Bureau notes that this was not the intent and that it 
does not interpret ECOA section 704B(b)(1) in that manner. Rather, the 
Bureau interprets the statutory language to mean that data collection 
and reporting requirements apply regardless of a financial 
institution's method of accepting applications. Thus, whatever the 
means used by a financial institution to accept applications (e.g., in 
person, by telephone, by electronic transmission, etc.), once a covered 
application is triggered, the financial institution has a duty to 
collect and report on the application.
    Next, a commenter asked whether a covered application includes an 
incomplete application where the information provided is insufficient 
to render a credit decision by the lender. Assuming the business has 
requested a covered credit transaction in accordance with procedures 
used by a financial institution for the type of credit requested, the 
financial institution would be required to collect and report data, 
even if there is insufficient information to render a credit 
decision.\340\ Indeed, as noted above, the Bureau believes capturing 
incomplete or withdrawn applications is essential to the purposes of 
section 1071.
---------------------------------------------------------------------------

    \340\ Generally, a ``covered application'' may align with the 
information necessary to make a credit decision or it may be 
possible to have a ``covered application'' before having information 
necessary to make a credit decision--it depends on each financial 
institution's own procedures. For example, suppose a financial 
institution defines an application under its procedures as the point 
when an applicant, or someone on the applicant's behalf, requests 
credit by filling out certain key pieces of information on an 
application form. If nothing else is required to qualify for credit 
and the financial institution's process is to immediately transmit 
the application to underwriting for a decision once the form is 
submitted, under the proposed definition of ``covered application,'' 
data collection and reporting obligations would likely be triggered 
at the same time there is sufficient information to make a credit 
decision. On the other hand, if the financial institution requires 
additional verification of information and the institution commonly 
makes follow-up requests after the applicant has requested credit 
and before submitting the loan file to underwriting, the financial 
institution would likely have a ``covered application'' before it 
has sufficient information to make a credit decision.
---------------------------------------------------------------------------

    In response to a trade association's request to expressly exclude 
from the definition of a covered application the circumstance where a 
business populates certain information on a web page, but does not 
follow through with submitting the form to the financial institution, 
the Bureau notes that reporting of such circumstances depends on the 
procedures used by a financial institution for the type of credit 
requested. For example, if a financial institution's procedures require 
an applicant to submit a paper or digital form to the financial 
institution in order to be considered for the credit product requested, 
then there is no covered application that is reportable until the 
business submits the form to the financial institution. If, on the 
other hand, the financial institution regularly begins evaluating 
information about the applicant even if the form is not ``officially'' 
submitted to the financial institution, then there is likely a 
reportable covered application, even if the applicant has not 
``submitted'' the form. In other words, if a financial institution 
offering online applications does not track or begin to evaluate 
applications until the business presses a ``submit'' button, the 
financial institution would not be required to begin tracking partial 
information inputted online for purposes of this final rule.
    One commenter was concerned that the proposed definition lacked 
standardization, and emphasized the need for monitoring to ensure that 
financial institutions define an application under their own procedures 
in a manner that generates consistent data and is early enough in the 
process to capture incomplete and withdrawn applications. The Bureau 
agrees that review of data, including peer analysis, is important and 
may indicate whether a financial institution collects data in a manner 
that appropriately captures incomplete and withdrawn applications. For 
example, instances of unusually high approval rates or unusually low 
rates of incomplete and withdrawn applications can preliminarily 
indicate financial institutions that may be seeking to define an 
``application'' in its written

[[Page 35211]]

policies as occurring later in the process than actually occurs in 
practice; if a financial institution has a very high approval rate 
because all ``applications'' have been vetted earlier in the process, 
the financial institution's stated definition of an application likely 
does not reflect its actual practices. Similarly, where a financial 
institution has very few incomplete or withdrawn applications this 
may--depending on the financial institution's product offering and 
business model--be a sign that the financial institution is collecting 
data or defining an application as occurring after an applicant has 
requested credit. While a financial institution has flexibility to 
identify its own procedures for what constitutes a request for credit, 
thereby triggering data collection and reporting obligations under this 
final rule, the Bureau anticipates that in most cases a covered 
application will typically occur before the financial institution 
underwrites or evaluates the request for credit.
    The Bureau is finalizing comment 103(a)-1 with minor revisions for 
clarity. Final comment 103(a)-1 underscores that a financial 
institution has latitude to establish its own application procedure and 
to decide the type and amount of information it will require from 
applicants. The Bureau removed the word ``process'' (from the phrase 
``process and procedures'') in proposed comment 103(a)-1 to align with 
the term ``procedures'' in final Sec.  1002.103(a) and in final comment 
103(a)-2; the rewording is not intended to indicate a substantive 
change. The Bureau is also finalizing as proposed comments 103(a)-2 and 
-3. Final comment 103(a)-2 explains that the term ``procedures'' refers 
to the actual practices followed by a financial institution as well as 
its stated application procedures, and provides an example. Final 
comment 103(a)-3 provides that the commentary accompanying existing 
Sec. Sec.  1002.2(f) and 1002.9 is generally applicable to the 
definition of ``covered application,'' except as provided otherwise in 
final Sec.  1002.103(b).
    In response to certain commenter questions about the scope of a 
covered application, the Bureau is adding new comment 103(a)-4 to 
clarify that the term covered application does not include 
solicitations, firm offers of credit, and other evaluations or offers 
initiated by the financial institution because in these situations, the 
business has not made a request for credit, and provides illustrative 
examples. New comment 103(a)-4, including a summary of comments 
received relating to the change, is discussed in the section-by-section 
analysis of Sec.  1002.103(b).
    The Bureau is finalizing comment 103(a)-5 (proposed as comment 
103(a)-4) to provide that if an applicant makes a request for two or 
more covered credit transactions at one time, the financial institution 
reports each request as a separate covered application. The Bureau 
believes this approach furthers the purposes of section 1071 by better 
capturing demand for credit, including demand for different covered 
credit transactions at the same time. The Bureau also believes this 
method of reporting will lead to higher data accuracy, as argued by one 
commenter, due to the simplicity of the approach. Finally, the Bureau 
believes that concerns about duplicative information requests will be 
mitigated by permitting financial institutions to reuse certain 
previously collected data, as set forth in final Sec.  1002.107(d). In 
response to a commenter request, the Bureau is revising final comment 
103(a)-5 to clarify that if an applicant is only requesting a single 
covered credit transaction, but has not decided on which particular 
product, the financial institution reports the request as a single 
covered application. This clarification resolves a commenter's concern 
that a financial institution will need to report multiple covered 
applications if more than one credit product is acceptable to the 
applicant. Final comment 103(a)-5 also provides illustrative examples.
    The Bureau is finalizing comments 103(a)-6 and -7 (proposed as 
comments 103(a)-5 and -6) with minor adjustments for clarity and 
consistency. Final comment 103(a)-6 addresses the circumstance where an 
initial request for a single covered credit transaction would result in 
the origination of multiple covered credit transactions. Similarly, 
final comment 103(a)-7 addresses requests for multiple lines of credit 
at one time, providing that such requests are reported based on the 
procedures used by the financial institution for the type of credit 
account.
    The Bureau is adopting new comment 103(a)-8 to address reporting of 
duplicate covered applications. Under new comment 103(a)-8, a financial 
institution may treat two or more duplicate covered applications as a 
single covered application for purposes of subpart B, so long as for 
purposes of determining whether to extend credit, the financial 
institution would also treat one or more of the applications as a 
duplicate under its procedures. The Bureau is adding this comment to 
respond to commenters' general concerns about duplicative reporting and 
because the Bureau does not believe reporting of true duplicates would 
further the purposes of section 1071. As set forth in new comment 
103(a)-8, however, the provision only applies if the applications are 
duplicates that a financial institution would otherwise treat as such 
under its own procedures.
    The Bureau is finalizing comment 103(a)-9 (proposed as comment 
103(a)-7) with revisions for clarity. Final comment 103(a)-9 addresses 
how a financial institution reports applications where there is a 
change in whether the applicant is requesting a covered credit 
transaction. Final comment 103(a)-9 provides that if an applicant 
initially requests a product that is not a covered credit transaction, 
but prior to final action taken decides to seek instead a product that 
is a covered credit transaction, the application is a covered 
application and must be reported pursuant to final Sec.  1002.109. 
However, if an applicant initially requests a product that is a covered 
credit transaction, but prior to final action taken decides instead to 
seek a product that is not a covered credit transaction, the 
application is not a covered application and thus is not reported. The 
Bureau agrees with commenters' concerns that requiring reporting on 
applications where the applicant ultimately does not seek a covered 
credit transaction could lead to data quality issues, for example, if 
only partial data are captured. Although the Bureau sought comment on 
whether to require full or limited reporting in order to address 
concerns about potential steering in these cases, the Bureau did not 
receive any specific comments advocating for either full or limited 
reporting. In response to commenter requests for clarification that a 
financial institution does not violate existing Regulation B if it 
collects otherwise prohibited information on a transaction that 
ultimately is not a covered application, the Bureau has revised final 
Sec.  1002.112(c)(4) to provide a safe harbor for incorrect 
determination of a covered credit transaction if, at the time of 
collection, the financial institution had a reasonable basis for 
believing that the application was a covered application. The Bureau 
has also revised final comment 103(a)-9 to clarify that once a 
financial institution determines there is a covered application, it 
shall endeavor to compile, maintain, and report the data required under 
Sec.  1002.107(a) in a manner that is reasonable under the 
circumstances. Final comment 103(a)-9 also discusses reporting if a 
financial institution makes a counteroffer for a product that is not a 
covered credit

[[Page 35212]]

transaction. Finally, the Bureau revised the language ``during the 
application process'' to ``prior to final action taken'' in final 
comment 103(a)-9 to provide greater clarity on the applicable 
timeframe.
    The Bureau is adding new comment 103(a)-10 to address reporting in 
situations where a covered financial institution receives a covered 
application from multiple businesses that are not affiliates, as 
defined in final Sec.  1002.102(a). The Bureau is adding this 
commentary in response to commenters' questions about how to report 
certain data if there is more than one co-applicant. Final comment 
103(a)-10 provides that if a covered financial institution receives a 
covered application from multiple businesses who are not affiliates, as 
defined by final Sec.  1002.102(a), it shall compile, maintain, and 
report data pursuant to final Sec. Sec.  1002.107 through 1002.109 for 
only a single applicant that is a small business, as defined in final 
Sec.  1002.106(b). A covered financial institution shall establish 
consistent procedures for designating a single small business for 
purposes of collecting and reporting data under subpart B in situations 
where there is more than one small business co-applicant, such as 
reporting on the first small business listed on an application form.
    The Bureau considered requiring reporting data of all co-applicant 
small businesses, but doing so could potentially add significant 
complexity and may result in data quality issues. For example, 
reporting co-applicants as separate applications would likely result in 
duplicative reporting or special rules to address how to modify the 
reported data to avoid duplication. Similarly, requiring additional 
fields to accommodate reporting of all co-applicants' information would 
result in a significant expansion of the total data fields reported, 
adding considerable complexity and potentially leading to data quality 
issues. Given that only two commenters raised the issue of co-
applicants, the Bureau believes that financial institutions likely do 
not frequently encounter applications involving more than one small 
business applicant.
    On the other hand, the Bureau is not requiring reporting of a small 
business co-applicant only if it is the primary business seeking 
funding, as suggested by one commenter. The Bureau believes it may not 
always be clear who is the ``primary'' applicant if there are multiple 
co-applicants; such a rule could be used to evade reporting altogether 
in these situations. The Bureau therefore believes that it is 
reasonable to require data collection and reporting for a single small 
business if there are multiple co-applicants. Final comment 103(a)-10 
provides several illustrative examples. In addition, new Sec.  
1002.5(a)(4)(x) permits a creditor to collect certain demographic 
information concerning a co-applicant without violating existing 
Regulation B. See also the section-by-section analysis of Sec.  
1002.106(b) for a discussion of calculating gross annual revenue for 
purposes of determining small business status under final Sec.  
1002.106(b) if there are multiple co-applicants.
    Lastly, the Bureau is adding new comment 103(a)-11 to clarify that 
refinances and requests for additional credit amounts on an existing 
account are covered applications, as further discussed in the section-
by-section analysis of Sec.  1002.103(b).
103(b) Circumstances That Are Not Covered Applications
Proposed Rule
    Proposed Sec.  1002.103(b) would have identified certain 
circumstances that are not covered applications--even if they may 
otherwise be considered an application under existing Sec.  1002.2(f). 
Specifically, the Bureau proposed that a covered application would not 
include (1) reevaluation, extension, or renewal requests on an existing 
business credit account, unless the request seeks additional credit 
amounts; and (2) inquiries and prequalification requests. Solicitations 
and firm offers of credit would also not have been ``covered 
applications'' under the proposed definition. Proposed comments 103(b)-
1 through -5 would have provided additional guidance and examples of 
circumstances that do and do not trigger data collection and reporting 
for covered applications.
    The Bureau sought comment on proposed Sec.  1002.103(b) and 
associated commentary concerning circumstances that would not be a 
covered application. Solicitations for comment on specific issues are 
noted throughout the discussion below.
    Reevaluation, extension, or renewal requests on an existing 
business credit account, unless the request seeks additional credit 
amounts. The Bureau proposed to exclude from the definition of a 
``covered application'' requests by borrowers to modify the terms or 
duration of an existing extension of credit, other than requests for 
additional credit amounts. The Bureau believed that requests to modify 
the terms or duration of an existing extension of credit, which occur 
with high frequency in the small business lending space, would have 
added complexity and burden for financial institutions, while 
potentially providing limited additional information relevant to the 
purposes of section 1071.
    However, the Bureau proposed that reporting would have been 
required for requests for additional credit amounts (such as line 
increases or new money on existing facilities). The Bureau believed 
that capturing requests for additional credit amounts would further the 
purposes of section 1071, particularly the community development 
purpose, as it would have more accurately captured demand for credit.
    Inquiries and prequalification requests. The Bureau proposed to 
exclude inquiries and prequalification requests from what constitutes a 
``covered application.'' The Bureau believed that requiring data 
collection for all inquiries and prequalification requests could create 
operational challenges and pose data accuracy issues, including raising 
the risk of missing, unavailable, erroneous, or duplicative data.
    The Bureau also considered whether to only require reporting of 
inquiries and prequalification requests in situations that would 
otherwise be treated as an ``application'' under existing Regulation 
B--i.e., when the financial institution evaluates information about the 
business, decides to decline the request, and communicates this to the 
business. Ultimately, the logistics of reporting an inquiry or 
prequalification request only in these circumstances (where an inquiry 
or prequalification request becomes an ``application'' under existing 
Sec.  1002.2(f)) could be operationally challenging for financial 
institutions, could lead to data distortion as only denials would be 
captured, and could cause unintended market effects.
    On the other hand, potential discrimination may occur in these 
early interactions with a financial institution. In particular, the 
Bureau was concerned about excluding data on inquiries and 
prequalification requests when the financial institution evaluates 
information about a business and declines the request, as such data may 
be useful for identifying potential discouragement of or discrimination 
against applicants or prospective applicants.
    Ultimately, however, the Bureau believed it was appropriate to 
interpret ``application'' as used in section 1071 to exclude inquiries 
and prequalification requests given the considerations identified 
above, including the timing and often informal nature of such

[[Page 35213]]

interactions, the operational challenges of implementing such a 
definition, and related concerns about the reliability of the data.
    The Bureau sought comment on a number of issues in connection with 
the reporting of inquiries and prequalification requests. For example, 
the Bureau sought comment on whether instead to define a ``covered 
application,'' consistent with existing Regulation B, to include 
inquiries or prequalification requests where the financial institution 
evaluates information about the business, decides to decline the 
request, and communicates this to the business. Related to this 
alternative approach, the Bureau further sought comment on whether 
additional data fields would be necessary in order to distinguish 
prequalification requests and inquiries from other reported 
applications. In addition, if the Bureau were to require reporting of 
declined inquiries or prequalification requests, the Bureau sought 
comment on whether financial institutions would want the option to 
report all prequalification requests and inquiries, to allow for a 
comparison with denials.
    Solicitations, firm offers of credit, and other evaluations or 
offers initiated by the financial institution. Proposed comment 103(b)-
4 would have clarified that the term covered application does not 
include solicitations and firm offers of credit. The Bureau explained 
that like other reviews or evaluations initiated by the financial 
institution, these communications do not involve an applicant 
requesting credit, and so would not be ``covered applications.'' 
Excluding solicitations and firm offers of credit would also be 
consistent with the language of ECOA section 704B(b)(1), which 
expressly contemplates that an application could arise in response to a 
solicitation by a financial institution, though the text is silent on 
solicitations without any applicant response. Thus, consistent with the 
statutory language, the Bureau proposed that a solicitation or firm 
offer of credit could become a ``covered application'' under the 
proposed definition if an applicant responds to the solicitation or 
offer by requesting a covered credit transaction.
Comments Received
    The Bureau received comments on its proposal to identify certain 
circumstances that are not covered applications, even if they otherwise 
would have been considered an application under existing Sec.  
1002.2(f), from a wide range of lenders, trade associations, community 
groups, and a business advocacy group.
    Some commenters, including several lenders and trade associations, 
expressly supported all the clarifications of circumstances that are 
not reportable in proposed Sec.  1002.103(b). One noted that the 
proposed exclusions would avoid duplicative steps and keep the data 
collection focused on its core purposes. Other commenters stated that 
the proposed exclusions were appropriate because they would not provide 
useful data and that the proposal would help ease financial 
institutions' transition to data collection. Comments on particular 
aspects of proposed Sec.  1002.103(b) are discussed below.
    Reevaluation, extension, or renewal requests on an existing 
business credit account, unless the request seeks additional credit 
amounts. Many industry commenters supported the Bureau's proposed 
exclusion of reevaluations, extensions, or renewal requests on an 
existing business credit account. However, industry commenters largely 
urged the Bureau to exclude requests for additional credit amounts on 
existing accounts. These commenters argued that reporting line 
increases would add unnecessary complexity and time to an otherwise 
streamlined process that occurs with high frequency, in response to 
rapid changes to business conditions, and is typically automated, which 
they said further lowers any risk of discrimination. These commenters 
argued that data collection for line increases would hurt small 
businesses by introducing hurdles in transactions where time is of the 
essence, and might discourage businesses from seeking line increases or 
creditors from offering them. Commenters also noted differences in how 
credit line increases are underwritten compared to other business 
credit: the process typically does not involve an application or other 
documentation, may involve limited underwriting, and any analysis 
performed is usually focused on the business's past performance and 
relationship with the financial institution. In addition, commenters 
expressed concern that including line increases would distort the data 
(for example, by ``double reporting'' accounts or because of the unique 
nature of credit line increases) or would provide data of limited 
value. A couple commenters emphasized the potential compliance 
difficulties for financial institutions, noting that excluding line 
increases would be simpler and avoid the need for financial 
institutions to determine who initiated a line increase. A trade 
association raised the additional concern that reporting of credit line 
increases and other requests for additional credit amounts will inflate 
the number of originations counted for purposes of determining whether 
an institution is a covered financial institution. In support of 
excluding modifications more generally, one commenter stated that 
modifications are not explicitly covered by other consumer financial 
laws and regulations, such as HMDA, the Real Estate Settlement 
Procedures Act of 1974 (RESPA), and Regulation Z.
    Although opposed to the reporting of line increases, several 
commenters urged that, to the extent such transactions are reportable, 
the Bureau should mitigate the burden on financial institutions by (1) 
exempting any existing account from data collection under the Bureau's 
rule; and (2) permitting lenders to rely on prior responses regardless 
of when provided, unless there is a reason to believe the data are 
inaccurate. In support of the first proposal, these commenters argued 
that existing accounts may need challenging technology build-outs to 
integrate the rule's data collection requirements and existing clients 
may not be used to the collection process.
    Most community groups to comment on this issue generally requested 
that all such circumstances (reevaluations, extensions, renewals), as 
well as refinances, be treated as reportable applications. These 
commenters argued that there should be a reportable application 
whenever a business communicates an interest in obtaining credit and 
has requested lender action, or if the lender takes action on the 
request, such as pulling a credit report, the business's tax 
information, or obtaining other data that can be used for 
underwriting--particularly if the financial institution's actions might 
negatively affect the business (for example, by lowering their credit 
score). A few commenters specifically focused on renewals and 
extensions, urging the Bureau to require reporting of these 
transactions, and to separate such transactions in the data from new 
originations. These commenters argued that renewals and extensions are 
an important source of credit for businesses and not reporting such 
circumstances would create a disconnect with Community Reinvestment Act 
(CRA) reporting. One commenter urged the Bureau to collect verbal and 
written agricultural loan modification or restructuring requests made 
to the Farm Service Agency, arguing that such requests constitute 
applications under existing Regulation B, highlighting concerns about 
discrimination in loan

[[Page 35214]]

servicing and the detrimental effects on businesses when servicing 
applications are not granted, including default, acceleration, and 
foreclosures. Some commenters further argued that lender-initiated 
renewals should also be captured, given the detrimental effect they may 
have on a business that is ``denied'' credit or experiences a reduction 
in access to credit.
    Several commenters requested clarification on aspects of the 
Bureau's proposed approach to reevaluation, extension, or renewal 
requests. A community bank was uncertain what dates to report under 
Sec.  1002.107(a)(2) and (9) (application date and action taken date) 
for requests for additional credit on existing accounts, and was 
concerned that if the dates changed from the initial origination, it 
could be construed as a data misrepresentation. Several other 
commenters inquired whether a transaction is a reportable covered 
application if a new note is executed as part of a request to 
consolidate existing credit amounts under the same terms or as part of 
a periodic review extending the credit under the same terms. A sales-
based financing company explained that its customers often request 
funding over time, and asserted that each new request for credit should 
be reportable.
    Inquiries and prequalification requests. The industry commenters to 
weigh in on inquiries and prequalification requests, including several 
banks, a CDFI lender, trade associations, and a business advocacy 
group, overwhelmingly supported the Bureau's proposal to exclude 
inquiries and prequalification requests. Commenters argued that 
including inquiries and prequalification requests would be 
operationally difficult given the high volume of such requests and 
because the interactions typically occur before the financial 
institution has the infrastructure in place to track requests for 
credit. They also argued that including such interactions could be 
misleading and lead to data accuracy issues, given the informal nature 
of such requests and because many such inquiries are subsequently 
abandoned or otherwise left incomplete. A business advocacy group also 
noted concerns about duplicative reporting of inquiries and 
prequalification requests if the business ultimately submits a credit 
application. A group of trade associations for insurance premium 
finance lenders argued that including inquiries and prequalification 
requests would be unworkable for their lenders, who are often not aware 
of a prospective applicant's interest in credit until they receive an 
agreement from the applicable insurance agent or broker; as a result, 
such financial institutions would be unaware of any inquiries or 
prequalification requests. Another commenter argued that reporting such 
transactions would effectively punish borrowers for inquiring about 
qualification requirements, products, and rates. Finally, one commenter 
stated that each financial institution should be permitted to define 
what constitutes an application, including any exclusions. Although 
industry commenters were generally in favor of the exclusion, a number 
of industry commenters stated that the line between inquiries or 
prequalification requests and covered applications should be 
sufficiently clear to avoid uncertainty during implementation, and 
asked the Bureau provide examples, in commentary to the rule, to 
differentiate these scenarios.
    Conversely, a number of commenters, including a lender and 
community groups, urged the Bureau to require reporting on all or some 
inquiries and prequalification requests. Citing a study identifying the 
prevalence of discrimination in the pre-application phase,\341\ 
commenters argued that the definition of covered application must be 
broad enough to capture pre-application phase discrimination. Several 
commenters requested that all communications where a business inquires 
about credit and seeks a credit decision should be reportable; another 
commenter urged reporting whenever the financial institution pulls a 
credit report or takes other action to begin underwriting. Several 
other commenters suggested that the Bureau align with existing 
Regulation B's treatment of prequalifications by treating denied 
inquiries and prequalifications as reportable applications.\342\ One 
community group emphasized the importance of having online applications 
reported, including online prequalification requests in particular. The 
commenter argued that the absence of such data has been detrimental in 
the HMDA context, it creates an imbalance between online and 
traditional lenders, and the burden of reporting would be low as 
lenders are already required to capture such transactions for purposes 
of providing adverse action notices.
---------------------------------------------------------------------------

    \341\ Nat'l Cmty. Reinvestment Coal., Disinvestment, 
Discouragement and Inequity in Small Business Lending (Sept. 2019), 
https://ncrc.org/wp-content/uploads/2019/09/NCRC-Small-Business-Research-FINAL.pdf.
    \342\ Existing comment 2(f)-3 provides that a creditor treats an 
inquiry or a prequalification request as an application if it 
evaluates information about the consumer, decides to decline the 
request, and communicates this to the consumer.
---------------------------------------------------------------------------

    Although the Bureau sought comment on whether, alternatively, to 
define a ``covered application'' consistent with Regulation C--which 
does not require a financial institution to report prequalification 
requests and does not address reporting of inquiries more generally--
the Bureau did not receive any comments directly on this point. 
Similarly, the Bureau did not receive any comments directly responding 
to its request for comment on the frequency with which financial 
institutions accept prequalification requests and what data are 
collected in connection with such prequalification requests, as well as 
potential effects on the market if some or all prequalification 
requests were reportable under section 1071. In addition, the Bureau 
did not receive any comments in response to its request for feedback on 
whether assumptions \343\ are used in the small business lending 
context and whether reporting of assumptions for small business lending 
would further the purposes of section 1071.
---------------------------------------------------------------------------

    \343\ Regulation C requires the reporting of assumptions for 
HMDA. See Regulation C comment 2(j)-5 (discussing when assumptions 
should be reported as home purchase loans).
---------------------------------------------------------------------------

    Solicitations, firm offers of credit, and other evaluations or 
offers initiated by the financial institution. A number of industry 
commenters urged the Bureau to exclude ``preapprovals,'' which the 
commenters described as credit offered or originated by the financial 
institution without an initiating application from the business 
(including offers for a different product or offers to extend 
additional credit amounts). One of the commenters was particularly 
concerned about lender-initiated offers based on data collected or 
acquired by the financial institution about the small business; for 
example, a financial institution that uses deposit account data to 
evaluate a business for credit card offers. The commenter argued that 
in these circumstances, the business has not been ``denied'' credit 
because it never applied for credit; similarly, the commenter argued, 
accepted offers also should not be reported because there is no 
initiating application from the business. The commenter further argued 
that reporting of originated offers initiated by the financial 
institution would skew the data, as it would only reflect approvals. 
Reporting of ``denied'' offers, argued the commenter, would be 
infeasible, create confusion for the customer, and likely lead lenders 
to discontinue extending such offers altogether. Several other industry 
commenters similarly urged the Bureau to exclude ``preapprovals,'' 
though they

[[Page 35215]]

did not explain what precisely they meant by the term. One commenter 
argued that while preapprovals are clearly articulated in Regulation C, 
``preapprovals'' do not exist in the small business lending space.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.103(b) as proposed to identify certain circumstances that are not 
covered applications, even if they otherwise would have been considered 
an application under existing Sec.  1002.2(f). Specifically, final 
Sec.  1002.103(b) provides that a covered application does not include 
(1) reevaluation, extension, or renewal requests on an existing 
business credit account, unless the request seeks additional credit 
amounts; and (2) inquiries and prequalification requests. The Bureau is 
finalizing comments 103(b)-1 through -4 with minor revisions for 
clarity and consistency, to provide additional guidance and examples of 
circumstances that do and do not trigger data collection and reporting 
under the definition of a covered application. The Bureau is finalizing 
comment 103(b)-5, which discusses inquiries and prequalification 
requests, to provide additional discussion and examples distinguishing 
a covered application from an inquiry or prequalification request. As 
discussed in the section-by-section analysis of Sec.  1002.103(a) 
above, the Bureau is also adding new comment 103(a)-4 to clarify that 
solicitations, firm offers of credit, or other evaluations initiated by 
the financial institution are not a covered application; however, if 
the business seeks to obtain the credit offered, the business's request 
constitutes a covered application.
    Reevaluation, extension, or renewal requests on an existing 
business credit account, unless the request seeks additional credit 
amounts. Pursuant to final Sec.  1002.103(b)(1), the Bureau is 
excluding reevaluation, extension, or renewal requests on an existing 
business credit account, unless the request seeks additional credit 
amounts, from the definition of a covered application. The Bureau 
believes that requests to modify the terms or duration of an existing 
extension of credit--such as extensions on the duration of a credit 
line or changes to a guarantor requirement--occur with high frequency 
in the small business lending space. If the Bureau were to require 
reporting of such circumstances, the Bureau believes it would add 
complexity for reporting financial institutions while, as some 
commenters have noted, potentially providing limited additional 
information relevant to the purposes of section 1071. Moreover, the 
Bureau believes that broadly including requests to modify the terms or 
duration of existing extensions of credit might affect data quality 
absent additional flags to distinguish the transactions from new 
originations, as well as to identify the particular nature of the 
changes. The Bureau further notes that Regulation C takes a similar 
approach by excluding reporting of loan modifications.\344\
---------------------------------------------------------------------------

    \344\ See Regulation C comment 2(d)-2. Although CRA regulations 
currently require the reporting of renewals, the recent proposed 
revisions to the CRA rule would instead use 1071 data once available 
to satisfy small business loan and small farm loan data collection 
and reporting requirements. 87 FR 33884, 33997-98 (June 3, 2022).
---------------------------------------------------------------------------

    Although some commenters argued that such transactions should be 
reported because they would provide a better understanding on the 
availability of credit, the Bureau believes such benefits would be 
modest, particularly absent additional data concerning how the modified 
credit request differs from the original request, which would require 
the collection of a number of additional data points. Similarly, 
although one commenter urged the Bureau to collect verbal and written 
agricultural loan modification or restructuring requests made to the 
Farm Service Agency, as discussed directly above, the Bureau believes 
expanding data collection and reporting requirements to all 
modification requests (except requests for additional credit amounts) 
would add significant complexity for lenders, could be duplicative, and 
may provide limited benefits without knowing the precise terms changed 
in the modification request. Nor does the Bureau believe that the 
definition of covered application should be expanded to encompass any 
expression of interest from a business to obtain credit or action by 
the financial institution towards underwriting; as noted above in the 
section-by-section analysis of Sec.  1002.103(a) above, triggering data 
collection and reporting obligations too early could add significant 
complexity and affect data quality.
    The Bureau believes that requiring reporting of requests for 
additional credit amounts (such as line increases or new money on 
existing facilities) is appropriate. Capturing requests for additional 
credit amounts directly furthers the purposes of section 1071, 
particularly the business and community development purpose, as it will 
more accurately capture demand for credit. Although industry commenters 
opposed reporting on new credit amounts due to what they described as 
the streamlined, fast-paced nature of such reviews, the Bureau believes 
those factors do not outweigh the benefits of having these data 
collected and reported. Moreover, the Bureau does not believe that 
collecting data on such transactions will be so time consuming or 
difficult that it will dissuade small businesses from seeking the 
additional credit they need, particularly in light of final Sec.  
1002.107(d), which permits financial institutions to reuse applicant-
provided data in certain circumstances. Collecting data on requests for 
additional credit amounts will assist in fair lending testing and 
provide additional insight into small business credit trends and 
availability, furthering the purposes of section 1071, even if--as some 
commenters suggested--line increases are often underwritten differently 
than new requests for credit.
    Regarding commenters' concerns about duplicative reporting, the 
Bureau notes that pursuant to final Sec.  1002.107(a)(7) and (8), the 
financial institution only reports the additional credit amount sought 
(and approved or originated, as applicable)--not the entire credit 
amount extended--therefore avoiding duplicative reporting. Moreover, 
the fact that a request is for a line increase will be reflected in the 
reporting of credit purpose pursuant to final Sec.  1002.107(a)(6). 
Thus, unlike renewals or modifications more generally, which may occur 
for a variety of reasons, requests for additional credit amounts and 
the amounts requested will be clearly identifiable in the data. The 
Bureau also believes that commenters' concerns about the time and 
difficulty associated with collecting data are further mitigated by 
final Sec.  1002.107(d), which permits a financial institution to reuse 
certain data points under certain circumstances. In response to a 
commenter's concern that reporting of credit line increases and other 
requests for additional credit amounts will inflate the number of 
originations counted for purposes of determining whether an institution 
is a covered financial institution, the Bureau notes that new comment 
105(b)-4 clarifies that requests of additional credit amounts on an 
existing account are not counted as originations for the purpose of 
determining whether a financial institution is a covered financial 
institution pursuant to Sec.  1002.105(b).
    The Bureau is also providing specialized rules for the reporting of 
line increases, as suggested by several commenters. One suggested 
strategy--exempting accounts that are in place before this final rule 
goes into effect--

[[Page 35216]]

could significantly reduce reportable transactions, potentially for 
years into the future.\345\ Moreover, under the tiered implementation 
period set forth in final Sec.  1002.114(b), the Bureau believes that 
financial institutions (and their customers) will have adequate time to 
adjust to reporting. Similarly, in response to a different commenter's 
question about reporting requests for additional credit amounts, the 
Bureau notes that if there is an application for an additional credit 
amount on a covered credit transaction, a financial institution must 
collect data pursuant to this final rule even if the existing account 
was opened prior to the applicable compliance date.
---------------------------------------------------------------------------

    \345\ Although information on average business credit card 
account age is not publicly available, credit card accounts 
typically have no expiration date and so may remain open 
indefinitely. Thus, exempting such accounts could create blind spots 
in the data for potentially years, or even decades, into the future.
---------------------------------------------------------------------------

    The Bureau is also not adopting the commenters' second suggestion--
to indefinitely allow financial institutions to rely on prior applicant 
responses--as the commenters provide no reason why reused data are more 
trustworthy in the context of requests for additional credit amounts, 
compared to other existing customers' requests for new credit. However, 
pursuant to final Sec.  1002.107(d), financial institutions may reuse 
most applicant-provided data, so long as there is no reason to believe 
the data are inaccurate, for up to 36 months. Although not specific to 
requests for additional credit amounts, this provision may ease some of 
the commenters' concerns.
    In response to comments, mainly from community groups, regarding 
the importance of having refinance transactions reported, the Bureau is 
revising comment 103(b)-2 to make clear that an applicant's request to 
refinance, which occurs when an existing obligation is satisfied and 
replaced by a new obligation undertaken by the same borrower, is 
reportable. The Bureau agrees with commenters that refinance 
transactions should be covered applications; they legally constitute a 
new credit obligation, and so are typically included within regulatory 
schemes governing originations.\346\ Indeed, as one commenter correctly 
noted, the Bureau's inclusion of refinancing categories for the credit 
purpose data point (in proposed comment 107(a)(6)-1) in the proposed 
rule shows that the Bureau intended for refinances to be reportable 
transactions.
---------------------------------------------------------------------------

    \346\ See, e.g., Fed. Fin. Insts. Examination Council, A guide 
to CRA Data Collection and Reporting, at 12 (2015), https://www.ffiec.gov/cra/pdf/2015_CRA_Guide.pdf (stating that an 
institution should collect information about small business and 
small farm loans that it refinances or renews as loan originations). 
Regulation C Sec.  1003.4(a)(3) (requiring reporting of whether the 
covered loan is a refinance); Regulation Z Sec.  1026.20(a) (``A 
refinancing occurs when an existing obligation that was subject to 
this subpart is satisfied and replaced by a new obligation 
undertaken by the same consumer. A refinancing is a new transaction 
requiring new disclosures to the consumer. . . .'').
---------------------------------------------------------------------------

    Several other commenters also requested clarification on aspects of 
the Bureau's proposed approach to reevaluation, extension, or renewal 
requests. In response to a community bank's questions regarding what 
dates to report under Sec.  1002.107(a)(2) and (9) (application date 
and action taken date) for requests for additional credit on existing 
accounts, the Bureau notes the dates should be based on the new request 
for credit. Because a request for additional credit amounts is 
considered a separate covered application pursuant to final Sec.  
1002.103(a), all data reported, including applicable dates, should be 
in reference to the new request for credit, and not the initial 
origination. Several other commenters inquired whether a transaction is 
a reportable covered application if a new note is executed as part of a 
request to consolidate existing credit amounts under the same terms or 
as part of a periodic review extending the credit under the same terms. 
If an existing obligation is satisfied by a new credit obligation, as 
determined by contract and State law, it would generally be reportable 
as a covered application (assuming the other conditions of a covered 
application are met). Although in certain circumstances this may 
require reporting of credit amounts previously outstanding under a 
different credit obligation with the same borrower and with similar or 
identical terms, the Bureau believes that seeking to exempt these fact-
specific circumstances would add considerable complexity to the rule 
and could undermine data quality. The Bureau generally agrees with the 
assertion that each new request for credit that is separately evaluated 
should be reportable (excluding counteroffers, pursuant to final 
comment 107(a)(9)-2). If a financial institution evaluates each new 
request for credit, then each of those instances should be reported as 
separate covered applications for the amount advanced. For example, if 
a small business makes several requests for advances from a merchant 
cash advance provider, each of which is evaluated by the provider, each 
of those requests will typically constitute a separate covered 
application. In contrast, if a financial institution extends a line of 
credit up to a specified amount, then any request drawn against the 
line within that established limit is authorized and would not be a 
separate covered application. See also existing Sec.  1002.2(q), which 
defines the term to ``extend credit'' or ``extension of credit.''
    Inquiries and prequalification requests. As the Bureau explained in 
the NPRM, existing Regulation B recognizes that before a consumer or 
business requests credit in accordance with the procedures used by a 
creditor for the type of credit requested, a creditor may provide a 
prospective applicant with information about credit terms. Generally, 
an inquiry occurs when a prospective applicant consumer or business 
requests information about credit terms offered by a creditor; a 
prequalification request generally refers to a request by a consumer or 
business for a preliminary determination on whether the prospective 
applicant would likely qualify for credit under a creditor's standards 
or for what amount.\347\ Under existing Regulation B comments 2(f)-3 
and 9-5, an inquiry or prequalification request may become an 
``application'' if the creditor evaluates information about the 
consumer or business, decides to decline the request, and communicates 
this to the consumer or business; otherwise, such inquiries and 
prequalification requests are generally not considered applications 
under existing Regulation B. As explained in existing comment 2(f)-3, 
whether the inquiry or prequalification request becomes an application 
depends on how the creditor responds to the consumer or business, not 
on what the consumer or business says or asks. Finally, Regulation C 
excludes all prequalification requests from HMDA reporting, even if the 
prequalification request constitutes an application under existing 
Regulation B.\348\
---------------------------------------------------------------------------

    \347\ See Regulation C comment 2(b)-2 (describing 
prequalification requests).
    \348\ See id.
---------------------------------------------------------------------------

    Pursuant to final Sec.  1002.103(b)(2), a ``covered application'' 
does not include inquiries and prequalification requests, even in 
circumstances where the inquiry or prequalification request may 
constitute an ``application'' under existing Sec.  1002.2(f). The 
Bureau agrees with commenters who stated that reporting inquiries or 
prequalification requests would be extremely operationally difficult 
given the volume of such requests and because such requests typically 
occur very early in the process, making it difficult to obtain or track 
applicant-provided data. There could be data quality issues given the 
sometimes-informal nature of such

[[Page 35217]]

requests, which could raise the risk of missing, unavailable, or 
erroneous data. As noted by one commenter, reporting inquiries and 
prequalification requests could also be duplicative if the applicant 
subsequently applies for credit in accordance with the procedures 
designated by the financial institution; the Bureau would potentially 
need to create a separate data field or flag to distinguish such 
requests. Requiring reporting of such interactions could also lead 
financial institutions to pull back on offering prequalification 
reviews or engaging with prospective applicants, which could inhibit 
prospective applicants from shopping around for the best terms. As 
discussed in the section-by-section analysis of Sec.  1002.103(a) 
above, small depository institutions have expressed concern that this 
rule will overly formalize small business lending and inhibit 
relationship lending. Given these concerns, the Bureau is not expanding 
the definition of a covered application to include pre-application 
conduct, such as every time a business inquires about credit or if a 
financial institution pulls information about the business, as urged by 
some community groups.
    The Bureau also is not requiring, as suggested by some commenters, 
reporting of inquiries and prequalification requests only in situations 
that would otherwise be treated as an ``application'' under existing 
Regulation B--i.e., when the financial institution evaluates 
information about the business, decides to decline the request, and 
communicates this to the business. The logistics of reporting an 
inquiry or prequalification request only in these circumstances could 
be operationally challenging for financial institutions and could lead 
to data distortion in a manner inconsistent with the statutory purposes 
of section 1071, as only denials would be captured. In this case, a 
financial institution may prefer to report all inquiries and 
prequalification requests, which could lead to some of the challenges 
identified above. Moreover, a financial institution will not know ex 
ante whether a prequalification will result in the financial 
institution notifying the business it is unlikely to qualify, and so 
the financial institution would likely need to collect 1071 data at the 
beginning of the interaction regardless. Although the Bureau sought 
comment about its concerns related to the reporting of only denials, no 
commenters specifically addressed this issue.
    As noted above, one commenter emphasized the importance of having 
online applications reported, including online prequalification 
requests in particular, arguing that the absence of reporting would 
lead to a lack of data and an imbalance among lenders. The Bureau 
notes, however, that the final rule does not exclude online 
applications (nor did the proposal). While prequalification requests 
are excluded for the reasons discussed above, that exclusion is not 
limited to a particular channel. However, to the extent an online 
questionnaire is truly a voluntary tool for businesses to shop around 
for potential terms, and not an application under the procedures 
established by the financial institution, the Bureau believes such 
inquiries should be excluded for the reasons described above.
    Of course, requests for credit that meet the definition of 
``covered application'' are reportable, even if the application was 
preceded by an inquiry or prequalification request. For example, if a 
business initially seeks information about potential credit offerings, 
the financial institution responds, and then the business submits an 
application for a covered credit transaction, the application is 
reportable. If, on the other hand, the business asks about potential 
credit offerings, but then chooses not to request credit, there is no 
covered application.
    In response to commenters' request to provide further examples, in 
commentary to the rule, to differentiate inquiries or prequalification 
requests and covered applications, the Bureau has added to comment 
103(b)-5 additional illustrative examples.
    The Bureau has also made minor revisions to comment 103(b)-4 for 
clarity and consistency.
    In sum, the Bureau believes it is appropriate to interpret 
``application'' as used in section 1071 to exclude inquiries and 
prequalification requests given the considerations identified above, 
including the timing and often informal nature of such interactions, 
the operational challenges of implementing such a definition, and 
related concerns about the reliability of the data. However, the Bureau 
does share commenters' concerns about discrimination that may occur in 
the pre-application phase. As discussed above, the Bureau believes it 
is important for regulators and other enforcers to review data 
collected and reported pursuant to section 1071 to preliminarily 
identify where financial institutions might not be appropriately 
defining an application, and for financial institutions to self-monitor 
for the same. For example, as discussed above, very high approval rates 
or very low rates of incomplete or withdrawn applications may be a 
preliminary indication that the financial institution is evading its 
obligations, for example, by collecting 1071 data late in the 
application process. Similarly, such rates may also suggest that the 
financial institution has a regular practice of decisioning requests 
for credit through ``inquiries'' or ``prequalification requests''; if 
such reviews are regularly conducted and effectively function as a 
prescreening tool for the financial institution, they should be 
reported as a ``covered application.'' \349\
---------------------------------------------------------------------------

    \349\ See also final comment 103(b)-5.
---------------------------------------------------------------------------

    The Bureau believes it is important for regulators and other 
enforcers to also carefully review the data for indicia of potential 
illegal discouragement in the pre-application stage, and for financial 
institutions to self-monitor for the same. For example, analyzing the 
rates of applications from small businesses within majority-minority 
neighborhoods, as compared to a financial institution's peers, may be 
useful to identify potential discrimination. Finally, the Bureau notes 
that inquiries and prequalification requests where the institution 
evaluates information about the consumer or business, declines the 
request, and communicates it to the business or consumer, are 
``applications'' under existing Regulation B, and are thus subject to 
its requirements regarding ``applications,'' including its adverse 
action notification requirements and nondiscrimination provisions. As 
stated in final comment 103(b)-1, in no way are the exclusions in final 
Sec.  1002.103(b) intended to repeal, abrogate, annul, impair, change, 
or interfere with the scope of the term application in existing Sec.  
1002.2(f) as applicable to existing Regulation B.
    Solicitations, firm offers of credit, and other evaluations or 
offers initiated by the financial institution. The Bureau is adding new 
comment 103(a)-4 to clarify that the term covered application does not 
include solicitations, firm offers of credit, and other evaluations or 
offers initiated by the financial institution because the business has 
not made a request for credit, and to provide illustrative examples. 
The Bureau is adding this comment in response to comments from industry 
urging the Bureau to exclude ``preapprovals,'' which the commenters 
described as credit offered by the financial institution without an 
initiating application from the business. The

[[Page 35218]]

Bureau agrees with commenters who urged that solicitations, reviews, or 
evaluations initiated by the financial institution should not, on their 
own, be considered ``covered applications'' because the communications 
do not involve an applicant requesting credit. Excluding solicitations 
and firm offers of credit is also consistent with the language of ECOA 
section 704B(b)(1), which expressly contemplates that an application in 
response to a solicitation by a financial institution could be an 
application under section 1071, but the text is silent on solicitations 
without any applicant response.
    The Bureau does not agree, however, that such offers or evaluations 
should not be reported even where the applicant responds to such a 
request and seeks the credit offered, as suggested by one commenter. 
Once the applicant responds affirmatively to the solicitation 
indicating that it wishes to proceed, there is a request for credit 
from the applicant; there is no requirement in the final definition of 
a covered application that the applicant be the initiating entity, only 
that the applicant make an oral or written request for a covered credit 
transaction in accordance with procedures used by a financial 
institution for the type of credit requested. Capturing such requests 
would also implement the language of ECOA section 704B(b)(1), which 
provides that data collection and reporting is required ``whether or 
not such application is in response to a solicitation by the financial 
institution.'' The commenter also argued that reporting on accepted 
solicitations or offers would skew the data as it would only include 
accepted offers. The Bureau understands that this may result in some 
data skew, but believes this outcome is preferrable to having no data 
at all on applicant requests for credit in response to a solicitation. 
Thus, solicitations, firm offers of credit, or other evaluations or 
offers initiated by the financial institution for a covered credit 
transaction may become a ``covered application'' if an applicant 
responds to the solicitation or offer by requesting the offered credit. 
However, if a financial institution unilaterally--with no request from 
the business--increases a credit line or provides some other type of 
credit to the business, it would not be considered a covered 
application because, similar to a mere solicitation, the transaction 
does not involve a request for credit.
    Several commenters also asked the Bureau to provide that 
``preapprovals'' are not covered applications. As noted above, to the 
extent the commenters are referring to evaluations or offers initiated 
by the financial institution alone, such events are not covered 
applications unless the applicant affirmatively responds, wishing to 
proceed. However, a preapproval as described in existing comment 2(f)-
5.i is an example of a covered application. Under that comment, a 
preapproval occurs when a creditor reviews a request under a program in 
which the creditor, after a comprehensive analysis of an applicant's 
creditworthiness, issues a written commitment valid for a designated 
period of time to extend a loan up to a specified amount. If a 
creditor's program does not provide for giving written commitments, 
requests for preapprovals are treated as prequalification requests.

Section 1002.104 Covered Credit Transactions and Excluded Transactions

104(a) Covered Credit Transaction
    ECOA section 704B(b) requires financial institutions to collect and 
report information regarding any application for ``credit'' made by 
women-owned, minority-owned, or small businesses. Although the term 
``credit'' is not specifically defined in section 1071, ECOA defines 
``credit'' as ``the right granted by a creditor to a debtor to defer 
payment of debt or to incur debts and defer its payment or to purchase 
property or services and defer payment therefor.'' \350\ As noted above 
in the section-by-section analysis of Sec.  1002.102(d), existing 
Regulation B further defines ``business credit'' as ``extensions of 
credit primarily for business or commercial (including agricultural) 
purposes,'' with some exclusions.\351\ As discussed in detail below, 
the Bureau is finalizing its proposal that covered financial 
institutions report data for all applications for transactions that 
meet the definition of business credit unless otherwise excluded.
---------------------------------------------------------------------------

    \350\ 15 U.S.C. 1691a(d); see also Sec.  1002.2(j).
    \351\ 12 CFR 1002.2(g).
---------------------------------------------------------------------------

    Proposed Sec.  1002.104(a) would have defined the term ``covered 
credit transaction'' as an extension of business credit that is not an 
excluded transaction under proposed Sec.  1002.104(b). Proposed comment 
104(a)-1 would have reiterated that the term ``covered credit 
transaction'' includes all business credit (including loans, lines of 
credit, credit cards, and merchant cash advances) unless otherwise 
excluded under Sec.  1002.104(b). The Bureau explained that such credit 
transactions for agricultural purposes and HMDA-reportable transactions 
would have fallen within the scope of the proposed rule. The Bureau 
noted that this was not an exhaustive list of covered credit 
transactions; other types of business credit would have constituted 
covered credit transactions unless excluded by proposed Sec.  
1002.104(b). With respect to excluded transactions, proposed Sec.  
1002.104(b) would have stated that the requirements of subpart B do not 
apply to trade credit, public utilities credit, securities credit, and 
incidental credit. Proposed commentary would have made clear that the 
term ``covered credit transaction'' also did not cover factoring, 
leases, consumer-designated credit used for business purposes, or 
credit secured by certain investment properties.
    The Bureau received comments on transaction coverage from many 
lenders, trade associations, business advocacy groups, nonbank online 
lenders, the offices of two State attorneys general, and community 
groups. The Bureau received a few comments from industry expressing 
general support for the proposed definition of covered credit 
transaction. Many community groups, as well as several community-
oriented lenders and a cross-sector group of lenders, community groups, 
and small business advocates, requested expansive and broad product 
coverage; some commenters argued that such coverage was needed to 
prevent evasion, for comprehensive data analysis, and/or to fulfill 
section 1071's statutory purposes. Some commenters suggested the Bureau 
monitor the market to ensure that new products are covered by, and 
reported under, the rule. A business advocacy group and a joint letter 
from community groups, community-oriented lenders, and business 
advocacy groups urged the Bureau to subject ``all forms of credit''--
including merchant cash advances, factoring, and leases, in addition to 
term loans, credit cards, and other forms of credit--to fair lending 
and credit need analysis. They asserted that each of these products 
occupies a substantial portion of the ``credit market'' for small 
businesses and excluding any of them would allow potentially 
detrimental lending practices to proliferate.
    For the reasons set forth herein, the Bureau is finalizing its 
definition of ``covered credit transaction'' in Sec.  1002.104(a) as 
proposed. Final Sec.  1002.104(a) defines the term ``covered credit 
transaction'' as an extension of business credit that is not an 
excluded transaction under Sec.  1002.104(b). Final comment 104(a)-1 
reiterates that the term ``covered credit transaction'' includes all 
business credit (including loans, lines of credit, credit cards, and

[[Page 35219]]

merchant cash advances) unless otherwise excluded under final Sec.  
1002.104(b). Loans, lines of credit, credit cards, merchant cash 
advances, and credit products used for agricultural purposes fall 
within the scope of this final rule, which covers the majority of 
products that small businesses use to obtain financing.\352\ As 
discussed in greater detail below, the Bureau believes that covering 
these products in this rule is important to fulfilling the purposes of 
section 1071. The Bureau stresses that the products discussed herein do 
not constitute an exhaustive list of covered credit transactions; other 
types of business credit not specifically described in the rule and its 
associated commentary nevertheless constitute covered credit 
transactions unless excluded by final Sec.  1002.104(b). In line with 
this approach, the Bureau thus is not expressly listing other products 
(such as credit extensions incident to factoring arrangements discussed 
below) as covered credit transactions.
---------------------------------------------------------------------------

    \352\ See White Paper at 21-22.
---------------------------------------------------------------------------

    Final Sec.  1002.104(b), in turn, states that the requirements of 
subpart B do not apply to trade credit, HMDA-reportable transactions, 
insurance premium financing, public utilities credit, securities 
credit, and incidental credit. Associated commentary makes clear that 
the term ``covered credit transaction'' also does not cover factoring, 
leases, consumer-designated credit that is used for business or 
agricultural purposes, or credit transaction purchases, purchases of an 
interest in a pool of credit transactions, and purchases of a partial 
interest in a credit transaction. In response to comments received, the 
Bureau is now excluding HMDA-reportable transactions and insurance 
premium financing from the scope of this final rule. As a result, the 
Bureau believes that proposed commentary that would have made clear 
that the term ``covered credit transaction'' does not cover credit 
secured by certain investment properties is not necessary.
    The Bureau agrees that broad product coverage is important to 
fulfill section 1071's statutory purposes, though the Bureau is not 
extending coverage to all forms of small business financing as 
requested by some commenters. The Bureau believes the exclusions from 
the definition of covered credit transaction that it proposed in Sec.  
1002.104(b) are appropriate and has added two additional exclusions 
(HMDA-reportable transactions and insurance premium financing) in 
response to comments received. For the reasons set forth herein, the 
Bureau is finalizing Sec.  1002.104 pursuant to its authority under 
ECOA section 704B(g)(1) to prescribe such rules and issue such guidance 
as may be necessary to carry out, enforce, and compile data under 
section 1071.
    Comments received on specific types of transactions that are 
reportable or not reportable under this rule are discussed in turn 
below.
Loans, Lines of Credit, and Credit Cards
Proposed Rule
    Proposed Sec.  1002.104(a) would have defined the term ``covered 
credit transaction'' as an extension of business credit that is not an 
excluded transaction under proposed Sec.  1002.104(b). Proposed comment 
104(a)-1 would have reiterated that the term ``covered credit 
transaction'' includes all business credit (including loans, lines of 
credit, credit cards, and merchant cash advances) unless otherwise 
excluded under Sec.  1002.104(b). The Bureau did not propose 
definitions for loans, lines of credit, and credit cards because the 
Bureau believed these products are generally and adequately covered by 
the definition of ``credit'' in proposed Sec.  1002.102(i), which, as 
noted above, references existing Sec.  1002.2(j). The Bureau sought 
comment on its proposed approach to covered credit transactions and 
particularly on whether it should define loans, lines of credit, and 
credit cards, and, if so, how.
Comments Received
    A few commenters expressed general support for the explicit 
coverage of loans, lines of credit, and credit cards. One bank 
commenter opined that the Bureau's rule does not need to define loans, 
lines of credit, and credit cards because those definitions would add 
unnecessary complexities. One community group expressed approval for 
the Bureau's proposed coverage of lines of credit, stating that such 
products meet important credit needs to help businesses weather 
fluctuations in revenues and their coverage will help inform 
stakeholders whether minority- and/or women-owned businesses are able 
to access this important credit type or whether they experience a 
disproportionate amount of denials.
    The Bureau received mixed feedback regarding its proposed coverage 
of credit cards. A few community groups supported credit card coverage, 
with one noting that credit cards are widely used by small businesses, 
often with smaller principal balances and higher interest rates than 
term loans. This commenter stressed the importance of assessing whether 
Hispanic- and African American-owned businesses are more likely to rely 
upon credit cards than other businesses and whether the smallest 
businesses, and women- and minority-owned businesses, have equitable 
access to term loans or are served disproportionately by credit card 
loans or other credit products.
    By contrast, a few credit union trade associations urged the Bureau 
to exclude credit cards from the rule to reduce burden and reporting 
volumes. One commenter argued that every credit union that offers even 
a single small business credit card product will ultimately become a 
covered financial institution unless the Bureau either establishes a de 
minimis threshold or expressly excludes small business credit cards. 
Another urged the Bureau to exclude credit cards from the rule on the 
basis that these products are already covered by the Credit Card 
Accountability Responsibility and Disclosure (CARD) Act and the 
exclusion would reduce compliance burden without weakening the quality 
of resulting data and would relieve lenders of the responsibility to 
sort out and isolate business credit card data from consumer credit 
card data, which are often both run by the same platform independently 
of other commercial lending activities.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing its 
coverage of loan, lines of credit, and credit cards as proposed. These 
products are commonly offered to small business applicants (making up 
almost 60 percent of the aggregate dollar volume of various financial 
products used by small businesses).\353\ According to a recent Federal 
Reserve Banks' survey of employer firms, loans and lines of credit were 
the most common forms of financing sought by applicants, with credit 
cards in second place.\354\ The Bureau believes that covering these 
products is important for advancing both of section 1071's statutory 
purposes.
---------------------------------------------------------------------------

    \353\ See id. at 21 fig. 2.
    \354\ 2022 Report on Employer Firms at 25, https://www.fedsmallbusiness.org/survey/2022/report-on-employer-firms.
---------------------------------------------------------------------------

    The Bureau does not believe that it would be appropriate to exclude 
credit cards from coverage, as requested by several commenters. The 
Federal Reserve Banks found that almost one third of employer firm 
applicants sought credit cards \355\ and credit card usage among 
minority-owned small businesses is higher than among white-

[[Page 35220]]

owned small businesses.\356\ The Bureau believes that excluding this 
popular source of small business financing, particularly among the 
smallest businesses and start-ups, would not be consistent with section 
1071's statutory purposes. The Bureau has considered the concerns 
regarding reporting volumes among credit unions and notes that its 
higher originations threshold in final Sec.  1002.105(b) for coverage 
under the rule should help alleviate these concerns. The Bureau does 
not believe that CARD Act reporting is a sufficient substitute for data 
collected under section 1071 because it does not cover business-purpose 
credit cards and does not include protected demographic information, 
both of which are central to section 1071's statutory purposes.
---------------------------------------------------------------------------

    \355\ Id.
    \356\ See, e.g., Fed. Rsrv. Bank of N.Y. et al., Latino-Owned 
Businesses: Shining a Light on National Trends (Nov. 2018), https://www.newyorkfed.org/medialibrary/media/smallbusiness/2017/Report-on-Latino-Owned-Small-Businesses.pdf (finding that Latino business 
owners are more likely than non-Latino white business owners to use 
credit cards).
---------------------------------------------------------------------------

    The Bureau is finalizing Sec.  1002.104(a) and comment 104(a)-1 as 
proposed. The Bureau is not adopting definitions for loans, lines of 
credit, and credit cards because it believes these products are 
generally and adequately covered by the definition of ``credit'' in 
Sec.  1002.102(i).\357\
---------------------------------------------------------------------------

    \357\ As noted in the section-by-section analysis of Sec.  
1002.107(a)(5) below, the Bureau distinguishes between secured and 
unsecured loans and lines of credit when financial institutions 
report the type of credit product being applied for. The Bureau does 
not believe that this distinction has relevance to whether these 
products constitute ``credit.''
---------------------------------------------------------------------------

Merchant Cash Advances
Background and Proposed Rule
    As discussed above, proposed Sec.  1002.104(a) would have defined 
the term ``covered credit transaction'' as an extension of business 
credit that is not an excluded transaction under proposed Sec.  
1002.104(b), and proposed comment 104(a)-1 would have reiterated that 
the term ``covered credit transaction'' includes all business credit 
(including loans, lines of credit, credit cards, and merchant cash 
advances) unless otherwise excluded under Sec.  1002.104(b). The Bureau 
sought comment on its proposed approach to covered credit transactions, 
and in particular, on whether it should define merchant cash advances 
and/or other sales-based financing transactions, and if so, how.
    As the Bureau explained in the NPRM, merchant cash advances are a 
form of financing for small businesses that purport to be structured as 
a sale of potential future income. Merchant cash advances vary in form 
and substance, but under a typical merchant cash advance, a merchant 
receives a cash advance and promises to repay it plus some additional 
amount or multiple of the amount advanced (e.g., 1.2 or 1.5, the 
``payback'' or ``factor'' ``rate''). The merchant promises to repay by 
either pledging a percentage of its future revenue, such as its daily 
credit and debit card receipts (the ``holdback percentage''), or 
agreeing to pay a fixed daily withdrawal amount to the merchant cash 
advance provider until the agreed upon payment amount is satisfied. 
Merchant cash advance contracts often provide for repayment directly 
through the merchant's card processor and/or via Automated Clearing 
House withdrawals from the merchant's bank account.\358\ Merchant cash 
advances constitute the primary product under an umbrella term often 
referred to as ``sales-based financing;'' generally, transactions 
wherein a financial institution extends funds to a business and 
repayment is based on the business's anticipated sales, revenue, or 
invoices.\359\
---------------------------------------------------------------------------

    \358\ This description is based on the Bureau's review of a 
sample of merchant cash advance contracts that the Bureau believes 
fairly represent typical merchant cash advance contracts in the 
market. The Bureau's review comports with observations made by 
industry and community groups regarding merchant cash advances.
    \359\ As stated below, the Bureau is not specifically defining 
sales-based financing in the rule because the Bureau believes these 
products are covered by the definition of ``credit'' in final Sec.  
1002.102(i). New York and California laws have recently sought to 
define sales-based financing. New York law, for example, defines 
``sales-based financing'' as ``a transaction that is repaid by the 
recipient to the provider, over time, as a percentage of sales or 
revenue, in which the payment amount may increase or decrease 
according to the volume of sales made or revenue received by the 
recipient.'' N.Y. Fin. Serv. 801(j). New York's definition of sales-
based financing also encompasses a true-up mechanism where the 
financing is repaid as a fixed payment but provides for a 
reconciliation process that adjusts the payment to an amount that is 
a percentage of sales or revenue. Id. California law uses a similar 
definition. See 10 Cal. Code Reg. 2057(a)(22) (defining sales-based 
financing as ``a commercial financing transaction that is repaid by 
a recipient to the financer as a percentage of sales or income, in 
which the payment amount increases and decreases according to the 
volume of sales made or income received by the recipient'' and 
including ``a true[hyphen]up mechanism'').
---------------------------------------------------------------------------

    The Bureau understands that the merchant cash advance market is 
generally dominated by nondepository institutions not subject to 
Federal safety and soundness supervision or reporting requirements. The 
Bureau also understands that merchant cash advance providers may not be 
required to obtain State lending licenses. As a result, information on 
merchant cash advance lending volume and practices is limited. The 
Bureau notes, however, that a few states have enacted laws that would 
impose disclosure requirements upon certain commercial financing 
providers, including merchant cash advance providers.\360\
---------------------------------------------------------------------------

    \360\ See, e.g., Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (Dec. 
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B. 
The California law does not go so far as to amend the California 
Financing Law to require factors or merchant cash advance providers 
to be licensed, but it does impose first-in-the-nation disclosure 
requirements in connection with these products similar to those 
imposed under TILA. The California law is implemented through 
regulations that took effect on December 9, 2022. See State of Cal. 
Dep't of Bus. Oversight, PRO 01-18 Commercial Financing Disclosures 
SB 1235 (June 9, 2022), https://dfpi.ca.gov/wp-content/uploads/sites/337/2022/06/PRO-01-18-Commercial-Financing-Disclosure-Regulation-Final-Text.pdf. The New York law is also implemented 
through regulations, which have not been finalized yet. See N.Y. 
Dep't of Fin. Servs., Revised Proposed New 23 NYCRR 600 (Sept. 14, 
2022), https://www.dfs.ny.gov/system/files/documents/2022/09/rp_23nycrr600_text_20220914.pdf.
---------------------------------------------------------------------------

    Although the Bureau's 2017 White Paper estimated the merchant cash 
advance market constituted less than 1 percent of the aggregate dollar 
volume of various financial products used by small businesses in the 
U.S. in 2014,\361\ the Bureau notes that more recent evidence suggests 
the industry may now be much larger. For example, the 2021 Federal 
Reserve Banks' survey of firms with 1-499 employees (``employer 
firms'') found that 8 percent of such businesses applied for and 
regularly used merchant cash advances.\362\ Moreover, on August 18, 
2019, the trade website deBanked reported that according to an 
investment bank's projections, ``the [merchant cash advance] industry 
will have more than doubled its small business funding to $19.2 billion 
by year-end 2019, up from $8.6 billion in 2014.'' \363\
---------------------------------------------------------------------------

    \361\ See White Paper at 21 fig. 2, 22 fig. 3.
    \362\ Fed. Rsrv. Banks, Small Business Credit Survey--2022 
Report on Employer Firms, at 19 (Feb. 22, 2022), https://www.fedsmallbusiness.org/survey/2022/report-on-employer-firms (2022 
Small Business Credit Survey). Starting in 2017, the Federal Reserve 
Banks began to gather specific data on merchant cash advances for 
its annual reports on small business financing for employer firms--
in the 2017 report, the survey found that 7 percent of such 
businesses applied for and regularly used merchant cash advances. 
Fed. Rsrv. Banks, Small Business Credit Survey--2017 Report on 
Employer Firms, at 9 (Apr. 11, 2017), https://www.fedsmallbusiness.org/survey/2017/report-on-employer-firms (2017 
Small Business Credit Survey).
    \363\ Paul Sweeney, Gold Rush: Merchant Cash Advances Are Still 
Hot, deBanked (Aug. 18, 2019), https://debanked.com/2019/08/gold-rush-merchant-cash-advances-are-still-hot/.
---------------------------------------------------------------------------

    The Bureau understands that merchant cash advances are often used 
by merchants due to the speed and ease with which they can be 
obtained,\364\

[[Page 35221]]

particularly for merchants unable to obtain financing from more 
traditional sources.\365\ According to the 2021 Federal Reserve Banks' 
report regarding firms owned by people of color (both small employer 
firms and non-employer firms), Black-owned firms, Hispanic-owned firms, 
and Asian-owned firms were more likely to have applied for merchant 
cash advances (14 percent, 10 percent, and 10 percent, respectively) 
than white-owned firms (7 percent).\366\
---------------------------------------------------------------------------

    \364\ See Fed. Rsrv. Banks, Small Business Credit Survey--2021 
Report on Employer Firms, at 26 (Feb. 3, 2021), https://www.fedsmallbusiness.org/survey/2021/report-on-employer-firms (2021 
Small Business Credit Survey) (reporting that 84 percent of surveyed 
credit applicants were approved for a merchant cash advance, as 
compared to a 43 percent approval rate for personal loans).
    \365\ See 2022 Small Business Credit Survey (noting that only 8 
percent of ``high credit risk'' applicants obtained all the 
financing sought).
    \366\ See Fed. Rsrv. Banks, Small Business Credit Survey--2021 
Report on Firms Owned by People of Color, at 30 (Apr. 15, 2021), 
https://www.fedsmallbusiness.org/survey/2021/2021-report-on-firms-owned-by-people-of-color (Small Business Credit Survey of Firms 
Owned by People of Color).
---------------------------------------------------------------------------

    The Bureau believes that the higher frequency of merchant cash 
advance use among minority-owned businesses coupled with reports of 
problematic provider practices lends credence to claims that merchant 
cash advances may raise fair lending concerns. The Federal Trade 
Commission (FTC) released a Staff Perspective in February 2020 
discussing its concerns with the merchant cash advance industry \367\ 
and noting the industry's tendency to ``cater to higher-risk businesses 
or owners with low credit scores--typically offering them higher-cost 
products.'' \368\ The FTC has also filed enforcement actions against 
merchant cash advance providers and their principals, in one case 
alleging that they misrepresented the terms of merchant cash advances 
that they provided, and then used ``unfair collection practices, 
including sometimes threatening physical violence, to compel consumers 
to pay.'' \369\ In April 2021, the FTC obtained a settlement that 
required a merchant cash advance provider to pay more than $9.8 million 
to settle charges that it took money from businesses' bank accounts 
without permission and deceived business owners about the amount of 
financing they would receive and about other features of its financing 
products.\370\ More recently, the FTC obtained a court order that 
permanently bans a merchant cash advance company and its owner from the 
merchant cash advance industry for deceiving and threatening small 
businesses and their owners.\371\
---------------------------------------------------------------------------

    \367\ Fed. Trade Comm'n, `Strictly Business' Forum, Staff 
Perspective, at 6-8 (Feb. 2020), https://www.ftc.gov/system/files/documents/reports/staff-perspective-paper-ftcs-strictly-business-forum/strictly_business_forum_staff_perspective.pdf.
    \368\ See id. at 2.
    \369\ Press Release, Fed. Trade Comm'n, New York-Based Finance 
Companies Deceived Small Businesses, Non-Profits and Seized Their 
Personal and Business Assets (June 10, 2020), https://www.ftc.gov/news-events/press-releases/2020/06/new-york-based-finance-companies-deceived-small-businesses. See also Press Release, Fed. Trade 
Comm'n, FTC Alleges Merchant Cash Advance Provider Overcharged Small 
Businesses Millions (Aug. 3, 2020), https://www.ftc.gov/news-events/press-releases/2020/08/ftc-alleges-merchant-cash-advance-provider-overcharged-small.
    \370\ Press Release, Fed. Trade Comm'n, Cash Advance Firm to Pay 
$9.8M to Settle FTC Complaint It Overcharged Small Businesses (Apr. 
22, 2021), https://www.ftc.gov/news-events/press-releases/2021/04/cash-advance-firm-pay-98m-settle-ftc-complaint-it-overcharged.
    \371\ Press Release, Fed. Trade Comm'n, FTC Action Results in 
Ban for Richmond Capital and Owner From Merchant Cash Advance and 
Debt Collection Industries and Return of More Than $2.7M to 
Consumers (June 6, 2022), https://www.ftc.gov/news-events/news/press-releases/2022/06/ftc-action-results-ban-richmond-capital-owner-merchant-cash-advance-debt-collection-industries.
---------------------------------------------------------------------------

    Moreover, the Bureau understands that the delinquency/default rate 
amongst small businesses that use merchant cash advances is relatively 
high--6 to 20 percent according to one estimate \372\ and 10 percent 
according to an SEC analysis of one merchant cash advance provider 
\373\ (compared with a charge off rate between 0 to 3.59 percent on SBA 
loans \374\ and just over 1 percent on certain commercial and 
industrial loans \375\). The Bureau believes this high default rate may 
be explained by the fact that the typical merchant cash advance 
holdback percentage--10 to 20 percent of gross receipts or revenues--
may be onerous for already cash-strapped small businesses.\376\ The 
Bureau also understands that it is not uncommon for small businesses 
that use merchant cash advances to obtain new merchant cash advances 
from other merchant cash advance providers (more than a quarter of such 
businesses, by one account); \377\ they also may use one merchant cash 
advance to pay off another. Firms that take on added debt loads in this 
way (a process known as ``stacking'') ``may not fully recognize the 
costs involved, which could potentially jeopardize the financial health 
of their businesses.'' \378\
---------------------------------------------------------------------------

    \372\ See Bryant Park Capital, Merchant Cash Advance/Small 
Business Financing Industry Report, at 28 (Jan. 2016), https://bryantparkcapital.com/wp-content/uploads/2018/06/BPC-MCA-SMB-Financing-Industry-Report.pdf.
    \373\ SEC Complaint (Jan. 2020), https://www.sec.gov/litigation/complaints/2020/comp24860.pdf.
    \374\ Small Bus. Admin., Table 9--Charge Off Rates as a Percent 
of Unpaid Principal Balance (UPB) Amount by Program (Mar. 31, 2022), 
https://www.sba.gov/document/report-small-business-administration-loan-program-performance.
    \375\ Bd. of Governors of the Fed. Rsrv. Sys., Charge-Off and 
Delinquency Rates on Loans and Leases at Commercial Banks (Aug. 22, 
2022), https://www.federalreserve.gov/releases/chargeoff/delallsa.htm.
    \376\ See Bd. of Governors of the Fed. Rsrv. Sys., Browsing to 
Borrow: ``Mom & Pop'' Small Business Perspectives on Online Lenders, 
at 9 (June 2018), https://www.federalreserve.gov/publications/files/2018-small-business-lending.pdf (Board Small Business Perspectives) 
(noting that when asked ``about the toughest part of running their 
businesses, most participants cited the challenges of managing their 
cash flow''); id. at 5 (noting that ``[s]ome observers have argued 
that the owner's loss of control over cash flow puts some small 
businesses at risk''). The Bureau also notes that many merchant cash 
advance providers believe that they are not subject to State usury 
laws.
    \377\ See Opportunity Fund, Unaffordable and Unsustainable: The 
New Business Lending, at 3 (May 2016), https://www.leg.state.nv.us/App/InterimCommittee/REL/Document/13129 (stating that ``[m]ore than 
a quarter of the businesses in our dataset had loans outstanding 
with multiple alternative lenders'').
    \378\ Board Small Business Perspectives at 6.
---------------------------------------------------------------------------

    As small businesses struggled with the COVID-19 pandemic, reports 
of merchant cash advance providers employing aggressive collection 
practices continued, such as ``pursuing legal claims against owners 
that freeze their bank accounts and . . . pressing their family 
members, neighbors, insurers, distributors--even their customers.'' 
\379\ Given the fact that 84 percent of the credit applicants surveyed 
by the Federal Reserve Banks were approved for a merchant cash advance 
\380\ and the fact that it appears to have been significantly more 
difficult to obtain credit as a ``high credit risk'' applicant during 
the COVID-19 pandemic,\381\ the Bureau believes that many vulnerable 
small businesses sought merchant cash advances to support their 
pandemic recovery.
---------------------------------------------------------------------------

    \379\ Gretchen Morgenson, FTC official: Legal `loan sharks' may 
be exploiting coronavirus to squeeze small businesses, NBC News 
(Apr. 3 2020), https://www.nbcnews.com/business/economy/ftc-official-legal-loan-sharks-may-be-exploiting-coronavirus-squeeze-n1173346.
    \380\ See 2021 Small Business Credit Survey at 26.
    \381\ Compare id. at 22 (noting that only 7 percent of ``high 
credit risk'' applicants obtained all the financing sought), with 
Fed. Rsrv. Banks, Small Business Credit Survey--2020 Report on 
Employer Firms, at 12 (Apr. 7, 2020), https://www.fedsmallbusiness.org/survey/2020/report-on-employer-firms 
(reporting that 23 percent of ``high credit risk'' applicants 
obtained all the financing sought) (2020 Small Business Credit 
Survey).
---------------------------------------------------------------------------

Comments Received
    The Bureau received comments on this aspect of the proposal from a 
wide range of lenders, trade associations, business advocacy groups, 
community groups, individuals, the offices of two State attorneys 
general, and others. The Bureau observes that, throughout the 
development of the rule to implement section 1071, merchant cash 
advances have been the focus of significant attention and a unique 
source of near-consensus among a diverse array of stakeholders--almost 
all of whom

[[Page 35222]]

advocated for covering merchant cash advances in the rule.\382\ 
Comments received in response to the NPRM were no different in that, 
with the exception of a sole credit union trade association, the only 
commenters that supported the exclusion of merchant cash advances from 
the rule were merchant cash advance providers or trade associations 
representing merchant cash advance providers (the Bureau is not aware 
of any credit unions that offer merchant cash advances as that term is 
used herein). Most of these commenters argued that merchant cash 
advances do not meet the definition of credit under ECOA or State law 
and should instead be treated like traditional factoring arrangements 
(described in detail below), which are generally understood not to be 
credit. A few of these commenters also asserted that covering merchant 
cash advances is contrary to public policy because doing so will 
negatively impact access to financing and because they benefit 
businesses. Two commenters asserted that the Bureau failed to engage 
adequately in cost/benefit analysis as required by section 
1022(b)(2)(a) of the Dodd-Frank Act, claiming that some smaller funders 
would exit the market due to increased regulatory burdens and costs. 
One commenter explained that because the merchant cash advance industry 
has never had to track the demographic status of a small business 
owner, implementing the Bureau's rule would require costly programming 
upgrades, adjustments to merchant cash advance funder systems, and 
additional employees to handle the reporting and auditing of these 
functions. This commenter also argued the rule would result in a less 
competitive market dominated by larger players and would put merchant 
cash advances at an unfair disadvantage compared to factoring.
---------------------------------------------------------------------------

    \382\ For instance, of the substantive responses to the 2017 
request for information, comments authored or co-authored by dozens 
of stakeholders (including community and business groups, industry, 
and trade associations) expressed explicit support for requiring the 
reporting of merchant cash advances (and additional letters 
expressed support for covering ``fintech'' or ``alternative online'' 
products more generally).
---------------------------------------------------------------------------

    The Bureau received many comments, primarily from community groups 
and community-oriented lenders, expressing broad support for covering 
merchant cash advances. A few of these commenters pointed to the fact 
that State regulators have started cracking down on the merchant cash 
advance industry due to its lack of transparency and potentially 
predatory practices. A community group and a cross-sector group of 
lenders, community groups, and small business advocates noted that 
merchant cash advances are an important and growing part of small 
business financing, with the community group relaying one merchant cash 
advance provider's announcement that the COVID-19 pandemic created new 
demand for its products, in part because the kinds of smaller firms 
that it primarily serves encountered greater-than-normal challenges to 
accessing capital through traditional bank financing during the 
pandemic. The cross-sector group and another community group stressed a 
need for transparency and noted that there is insufficient data on 
merchant cash advances. The community group acknowledged that reporting 
on merchant cash advances may be more complex due to their different 
terms but argued that these features make transparency into this 
lending channel critical. This commenter also opined that excluding 
merchant cash advances from scrutiny would encourage lenders to 
``double down'' on their use rather than offer more consumer-friendly 
products.
    Several supporters of merchant cash advance coverage, including the 
offices of two State attorneys general, maintained that merchant cash 
advances are clearly credit and they incur repayment liability. A joint 
letter from community and business advocacy groups explained that 
merchant cash advances are distinct from factoring in that a genuine 
factoring transaction creates a completed sale of receivables owed to 
the seller as a result of goods delivered or services provided by the 
seller to a third party. A few commenters asserted that coverage of 
merchant cash advances meets section 1071's statutory purposes. One 
online lender noted that merchant cash advances are not regulated. Many 
commenters expressed strong concerns about high costs and predatory 
practices often associated with merchant cash advances, with the 
majority of these commenters expressing particular concern about use of 
merchant cash advances among minority business owners. A CDFI lender 
explained that it had analyzed several merchant cash advance and 
balance sheet lender agreements provided by its clients and discovered 
that the average product carried an annual percentage rate of 94 
percent, with one product reaching 358 percent. This commenter also 
found that, among the Hispanic borrowers in its sample, the average 
monthly payment was more than 400 percent of their take-home pay. An 
online lender characterized the lack of transparency in pricing 
merchant cash advances as a significant market failure that harms small 
business owners. A community group expressed strong concerns about the 
increasingly common practice of using confessions of judgments (where a 
borrower must agree to allow the lender to obtain a legal judgment 
without going to court) within merchant cash advance lending, citing an 
investigation that found that the number of merchant cash advance cases 
ending with a confession in favor of a merchant cash advance provider 
in New York State rose from 14 cases in 2014 to over 3,500 cases in 
2018.\383\ The commenter noted that the study further found that these 
confession of judgment cases won the merchant cash advance industry an 
estimated $500 million in 2017.\384\
---------------------------------------------------------------------------

    \383\ Zachary R. Mider & Zeke Faux, Sign Here to Lose Everything 
Part 1: ``I Hereby Confess Judgment'' (Nov. 20, 2018), https://www.bloomberg.com/graphics/2018-confessions-of-judgment.
    \384\ Zachary R. Mider & Zeke Faux, Sign Here to Lose Everything 
Part 2: The $1.7 Million Man (Nov. 27, 2018), https://www.bloomberg.com/graphics/2018-confessions-of-judgment-millionaire-
marshal/.
---------------------------------------------------------------------------

    Potential coverage of merchant cash advances under the final rule 
has also drawn the attention of government entities seeking to regulate 
the industry. For example, in response to the SBREFA Outline, the 
California Department of Financial Protection and Innovation submitted 
a comment letter stating that ``nearly all the data points would be 
just as easy for a merchant cash advance company to report as any other 
financial institution.'' In addition, FTC staff submitted a comment 
letter in response to the Bureau's Request for Information on the Equal 
Credit Opportunity Act and Regulation B \385\ noting that the FTC has 
brought many actions protecting small businesses but that detecting 
illegal conduct in this space can be challenging, particularly with 
regard to merchant cash advances. The FTC comment letter urged the 
Bureau to remind small business lenders that whether a particular law 
applies depends on actual facts and circumstances and not solely on how 
one party chooses to characterize the transaction. FTC staff also 
recommended that the Bureau help small businesses through data 
collection, collecting complaints, and education.\386\
---------------------------------------------------------------------------

    \385\ Comment No. CFPB-2020-0026-0117 (Dec. 1, 2020), https://www.regulations.gov/comment/CFPB-2020-0026-0117.
    \386\ Id.
---------------------------------------------------------------------------

    In response to the NPRM, the offices of two State attorneys general 
submitted a comment stating that merchant cash advance transactions 
fall within the definition of credit and that the

[[Page 35223]]

inclusion of merchant cash advance transactions is crucial given the 
rapid expansion of the merchant cash advance market in the past decade 
and limited publicly available data on market size or standard industry 
practices. Having brought enforcement actions against multiple merchant 
cash advance providers, they also asserted that the unregulated nature 
of the merchant cash advance market makes it ripe for the type of 
problematic practices that they have directly observed through their 
investigations into the industry. They expressed strong support for the 
inclusion of merchant cash advance transactions within the scope of the 
Bureau's rule, stating their belief that the rule will promote 
fairness, transparency, and enhanced data collection in the area of 
small business financing, including the rapidly growing merchant cash 
advance market that is targeting small businesses.
    The Bureau also received a few comments about other aspects of its 
proposal to cover merchant cash advances. One commenter advised against 
defining merchant cash advances in the rule, arguing that such a 
definition could be inconsistent with some State laws and thus may 
create additional complexity in complying with the final rule. Another 
commenter urged the Bureau to clarify the application of the rule to 
merchant cash advances, including by clearly defining merchant cash 
advances and explaining how the rule will apply to the particular 
features of merchant cash advance products. Two commenters expressed 
more general support for coverage of sales-based financing.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing its 
definition of ``covered credit transaction'' as proposed. Final Sec.  
1002.104(a) defines the term ``covered credit transaction'' as an 
extension of business credit that is not an excluded transaction under 
Sec.  1002.104(b). Final comment 104(a)-1 reiterates that the term 
``covered credit transaction'' includes merchant cash advances.
    The Bureau believes that the statutory term ``credit'' in ECOA is 
intentionally broad so as to include a wide variety of products without 
specifically identifying any particular product by name. As noted 
above, ECOA defines ``credit'' to mean ``the right granted by a 
creditor to a debtor to defer payment of debt or to incur debts and 
defer its payment or to purchase property or services and defer payment 
therefor.'' As a result, the definition does not explicitly state that 
it applies to any type of credit, whether it be installment loans, 
credit cards, or merchant cash advances. To the extent there is any 
ambiguity about whether a particular product constitutes ``credit,'' 
Congress appears to have intended for the Bureau (or previously, the 
Board) to fill that gap, but neither the Bureau nor the Board have had 
occasion to provide further clarity with respect to coverage of sales-
based financing products like merchant cash advances except to note in 
commentary that factoring, as ``a purchase of accounts receivable,'' 
\387\ is not covered by ECOA or Regulation B. However, based on its 
review of typical merchant cash advance arrangements and its expertise 
with respect to the nature of credit transactions, the Bureau believes 
the term ``credit'' encompasses merchant cash advances and other types 
of sales-based financing. As a result, the Bureau believes that 
merchant cash advances and other sales-based financing are covered by 
the definition of ``credit'' in final Sec.  1002.102(i). The Bureau 
does not believe it is necessary to specifically define merchant cash 
advances or sales-based financing because the broad definition of 
``credit'' in ECOA and Regulation B--includes credit products covered 
by the rule unless the Bureau specifically excludes them.
---------------------------------------------------------------------------

    \387\ Existing comment 9(a)(3)-3.
---------------------------------------------------------------------------

    Nor does the Bureau believe that merchant cash advances should be 
excluded from the rule as a species of factoring because merchant cash 
advances do not constitute factoring within the meaning of the existing 
commentary to Regulation B or the definition in final comment 104(b)-1. 
In factoring transactions, entities receiving financing sell their 
legal right to payment from a third party for goods supplied or 
services rendered, and that right exists at the time of the transaction 
itself; the provider of funds seeks payment directly from the third 
party, and the transaction between the recipient and the provider of 
funds is complete at the time of the sale. In other words, the 
recipient of the financing has no remaining payment obligation, meaning 
that no payment is deferred. In contrast, at the time of the advance in 
a merchant cash advance, the recipient of the financing has no existing 
rights to payment that it can transfer. The transaction thus 
constitutes only a promise by the recipient to transfer funds to the 
provider once they materialize at a later date. The Bureau believes 
that the ECOA definition of credit, by referring to the right to 
``defer'' payments, necessarily invokes this temporal consideration.
    The Bureau does not agree with arguments raised by other commenters 
that merchant cash advances are not ``credit'' under ECOA. 
Specifically, the Bureau does not agree that the purchase of the right 
to a specific portion of a merchant's future proceeds, up to an agreed-
upon limit, constitutes a substantially contemporaneous exchange of 
value between a merchant cash advance provider and a merchant. The 
Bureau notes that a merchant's proceeds from future sales of goods and 
services, by definition, do not exist in the present and thus there can 
be no contemporaneous exchange of value, substantial or otherwise, 
where there is no present right to payment. The Bureau believes 
merchant cash advances are clearly distinguishable from back-dated 
checks, service contracts with staggered payment schedules, and true 
leases (discussed below). Merchant cash advances are typically repaid 
over a period of three to 12 months and the merchant has no existing 
rights to payment that it can transfer to the merchant cash advance 
provider until they materialize at a later date, usually at least a 
month later. The Bureau also notes that under Regulation B, a 
transaction is ``credit'' if there is a right to defer payment of a 
debt--regardless of the number of installments required for repayment 
or whether the transaction is subject to a finance charge.\388\
---------------------------------------------------------------------------

    \388\ Existing comment 2(j)-1.
---------------------------------------------------------------------------

    Furthermore, the Bureau interprets ECOA's definition of credit as 
making dispositive whether one party has granted another the right to 
repay at some time subsequent to the initial transaction, without 
consideration of factors such as the absence of recourse or analysis of 
who bears the risk of loss. Merchant cash advance providers grant such 
a right: they advance funds to small businesses and grant them the 
right to defer repayment by allowing them to repay over time. 
Additionally, as a practical matter, the Bureau understands that 
merchant cash advances are underwritten and function like a typical 
loan (i.e., underwriting of the recipient of the funds; repayment that 
functionally comes from the recipient's own accounts rather than from a 
third party; repayment of the advance itself plus additional amounts 
akin to interest; and, at least for some subset of merchant cash 
advances, repayment in regular intervals over a predictable period of 
time).
    Finally, the Bureau believes that the inclusion of merchant cash 
advances in the Bureau's rule is important to fulfilling both the fair 
lending and the

[[Page 35224]]

business and community development purposes of section 1071.\389\ 
Commenters have warned of high costs and predatory practices in this 
area, and the Bureau is particularly focused on their increasingly 
prevalent use among minority business owners.\390\ The Bureau also 
believes that including merchant cash advances will create a more level 
playing field across financial institutions that provide cash flow 
financing to small businesses by shedding light on such credit 
transactions as well as create a dataset that better reflects demand 
for such financing by the smallest and most vulnerable businesses.
---------------------------------------------------------------------------

    \389\ ECOA section 704B(a).
    \390\ See, e.g., Fed. Rsrv. Bank of N.Y. et al., Latino-Owned 
Businesses: Shining a Light on National Trends (Nov. 2018) (stating 
``Latino business owners are more likely than non-Latino White 
business owners to use credit cards, factoring, and merchant cash 
advances--products that require less collateral and are associated 
with higher average interest rates'').
---------------------------------------------------------------------------

Agricultural-Purpose Credit
Background
    As reported by the 2017 Census of Agriculture,\391\ there are about 
3.4 million farmers and ranchers (``producers'') working on 2 million 
farming and ranching operations (``farms'') in the United States. The 
U.S. Department of Agriculture (USDA) Economic Research Service found 
that family farms (where the majority of the business is owned by the 
operator and individuals related to the operator) of various types 
together accounted for nearly 98 percent of U.S. farms in 2020.\392\ 
Small family farms (less than $350,000 in gross cash farm income) 
accounted for 90 percent of all U.S. farms and large-scale family farms 
($1 million or more in gross cash farm income) make up about 3 percent 
of farms but 44 percent of the value of production.\393\
---------------------------------------------------------------------------

    \391\ The Census of Agriculture is conducted by the USDA every 
five years and provides a detailed picture of farms and the people 
who operate them. See generally U.S. Dep't of Agric., 2017 Census of 
Agriculture (Apr. 2019), https://www.nass.usda.gov/Publications/AgCensus/2017/Full_Report/Volume_1,_Chapter_1_US/usv1.pdf.
    \392\ Econ. Rsch. Serv., U.S. Dep't of Agric., Farming and Farm 
Income (updated Sept. 1, 2022), https://www.ers.usda.gov/data-products/ag-and-food-statistics-charting-the-essentials/farming-and-farm-income/.
    \393\ Id.
---------------------------------------------------------------------------

    According to the 2020 Annual Report of the Farm Credit 
Administration, most agricultural lending (approximately 83 percent) is 
done by either commercial banks or the Farm Credit System (FCS), a 
network of government-sponsored enterprises regulated by the Farm 
Credit Administration, an independent government agency.\394\ The 
USDA's Farm Service Agency accounts for a small share (3 percent) of 
agricultural credit through direct loans and guarantees of loans made 
by private lenders.\395\
---------------------------------------------------------------------------

    \394\ Farm Credit Admin., 2020 Annual Report of the Farm Credit 
Administration, at 20 (2020), https://www.fca.gov/template-fca/about/2020AnnualReport.pdf.
    \395\ Id.
---------------------------------------------------------------------------

    In a July 2019 report, the U.S. Government Accountability Office 
(GAO) discussed its finding that information on the amount and types of 
agricultural credit to socially disadvantaged farmers and ranchers is 
limited,\396\ and suggested that this rulemaking may be a way to engage 
in ``additional data collection and reporting for nonmortgage loans.'' 
\397\ The GAO found that, using 2015-2017 USDA survey data, socially 
disadvantaged farmers and ranchers represented an estimated 17 percent 
of primary producers in the survey, but accounted for only an estimated 
8 percent of total outstanding agricultural debt.\398\ Loans to 
purchase agricultural real estate accounted for most of socially 
disadvantaged farmers and ranchers' outstanding debt (67 percent).\399\ 
Farms with minority or women primary producers \400\ are, on average, 
smaller and bring in less revenue than farms with a non-socially 
disadvantaged primary producer (i.e., a white male)--while socially 
disadvantaged farmers and ranchers represented 30 percent of all farms, 
they operated 21 percent of total farmland and accounted for 13 percent 
of the market value of agricultural products sold in 2017.\401\
---------------------------------------------------------------------------

    \396\ See Gov't Accountability Off., Agricultural Lending: 
Information on Credit and Outreach to Socially Disadvantaged Farmers 
and Ranchers is Limited (2019), https://www.gao.gov/assets/gao-19-539.pdf (GAO Report).
    \397\ Id. at 12.
    \398\ Id. at 16. ``The primary producer is the individual on a 
farm who is responsible for the most decisions. Each farm has only 
one primary producer.'' Id. at 5.
    \399\ Id. at introductory highlights.
    \400\ ``Producers'' are individuals involved in farm decision-
making. A single farm may have more than one producer.
    \401\ See GAO Report at 7.
---------------------------------------------------------------------------

    The share of minority representation in farming, particularly that 
of Black farmers, has declined sharply over the last 100 years.\402\ 
(The number of female producers has increased significantly over the 
last 100 years but remains relatively small compared to male farm 
producers.\403\) Based on the disposition of numerous lawsuits alleging 
discrimination against minority farmers,\404\ the Bureau believes that 
credit discrimination may play a role in this decline. The GAO cites 
advocacy groups for socially disadvantaged farmers and ranchers, which 
have said some socially disadvantaged farmers and ranchers face actual 
or perceived unfair treatment in lending or may be dissuaded from 
applying for credit because of past instances of alleged 
discrimination.\405\ In addition, the GAO cites advocacy groups, 
lending industry representatives, and Federal officials in stating that 
socially disadvantaged farmers and ranchers are more likely to operate 
smaller, lower-revenue farms, have weaker credit histories, or lack 
clear title to their agricultural land, which can make it difficult for 
them to qualify for loans.\406\ The Bureau understands that determining 
the ``creditworthiness'' of a farmer is often a judgmental process in 
which lending decisions are de-centralized and involve weighing many 
discretionary factors, and believes that there are heightened fair 
lending risks in agricultural lending.
---------------------------------------------------------------------------

    \402\ In 1910, approximately 893,370 Black farmers operated 
approximately 41.1 million acres of farmland, representing 
approximately 14 percent of farmers. U.S. Census Bureau, 1910 
Census: Volume 5 (Agriculture), Statistics of Farms, Classified by 
Race, Nativity, and Sex of Farmers, at 298 (1910), https://www2.census.gov/library/publications/decennial/1920/volume-5/06229676v5ch04.pdf. In 2017, of the country's 3.4 million total 
producers, only 45,508 of them (1.3 percent) are Black and they farm 
on only 4.1 million acres (0.5 percent of total farmland); by 
comparison, 95 percent of U.S. producers are white and own 94 
percent of farmland. U.S. Dep't of Agric., 2017 Census of 
Agriculture, at 62, 72 (Apr. 2019), https://www.nass.usda.gov/Publications/AgCensus/2017/Full_Report/Volume_1,_Chapter_1_US/usv1.pdf.
    \403\ In 1910, women farmers represented approximately 4 percent 
of farm workers. See U.S. Census Bureau, 1910 Census: Volume 5 
(Agriculture), Statistics of Farms, Classified by Race, Nativity, 
and Sex of Farmers, at 340 (1910), https://www2.census.gov/library/publications/decennial/1920/volume-5/06229676v5ch04.pdf. As of 2017, 
women account for approximately 36 percent of farmers. See U.S. 
Dep't of Agric., 2017 Census of Agriculture, at 62 (Apr. 2019), 
https://www.nass.usda.gov/Publications/AgCensus/2017/Full_Report/Volume_1,_Chapter_1_US/usv1.pdf.
    \404\ See, e.g., Order, In re Black Farmers Discrimination 
Litig., No. 08-mc-0511 (D.D.C. filed Aug. 8, 2008), https://blackfarmercase.com/Documents/2008.08.08%20-%20PLF%20Consolidation%20Order_0.pdf; Pigford v. Glickman, 206 F.3d 
1212 (D.C. Cir. 2000). See also Garcia v. Vilsack, 563 F.3d 519 
(D.C. Cir. 2009); Love v. Connor, 525 F. Supp. 2d 155 (D.D.C. 2007); 
Keepseagle v. Veneman, No. 99-CIV-03119, 2001 U.S. Dist. LEXIS 25220 
(D.D.C. Dec. 12, 2001).
    \405\ GAO Report at introductory highlights. Additionally, the 
GAO cited these sources as noting that some socially disadvantaged 
farmers and ranchers may not be fully aware of credit options and 
lending requirements, especially if they are recent immigrants or 
new to agriculture. Id.
    \406\ Id.
---------------------------------------------------------------------------

Proposed Rule
    In its proposal, the Bureau noted that credit used for agricultural 
purposes is generally covered by the broad definition of credit under 
ECOA and

[[Page 35225]]

agricultural businesses are included in section 1071's definition of 
small business. Taking into account the information above, the Bureau 
stated that covering agricultural credit in this rulemaking was 
important for advancing both of section 1071's statutory purposes and 
did not propose defining covered credit in a way that would exclude 
agricultural credit from coverage. The Bureau sought comment on the 
potential costs and complexities associated with covering such credit.
Comments Received
    The Bureau received comments on this aspect of the proposal from 
many agricultural lenders, banks, trade associations, and community 
groups. Several community-oriented lenders and many community groups 
voiced support for the Bureau's proposed coverage of agricultural-
purpose credit. A joint letter from community groups, community 
oriented lenders, and business advocacy groups asserted that covering 
agricultural credit will be helpful in advancing the goals of section 
1071 because the vast majority of farms are small and family run, and 
farmers are an important part of the community development landscape, 
and because the litigation regarding discrimination against Black 
farmers shows the risk of discrimination and unequal access is 
significant in the agricultural context. A rural community group argued 
that the Bureau's legislative mandate is clear on this issue because 
agricultural lending falls under ECOA's definition of credit and 
farming operations are correctly included in the proposed rule's 
definition of small business. Several commenters asserted that covering 
agricultural credit serves section 1071's community development and 
fair lending statutory purposes. Another community group expressed its 
belief that 1071 data will allow for promotion of adaptive and 
sustainable agriculture among smaller farmers as opposed to relying on 
large agricultural businesses.
    Some commenters discussed their belief that including agricultural 
credit within the scope of this rule was needed to address historical 
and/or continuing discrimination. A rural community group described the 
challenges relating to justifying claims in the discrimination 
settlements against USDA due specifically to the lack of any other form 
of data to quantify the results of disparities in treatment with access 
to loans. This commenter also relayed minority farmers' experiences of 
being more at risk of foreclosure due to not being told about or not 
being given fair access to many farm programs that benefit white 
farmers and due to receiving unfavorable loans originated with the 
specific intent of pushing these farmers into acceleration and 
foreclosure to remove them from their land. This commenter also 
detailed how the rule would illuminate a host of factors leading to 
disparate treatment of minority farmers, citing conflicts of interest 
among staff of local Farm Service Agency offices, disclosure of loan 
terms, imposition of collateral requirements, and changes in valuations 
of assets in appraisals. This commenter described discouragement of 
minority farmers from making loan applications or requesting loss 
mitigation and asserted that data collection is a proven way to 
document and address such discouragement. The commenter alleged that 
agricultural lenders, notably Farm Credit System lenders, lack the data 
or any system to comply with ECOA.
    One community group maintained that constrained access to capital 
has contributed to the staggering loss of Black-owned farmland in the 
Deep South, while another said that the Bureau's rule will highlight 
the racially disparate impact of facially neutral policies that 
disproportionately result in adverse outcomes for Black farmers, 
including underwriting decisions based on the types of farm, the 
business structure, and land appraisals. A CDFI lender relayed examples 
of issues faced by Black farmers, including: (1) lack of access to 
fair, affordable credit as a barrier for new farmers; (2) lenders and 
local USDA offices that seek to frustrate Black farmers by making 
things more complicated and causing lengthy delays that white farmers 
do not encounter; (3) lack of relationships with banks resulting in 
their being less willing to work with the farmers and provide 
assistance during the loan application process; (4) agricultural loan 
underwriting criteria that favor beef, cattle, and grain production, 
which are often the enterprises of large-scale white farmers; (5) 
alternative financing from a private lender not being an adequate 
substitute for having fair access to government lending programs with 1 
percent interest and 40 year terms; and (6) Black farmers often being 
unable to secure financing and thus being left with no choice but to 
sell their land to white farmers.
    Several commenters stressed the need for transparency due to lack 
of sufficient data on agricultural lending markets. One such commenter 
noted that the USDA has not made its limited data--which includes only 
numbers of loans applied for, made, and denied, at the county level--
easily available to the public. This commenter also argued that 
comprehensive data are particularly important to increase equity and 
uniformity in loan modifications and restructurings and to assist with 
decisions related to pandemic relief programs and the grant of 
specialized loan servicing. Another commenter suggested that 1071 data 
would help the USDA, the SBA, and other relevant government agencies 
better understand the needs of small agricultural businesses and noted 
that agricultural credit extends beyond acquisition of inventory 
farmland to include operational loans, agricultural machinery and 
building loans, and loans to develop local markets for selling 
agricultural products. A community group dismissed concerns that 
agricultural lending data would be too complex to collect and report, 
because it is already reported under CRA.
    Some commenters suggested changes and clarifications related to 
applying the Bureau's rule to agricultural credit. One community group 
suggested the Bureau modify or clarify data collection to identify 
forms of disparate treatment unique in small-scale farm operations that 
may differ from other small businesses. This commenter also suggested 
that the Bureau clarify that the rule covers the Farm Service Agency, 
the Farm Credit System, all lenders making Farm Service Agency 
guaranteed loans, and the full range of other entities that provide 
credit to small farm businesses. A number of Farm Credit System lenders 
expressed support for a trade association letter that discussed how 
agricultural lending is fundamentally different from small commercial 
lending and requested a different small business definition to account 
for how they would be disproportionately covered by the rule. These 
comments are discussed in more detail in the section-by-section 
analysis of Sec.  1002.106(b). One agricultural community group 
suggested that base acre payment transactions (transactions that take 
into account certain government payments, which are in turn based on a 
farm's historic crop yield) should be considered covered credit 
transactions because of concerns that base program acres may not 
benefit Native American farmers and because base acre payments are 
often used to prove or deny a farmer's request for loan origination or 
modification.
    Some industry commenters requested an exclusion for agricultural 
credit from the Bureau's rule. One credit union association argued that 
agricultural lending should be exempted because many agricultural 
borrowers are serviced by small local community financial institutions, 
including credit

[[Page 35226]]

unions whose members are agriculturally based and whose members and 
borrowers are represented on the credit unions' board of directors. A 
few other commenters asserted that agricultural credit is not 
comparable to other types of small business lending and urged the 
Bureau to exempt it on those grounds; one stated that it does not make 
sense to compare a 200-acre farm with a gas station. A trade 
association pointed to different treatment under CRA and HMDA as 
evidence that it was unlikely that section 1071 was enacted to cover 
agricultural lending because their underwriting criteria are distinct 
and different from small business loans. A bank also suggested 
exempting agricultural lending, maintaining that its numbers would not 
be useful for fair lending purposes because unlike small business loans 
that are more on a one loan to one borrower or two-to-one basis, its 
agricultural portfolio included multiple loans to the same borrower. A 
few commenters argued that covering agricultural credit under the rule 
would have an outsized impact on farmers by increasing this cost of 
credit and reducing its availability. A trade association asserted that 
the burden of section 1071 compliance may force small lenders to reduce 
their lending below the exemption threshold, which in turn may limit 
the access to agricultural credit because large banks often do not 
engage in significant agricultural lending.
Final Rule
    For the reasons set forth herein, the Bureau is not defining a 
``covered credit transaction'' in final Sec.  1002.104 in a way that 
would exclude agricultural credit from the final rule. Credit used for 
agricultural purposes is generally covered by the broad definition of 
credit under ECOA. First, ECOA's definition of ``credit'' is not 
limited to a particular use or purpose and Regulation B expressly 
covers agricultural-purpose credit. Further, ECOA does not provide an 
exception for agricultural credit, and it assigns enforcement authority 
to regulators of agricultural lending such as the Secretary of 
Agriculture and the Farm Credit Administration.\407\ Moreover, 
agricultural businesses are included in section 1071's statutory 
definition of small business.\408\ The Bureau believes that covering 
agricultural credit in this rulemaking is important for advancing both 
of section 1071's statutory purposes and is not excluding agricultural 
credit from the final rule. The Bureau notes that most of the comments 
received on this aspect of the proposal were in favor of the rule 
covering agricultural lending. Even the many comments that the Bureau 
received from Farm Credit System lenders and related associations 
generally focused on urging the Bureau to adopt a separate small farm 
definition rather than a wholesale exclusion of agricultural credit.
---------------------------------------------------------------------------

    \407\ See 15 U.S.C. 1691c; Regulation B Sec.  1002.16(a).
    \408\ ECOA section 704B(h)(2) (defining a small business as 
having the same meaning as the term ``small business concern'' in 
section 3 of the Small Business Act (15 U.S.C. 632)). Section 
704B(h)(2) defines small business by reference to the Small Business 
Act definition of a small business concern, which includes 
independently owned and operated ``enterprises that are engaged in 
the business of production of food and fiber, ranching and raising 
of livestock, aquaculture, and all other farming and agricultural 
related industries.'' 15 U.S.C. 632(a)(1).
---------------------------------------------------------------------------

    As noted above, the products discussed in this rule do not 
constitute an exhaustive list of covered credit transactions; other 
types of business credit not specifically described in the rule and its 
associated commentary nevertheless constitute covered credit 
transactions unless excluded by final Sec.  1002.104(b). In line with 
this approach, the Bureau thus is not delineating certain products 
(such as base acre payment transactions) as covered credit 
transactions.
    The Bureau does not believe it would appropriate to exclude 
agricultural credit from the rule, as requested by some commenters. 
With regard to the concern that agricultural lending should be exempted 
because of the impact on small local community financial institutions, 
such as credit unions, the Bureau notes that it is increasing its 
institutional coverage threshold, as discussed in the section-by-
section analysis of Sec.  1002.105 below, to limit any risk of impact 
on smaller financial institutions or of market disruption in the small 
business lending sector. By declining to draw a potentially blurry line 
between business-purpose credit and agricultural-purpose credit, the 
Bureau also believes that its finalized inclusive approach will better 
enable it to ensure that financial institutions that are offering 
business credit are complying with the final rule.
    With respect to comments asserting that agricultural credit is 
unique and not comparable to other types of small business lending, the 
Bureau acknowledges that every small business industry has its own 
unique characteristics. In order to fulfill section 1071's business and 
community development purpose and to address the particularities of 
certain lending models, the Bureau is providing clarification regarding 
how reporting rules apply to certain covered credit transactions and is 
also not covering certain transactions. For the reasons described 
herein, however, the Bureau is not categorically exempting agricultural 
credit from the rule.
    Moreover, the Bureau believes that data on agricultural credit will 
be useful for fair lending purposes. As discussed above, there is some 
evidence that minority-owned farms may obtain, or may be offered, 
higher interest rates and less favorable terms on agricultural credit. 
Data collected and reported under this final rule will allow the 
Bureau, other government agencies, and other data users to have insight 
into the existing market, observe the market for potentially troubling 
trends, and conduct fair lending analyses.
    The Bureau has considered the comments arguing that covering 
agricultural credit under the rule would have an outsized impact on 
farmers by increasing this cost of credit and reducing its 
availability. The Bureau has also considered the claim that small 
lenders will reduce their lending below the exemption threshold, which 
in turn may limit the access to agricultural credit because large banks 
often do not engage in significant agricultural lending. The Bureau 
does not believe that there is a significant risk that lenders will 
reduce their agricultural lending as a result of this rule such that 
there will be a marked impact on the availability of agricultural 
credit. Moreover, as noted in the section-by-section analysis of Sec.  
1002.105 below, the Bureau is increasing its institutional coverage 
threshold for the final rule to reduce the impact on financial 
institutions with the lowest volume of small business lending, 
including agricultural lenders.
    Based on its review of the GAO Report,\409\ the decline of minority 
representation in farming over the last 100 years,\410\ the disposition 
of numerous lawsuits alleging discrimination against minority

[[Page 35227]]

farmers,\411\ and comments discussing how the inclusion of agricultural 
credit in the rule is needed to address historical and/or continuing 
discrimination, the Bureau finds that covering agricultural credit is 
crucial to serving section 1071's purpose of facilitating enforcement 
of fair lending laws.
---------------------------------------------------------------------------

    \409\ See, e.g., GAO Report at 16.
    \410\ In 1910, approximately 893,370 Black farmers operated 
approximately 41.1 million acres of farmland, representing 
approximately 14 percent of farmers. U.S. Census Bureau, 1910 
Census: Volume 5 (Agriculture), Statistics of Farms, Classified by 
Race, Nativity, and Sex of Farmers, at 298 (1910), https://www2.census.gov/library/publications/decennial/1920/volume-5/06229676v5ch04.pdf. In 2017, of the country's 3.4 million total 
producers, only 45,508 of them (1.3 percent) are Black and they farm 
on only 4.1 million acres (0.5 percent of total farmland); by 
comparison, 95 percent of U.S. producers are white and own 94 
percent of farmland. U.S. Dep't of Agric., 2017 Census of 
Agriculture, at 62, 72 (Apr. 2019), https://www.nass.usda.gov/Publications/AgCensus/2017/Full_Report/Volume_1,_Chapter_1_US/usv1.pdf.
    \411\ See, e.g., Order, In re Black Farmers Discrimination 
Litig., No. 08-mc-0511 (D.D.C. filed Aug. 8, 2008), https://blackfarmercase.com/Documents/2008.08.08%20-%20PLF%20Consoli-dation%20Order_0.pdf; Pigford v. Glickman, 206 F.3d 1212 (D.C. Cir. 
2000). See also Garcia v. Vilsack, 563 F.3d 519 (D.C. Cir. 2009); 
Love v. Connor, 525 F. Supp. 2d 155 (D.D.C. 2007); Keepseagle v. 
Veneman, No. 99-CIV-03119, 2001 U.S. Dist. LEXIS 25220 (D.D.C. Dec. 
12, 2001).
---------------------------------------------------------------------------

    The Bureau furthers finds that covering agricultural credit is 
vital to enable communities, governmental entities, and creditors to 
identify business and community development needs and opportunities of 
small businesses, including small farms. The Bureau agrees with 
commenters that stressed the need for transparency due to lack of 
sufficient data on agricultural lending markets. The Bureau believes 
that the transparency afforded by data collected and reported under 
this final rule will empower rural communities to better address the 
challenges they face, particularly with regard to equitable credit 
access. Representatives of these communities appear to agree--in a 
recent letter addressed to the House and Senate Agriculture and 
Financial Services and Banking committees characterizing the proposed 
rule as ``pro-farmer,'' multiple community groups noted that ``[s]mall 
farmers have consistently demanded more transparent and fair markets, 
and our members know that having an accurate and up-to-date picture of 
agricultural lending will help farmers and consumers, not hurt them.'' 
\412\ Relatedly, in a recent report, the Bureau found that rural 
communities face unique challenges in accessing and using consumer 
financial products and that further research is required to better 
understand the needs of rural households and how the Bureau can best 
ensure that rural residents have equitable access to financial 
markets.\413\
---------------------------------------------------------------------------

    \412\ HEAL (Health, Environment, Agriculture, Labor) Food All., 
Rural Coal., Nat'l Young Farmers Coal., Ctr. for Responsible Lending 
et al., RE: Support for Proposed Section 1071 rule and Opposition to 
H.R.7768--Farm Credit Administration Independent Authority Act (R. 
Davis) (Sept. 14, 2022), https://www.ushcc.com/advocacy-letters.html.
    \413\ CFPB, Data Spotlight: Challenges in Rural Banking Access 
(Apr. 2022), https://files.consumerfinance.gov/f/documents/cfpb_data-spotlight_challenges-in-rural-banking_2022-04.pdf.
---------------------------------------------------------------------------

    The Bureau notes that many agricultural lenders have already been 
collecting and reporting some form of data by HMDA, the CRA, and/or the 
Farm Credit Administration and so should be able to adapt to the data 
collection requirements mandated by Congress. Additionally, to the 
extent that commenters were concerned about the impact on the smallest 
agricultural lenders, many of those concerns are addressed by the 
Bureau's decision, as discussed in the section-by-section analysis of 
Sec.  1002.105(b) below, to require data collection and reporting only 
by financial institutions that meet a 100-loan threshold. In short, as 
further discussed in part IX below, the Bureau does not anticipate any 
material adverse effect on credit access in the long or short term to 
rural small businesses.
104(b) Excluded Transactions
    Proposed Sec.  1002.104(b) would have provided that the 
requirements of subpart B do not apply to trade credit, public 
utilities credit, securities credit, and incidental credit. Proposed 
comments 104(b)-1 and -2 would have made clear that the term covered 
credit transaction also does not cover factoring and leases. Proposed 
comments 104(b)-3 and -4 would have clarified that the term covered 
credit transaction does not include consumer-designated credit or 
credit secured by certain investment properties because such 
transactions are not business credit. In the NPRM, the Bureau also 
discussed its proposed treatment of extensions of credit made to 
governments or governmental subdivisions, agencies, or 
instrumentalities and certain purchases of covered credit transactions.
    The Bureau received comments on its overall approach to Sec.  
1002.104(b) from several banks, trade associations, individuals, and 
members of Congress. Two industry commenters supported the exclusions 
as proposed, with another commenter expressing support but also 
suggesting expansion. Two commenters suggested listing all exclusions 
in the regulatory text with any clarifications of those exclusions set 
out in the commentary. A bank trade association urged the Bureau to 
extend section 1071 requirements to all nontraditional lenders and 
nontraditional products to avoid leaving open the opportunity for the 
abuse or dissatisfaction of small business borrowers to go undetected 
or disadvantaging highly regulated institutions such as community 
banks. A joint letter from several members of Congress asked the Bureau 
reconsider its proposed exclusions on the grounds that such exclusions 
would lead to a gap in understanding of the small business lending 
marketplace and whether entities are in compliance with fair lending 
laws. Comments received regarding specific exclusions, including 
additional exclusions sought by commenters, are discussed in greater 
detail below.
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.104(b) to provide that the requirements of subpart B do not apply 
to trade credit, HMDA-reportable transactions, insurance premium 
financing, public utilities credit, securities credit, and incidental 
credit. In response to comments received, the Bureau is excluding HMDA-
reportable transactions from coverage under the final rule. As a 
result, the Bureau believes that proposed comment 104(b)-4 that would 
have made clear that the term ``covered credit transaction'' does not 
cover credit secured by certain investment properties is not necessary. 
Final comments 104(b)-1 and -2 make clear that the term covered credit 
transaction also does not cover factoring and leases. Final comment 
104(b)-3 clarifies that the term covered credit transaction does not 
include consumer-designated credit because such transactions are not 
business credit. New comment 104(b)-4 provides clarification regarding 
certain purchases of covered credit transactions, including pooled 
loans, and partial interests. All of these provisions are discussed in 
detail below.
    The Bureau has considered comments suggesting that all exclusions 
be listed in the regulatory text. The Bureau appreciates the need for 
clarity in articulating which products must be reported under this 
final rule but believes that it can provide sufficient clarity through 
its regulatory text and commentary. The Bureau's approach 
differentiates between products that meet the definition of both 
``credit'' and ``business credit'' under Regulation B, and between 
those products that the Bureau is excluding (for reasons discussed 
below) pursuant to its exception authority under ECOA section 
704B(g)(2). Products excepted under section 704B(g)(2) are enumerated 
in the regulatory text. Such specific exclusion is not necessary for 
products the Bureau considers not to be ``business credit'' in the 
first place; however, the Bureau believes that identifying and 
describing some such products in the commentary--which it has done--
will provide clarity and facilitate compliance.

[[Page 35228]]

104(b)(1) Trade Credit
Background
    Under existing Regulation B, trade credit refers to a ``financing 
arrangement that involves a buyer and a seller--such as a supplier who 
finances the sale of equipment, supplies, or inventory; it does not 
apply to an extension of credit by a bank or other financial 
institution for the financing of such items.'' \414\ Thus, trade credit 
typically involves a transaction in which a seller allows a business to 
purchase its own goods or services without requiring immediate payment 
in full, and the seller is not otherwise involved in financial services 
and does not otherwise provide credit that could be used for purposes 
other than the purchase of its own goods or services.\415\ Businesses 
offering trade credit generally do so as a means to facilitate the sale 
of their own goods and not as a stand-alone financing product or a more 
general credit product offered alongside the sale of their own goods or 
services.
---------------------------------------------------------------------------

    \414\ Comment 9(a)(3)-2.
    \415\ See comment 9(a)(3)-2.
---------------------------------------------------------------------------

    Although ECOA and Regulation B generally may apply to trade credit, 
most of the specific notification requirements of existing Regulation B 
do not apply to trade credit transactions.\416\ The Bureau's White 
Paper estimated that trade credit represents approximately 21 percent 
of the aggregate dollar volume of various financial products used by 
small businesses.\417\ The Bureau understands that there are tens of 
thousands of merchants and wholesalers that extend credit to small 
businesses solely in connection with the sale of their goods and 
services.
---------------------------------------------------------------------------

    \416\ See Sec.  1002.9(a)(3)(ii).
    \417\ White Paper at 21 fig. 2.
---------------------------------------------------------------------------

Proposed Rule
    The Bureau proposed to not cover trade credit in the section 1071 
final rule. Proposed Sec.  1002.104(b)(1) would have defined trade 
credit as a financing arrangement wherein a business acquires goods or 
services from another business without making immediate payment to the 
business providing the goods or services. Proposed comment 104(b)(1)-1 
would have provided that an example of trade credit is one that 
involves a supplier that finances the sale of equipment, supplies, or 
inventory. Proposed comment 104(b)(1)-1 would have provided that an 
extension of business credit by a financial institution other than the 
supplier for the financing of such items is not trade credit. Proposed 
comment 104(b)(1)-2 would have clarified that the definition of trade 
credit under existing comment 9(a)(3)-2 applies to relevant provisions 
under existing Regulation B, and that proposed Sec.  1002.104(b)(1) is 
not intended to repeal, abrogate, annul, impair, or interfere with any 
existing interpretations, orders, agreements, ordinances, rules, or 
regulations adopted or issued pursuant to existing comment 9(a)(3)-2. 
The Bureau sought comment on its proposal to exclude trade credit from 
the rule and on its proposed definition of trade credit.
Comments Received
    The Bureau received comments on this aspect of the proposal from a 
range of commenters, including banks, trade associations, and a 
business advocacy group. Several industry commenters expressed general 
support for the proposal to exclude trade credit. However, some of 
these commenters advocated expanding the exclusion. For instance, one 
commenter suggested that all asset-based financing should be excluded 
as trade credit, arguing that if the rule should not apply to sellers 
to facilitate their sales of goods, the rule also should not apply to 
their ``behind the scenes'' non-recourse factors and asset-based 
lenders who facilitate those sales. Two commenters urged broadening the 
proposed exclusion to include captive finance companies when they are 
financing equipment manufactured by their parent companies because 
these companies exist solely to facilitate the acquisition of the 
original equipment manufacturers' products. A few comments more broadly 
asked that the Bureau not limit the exclusion to ``in-house'' trade 
credit, suggesting that trade credit offered by financial institutions 
allows more suppliers to offer trade credit programs, and as a result 
provides more opportunities for credit access to small businesses. 
These commenters additionally argued that such expansion is needed to 
prevent uneven regulatory treatment, to promote competition in the 
market for trade credit, to avoid pushing more business transactions 
into a less regulated environment, and to obtain more fulsome data 
collection and reporting on trade credit. A trade association asked the 
Bureau to clarify that the trade credit exclusion encompasses auctions 
where a buyer may pay for acquired property at a later date.
    A few other industry commenters urged the Bureau to cover trade 
credit in the final rule. Two of these commenters argued that providers 
of trade credit, especially in the agricultural sector, are competitors 
to traditional lenders, and should be covered. One commenter asked the 
Bureau to provide several specific transaction examples so that covered 
financial institutions can readily identify those transactions that 
they must report on, and those that are exempted. Another commenter 
asked the Bureau to clarify whether floor plan financing, which 
generally allows merchants to stock inventory available for sale 
without advance payment to the manufacturer or distributor, would fall 
within the proposed trade credit exclusion. This commenter noted that 
floor plan finance companies support merchants by allowing them to 
maintain some level of inventory with frequent adjustments to the 
financing and payment terms, and they may be affiliated with the 
manufacturer or distributor.
    Several commenters urged the Bureau to expand its trade credit 
exclusion to private label or cobranded credit. These commenters 
primarily argued that such transactions need to be quickly completed, 
often at a point-of-sale, and that asking for protected demographic 
information and other required data may reduce the supply and demand 
for such credit. A few commenters suggested that if the Bureau were to 
include private label and co-branded transactions in the final rule, it 
should only require the collection and reporting of such transactions 
over $50,000 to mitigate the impact of their inclusion.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing largely 
as proposed its exclusion for trade credit in this final rule. Final 
Sec.  1002.104(b)(1) defines trade credit as a financing arrangement 
wherein a business acquires goods or services from another business 
without making immediate payment in full to the business providing the 
goods or services. The Bureau has added the words ``in full'' to the 
proposed definition to account for the fact that trade credit may 
include an immediate partial payment or down payment to the businesses 
providing the goods or services. Final comment 104(b)(1)-1 provides 
that an example of trade credit is one that involves a supplier that 
finances the sale of equipment, supplies, or inventory. Final comment 
104(b)(1)-1 provides that an extension of business credit by a 
financial institution other than the supplier for the financing of such 
items is not trade credit, and it also provides that credit extended by 
a business providing goods or services to another business is not trade 
credit for the purposes of subpart B where the supplying business 
intends

[[Page 35229]]

to sell or transfer its rights as a creditor to a third party, such as 
a financial institution. Final comment 104(b)(1)-2 clarifies that the 
definition of trade credit under existing comment 9(a)(3)-2 applies to 
relevant provisions under existing Regulation B, and that Sec.  
1002.104(b)(1) is not intended to repeal, abrogate, annul, impair, or 
interfere with any existing interpretations, orders, agreements, 
ordinances, rules, or regulations adopted or issued pursuant to 
existing comment 9(a)(3)-2.
    The Bureau is adopting a definition of ``covered credit 
transaction'' that excludes trade credit pursuant to its authority 
under ECOA section 704B(g)(1) to prescribe such rules and issue such 
guidance as may be necessary to carry out, enforce, and compile data 
under section 1071, as well as its authority under ECOA 704B(g)(2) to 
adopt exceptions to any requirement of section 1071 and to 
conditionally or unconditionally exempt any financial institution or 
class of financial institutions from the statute's requirements, as the 
Bureau deems necessary or appropriate to carry out the purposes of 
section 1071. While trade credit constitutes ``credit'' within the 
meaning of Sec.  1002.102(i) and may constitute ``business credit'' 
within the meaning of Sec.  1002.102(d), depending on its purpose, and 
therefore generally covered by ECOA, the Bureau believes that trade 
credit is different from products like loans, lines of credit, credit 
cards, and merchant cash advances and that there are several reasons to 
exclude it from coverage. The Bureau does not believe it would be 
appropriate to include trade credit in the scope of this final rule, 
despite some commenters' assertions that providers of trade credit in 
the agricultural sector would have a competitive advantage over other 
lenders.
    Trade credit is not a general-use business lending product--that 
is, trade creditors generally extend credit as a means to facilitate 
the sale of their own goods or services, rather than offering credit as 
a stand-alone financial product or as more general credit product 
offered alongside the sale of their own goods or services. The Bureau 
believes that while trade creditors might meet the definition of a 
financial institution under Sec.  1002.105(a), they are not primarily 
financial services providers, nor do they have the infrastructure 
needed to manage compliance with regulatory requirements associated 
with making extensions of credit. The Bureau understands that trade 
credit can be offered by entities that are themselves very small 
businesses; these entities, in particular, may incur large costs 
relative to their size to collect and report small business lending 
data in an accurate and consistent manner.\418\ Taken together, 
requiring trade credit to be reported under subpart B could lead to 
significant data quality issues. The Bureau also wants to avoid the 
risk that the fixed costs of coming into compliance with the rule could 
lead these businesses to limit offering trade credit to their small 
business customers, which may run contrary to the business and 
community development purpose of section 1071. These concerns are 
distinct from coverage generally under ECOA and Regulation B, which as 
noted above may still apply to trade credit.
---------------------------------------------------------------------------

    \418\ See Leora Klapper et al., Trade Credit Contracts, 25 
Review of Fin. Studies 838-67 (2012), https://academic.oup.com/rfs/article/25/3/838/1616515, and Justin Murfin & Ken Njoroge, The 
Implicit Costs of Trade Credit Borrowing by Large Firms, 28 Review 
of Fin. Studies 112-45 (2015), https://academic.oup.com/rfs/article/28/1/112/1681329.
---------------------------------------------------------------------------

    The Bureau does not believe that the trade credit exclusion should 
be expanded to include all asset-based financing, captive finance 
companies, or trade credit offered by financial institutions that are 
not suppliers of goods or services, as requested by some commenters. 
The Bureau believes that, unlike trade creditors themselves, such 
providers offer stand-alone credit products in the same way as other 
financial institutions and are not retailers or merchants with limited 
regulatory compliance experience. As such, the Bureau does not have the 
same concerns about data quality or reduced small business lending by 
affiliates and facilitators that it does about trade creditors 
themselves. Thus, the Bureau is finalizing its definition of trade 
credit in Sec.  1002.104(b)(1) to focus on the business providing the 
goods or services being financed. The trade credit exclusion does not 
extend to affiliates and facilitators of trade creditors that provide 
financing, even if only for the trade creditor's products and not for 
competing or unrelated products. Thus, provided that they otherwise 
meet the definition of a covered financial institution in Sec.  
1002.105(b), such affiliates and facilitators must collect and report 
data under the rule.
    The Bureau also is not making further revisions to the regulatory 
text or commentary. With respect to the suggestion that the Bureau 
clarify that the trade credit exclusion encompasses auctions, the 
Bureau notes that because auction houses generally do not supply 
equipment, supplies, or inventory but rather facilitate sales for 
others, they do not offer trade credit under final Sec.  
1002.104(b)(1). However, other exclusions, such as the exclusion for 
incidental credit discussed below, may apply to such transactions. The 
Bureau is not adding further transaction examples, as only one comment 
requesting such additions and it otherwise appears that commenters 
understood that the proposed exclusion was intended to narrowly cover 
credit directly extended by the supplier of goods and services. 
Regarding floor plan financing, the Bureau notes that under final Sec.  
1002.104(b)(1), the trade credit exclusion applies where the 
manufacturer or distributor is financing its own inventory, but not 
where a financial institution is providing the financing and receiving 
payment.
    The Bureau is also not expanding the trade credit exclusion to 
cover private label or cobranded credit transactions, which are credit 
transactions (typically, credit cards, but also revolving lines of 
credit and installment loans) that are originated at or facilitated by 
financial institutions through retailers either in-store or through a 
website. Moreover, as explained in the section-by-section analysis of 
Sec.  1002.107(a)(5), the Bureau believes it is important to capture 
these products as a separate credit type. As that section explains, a 
private-label credit card account is a credit card account that can 
only be used to acquire goods or services provided by one business (for 
example, a specific merchant, retailer, independent dealer, or 
manufacturer) or a small group of related businesses. A co-branded or 
other card that can also be used for purchases at unrelated businesses 
is not a private-label credit card.
    The Bureau believes that covering private label or cobranded credit 
transactions supports section 1071's statutory purposes. For instance, 
the Bureau believes that having robust data on this important source of 
financing will help to better understand small business needs. In 
researching the consumer credit card market, for example, the Bureau 
learned that while private label card account holding has declined 
relative to general purpose cards,\419\ late fees comprised the

[[Page 35230]]

overwhelming majority--91 percent--of all consumer fees and 25 percent 
of total interest and fees for private label cards (compared to 45 
percent and 7 percent, respectively, for general purpose credit 
cards).\420\ Additionally, since private label and cobranded credit 
accounts are typically offered and serviced by financial institutions, 
with applications typically submitted directly to the financial 
institution via a website, the Bureau does not have the same concerns 
related to data quality or regulatory compliance as it does with trade 
credit offered by a supplier of goods and services who is not in the 
business of providing financial services. The Bureau also is not 
placing a $50,000 minimum threshold on such transactions, as suggested 
by a few commenters, because doing so would exclude significant 
portions of small business lending. The Bureau does not believe that 
such an approach would further the purposes of section 1071.
---------------------------------------------------------------------------

    \419\ The Bureau estimates that around 90 million consumers hold 
at least one general purpose and at least one private label card. 
Some 79 million hold only general-purpose cards. Just under 9 
million hold only private label cards. General purpose cards remain 
prevalent, while private label cardholding has become relatively 
less common. By year-end 2020, there were 485 million open general 
purpose card accounts and 214 million open private label accounts. 
General purpose cardholding is just as common today as it was prior 
to the Great Recession, though that share is down from 63 percent on 
the eve of the pandemic. In contrast, 36 percent of adults held at 
least one private label card in 2020, compared to 52 percent in 
2005. Consumers in all credit score tiers have seen declines in 
private label card account holding. Most general purpose and private 
label cards are held by consumers with superprime scores. CFPB, The 
Consumer Credit Card Market, at 25-26 (Sept. 2021), https://files.consumerfinance.gov/f/documents/cfpb_consumer-credit-card-market-report_2021.pdf.
    \420\ See CFPB, Credit card late fees, at 13 (Mar. 2022), 
https://files.consumerfinance.gov/f/documents/cfpb_credit-card-late-fees_report_2022-03.pdf.
---------------------------------------------------------------------------

104(b)(2) HMDA-Reportable Transactions
Proposed Rule
    The potential for overlap exists between section 1071 and HMDA 
because HMDA reporting requirements apply to mortgages regardless of 
whether they are consumer-purpose or business-purpose, so long as they 
are secured by residential real property. Section 1071 applies to all 
small business credit, regardless of what the credit is to be used for. 
For example, a mortgage intended to finance the purchase of an 
investment property would be covered by HMDA, assuming relevant 
institutional thresholds and other coverage criteria were otherwise 
met. If the mortgage applicant is a natural person, their ethnicity, 
race, and sex would be captured and reported under HMDA. However, if 
the mortgage applicant were a non-natural person (e.g., a limited 
liability company or a corporation), then the lender would not collect 
demographic data under HMDA. That is, the lender would still need to 
report the application under HMDA, but they would report ethnicity, 
race, and sex as ``not applicable.'' But under the Bureau's proposed 
rule, the lender would have captured the applicant's principal owners' 
ethnicity, race, and sex.
    In its NPRM, the Bureau stated that by proposing to adopt 
Regulation C's definition of dwelling and its commentary regarding 
investment properties, the Bureau sought to ensure consistency and 
minimize compliance burdens for financial institutions that must also 
report credit transactions covered by HMDA (that is, HMDA-reportable 
transactions). Using the 2019 HMDA data, the Bureau had found that 
close to 2,000 lenders and around 530,000 applications indicated a 
``business or commercial purpose'' and around 500,000 applications were 
used for an ``investment'' (as defined by the occupancy code) purpose. 
Of those applications, around 50,000 were for 5+ unit properties. The 
overall number of applications the Bureau expected to be reported 
annually under the proposed rule would have been around 26 million. 
Thus, the Bureau had anticipated a relatively small but not 
insignificant overlap regarding real estate investment loans between 
HMDA and section 1071.
    Also in its proposal, the Bureau stated that it had considered 
excluding all transactions that were also reportable under HMDA but 
believed such an exclusion would have added complexity to data 
analysis. The Bureau understood that requiring lenders to find and 
delete from databases that supply their small business lending data 
submission only those transactions that also appear in HMDA may require 
a separate scrub of the data and create additional compliance burden, 
as well as compliance risk, if HMDA-reportable transactions are not 
deleted from a small business lending data submission. For example, if 
a small business wants to purchase a 5+ dwelling unit property (that 
is, HMDA reportable), the financial institution would have to make sure 
it is not collecting protected demographic information on principal 
owners, even though that information must be collected for every other 
type of loan that same business might apply for. The Bureau also 
believed that it may not be possible to identify loans in the HMDA data 
that, but for this exclusion, would be reported under the Bureau's rule 
implementing section 1071 because the financial institution would need 
to know which HMDA applications are for small businesses versus large 
businesses. Moreover, excluding HMDA-reportable applications could mean 
that a financial institution that is below the HMDA reporting threshold 
would not report these loans at all.
    Further, in addition to not being able to distinguish which 
applications are from small and not large businesses, the Bureau noted 
in its proposal its concerns that excluding all transactions that were 
also reportable under HMDA may be at odds with the statutory purposes 
of section 1071. The Bureau explained that the following proposed data 
points would not be collected for applications only reported under 
HMDA: (1) the principal owner's ethnicity, race, and sex where the 
applicant is an entity not an individual; (2) minority-owned and women-
owned business status; (3) gross annual revenue; and (4) other data 
points such as pricing, NAICS code, and number of workers.
    For applications that, under the proposal, would have been reported 
under both HMDA and section 1071 (generally, business credit secured by 
dwellings, with the exception of credit secured by 1-4 individual 
dwelling units that the applicant or one or more of the applicant's 
principal owners does not, or will not, occupy), the Bureau sought 
comment on whether it should require such applications to be flagged as 
such when reported under subpart B. The Bureau noted its belief that 
for data integrity and analysis purposes, it may be helpful to know if 
a loan is in both datasets and a dual reporting flag may help ensure 
any data analysis is not double-counting certain applications.
Comments Received
    The Bureau received comments on this aspect of the proposal from a 
range of commenters, including lenders, trade associations, community 
groups, and a business advocacy group. Only one commenter, a community 
group, expressly supported dual reporting. The Bureau received a 
general suggestion to connect a loan to a HMDA record and then capture, 
under HMDA, demographic data on corporate entities, and expand its 
coverage to include more lenders, such as government entities and 
CDFIs. Two commenters suggested the Bureau provide a section 1071/HMDA 
sample form to aid dual reporting compliance. Some industry commenters 
generally stressed the need for consistency among reporting regimes and 
asked the Bureau to reconcile any differences.
    Numerous comments, echoing those made by a trade association, urged 
the CFPB to avoid duplicative and inconsistent reporting of HMDA and 
CRA data in order to reduce compliance burden and the potential for 
inaccurate data reporting. An agricultural lender suggested the Bureau 
might be able to obtain 1071 data using the existing

[[Page 35231]]

definitions and collection process currently in place for covered 
institutions under HMDA. A few credit union trade associations 
maintained that reporting of HMDA-reportable transactions should be 
voluntary. A bank recommended the Bureau remove and avoid data 
collection requirements that are duplicative and/or inconsistent, 
providing the example of misaligned action taken categories or 
alternatively, eliminate all business-purpose loans from the HMDA 
reporting requirement. A credit union argued that the benefit of dual 
reporting does not justify the increased burdens.
    A few industry commenters stated that if dual reporting is required 
under the final rule, a dual reporting flag would be useful. Another 
commenter opposed adoption of a dual reporting flag, arguing that 
flagging entries will be a manual process that will increase the time 
it takes to file both reports and increase the possibility of making an 
error.
    Almost all the comments on this aspect of the proposal argued 
against the proposal to report HMDA-reportable transactions under this 
rule. Some opponents to dual reporting urged the Bureau to exclude all 
HMDA-reportable transactions from this rule, while others recommended 
excluding transactions covered by this rule (such as business purpose 
loans) from Regulation C. A few other commenters did not express a 
preference and asked that the Bureau exempt HMDA-reportable 
applications from section 1071 reporting, or vice versa. Many 
commenters asserted burden and stated that reported data would be 
duplicative and/or inconsistent. Several commenters pointed to 
differences in census tract reporting requirements as a source of 
potential confusion and data errors. And as discussed in the section-
by-section analysis of Sec.  1002.107(a)(19), another urged the Bureau 
to consider difficulties caused by the differences in collection and 
reporting of the ethnicity, race, and sex fields and the variations in 
data specifications for such information.
    One bank commenter suggested that avoiding dual reporting may also 
avoid materially misrepresenting a lender's total loan application 
activity. A few industry commenters argued that reporting under HMDA 
alone meets 1071 purposes, with two of these commenters pointing to the 
Bureau's website, which states that HMDA ``data help show whether 
lenders are serving the housing needs of their communities; they give 
public officials information that helps them make decisions and 
policies; and they shed light on lending patterns that could be 
discriminatory.'' \421\ Two commenters that argued against dual 
reporting explained that mortgage lending is fundamentally different 
from small business lending. Responding to concerns about data gaps, 
two other commenters suggested that if the Bureau tailored the 
exception to applications that are reported under HMDA, not 
applications that could be reported under HMDA, institutions not 
subject to the HMDA reporting regime would still have to report HMDA-
eligible applications under section 1071 because they would not 
actually report such applications under HMDA. A bank recommended 
separating HMDA and section 1071 reporting such that only after a 
transaction was assessed for HMDA-reportability would a financial 
institution determine whether the transaction needed to be reported 
under section 1071.
---------------------------------------------------------------------------

    \421\ CFPB, Mortgage Data (HMDA), About HMDA, https://www.consumerfinance.gov/data-research/hmda/ (last visited Mar. 20, 
2023).
---------------------------------------------------------------------------

Final Rule
    For the reasons set forth herein, the Bureau is adding new Sec.  
1002.104(b)(2) to exclude a covered loan as defined by Regulation C, 12 
CFR 1003.2(e), pursuant to its authority under ECOA section 704B(g)(2) 
to adopt exceptions to any requirement of section 1071, as the Bureau 
deems necessary or appropriate to carry out section 1071's purposes. 
Under this approach, for all applications with potential HMDA and 
section 1071 overlap, the Bureau would not require reporting under 
section 1071 (transactions would only be reportable under HMDA, and the 
recordkeeping and demographic data collection obligations of HMDA will 
apply). In 2021, there were 61,789 ``business or commercial purpose'' 
applications (excluding purchased loans), reported under HMDA with the 
``investment'' occupancy code, for 5+ unit properties. Of those, 54,436 
were from ``non-natural person'' applicants so demographic data under 
HMDA was not collected (thus, such data would have been requested for 
only for 7,353 of the 61,789 applications in 2021). The Bureau 
recognizes that there would continue to be no demographic data 
information collected and reported for the ~55,000 HMDA applications 
with non-natural person owners. The Bureau is finalizing this exclusion 
of HMDA-reportable transactions in order to alleviate concerns from a 
broad range of industry commenters about the difficulties associated 
with dual reporting, particularly in light of potential inconsistences 
related to demographic data collection and recordkeeping. In addition, 
this approach resembles the effort by the CRA agencies to eliminate 
dual reporting under section 1071 and the eventual CRA rule.
    While the Bureau agrees that dual reporting of such transactions 
could be useful, the Bureau is mindful of commenters' concerns 
regarding burden and that reported data would be somewhat duplicative 
and/or potentially inconsistent for data points such as census tract, 
and principal owners' ethnicity, race, and sex. The Bureau believes 
that excluding all HMDA-reportable transactions would further the 
purposes of section 1071 because such an exclusion would limit this 
potential inconsistency that could result in poor data quality. 
Further, the Bureau is excluding all HMDA-reportable transactions from 
this final rule because excluding section 1071 transactions from 
Regulation C of HMDA would require a separate rulemaking and would 
disrupt ongoing and planning HMDA data collection efforts that have 
been in place for years.
    The Bureau also agrees that reporting under HMDA alone would meet 
section 1071's purposes. Regulation C, which implements HMDA, provides 
that its public loan data can be used: (i) to help determine whether 
financial institutions are serving the housing needs of their 
communities; (ii) to assist public officials in distributing public-
sector investment so as to attract private investment to areas where it 
is needed; and (iii) to assist in identifying possible discriminatory 
lending patterns and enforcing antidiscrimination statutes.\422\ These 
purposes are entirely consistent with section 1071's purposes to 
facilitate enforcement of fair lending laws and enable communities, 
governmental entities, and creditors to identify business and community 
development needs and opportunities of women-owned, minority-owned, and 
small businesses.\423\ As the Bureau has previously stated, it believes 
that ``HMDA's scope is broad enough to cover all dwelling-secured 
commercial-purpose transactions and that collecting information about 
all such transactions would serve HMDA's purposes.'' \424\ The Bureau 
has also noted that collecting data about dwelling-secured commercial-
purpose transactions serves HMDA's purposes by showing not only the 
availability and condition of multifamily housing units, but also the 
full extent of leverage on single-family homes, particularly in 
communities that

[[Page 35232]]

may rely heavily on dwelling-secured loans to finance small-business 
expenditures.\425\
---------------------------------------------------------------------------

    \422\ Regulation C Sec.  1003.1(b)(1).
    \423\ ECOA section 704(a).
    \424\ 80 FR 66127, 66171 (Oct. 28, 2015).
    \425\ Id.
---------------------------------------------------------------------------

    The Bureau recognizes its finalized approach will result in some 
data gaps. Most notably, some section 1071 information will not be 
collected for applications reported under HMDA, including the principal 
owner's ethnicity, race, and sex where the applicant is not an 
individual but an entity (i.e., not a natural person); minority-owned, 
women-owned, and LGBTQI+-owned business statuses; gross annual revenue; 
pricing; NAICS code; and number of workers. Moreover, at this time, the 
Bureau is not tailoring its exception to applications that are actually 
reported under HMDA, as opposed to those that could be reported under 
HMDA. New Sec.  1002.104(b)(2) excludes all transactions meeting the 
definition of a Regulation C ``covered loan,'' which means that 
institutions not subject to the HMDA reporting regime (because, for 
example, of institutional coverage thresholds) do not have to report 
HMDA-eligible applications under section 1071 even though they would 
not actually report such applications under HMDA. Additionally, the 
Bureau does not believe it would be feasible to connect, as suggested, 
an application reported under this final rule to a HMDA record and then 
capture, under HMDA, demographic data on corporate entities, and expand 
its coverage to include more lenders, such as government entities and 
CDFIs.
    After considering the comments, the Bureau has concluded that 
trying to close all potential data gaps would defeat the purpose of 
trying to reduce complexity and alleviate concerns from commenters 
about having to implement and maintain two separate reporting systems. 
Given the fact that the Bureau expects around 25 million applications 
to be reported annually under the final rule, it believes that its 
exclusion of HMDA-reportable transactions will result in a relatively 
small loss of data and that these data might have been inconsistent 
with other 1071 data in ways that could impede analysis, frustrating 
the purposes of section 1071. The Bureau also notes that even in its 
proposal, and as discussed below, it did not seek to requiring 
reporting of all HMDA-reportable transactions under section 1071--only 
those ``business or commercial purpose'' applications (excluding 
purchased loans), reported under HMDA with the ``investment'' occupancy 
code, for 5+ unit properties would have also been reported under 1071. 
As a result, the Bureau notes that for 7,353 of the 61,789 such 
applications in 2021, there would continue to be no demographic data 
information collected and reported for only ~55,000 HMDA applications 
with non-natural person owners. The Bureau believes that this is an 
acceptable number given how small it is compared to the total number of 
reported transactions and given the strong concerns expressed about the 
difficulties with compliant dual reporting that could result in poor 
data quality and thereby undermine the section 1071 statutory purposes. 
As for the number of ``covered loan'' applications that are ultimately 
not reported under HMDA, the Bureau believes that these applications 
can be excluded for the same reasons explained below in the section-by-
section analysis of Sec.  1002.105(b); financial institutions with the 
lowest volume of small business lending might limit small business 
lending activity because of the fixed costs of coming into compliance 
with the reporting requirements, creating risk of market disruption 
which would run contrary to the business and community development 
purpose of section 1071. Additionally, as the Bureau explained in HMDA, 
the Bureau ``sought to exclude financial institutions whose data are of 
limited value in the HMDA dataset, thus ensuring that the institutional 
coverage criteria do not impair HMDA's ability to achieve its purposes, 
while also minimizing the burden for financial institutions.'' \426\ 
The Bureau similarly believes that these data would have limited value 
in the 1071 dataset--the Bureau will be able to fulfill section 1071's 
purposes without it, while reducing burden and complexity for financial 
institutions that are not HMDA reporters.
---------------------------------------------------------------------------

    \426\ Id. at 66278.
---------------------------------------------------------------------------

    Finally, the Bureau notes that section 1071 will capture business 
credit transactions that are secured by real estate but are not 
presently captured under HMDA. For example, section 1071 will capture 
transactions secured by non-dwellings as well as business loans secured 
by an applicant's primary residence or residential investment property 
as collateral for inventory financing or working capital (such loans 
would not be captured under HMDA because they do not involve a home 
purchase, home improvement, or refinancing). The small business lending 
rule will also capture transactions that are secured by dwellings 
located on real property used primarily for agricultural purposes.
Credit Secured by Certain Investment Properties
    Based on feedback received during the SBREFA process as well as its 
general knowledge regarding both consumer and commercial real estate 
lending, the Bureau understands that many financial institutions use 
their consumer mortgage lending channels to process credit applications 
secured by 1-4 individual dwelling units and used for investment 
purposes, while applications for credit secured by 5+ unit multifamily 
properties or rental portfolio loans secured by more than four 1-4 unit 
residential properties are generally processed through commercial 
mortgage lending channels. The Bureau also understands that loans made 
through consumer mortgage lending channels are often made pursuant to 
the guidelines of Fannie Mae, Freddie Mac, the Federal Housing 
Administration, and the Department of Veterans Affairs, and are likely 
already reported under HMDA.
    In line with the SBREFA Panel's recommendation, the Bureau proposed 
that the rule not cover credit secured by certain investment 
properties, because such credit may not always be primarily for 
business or commercial purposes. Specifically, proposed comment 104(b)-
4 would have explained that a covered credit transaction does not 
include an extension of credit that is secured by 1-4 individual 
dwelling units that the applicant or one or more of the applicant's 
principal owners does not, or will not, occupy. The Bureau did not 
propose to exclude credit secured by owner-occupied dwellings; for 
example, those secured by a dwelling occupied by a business's sole 
proprietor/principal owner. The Bureau proposed to exclude real estate 
investment loans only in certain limited circumstances (such as when 
credit is secured by non-owner occupied 1-4 dwelling units and not 5+ 
dwelling units). The Bureau proposed to define ``dwelling'' to have the 
same meaning as Regulation C Sec.  1003.2(f). Similarly, proposed 
comment 104(b)-4, which would address what does and does not constitute 
an investment property, was modeled on Regulation C's comment 4(a)(6)-
4.
    In its proposal, the Bureau noted its belief that its exclusion of 
credit secured by certain investment properties will better capture 
lending to true small businesses (as opposed to consumers seeking to 
diversify their investments) and will also better align with financial 
institution lending practices. The Bureau stated that it understands 
that it may not always be easy for financial institutions to 
distinguish between

[[Page 35233]]

business-purpose real estate investment loans and consumer-purpose real 
estate investment loans; however, covering all such loans would likely 
include some percentage of consumer-purpose loans, which could be 
contrary to section 1071's business and community development purpose.
    The Bureau sought comment on its proposed approach for credit 
secured by certain investment properties, including whether it is 
appropriate to consider credit not to be business credit when it is 
secured by 1-4 individual dwelling units that the applicant or one or 
more of the applicant's principal owners does not, or will not, occupy; 
and, if not, whether a different number of dwelling units in the 
property securing the credit would be an appropriate way to make a 
distinction between business and consumer-purpose credit. The Bureau 
also sought comment on whether to permit financial institutions to 
voluntarily report real estate investment loan transactions that are 
secured by non-owner occupied 1-4 dwelling units.
    The Bureau received comments on this aspect of the proposal from 
lenders, trade associations, and a community group. Several commenters 
supported the exclusion of credit secured by certain investment 
properties. A community group stated that the exclusion was appropriate 
because the purpose of such credit is investment and not operating a 
business of renting out units.
    A few comments urged expansion of the proposed exclusion to other 
real estate secured lending. A joint letter from several trade 
associations representing the commercial real estate industry advocated 
for expanding the proposed exclusion to impose a clear boundary between 
small business lending and all investment property lending to ensure 
that the information gathered under section 1071 reflects true small 
business lending. In line with this suggestion, this commenter also 
recommended rule text revisions. Another trade association suggested 
expanding the exclusion to all non-owner occupied commercial and 
multifamily real estate lending, arguing that the credit is 
underwritten on the cash flow of the property and the value of the 
property itself, rather than the operating revenue of a business, like 
other investment properties. Another commenter suggested the Bureau 
specifically exempt commercial real estate loans secured by non-owner-
occupied investment real estate to borrowing entities with NAICS codes 
5311XX, the industry code for lessors of real estate.
    Some comments reflected requests for clarifications and confusion 
regarding the proposal. A bank suggested removing occupancy status from 
covered credit transaction considerations because occupancy does not 
fairly or materially delineate small business lending from consumer 
lending and creates complexity in how financial institutions would need 
to design processes, systems, and training. Community groups suggested 
the Bureau require financial institutions to ask whether the credit 
will be used primarily for business purposes, such as to secure rental 
income. A bank suggested the Bureau focus on borrower type (natural 
person versus entity) instead of property type. A trade association 
urged the Bureau to remove the proposed exclusion for credit secured by 
certain investment properties and replace it with an exclusion of all 
credit subject to Regulation Z. Another bank commenter sought 
clarification of the proposed exclusion, noting situations where a 
borrower or a related party occupies a dwelling unit but still 
considers it to be an investment property and not a business. A trade 
association asked the Bureau how to determine owner occupancy for non-
dwelling real estate, such as where a business owns an office building 
with multiple rental office spaces, and rents out all of these spaces 
except for one space occupied by the business itself. One bank appeared 
to believe that credit secured by 1-4 dwelling unit investment 
properties would be reportable for both HMDA and section 1071 with 
varying reporting requirements.
    For the reasons stated herein and in the section above regarding 
HMDA-reportable transactions, the Bureau is adding new Sec.  
1002.104(b)(2) to exclude a covered loan as defined by Regulation C, 12 
CFR 1003.2(e). This new exclusion renders moot the Bureau's 
consideration of proposed comment 104(b)-4 by encompassing virtually 
all credit that is secured by 1-4 individual dwelling units that the 
applicant or one or more of the applicant's principal owners does not, 
or will not, occupy. The Bureau's decision also renders moot comments 
regarding requests for clarifications and confusion regarding the 
proposal.
    A ``covered loan'' as defined by Regulation C, 12 CFR 1003.2(e), 
means a closed-end mortgage loan or an open-end line of credit that is 
not an excluded transaction under Sec.  1003.3(c). A transaction is not 
a ``covered loan'' if it is excluded by purpose. For example, 
Regulation C excludes agricultural-purpose transactions and 
transactions that are secured by a dwelling, as defined by Sec.  
1003.2(f), that is located on real property that is used primarily for 
agricultural purposes.\427\ The regulation also excludes transactions 
otherwise made primarily for a business or commercial purpose \428\ 
unless the transaction is also: a home improvement loan; \429\ a home 
purchase loan; \430\ or a refinancing (including cash-out 
refinancing).\431\ Transactions are only covered under HMDA as covered 
loans if they are secured by a lien on dwelling. In addition to 
principal residences, a dwelling includes, but is not limited to, 
manufactured homes, multifamily apartment buildings, and properties for 
long-term housing and related services (such as assisted living for 
senior citizens or supportive housing for people with disabilities). 
Thus, a transaction may need to be reported under section 1071 if it is 
secured by a lien on a non-dwelling; for example, a recreational 
vehicle, houseboat, a hotel, dormitory, or properties for long-term 
housing and medical care if the primary use is not residential. For a 
full list of exclusions, please refer to Regulation C, section 1003.3. 
The Bureau notes that even if a transaction is excluded under 
Regulation C, that does not mean it is necessarily reportable under 
section 1071. For example, even though a transaction is a not a HMDA 
``covered loan'' if it is a purchase of a partial interest in an 
otherwise covered loan, and thus not excluded by new Sec.  
1002.104(b)(2), it is also not reportable under this rule because, as 
explained below in the section regarding certain purchases of covered 
transactions, only the definition of ``covered application'' will 
trigger data collection and reporting obligations with respect to 
covered credit transactions and such purchases do not involve an 
application for credit.
---------------------------------------------------------------------------

    \427\ 12 CFR 1003.3(c)(9).
    \428\ 12 CFR 1003.3(c)(10).
    \429\ 12 CFR 1003.2(i).
    \430\ 12 CFR 1003.2(j).
    \431\ 12 CFR 1003.2(p).
---------------------------------------------------------------------------

    While the Bureau anticipates that adoption of new Sec.  
1002.104(b)(2) results in the exclusion of most dwelling-secured 
lending, this Bureau is not expanding this exclusion to all investment 
(non-owner occupied) property lending, as recommended by a few 
commenters. Where a small business seeks credit to invest in commercial 
(non-dwelling) real estate, it is likely to apply to a financial 
institution's commercial lending division and there are unlikely to be 
any difficulties in determining that the transaction is a business-
purpose real estate investment (and not a consumer-purpose real estate 
investment). It is

[[Page 35234]]

important for this rule to capture lending to true small businesses (as 
opposed to consumers seeking to diversify their investments) to meet 
section 1071's business and community development purpose. Moreover, 
because such lending is not covered by HMDA, the potential for poor 
data quality arising from inconsistent dual reporting does not occur in 
this situation. In other words, excluding such transactions from 
coverage would not advance section 1071's statutory purposes in the 
same way as does excluding HMDA-reportable transactions. Rather, 
covering these transactions will allow data users for the first time to 
better understand the rationale behind credit decisions, help identify 
potential fair lending concerns, and provide financial institutions 
with data to evaluate their business underwriting criteria and address 
potential gaps for commercial real estate lending and cash flow 
financing. In addition, robust data on such credit transactions across 
applicants, financial institutions, products, and communities could 
help target limited resources and assistance to applicants and 
communities, thus furthering section 1071's business and community 
development purpose. With respect to fair lending compliance, such data 
would help data users analyze potential discriminatory disparities.
104(b)(3) Insurance Premium Financing
    To better manage cash flow and help pay for costly property and 
casualty insurance premiums, many businesses enter into insurance 
premium financing arrangements. Under a typical arrangement, an 
insurance premium financing company provides funds to pay for premiums 
that are remitted directly to the business's insurance provider, either 
directly or through an insurance agent or broker. The business then 
repays the premium amount advanced, plus some additional amount in the 
form of interest or a service charge, which is sometimes capped by 
State law.\432\ If the business fails to repay the loan or otherwise 
defaults in its obligation, or if the insurance contract is cancelled, 
the insurance premium financing company is empowered under the 
financing agreement to demand the unearned premiums directly from the 
insurer. The Bureau understands that insurance premium financing 
companies have little to no contact with the businesses seeking credit 
and insurance premium financing arrangements are typically underwritten 
based on the terms of the insurance policy, the financial strength of 
the insurer that issued the policy and holds the unearned premium, and 
the uncollateralized exposure of the financing company, if any.
---------------------------------------------------------------------------

    \432\ See, e.g., Fla. Stat. Ann. section 627.840(3)(b); 215 Ill. 
Comp. Stat. Ann. 5/513a10(c).
---------------------------------------------------------------------------

    Unlike with other forms of credit, borrowers in insurance premium 
financing transactions are not free to use advanced amounts for general 
purchases because those amounts are intended solely to cover the cost 
of property and casualty insurance premiums and the funds are often 
remitted directly to the business's insurer. Moreover, because 
insurance premium financing companies are contractually empowered in 
the event of default to cancel the insured's insurance coverage and 
obtain a refund of unearned premiums to repay the amount advanced, 
these transactions are not typically underwritten based on the 
insured's ability to repay but on the value of the unearned premium 
collateral and the financial strength of the insurance carrier holding 
that collateral. The Bureau also understands that, in some cases, 
certain contractual terms, including maximum interest rates, are 
regulated by State law.\433\
---------------------------------------------------------------------------

    \433\ See, e.g., Fla. Stat. Ann. section 627.840 (providing, in 
part, that a premium finance company shall not impose a service 
charge of more than $12 per $100 per year); 215 Ill. Comp. Stat. 
Ann. 5/513a10 (stating that the maximum service charge is $10 per 
$100 per year).
---------------------------------------------------------------------------

    In the NPRM, the Bureau stated its belief that an organization 
offering insurance premium financing, where the organization provides 
short-term loans to businesses to pay for property and casualty 
insurance, would have been included within the definition of a 
financial institution in proposed Sec.  [thinsp]1002.105(a), even 
though this specific business model was not described in proposed 
comment 105(a)-1. The Bureau did not specifically discuss insurance 
premium financing in its section-by-section analysis of proposed Sec.  
1002.104, noting that the Bureau was proposing to require that covered 
financial institutions report data for all applications for 
transactions that meet the definition of business credit unless 
otherwise excluded.
    A group of insurance premium financing trade associations urged the 
Bureau to exclude insurance premium financing from the rule. This 
comment did not dispute that such financing is credit but argued that 
it should not be covered because it is unlike any other form of small 
business credit--insurance premium finance lenders do not interact with 
or exchange information with the applicant, credit terms (including 
interest rate and fees) are preestablished and do not vary, and some 
State insurance codes provide requirements regarding interest rates, 
fees, disclosures, and other aspects of a premium finance transaction. 
This commenter also maintained that insurance premium financing 
presents minimal fair lending risk, most of the data proposed to be 
required is not currently collected and would not be useful for 
comparisons, and financing companies would incur significant costs to 
comply, potentially limiting access to this credit. The commenter noted 
that FinCEN exempted insurance premium financing companies from its 
final rule imposing customer due diligence (beneficial ownership) 
obligations under the Bank Secrecy Act. This trade association stated 
that, if the Bureau does not exclude insurance premium financing 
companies, the Bureau should clarify how the rule will apply to avoid 
curtailment of credit and conflict with State insurance laws, 
particularly those that prohibit, or at a minimum discourage, insurance 
agents and brokers from collecting applicant-provided demographic data 
from insureds.
    The Bureau also received a letter from several members of Congress 
citing potential conflicts between proposed section 1071 requirements 
and State regulatory frameworks that they believed would improperly 
impair or interfere with State insurance law. They requested the Bureau 
reconsider subjecting these products to the final rule because they 
believed that doing so would not advance the policy underpinning 
section 1071 and would further negatively impact small businesses and 
their ability to purchase adequate insurance coverage.
    For the reasons set forth herein, the Bureau is excluding insurance 
premium financing transactions from the final rule. New Sec.  
1002.104(b)(3) defines insurance premium financing as a financing 
arrangement wherein a business agrees to pay to a financial 
institution, in installments, the principal amount advanced by the 
financial institution to an insurer or insurance producer in payment of 
premium on the business's insurance contract or contracts, plus 
charges, and as security for repayment, the business assigns to the 
financial institution certain rights, obligations, and/or 
considerations (such as the unearned premiums, accrued dividends, or 
loss payments) in its insurance contract or contracts. New Sec.  
1002.104(b)(3) adds that this exclusion does not include the financing 
of insurance policy premiums obtained in connection with the financing 
of goods and services.

[[Page 35235]]

    The Bureau is adopting a definition of ``covered credit 
transaction'' that excludes insurance premium financing pursuant to its 
authority under ECOA section 704B(g)(1) to prescribe such rules and 
issue such guidance as may be necessary to carry out, enforce, and 
compile data under section 1071, as well as its authority under 
704B(g)(2) to adopt exceptions to any requirement of section 1071 and 
to conditionally or unconditionally exempt any financial institution or 
class of financial institutions from the statute's requirements, as the 
Bureau deems necessary or appropriate to carry out the purposes of 
section 1071. While insurance premium financing constitutes ``credit'' 
within the meaning of Sec.  1002.102(i) and may constitute ``business 
credit'' within the meaning of Sec.  1002.102(d) (depending on its 
purpose), the Bureau believes that it is categorically different from 
products like loans, lines of credit, credit cards, and merchant cash 
advances and that there are several reasons to believe that excluding 
it from coverage advances section 1071's statutory purposes. Insurance 
premium financing is not a general-use lending product, but instead, 
like trade credit, exists only to facilitate the sale of a specific 
nonfinancial product or service. Providers of insurance premium 
financing are not primarily financial services providers, nor do they 
currently manage compliance with regulatory requirements associated 
with making extensions of credit. Taken together, requiring insurance 
premium financing to be reported under subpart B may lead to 
significant data quality issues. In addition, the fixed costs of coming 
into compliance with this final rule could lead insurance premium 
financing companies to limit offering this credit to their small 
business customers, potentially undermining the business and community 
development purpose of section 1071.
    The Bureau believes the new exclusion in final Sec.  1002.104(b)(3) 
will carve out narrow financing arrangements where the amount financed 
is reasonably related to and intended to directly pay the cost of a 
business's insurance policy premiums. New Sec.  1002.104(b)(3) also 
limits the exclusion to situations where the business assigns the 
financial institution certain rights, obligations, and/or 
considerations (such as the unearned premiums) in its insurance policy 
because the Bureau understands that such security interests ensure that 
the underwriting focus is on the insurer, and not the small business 
applicant. New Sec.  1002.104(b)(3) clarifies that the exclusion does 
not include the financing of insurance contract premiums purchased in 
connection with the financing of goods and services.
    The Bureau notes that final Sec.  1002.104(b)(3) does not cover 
situations where the insurance provider itself provides a business the 
right to defer payment of an insurance premium or fee owed by the 
business beyond the monthly period in which the premium or fee is due. 
However, such arrangements may be covered by the trade credit exclusion 
in final Sec.  1002.104(b)(1).
Factoring
Background
    In traditional factoring arrangements, a business in need of 
financing sells all or a portion of its accounts receivable (existing 
but unpaid invoices) to another business, known as a ``factor.'' The 
factor then receives payments on the accounts receivable from the 
business's debtors or customers directly, and not from the business 
that had entered into the factoring transaction. If the business has 
sold only a portion of its invoices, then once the account debtors pay 
their invoices to the factor, the factor remits the remainder of the 
balance to the business after deducting a fee (specifically, a discount 
applied to the sold accounts receivable usually stated on a percentage 
basis).
    The Bureau understands that the factoring market is generally 
dominated by nondepository institutions not subject to Federal safety 
and soundness supervision or reporting requirements. The Bureau also 
understands that generally, factors may not be required to obtain State 
lending licenses. As a result, information on factoring volume and 
practices is limited. The Bureau notes, however, that the California 
and New York disclosure laws mentioned above cover factoring.\434\
---------------------------------------------------------------------------

    \434\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July 
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
---------------------------------------------------------------------------

    The Bureau's 2017 White Paper estimated the factoring market as 
constituting around 8 percent of the number of accounts used by small 
businesses in the U.S. in 2014.\435\ Based on more recent evidence, the 
Bureau believes the industry has not significantly grown. For example, 
the 2017 and 2020 Federal Reserve Banks' surveys of firms with 1-499 
employees (``employer firms'') found that 4 percent of such businesses 
applied for and regularly used factoring.\436\ In the 2020 Small 
Business Credit Survey of Employer Firms, this figure dropped to 3 
percent of employer firms \437\ and in the 2021 survey, this figure 
went back up to 4 percent.\438\
---------------------------------------------------------------------------

    \435\ White Paper at 21 fig. 2, 22 fig. 3.
    \436\ 2020 Small Business Credit Survey; 2017 Small Business 
Credit Survey.
    \437\ See 2021 Small Business Credit Survey at 24.
    \438\ See 2022 Small Business Credit Survey at 25.
---------------------------------------------------------------------------

    An existing comment in Regulation B (comment 9(a)(3)-3) provides 
that ``[f]actoring refers to a purchase of accounts receivable, and 
thus is not subject to [ECOA or Regulation B].'' Existing Regulation B 
does not offer a definition for ``accounts receivable.'' However, if 
there is a ``credit extension incident to the factoring arrangement,'' 
Regulation B's notification rules \439\ apply, as do other relevant 
sections of ECOA and Regulation B.\440\ The Bureau understands that the 
Board's treatment of credit extensions incident to factoring 
arrangements--as a type of credit but one entitled to exemptions from 
certain requirements--was motivated by its reading of congressional 
intent related to the Women's Business Ownership Act of 1988,\441\ 
which amended ECOA to extend notification and record retention 
requirements to business credit. In its proposed rule on this issue, 
the Board explained that it was treating credit extensions incident to 
factoring arrangements differently from other forms of business credit 
based on ``evidence of congressional intent that the amendments should 
not apply to . . . certain types of business credit (such as 
applications for trade credit and credit incident to factoring 
arrangements).'' \442\
---------------------------------------------------------------------------

    \439\ See existing Sec.  1002.9(a)(3)(ii) (requiring a creditor 
to notify an applicant, within a reasonable time (as opposed to 
within 30 days for credit sought by consumers and businesses with 
gross revenues of $1 million or less in preceding fiscal year), 
orally or in writing, of the action taken).
    \440\ Comment 9(a)(3)-3.
    \441\ Public Law 100-533, 102 Stat. 2689 (1988).
    \442\ 54 FR 29734, 29736 (July 14, 1989); see also 134 Cong. 
Rec. H9282-89 (daily ed. Oct. 3, 1988) (explaining that the 
committee recognizes that some forms of commercial loan transactions 
and extensions of credit may ``require specialized rules,'' and 
that, for example, the committee believes that loans and credit 
extensions incidental to trade credit, factoring arrangements, and 
sophisticated asset-based loans should continue to be exempted from 
the record retention and automatic notification requirements).
---------------------------------------------------------------------------

Proposed Rule
    In the NPRM, the Bureau proposed to not cover factoring. Modeled on 
the definitions set forth in the New York and California commercial 
financing

[[Page 35236]]

disclosure laws,\443\ proposed comment 104(b)-1 would have provided 
that factoring is an accounts receivable purchase transaction between 
businesses that includes an agreement to purchase, transfer, or sell a 
legally enforceable claim for payment for goods that the recipient has 
supplied or services that the recipient has rendered but for which 
payment has not yet been made. Proposed comment 104(b)-1 would have 
also clarified that an extension of business credit incident to a 
factoring arrangement is a covered credit transaction and that a 
financial institution shall report such a transaction as an ``Other 
sales-based financing transaction'' under proposed Sec.  
1002.107(a)(5).
---------------------------------------------------------------------------

    \443\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July 
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
---------------------------------------------------------------------------

    The Bureau sought comment on its proposed approach to factoring. 
The Bureau also sought comment on how the subset of purported factoring 
arrangements that may in fact be credit (i.e., those that are revolving 
in nature or that cover anticipated receivables) should be reported 
under the rule. Specifically, the Bureau sought comment on whether such 
arrangements should be reported as credit extensions incident to 
factoring (and thus reported as ``other sales-based financing'') or as 
merchant cash advances.
Comments Received
    The Bureau received comments on this aspect of the proposal from a 
range of commenters, including lenders, trade associations, and 
community groups. One commenter urged the Bureau to include the 
distinctions between merchant cash advances and factoring that were 
discussed in its NPRM preamble in the final rule's text or commentary 
to avoid future confusion over what products are ultimately covered by 
the final rule. This commenter also asked the Bureau to address the 
role of recourse and underwriting in its analysis of whether a 
particular financing transaction qualifies as credit. Another commenter 
encouraged the Bureau to consider differences between various factoring 
product structures and offered some explanations on how the term and 
costs of factoring arrangements could be reported. A community group 
asked the Bureau to explicitly include credit extensions incident to 
factoring arrangements in the list of covered transactions in the final 
rule, along with loans, lines of credit, credit cards, and merchant 
cash advances.
    A wide range of commenters, including many community groups, 
community-oriented lenders, several members of Congress, individuals, 
and a nonbank online lender, urged the Bureau to cover factoring in the 
final rule. One community group suggested the Bureau use its 
discretionary authority to define credit broadly, regardless of comment 
9(a)(3)-3 in Regulation B or other ECOA provisions, to avoid a conflict 
with congressional intent of shedding light on the distribution of 
financing to minority-owned, women-owned, and small businesses. Several 
commenters shared concerns about insufficient data on factoring and 
stressed the need for more transparency and for having a complete 
picture of the small business financing market. A few commenters argued 
that factoring constitutes a large part of the small business financing 
landscape and that section 1071's purposes would not be fulfilled 
without covering this product. Several commenters pointed to the fact 
that factoring arrangements are often used by minority-owned small 
businesses as evidence that they should be covered by the rule, with a 
few commenters specifically raising fair lending concerns related to 
factoring.
    A few commenters questioned factoring's exclusion as non-credit, 
with the cross-sector group arguing that its inclusion would not create 
compliance concerns for other provisions of Regulation B because 
section 1071 is not broadly applicable to the entirety of Regulation B. 
That commenter also argued that a factoring arrangement is ``credit'' 
whenever its recipient is held liable for deferred payments conditional 
on the third party's ability to repay. This commenter noted that while 
recourse agreements (cited by the commenter as constituting 88 percent 
of the industry) enable the factor to pursue payment from the recipient 
if the third party fails to repay, non-recourse agreements also enable 
factors to seek payments from recipients under a variety of 
circumstances. Another community group argued a factoring arrangement 
is credit when a small business receives an amount less than the amount 
due from its client because the small business recipient in that case 
is effectively paying interest and/or fees. A joint letter from 
community groups suggested the Bureau make clear that factoring is 
excluded only where there is a bona fide sale of an accrued right to 
payment without creating any obligations--contingent or otherwise--on 
the seller.
    Two commenters pointed to the fact that New York and California 
both include factoring in their respective commercial financing 
disclosure laws as a reason why it should be covered by the rule. Some 
commenters expressed strong concerns that the exclusion of factoring 
would open a door to potential evasion by merchant cash advance 
providers and other actors. Many commenters urged the Bureau to include 
factoring within its rule implementing section 1071 in order to monitor 
these arrangements and prevent abuses.
    Two commenters, both providers of factoring, suggested the Bureau 
clarify that non-recourse factoring is covered by the trade credit 
exclusion. These commenters noted that non-recourse factors would be 
subject to the rule as proposed because it would have provided that the 
extension of business credit by a financial institution (such as a 
factor) other than a supplier for the financing of the sale of 
inventory is not ``trade credit.'' These commenters argued that 
compliance would be burdensome and disruptive to their operations, with 
one commenter stressing how important non-recourse factoring is in 
facilitating the sale of product by sellers to buyers.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing comment 
104(b)-1 largely as proposed and is not covering factoring under the 
rule. The Bureau believes that, as discussed with respect to merchant 
cash advances above, a factoring agreement, as described in comment 
104(b)-1, is not credit under ECOA because the provider of the funds 
does not grant the recipient the right to defer payment. Instead, the 
provider of funds seeks payment directly from a third party on a 
legally enforceable claim for payment for goods that the recipient has 
supplied or services that the recipient has rendered but for which 
payment in full has not yet been made. The Bureau also believes that 
treating factoring as credit under the rule could create 
inconsistencies and compliance concerns related to existing Regulation 
B, which currently states that factoring (as a purchase of accounts 
receivable) is not subject to ECOA.
    The Bureau is finalizing a detailed description of what constitutes 
factoring in comment 104(b)-1 because the existing Regulation B 
commentary regarding factoring may not provide sufficient clarity for 
purposes of collecting and reporting data under section 1071 as it does 
not define ``accounts receivable.'' This finalized description, modeled 
on the definitions set forth in the New York and California commercial 
financing disclosure

[[Page 35237]]

laws,\444\ provides that factoring is an accounts receivable purchase 
transaction between businesses that includes an agreement to purchase, 
transfer, or sell a legally enforceable claim for payment for goods 
that the recipient has supplied or services that the recipient has 
rendered but for which payment in full has not yet been made. The 
Bureau has added the words ``in full'' to the proposed description to 
account for the fact that factoring may include an immediate partial 
payment or down payment to the businesses supplying the goods or 
services. Comment 104(b)-1 states that it is not intended to repeal, 
abrogate, annul, impair, or interfere with any existing 
interpretations, orders, agreements, ordinances, rules, or regulations 
adopted or issued pursuant to existing comment 9(a)(3)-3.
---------------------------------------------------------------------------

    \444\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July 
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
---------------------------------------------------------------------------

    Based on the Bureau's work to date, comments received, and 
conversations with industry stakeholders, the Bureau understands that 
purported factoring arrangements may take various forms, including 
longer-term or revolving transactions that appear to have credit or 
credit-like features, and the Bureau believes that a subset of such 
arrangements may constitute credit incident to the factoring 
arrangement. Comment 104(b)-1 thus clarifies that an extension of 
business credit incident to a factoring arrangement is a covered credit 
transaction and that a financial institution shall report such a 
transaction as an ``Other sales-based financing transaction'' under 
Sec.  1002.107(a)(5). By contrast, arrangements that do not involve 
goods or services that have already been supplied or rendered are not 
``factoring'' under the Bureau's description. The Bureau makes clear in 
comment 104(b)-1 that, despite the fact that some providers may label 
such arrangements as factoring, the name used by the financial 
institution for a product is not determinative of whether or not it is 
a ``covered credit transaction,'' and such arrangements are not 
factoring as described in the final rule and are covered.
    The Bureau does not believe it would be appropriate to codify 
distinctions between merchant cash advances and factoring in the final 
rule's text or commentary, as suggested by a commenter. The Bureau 
believes that factoring involves the sale of existing and alienable 
assets, while merchant cash advances involve a promise of future 
payments derived from anticipated receivables. Accordingly, providers 
of merchant cash advances--but not factoring that involves the sale of 
existing and alienable assets--grant the right to incur debt and defer 
its payment at a later date within the meaning of ``credit'' under 
Sec.  1002.102(i).
    For that reason, to the extent that a purported factoring 
arrangement involves multiple revolving transactions such that the 
transaction between the recipient and the provider of funds is not 
complete at the time of the sale, that transaction constitutes credit, 
and the Bureau would expect such a transaction to be reported as an 
``Other sales-based financing transaction'' because it constitutes an 
extension of business credit that may or may not be incident to a 
factoring arrangement (depending on whether the first transaction 
involved the sale of existing and alienable assets). In terms of how to 
report the term and costs of extensions of credit incident to factoring 
arrangements, the Bureau notes that final Sec.  1002.107(a)(12)(v) 
would require financial institutions to report, for a merchant cash 
advance or other sales-based financing transactions, the difference 
between the amount advanced and the amount to be repaid and that final 
Sec.  1002.107(a)(5)(iii) requires reporting of estimated loan term for 
merchant cash advances and other sales-based financing in certain 
circumstances.
    As noted above, the products discussed in this preamble do not 
constitute an exhaustive list of covered credit transactions; other 
types of business credit not specifically described nevertheless 
constitute covered credit transactions unless excluded by final Sec.  
1002.104(b). In line with this approach, the Bureau is not expressly 
delineating additional products (such as credit extensions incident to 
factoring arrangements) as covered credit transactions in the final 
rule's regulatory text or commentary. Nor is it reopening existing 
Regulation B at this time in order to interpret ``credit'' to include 
factoring. The Bureau acknowledges that factoring constitutes a large 
part of the small business financing landscape, particularly among 
minority-owned small businesses, and that it would be helpful to have 
more transparency into these arrangements. However, making such a 
change as part of this final rule could creating inconsistences and 
compliance challenges with respect to existing Regulation B provisions.
    The Bureau also does not believe that the question of whether a 
factoring arrangement is credit should be determined based on whether 
the small business recipient is effectively paying finance charges. For 
the reasons discussed in the section-by-section analysis of Sec.  
1002.102(i), the Bureau is finalizing a definition of ``credit'' that 
largely follows the definition of credit in ECOA \445\ and existing 
Sec.  1002.2(j); meaning the right granted by a creditor to an 
applicant to defer payment of a debt, incur debt and defer its payment, 
or purchase property or services and defer payment therefor. This 
longstanding definition does not turn on ``the number of installments 
required for repayment, or whether the transaction is subject to a 
finance charge,'' \446\ nor on how underwriting is conducted. Rather, 
in order for factoring to be credit under ECOA, a factor must grant the 
right to defer payment of debt or to incur debts and defer its payment.
---------------------------------------------------------------------------

    \445\ See 15 U.S.C. 1691a. Existing Regulation B uses the term 
``applicant'' instead of ``debtor.''
    \446\ Existing comment 2(j)-1.
---------------------------------------------------------------------------

    The Bureau also does not believe it would be appropriate, at this 
time, to distinguish between recourse and non-recourse factoring that 
involves the business-to-business sale of existing and alienable 
assets. The Bureau is aware that a significant proportion of the 
factoring market, as it is currently understood, may consist of 
recourse factoring, in which factors may pursue repayment from the 
recipient of funds if the third party fails to pay, and that even non-
recourse agreements may enable factors to seek repayment from 
recipients under some circumstances, such as fraud. As a result, the 
Bureau understands that in much of what market participants understand 
to be ``factoring'' within the meaning of existing Regulation B, the 
transaction between the recipient and the provider of funds is not 
conclusively complete at the time of the sale. The Bureau agrees with 
commenters that these transactions are, at minimum, akin to credit. 
Nevertheless, the Bureau believes that requiring reporting for these 
transactions at this time would have the effect of upending market 
participants' settled expectations that ``factoring'' is not credit 
within the meaning of existing Regulation B. Therefore, data collection 
and reporting pursuant to subpart B is not required for an accounts 
receivable purchase transaction between businesses that includes an 
agreement to purchase, transfer, or sell a legally enforceable claim 
for payment for goods that the recipient has supplied or services that 
the recipient has rendered but for which payment has not yet been made, 
regardless of whether the

[[Page 35238]]

agreement includes recourse or other nonpayment contingency provisions.
    The Bureau appreciates the fact that New York and California both 
include factoring in their respective commercial financing disclosure 
laws and has in fact drawn from the States' helpful regulatory language 
for its own section 1071 commentary. However, coverage of factoring by 
these or other States \447\ in their commercial financing disclosure 
regimes does not affect what constitutes ``credit'' under ECOA. The 
Bureau understands concerns that exclusion of factoring may open a door 
to potential evasion by merchant cash advance providers and other 
actors. However, the Bureau does not agree that it must include 
factoring in this final rule in order to monitor these arrangements and 
prevent abuses.
---------------------------------------------------------------------------

    \447\ Other States, including Virginia and Utah, have passed 
similar commercial financing disclosure laws. See, e.g., Virginia H. 
1027 (enacted Apr. 11, 2022), https://lis.virginia.gov/cgi-bin/legp604.exe?221+ful+CHAP0516; Utah S.B. 183 (enacted Mar. 24, 2022), 
https://le.utah.gov/~2022/bills/static/SB0183.html.
---------------------------------------------------------------------------

    In the course of considering financial institutions' compliance 
with the rule, the Bureau intends to closely scrutinize secured finance 
transactions to ensure that companies are appropriately categorizing 
and reporting products as required by section 1071. The Bureau also 
intends to obtain more information about the use of recourse and other 
nonpayment provisions in the factoring market, including types of these 
provisions and the frequency with which factors invoke them. If it 
proves necessary to modify existing Regulation B or subpart B, the 
Bureau is prepared to exercise all of its available authorities, 
including its authority under section 703 of ECOA to make adjustments 
that are necessary to prevent circumvention or evasion.
    With respect to comments asking the Bureau to clarify that non-
recourse factoring is covered by the trade credit exclusion, the Bureau 
notes that while non-recourse factors may not be subject to the trade 
credit exclusion because they are not typically a supplier that 
finances the sale of equipment, supplies, or inventory, they are likely 
providing ``factoring'' as described in final comment 104(b)-1. For the 
reasons discussed in the section-by-section analysis of Sec.  
1002.104(b)(1), the Bureau is not expanding its exclusion of trade 
credit to include third-party financing companies.
Leases
Background
    A leasing transaction generally refers to an agreement in which a 
lessor transfers the right of possession and use of a good or asset to 
a lessee in return for consideration.\448\ Under a ``true'' or 
``operating'' lease, a lessee (the user) makes regular payments to a 
lessor (the owner) in exchange for the right to use an asset (such as 
equipment, buildings, motor vehicles, etc.).
---------------------------------------------------------------------------

    \448\ See UCC 2A-103(1)(j) (defining a ``lease'').
---------------------------------------------------------------------------

    Leases are not expressly addressed in ECOA or Regulation B. Until 
the issuance of the NPRM, the Bureau had never opined on whether ECOA 
and Regulation B apply to leases, and the Board made only one statement 
about the applicability of ECOA and Regulation B to leases, in the 
preamble to a final rule under ECOA. In that 1985 statement, the Board 
responded to the Ninth Circuit's opinion in Brothers v. First 
Leasing,\449\ which concluded that consumer leasing falls under 
ECOA.\450\ The Board stated that it believes that ``Congress did not 
intend the ECOA, which on its face applies only to credit transactions, 
to cover lease transactions unless the transaction results in a `credit 
sale' as defined in the Truth in Lending Act and Regulation Z.'' \451\ 
The Board then noted that it will continue to monitor leasing 
transactions and take further action as appropriate.\452\ The Bureau is 
unaware of any such further actions taken by the Board.
---------------------------------------------------------------------------

    \449\ 724 F.2d 789 (9th Cir. 1984).
    \450\ 50 FR 48018, 48020 (Nov. 20, 1985).
    \451\ Id.
    \452\ Id. Since then, courts have gone both ways on the issue. 
Compare Ferguson v. Park City Mobile Homes, No. 89-CIV-1909, 1989 WL 
111916, at *5 (N.D. Ill. Sept. 18, 1989) (consumer leases are 
``credit'' under ECOA), with Laramore v. Ritchie Realty Mgmt. Co., 
397 F.3d 544, 547 (7th Cir. 2005) (consumer leases are not 
``credit'' under ECOA).
---------------------------------------------------------------------------

    The Bureau understands that many financial institutions (such as 
equipment finance companies) offer both loans and leases to their small 
business customers and some financial institutions comply with 
Regulation B for their leases as well as their loans as a matter of 
course. Lessor stakeholders have told Bureau staff that from their 
perspective, as well as that of their customers, loans and leases are 
indistinguishable. The Bureau understands that this is particularly 
true of ``financial'' or ``capital'' leases, as defined under article 
2A of the Uniform Commercial Code (UCC),\453\ which closely resemble 
(and according to some stakeholders, in some cases are 
indistinguishable from) term loans. The Bureau understands that 
financial leases are treated like assets on buyers' balance sheets, 
whereas operating leases are treated as expenses that remain off the 
balance sheet. The Bureau understands that the ownership 
characteristics of a financial lease also resemble those of a loan--the 
financial lease term is the substantial economic life of the asset (as 
evidenced by a low dollar purchase option at the end of the lease term 
and/or lack of residual financial obligations at the end of the lease 
term) and the lessee claims both interest and depreciation on their 
taxes. The Bureau understands that for some financial institutions, 
reporting loans but not leases may require added cost and effort to 
separate them in databases. The Bureau also understands that because 
depository institutions currently report both loan and lease activity 
to other regulators in their Call Reports, they may prefer to maintain 
a consistent approach for section 1071.
---------------------------------------------------------------------------

    \453\ The Bureau notes that the UCC separately defines a 
``consumer lease.'' See UCC 2A-103(1)(e). The Bureau's analysis 
regarding leases does not apply to leases primarily for a personal, 
family, or household purpose.
---------------------------------------------------------------------------

Proposed Rule
    In the NPRM, the Bureau proposed to not cover leases. Drawing from 
the UCC definition of ``lease,'' \454\ which was incorporated into the 
New York and California commercial financing disclosure laws,\455\ 
proposed comment 104(b)-2 would have provided that the term covered 
credit transaction does not cover leases, and that a lease, for 
purposes of proposed subpart B, is a transfer from one business to 
another of the right to possession and use of goods for a term, and for 
primarily business or commercial (including agricultural) purposes, in 
return for consideration. It would have further stated that a lease 
does not include a sale, including a sale on approval or a sale or 
return, or a transaction resulting in the retention or creation of a 
security interest. The Bureau sought comment on whether there are types 
of leases, or leases with certain characteristics, that should be 
excluded from proposed comment 104(b)-2 and thus treated as reportable 
under section 1071. Based on the practical difficulty cited by some 
stakeholders of distinguishing leases from loans, the Bureau also 
sought comment on whether financial institutions should be permitted to 
voluntarily report lease transactions.
---------------------------------------------------------------------------

    \454\ UCC 2A-103(1)(j) (`` `Lease' means a transfer of the right 
to possession and use of goods for a term in return for 
consideration, but a sale, including a sale on approval or a sale or 
return, or retention or creation of a security interest is not a 
lease. Unless the context clearly indicates otherwise, the term 
includes a sublease.'').
    \455\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July 
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.

---------------------------------------------------------------------------

[[Page 35239]]

Comments Received
    The Bureau received comments on this aspect of the proposal from 
several community groups and community oriented lenders, trade 
associations, an online lender, and several members of Congress. Many 
of these comments argued that leases should be covered under the 
Bureau's rule. A few commenters suggested that leases were much like 
loans and other credit, with one commenter asserting that where a small 
business may retain leased equipment, that is akin to lending in which 
debt is incurred, payment is deferred and payments are made over a 
significant time period for a substantial asset, that is, the 
equipment. This commenter noted that the Bureau could apply its 
proposed loan threshold to leases. A cross-sector group of lenders, 
community groups, and small business advocates maintained that any data 
collection on the leasing market would be valuable, even if limited to 
credit sale leases or ``$1 leases'' (where the lessee makes payments on 
the leased item and at the end of the lease term, purchases the item 
for $1), which the commenter viewed as a form of credit sale lease.
    A few commenters urged the Bureau to cover this large and growing 
share of the small business financing market in order to avoid data 
gaps. Two commenters expressed fair lending and predatory practice 
concerns regarding leasing--one commenter pointed to a lawsuit filed by 
the California State Attorney General against two lease financing 
companies operating in 15 states that allegedly forced 193 Black 
churches to make lease payments on falsely advertised and faulty 
computer kiosks.\456\ Another commenter noted that leases are often 
used by minority-owned businesses, in some cases more often than white-
owned businesses. This commenter also noted that New York and 
California both include leasing in their respective commercial 
financing disclosure laws and that at the Federal level, bicameral 
commercial financing disclosure legislation has been introduced to 
cover leasing. Two commenters argued that not covering leases in the 
final rule would open the door to potential evasion, allowing merchant 
cash advance providers and other financing companies to structure 
transactions as leases instead of loans.
---------------------------------------------------------------------------

    \456\ See Complaint, California v. Television Broadcasting 
Online, Ltd., 2011 WL 849066 (Cal. Super. Feb. 2011), https://oag.ca.gov/system/files/attachments/press_releases/n2042_complaint.pdf.
---------------------------------------------------------------------------

    Several trade associations, including ones representing equipment 
and vehicle lease and finance companies, expressed support for the 
Bureau's proposed approach to not cover leases. One commenter commended 
the Bureau for recognizing that leases are not treated as credit in the 
U.S. regulatory structure and for proposing use of the widely accepted 
UCC definition of a lease. Another commenter observed that the Bureau's 
proposed definition of ``lease'' would not cover instances where a 
lessee purchased or eventually owned the product being leased. This 
commenter advised against covering leases in the rule, arguing that 
doing so would result in incorrect reporting when applicants' employees 
submit lease applications but do not know the full scope of their 
employer's ownership makeup or financial holdings; it would also 
increase compliance costs, making short-term leases and rentals 
significantly more expensive.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing comment 
104(b)-2 largely as proposed and is not covering leases under the final 
rule. Drawing from the UCC definition of ``lease,'' \457\ which was 
incorporated into the New York and California commercial financing 
disclosure laws,\458\ comment 104(b)-2 provides that the term covered 
credit transaction does not cover leases, and that a lease, for 
purposes of subpart B, is a transfer from one business to another of 
the right to possession and use of goods for a term, and for primarily 
business or commercial (including agricultural) purposes, in return for 
consideration. It further states that a lease does not include a sale, 
including a sale on approval or a sale or return, or a transaction 
resulting in the retention or creation of a security interest. In 
addition, comment 104(b)-2 clarifies that the name used by the 
financial institution for a product is not determinative of whether or 
not it is a ``covered credit transaction.''
---------------------------------------------------------------------------

    \457\ UCC 2A-103(1)(j) (`` `Lease' means a transfer of the right 
to possession and use of goods for a term in return for 
consideration, but a sale, including a sale on approval or a sale or 
return, or retention or creation of a security interest is not a 
lease. Unless the context clearly indicates otherwise, the term 
includes a sublease.'').
    \458\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July 
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
---------------------------------------------------------------------------

    The Bureau considered several other approaches to covering leasing, 
including referring to Regulation Z's definition of ``credit sale.'' 
Under that definition, a ``credit sale'' is ``a sale in which the 
seller is a creditor,'' and it includes a lease--unless the consumer 
may terminate it at any time without penalty--where the consumer 
``[a]grees to pay as compensation for use a sum substantially 
equivalent to, or in excess of, the total value of the property and 
service involved'' and ``[w]ill become (or has the option to become), 
for no additional consideration or for nominal consideration, the owner 
of the property upon compliance with the agreement.'' \459\ The Bureau 
understands that financial institutions focused on offering leases and 
loans for business purposes are generally not familiar with the 
Regulation Z definition of ``credit sale,'' given that Regulation Z 
applies only to consumer credit.\460\ The Bureau thus believes that 
referring to the Regulation Z definition of ``credit sale'' could 
create confusion and would not align with current industry practices. 
The Bureau understands that such financial institutions offering leases 
primarily for business or commercial (including agricultural) purposes 
are more accustomed to applying the UCC definitions of ``lease'' \461\ 
and ``finance lease,'' \462\ and/or the generally accepted accounting 
principles (GAAP) rules issued by the Financial Accounting Standards 
Board governing ``operating,'' ``capital,'' and ``finance'' 
leases.\463\ The Bureau believes that drawing from the UCC definition 
of lease will lead to more consistency with financial institutions' 
current practices. Nearly all U.S. jurisdictions have adopted Article 
2A of the UCC,\464\ and the Bureau

[[Page 35240]]

understands that virtually every form of lease used by major leasing 
companies provides that it is governed by the laws of one of the 
jurisdictions that has adopted Article 2A.
---------------------------------------------------------------------------

    \459\ 12 CFR 1026.2(a)(16).
    \460\ See Regulation Z Sec. Sec.  1026.2(a)(12) (defining 
``consumer credit'' as ``credit offered or extended to a consumer 
primarily for personal, family, or household purposes'') and 
1026.3(a)(1) (excluding extensions of credit ``primarily for a 
business, commercial or agricultural purpose'').
    \461\ UCC 2A-103(1)(j).
    \462\ UCC 2A-103(1)(g).
    \463\ See Fin. Acct. Standards Bd., Accounting Standards Update: 
Leases (Topic 842), No. 2016-02 (Feb. 2016), https://www.fasb.org/Page/ShowPdf?path=ASU+2016-02_Section+A.pdf&title=Update+2016-02%E2%80%94Leases+%28Topic+842%29+Section+A%E2%80%94Leases%3A+Amendments+to+the+FASB+Accounting+Standards+Codification%C2%AE&acceptedDisclaimer=true&Submit=.
    \464\ See Ala. Code 7-2A-101 et seq.; Alaska Stat. 45.12.101 et 
seq.; Ariz. Rev. Stat. 47-2A101 et seq.; Ark. Code Ann. 4-2A-101 et 
seq.; Cal. Com. Code 10101 et seq.; Choctaw Tribal Code 26-2A-101 et 
seq.; Colo. Rev. Stat. 4-2.5-101 et seq.; Conn. Gen. Stat. 42a-2A-
101 et seq.; D.C. Code 28:2A-101 et seq.; Del. Code Ann. tit. 6, 2A-
101 et seq.; Fla. Stat. 680.1011 et seq.; Ga. Code Ann. 11-2A-101 et 
seq.; Haw. Rev. Stat. 490:2A-101 et seq.; Idaho Code 28-12-101 et 
seq.; 810 Ill. Comp. Stat. 5/2A-101 et seq.; Ind. Code 26-1-2.1-101 
et seq.; Iowa Code 554.13101 et seq.; Kan. Stat. Ann. 84-2a-101 et 
seq.; Ky. Rev. Stat. Ann. 355.2A-101 et seq.; Mass. Gen. Laws ch. 
106, 2A-101 et seq.; Md. Code Ann., Com. Law 2A-101 et seq.; Me. 
Stat. tit. 11, 2-1101 et seq.; Mich. Comp. Laws 440.2801 et seq.; 
Minn. Stat. 336.2A-101 et seq.; Miss. Code Ann. 75-2A-101 et seq.; 
Mo. Rev. Stat. 400.2A-101 et seq.; Mont. Code Ann. 30-2A-101 et 
seq.; N.C. Gen. Stat. 25-2A-101 et seq.; N.D. Cent. Code 41-02.1-01 
et seq.; N.H. Rev. Stat. Ann. 382-A:2A-101 et seq.; N.J. Stat. Ann. 
12A:2A-101 et seq.; N.M. Stat. Ann. 55-2A-101 et seq.; N.Y. UCC Law 
2-A-101 et seq.; Neb. Rev. Stat. UCC 2A-101 et seq.; Nev. Rev. Stat. 
104A.2101 et seq.; Ohio Rev. Code Ann. 1310.01 et seq.; Okla. Stat. 
tit. 12A, 2A-101 et seq.; Or. Rev. Stat. 72A.1010 et seq.; Pa. Cons. 
Stat. 2A101 et seq.; R.I. Gen. Laws 6A-2.1-101 et seq.; S.C. Code 
Ann. 36-2A-101 et seq.; S.D. Codified Laws 57A-2A-101 et seq.; Tenn. 
Code Ann. 47-2A-101 et seq.; Tex. Bus. & Com. Code Ann. 2A.101 et 
seq.; Utah Code Ann. 70A-2a-101 et seq.; V.I. Code Ann. tit. 11A, 
2A-101 et seq.; Va. Code Ann. 8.2A-101 et seq.; Vt. Stat. Ann. tit. 
9A, 2A-101 et seq.; W. Va. Code 46-2A-101 et seq.; Wash. Rev. Code 
62A.2A-101 et seq.; Wisc. Stat. 411.101 et seq.; Wyo. Stat. Ann. 
34.1-2.A-101 et seq.
---------------------------------------------------------------------------

    Based on its review of business-purpose leases and its expertise 
with respect to the meaning of ``credit,'' the Bureau believes that the 
term ``credit'' does not encompass such business leases. In the 
business-purpose context, the Bureau understands that in a true lease, 
the lessor retains title and will receive the property back after the 
conclusion of the lease term, without any expectation by either party 
that, for example, ownership of the property will be transferred or 
that payments made pursuant to the lease agreement constitute anything 
other than payments in exchange for the temporary use of the property. 
As a result, the Bureau does not believe that in the business-purpose 
context a true lease transaction involves the right to incur debt and 
defer its payment, defer payment of a debt, or defer payment for goods 
or services.
    The Bureau is aware that there are other types of leases with 
characteristics that bear some resemblance to forms of credit like 
credit sales, such as a contemplated transfer of ownership at the end 
of the lease term. The Bureau does not parse whether different types of 
leases might constitute ``credit'' but notes that final comment 104(b)-
2's definition of lease does not include a sale, including a sale on 
approval or a sale or return, or a transaction resulting in the 
retention or creation of a security interest. For further 
clarification, the Bureau notes that UCC section 1-203 provides helpful 
guidance on how to distinguish a lease from a security interest. For 
example, UCC section 1-203 provides, in part, that a lease transaction 
creates a security interest if the lessee's payment obligation 
continues for the term of the lease and is not subject to termination 
by the lessee and the lessee has an option to become the owner of the 
goods for no additional consideration or for nominal additional 
consideration upon compliance with the lease agreement.\465\ The UCC 
additionally provides that additional consideration is nominal if it is 
less than the lessee's reasonably predictable cost of performing under 
the lease agreement if the option is not exercised.\466\ The UCC 
appropriately notes that whether a transaction in the form of a lease 
creates a lease or security interest is determined by the facts of each 
case.\467\ The Bureau believes that drawing from an established 
definition of ``lease'' that small business lenders already use will 
minimize compliance risks and will offer sufficient consistency and 
clarity regarding interpretation of final comment 104(b)-2.
---------------------------------------------------------------------------

    \465\ UCC 1-203(b).
    \466\ UCC 1-203(d).
    \467\ UCC 1-203(a).
---------------------------------------------------------------------------

    The Bureau is not covering leases under this final rule, as 
requested by some commenters. The Bureau agrees that some business 
leases are structured like loans and other credit but notes that a 
commenter's example of a small business being able to retain leased 
equipment is an example of the creation of a security interest, not a 
lease under final comment 104(b)-2. Similarly, so-called ``$1 leases'' 
create security interests because the lessee has an option to become 
the owner of the goods for nominal additional consideration. As noted 
by one commenter, final comment 104(b)-2's definition of lease does not 
include a transaction resulting in the retention or creation of a 
security interest.
    The Bureau understands that bicameral commercial financing 
disclosure legislation was introduced in the last Congress to cover 
some leasing and other commercial finance products under the Federal 
Truth in Lending Act and that New York and California both include 
leases in their respective commercial financing disclosure laws. (The 
Bureau has in fact drawn from the states' helpful regulatory language 
for its own section 1071 commentary.) However, the Bureau does not 
believe that the coverage of leases in these particular legislative 
efforts has any bearing on what constitutes ``credit'' under ECOA. The 
Bureau appreciates commenters' concerns that not covering leases could 
open a door to potential evasion and lead to data gaps or fair lending 
problems. The Bureau believes that it can observe the small business 
financing market for such abuses and prevent them without including all 
leases in the rule. For example, in considering financial institutions' 
compliance with the rule, the Bureau intends to closely scrutinize 
transactions to ensure that companies are appropriately categorizing 
and reporting products as required by section 1071.
Consumer-Designated Credit
    The Bureau understands that some small business owners may use 
consumer-designated credit in order to finance their small businesses--
such as taking out a home equity line of credit or charging business 
expenses on their personal credit cards.
    The proposed rule would not have covered products designated by the 
creditor as consumer-purpose products (consumer-designated credit). 
Proposed comment 104(b)-3 would have made clear that the term covered 
credit transaction does not include consumer-designated credit used for 
business purposes, because such transactions are not business credit. 
Proposed comment 104(b)-3 would have provided that a transaction 
qualifies as consumer-designated credit if the financial institution 
offers or extends the credit primarily for personal, family, or 
household purposes. The Bureau sought comment on this proposed 
interpretation, including how the Bureau has defined the scope of 
consumer-designated credit. The Bureau also sought comment on whether 
it should permit financial institutions to voluntarily report consumer-
designated credit when they have reason to believe the credit might be 
used for business purposes.
    The Bureau received comments on this aspect of the proposal from a 
range of banks, credit unions, trade associations, and community 
groups. One trade association generally agreed with the Bureau's 
approach to consumer-designated credit but asked the Bureau to clarify 
whether retail installment sales contracts are covered by the exclusion 
of consumer-designated credit. This commenter also asked the Bureau to 
confirm that, in determining whether credit is excluded as consumer-
designated credit, existing comment 2(g)-1 interpreting the definition 
of ``business credit'' applies, which provides that ``[a] creditor may 
rely on an applicant's statement of the purpose for the credit 
requested.''
    Some industry commenters supported the Bureau's proposed exclusion 
of consumer-designated credit. One of these commenters argued that the 
inclusion of consumer-designated credit within the rule would 
dramatically expand the size of the data collected beyond the purpose 
of section 1071, circumventing the congressional intent and increasing 
the rule's impact on the availability of credit for all consumers--

[[Page 35241]]

not just business borrowers. Another commenter asked the Bureau to 
clarify that it will not challenge the designation of a transaction as 
consumer-designated credit, expressing concerns because financial 
institutions have no reliable method for validating a latent business 
purpose in an application for a consumer-designated credit transaction. 
Two banks recommended against requiring financial institutions to 
second guess consumers' intentions regarding use of funds by requiring 
them to report on loans suspected to be used for business purposes.
    Several commenters urged the Bureau to cover consumer credit that 
will be used for business purposes. One community group suggested 
collecting 1071 data where personal credit card applicants responded 
that 50 percent or more of the loan would be used for small business 
purposes, asserting that this threshold would sufficiently weed out 
applications that would result in nominal amounts of funding for small 
business purposes but would still capture ones that are potentially 
important for meeting the community development purpose of section 
1071. Two commenters expressed concerns that not covering consumer-
designated credit would result in a push toward unregulated products, 
with one commenter asserting that a portion of the fintech sector is 
engaging in unscrupulous targeting of vulnerable customers (including 
racial and ethnic minorities). Two community groups asked the Bureau to 
reconsider its proposal, emphasizing how important consumer-designated 
credit is as a source of financing for small businesses, particularly 
for women-owned and minority-owned small businesses, sole 
proprietorships, and new businesses. Another community group 
recommended that the Bureau additionally include personal credit card 
loans that finance business expenses, asserting that these cards are a 
vital source of credit for very small and start-up businesses, as well 
as businesses owned by women and people of color.
    A number of banks suggested the Bureau exclude all credit subject 
to Regulation Z. Some suggested that such an exemption would provide 
clarity to the definition of ``covered credit transaction'' and would 
ease compliance burden when identifying covered applications, 
implementing data collection, and ensuring data integrity in a manner 
that meets the statutory purpose. One trade association added that 
financial institutions are already familiar with determining loan 
purpose under the Regulation Z definition in their everyday lending 
activities and that this approach would alleviate confusion with the 
proposed exclusion for credit secured by certain investment properties.
    For the reasons set forth herein, the Bureau is finalizing comment 
104(b)-3 almost entirely as proposed and is not covering consumer-
designated credit under the final rule. Comment 104(b)-3 makes clear 
that the term covered credit transaction does not include consumer-
designated credit used for business or agricultural purposes, because 
such transactions are not business credit. The Bureau is adding the 
reference to agricultural purposes for clarity. Comment 104(b)-3 
provides that a transaction qualifies as consumer-designated credit if 
the financial institution offers or extends the credit primarily for 
personal, family, or household purposes. For example, an open-end 
credit account used for both personal and business purposes is not 
business credit for the purpose of subpart B unless the financial 
institution designated or intended for the primary purpose of the 
account to be business-related.
    The Bureau believes it is appropriate to interpret section 1071 as 
not applying to this type of credit. Most notably, ECOA section 704B(b) 
directs financial institutions to collect data in the case of an 
application ``for credit for women-owned, minority-owned, or small 
business'' (emphasis added). The statute thus applies only to 
applications for credit for a business; at the time of an application 
for consumer-designated credit, however, the application is not for a 
business. Several policy reasons also support this approach. First, 
financial institutions may not be able to consistently identify when 
consumer-designated credit is being used for business or agricultural 
purposes. Inconsistent reporting across financial institutions could 
lead to data quality concerns. Credit sought by consumers for both 
personal and business purposes could be particularly difficult to 
separate into reportable and non-reportable portions. The Bureau 
believes that excluding consumer-designated credit will simplify 
compliance by obviating the need for financial institutions to identify 
and distinguish business uses of consumer-purpose credit products. 
Second, not including consumer-designated credit that is used for 
business or agricultural purposes within the scope of this rulemaking 
makes it clear that the applications reported will all be seeking 
credit to use for business/agricultural purposes, which supports 
section 1071's directive to collect and report data in the case of an 
application for credit for a business. Third, not covering consumer-
designated credit that is used for business or agricultural purposes 
provides certainty to financial institutions that offer only consumer-
designated credit that they are not subject to this final rule's data 
collection and reporting requirements.
    With respect to the request to clarify whether retail installment 
sales contracts are covered by the exclusion of consumer-designated 
credit, the Bureau notes that this exclusion applies equally to all 
credit products. In other words, a retail installment sales contract 
qualifies as consumer-designated credit if the financial institution 
offers or extends it primarily for personal, family, or household 
purposes. The Bureau confirms, as requested, that because the Bureau is 
finalizing Sec.  1002.102(d) to define business credit as having the 
same meaning as in existing Sec.  1002.2(g), existing comment 2(g)-1 
also applies to subpart B. Thus, in determining whether credit is 
excluded as consumer-designated credit, a financial institution ``may 
rely on an applicant's statement of the purpose for the credit 
requested.'' \468\
---------------------------------------------------------------------------

    \468\ Existing comment 2(g)-1.
---------------------------------------------------------------------------

    The Bureau agrees with commenter concerns that the inclusion of 
consumer-designated credit within the rule would dramatically expand 
the size of the data collected beyond the purpose of section 1071, 
circumventing congressional intent and potentially increasing the 
rule's impact on the availability of credit for all consumers--not just 
small business borrowers. The Bureau also confirms that financial 
institutions may rely on an applicant's statement of purpose for the 
credit requested and need not report consumer-purpose loans suspected 
to be used for business purposes, recognizing that alternative 
approaches would likely result in inconsistent results across lenders 
as they tried to discern latent business purposes in an application for 
a consumer-designated credit transaction.
    With respect to the suggestion that the Bureau require financial 
institutions to inquire on an application whether 50 percent or more of 
the borrowed funds would be used for small business purposes and 
require collection of 1071 data in those instances, the Bureau believes 
that this approach would raise many of the policy concerns discussed 
above. The Bureau appreciates the concerns about potential fair lending 
violations and evasion raised by commenters relating to consumer-
designated credit. The Bureau believes that its finalized bright-line 
approach

[[Page 35242]]

will better enable it to ensure that financial institutions that are 
offering business credit are complying with the final rule.
    The Bureau is not excluding to exclude all credit subject to 
Regulation Z from this rule's definition of ``business credit,'' as 
suggested by some commenters. The final rule does not cover consumer-
designated credit, which includes Regulation Z credit as well as other 
consumer-designated credit that is not encompassed by Regulation Z. The 
Bureau notes that some of Regulation Z's provisions apply to business 
purpose credit cards \469\ and that Regulation Z does not cover 
consumer credit over certain applicable threshold amounts.\470\
---------------------------------------------------------------------------

    \469\ See Regulation Z Sec.  1026.12(a) and (b).
    \470\ See id. Sec.  1026.3(b).
---------------------------------------------------------------------------

Certain Purchases of Covered Credit Transactions, Including Pooled 
Loans and Partial Interests Proposed Rule
    As discussed in the section-by-section analysis of Sec.  1002.103 
above, ECOA section 704B(b) requires that financial institutions 
collect, maintain, and report to the Bureau certain information 
regarding ``any application to a financial institution for credit.'' 
For covered financial institutions, the definition of ``application'' 
triggers data collection and reporting obligations with respect to 
covered credit transactions. In the NPRM, the Bureau noted that under 
proposed subpart B, purchasing a loan, purchasing an interest in a pool 
of loans, or purchasing a partial interest in a loan does not, in 
itself, generate an obligation for a covered financial institution to 
report small business lending data. Rather, a reporting obligation 
arises on the basis of receiving a covered application for credit. (See 
the section-by-section analysis of Sec.  1002.109(a)(3) for additional 
information.) The Bureau also noted the corollary point that selling an 
originated covered credit transaction would not, in itself, obviate an 
existing obligation of a covered financial institution to report small 
business lending data for that application, pursuant to proposed 
comment 107(a)-1.i.
    In addition, the Bureau believed that requiring covered financial 
institutions to collect and maintain data related to the purchase of an 
interest in a pool of covered credit transactions would do little to 
further the purposes of section 1071. The Bureau generally believed 
that a pooled loan purchase would arise after credit decisions on the 
relevant loans had already been made (e.g., after the loans were 
originated) and therefore the Bureau believed that the purchaser of an 
interest in a pool of loans would understand that there would be no 
section 1071 obligation. Information about the loans in this pool would 
already be captured, as the application for each originated loan in the 
pool would already be reported (assuming it was originated by a covered 
financial institution and otherwise satisfies the requirements of 
subpart B). For clarity, however, the Bureau stated in the NPRM 
preamble that no reporting obligations arise from purchasing an 
interest in a pool of covered credit transactions, including credit-
backed securities or real estate investment conduits. The Bureau 
believed that this clarification, similar to Regulation C comment 
3(c)(4)-1, would assist covered financial institutions in understanding 
the scope of their obligations.
    Moreover, the Bureau stated that the purchase of a partial interest 
in a loan does not, in itself, generate an obligation for a covered 
financial institution to report small business lending data. The Bureau 
believed that this approach, combined with proposed Sec.  
1002.109(a)(3), provided sufficient clarity for financial institutions 
that choose to take part in loan participations. For example, Financial 
Institution A receives an application from a small business for a 
covered credit transaction and approves the loan, and then Financial 
Institution A organizes a loan participation agreement where Financial 
Institutions B and C agree to purchase a partial interest. This is a 
reportable application for a covered credit transaction for Financial 
Institution A, but it is not a reportable application for Financial 
Institutions B and C. The Bureau noted that this approach differs from 
how loan participations are reported by banks and savings associations 
under the CRA. That is, under the CRA, if the loan originated by 
Financial Institution A met the definition of a small business loan, 
then for any (or all) of the financial institutions that were CRA 
reporters, the loans could be reported under the CRA.\471\
---------------------------------------------------------------------------

    \471\ See, e.g., 12 CFR 228.21(f) (stating that when assessing 
the record of a nonminority-owned and nonwomen-owned bank, the Board 
considers loan participation as a factor).
---------------------------------------------------------------------------

    The Bureau believed that the statutory purposes of section 1071 
encourage the broad collection of small business lending data by 
financial institutions. The Bureau was not aware of any reason why data 
with respect to covered credit transactions should not be collected 
because more than one financial institution holds an interest in the 
originated loan. Conversely, the Bureau did not believe that requiring 
reporting by each financial institution with a partial interest in a 
covered credit transaction would further section 1071's purposes, and 
because having a single loan reported by multiple financial 
institutions could compromise the quality of the 1071 dataset. Read in 
conjunction with proposed Sec.  1002.109(a)(3), however, the Bureau 
believed that the covered credit transactions at issue here would 
nonetheless generally be reported by one financial institution provided 
it met the threshold for originated loans pursuant to Sec.  
1002.105(b)--i.e., the financial institution that sold portions of the 
loan to other participants.
    The Bureau did not expressly exclude loan purchases, the purchase 
of an interest in a pool of covered credit transactions or the purchase 
of a partial interest in a covered credit transaction in the proposed 
rule's regulatory text or commentary, but sought comment on this 
approach. With respect to partial interests specifically, the Bureau 
solicited comment on how such an exclusion may differ from reporting 
obligations under the CRA and, if the Bureau adopted another approach, 
how overlapping reporters or data might be flagged to avoid double-
counting certain information.
Comments Received
    The Bureau received several comments regarding loan purchases and 
loan participations. Commenters did not address pooled loans 
specifically. A trade association and two banks agreed that loan 
purchases should not be covered; one of these banks requested that the 
Bureau add commentary emphasizing this point.
    In contrast, two other commenters argued that all loan purchases 
should be reported, citing consistency with treatment under CRA and 
HMDA. One commenter further stated that excluding loan purchases and 
participations from reporting requirements would ignore the role of 
financial institutions with a significant percentage of loan purchases, 
despite their importance in the small business lending market. The 
other commenter stated that 1071 data should replace CRA lending data, 
the CRA considers loan purchases, and thus so should the Bureau's rule 
for consistency.
    Several farm credit lenders and a trade association said that 
participation interests and participation loans should be specifically 
excluded, noting that a participation interest is legally distinct from 
a loan, the purchaser of an interest

[[Page 35243]]

is not considered a creditor, and there is risk of double counting the 
data. One commenter asked that the Bureau exclude loan participations 
from the definition of ``covered credit transaction'' because a 
customer never applies for any lender to participate in a covered 
credit transaction. In addition, some farm credit lenders noted that 
they frequently enter into loan participation agreements. They stated 
that a loan participation is significantly different from the purchase 
of a loan because under these agreements, the borrower's contractual 
relationship remains solely with the lead lender. These commenters 
further stated that requiring a participant to report would be akin to 
requiring a trust in a mortgage securitization to report HMDA data.
Final Rule
    For the reasons set forth herein, the Bureau is revising the 
commentary to Sec.  1002.104(b) to make clear that loan purchases, the 
purchase of an interest in a pool of loans, and the purchase of a 
partial interest in a credit transaction are not ``covered credit 
transactions.'' Specifically, the Bureau is adding comment 104(b)-4 to 
clarify that for purposes of subpart B, the term ``covered credit 
transaction'' does not include the purchase of an originated credit 
transaction, the purchase of an interest in a pool of credit 
transactions, or the purchase of a partial interest in a credit 
transaction such as through a loan participation agreement. Such 
purchases do not, in themselves, constitute applications for business 
credit that the purchasing entity makes decisions on. Relatedly, in 
order to illustrate reporting obligations regarding pooled loans and 
partial interests, the Bureau is also adding examples to the commentary 
to Sec.  1002.109(a)(3). The section-by-section analysis of Sec.  
1002.109(a)(3) addresses in detail situations where multiple financial 
institutions are involved in a covered credit transaction.
    While the Bureau acknowledges the important role of loan purchases 
in the small business lending market, the Bureau notes that the 
definition of ``covered application'' triggers data collection and 
reporting obligations with respect to covered credit transactions. 
Under the final rule, purchasing an originated loan, purchasing an 
interest in a pool of loans, or purchasing a partial interest in a loan 
does not, in itself, generate an obligation for a covered financial 
institution to report small business lending data regarding the 
application underlying the purchased loan. The Bureau has made clear in 
final Sec.  1002.109(a)(3) and associated commentary that only the 
action taken on the application is reportable.
    In response to commenters who urged consistency with HMDA, as noted 
above, the statutory language in HMDA contemplates data collection for 
loan purchases. Similarly, as interpreted by the agencies administering 
CRA, the CRA statute permits banks to fulfill their obligation to meet 
local credit needs by lending in low-to-moderate income communities or 
by purchasing loans made by others.\472\ Conversely, section 1071 does 
not contain such language; it is focused on applications as the trigger 
for data collection and reporting obligations. Thus, the Bureau 
concludes for this rule that it is appropriate for financial 
institutions to have reporting obligations on the basis of making 
credit decisions on applications, as explained further in the section-
by-section analysis of Sec.  1002.109(a)(3)--a subsequent purchase of a 
loan (or an interest in a pool of loans, or a partial interest in a 
loan) is not, in itself, reportable.
---------------------------------------------------------------------------

    \472\ See, e.g., 12 CFR 228.22(a)(2) (stating that the Board 
will consider both originations and purchases of loans under the 
lending test).
---------------------------------------------------------------------------

104(b)(4) Public Utilities Credit
    As noted above, the existing definition of business credit in Sec.  
1002.2(g) partially excludes public utilities credit, securities 
credit, incidental credit, and government credit, as defined in 
existing Sec.  1002.3(a) through (d), from requirements of existing 
Regulation B. For the purpose of proposed subpart B, the Bureau 
proposed complete exclusions for public utilities credit from the 
definition of a covered credit transaction in proposed Sec.  
1002.104(b). The Bureau also proposed to define business credit in 
proposed Sec.  1002.102(d) by reference to existing Sec.  1002.2(g), 
which already excludes public utilities credit. The Bureau sought 
comment on its proposal to exclude public utilities credit but did not 
receive any comments in response.
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.104(b)(2) as proposed. Section 1002.104(b)(2) excludes public 
utilities credit, as defined in existing Sec.  1002.3(a)(1). Existing 
Sec.  1002.3(a)(1) states that the term public utilities credit refers 
to extensions of credit that involve public utility services provided 
through pipe, wire, or other connected facilities, or radio or similar 
transmission (including extensions of such facilities), if the charges 
for service, delayed payment, and any discount for prompt payment are 
filed with or regulated by a government unit. Several existing 
Regulation B requirements do not apply to public utilities credit 
transactions.\473\ Existing comment 3(a)-1 explains that the definition 
applies only to credit for the purchase of a utility service, such as 
electricity, gas, or telephone service. Credit provided or offered by a 
public utility for some other purpose--such as for financing the 
purchase of a gas dryer, telephone equipment, or other durable goods, 
or for insultation or other home improvements--is not excepted under 
Sec.  1002.104(b)(2) but may be excepted if it constitutes trade credit 
under Sec.  1002.104(b)(1), or in the example of financing for certain 
home improvements, if it does not constitute an extension of business 
credit under Sec.  1002.104(a). Existing comment 3(a)-2 states in part 
that a utility company is a creditor when it supplies utility service 
and bills the user after the service has been provided.
---------------------------------------------------------------------------

    \473\ See Sec.  1002.3(a).
---------------------------------------------------------------------------

    The Bureau is adopting a definition of ``covered credit 
transaction'' that only covers business credit and that fully excludes 
public utilities credit pursuant to its authority under ECOA section 
704B(g)(1) to prescribe such rules and issue such guidance as may be 
necessary to carry out, enforce, and compile data under section 1071, 
as well as its authority under ECOA 704B(g)(2) to adopt exceptions to 
any requirement of section 1071 and to conditionally or unconditionally 
exempt any financial institution or class of financial institutions 
from the statute's requirements, as the Bureau deems necessary or 
appropriate to carry out the purposes of section 1071. The Bureau 
believes that fully excluding public utilities credit from the rule is 
reasonable for the same reasons as the Board enumerated when it adopted 
exemptions from certain procedural requirements under subpart A. 
Specifically, covering public utilities credit under this rule could 
potentially result in ``substantial changes in the forms and procedures 
of public utilities companies. Costs associated with such changes 
would, in all likelihood, be passed along to [small business owners].'' 
\474\ The Bureau notes that many of the policies and procedures of 
public utilities companies are separately regulated at the State and 
municipal levels by public service commissions, and at the Federal 
level by the Federal Energy Regulatory Commission. The Bureau also 
believes that public utilities credit is akin to trade credit and thus 
is

[[Page 35244]]

excluding it from coverage under subpart B for the same reasons.
---------------------------------------------------------------------------

    \474\ 40 FR 49298, 49305 (Oct. 22, 1975).
---------------------------------------------------------------------------

104(b)(5) Securities Credit
    As noted above, the existing definition of business credit in Sec.  
1002.2(g) partially excludes public utilities credit, securities 
credit, incidental credit, and government credit, as defined in 
existing Sec.  1002.3(a) through (d), from requirements of existing 
Regulation B. For the purpose of proposed subpart B, the Bureau 
proposed complete exclusions for securities credit from the definition 
of a covered credit transaction in proposed Sec.  1002.104(b). The 
Bureau sought comment on its proposal to exclude securities credit but 
did not receive any comments in response.
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.104(b)(3) as proposed. Section 1002.104(b)(3) excludes securities 
credit, as defined in existing Sec.  1002.3(b)(1). Existing Sec.  
1002.3(b)(1) states that the term securities credit refers to 
extensions of credit subject to regulation under section 7 of the 
Securities Exchange Act of 1934 or extensions of credit by a broker or 
dealer subject to regulation as a broker or dealer under the Securities 
Exchange Act of 1934. Several existing Regulation B requirements do not 
apply to securities credit transactions.\475\
---------------------------------------------------------------------------

    \475\ See Sec.  1002.3(b).
---------------------------------------------------------------------------

    The Bureau is adopting a definition of ``covered credit 
transaction'' that only covers business credit and that fully excludes 
securities credit pursuant to its authority under ECOA section 
704B(g)(1) to prescribe such rules and issue such guidance as may be 
necessary to carry out, enforce, and compile data under section 1071, 
as well as its authority under ECOA 704B(g)(2) to adopt exceptions to 
any requirement of section 1071 and to conditionally or unconditionally 
exempt any financial institution or class of financial institutions 
from the statute's requirements, as the Bureau deems necessary or 
appropriate to carry out the purposes of section 1071. The Bureau is 
excluding securities credit to foster consistency with existing 
Regulation B.
104(b)(6) Incidental Credit
    As noted above, the existing definition of business credit in Sec.  
1002.2(g) partially excludes public utilities credit, securities 
credit, incidental credit, and government credit, as defined in 
existing Sec.  1002.3(a) through (d), from requirements of existing 
Regulation B. For the purpose of proposed subpart B, the Bureau 
proposed complete exclusions for incidental credit from the definition 
of a covered credit transaction in proposed Sec.  1002.104(b).
    As the Bureau explained in the NPRM, existing Sec.  1002.3(c)(1) 
states that incidental credit refers to extensions of consumer credit 
other than public utilities and securities credit (i) that are not made 
pursuant to the terms of a credit card account; (ii) that are not 
subject to a finance charge (as defined in Regulation Z Sec.  1026.4); 
and (iii) that are not payable by agreement in more than four 
installments. For example, existing comment 3(c)-1 explains that if a 
service provider (such as a hospital, doctor, lawyer, or merchant) 
allows the client or customer to defer the payment of a bill, this 
deferral of debt is credit for purposes of Regulation B, even though 
there is no finance charge and no agreement for payment in 
installments--meaning that it would not be covered under Regulation Z. 
Such extensions of incidental credit are excepted from compliance with 
certain procedural requirements as specified in existing Sec.  
1002.3(c). The Board created these exceptions in response to commenters 
that urged it to minimize burdens on businesses that ``permit their 
customers to defer payment of debt as a convenience and are not in the 
business of extending credit.'' \476\
---------------------------------------------------------------------------

    \476\ 40 FR 49298, 49304 (Oct. 22, 1975).
---------------------------------------------------------------------------

    The Bureau sought comment on its proposal to exclude incidental 
credit and it received one industry comment in support of the proposed 
exclusion.
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.104(b)(4) as proposed. The Bureau is adopting a definition of 
``covered credit transaction'' that only covers business credit and 
that fully excludes incidental credit pursuant to its authority under 
ECOA section 704B(g)(1) to prescribe such rules and issue such guidance 
as may be necessary to carry out, enforce, and compile data under 
section 1071, as well as its authority under 704B(g)(2) to adopt 
exceptions to any requirement of section 1071 and to conditionally or 
unconditionally exempt any financial institution or class of financial 
institutions from the statute's requirements, as the Bureau deems 
necessary or appropriate to carry out the purposes of section 1071. The 
Bureau believes that the Board's reasoning with respect to incidental 
credit's limited exception under existing Regulation B is equally 
applicable and relevant here. Additionally, the Bureau believes that 
providers of incidental credit may not intend to extend credit and may 
not currently manage compliance with regulatory requirements associated 
with making extensions of credit. The Bureau believes an exclusion is 
appropriate to further the business and community development purpose 
of section 1071 because of the likelihood that these entities may incur 
large costs relative to their size to collect and report 1071 data in 
an accurate and consistent manner, which could result in entities 
limiting credit to their small business customers or in potential data 
quality issues.
Government Credit
    The existing definition of business credit in Sec.  1002.2(g) 
partially excludes public utilities credit, securities credit, 
incidental credit, and government credit (that is, extensions of credit 
made to governments or governmental subdivisions, agencies, or 
instrumentalities--not extensions of credit made by governments), as 
defined in existing Sec.  1002.3(a) through (d), from existing 
Regulation B.\477\
---------------------------------------------------------------------------

    \477\ As explained in existing comment 3-1, under Sec.  1002.3, 
procedural requirements of Regulation B do not apply to certain 
types of credit. The comment further states that all classes of 
transactions remain subject to Sec.  1002.4(a) (the general rule 
barring discrimination on a prohibited basis) and to any other 
provision not specifically excepted.
---------------------------------------------------------------------------

    In its NPRM, the Bureau did not propose in Sec.  1002.104(b) to 
separately exclude government credit, as defined in existing Sec.  
1002.3(d)(1) to mean ``extensions of credit made to governments or 
governmental subdivisions, agencies, or instrumentalities.'' The Bureau 
sought comment on its approach to government credit but did not receive 
any comments on this aspect of the proposal. For the purpose of subpart 
B, the Bureau is finalizing complete exclusions for public utilities 
credit, securities credit, and incidental credit from the definition of 
a covered credit transaction in final Sec.  1002.104(b), as described 
above, but is not adopting a similar exclusion for government credit. 
The Bureau is finalizing its approach because it believes that an 
express exclusion for extensions of credit made to governments or 
governmental subdivisions, agencies, or instrumentalities is not 
necessary because such governmental entities would not constitute small 
businesses under the final rule.\478\
---------------------------------------------------------------------------

    \478\ Government entities are not ``organized for profit'' and 
are thus not a ``business concern'' under proposed Sec.  
1002.106(a).
---------------------------------------------------------------------------

Additional Requested Exclusions
    The Bureau received numerous comments requesting the Bureau exclude 
additional products from coverage under the rule. These

[[Page 35245]]

comments and the Bureau's response are discussed below.
    Point-of-sale transactions. A trade association urged the Bureau to 
fully exempt point-of-sale transactions from the rule, arguing that 
data collected in connection with such transactions would be 
inaccurate. In the alternative, this commenter suggested an exception 
from the requirement to obtain principal owners' ethnicity, race, and 
sex information, for credit lines below $50,000. As discussed in the 
section-by-section analysis of Sec.  1002.107(c), the Bureau does not 
believe it would be appropriate to categorically exempt point-of-sale 
transactions. The Bureau also is not adopting a minimum transaction 
amount threshold, as discussed below.
    Minimum transaction amount threshold. Some industry commenters 
requested the Bureau exempt all credit transactions from section 1071 
collection and reporting requirements if they fell below a certain 
minimum transaction threshold. One commenter asked the Bureau to adopt 
a de minimis loan amount exemption of at least $1 million to soften the 
rule's impact on small entities and borrowers. A credit union stated 
that the Bureau should implement a minimum loan amount of $10 million. 
Some banks urged an exemption for ``small loans'' under $25,000, 
asserting a need to help institutions, especially smaller institutions, 
keep compliance costs down and ensure these credit products remain 
available to the small and agricultural businesses who need them most.
    Some industry commenters, including several credit union trade 
associations, requested an exemption for credit transactions under 
$50,000. A few commenters argued such an exemption was needed for 
consistency with National Credit Union Administration regulations, 
which impose a $50,000 threshold for reporting member business loans. 
Two credit union trade associations argued that failing to exempt such 
loans would reduce their availability and also reflects a substantial 
underestimation of the full impact of the proposed covered financial 
institution threshold. Several trade associations also recommended the 
Bureau permit voluntary reporting of loans below $50,000. A bank stated 
that a $50,000 threshold would result in a significant improvement that 
would still allow the Bureau to obtain meaningful data. Another bank 
maintained that this exclusion was needed to reduce compliance burdens 
related to small loans that are not profitable but that are important 
to communities. On the other hand, another commenter stressed the 
importance of supporting access to microloans for financing start-up or 
growth and suggested separating microloans ($50,000 or less) into a 
separate category.
    A few industry commenters suggested exempting loans under $100,000. 
These commenters generally argued that such an exemption was needed to 
keep the cost of loan origination lower for small dollar borrowers, 
thereby helping to make more borrowers eligible for credit. Several 
industry commenters urged the Bureau adopt a minimum transaction amount 
threshold, without specifying a dollar amount. One of these commenters 
noted that, due to price inflation, $100,000 would be too small of an 
amount for such a threshold and that if a threshold were established, 
it would need to be per loan and not cumulative.
    For the reasons set forth herein, the Bureau is not adopting an 
exemption for credit transactions below a certain dollar threshold. At 
the time of the Federal Reserve Banks' 2021 survey of employer firms, 
60 percent of employer firms had $100,000 or less in outstanding debt, 
with 48 percent of such firms holding $50,000 or less in outstanding 
debt.\479\ According to SBA data, more than 87 percent of Paycheck 
Protection Program loans in 2021 were loans of $50,000 and below,\480\ 
and approximately 20 percent of SBA 7(a) loans between 2010 and 2019 
were in amounts less than $25,000. In terms of industry adoption of 
minimum loan amount thresholds, research by the FDIC shows that only a 
small share (14.8 percent) of small banks require a minimum loan amount 
for their top loan product to small businesses, compared with a 
majority (69.8 percent) of large banks.\481\ Moreover, as discussed in 
the section-by-section analysis of Sec.  1002.106(b)(1), the Bureau 
believes that loan size a poor proxy for small business size--in fact, 
FDIC staff found ``at least $19.1 billion in gross understatement of 
small business lending (in which small businesses with less than $1 
million in gross annual revenue received loans with amounts greater 
than $1 million).'' \482\ Based on this information, the Bureau does 
not believe that adopting a minimum transaction amount threshold would 
further the purposes of section 1071 because it would exclude 
substantial portions of small business lending.
---------------------------------------------------------------------------

    \479\ 2022 Small Business Credit Survey at 13.
    \480\ Small Bus. Admin., PPP Report: Approvals through 05/31/
2021, https://www.sba.gov/sites/default/files/2021-06/PPP_Report_Public_210531-508.pdf.
    \481\ Small Business Lending Survey at 44, https://www.fdic.gov/bank/historical/sbls/full-survey.pdf.
    \482\ Fed. Deposit Ins. Corp., Measurement of Small Business 
Lending Using Call Reports: Further Insights From the Small Business 
Lending Survey, at 7 (July 2020), https://www.fdic.gov/analysis/cfr/staff-studies/2020-04.pdf.
---------------------------------------------------------------------------

    Vehicle financing. One bank urged the Bureau to specify that any 
motor vehicle financed in the first instance by retail motor vehicle 
dealers are deemed consumer loans and thus exempt. A vehicle leasing 
trade association also suggested that vehicle financing was so similar 
to consumer lending that it should be exempt from section 1071 
reporting requirements.
    The Bureau is not categorically exempting business-purpose vehicle 
financing, even though it may often be offered alongside consumer-
purpose credit. Per existing comment 2(g)-1, the test for deciding 
whether a transaction qualifies as business credit is one of primary 
purpose. Where a small business applies for vehicle financing primarily 
for business or commercial (including agricultural) purposes from a 
covered financial institution, the transaction is reportable. For a 
broader discussion of vehicle financing with respect to reporting 
obligations where multiple financial institutions are involved in a 
covered credit transaction, see the section-by-section analysis of 
Sec.  1002.109(a)(3).
    Letters of credit. A bank asked the Bureau to clarify if letters of 
credit are covered credit transactions for purposes of section 1071, 
and if they are, this commenter also recommended that the Bureau 
exclude these types of transactions from reporting.
    The Bureau understands that letters of credit products are 
primarily used in the international trade context. Generally, a letter 
of credit is an instrument issued by a bank that promises, upon the 
presentation of certain documents and/or satisfaction of certain 
conditions, to direct payment to a beneficiary of the instrument. 
Letters of credit are often presented by buyers of goods who seek to 
postpone payment until their goods have been received. Some letters of 
credit are secured by a promissory note and are converted if the 
customer fails to pay.
    ECOA and Regulation B do not address letters of credit. Regulation 
Z excludes letters of credit under its comment 2(a)(14)-1.vi. In 
finalizing this exclusion, the Board stated that ``[i]ssuance of 
letters of credit and execution of option contracts are not extensions 
of credit, although there may be an extension of credit when the letter 
of credit is presented for payment or the option is exercised, if there 
is a deferral of the payment of a debt at that

[[Page 35246]]

time.'' \483\ The Bureau agrees with the Board's assessment of these 
products and believes that a letter of credit is not credit under ECOA. 
Thus, the Bureau is not covering letters of credit under the final 
rule.
---------------------------------------------------------------------------

    \483\ 46 FR 20848, 20851 (Apr. 7, 1981).
---------------------------------------------------------------------------

    Government programs. Some industry commenters urged the Bureau to 
exempt government lending programs (such as the Paycheck Protection 
Program) and/or government sponsored/guaranteed loans (such as USDA 
loans), arguing that inclusion would discourage participation. One also 
argued that the fact that the fees and interest rates for Paycheck 
Protection Program loans were set by Congress, meant there was a 
reduced risk of discriminatory lending practices related to terms of 
the credit transaction. Another suggested that 1071 data collection and 
reporting was not required because many government programs already 
collected similar information. A few commenters specifically 
recommended exempting SBA lending programs, particularly section 504 
loans.
    The Bureau has considered these comments but is not categorically 
exempting credit transactions originated by, sponsored by, facilitated 
by, or guaranteed by government entities. According to one source, 
there are 65 government-sponsored, grants, loans, and programs that may 
benefit small businesses.\484\ The Bureau understands that many small 
businesses rely on government programs for credit and believes that 
excluding such credit in this final rule would not further either of 
section 1071's statutory purposes.
---------------------------------------------------------------------------

    \484\ U.S. Chamber of Com., 65 Grants, Loans and Programs to 
Benefit Your Small Business (Nov. 17, 2022), https://www.uschamber.com/co/run/business-financing/government-small-business-grant-programs.
---------------------------------------------------------------------------

    C-PACE loans. A trade association of Commercial Property Assessed 
Clean Energy (C-PACE) loan providers requested an exemption due to 
purportedly unique features of C-PACE loans, such as prior approval by 
the local government, absence of acceleration, lack of control over the 
identity of the obligor, and absence of private remedies.
    C-PACE programs generally allow commercial property owners, which 
could include small businesses, to receive financing to fund clean-
energy, seismic strengthening, or water conservation improvements to 
their properties. The financial obligation arises from voluntary 
contract. Various private companies appear to play a significant role 
in financing, originating, and administering C-PACE transactions. Under 
State law, C-PACE is an assessment that appears on businesses' property 
tax bills. Although the commercial property owner signs the financing 
agreement, it is typically not a personal liability of the commercial 
property owner, and the obligation will stay with the property until 
fully paid. C-PACE is secured by a super-priority lien on the 
property--if the property is sold through foreclosure, C-PACE (like a 
regular property tax lien) is first in line to receive any proceeds 
from the sale even if a mortgage was on the property first. The Bureau 
understands that typically, only the arrearage on the C-PACE lien gets 
paid off in foreclosure, and the rest of the C-PACE indebtedness 
remains with the property after foreclosure.
    While publicly available data on C-PACE programs appear to be 
limited, the Bureau understands that these programs are growing in 
popularity; \485\ excluding these loan products from the requirements 
of this rule would result in incomplete data about the relevant markets 
and would thus not advance section 1071's business and community 
development purpose.
---------------------------------------------------------------------------

    \485\ See, e.g., Greenworks Lending, C-PACE Financing Sees 
Massive Growth Nationally: What you should know about this 
alternative development financing mechanism (June 7, 2021), https://commercialobserver.com/2021/06/c-pace-financing-sees-massive-growth-nationally/.
---------------------------------------------------------------------------

    The Bureau is not excluding C-PACE financing arrangements from 
reporting under section 1071, as requested by one commenter. Based on 
its understanding of typical C-PACE financing arrangements and its 
expertise with respect to the nature of credit transactions, the Bureau 
believes that the term ``credit'' under ECOA and final Sec.  
1002.102(i) encompasses these products. Under a C-PACE financing 
arrangement, there is (1) a ``debt'' in the form of an obligation to 
pay for the cost of property upgrades and (2) a right to defer payment 
on that obligation for a term. Similarly, there is (1) a ``purchase[] 
[of] property or services'' in the form of property upgrades, and (2) a 
right to defer payment on the property or services. The borrower enters 
into C-PACE financing through a voluntary transaction. That the parties 
agree that payment will be made through an assessment through the 
property tax system does not change the Bureau's analysis. ECOA (and 
Regulation B) do not specify a particular vehicle or form of payment 
for a transaction to constitute credit, nor do they limit the form of 
obligation. The Bureau is not specifically defining C-PACE financing 
arrangements in the rule because the Bureau believes these products are 
covered by the definition of ``credit'' in final Sec.  1002.102(i).
    Finally, in the Bureau's judgment, an exclusion of C-PACE loans--
whether by interpretation or by granting an exception--would not 
further the fair lending and the business and community development 
purposes of section 1071.\486\ This is for three independent reasons. 
First, while the Bureau understands that C-PACE financing may present 
less fair lending risk compared to some other products because such 
financing is based on the value of the property, not the 
creditworthiness of the obligor (who can change along with ownership of 
the property), the Bureau does not believe that is a sufficient reason 
by itself to exclude C-PACE lending from coverage under this final 
rule. Section 1071 is not limited to those products with the highest 
fair lending risk. Second, the Bureau does not agree that data 
collection to provide additional insight into the product is 
unnecessary. Third, and most significantly, including C-PACE loans 
should create a more level playing field across financial institutions 
that provide construction financing to small businesses as well as 
create a dataset that better reflects demand for such financing by the 
smallest and most vulnerable businesses.
---------------------------------------------------------------------------

    \486\ ECOA section 704B(a).
---------------------------------------------------------------------------

    Overdraft lines of credit. In its NPRM, the Bureau did not address 
overdraft lines of credit other than asking whether they should be 
listed as a credit product separate from other lines of credit. The 
Bureau received one comment urging exclusion of overdraft lines of 
credit on the grounds that their inclusion would significantly expand 
the data collection requirements for small business deposit account 
applications since most such deposit accounts have an option to obtain 
an overdraft line of credit. This commenter also argued that collecting 
data on overdraft lines of credit would not further section 1071's 
purpose of preventing discrimination against small business credit 
applicants because banks conduct little, if any, underwriting when 
extending overdraft lines of credit on small business deposit accounts.
    The Bureau is not categorically exempting overdraft lines of credit 
but notes that they are reportable only where there is an 
``application'' under Sec.  1002.103. Providing occasional overdraft 
services as part of a deposit account offering would not be reported 
for the purpose of subpart B pursuant to new comment 107(a)(6)-8.

[[Page 35247]]

Voluntary Reporting
    Absent a specific requirement to collect protected demographic data 
(such as in section 1071), ECOA generally blocks collection of such 
demographic data in connection with an application for credit. The 
Bureau sought comment on whether financial institutions should be 
permitted to voluntarily collect and report applicants' protected 
demographic information for transactions such as leases (due to the 
practical difficulty cited by some stakeholders of distinguishing 
leases from loans), consumer-designated credit (when financial 
institutions have reason to believe the credit might be used for 
business purposes), and real estate investment loan transactions that 
are secured by non-owner occupied 1-4 dwelling unit properties pursuant 
to proposed Sec.  1002.109.
    The Bureau received comments from community groups and trade 
associations on this aspect of the proposal. A number of community 
groups stated that the Bureau should permit voluntary reporting on 
leases and factoring to have the most comprehensive data on the small 
business financing market as it relates to minority entrepreneurs. A 
community group purporting to address the proposed amendments to 
existing Sec.  1002.5(a)(4) commented that the Bureau should permit 
voluntary collection not only by financial institutions not covered by 
the rule, but also should permit covered financial institutions to 
collect data on consumer credit used to fund small businesses.
    The Bureau did not receive any industry comments expressing an 
interest in being able to voluntarily report non-covered products. In 
fact, a few trade associations and a business advocacy group expressly 
opposed such voluntary reporting. One trade association argued against 
voluntary reporting of non-covered transactions, citing concerns about 
the quality of data collected and the creation of an uneven playing 
field among financial institutions that would contribute to 
misinterpretations of the data by observers. Two other commenters also 
argued against the voluntary reporting of consumer-designated credit 
used for business purposes, asserting that such reporting would create 
confusion, introduce the possibility of error, and put financial 
institutions in a position to question their members' intentions.
    For the reasons set forth herein, the Bureau is finalizing its 
approach to not permit voluntary reporting of non-covered products. The 
Bureau sought comment on voluntary reporting to address a potential 
pain point for industry but heard no industry interest in such a 
solution. The Bureau thus finds it unnecessary to change the proposed 
section 1071 collection system to receive data on such non-covered 
products. However, as discussed in the section-by-section analysis of 
Sec.  1002.112(c)(3), the Bureau is adopting a catch-all safe harbor 
that will protect financial institutions who encounter the underlying 
situation that voluntary reporting was intended to address. 
Specifically, that safe harbor will address situations where a 
financial institution has a reasonable basis--at the time of collecting 
the protected demographic information required by this rule--to believe 
there is a covered application and that data collection is necessary, 
including situations in which it later determines that the transaction 
is not in fact reportable (because the ultimate transaction is not a 
covered product, the business is not small, or there is otherwise not a 
covered application).

Section 1002.105 Covered Financial Institutions and Exempt Institutions

    ECOA section 704B(h)(1) defines the term ``financial institution'' 
as ``any partnership, company, corporation, association (incorporated 
or unincorporated), trust, estate, cooperative organization, or other 
entity that engages in any financial activity.'' The Bureau is 
finalizing a definition of financial institution in Sec.  1002.105(a) 
consistent with that statutory language. The Bureau is defining a 
covered financial institution in Sec.  1002.105(b) as a financial 
institution that originated at least 100 covered credit transactions 
from small businesses in each of the two preceding calendar years. Only 
those financial institutions that meet this loan-volume threshold in 
the definition of a covered financial institution would be required to 
collect and report small business lending data pursuant to proposed 
subpart B.
    The Bureau's definitions reflect the broad nature of the data 
collection specified in section 1071, while recognizing the risks that 
financial institutions with the lowest volume of small business lending 
might limit their small business lending activity because of the fixed 
costs of coming into compliance with this rule.
    The Bureau is finalizing Sec.  1002.105 to implement ECOA section 
704B(h)(1) and pursuant to its authority under 704B(g)(1) to prescribe 
such rules and issue such guidance as may be necessary to carry out, 
enforce, and compile data pursuant to section 1071. The Bureau is also 
finalizing Sec.  1002.105(b) pursuant to its authority under 704B(g)(2) 
to conditionally or unconditionally exempt any financial institution or 
class of financial institutions from the statute's requirements, as the 
Bureau deems necessary or appropriate to carry out the purposes of 
section 1071. The Bureau is finalizing these provisions and using its 
exemption authority under 704B(g)(2) for the reasons set forth below.
105(a) Financial Institution
Proposed Rule
    ECOA section 704B(h)(1) defines the term ``financial institution,'' 
for purposes of section 1071, as ``any partnership, company, 
corporation, association (incorporated or unincorporated), trust, 
estate, cooperative organization, or other entity that engages in any 
financial activity.'' Existing Regulation B, which implements ECOA, has 
not otherwise defined this term.
    Proposed Sec.  1002.105(a) would have restated the statutory 
definition of a financial institution as any partnership, company, 
corporation, association (incorporated or unincorporated), trust, 
estate, cooperative organization, or other entity that engages in any 
financial activity. The Bureau believed that this definition reflects 
the broad nature of small business lending data collection specified in 
section 1071. Under such a definition, the rule's data collection and 
reporting requirements would apply to a variety of entities that engage 
in small business lending, including depository institutions (i.e., 
banks, savings associations, and credit unions),\487\ online lenders, 
platform lenders, CDFIs, Farm Credit System lenders, lenders involved 
in equipment and vehicle financing (captive financing companies and 
independent financing companies), commercial finance companies, 
governmental lending entities, and nonprofit, nondepository lenders.
---------------------------------------------------------------------------

    \487\ Throughout this document, the Bureau is using the term 
depository institution to mean any bank or savings association 
defined by the Federal Deposit Insurance Act, 12 U.S.C. 1813(c)(1), 
or credit union defined pursuant to the Federal Credit Union Act, as 
implemented by 12 CFR 700.2. The Bureau notes that the Dodd-Frank 
Act defines a depository institution to mean any bank or savings 
association defined by the Federal Deposit Insurance Act; there, 
that term does not encompass credit unions. 12 U.S.C. 5301(18)(A), 
1813(c)(1). To facilitate analysis and discussion, the Bureau is 
referring to banks and savings associations together with credit 
unions as depository institutions throughout this rulemaking, unless 
otherwise specified.
---------------------------------------------------------------------------

    The Bureau noted that the broad scope of what may be considered a 
``financial activity'' in the proposed

[[Page 35248]]

definition of financial institution would not be the principal 
determinative factor as to whether small business lending data 
collection and reporting is required; the proposed definition of a 
covered financial institution, the proposed definition of a covered 
application, and the proposed definition of a covered credit 
transaction, among others, all would impose limits on what entities 
could be subject to the rule's data collection and reporting 
requirements.
    Proposed comment 105(a)-1 would have provided a list of examples of 
entities that may fit within the definition of a financial institution. 
This proposed comment would have made clear that nonprofit and 
governmental entities, governmental subdivisions, or governmental 
agencies, among others, who conduct financial activity fit within the 
definition of a financial institution. Proposed comment 105(a)-2 would 
have referred to proposed Sec.  1002.101(a) to reiterate the statutory 
exclusion for motor vehicle dealers.
    The Bureau sought comment on this proposed definition of a 
financial institution, and generally requested comment on whether 
additional clarification is needed.
Comments Received
    A broad range of commenters, including lenders, trade associations, 
community groups, and business advocacy groups, expressed support for 
the Bureau's proposed general definition of financial institution. A 
number of commenters stated that it is an appropriately broad 
definition that captures a wide variety of lenders, including online 
lenders, platform lenders, lenders involved in equipment and vehicle 
financing, and commercial finance companies. Commenters asserted that a 
broad definition will yield meaningful data. Several commenters noted 
that capturing a broad array of lenders is essential for achieving the 
objectives of section 1071 and that a broad definition is important for 
regulatory parity. Other commenters stated that there should be no 
exceptions permitted for certain types of lenders and a community group 
stated that missing any segment of lending risks encouraging abusive 
lending institutions to violate fair lending laws. One trade 
association expressed opposition to the proposed definition, however, 
arguing that it is too broad because it includes captive vehicle 
finance partners.
    Several commenters agreed that the rule must apply to government 
lenders, with one commenter specifically requesting inclusion of the 
Farm Service Agency. An association urged the Bureau to include as 
examples in the rule the largest Federal, State, and municipal lending 
programs.
    Another trade association stated that SBA certified development 
companies are certified and regulated by the SBA, and the SBA already 
collects application information that includes the data points that the 
Bureau proposes to collect. The commenter further asserted that 
reproducing these data will likely incur significant one time and 
ongoing compliance costs. In contrast, a bank stated that data shows 
that the performance levels of the SBA and the lenders participating in 
their programs has produced dismal results, permitting some lenders to 
enjoy ``preferred'' lender status while not delivering loans to 
disadvantaged communities. Moreover, two commenters urged the Bureau to 
work with other government agencies to ensure that existing reporting 
is leveraged where possible.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.105(a) and its associated commentary as proposed. The Bureau 
emphasizes that the list of examples of entities in comment 105(a)-1 is 
not exhaustive and that other entities not specifically described may 
nonetheless fit within the definition of a financial institution under 
Sec.  1002.105(a). The Bureau agrees with commenters that governmental 
lenders should be covered by the rule. As explained in the proposed 
rule, the Bureau interprets the statute to include government entities 
in the definition of financial institution. The definition of the term 
``financial institution'' in ECOA section 704B(h)(1) includes the 
phrase ``or other entity.'' That term readily encompasses governments 
and government entities. Even if the term ``or other entity'' were 
ambiguous, the Bureau believes--based on its expertise and experience--
that interpreting it to encompass governments and government entities 
promotes the purposes of section 1071.
    For example, the Bureau believes that it will be helpful to 
identify the business and community development needs and opportunities 
of small businesses, including those that are women-owned, minority-
owned, and LGBTQI+-owned, by collecting lending data from both a 
county-run assistance program for establishing new businesses and 
financial institutions that operate nationwide, like online lenders. 
The Bureau also believes that the terms ``companies'' or 
``corporations'' under the definition of ``financial institution'' in 
ECOA section 704B(h)(1), cover all companies and corporations, 
including government-owned or -companies and corporations. And even if 
those terms were ambiguous, the Bureau believes--based on its expertise 
and experience--that interpreting them to cover government-owned or -
companies and corporations advances the purposes of section 1071, 
particularly the business and community development purpose, as it will 
more accurately capture demand for credit.
    The Bureau is not, however, listing specific examples of covered 
governmental lenders/programs in the rule. The Bureau does not believe 
such a list is necessary, and inclusion of a specific list could cause 
confusion if the listed programs (or those lenders' loan volumes) were 
to change.
    In response to commenters who raised potential overlap with other 
reporting regimes, see part V.D.3 for a detailed discussion of this 
issue.
    Commenters' requests for specific exclusions, such as for captive 
vehicle finance partners, are discussed in the section-by-section 
analysis of Sec.  1002.105(b) below.
105(b) Covered Financial Institution
Background
    Throughout the rulemaking process, the Bureau has received requests 
to adopt a variety of exemptions from collection and reporting 
requirements under section 1071. Reasons cited have included 
discouraging market disruption, ensuring data quality, alleged lack of 
materiality of data from smaller lenders that rarely make small 
business loans, and lack of capacity by the lenders sufficient to 
justify small business lending as a line of business in light of the 
cost of complying with the rule.
    As detailed below, the Bureau is adopting an activity-based 
exemption. The Bureau defines a covered financial institution in Sec.  
1002.105(b) as a financial institution that originated at least 100 
covered credit transactions from small businesses in each of the two 
preceding calendar years. Only those financial institutions that meet 
this loan-volume threshold in the definition of a covered financial 
institution will be required to collect and report small business 
lending data under this rule. The final rule does not include 
categorical exemptions for particular types of institutions from 
coverage, but the Bureau notes that its Regulation B does not apply to 
motor vehicle dealers.\488\
---------------------------------------------------------------------------

    \488\ Regulation B does not apply to a person excluded from 
coverage by section 1029 of the Consumer Financial Protection Act of 
2010, title X of the Dodd-Frank Wall Street Reform and Consumer 
Protection Act, Public Law 111-203, 124 Stat. 1376, 2004 (2010).

---------------------------------------------------------------------------

[[Page 35249]]

Proposed Rule
    Activity-based exemption. In the SBREFA Outline, the Bureau stated 
that it was considering whether only financial institutions that engage 
in a certain amount of small business lending activity should be 
required to collect and report 1071 data.\489\ The Bureau explained 
that in light of section 1071's potentially broad application to 
financial institutions, an activity-based test to determine reporting 
responsibility might be appropriate. In particular, the Bureau 
expressed concern that financial institutions with the lowest volume of 
small business lending might limit their small business lending 
activity because of the fixed costs of coming into compliance with the 
rule. The Bureau stated that this result could be contrary to the 
community development purpose of section 1071.
---------------------------------------------------------------------------

    \489\ SBREFA Outline at 12-13.
---------------------------------------------------------------------------

    In the NPRM, the Bureau stated that it believed that an activity-
based threshold would provide a simple basis for financial institutions 
that infrequently lend to small businesses to determine whether they 
have conducted sufficient lending activity as to be required to collect 
and report data under proposed subpart B. The Bureau believed that 
furnishing a dual activity-based and asset-based threshold, under which 
infrequent lenders must ascertain both measurements to determine 
whether reporting may be required, would cut against the goal of 
simplifying the rule as lenders would then have to track two metrics, 
not one. The Bureau believed that a dual threshold would create more 
regulatory complexity as compared to only tracking total annual small 
business originations.
    In particular, the Bureau believed that a primary advantage of an 
activity-based threshold--ease of compliance--would be undermined if 
the Bureau were to implement a complex, dual threshold eligibility 
test. The Bureau wished to ensure that infrequent lenders were not 
incurring significant undue compliance costs, particularly while not 
reporting data. In general, tracking two thresholds is more complex 
than tracking one. The Bureau believed it is also more likely that 
financial institutions are already tracking total originations. The 
Bureau believed that proposing an activity-based threshold that employs 
data already generally collected by financial institutions could 
mitigate the risk that section 1071, when implemented, would result in 
reduced access to credit.
    Activity threshold level. Proposed Sec.  1002.105(b) would have 
defined a covered financial institution as a financial institution that 
originated at least 25 covered credit transactions for small businesses 
in each of the two preceding calendar years. Only those financial 
institutions that meet this loan-volume threshold in the definition of 
a covered financial institution would be required to collect and report 
small business lending data pursuant to subpart B.
    The Bureau believed this definition would facilitate compliance by 
describing which financial institutions are required to collect and 
report small business data. The Bureau also proposed commentary to 
accompany proposed Sec.  1002.105(b). In general, the Bureau believed 
that fulfilling the purposes of section 1071 necessitates collecting 
small business lending data from all sizes and types of financial 
institutions (other than those with a low volume of lending activity), 
particularly given the variety of entities identified in ECOA section 
704B(h)(1). The Bureau proposed to exempt certain financial 
institutions from its small business lending rule because it remained 
concerned that financial institutions with the lowest volume of small 
business lending might limit their small business lending activity due 
to the fixed costs of coming into compliance with the rule. That type 
of market disruption could run contrary to the business and community 
development purpose of section 1071. Section 1071 describes its 
community development purpose as ``enabl[ing] communities, governmental 
entities, and creditors to identify business and community development 
needs and opportunities of women-owned, minority-owned, and small 
businesses.'' \490\ In the Bureau's view, ensuring that business and 
community development opportunities could be met as well as identified 
supported the Bureau's use of its exemption authority under 704B(g)(2) 
here.
---------------------------------------------------------------------------

    \490\ ECOA section 704B(a).
---------------------------------------------------------------------------

    The Bureau proposed to set the activity-based threshold based on 
small business originations, rather than applications. The statutory 
language of section 1071 generally applies to applications; however, 
the Bureau believed that using small business originations for purposes 
of defining a covered financial institution is the better approach. The 
Bureau expected that financial institutions track their small business 
application volumes in various ways, but whether an origination 
resulted was a clear and readily identifiable metric. Using an 
exemption metric based on applications would have imposed new 
obligations on financial institutions solely for purposes of 
determining whether or not they are subject to this rule. As discussed 
above, the Bureau believed that proposing an activity-based threshold 
that employed data already generally collected by financial 
institutions could mitigate the risk that section 1071, when 
implemented, would result in reduced access to credit. In addition, 
even those financial institutions that track total applications now may 
not do so in a way that fully aligns with how the Bureau proposed to 
define covered applications for purposes of proposed subpart B. Using 
the number of originations, as opposed to applications, for an 
activity-based threshold was also consistent with the Bureau's 
Regulation C.
    The Bureau proposed to clarify in Sec.  1002.105(b) that for 
purposes of defining a covered financial institution, if more than one 
financial institution was involved in the origination of a covered 
credit transaction, only the financial institution that made the final 
credit decision approving the application shall count the origination. 
The Bureau believed that providing this clarifying language would 
assist financial institutions in understanding which transactions count 
towards the loan-volume threshold. This approach was consistent with 
the Bureau's proposed Sec.  1002.109(a)(3).
    Proposed comments 105(b)-4 and -5 would have explained when a 
financial institution was a covered financial institution following a 
merger or acquisition. These proposed comments were largely consistent 
with the Bureau's approach to reporting obligations surrounding a 
merger under Regulation C,\491\ with modifications to reflect the 
nature of the small business lending market and to provide additional 
clarifications.
---------------------------------------------------------------------------

    \491\ See Regulation C comments 2(g)-3 and -4.
---------------------------------------------------------------------------

    Proposed comment 105(b)-6 would have clarified that Regulation B 
(including proposed subpart B) generally did not apply to lending 
activities that occur outside the United States.
    Finally, proposed comment 105(b)-7 would have addressed financial 
institutions that do not qualify as covered financial institutions but 
may nonetheless wish to voluntarily collect and report small business 
lending data. This proposed comment would have reiterated that proposed

[[Page 35250]]

Sec.  1002.5(a)(4)(vii) through (ix) permitted a creditor that was not 
a covered financial institution under proposed Sec.  1002.105(b) to 
voluntarily collect and report information regarding covered 
applications in certain circumstances. If a creditor is voluntarily 
collecting applicants' protected demographic information for covered 
applications, it shall do so in compliance with proposed Sec. Sec.  
1002.107, 1002.108, 1002.111, 1002.112, and 1002.114 as though it were 
a covered financial institution. Proposed comment 105(b)-7 would have 
further stated that if a creditor was voluntarily reporting those 
covered applications to the Bureau, it shall do so in compliance with 
proposed Sec. Sec.  1002.109 and 1002.110 as though it were a covered 
financial institution.
    The Bureau sought comment on its proposed 25 originations threshold 
incorporated into the definition of a covered financial institution. 
The Bureau also solicited comment on whether this threshold should 
alternatively be set at 50 or 100 covered credit transactions. In 
addition, the Bureau sought comment on whether an activity-based 
threshold should be based on the total number of small business 
applications, rather than originations. The Bureau also requested 
comment on whether additional clarification was needed for this 
proposed definition.
    Two-year threshold measurement period. The Bureau proposed to 
define a covered financial institution using a loan-volume threshold 
that must be achieved in each of the two preceding calendar years.
    The Bureau acknowledged that a loan-volume threshold based on a 
two-year period could create some operational complexity for some 
financial institutions. To be sure that it was not a covered financial 
institution, a financial institution would need to maintain records 
sufficient to show total small business originations for both years of 
the threshold period. The Bureau believed that two years was not a 
prohibitively long time, although it is possible that infrequent 
lenders may have smaller staff or fewer resources to reliably track 
such information for section 1071's purposes. The Bureau believed that 
a two-year threshold period was advisable to eliminate uncertainty 
surrounding data collection responsibilities. Under this proposal, a 
financial institution that may not frequently lend to small businesses, 
but that experiences an unusual and unexpectedly high lending volume in 
a single year would not be a covered financial institution. As 
discussed in part VIII below, in order to comply with the Bureau's 
rule, a financial institution may need to undertake substantial one-
time costs that include operational changes, such as staff training, 
information technology changes, and develop policies and procedures. 
Therefore, the Bureau believed it appropriate to propose a two-year 
threshold period to provide more stability around reporting 
responsibilities. Regulations that implement HMDA and the Community 
Reinvestment Act provide similar periods to determine coverage.
    The Bureau noted that employing a two-year approach would delay 
reporting for new, potentially active entrants. For example, under this 
proposal a large lender that enters the market and originates hundreds 
or even thousands of small business loans in its first two calendar 
years of lending would not report its covered applications. That is, 
under the Bureau's proposal, this financial institution would not be 
required to collect and report data on its covered applications for 
small businesses in those first two years, although the institution 
could choose to voluntarily collect and report data. The Bureau 
recognized, however, that triggering data collection and reporting 
requirements based on lenders' estimates of their projected future 
volume could be challenging to implement.
    The proposed two-year threshold period could pose other challenges 
for financial institutions that conduct small business lending activity 
near the proposed 25 small business originations threshold. See the 
section-by-section analysis of Sec.  1002.5(a)(4) above for a 
discussion of Sec.  1002.5(a)(4)(viii), which would allow a financial 
institution to collect ethnicity, race, and sex information pursuant to 
proposed subpart B for a covered application under certain 
circumstances during the second year of the threshold period. See the 
section-by-section analysis of Sec.  1002.114(c)(2) below for 
discussion of additional flexibility that the Bureau is finalizing 
regarding measuring lending activity prior to the rule's compliance 
date.
    Proposed comment 105(b)-1 would have clarified the meaning of a 
preceding calendar year for purposes of the proposed activity-based 
threshold. See the section-by-section analysis of Sec.  1002.114(c)(3) 
below for additional discussion regarding measuring lending activity 
prior to the rule's compliance date. Proposed comment 105(b)-2 would 
have emphasized that a financial institution qualifies as a covered 
financial institution based on total covered credit transactions 
originated for small businesses, rather than covered applications 
received from small businesses. Proposed comment 105(b)-3 would have 
explained that whether a financial institution is a covered financial 
institution depends on its particular small business lending activity 
in the two preceding calendar years, and that the obligations of a 
covered financial institution is an annual consideration for each year 
that data may be compiled and maintained under proposed Sec.  
1002.107(a).
    Other requested exemptions. The Bureau did not propose to adopt 
alternative exemptions or exceptions to the definition of covered 
financial institution, other than the loan-volume threshold as 
described above.
    With respect to government lenders, in the proposal the Bureau 
stated that it has not identified, nor did small entity representatives 
or other stakeholders provide, policy or legal rationales for excluding 
government lenders from the rule. The Bureau believed that collecting 
information on small business lending by government entities furthered 
the purposes of section 1071. Moreover, the Bureau believed, as 
described above in the discussion of proposed comment 105(a)-1, that 
government entities were included within the phrase ``other entity'' in 
the ECOA section 704B(h)(1) definition of ``financial institution.'' 
For example, the Bureau believed that it would be helpful to identify 
the business and community development needs of women-owned, minority-
owned, and small businesses by collecting lending data from both an 
online lender and a county-run assistance program for establishing new 
businesses.
    For the same reasons, the Bureau did not believe that exempting 
not-for-profit lenders from data collection was consistent with the 
purposes of section 1071. The Bureau believed that organizations exempt 
from taxation pursuant to 26 U.S.C. 501(c) play a crucial role in 
lending to small businesses, particularly those that are women- or 
minority-owned, in certain communities.
    With respect to the concern that certain financial institutions may 
encounter difficulty absorbing compliance costs, the Bureau believed 
that directly considering a financial institution's activity is a more 
appropriate way to address this concern and not a categorical 
exemption. With respect to a financial institution's lending importance 
for a community or region (such as low income or rural) as a reason to 
include categorical exemptions, the Bureau believed that

[[Page 35251]]

such arguments emphasize the importance of collecting and analyzing 
such data to further the purposes of section 1071 rather than justify 
an exemption. Finally, with respect to the concern that certain 
business models or products are not conducive to data collection or 
reporting, the Bureau believed it would most appropriately address such 
concerns by providing clarification regarding how reporting rules apply 
to certain covered credit transactions and also not covering certain 
transactions. See the section-by-section analyses of Sec. Sec.  
1002.104(b) and 1002.109(a)(3). The Bureau proposed comment 105(a)-1, 
discussed above, consistent with the considerations discussed here.
    Therefore, for the reasons described above, the Bureau did not 
propose to define a covered financial institution by providing 
alternative exemptions or exceptions. The Bureau sought comment on this 
approach, including data or information that might bear upon any such 
alternative exemptions in light of section 1071's purposes.
Comments Received
    Commenters expressed a variety of perspectives with respect to the 
Bureau's proposal regarding potential exemptions. Feedback from most 
industry commenters generally was in support of exempting certain 
financial institutions from data collection and reporting obligations. 
Most feedback in support of pursuing exemptions focused on the 
potential burden of new regulatory requirements, with some commenters 
cautioning that collection and reporting obligations could lead to an 
increase in the cost of credit and could cause lenders to exit the 
market. A few commenters connected these potential costs with section 
1071's purpose of identifying business and community development needs 
and opportunities (chiefly arguing that costs might lead to higher 
costs of lending or lower lending volume), or otherwise expressed a 
general belief that some exemptions were consistent with statutory 
purposes. In addition, many commenters, mostly community groups, urged 
caution with respect to the extent of any such exemptions, arguing that 
not capturing a significant amount of small business lending data would 
run contrary to the general purposes of section 1071.
    Activity-based exemption. Many commenters supported the general 
concept of an activity-based threshold. A large bank asserted that an 
origination-based approach would ensure that collected data represents 
a comprehensive view of the small business lending landscape. A few 
commenters stated that a clear, bright line rule is helpful, and that 
an activity threshold is relatively simple for low-volume lenders to 
apply. Moreover, two commenters said that an activity threshold creates 
a level playing field, while a CDFI lender stated that such an approach 
will ensure that the Bureau captures data from lenders that are small 
in asset size but active in small business lending. Two commenters, 
however, noted that some lenders may not currently track applicant GAR 
and this may somewhat increase burden of counting originations to small 
businesses.
    A community group urged the Bureau to guard against evasion of the 
activity-based threshold through the creation of subsidiaries, stating 
that the Bureau should include a rule that for the purposes of 
determining the loan threshold, loans are counted at the parent 
institution or holding company level.
    A number of commenters opposed an activity-based threshold. Two 
banks stated that it was confusing because the threshold is only for 
originations, yet all applications are reported. One of the banks 
stated that a financial institution may not know whether it would meet 
the threshold until very close to the reporting period, while another 
bank stated it may be difficult to know which loans are covered for 
purposes of determining loan activity.
    Several industry commenters asserted that an activity-based 
threshold is not a good metric for banks, with several banks suggesting 
that an asset-size coverage definition would be more straightforward 
and consistent. Commenters explained that lending varies each year, 
while assets are more predictable and forecastable. A few community 
banks stated that an activity-based threshold based solely on 
originations is misguided and results in a one-size-fits-all exemption 
that disregards the unique characteristics that exist in communities 
across the country, resulting in reduced access to credit. Several 
industry commenters stated that an activity-based threshold could 
encourage lenders to deny applications or reduce their lending to stay 
under the threshold. Additionally, several commenters noted that some 
lenders near the threshold may go back and forth between being covered 
or not.
    Counting originations. Several lenders, trade associations, and a 
community group, expressed support for counting originations, not 
applications, for determining coverage. The community group asserted 
that this approach is consistent with CRA and HMDA.
    A few commenters provided feedback on how originations should be 
counted for purposes of determining the threshold. A trade association 
asserted that all Paycheck Protection Program loans and similar future 
government programs should be exempt from the originations threshold. 
In addition, two commenters stated that additional credit amounts, such 
as line increases, should not count as a separate credit product for 
purposes of counting originations for the threshold. One noted that 
very small businesses may request multiple line increases in a year.
    Activity threshold level. The Bureau received a large number of 
comments regarding the activity threshold level from a range of 
stakeholders, including lenders and community groups. Many community 
groups and some industry commenters, including community-oriented 
lenders and a few large banks, along with a minority business advocacy 
group and several members of Congress, supported the proposed 25 loan 
threshold, citing its broad coverage. Commenters stated that the 
proposed threshold allows for coverage of banks, nondepository lenders, 
``fintech'' lenders, CDFIs, and other types of financial institutions. 
A community-oriented lender argued that gathering data from small 
business lenders or all types and sizes is critical, given that 
entrepreneurs of color are less likely to be approved for capital by 
banks, often turning to alternative lenders as a result. Another 
commenter stated that even a 25-origination lender will have 
substantial data with respect to adverse actions or declinations, up to 
four times as much.
    Commenters asserted that this threshold was an appropriate approach 
to excluding de minimis lenders, was simple to apply, and would yield 
meaningful data collection. A few commenters argued that the activity 
threshold should not be increased above 25 loans, given the Bureau's 
estimated costs of compliance. Some commenters cited similarities to 
the 2015 HMDA rule, with one commenter further asserting that when the 
HMDA threshold was raised, certain lenders no longer reported data. 
Commenters asserted that gathering robust lending data will ensure that 
the rule implementing section 1071 is fulfilling the statutory purposes 
and community development organizations need sufficient data that cover 
enough of the market. In addition, one commenter urged a 10-loan 
threshold, asserting that is the minimum threshold that is necessary to 
change lending behavior

[[Page 35252]]

and improve access to capital for Black business borrowers. This 
commenter further asserted that all regulated financial institutions 
that maintain FDIC deposit insurance should report their small business 
lending results.
    Many commenters, including community groups, community-oriented 
lenders, individual commenters, and a business advocacy group, 
emphasized that section 1071's statutory purposes could be frustrated 
if the threshold were increased. Commenters argued that it would be 
impossible to meet the statutory purposes of the rule unless most of 
the market is covered. A commenter further asserted that if the 
threshold were increased, the database would no longer be statistically 
representative of actual lending and would not be able to accurately 
reveal whether credit needs were being met in all communities. 
Commenters stated that increasing the threshold will disproportionately 
harm many small business owners, rural communities, banking deserts and 
redlined areas that may find that ``small'' lenders make up a 
significant portion of the local lending market. Commenters stated that 
accurately measuring access to credit, and pursuing fair lending 
enforcement when warranted, would be substantially diminished if too 
many lenders and loans are exempt from reporting, particularly in 
smaller cities and rural areas. Another commenter asserted that if the 
Bureau elected to use a higher threshold it would exclude gathering 
data from commercial lenders that are small, but still impact many 
people. Moreover, a commenter stated that the Bureau's estimates show 
decreased coverage of banks at higher thresholds.
    Commenters stated that it is important to ensure coverage of rural 
areas, which may be in persistent poverty, and which are often served 
by small lenders. Moreover, a community group stated that the threshold 
must cover intermediate-sized banks, which are important to rural 
communities and small cities, and whose information has been missing 
from CRA data since 2003. Commenters stated that increasing the 
threshold could frustrate enforcement of the CRA, and risk the chance 
that the data are not representative of the actual small business 
lending landscape. A commenter further asserted that comprehensive data 
are needed to assist in fair lending actions at the local level.
    In contrast, nearly all industry commenters opposed the proposed 
coverage threshold of 25 originations annually for two consecutive 
years. Commenters stated that the threshold was too low and would lead 
to increased costs and burden, particularly for community banks and 
credit unions. Numerous banks and trade associations expressed concern 
that too many small banks would be subject to the rule with a 25-loan 
activity threshold. For example, two trade associations asserted that 
at least 780 banks under $100 million in assets would be subject to 
reporting, and these institutions average 13 employees at 1.6 branches. 
In addition, several members of Congress asserted that the proposed 
threshold levels for the rule were far too stringent, and would 
drastically impact the ability of small institutions to make loans to 
small businesses and decrease access to credit for minority-owned, 
women-owned, and small businesses. Several commenters argued that small 
lenders have little data to offer relative to the costs of acquiring 
the data. One also asserted that it was unreasonable to subject 
thousands of additional small depository institutions to a complex and 
costly rule to collect data on approximately four percent of the small 
business lending market. Many of commenters suggested higher 
thresholds, with requests ranging from 100 to 1,000 transactions 
annually, using the same two-year test. In particular, a large number 
of commenters requested thresholds at 100, 200, 500, or 1,000 loans 
annually.
    A number of industry commenters supported a 100-loan threshold. 
Many of these commenters urged the Bureau to set institutional coverage 
similar to HMDA at that time, both for consistency and because lenders 
already reporting HMDA data would incur lower compliance costs because 
they already have data collection systems in place. Moreover, 
commenters asserted that a 100-loan threshold would still capture an 
estimated 95 percent of businesses loans in the country.
    Conversely, a CDFI lender and two business advocacy groups opposed 
a 100-loan threshold, arguing that the Bureau's estimates show narrower 
coverage of small business lending at that threshold level. Another 
CDFI lender stated that nearly a half billion in lending would be 
obscured from reporting in its community with a 100-loan threshold.
    A credit union trade association stated that a 100-loan threshold 
was too low. This commenter asserted that researchers draw 
statistically significant conclusions from HMDA data which covers 
approximately 90 percent of the mortgage market, and because a 100-loan 
threshold covers more than that percentage of the small business 
market, the rule would gather more data than is necessary.
    In the context of discussing the rule's threshold, numerous 
commenters, including community banks, credit unions, and trade 
associations, along with a group of State bank regulators, cautioned 
the Bureau regarding the risk of small lenders exiting the market due 
to the rule's burden. Commenters argued that the rule will damage small 
institutions' ability to remain competitive and would favor large 
lenders with large compliance teams. Many commenters stated that small 
community banks and credit unions lack the staff or resources, 
including automation capabilities, to comply with the reporting 
requirements, with numerous institutions sharing the limited number of 
full-time staff that they had dedicated to business and agricultural 
lending.
    Commenters further argued that Dodd-Frank Act mortgage rules 
resulted in many community banks leaving the mortgage lending business, 
and this proposal would produce similar results. For example, several 
commenters argued that HMDA and TILA-RESPA integrated disclosure rules 
led to market exodus, and they were concerned that there would be 
similar market exit of local lenders following the proposed rule 
implementing section 1071.\492\ Commenters stated that communities 
could be left without a hometown bank and small businesses may seek 
credit from unregulated lenders. Moreover, two national trade 
associations stated that about 30 percent of surveyed franchised light-
duty and commercial truck dealerships would discontinue small business 
credit extensions.
---------------------------------------------------------------------------

    \492\ CFPB, Integrated Mortgage Disclosure Rule Under the Real 
Estate Settlement Procedures Act (Regulation X) and the Truth in 
Lending Act (Regulation Z), 78 FR 80225 (Dec. 31, 2013).
---------------------------------------------------------------------------

    Several commenters also argued that the rule would exacerbate bank 
consolidation, particularly in rural and underserved areas, as the 
additional regulatory burden on community banks would lead to more 
mergers and acquisitions. Commenters further asserted that 
consolidation would reduce lending options for consumers and small 
businesses, and would discourage some smaller financial institutions 
from making small business loans. A few commenters stated that the rule 
would damage relationship banking and create an environment with less 
competition.
    Numerous commenters also asserted that the rule is likely to reduce 
access to credit, as small banks and credit unions do not have the 
economies of scale to absorb the reporting costs, and thus compliance 
costs will be passed

[[Page 35253]]

along to small business customers. Several commenters stated that they 
would have to reconsider their product offerings. For example, one bank 
stated that they might need to also reconsider their consumer product 
offerings and prices, and a credit union stated they might consider 
reducing lending to avoid being covered by the rule. In addition, one 
bank stated that they may need to charge additional fees for 
agricultural borrowers, while another bank stated that they would 
either need to increase their origination fee or greatly increase the 
minimum loan amounts. Another bank stated that as operating costs 
increase, they will be forced to adjust their business model by either 
increasing interest rates on loans, decreasing interest rates on 
deposits, or implement other account fees. Moreover, several commenters 
stated that the 25-loan threshold would limit small business lending 
flexibility, which could stifle lending innovation and result in 
lenders choosing to set minimum loan amounts.
    In addition, many commenters argued that the 25-loan threshold 
would have a negative effect on lending in small and rural communities. 
Commenters stated that small banks, which are vulnerable to increased 
compliance costs, are often located in rural areas where lending 
options are limited. Several commenters stated that the rule risks 
underserved areas being afforded fewer loan options. Commenters further 
asserted that the rule's regulatory burden would drive consolidation in 
rural and underserved areas, limiting access to credit in these 
communities.
    Several commenters drew comparisons to HMDA. One bank stated that 
when it was subject to HMDA reporting, they struggled with compliance 
and eventually elected to reduce lending. In addition, several 
commenters asserted that the proposed 25-loan threshold was 
inconsistent with the reporting threshold of 100 closed-end mortgages 
in Regulation C at the time. Commenters argued that although their 
institution was exempt from HMDA reporting, and although their 
commercial lending unit is small, they would not qualify for the 
proposed 25-origination exemption from reporting under section 1071. A 
State bankers association stated that half of their survey respondents 
are exempt from HMDA, while only six believed they would be exempt with 
a 25-loan threshold. The commenter further stated that these small 
financial institutions--83 percent under $250 million in assets--have 
no data collection infrastructure in place. Some other commenters 
similarly asserted that many smaller institutions do not have data 
collection infrastructure in place and stated that they would incur 
significant costs.
    In addition, some commenters asserted that the Bureau did not 
provide a sufficient rationale for a 25-loan threshold, arguing that 
the Bureau has not shown why this threshold is necessary and 
appropriate to carry out section 1071's purposes. Several commenters 
argued that the Bureau could obtain sufficient data at a higher 
threshold. Another commenter stated that the Bureau did not fully 
consider coverage, in particular how much data would be forgone at each 
threshold. A group of trade associations further asserted that the 
Bureau is obligated to provide coverage estimates for nondepository 
institutions and that RFA estimates are not sufficient.
    While the Bureau did not propose an asset-based threshold in the 
proposed rule, numerous industry commenters requested an asset size 
threshold, ranging from $50 million to $10 billion. However, some 
industry commenters as well as community groups counseled against an 
asset-based exemption, arguing that exemptions should be based instead 
on lending activity, and that size-based exemptions risked under-
reporting in important markets. For example, one commenter stated that 
an asset-based threshold could affect different regions of the country 
and risk ``blind spots'' in the data. Some commenters said that assets 
are not an applicable measurement for many lenders, such as 
nondepository institutions. A bank trade association stated that asset-
based exemptions have been exploited by market disruptors partnering 
with exempted institutions to create an uneven regulatory playing 
field.
    Other requested exemptions. A number of commenters opposed 
exemptions for specific categories of lenders (consistent with the 
Bureau's proposal), with several commenters noting that capturing a 
broad array of lenders is essential for achieving the objectives of 
section 1071. Some commenters asserted that the rule must apply to 
government and public sector lenders, merchant cash advance companies, 
nondepository lenders, non-profit lenders, online lenders, and/or 
commercial finance providers. A State bankers association stated that 
the Bureau should specifically name industrial loan companies to make 
clear that all nonbank entities making small business loans are covered 
by the rule. Community groups asserted that all lenders are obligated 
to comply with fair lending laws, and requiring data disclosure will 
assist with ensuring compliance. Moreover, several industry commenters 
stated that a broad definition is important to ensure a level 
regulatory playing field and to ensure a comprehensive view of the 
entire small business lending market. A bank trade association urged 
the Bureau to pay close attention to nonbank lenders, which the 
commenter stated are roughly 30 percent of the current market and not 
currently subject to the Bureau's supervision.
    In contrast, a large number of industry commenters urged the Bureau 
to exclude specific types of entities from coverage under the rule. 
Some requested that certain types of lenders such as credit unions or 
CDFIs be excluded from the rule entirely, while others requested 
certain indirect lending/multi-party business models be excluded, such 
as when applications are made via loan brokers, equipment dealers, or 
motor vehicle dealers. Numerous industry commenters noted the unique 
burdens they believed the rule would place on small banks and credit 
unions, while a subset of these commenters argued that the Bureau 
should exempt these smaller institutions from the rule altogether.
    Several commenters requested an exemption for CDFIs, stating that 
they are mission-driven institutions and dedicating resources to new 
regulatory requirements would detract from their community focus. 
Moreover, some commenters argued that requiring CDFIs to report would 
be duplicative, as CDFIs already report lending data to the CDFI Fund 
that shows that they are providing financial products for small 
businesses in their communities. Commenters further cited the Treasury 
Department's certification process for CDFIs and stated that CDFIs are 
already held to a high standard. Several commenters cited that the 
Bureau decided to exempt CDFIs when implementing the Qualified Mortgage 
rule. Conversely, a number of community groups argued that the rule 
must apply to all financial institutions, including CDFIs.
    A number of commenters urged the Bureau to exempt community banks 
from reporting requirements, stating that community banks already incur 
substantial regulatory burden and would be put at a competitive 
disadvantage under the rule. Several commenters emphasized the ``high-
contact and relationship-based business lending model'' of community 
banks. A community bank asserted that community banks should be 
commended for advancing over 50 percent of the nation's small business 
loans and over 80 percent of the nation's agriculture loans despite 
holding less

[[Page 35254]]

than 20 percent of the nation's deposits. Another community bank stated 
that currently they are not subject to HMDA or CRA reporting 
requirements and thus this rulemaking poses the threat of significant 
new burdens on small community banks as well as on those community 
banks that are already subject to HMDA reporting.
    In addition, some commenters stated that covering community banks 
will have the opposite effect of section 1071's purposes. Commenters 
asserted that community banks would incur substantial burden in 
gathering new data, which would make it more burdensome and expensive 
to offer small business loans, thus raising the cost of credit. A 
community bank stated that, if adopted as written, the rule's paperwork 
burden will harm community banks, waste critical resources, and further 
restrict lending. Another community bank stated that the rule as 
proposed may very well be the final straw of regulation that will drive 
small community banks out of business with devastating impact on the 
small communities they serve. Moreover, commenters argued that the 
Bureau was designed to regulate large, complex financial institutions, 
not community banks.
    Several commenters also urged the Bureau to exempt credit unions 
from reporting requirements, stating that credit unions have not 
demonstrated a pattern of unfair lending, that they seek to help women-
owned and minority-owned businesses, and that credit unions are member-
owned and not-for-profit. A trade association asserted that credit 
unions would like to furnish more small business loans, but a reporting 
regime will increase costs. Some commenters stated that exempting 
credit unions would allow them to remain competitive lenders and would 
avoid imposing new burdens on members. In contrast, a number of 
commenters--including community groups, community-oriented lenders, a 
business advocacy group, and a bank trade association--opposed special 
treatment for credit unions, citing a 2020 Federal Reserve study that 
shows a higher percentage of Black and Hispanic-owned firms sought 
loans from credit unions and CDFIs. In addition, a commenter stated 
that 2018-2020 HMDA data show that 73 percent of credit union lending 
in Mississippi went to white borrowers and 15 percent to Black 
borrowers.
    One farm credit lender stated that Farm Credit System institutions 
should be exempt from collection and reporting, while another asserted 
that FCA financial institutions should have a qualified exemption that 
permits voluntary reporting. The latter commenter stated that these 
financial institutions are already reporting lending on Young, 
Beginning, and Small lending efforts and volume to the Farm Credit 
Administration. In addition, one commenter asserted that a lack of 
understanding of the Farm Credit System by the Bureau in this 
rulemaking will have unintended consequences for their customers. In 
contrast, a community group urged the Bureau to apply the rule 
implementing section 1071 to agricultural lenders, stating that 
historic discrimination against minority and disadvantaged groups has 
been well documented in agriculture, and including agricultural lenders 
will hold financial institutions accountable to equitably serving small 
farms and mid-sized farms, beginning farmers, and historically 
underserved farmers. Another community group asserted that Farm Service 
Agency activity should also be covered by the rule.
    Several commenters requested an exemption for institutions outside 
of Metropolitan Statistical Areas, with many specifying that rural 
institutions should be exempt from the rule. Commenters stated that 
rural banks and credit unions often play a vital role in their 
communities and acquiring data from rural lending will result in fewer 
institutions willing to conduct rural lending. Several industry 
commenters asserted that the new burden to these institutions will 
increase the cost of credit, and will be a significant detriment for 
local small businesses seeking access to credit. A bank argued that 
many rural loans are small dollar loans to sole proprietors such as 
farmers and ranchers and without an exemption, the nation's most rural 
and remote borrowers will have a harder time obtaining credit for their 
businesses.
    Two banks requested exemptions for CRA reporters, arguing that 
financial institutions subject to Board, FDIC, or OCC regulations under 
the CRA are already being assessed to ensure that they are identifying 
and meeting the credit needs of the small businesses in their 
communities. In addition, one of the banks stated that CRA-examined 
institutions with at least a satisfactory rating for its two previous 
exams should be exempt from reporting requirements. In contrast, 
another commenter opposed exempting CRA reporters, stating that big 
banks and ``shadow lenders'' have the most impact on small business 
lending and have thwarted the effective oversight and enforcement of 
the CRA.
    The Federal Home Loan banks argued that they should be exempt from 
the rule, explaining that the proposed definition of covered financial 
institution inadvertently would capture lending to their financial 
institution member/borrowers because those members are small 
businesses. They stated that applying the rule implementing section 
1071 to them is unnecessary in light of the comprehensive FHFA 
regulatory regime that applies to credit extended by the Federal Home 
Loan banks to their small and diverse financial institution members.
    A trade association urged the Bureau to exempt SBA certified 
development companies from the rule, stating that these financial 
institutions are certified and regulated by the SBA and have a mission 
to assist small businesses with access to capital, including businesses 
in underserved communities. In addition, two development companies 
stated that they do not have the budget to incur these new reporting 
costs.
    A few commenters requested an exemption for minority depository 
institutions. A national trade association asserted that Congress has 
determined that such institutions play an important role in serving 
underserved communities and minority populations, the intent behind 
section 1071 is already met by minority depository institutions, and 
therefore, the rule should not redundantly be applied to this special 
class of financial institutions. One bank stated that minority 
depository institutions are mission-driven to support their 
communities, while another bank asserted that these institutions are 
certified by the Treasury Department for serving historically 
underserved communities and/or low-to-moderate income Americans.
    A trade association stated that retailers by their very nature are 
not financial institutions and thus should not be covered by the rule. 
The commenter further argued that applying this rule to retailers will 
have a negative impact on retail employees and customers as offering 
credit at retail could be reduced or eliminated, affecting overall 
access to credit. Moreover, the commenter stated that the retail 
environment is different from a typical bank, in that employees are not 
trained in the specifics of financial products, and the environment may 
not be practical for obtaining more sensitive information.
    Two trade associations requested an exemption for loan brokers. One 
argued that there could be duplicative or inaccurate reporting in cases 
where technology companies match an applicant with multiple third-party

[[Page 35255]]

lenders. The other argued that it is appropriate to have a similar 
approach to HMDA and data can be obtained from the lender instead of 
the broker.
    Several commenters urged the Bureau to exempt indirect lending 
transactions where the applicant interacts only with a vendor partner, 
such as equipment dealers and manufacturers. Commenters argued that the 
financial institution does not directly interact with the applicant, 
only the dealer or manufacturer, and thus the fair lending purpose of 
section 1071 would not be furthered. A trade association asserted that 
such an exemption would be consistent with the Bureau's proposed 
approach to motor vehicle dealers. A business advocacy group stated 
that, alternatively, there should be flexibility with respect to the 
timing and collection of this information. They further argued that the 
equipment dealer or manufacturers' employees are not trained staff for 
the financial institution and the data may be less accurate.
    Some commenters stated that indirect auto lenders should be exempt 
from the rule. One commenter stated that the Bureau should exclude 
motor vehicle dealers, and by extension, financial institutions when 
they are working with motor vehicle dealers. Two commenters stated that 
while indirect lenders may be involved in credit decisions, compliance 
with the rule would be difficult, as the financial institutions that 
evaluate and purchase the auto loan never meet the applicant. One also 
said that it was unclear what information indirect lenders would be 
required to gather.
    In addition, two motor vehicle dealer trade associations urged the 
Bureau to exempt motor vehicle dealers. They argued that collecting new 
data will slow applications, raise compliance burden, and increase the 
risk of inaccurate data. They stated that motor vehicle dealers do not 
have the resources to comply with a rule in the manner that a financial 
institution would. Moreover, they stated that survey data indicates 30 
percent of dealers might choose to leave the market rather than face 
these compliance costs. Two other trade associations pointed to Board 
regulations implementing ECOA and argued that the dealer would be 
prohibited under the law from asking the business owner for ethnicity, 
race, and sex demographic data. In addition, a bank expressed confusion 
over how a covered financial institution can require an exempt motor 
vehicle dealers to collect 1071 data. Another commenter noted that many 
dealers act as intermediaries between buyers and financial 
institutions, and requested that the Bureau work with small motor 
vehicle dealers to make the direct and indirect impacts of the 
rulemaking the least burdensome possible.
    One State bankers association asserted that much valuable small 
business lending data will not be captured given the Dodd-Frank Act 
exclusion for motor vehicle dealers and urged the Bureau to advocate in 
Congress as necessary to include them in the rule.
    A trade association urged the Bureau to exempt captive vehicle 
partners from reporting, arguing that these institutions are 
inextricably tied to entities that are exempt. The trade association 
further argued that it would be confusing in terms of reporting 
responsibility, as there are many creditors involved in a single loan 
and its subsequent assignment, and the finance partner does not 
directly interact with the applicant. Furthermore, the commenter stated 
that a lack of regulatory relief could lead to market exit and that 
captive finance companies are crucial to the economy.
    Commenters urged the Bureau to exempt a variety of other entities, 
including institutions outside of direct CFPB supervisory authority, 
mission-driven banks, and financial institutions that identify as small 
businesses. In addition, some commenters urged the Bureau to adopt 
exemptions similar to HMDA using exemption factors such as asset size, 
location test, federally related test, and loan activity. One merchant 
cash advance provider stated that merchant cash advance funders should 
not be considered covered financial institutions because they do not 
extend credit or provide loans.
    In addition, several commenters cited the firewall requirement and 
said that certain financial institutions should be exempted from the 
entire rule due to the challenges associated with the statutory 
firewall provision. One commenter said that banks under $1 billion 
should be exempted on this basis, a few said community banks should be 
exempted on this basis, and one commenter said that all but the largest 
lenders or all depository lenders should be exempted.
    Two-year threshold measurement period. Commenters who addressed the 
issue were in support of a two-year threshold measurement period, with 
one community group citing its consistency with CRA and HMDA.
Final Rule
    For the reasons set forth herein, the Bureau is revising Sec.  
1002.105(b) to set the activity-based coverage threshold at 100 
originations in each of the two preceding calendar years, rather than 
25 originations as proposed. The Bureau is also finalizing its proposal 
not to exempt particular types of institutions from the rule. The 
Bureau believes that a 100-loan activity threshold achieves section 
1071's purposes while minimizing any risk that low volume small 
business lenders would reduce their lending activity. The Bureau is 
adding comments 105(b)-3 and -4, as explained below, as well as making 
other minor revisions to the commentary for additional clarity.
    The Bureau is finalizing Sec.  1002.105(b) pursuant to its 
authority under ECOA section 704B(g)(1) to prescribe such rules and 
issue such guidance as may be necessary to carry out, enforce, and 
compile data pursuant to section 1071 and its authority under 
704B(g)(2) to adopt exceptions to any requirement of section 1071 and, 
conditionally or unconditionally, exempt any financial institution or 
class of financial institutions from the requirements of section 1071, 
as the Bureau deems necessary or appropriate to carry out the purposes 
of section 1071.
    Activity-based exemption. The activity-based threshold for coverage 
in the final rule will provide a simple basis for financial 
institutions that infrequently lend to small businesses to determine 
whether they have conducted sufficient lending activity as to be 
required to collect and report data under the final rule. Furthermore, 
in comparison to an asset-based exemption or a dollar-volume threshold, 
the Bureau believes that an activity-based exemption is a more 
compelling basis for exempting certain financial institutions from 
coverage in light of section 1071's business and community development 
purpose.
    While several commenters expressed support for an asset-based 
threshold or a dual asset-based and activity-based threshold, the 
Bureau believes an activity-based threshold is considerably less 
complex. Moreover, small business lending activity is more directly 
related to a given financial institution's role in the small business 
lending market than a measurement of the financial institution's size 
as measured in total assets.
    In addition, the Bureau believes that an activity-based exemption 
is a superior approach to a size-based exemption because an exemption 
based on asset size would apply only to depository institutions. The 
Bureau is unaware of a similar size metric for nondepository 
institutions, and commenters did not offer one. In addition, the Bureau 
agrees with commenters who stated that an asset-based exemption 
approach might create an uneven playing field and might risk

[[Page 35256]]

presenting a cost disadvantage for other small financial institutions.
    Moreover, exempting proportionately more depository institutions 
than nondepository institutions may present a challenge to the 
comprehensiveness of the small business applicants' demographic data 
collected under section 1071 as well as to the lending by different 
types of lenders. A recent small business credit survey revealed racial 
disparities in applications under the SBA's Paycheck Protection 
Program: the data showed white-owned firms were most likely to apply 
for a loan through a small bank (defined as under $10 billion in 
assets), while Black-owned firms were three times as likely as white-
owned firms to apply for a loan through an online lender.\493\ 
Exempting depository institutions using an asset-based threshold and 
not similarly exempting nondepository institutions could run counter to 
the purposes of section 1071 and undermine the utility of the data, as 
well as the purposes of the Bureau, which are, in part, ``to implement 
and, where applicable, enforce . . . consistently'' Federal laws 
including ECOA.\494\
---------------------------------------------------------------------------

    \493\ Small Business Credit Survey of Firms Owned by People of 
Color at 14.
    \494\ 12 U.S.C. 5511(a).
---------------------------------------------------------------------------

    A few commenters asserted that an activity-based threshold could 
encourage lenders to deny applications or reduce their lending to stay 
under the threshold. These are speculative fears, but to the extent 
that institutions intend to take such action, the Bureau reminds 
financial institutions that inconsistencies in the way an institution 
applies its policies could give rise to a fair lending violation under 
ECOA. Denied applications must indicate the principal reason(s) for the 
adverse action, as required by Sec.  1002.9(b)(2).
    Regarding a commenter's concern about potential evasion of the 
activity-based threshold through the creation of subsidiaries, see the 
section-by-section analysis of Sec.  1002.109(a)(2) which addresses 
reporting by subsidiaries.
    Counting originations. The Bureau agrees with commenters who 
asserted that using a coverage threshold based on the number of 
originations rather than applications for purposes of defining a 
covered financial institution is the better approach. As one commenter 
pointed out, many financial institutions are already familiar with this 
approach due to its consistency with CRA and HMDA. Using originations 
provides a clear and readily identifiable metric for financial 
institutions. One commenter stated that the Paycheck Protection Program 
and similar future government programs should be exempt from the 
threshold. As discussed above, the Bureau is not exempting specific 
government programs from the activity-based threshold. However, by the 
time this rule is effective and implemented, lending activity conducted 
pursuant to the Paycheck Protection Program will have long since ceased 
and such loans will not be included in origination counts, rendering 
such commenter concerns moot.
    In addition, the Bureau agrees with commenters who stated that 
additional credit amounts, such as line increases, should not count as 
a separate origination for purposes of counting the activity-based 
threshold. Financial institutions may receive multiple requests for 
additional credit amounts on existing accounts in any given year and 
such activity may make it more difficult for institutions to determine 
coverage under the rule. In order to address this issue, the Bureau is 
adding comment 105(b)-5 which clarifies that for purposes of 
determining coverage under Sec.  1002.105(b), requests for additional 
credit amounts on an existing account are not counted as originations.
    Moreover, as discussed in Sec.  1002.106(b)(2), every five years 
the gross annual revenue threshold used to define a small business in 
Sec.  1002.106(b)(1) shall be adjusted, if necessary, to account for 
inflation. The first time such an update could occur is early 2030, 
with an effective date of January 2031. The Bureau is adding comment 
105(b)-4 to clarify how financial institutions reporting data should 
count originations in this situation, explaining that a financial 
institution seeking to determine whether it is a covered financial 
institution applies the gross annual revenue threshold that is in 
effect for each year it is evaluating.
    Two-year threshold measurement period. Consistent with commenters 
who addressed the issue, the Bureau believes that a two-year threshold 
period is advisable to minimize uncertainty surrounding data collection 
responsibilities.
    Activity threshold level. Supporters of the 25-loan threshold and 
supporters of the 100-loan threshold each argued that the Bureau should 
set the threshold with reference to the HMDA threshold for closed-end 
loans. Given the differences in statutory authorities and between home 
mortgages and small business loans, the Bureau does not believe that 
the activity-based thresholds implementing HMDA and section 1071 must 
be the same.\495\
---------------------------------------------------------------------------

    \495\ The Bureau's 2015 HMDA Rule set the closed-end loan 
threshold at 25 originated loans for each of the two preceding 
calendar years. Then, in 2020, the Bureau increased the threshold to 
100 closed-end loans, effective the same year. However, in September 
2022, the United States District Court for the District of Columbia 
vacated the 2020 HMDA Rule's increased reporting threshold for 
closed-end mortgage loans as arbitrary and capricious under the 
Administrative Procedure Act. Nat'l Cmty. Reinvestment Coal. v. 
Consumer Fin. Prot. Bureau, No. 20-cv-2074, 2022 WL 4447293 (D.D.C. 
Sept. 23, 2022).
    Accordingly, the threshold for reporting data about closed-end 
mortgage loans is 25, which was the threshold set by the 2015 HMDA 
Rule. The court upheld the 2020 HMDA Rule's increase in the open-end 
credit threshold.
    See also CFPB, Home Mortgage Disclosure (Regulation C); Judicial 
Vacatur of Coverage Threshold for Closed-End Mortgage Loans, 
Technical Amendment, 87 FR 77980 (Dec. 21, 2022), https://files.consumerfinance.gov/f/documents/cfpb_judicial-vacatur-_technical-amendment_2022-12.pdf.
---------------------------------------------------------------------------

    Table 1 below provides the Bureau's estimated share of depository 
institutions, estimated share of small business loans from those 
institutions (measured in total number of loans), and estimated share 
of small business credit from those institutions (measured in dollars) 
that would be covered by a loan-volume threshold of 25, 50, or 100 
small business loans. This information is based on FFIEC and NCUA Call 
Reports, as well as CRA submissions.\496\ The Bureau estimates that a 
depository institution is covered for a particular loan-volume 
threshold as of 2019 if the estimated number of originations for that 
institution exceeded the threshold in both 2017 and 2018. Given the 
limitations of the existing source data (limitations acknowledged by 
the congressional mandate of section 1071), the Bureau cautions that 
these estimates cannot provide a complete sense of the possible 
consequences of adopting each particular threshold. These estimates 
apply only to depository institutions.\497\
---------------------------------------------------------------------------

    \496\ On the bank Call Report and in the Community Reinvestment 
Act data, for small bank and small farm loans, banks report on 
business loans with original amounts of $1 million or less and farm 
loans with original amounts of $500,000 or less. For lines of credit 
or loan commitments, banks report the size of the line of credit or 
commitment when it was most recently approved. Banks include loans 
guaranteed by the SBA and other government entities in their small 
loans to businesses. Banks do not report loans to nonprofit 
organizations in this category. Thus, these data collections would 
include loans made to purchase, for example, individual vehicles and 
pieces of equipment for the nation's largest businesses.
    \497\ Under these data collections, banks report small loans 
made to businesses and farms (regardless of the borrower's size). 
Credit unions report commercial loans over $50,000 made to members 
(also, regardless of the borrower's size). The methodologies and 
assumptions used to produce these estimates are further documented 
in the Supplemental estimation methodology for institutional 
coverage and market-level cost estimates in the small business 
lending rulemaking. This document is available at https://https.consumerfinance.gov/data-research/research-reports/supplemental-estimation-methodology-institutional-coverage-market-level-cost-estimates-small-business-lending-rulemaking/.
    \498\ There were 10,525 depository institutions as of December 
31, 2019, including 112 credit unions that are not Federally 
insured.

[[Page 35257]]



                 Table 1--Estimated Depository Institution Coverage by Loan Volume (as of 2019)
----------------------------------------------------------------------------------------------------------------
          Coverage category                    25 Loans                 50 Loans                100 Loans
----------------------------------------------------------------------------------------------------------------
Institutions Subject to Reporting....  38%-40% of all           27%-30% of all           17%-19% of all
                                        depository               depository               depository
                                        institutions \498\.      institutions.            institutions.
SBL Institutions Subject to Reporting  63%-67% of SBL           46%-50% of SBL           29%-32% of SBL
 \499\.                                 depository               depository               depository
                                        institutions.            institutions.            institutions.
Banks and Savings Associations (SAs)   70%-73% of all banks     52%-56% of all banks     33%-36% of all banks
 Subject to Reporting.                  and SAst \500\.          and SAs.                 and SAs.
SBL Banks and SAs Subject to           71%-75% of SBL banks     53%-57% of SBL banks     33%-37% of SBL banks
 Reporting.                             and SAs.                 and SAs.                 and SAs.
Credit Unions Subject to Reporting...  7% of all credit unions  4% of all credit unions  2% of all credit
                                        \501\.                                            unions.
SBL Credit Unions Subject to           31% of SBL credit        18% of SBL credit        8% of SBL credit
 Reporting.                             unions.                  unions.                  unions.
Share of Total Small Business Credit   98.3%-98.6%............  96.7%-97.3%............  94.2%-95.1%.
 by Depository Institutions (Number
 of Loans Originated) Captured.
Share of Total Small Business Credit   95.3%-96.0%............  89.4%-91.0%............  81.0%-83.0%.
 by Depository Institutions (Dollar
 Value of Loans Originated) Captured.
----------------------------------------------------------------------------------------------------------------

    Table 1 above shows that as the loan-volume threshold rises, the 
estimated share of depository institutions subject to section 1071 
decreases substantially. Likewise, the estimated share of small 
business loans and small business credit captured by the rule would 
also decrease, although those decreases are less pronounced. The Bureau 
has no information for nondepository institutions (other than for Farm 
Credit System institutions based on their Call Report data \502\) such 
that the Bureau could provide similar estimates for comment. The Bureau 
requested in the NPRM such information and data that might bear on any 
activity-based exemption for nondepository institutions and did not 
receive any substantive information.
---------------------------------------------------------------------------

    \499\ A depository institution is considered an ``SBL 
institution'' if it has any small business loans on its balance 
sheet.
    \500\ Based on FFIEC Call Report data, there were 5,177 banks 
and savings associations as of December 31, 2019.
    \501\ Based on the 2019 NCUA Call Report data, there were 5,348 
credit unions as of December 31, 2019, including 112 credit unions 
that are not Federally insured.
    \502\ To estimate the number of Farm Credit System (FCS) members 
covered by the final rule, the Bureau considers the Young, 
Beginning, and Small Farmers Reports for all Farm Credit System 
lenders as of December 31, 2019. For the purposes of estimating 
coverage, the Bureau assumes that all loans made by FCS members to 
farmers are covered loans. Thus, the Bureau estimates that the rule 
will cover almost all FCS small business loans.
---------------------------------------------------------------------------

    The Bureau notes that the above estimates represent small business 
lending data prior to the COVID-19 pandemic and ensuing policy 
responses. The Bureau is keenly aware that many financial institutions, 
including those that may not have historically participated actively in 
small business lending, served their communities by becoming 
participating lenders in the SBA's Paycheck Protection Program. This 
program ended on May 31, 2021. Because financial institutions' initial 
determinations of whether they are covered under this final rule, and 
if so into which compliance date tier they fall, will be based on 2022 
and 2023 originations (see final Sec.  1002.114(b)), institutions' 
Paycheck Protection Program lending activity will not factor into 
whether a given financial institution qualifies as a covered financial 
institution because such lending ceased in May 2021.
    After considering the feedback from commenters, the Bureau seeks to 
minimize impact on the financial institutions with the lowest volume of 
small business lending due to the fixed costs of coming into compliance 
with this final rule. Numerous industry commenters cautioned the Bureau 
regarding the risk of market disruption due to the rule's burden and 
cost. Many argued that the relatively large fixed cost of complying 
with section 1071's data collection and reporting requirements would 
significantly increase the cost of small business credit. Commenters 
argued that the rule will damage small institutions' ability to remain 
competitive, would hasten consolidation, and would favor large lenders 
with large compliance teams. A number of lenders discussed the ways in 
which they may be forced to limit their lending, particularly in rural 
and underserved areas. Several lenders asserted that a 100-loan 
threshold was preferable, in part because HMDA reporters already have 
data collection infrastructure in place.
    The Bureau stated in the NPRM that it was also considering a 50 or 
100 origination threshold. After consideration of the comments, the 
Bureau believes that a 100-loan activity threshold is more appropriate. 
The Bureau believes that this adjustment will best address widespread 
industry concerns regarding compliance burdens for the smallest 
financial institutions and that it is consistent with the purposes of 
section 1071. A 100-loan threshold will ease compliance burdens for the 
smallest financial institutions and will still capture the overwhelming 
majority of the small business lending market, including the majority 
of agricultural lending. As demonstrated in Table 1, a 100-loan 
threshold captures nearly 95 percent of the share of small business 
loans originated by depository institutions. In short, while a 100-loan 
origination threshold decreases data coverage in comparison to a 25-
loan origination threshold, a 100-loan origination threshold massively 
expands data availability relative to the status quo.\503\
---------------------------------------------------------------------------

    \503\ See part IX.H below for additional analysis on coverage of 
rural vs. non-rural depository institution branches. The Bureau 
notes that it has no data on the geography of lending for all 
depository institutions. Furthermore, commenters provided no 
additional data. As such, the Bureau is unable to estimate coverage 
of rural vs. non-rural small business loans.
---------------------------------------------------------------------------

    Other requested exemptions. The Bureau agrees with commenters who

[[Page 35258]]

urged broad coverage of financial institutions under the rule. The 
Bureau believes that, in light of the text and purposes of section 
1071, the Bureau should generally adopt the posture that all manner of 
small business lenders should be subject to reporting. The Bureau is 
not categorically exempting any particular type of financial 
institution from coverage. The Bureau believes that exemptions for any 
category of financial institution--whether credit unions, community 
banks, CDFIs, minority depository institutions, government lenders, 
non-profit lenders, agricultural lenders, retailers, or merchant cash 
advance providers--would create significant gaps in the data and would 
create an uneven playing field between different types of institutions. 
Inclusion of data from not-for-profit lenders is likely to be 
particularly helpful in identifying further opportunities for business 
and community development, including by for-profit creditors. Moreover, 
the Bureau believes that most policy arguments made by industry for 
being exempt from this rule are better addressed by adjusting the 
activity-based threshold to 100 originated loans. The higher activity 
threshold will help minimize compliance costs for all types of smaller 
financial institutions with lower lending volumes but still result in a 
comprehensive dataset that furthers section 1071's statutory purposes.
    Comment 105(a)-2 refers to Sec.  1002.101(a) to reiterate the 
statutory exclusion for motor vehicle dealers. Given the statutory 
exclusion, motor vehicle dealers are not required to report small 
business lending data to the Bureau. See the section-by-section 
analysis of Sec.  1002.109(a)(3) for further discussion on reporting 
obligations where multiple financial institutions are involved in a 
covered credit transaction, including indirect lending transactions.
    With respect to addressing the particularities of certain lending 
models, the Bureau is not categorically exempting particular financial 
institutions from coverage. The Bureau is, however, providing 
clarification regarding how reporting rules apply to certain covered 
credit transactions and is also not covering certain transactions. See 
the section-by-section analyses of Sec. Sec.  1002.104(b) and 
1002.109(a)(3). Regarding the request by some commenters to be exempted 
from this rule due to the statutory firewall requirement, see the 
section-by-section analysis of Sec.  1002.108.

Section 1002.106 Business and Small Business

    ECOA section 704B(h)(2) defines the term ``small business'' as 
having the same meaning as ``small business concern'' in section 3 of 
the Small Business Act.\504\ The Bureau is defining a small business 
consistent with the statutory language. In particular, the Bureau is 
defining a small business to have the same meaning as the term ``small 
business concern'' in 15 U.S.C. 632(a), as implemented by 13 CFR 
121.101 through 121.107. Notwithstanding the size standards set forth 
in 13 CFR 121.201, for purposes of subpart B, the Bureau is providing 
that a business is a small business if its gross annual revenue for its 
preceding fiscal year is $5 million or less. The SBA Administrator has 
approved the Bureau's use of this alternate small business size 
standard pursuant to the Small Business Act.\505\ The Bureau has also 
obtained approval for this gross annual revenue threshold to adjust, if 
need, for inflation or deflation every five years (after January 1, 
2025) using the Consumer Price Index for All Urban Consumers (U.S. city 
average series for all items, not seasonally adjusted), rounded to the 
nearest multiple of $500,000.
---------------------------------------------------------------------------

    \504\ 15 U.S.C. 632.
    \505\ 15 U.S.C. 632(a)(2)(C).
---------------------------------------------------------------------------

    Under the final rule, financial institutions will need to consider 
whether an applicant is a business under Sec.  1002.106(a) and if the 
applicant is a business, whether it is small under Sec.  1002.106(b). 
The Bureau believes that these definitions implement the statutory 
language of section 1071 while reflecting the need for a wide variety 
of financial institutions to apply a simple, broad definition of a 
small business that is practical across the many product types, 
application types, technology platforms, and applicants in the market.
    For the reasons set forth below, the Bureau is adopting Sec.  
1002.106 to implement ECOA section 704B(h)(2) and pursuant to its 
authority under ECOA section 704B(g)(1) to prescribe such rules and 
issue such guidance as may be necessary to carry out, enforce, and 
compile data under section 1071.
106(a) Business
Background
    ECOA section 704B(h)(2) defines the term ``small business'' as 
having the same meaning as ``small business concern'' in section 3 of 
the Small Business Act.\506\ The Small Business Act provides a general 
definition of a ``small business concern,'' authorizes the SBA to 
establish detailed size standards for use by all agencies, and permits 
an agency to request SBA approval for a size standard specific to an 
agency's program. The SBA's regulations define a ``business concern'' 
as ``a business entity organized for profit, with a place of business 
located in the United States, and which operates primarily within the 
United States or which makes a significant contribution to the U.S. 
economy through payment of taxes or use of American products, materials 
or labor.'' \507\
---------------------------------------------------------------------------

    \506\ 15 U.S.C. 632.
    \507\ 13 CFR 121.105.
---------------------------------------------------------------------------

Proposed Rule
    Proposed Sec.  1002.106(a) would have defined a business as having 
the same meaning as the term ``business concern or concern'' in 13 CFR 
121.105. This proposed definition is consistent with ECOA section 
704B(h)(2), which defines the term ``small business'' as having the 
same meaning as ``small business concern'' in section 3 of the Small 
Business Act.\508\ The SBA issued 13 CFR 121.105, entitled ``How does 
SBA define `business concern or concern,''' pursuant to the Small 
Business Act. The Bureau referred to the entirety of that section for 
additional information. In particular, the Bureau noted that this 
definition would include elements such as being ``a business entity 
organized for profit'' that has ``a place of business located in the 
United States'' and ``operates primarily within the United States or . 
. . makes a significant contribution to the U.S. economy.'' \509\
---------------------------------------------------------------------------

    \508\ 15 U.S.C. 632.
    \509\ 13 CFR 121.105(a)(1).
---------------------------------------------------------------------------

    The Bureau sought comment on its proposed definition of a business, 
and generally sought comment on whether additional clarification is 
needed.
Comments Received
    Comments received focused primarily on the Bureau's proposed 
business size standard, which are discussed in the section-by-section 
analysis of Sec.  1002.106(b) below. The Bureau did receive some 
comments, however, on its proposed approach to the definition of 
business concern from a few banks, trade associations, a business 
advocacy group, and an online lender. These commenters requested that 
the Bureau consider certain modifications or adjustments to the 
definition of a business concern, such as clarifying that the term does 
not include non-profit entities, government agencies, certain trusts, 
foreign entities, and certain real estate holding companies.

[[Page 35259]]

    One bank generally supported the proposed definition but requested 
clarification that the definition of business concern excludes 
``passive businesses'' and non-natural borrowing entities that are 
established by applicants solely for tax, anonymity, and other such 
purposes not intended to earn profit through business production, 
operations, or service delivery. This commenter noted that it is common 
for consumer borrowers to establish limited liability companies or 
trusts solely to acquire properties and conduct similar transactions, 
or for use in remaining anonymous to preserve their physical safety, 
and requested that these scenarios be explicitly excluded because these 
entities' obligations and contributions do not align with those of 
small businesses.
    A few commenters recommended that applications from nonprofit 
organizations also be exempted. A few commenters specifically requested 
the Bureau exclude any not-for-profit organizations, which might 
include non-operating entities, holding companies, trusts, special 
purpose vehicles, pass-through entities, holding companies that are not 
organized for profit, and limited liability companies that are not 
formed for business purposes.
    Two commenters asked the Bureau to confirm that public agencies and 
government institutions are excluded from the coverage of the final 
rule. One commenter asked the Bureau to exclude foreign-owned entities 
from the final rule. A bank asked for clarification on whether a 
``small business'' can be taxed under the owner's Social Security 
number (as opposed to an employer identification number) or whether 
people that have a ``hobby'' business or farm that report income under 
Schedule C or F within their tax returns are considered a small 
business.
    A trade association suggested the Bureau exclude applications from 
trusts (which could be a single purpose trust, such as a land trust 
that is established only to hold specific real estate, a traditional 
estate planning vehicle or, though more infrequently, a business trust) 
from coverage under the final rule. This commenter stated that 
including trusts could raise difficult issues regarding who should be 
considered for data collection purposes (the settlors, beneficiaries, 
trustees or some combination thereof), what is the ``net profit or 
loss'' of the trust, as well as who is entitled to that net profit or 
loss. The commenter argued that such burdens would not be justified by 
the minimal information that would be generated with respect to 
reporting of lending to trusts.
    One commenter argued for the inclusion of a test that would discern 
between independent contractors and what it called ``actual'' small 
businesses, as it believes that the credit needs and experiences of 
independent contractors and many small businesses can differ greatly. 
Another suggested the Bureau confirm that the proposed definition of 
``small business'' excludes subsidiaries of large corporate entities.
    A trade association for community banks recommended the Bureau 
exclude farms from the definition of ``small business,'' arguing that 
the underwriting criteria for small farm loans differ from other small 
business loans and that this distinction is acknowledged in several 
Federal laws such as CRA and HMDA. This commenter argued that the 
proposed originations-based coverage threshold would likely lead to 
many small lenders reducing their agricultural lending below the 
threshold, thereby limiting the access to credit for small farms, and 
concluded that an exemption was needed to acknowledge the uniqueness of 
agricultural lending.
Final Rule
    For the reasons discussed herein, the Bureau is finalizing Sec.  
1002.106(a) as proposed, to define the term business as having the same 
meaning as the term ``business concern or concern'' in 13 CFR 121.105.
    As noted above, this definition includes elements such as being ``a 
business entity organized for profit'' that has ``a place of business 
located in the United States'' and ``operates primarily within the 
United States or . . . makes a significant contribution to the U.S. 
economy.'' \510\ This definition also provides that a business concern 
may take a number of different legal forms, including a trust, sole 
proprietorship, partnership, limited liability company, corporation, 
joint venture, or cooperative, except that where the form is a joint 
venture there can be no more than 49 percent participation by foreign 
business entities in the joint venture.\511\ The Bureau is not 
providing interpretations of this SBA regulation in subpart B, as 
requested by some commenters, because the Bureau believes that existing 
SBA interpretations are responsive to commenters' request for 
clarification. For example, financial institutions are not required to 
collect and report data for not-for-profit applicants, because they are 
not ``organized for profit'' and are thus not a ``business concern.'' 
\512\ Moreover, the Bureau expects that applications from foreign 
businesses will fall outside the scope of the rule's data collection 
and reporting requirements unless they have a place of business located 
in the United States and they either operate primarily within the 
United States or they make a significant contribution to the U.S. 
economy through payment of taxes or use of American products, 
materials, or labor.
---------------------------------------------------------------------------

    \510\ 13 CFR 121.105(a)(1).
    \511\ 13 CFR 121.105(b).
    \512\ See id., which states that a business concern may be in 
the legal form of an individual proprietorship, partnership, limited 
liability company, corporation, joint venture, association, trust or 
cooperative, except that where the form is a joint venture there can 
be no more than 49 percent participation by foreign business 
entities in the joint venture.
---------------------------------------------------------------------------

    The Bureau also does not believe it would be appropriate to deviate 
from the term ``business concern or concern'' in 13 CFR 121.105 by 
adopting additional exclusions such as one for passive businesses. As 
discussed above, section 1071 defines small business as referring to 
the definition of small business concern in section 3 of the Small 
Business Act. The Bureau thus must look to this definition, and the 
SBA's implementing regulations, in defining both a business and a small 
business for purposes of this final rule. (The SBA Administrator's 
approval for the Bureau's alternate size standard for this rulemaking 
is discussed in the section-by-section analysis of Sec.  1002.106(b) 
below.)
    In addition, the Bureau believes that covering applications from 
all types of businesses in its rule (including passive businesses \513\ 
and non-operating entities) is important for advancing both of section 
1071's statutory purposes. The Bureau is thus not adopting such 
exclusions requested by commenters. However, because the Bureau 
understands that passive businesses and non-operating entities are 
generally affiliated with other businesses (for example as subsidiaries 
of large corporate entities), and because financial institutions are 
permitted to consider affiliate revenue in determining whether a 
business is small for purposes of this rule, the Bureau anticipates 
that applications from most

[[Page 35260]]

of these kinds of businesses ultimately will not be reportable since 
many such businesses will not be ``small'' businesses under the rule 
implementing section 1071. (See the section-by-section analysis of 
Sec.  1002.106(b) for additional related discussion.)
---------------------------------------------------------------------------

    \513\ The SBA defines a business as passive if: (i) it is not 
engaged in a regular and continuous business operation (the mere 
receipt of payments such as dividends, rents, lease payments, or 
royalties is not considered a regular and continuous business 
operation); or (ii) its employees are not carrying on the majority 
of day to day operations, and the company does not provide effective 
control and supervision, on a day to day basis, over persons 
employed under contract; or (iii) it passes through substantially 
all of the proceeds of the financing to another entity. 13 CFR 
107.720(b)(1).
---------------------------------------------------------------------------

    The Bureau does not agree that trusts must be excluded, as 
suggested by one commenter, on the grounds that covering applications 
from trusts could raise difficult issues regarding who should be 
considered the principal owner for data collection purposes. Treatment 
under the final rule differs, for certain data points, based on whether 
the applicant's owner is a trust or whether the applicant itself is a 
trust. When a financial institution seeks to extend credit to a small 
business applicant whose ownership interests or assets are owned by a 
trust, the trust or trustee often needs to be the applicant for the 
credit. In such situations, because only individuals who are direct 
owners are considered principal owners under final Sec.  1002.102(o), 
entities such as trusts would not be principal owners and thus the 
financial institution would not need to collect or report principal 
owners' ethnicity, race, and sex or the number of principal owners. And 
as outlined in new comment 102(o)-2, if the applicant for a covered 
credit transaction is a trust, a trustee is considered the principal 
owner of the trust for reporting purposes. The Bureau also notes that 
only a trust organized for profit would meet the definition of a 
``business concern'' and fall within the scope of the rule. The Bureau 
believes that these clarifications sufficiently address the commenter's 
concerns and that covering different types of business structures in 
its final rule is important for advancing both of section 1071's 
statutory purposes. Thus, the Bureau is not defining business in a way 
that would exclude trusts from the final rule.
    In response to comments asking the Bureau to confirm that public 
agencies and government institutions are excluded from the coverage of 
the final rule, the Bureau notes that an express exclusion for 
extensions of credit made to governments or governmental subdivisions, 
agencies, or instrumentalities is not necessary because such 
governmental entities do not constitute businesses under the final 
rule. Specifically, government entities are not ``organized for 
profit'' and are thus not a ``business concern'' under final Sec.  
1002.106(a).
    With respect to the suggestion that the Bureau develop a test to 
identify independent contractors (and presumably exclude them), the 
Bureau notes that it is not requiring financial institutions to collect 
or report an applicant's business structure. Independent contractor 
arrangements can take many forms; the Bureau does not believe it would 
be appropriate to exclude from coverage under section 1071, for 
example, a business that acts as an independent contractor to another 
business, simply by virtue of that arrangement. Finally, the Bureau 
notes that the SBA has routinely treated independent contractors as 
business concerns \514\ and based on both of section 1071's statutory 
purposes, the Bureau is not convinced that it should define business in 
a way that would deviate from the SBA's approach and exclude 
independent contractors from the final rule.
---------------------------------------------------------------------------

    \514\ For example, in an interim final rule implementing changes 
related to loans made under the Paycheck Protection Program, the SBA 
stated ``SBA has determined that changing the calculation for sole 
proprietors, independent contractors, and self-employed individuals 
will reduce barriers to accessing the [Paycheck Protection Program] 
and expand funding among the smallest businesses.'' 86 FR 13149, 
13150 (Mar. 8, 2021) (emphasis added).
---------------------------------------------------------------------------

    In response to a commenter's request for clarification on whether a 
``small business'' can be taxed under the owner's Social Security 
number (as opposed to an employer identification number) or whether 
people that have a ``hobby'' business or farm that report income under 
Schedule C or F within their tax returns are considered a small 
business, the Bureau notes that generally, tax documentation is not 
dispositive for the SBA's definition of a small business concern. In 
many instances (for example, with startup businesses), the business may 
not have any tax returns available or the business may be a sole 
proprietorship that is taxed under its owner's Social Security number. 
As long as the business is a ``small business concern'' in 15 U.S.C. 
632(a) (as implemented in 13 CFR 121.101 through 121.107) and its gross 
annual revenue for its preceding fiscal year is $5 million or less, it 
is a small business under this final rule.
    For reasons discussed in the section-by-section analysis of Sec.  
1002.104(a), the Bureau is not adopting a categorical exclusion for 
farms from the definition of ``small business.'' Credit used for 
agricultural purposes is generally covered by the broad definition of 
``credit'' under ECOA. ECOA's definition of credit is not limited to a 
particular use or purpose and Regulation B expressly covers 
agricultural-purpose credit; ECOA does not provide an exception for 
agricultural credit; and it assigns enforcement authority to regulators 
of agricultural lending such as the Secretary of Agriculture and the 
Farm Credit Administration.\515\ Moreover, agricultural businesses are 
encompassed in section 1071's statutory definition of small 
business.\516\ With respect to the concerns that the Bureau's proposed 
originations-based threshold would likely lead to many small lenders 
reducing their agricultural lending below the exemption threshold, the 
Bureau notes that it is increasing the exemption threshold as discussed 
in the section-by-section analysis of Sec.  1002.105(b) above. 
Moreover, the Bureau believes that covering agricultural businesses in 
its rule is important for advancing both of section 1071's statutory 
purposes, particularly given historical and/or continuing 
discrimination against Black farmers and the need for transparency into 
agricultural lending both for fair lending enforcement and business and 
community development. The Bureau is thus not defining small business 
in a way that would exclude such businesses from the final rule.
---------------------------------------------------------------------------

    \515\ See 15 U.S.C. 1691c; Regulation B Sec.  1002.16(a).
    \516\ ECOA section 704B(h)(2) (defining a small business as 
having the same meaning as the term ``small business concern'' in 
section 3 of the Small Business Act (15 U.S.C. 632)). Section 
704B(h)(2) defines small business by reference to the Small Business 
Act definition of a small business concern, which includes 
independently owned and operated ``enterprises that are engaged in 
the business of production of food and fiber, ranching and raising 
of livestock, aquaculture, and all other farming and agricultural 
related industries.'' 15 U.S.C. 632(a)(1).
---------------------------------------------------------------------------

106(b) Small Business Definition
106(b)(1) Small Business
Background
    Section 1071 data collection purposes, requirements, and potential 
impacts. A key component of the Bureau's fair lending work under the 
Dodd-Frank Act is to ensure fair, equitable, and nondiscriminatory 
access to credit for both individuals and their communities.\517\ 
Section 1071 of the Dodd-Frank Act, which amended ECOA, requires 
financial institutions to collect and report to the Bureau data 
regarding applications for credit for women-owned, minority-owned, and 
small businesses. ECOA section 704B(h)(2) states that ``[t]he term 
`small business' has the same meaning as the term `small business 
concern' in section 3 of the Small Business Act (15 U.S.C. 632).'' 
Section 1071 was adopted for the dual statutory purposes of 
facilitating fair lending enforcement and enabling communities, 
governmental entities, and creditors to identify business and community 
development needs and

[[Page 35261]]

opportunities of women-owned, minority-owned, and small 
businesses.\518\
---------------------------------------------------------------------------

    \517\ See 12 U.S.C. 5493(c)(2)(A).
    \518\ ECOA section 704B(a).
---------------------------------------------------------------------------

    As set forth in section 1071, the data that financial institutions 
are required to collect and report to the Bureau include, among other 
things, the gross annual revenue of the business in its preceding 
fiscal year, the type and purpose of the loan, the census tract for the 
applicant's principal place of business, and the ethnicity, race, and 
sex of the principal owners of the business.\519\ ECOA section 
704B(f)(2)(C) further provides that information compiled and maintained 
under the statute shall be ``annually made available to the public 
generally by the Bureau, in such form and in such manner as is 
determined by the Bureau, by regulation.'' The Bureau believes that the 
collection and subsequent publication of robust and granular data 
pursuant to section 1071 regarding credit applications for small 
businesses will provide much-needed transparency to an otherwise opaque 
market and help ensure fair, equitable, and nondiscriminatory access to 
credit.
---------------------------------------------------------------------------

    \519\ ECOA section 704B(e)(2).
---------------------------------------------------------------------------

    The Bureau understands that access to fair, equitable, and 
nondiscriminatory credit is crucial to the success of small businesses. 
Small businesses--including women-owned and minority-owned small 
businesses--need access to credit to smooth out business cash flows and 
to enable entrepreneurial investments that take advantage of, and 
sustain, opportunities for growth. The market these businesses turn to 
for credit is vast, varied, and complex. Overall, small businesses have 
many options when it comes to financing, including a wide range of 
products and providers. Yet market-wide data on credit to small 
businesses remain very limited, particularly with respect to 
applicants' protected demographic information at the core of section 
1071. The Bureau believes that its rulemaking implementing section 1071 
of the Dodd-Frank Act will provide critical data for financial 
institutions, community groups, policy makers, and small businesses.
    SBA size standards. The Small Business Act permits the SBA 
Administrator to prescribe detailed size standards by which a business 
concern may be categorized as a small business, which may be based on 
the number of employees, dollar volume of business, net worth, net 
income, a combination of these, or other appropriate factors.\520\
---------------------------------------------------------------------------

    \520\ 15 U.S.C. 632(a)(2)(A) and (B).
---------------------------------------------------------------------------

    As implemented by the SBA, these size standards generally hinge on 
average annual receipts or the average number of employees of the 
business concern and are customized industry-by-industry across 1,012 
6-digit NAICS codes. Specifically, the SBA typically uses two primary 
measures of business size for size standards purposes: (i) average 
annual receipts \521\ for businesses in services, retail trade, 
agricultural, and construction industries, and (ii) average number of 
employees for businesses in all manufacturing, most mining and 
utilities industries, and some transportation, information and research 
and development industries.\522\ To measure business size, the SBA also 
uses financial assets for certain financial industries, and for the 
petroleum refining industry it uses refining capacity and employees. 
The SBA's size standards are used to establish eligibility for a 
variety of Federal small business assistance programs, including for 
Federal government contracting and business development programs 
designed to assist small businesses in obtaining Federal contracts and 
for the SBA's loan guarantee programs, which provide access to capital 
for small businesses that are unable to qualify for and receive 
conventional loans elsewhere.
---------------------------------------------------------------------------

    \521\ Effective January 6, 2020, the SBA changed its regulations 
on the calculation of average annual receipts for all its receipts-
based size standards from a three-year averaging period to a five-
year averaging period. 84 FR 66561 (Dec. 5, 2019).
    \522\ The SBA now uses a 24-month average to calculate a 
business concern's number of employees for eligibility purposes in 
all its programs. 87 FR 34094 (June 6, 2022).
---------------------------------------------------------------------------

    Under the Small Business Jobs Act of 2010,\523\ the SBA is required 
to review all size standards no less frequently than once every five 
years.\524\ The SBA's lowest size standards based on average annual 
receipts are currently used for agricultural industries. At the time of 
the Bureau's NPRM, the SBA used a $1 million average annual receipts 
standard for 46 out of 64 agricultural industries.\525\
---------------------------------------------------------------------------

    \523\ Public Law 111-240, 124 Stat. 2504 (2010).
    \524\ 15 U.S.C. 632 note.
    \525\ See Small Bus. Admin., Table of size standards (effective 
Oct 1, 2022), https://www.sba.gov/document/support-table-size-standards.
---------------------------------------------------------------------------

    The SBA has since maintained or increased its size standards across 
all industries. Following the SBA's implementation of revised size 
standards in May and June 2022 \526\ and its inflation adjustment of 
monetary-based industry size standards in November 2022,\527\ a $1 
million standard is no longer used for any industry. The size standards 
for agricultural industries now range from $2.25 million to $34 
million, and the size standards for non-agricultural industries now 
range from $8 million to $47 million. In April 2022, the SBA also 
proposed increasing 150 size standards for businesses in manufacturing 
and other sectors (excluding wholesale trade and retail trade) that are 
based on the number of employees.\528\ The SBA also increased size 
standards for 57 industries in the wholesale trade and retail trade 
sectors.\529\
---------------------------------------------------------------------------

    \526\ Through a series of rules that became effective on May 2, 
2022, the SBA implemented revised size standards for 229 industries 
(all using average annual receipts standards) to increase 
eligibility for its Federal contracting and loan programs. See 87 FR 
18607 (Mar. 31, 2022); 87 FR 18627 (Mar. 31, 2022); 87 FR 18646 
(Mar. 31, 2022); 87 FR 18665 (Mar. 31, 2022). The SBA did not reduce 
any size standards--it either maintained or increased the size 
standards for all 229 industries, in many cases with size standard 
increases of 50 percent or more. Effective July 14, 2022, the SBA 
also increased size standards for 22 wholesale trade industries and 
35 retail trade industries. 87 FR 35869 (June 14, 2022).
    \527\ 87 FR 69118 (Nov. 17, 2022) (adjusting monetary-based 
industry size standards (i.e., receipts- and assets-based) for 
inflation that occurred since 2014 by adding an additional 13.65 
percent inflation increase to these size standards).
    \528\ 87 FR 24752 (Apr. 26, 2022) (establishing 250 employees 
and 1,500 employees, respectively, as the minimum and maximum size 
standard levels for Manufacturing and other industries (excluding 
Wholesale and Retail Trade), up from the current minimum of 100 
employees and the current maximum of 1,500 employees in the SBA's 
existing size standards).
    \529\ 87 FR 35869 (June 14, 2022).
---------------------------------------------------------------------------

    The Small Business Act further provides that no Federal agency may 
prescribe a size standard for categorizing a business concern as a 
small business concern absent approval by the SBA Administrator.\530\ 
The SBA's rule governing its consideration of other agencies' requests 
for approval of alternate size standards requires that the agency 
seeking to adopt an alternate size standard consult in writing with the 
SBA's Division Chief for the Office of Size Standards in advance of 
issuing an NPRM containing the proposed alternate size standard.\531\ 
The Bureau met this requirement and also provided a copy of the 
published NPRM to the Division Chief for the Office of Size Standards. 
The Bureau subsequently obtained approval from the SBA Administrator 
for its alternate small business size standard contained in this final 
rule.
---------------------------------------------------------------------------

    \530\ 15 U.S.C. 632(a)(2)(C); see also 13 CFR 121.903(a)(5).
    \531\ 15 U.S.C. 632(a)(2).
---------------------------------------------------------------------------

    Market considerations. A wide variety of financial institutions, 
with varying levels of sophistication and experience, extend credit to 
small businesses. This rulemaking applies to a broad range of financial 
institutions. Banks and credit unions that serve a breadth of customers

[[Page 35262]]

typically organize their commercial lending operations into segments 
based on a combination of risk, underwriting, product offering, and 
customer management factors that are appropriate to each segment. The 
three most frequent organizational groupings are retail/small business, 
middle market, and large corporate banking. Commercial customers are 
generally assigned to an organizational grouping based on their revenue 
potential and aggregate credit exposure, with smaller accounts assigned 
to the retail/small business banking area. The overwhelming 
preponderance of small businesses are found in the retail/small 
business banking group, which may also conduct consumer banking.
    Today, the distinguishing characteristic that many larger financial 
institutions (principally banks with $10 billion or more in assets) use 
to assign small businesses into the retail/small business banking group 
is gross annual revenue.\532\ While cut-offs vary by financial 
institution, the Bureau understands that a common demarcation for 
small/retail customers are those with less than $5 million, or 
sometimes up to $10 million, in gross annual revenue. The maximum 
amount of a retail/small business banking term loan or credit line is 
typically $5 million or less.
---------------------------------------------------------------------------

    \532\ See Fed. Deposit Ins. Corp., Small Business Lending 
Survey, at 11 (2018), https://www.fdic.gov/bank/historical/sbls/full-survey.pdf (FDIC Small Business Lending Survey) (finding that a 
substantial majority of large banks use gross annual revenue (61.8 
percent) as a limit to define small businesses).
---------------------------------------------------------------------------

    Financial institutions that do not conduct SBA lending generally do 
not collect or consider the number of employees of a small business 
applying for credit, but they often capture gross annual revenue 
information, including for regulatory compliance purposes. 
Specifically, retail/small business lenders routinely collect 
applicants' gross annual revenue information because notification 
requirements under existing Regulation B vary for business credit 
applicants depending on whether they ``had gross revenues of $1 million 
or less in [their] preceding fiscal year.'' \533\ For a business 
applicant with gross annual revenues of $1 million or less, a creditor 
must provide a notification following an adverse action, such as a 
credit denial, that is generally similar to that provided to a consumer 
in both substance and timing.\534\ As a result, small business lenders 
often adopt compliance management systems similar to those found among 
consumer lenders.
---------------------------------------------------------------------------

    \533\ 12 CFR 1002.9(a)(3)(i).
    \534\ Id. The notification requirements for applicants with 
gross annual revenues in excess of $1 million are generally more 
flexible in substance and also do not impose a firm deadline for 
provision of a Regulation B notification. 12 CFR 1002.9(a)(3)(ii).
---------------------------------------------------------------------------

    The Bureau believes it is important for a financial institution to 
be able to quickly determine at the beginning of the application 
process whether an applicant is a ``small business'' for purposes of 
this final rule. Financial institutions generally cannot inquire about 
an applicant's protected demographic information (including the 
ethnicity, race, and sex of an applicant's principal owners) without 
being legally required to do so.\535\ As discussed in the Overview of 
this part V, this final rule will only require (and thus only permit) 
such inquiries for small business applicants.\536\ While the Bureau is 
allowing financial institutions flexibility in when they seek this 
protected demographic information, the Bureau believes that financial 
institutions generally have the best chance of obtaining it and 
supporting the purposes of section 1071, if they ask for it in the 
earlier stages of the application process. As a result, a financial 
institution may need to know, even before the application is initiated, 
which application path the applicant must follow--a 1071-governed or a 
non-1071-governed application path.
---------------------------------------------------------------------------

    \535\ See 12 CFR 1002.5(a).
    \536\ Such inquiries are also permitted for co-applicants of 
small businesses pursuant to final Sec.  1002.5(a)(4)(x).
---------------------------------------------------------------------------

    Early feedback. From very early on in its discussions with 
stakeholders regarding section 1071, the Bureau has received feedback 
focused primarily on how the Bureau might define a business size 
standard. For example, in response to the Bureau's 2017 request for 
information, many stakeholders expressed concern about the difficulties 
in determining the appropriate NAICS code for businesses and in 
applying the NAICS-based standards in determining whether a business 
loan applicant is a small business. Commenters who addressed the issue 
of a small business definition were universally in favor of the Bureau 
adopting something less complex than the SBA's size standards based on 
6-digit NAICS codes. Commenters noted that the use of these standards 
is relatively complex and would introduce burdens for this rule with 
limited benefit.
    Likewise, during the SBREFA process, small entity representatives 
generally preferred a simple small business definition and expressed 
concern regarding the complexity of the SBA's NAICS-based size 
standards. Some small entity representatives supported an approach for 
defining a small business that would use an applicant's gross annual 
revenue for determining whether it was ``small'' (thresholds under 
consideration at SBREFA were $1 million and $5 million). For most small 
entity representatives, nearly all their small business customers had 
less than $5 million in gross annual revenue; most were under $1 
million. Several small entity representatives remarked that a $1 
million gross annual revenue threshold would be too low, noting that it 
would exclude many businesses defined by SBA regulations as ``small''; 
some of these small entity representatives said that a $5 million gross 
annual revenue threshold would be acceptable. Some small entity 
representatives advocated for higher revenue thresholds, such as $8 
million or $10 million. Some small entity representatives supported a 
more complex approach that would distinguish between applicants in 
manufacturing and wholesale industries (500 employees) and all other 
industries ($8 million in gross annual revenue). One small entity 
representative also supported another approach, which was closest to 
the SBA's existing size standards, stating that it reflects the SBA's 
substantially different definitions of a small business across 
different industries. Feedback from stakeholders other than small 
entity representatives also reflected broad support for the Bureau 
pursuing a simplified version of the SBA small business definition.
Proposed Rule
    Proposed Sec.  1002.106(b) would have defined a small business as 
having the same meaning as the term ``small business concern'' in 15 
U.S.C. 632(a), as implemented in 13 CFR 121.101 through 121.107. 
Proposed Sec.  1002.106(b) would have further stated that, 
notwithstanding the size standards set forth in 13 CFR 121.201, for 
purposes of proposed subpart B, a business is a small business if its 
gross annual revenue, as defined in proposed Sec.  1002.107(a)(14), for 
its preceding fiscal year is $5 million or less. The Bureau's proposal 
noted it was seeking SBA approval for this alternate small business 
size standard pursuant to the Small Business Act.\537\
---------------------------------------------------------------------------

    \537\ 15 U.S.C. 632(a)(2)(C).
---------------------------------------------------------------------------

    Proposed comments 106(b)-1 and 106(b)-2 would have clarified the 
obligations of covered financial institutions when new information 
changed the determination of whether an applicant is a small business, 
giving rise to requirements under proposed subpart B and/or 
prohibitions under

[[Page 35263]]

existing Regulation B. The Bureau acknowledged that a financial 
institution's understanding of an applicant's gross annual revenue may 
change as the application proceeds through underwriting.
    Proposed comment 106(b)-3 would have explained that a financial 
institution may rely on an applicant's representations regarding gross 
annual revenue (which may or may not include an affiliate's revenue) 
for purposes of determining small business status under proposed Sec.  
1002.106(b).
    The Bureau sought comment on this proposed definition of a small 
business, including the $5 million gross annual revenue size standard, 
as well as whether additional clarification is needed for any aspect of 
this proposed definition. The Bureau also sought comment on whether 
another variation of the proposed size standard would better serve the 
purposes of section 1071, such as a lower revenue size standard or a 
higher one, potentially at the $8 million or $10 million level. The 
Bureau also sought comment on whether, in addition to the above-
described gross annual revenue-based size standard, a small business 
definition that also included any business that was furnished a loan 
pursuant to an SBA program (regardless of the applicant's gross annual 
revenue) would further the purposes of section 1071.
    Similarly, the Bureau sought comment on whether a threshold based 
on $8 million gross annual revenue or 500 employees (depending on the 
type of business) would align more closely with section 1071's 
purposes. Likewise, the Bureau sought comment on whether a variation of 
the proposed size standard, such as using an applicant's average gross 
annual revenue averaged over two or five years, would better serve the 
purposes of section 1071. In addition, the Bureau sought comment on 
defining a small business consistent with the entirety of existing SBA 
regulations, including any advantages or disadvantages that using such 
a definition might pose specifically in the context of this rulemaking. 
Specifically, the Bureau sought comment on how the proposed size 
standard would fit in with a financial institution's current lending or 
organization practices. The Bureau sought comment on whether the 
proposed size standard would introduce additional difficulties or 
challenges for SBA lenders.
Comments Received
    The Bureau received many comments supporting the use of a simple 
gross annual revenue threshold from a range of lenders and trade 
associations, along with a community group, a technology service 
provider, a business advocacy group, several members of Congress, and 
others. Many commenters said that a gross annual revenue threshold was 
simple, objective, relatively easy to apply at the time of application, 
and/or will make compliance easier. One bank more generally emphasized 
the need for a simplified definition of small business that is easily 
determinable at the time of application. Another commenter noted that 
determining the appropriate NAICS codes and the number of employees is 
not easy early on in the application process. A bank stated that 
revenue thresholds provide a consistent and transparent line of 
delineation. Some commenters asserted that a gross annual revenue 
threshold was preferable to the SBA's more complex size standards that 
change over time. One commenter asserted that a gross annual revenue 
threshold was the only feasible way to implement section 1071 and that 
trying to apply SBA size standards would massively complicate the data 
collection process, lead to the introduction of errors that would 
undermine data accuracy and interfere with financial institutions' 
ability to extend credit to business applicants in a prompt and 
efficient manner. One agricultural lender argued that having to 
determine whether a business is small for the purposes of the rule 
could delay communicating a credit decision in violation of ECOA and 
the Farm Credit Act, while another commenter hypothesized that 
financial institutions may decline loan requests due to inadequate 
financial documentation for a small business determination. Another 
commenter expressed general support for a broad definition of small 
business.
    Despite the broad support for a gross annual revenue threshold, 
commenters disagreed on where to set the threshold. Some commenters 
supported the proposed threshold of $5 million or less in gross annual 
revenue. A trade association stated that the proposed approach was 
sufficiently broad and could encompass as great a portion of the 
population of minority- and women-owned businesses as practical. One 
agricultural lender asked for additional context and insight for the $5 
million threshold and an explanation regarding how a number larger than 
$1 million, which the Bureau had previously considered during the 
SBREFA process, meets the intent of Congress under section 1071. A bank 
advocated for a $250,000 gross annual revenue threshold, asserting that 
most businesses that surpass this threshold have access to or already 
utilize an attorney or accountant, either one of which should be able 
to adequately advise on the presence of any discriminatory terms.
    The Bureau received some comments expressing general disapproval of 
its proposed approach to the gross annual revenue threshold. A few 
banks argued that a $5 million threshold is too high, with one adding 
that this was particularly true in community bank areas and another 
suggesting that the Bureau did not adequately support its proposal with 
statistics. A few industry commenters asserted that an expansive small 
business definition would burden their organizations with significant 
costs and that the Bureau should instead reduce the number of 
businesses that are reportable under the regulation. A women's business 
advocacy group suggested the Bureau have ``multiple levels'' in its 
small business definition. Several commenters noted a preference for a 
gross annual revenue threshold lower than $5 million, without 
specifying an amount. A credit union suggested the Bureau ensure that 
both annual revenue and asset size \538\ be taken into consideration.
---------------------------------------------------------------------------

    \538\ It is unclear whether the commenter was referring to the 
asset size of the small business or asset size of the financial 
institution.
---------------------------------------------------------------------------

    Most commenters that suggested an alternative small business 
definition expressed preference for a $1 million gross annual revenue 
threshold. Some industry commenters asserted that a $1 million 
threshold would be less burdensome, less costly, and/or would simplify 
compliance as compared to the proposed $5 million threshold. One said 
that anything other than a $1 million threshold may be too complex for 
applicants and/or financial institutions, which could lead to less than 
expected levels of data integrity and misalignment with the 1071 
statutory purposes. Several industry commenters and a business advocacy 
group argued that a gross annual revenue threshold of $1 million or 
less is more in line with congressional intent and purpose. A bank 
asserted that it would be more feasible to implement a firewall between 
underwriter and customer because a $1 million threshold would avoid a 
complete change in how the bank underwrites and processes small 
business loan applications.
    Some commenters said that a $1 million threshold would better align 
with existing Regulation B adverse action notification requirements, 
with one adding that misalignment leads to compliance costs. A bank 
suggested the Bureau amend the existing Regulation B

[[Page 35264]]

requirements on adverse actions to ensure consistency with this rule 
and avoid confusion with loan officers and loan processers.
    Many more commenters advocated for alignment with CRA regulations 
that use $1 million or less in annual revenue to define a small 
business, with some arguing that misalignment with the CRA would lead 
to increased compliance costs. Some industry commenters stressed the 
need for consistency between reporting regimes, asserting that the 
proposed threshold did not align with other regulatory requirements 
such as CRA. One commenter suggested that inconsistency with CRA would 
add another nuance to data validation. A State bankers association 
suggested that a $1 million threshold would also better align with 
Small Business Development Center and Small Business Investment Company 
program guidelines. A credit union trade association suggested that a 
$1 million gross annual revenue threshold would be consistent with the 
SBA's definitions for some types of small businesses, including most 
agricultural small businesses.
    Some commenters said that a $1 million threshold would cover most 
(over 95 percent) of small businesses as defined by the SBA size 
standards in effect at the time of the NPRM. Similarly, many commenters 
argued that the proposed $5 million threshold would be overinclusive 
and a $1 million threshold would better exclude non-small businesses. 
One bank said this overinclusiveness would be particularly notable in 
middle/rural America, while another argued that the proposed definition 
would create inequity and inflated costs for banks serving small-to-
midsize markets by picking up a disproportionate number of businesses 
as small businesses under the rule.
    Two credit union trade associations argued that the proposed $5 
million threshold would increase the size of the 1071 data collection, 
the risk to data privacy, and the costs associated with compliance for 
covered financial institutions. Two other commenters suggested that a 
$1 million threshold would accomplish the goals of section 1071 without 
unnecessary drawbacks.
    In contrast, some commenters requested a more expansive size 
standard for defining small businesses under the rule. A number of 
community groups expressed a preference for a $7.5 million threshold, 
citing language from the SBA's website \539\ indicating that most non-
manufacturing businesses with average annual receipts under $7.5 
million will qualify as a small business. A few other commenters 
expressed a preference for a $8 million threshold. A CDFI lender 
maintained that a $8 million threshold was the most common SBA size 
standard threshold for average annual receipts, would cover more 
manufacturing and wholesale businesses, and received broad support from 
small entity representatives (though they recommended eliminating the 
500 employees standard for manufacturing and wholesale that was part of 
that option under consideration at SBREFA). Another commenter opined 
that a threshold of $8 million (adjusted every five years according to 
the SBA's recalibrations) would better cover the small business market, 
account for differences in business types (such as manufacturing) and 
regional economic conditions, and would more closely align with what 
lenders already consider small businesses. Finally, a joint letter from 
community groups, community oriented lenders, and business advocacy 
groups asserted that a threshold lower than $8 million would lead to 
significantly less data against which to compare lending patterns and 
to identify lending trends and gaps.
---------------------------------------------------------------------------

    \539\ Small Bus. Admin., Basic requirements, https://www.sba.gov/federal-contracting/contracting-guide/basic-requirements 
(last visited Mar. 20, 2023).
---------------------------------------------------------------------------

    Existing SBA size standards. Several commenters recommended the 
Bureau use the SBA's definition and size standards. One credit union 
trade association asserted that the SBA definition is already used by 
credit unions and all financial services providers as the industry 
standard and thus using an alternative definition would only create 
confusion and inconsistent Federal regulations, thereby harming credit 
unions' ability to serve their members. A bank argued that having 
different definitions and requirements across similar regulatory 
obligations would result in more burden and costs due to the unique 
review and maintenance of each obligation.
    Loan size. Some industry commenters suggested defining a small 
business by the credit amount requested. Several said that small 
businesses should be defined by loans of $1 million or less. A bank 
asserted that this would be a much more reasonable definition of what a 
small business is and will encompass the majority of its commercial 
lending to small businesses. A few commenters argued that this would 
better align with CRA and call report requirements. Another commenter 
noted that loan size does not fluctuate over time like revenue and it 
is easy to identify at the beginning of the application process. Some 
credit union commenters suggested requiring reporting for small 
business loans up to $10 million. A few other industry commenters 
suggested adopting a maximum amount applied for ``exclusion'' of 
$750,000 in order to exempt applications from non-small businesses. 
These commenters asserted that such an exclusion would harmonize this 
rule with the SBA's maximum direct loan amount. A few commenters 
expressed disapproval of a $1 million loan size threshold, noting many 
small businesses borrow amounts far more than $1 million while many 
large businesses borrow amounts far below that threshold.
    Small farm definition. The Bureau received comments from many 
agricultural lenders suggesting that the $5 million gross annual 
revenue threshold would be overinclusive when applied to farms and that 
agricultural lending needs a different small business definition for 
purposes of section 1071 in order to capture only truly small farms. 
One commenter asserted that under the Small Business Act's implementing 
regulations, the Bureau must take into account differing industry 
characteristics. Specifically, many agricultural lenders suggested that 
the Bureau's definition of ``small business'' align with the Farm 
Credit Administration's (FCA) definition of ``small farmer,'' which is 
a ``farmer, rancher, or producer or harvester of aquatic products who 
normally generates less than $250,000 in annual gross sales of 
agricultural or aquatic products.'' \540\ A few also urged the Bureau 
not to ignore the USDA small farm definitions.\541\ One commenter noted 
that even a $1 million threshold would be too high because 96 percent 
of farms had less than $1 million in annual sales of agricultural 
products. Several commenters suggested that the FCA

[[Page 35265]]

definition would facilitate compliance because staff and compliance 
professionals at Farm Credit lenders are already very familiar with 
that standard and because it would be confusing and burdensome for 
staff to manage two competing regulatory definitions of ``small'' 
customers.
---------------------------------------------------------------------------

    \540\ Farm Credit Admin., Bookletter 040--Revised: Providing 
Sound and Constructive Credit to Young, Beginning, and Small 
Farmers, Ranchers, and Producers or Harvesters of Aquatic Products, 
at 2 (Aug. 10, 2007), https://ww3.fca.gov/readingrm/Handbook/FCA%20Bookletters/BL-040%20REVISED.docx.
    \541\ The USDA Economic Research Service (USDA-ERS) measures 
farm size by annual gross cash farm income--a measure of the farm's 
revenue (before deducting expenses) that includes sales of crops and 
livestock, payments made under agricultural Federal programs, and 
other farm-related cash income including fees from production 
contracts. Econ. Rsch. Serv., U.S. Dep't of Agric., Farm Structure 
and Contracting (last updated Mar. 8, 2022), https://www.ers.usda.gov/topics/farm-economy/farm-structure-and-organization/farm-structure-and-contracting/. Within this 
classification system, small family farms have gross cash farm 
income less than $350,000, with subcategories of low-sales farms 
(gross cash farm income less than $150,000) and moderate-sales farms 
(gross cash farm income between $150,000 and $349,999). Id.
---------------------------------------------------------------------------

    Several commenters noted that approximately half of Farm Credit 
System loans outstanding were to ``small farmers'' and that this level 
of coverage would more than accomplish section 1071's statutory 
purposes. One agricultural lender noted that over 76 percent of its 
loan volume portfolio would fall within the proposed $5 million ``small 
business'' definition (approximately 3,770 loans) but 10.7 percent of 
the loan volume portfolio falls under the FCA definition (approximately 
2,730 loans).
    Other suggested size standards. A trade association representing 
online lenders recommended the Bureau adopt an easy-to-administer 
definition based on 4-digit NAICS codes. This commenter argued that 
while a singular revenue or number of employees standard to designate 
small businesses might be simpler for the Bureau, it would not be a 
true reflection of the small business market. The commenter asserted 
that employing the first 4 digits of the NAICS codes would provide 
measurements that differentiates broadly by industry, but provides a 
standard that gives lenders flexibility, allowing them to use data 
supplied by the borrower without having to undertake a costly and time-
consuming verification process of the data provided.
    Many community groups, community-oriented lenders, and a minority 
business advocacy group urged the Bureau to adopt the 500 employee/$8 
million test set forth in the SBREFA Outline. A few of these commenters 
said this was an easily implemented definition that covered the bulk of 
small businesses as defined by the SBA without the complexities of the 
SBA's NAICS-code based definitions, whereas the Bureau's proposal would 
exclude 270,000 businesses that the SBA classifies as small businesses, 
with many such businesses disproportionately located within retail 
trade and construction industries, where small businesses are more 
likely to be owned by people of color.
    One comment letter suggested defining a small business as having a 
gross annual revenue of $1 million and including a threshold for the 
number of employees required for a business to be deemed small. They 
referenced the SBA's size standards, which use a 100-employee threshold 
for some industries, but suggested the Bureau use a similar definition 
or alter its small business definition to include more minority- and 
women-owned small businesses.
    Other issues. A few comments addressed the role of affiliate 
revenue in business size determinations. A bank suggested aligning 
treatment of affiliate revenue with current CRA requirements \542\ to 
avoid reporting disparities from institution to institution for 
similarly situated applicants. Pointing to SBA rules and guidance, two 
other industry commenters asserted that subsidiaries of large companies 
should be excluded from the definition of ``small business'' if the 
aggregate revenues for all affiliates, as defined in 13 CFR 121.103, 
exceed the gross annual revenue threshold.
---------------------------------------------------------------------------

    \542\ The CRA requires an institution to rely on the revenues 
that it considered in making its credit decision when indicating 
whether a small-business or small-farm borrower had gross annual 
revenues of $1 million or less--in the case of affiliated 
businesses, the institution would aggregate the revenues of the 
business and the affiliate to determine whether the revenues are $1 
million or less only if the institution considered the revenues of 
the entity's parent or a subsidiary corporation of the parent as 
well as that of the business. See Fed. Fin. Insts. Examination 
Council, A Guide to CRA Data Collection and Reporting, at 13 (Jan. 
2001), https://www.ffiec.gov/cra/pdf/cra_guide.pdf.
---------------------------------------------------------------------------

    Two commenters asked for clarification related to business size 
determinations involving multiple applicants. One suggested the Bureau 
clarify that loans jointly made to multiple borrowers are not 
reportable where one or more of the borrowers may qualify as a small 
business under the rule but is not the primary business seeking the 
funding. Another commenter suggested the Bureau (i) allow lenders to 
treat all co-borrowers as one applicant such that the gross annual 
revenue of all co-borrowers would be aggregated for purposes of 
assessing whether the loan is a small business loan and (ii) clarify 
how to identify loans to a ``minority-owned business'' or a ``women-
owned business'' when one, but not all, co-borrowers meet the 
definitions of these terms.
    A group of insurance premium finance trade associations noted that 
their members do not obtain any financial information or information 
about for-profit status regarding any applicant and suggested the 
Bureau permit their members to ask the insured business if it is a 
small business (after furnishing the regulation's operative definition) 
when the signed premium finance agreement is submitted to the lender or 
immediately after the lender receives the signed premium finance 
agreement.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.106(b)(1) (proposed as Sec.  1002.106(b)) to define a small 
business as having the same meaning as the term ``small business 
concern'' in 15 U.S.C. 632(a), as implemented in 13 CFR 121.101 through 
121.107. As discussed above, the Bureau believes that adopting existing 
statutory and regulatory small business definitions, which are widely 
understood and already the subject of notice and comment, is consistent 
with the purposes of section 1071 and will facilitate compliance. Final 
Sec.  1002.106(b)(1) further states that, notwithstanding the size 
standards set forth in 13 CFR 121.201, for purposes of subpart B, a 
business is a small business if its gross annual revenue, as defined in 
final Sec.  1002.107(a)(14), for its preceding fiscal year is $5 
million or less. The Bureau believes this definition implements the 
statutory language of section 1071 while reflecting a need for 
financial institutions to apply a simple, broad definition of a small 
business across industries. The Bureau has obtained SBA approval for 
this alternate small business size standard pursuant to the Small 
Business Act.\543\
---------------------------------------------------------------------------

    \543\ 15 U.S.C. 632(a)(2)(C); 13 CFR 121.903.
---------------------------------------------------------------------------

    The Bureau believes that adopting this gross annual revenue 
standard is consistent with the purposes of section 1071 and addresses 
the concerns that the Bureau has heard with respect to determining 
whether applicants are small businesses for purposes of complying with 
section 1071, particularly regarding determining the applicant's NAICS 
code, and the implications thereof. Due to concerns expressed by other 
stakeholders, which are described above, and upon its own further 
consideration as discussed in this section-by-section analysis under 
Alternatives Considered below, the Bureau is not adopting suggested 
alternative standards, including, but not limited to a $1 million gross 
annual revenue standard, a $7.5 or $8 million gross annual revenue 
standard, a threshold based on loan size, a different standard for 
agricultural lending, nor the existing SBA size standards.
    The Bureau agrees with the many commenters who said that a 
definition of small business for purposes of section 1071 based on a 
gross annual revenue threshold was simple, objective, relatively easy 
to apply at the time of application, and/or will make compliance 
easier. The Bureau understands that a majority of large banks already 
use gross annual revenue

[[Page 35266]]

thresholds to delineate small business lending within their own 
institutions.\544\ The Bureau also agrees that a gross annual revenue 
threshold is the preferred way to implement section 1071 to avoid 
overly complicating the data collection process, leading to the 
introduction of errors that would undermine data accuracy, or 
interfering with financial institutions' ability to extend credit to 
business applicants in a prompt and efficient manner. The Bureau 
believes that a simplified definition of small business that does not 
require determining the appropriate NAICS codes and/or the number of 
employees will satisfy lenders' needs to easily determine small 
business status early in the application process and avoid delays in 
communicating a credit decision.
---------------------------------------------------------------------------

    \544\ See FDIC Small Business Lending Survey at 11.
---------------------------------------------------------------------------

    While the Bureau received broad support for a simple gross annual 
revenue threshold generally, it received narrower support for a 
threshold of $5 million or less in gross annual revenue. The Bureau 
believes that a $5 million threshold strikes the right balance in terms 
of broadly covering the small business financing market to fulfill 
section 1071's statutory purposes while meeting the SBA's criteria for 
an alternative size standard.\545\ As described above, the SBA is 
generally increasing size standards across industries and no longer 
uses a $1 million annual receipts standard for any industry. As a 
result, the Bureau's $5 million standard is sufficiently inclusive 
relative to the SBA size standards. Moreover, while there is no clear 
consensus on a simplified size standard that uniformly covers all small 
business financing markets,\546\ the Bureau understands that among the 
banks that already use a gross annual revenue threshold to delineate 
small business lending, the majority of banks of all sizes use a 
threshold above $1 million in firm gross annual revenue.\547\ In fact, 
larger banks typically use even higher thresholds (for banks with less 
than $1 billion in assets, 25.1 percent use a threshold greater than $5 
million in firm gross annual revenue, while 37.0 percent of banks with 
$1 billion to $10 billion in assets use a gross annual revenue 
threshold of $5 million or more).\548\
---------------------------------------------------------------------------

    \545\ See 15 U.S.C. 632(a)(2)(C); 13 CFR 121.903.
    \546\ See, e.g., FDIC Staff Report at 10 (discussing various 
gross annual revenue thresholds ranging from $1 million to $10 
million and resolving ``[g]iven the lack of consensus on the correct 
definition of a small business, [to] present results using both 
thresholds wherever possible'').
    \547\ Id. at 9.
    \548\ Id.
---------------------------------------------------------------------------

    The Bureau has considered the potential effect of applying a $5 
million gross annual revenue threshold to both non-agricultural and 
agricultural industries and compared that standard to coverage under 
the SBA's existing size standards. Among non-agricultural industries, 
the Bureau estimates \549\ that over 1.5 million (27 percent) small 
businesses would not be covered by an alternative $1 million gross 
annual revenue threshold and at a $2 million threshold, the rule would 
have been underinclusive by 12 percent. (This and other size standards 
suggested by commenters are discussed in detail under Alternatives 
Considered below.) At a $8 million threshold, the percentage of 
underinclusivity falls to approximately 4 percent, or approximately 
235,000 non-agricultural businesses.
---------------------------------------------------------------------------

    \549\ The Bureau used the most recent Statistics of U.S. 
Businesses (SUSB) from Census (from 2017) to estimate the total 
number of businesses that would be under- or over-included for 
section 1071, relative to the SBA's size standards and based on 
various revenue-based size standard alternatives. We use SBA size 
standards as of May 2022 which reference 2017 NAICS codes; these 
NAICS codes are consistent with the SUSB data. The 2017 SUSB only 
contains information on employer businesses.
---------------------------------------------------------------------------

    Applying an $8 million threshold to agricultural businesses, the 
Bureau's analysis \550\ shows that over 20,000 such businesses that are 
not considered small under the SBA's size standards would have their 
applications reported to the Bureau.\551\ With the finalized $5 million 
gross annual revenue threshold, relative to current SBA size standards, 
all small farms' applications will be reported to the Bureau, along 
with applications from 14,000 agricultural businesses that are not 
considered small under the SBA's size standards. Thus, the Bureau 
believes that its $5 million gross annual revenue threshold strikes an 
appropriate balance between covering the applications of most 
businesses that are considered small under the SBA's size standards, 
while minimizing the number of businesses above the SBA's size 
standards whose applications will be reported to the Bureau, and in a 
way that satisfies the SBA's criteria for approving an alternative size 
standard under its regulations.
---------------------------------------------------------------------------

    \550\ The Bureau's analysis of agricultural industries used the 
2017 Census of Agriculture from the USDA, relative to the SBA's size 
standards, based on various revenue-based size standard 
alternatives. The Bureau notes that because the Census of 
Agriculture does not have the granularity of the SUSB, it made some 
additional strong assumptions. The Census of Agriculture also does 
not have the same employer/non-employer distinction as the SUSB and 
therefore includes information on all farms.
    \551\ In the Census of Agriculture, there is just a $5+ million 
category so this number would not change for thresholds above $5 
million.
---------------------------------------------------------------------------

    The Bureau also notes that in their proposal to amend their 
regulations implementing the CRA, the Board, FDIC, and OCC proposed to 
define the terms ``small business'' and ``small farm'' consistent with 
the Bureau's definitions in its NPRM.\552\ Thus, per the CRA proposal, 
once 1071 data are available, the agencies would transition from the 
current CRA definitions of small business and small farm loans to 
definitions that cover loans to small businesses and small farms with 
gross annual revenues of $5 million or less.\553\ Given the many 
comments that the Bureau received advocating for CRA alignment, the 
Bureau strongly supports the CRA agencies' efforts and believes that 
finalizing its proposed small business definition will streamline 
reporting and minimize compliance risks for financial institutions that 
are also reporting covered credit transactions under CRA and would 
simplify data analysis for CRA-reportable transactions. See part 
II.F.2.i above for further discussion of the CRA and its relationship 
to this rule.
---------------------------------------------------------------------------

    \552\ 87 FR 33884, 33890 (June 3, 2022).
    \553\ Id. at 33899.
---------------------------------------------------------------------------

    With respect to a commenter's suggestion that the Bureau increase 
the existing Regulation B threshold for notification to business credit 
applicants for consistency with this rule, the Bureau does not believe 
such a change would be appropriate at this time. Given the fact that 
these notification requirements have been in place for close to 50 
years and financial institutions have invested in compliance 
infrastructure around these requirements, the Bureau believes that the 
notification threshold in existing Regulation B should not be amended 
without additional research and input from stakeholders.
    To address ECOA and existing Regulation B's general prohibition 
against inquiring about protected demographic information in connection 
with a credit transaction,\554\ and to clarify the obligations of 
covered financial institutions under subpart B, the Bureau is adopting 
final comments 106(b)(1)-1 and 106(b)(1)-2 to address situations when 
new information may arise that could change the determination of 
whether an applicant is a small business. The Bureau acknowledges that 
a financial institution's understanding of an applicant's gross annual 
revenue may

[[Page 35267]]

change as the institution proceeds through underwriting. The Bureau is 
finalizing comment 106(b)(1)-1 (proposed as 106(b)-1) with updated 
cross-references to other portions of the final rule. Final comment 
106(b)(1)-1 explains that if a financial institution initially 
determines an applicant is a small business as defined in final Sec.  
1002.106(b) based on available information and obtains data required by 
final Sec.  1002.107(a)(18) and (19), but the financial institution 
later concludes that the applicant is not a small business, the 
financial institution may process and retain the data without violating 
ECOA or Regulation B if it meets the requirements of final Sec.  
1002.112(c)(4). The Bureau is finalizing comment 106(b)(1)-2 (proposed 
as 106(b)-2) with certain revisions for additional clarity. Final 
comment 106(b)(1)-2 explains that if a financial institution initially 
determines that the applicant is not a small business as defined in 
final Sec.  1002.106, but then later concludes the applicant is a small 
business prior to taking final action on the application, the financial 
institution must report the covered application pursuant to final Sec.  
1002.109. In this situation, the financial institution shall endeavor 
to compile, maintain, and report the data required under final Sec.  
1002.107(a) in a manner that is reasonable under the circumstances.
---------------------------------------------------------------------------

    \554\ See existing Sec.  1002.5(a)(2); 15 U.S.C. 1691(b)(5).
---------------------------------------------------------------------------

    The Bureau is finalizing comment 106(b)(1)-3 (proposed as comment 
106(b)-3) to explain that a financial institution is permitted to rely 
on an applicant's representations regarding gross annual revenue (which 
may or may not include an affiliate's revenue) for purposes of 
determining small business status under final Sec.  1002.106(b)(1). The 
comment further clarifies that, if the applicant provides updated gross 
annual revenue information or the financial institution verifies such 
information, the financial institution must use the updated or verified 
information in determining small business status. The Bureau has 
changed the heading of this comment and has removed some of the 
introductory language to this comment for clarity as suggested by 
several commenters; this change is not intended to alter the meaning of 
this comment.
    The Bureau has considered comments regarding the role of affiliate 
revenue in business size determinations. The Bureau agrees that 
subsidiaries of large companies should be excluded from the definition 
of ``small business'' provided that the aggregate revenues for all 
affiliates, as defined in 13 CFR 121.103, exceed the $5 million gross 
annual revenue threshold--and, indeed, this is consistent with what the 
Bureau proposed. The Bureau is not, however, adopting the mandate in 
the SBA regulations, which provide that the average annual receipts 
size of a business concern with affiliates must be calculated by adding 
the average annual receipts of the business concern with the average 
annual receipts of each affiliate.\555\ The Bureau understands that the 
SBA totals the average annual receipts of the applicant and all of its 
affiliates in determining size because in order to be eligible for 
certain Federal programs and certain Federal contracts and 
subcontracts, a firm must be a ``small business concern.'' \556\ 
Because the size standard used for this rule is only to determine 
whether data collection is required pursuant to section 1071 and has no 
bearing on eligibility for Federal small business assistance, the 
Bureau does not believe it is necessary to mandate that financial 
institutions consider affiliate revenue in determining an applicant's 
small business status.
---------------------------------------------------------------------------

    \555\ 13 CFR 121.104(d)(1).
    \556\ Small Bus. Admin., Small Business Compliance Guide, at 4 
(July 2020), https://www.sba.gov/sites/default/files/2020-10/AFFILIATION%20GUIDE_Updated%20%28004%29-508.pdf.
---------------------------------------------------------------------------

    The Bureau believes that this approach to use of affiliate revenue 
in size determinations will address concerns related to treatment of 
passive businesses and non-operating entities, such as special purpose 
vehicles. The Bureau understands that passive businesses and non-
operating entities are generally affiliated with other businesses (for 
example as subsidiaries of large corporate entities). The Bureau notes 
that final Sec.  1002.102(a) adopts the SBA's expansive view of what 
constitutes affiliation,\557\ and it is therefore unlikely that a 
special purpose entity or other large project financing investment 
entity would be formed without any affiliation with an established 
entity--rather, they are likely created as subsidiaries of an existing 
business or as joint ventures between existing businesses.\558\ Thus, 
financial institutions will be able to exclude businesses that are, in 
fact, middle- or large-sized applicants from data collection and 
reporting under this final rule by considering these businesses' 
affiliate revenues, which will likely exceed the $5 million gross 
annual revenue threshold for purposes of the definition of a small 
business. For example, if a financial institution receives an 
application for financing from a special purpose vehicle or shell 
company established for the purpose of acquiring significant commercial 
real estate (such as a hospital building), the financial institution 
could rely on information provided by the applicant regarding its, and 
its affiliates, gross annual revenue for purposes of determining small 
business status under Sec.  1002.106(b). As discussed in greater detail 
below, the Bureau also believes that its approach to affiliate revenue 
further obviates the need to define a small business by the credit 
amount requested as suggested by some commenters.
---------------------------------------------------------------------------

    \557\ 13 CFR 121.103; see also Small Bus. Admin., Small Business 
Compliance Guide (July 2020), https://www.sba.gov/sites/default/files/2020-10/AFFILIATION%20GUIDE_Updated%20%28004%29-508.pdf 
(affiliation can be based on (1) ``control (when one controls or has 
the power to control the other, or a third party or parties controls 
or has the power to control both)''; (2) ownership; (3) ``stock 
options, convertible securities, and agreements to merge''; (4) 
management; (5) identity of interest''; or (6) ``franchise and 
license agreements'').
    \558\ Similarly, where a substantial portion of its assets and/
or liabilities of a special purpose entity is the same as a 
predecessor entity, the SBA's definition of a business concern 
specifically dictates that the annual receipts and employees of the 
predecessor must be taken into account in determining size of the 
new business concern. 13 CFR 121.105(c).
---------------------------------------------------------------------------

    The Bureau has considered the comments regarding business size 
determinations involving multiple unaffiliated applicants and does not 
agree with the suggested approach to allow financial institutions to 
treat all co-applicants as one applicant by aggregating their gross 
annual revenues for purposes of assessing business size. The Bureau 
does not believe that (in situations not involving affiliated entities) 
such an approach would be consistent with the SBA's definitions of 
business concern and small business concern. The Bureau is addressing 
commenters' requests for clarification on this issue by adding new 
comment 106(b)(1)-4, which provides that if a covered financial 
institution receives a covered application from multiple businesses who 
are not affiliates, as defined by final Sec.  1002.102(a), where at 
least one business is a small business under final Sec.  1002.106(b), 
the financial institution shall compile, maintain, and report data 
pursuant to final Sec. Sec.  1002.107 through 1002.109 regarding the 
covered application for only a single applicant that is a small 
business. The comment clarifies that the financial institution shall 
not aggregate unaffiliated co-applicants' gross annual revenues for 
purposes of determining small business status under final Sec.  
1002.106(b) and provides a cross reference to final comment 103(a)-9 
for additional details.

[[Page 35268]]

    In response to the group of insurance premium finance trade 
associations that highlighted their members' challenges with 
determining small business status, the Bureau notes that insurance 
premium financing arrangements are excluded under final Sec.  
1002.104(b)(4) for the reasons set forth in the corresponding section-
by-section analysis.
Alternatives Considered
    Gross annual revenue of $1 million. In the NPRM, the Bureau did not 
propose a $1 million gross annual revenue threshold, expressing concern 
that such a threshold likely would not satisfy the SBA's requirements 
for an alternative size standard across industries and would exclude 
too many businesses designated as small under the SBA's size standards. 
Nevertheless, as discussed above, many commenters requested the Bureau 
adopt a $1 million gross annual revenue threshold.
    The SBA no longer uses a $1 million annual receipts standard for 
any industry and the Bureau does not believe that a gross annual 
revenue threshold of $1 million would be more in line with 
congressional intent and purpose. Congress did not specify a gross 
annual revenue threshold for defining a small business under section 
1071 but instead pointed to the SBA's definition of small business 
concern.\559\ However, Congress set forth a process to allow the Bureau 
to prescribe an alternative size standard, if approved by the SBA 
Administrator.\560\ Given the fact that the SBA no longer uses a $1 
million standard for any industry \561\ and is thus unlikely to approve 
an alternative size standard at that threshold for all industries, the 
Bureau believes that its small business definition is a more 
appropriate alternative size standard.
---------------------------------------------------------------------------

    \559\ In ECOA section 704B(h)(2), Congress provided that ``[t]he 
term `small business' has the same meaning as the term `small 
business concern' in section 3 of the Small Business Act (15 U.S.C. 
632).''
    \560\ 15 U.S.C. 632(a)(2)(C).
    \561\ Through a series of rules that became effective on May 2, 
2022, the SBA implemented revised size standards for 229 industries 
(all using average annual receipts standards) to increase 
eligibility for its Federal contracting and loan programs. See 87 FR 
18607 (Mar. 31, 2022); 87 FR 18627 (Mar. 31, 2022); 87 FR 18646 
(Mar. 31, 2022); 87 FR 18665 (Mar. 31, 2022). The SBA did not reduce 
any size standards--it either maintained or increased the size 
standards for all 229 industries, in many cases with size standard 
increases of 50 percent or more. Effective July 14, 2022, the SBA 
also increased size standards for 22 wholesale trade industries and 
35 retail trade industries. 87 FR 35869 (June 14, 2022). Effective 
December 19, 2022, the SBA added an additional 13.65 percent 
inflation increase to the monetary small business size standards. 87 
FR 69118 (Nov. 17, 2022).
---------------------------------------------------------------------------

    While it is true that a $1 million threshold would better align 
with existing Regulation B adverse action notification requirements, 
the Bureau believes that the flexibilities built into the final rule 
for small business size determinations will obviate the need for 
changes to adverse action operations, including compliance with 
existing Regulation B adverse action notification requirements. The 
Bureau also notes that the concerns raised by many commenters regarding 
alignment with CRA regulations would likely be resolved if the CRA 
proposal, which expressly seeks alignment with the Bureau's alternative 
small business definition, is finalized. With respect to suggested 
alignment with Small Business Development Center and Small Business 
Investment Company program guidelines, the Bureau points to the fact 
that credit transactions made under programs with lower thresholds are 
by default small business transactions for the purposes of the final 
rule and thus not inconsistent.
    The Bureau has considered the comments arguing that a $5 million 
threshold would be overinclusive and a $1 million threshold would 
better exclude non-small businesses. Based on the Bureau's analysis, 
neither a $1 million threshold nor $5 million threshold would be 
overinclusive among non-agricultural industries relative to the SBA's 
current size standards. On the other hand, the Bureau estimates that, 
in terms of the number of SBA ``small'' firms whose applications would 
not be reported to the Bureau, a $1 million threshold would be 4.5 
times more underinclusive than a $5 million threshold. Moreover, 
research conducted by FDIC staff found that among banks with $1 billion 
to $10 billion in assets, more than one-third of self-described small 
business lending would be excluded under the $1 million gross annual 
revenue definition and that among banks with more than $10 billion in 
assets, nearly two-thirds would be excluded.\562\ Based on this study, 
FDIC staff concluded that ``for the typical bank, a [gross annual 
revenue] threshold of $1 million is overly conservative and would 
exclude many firms that should properly be considered small 
businesses.'' The Bureau agrees with this conclusion, and likewise 
believes that a $1 million gross annual revenue threshold would not 
satisfy the SBA's requirements for an alternative size standard across 
industries and would exclude too many businesses designated as small 
under the SBA's size standards.
---------------------------------------------------------------------------

    \562\ FDIC Staff Report at 10.
---------------------------------------------------------------------------

    Gross annual revenue of $7.5 to $8 million. The Bureau is not 
adopting a $7.5 million or $8 million gross annual revenue threshold, 
as suggested by a number of commenters. While the Bureau agrees that a 
threshold of $7.5 to 8 million would more expansively cover SBA small 
businesses (the Bureau estimates that under a $8 million threshold, 
applications from approximately 130,000 more SBA ``small'' firms would 
be reported to the Bureau as compared to a $5 million threshold), the 
Bureau does not believe that this definition more closely aligns with 
what lenders already consider small businesses based on comments 
received in support of a lower than $5 million threshold. Moreover, the 
Bureau notes that while an $8 million threshold would be less 
underinclusive among non-agricultural industries relative to SBA size 
standards, it would be more overinclusive among agricultural 
businesses.
    Loan size. The Bureau does not believe that it would be appropriate 
to define a small business based on the size of the loan applied for 
(i.e., by adopting a maximum ``amount applied for'' exclusion) such as 
one in the amount of $750,000 (for SBA alignment) or $1 million (for 
CRA alignment), as suggested by some commenters. The Bureau likewise is 
not defining a small business based on whether a loan is for an amount 
up to $10 million, as suggested by some commenters, or any other 
size.\563\ As explained in the NPRM, the Bureau believes that such 
potential definitions do not bear a sufficient relationship to the size 
of the business or its operations. For instance, under a definition 
similar to existing CRA requirements, application data for businesses 
with low revenue that may be applying for large loans would be 
excluded. The Bureau does not believe that adopting such an approach 
would further the purposes of section 1071. The Bureau likewise agrees 
with commenters cautioning against using the CRA definition based on 
loan size, because many small businesses borrow amounts far more than 
$1 million while many large businesses borrow amounts far below that 
threshold.\564\
---------------------------------------------------------------------------

    \563\ It is possible that these commenters intended to advocate 
for a $10 million gross annual revenue threshold. For the reasons 
stated above, the Bureau does not believe a definition of small 
business using a $10 million gross annual revenue threshold would 
fulfill section 1071's statutory purposes.
    \564\ See, e.g., FDIC Small Business Lending Survey at 17 
(finding that at banks with assets of $1 billion to $10 billion, at 
least $19.1 billion in gross understatement of small business 
lending (in which small businesses with less than $1 million in 
gross annual revenue received loans with amounts greater than $1 
million)).

---------------------------------------------------------------------------

[[Page 35269]]

    Existing SBA size standards. Despite some recommendations that the 
Bureau use the SBA's definition and size standards, the Bureau believes 
the SBA's size standards are not suitable for this data collection 
initiative and prefers to establish a small business definition 
specifically tailored to this rulemaking implementing section 1071.
    A simple, easy-to-implement small business definition is necessary 
in light of the general prohibition in existing Regulation B against 
creditors' inquiring about protected demographic information in 
connection with a credit transaction unless otherwise required by 
Regulation B, ECOA, or other State or Federal law, regulation, order, 
or agreement.\565\ ECOA section 704B(e)(2)(G), as implemented by this 
rule, requires a financial institution to collect and report the 
ethnicity, race, and sex of the principal owners of the business. Thus, 
in order to avoid potential liability under ECOA and existing 
Regulation B, a financial institution must accurately determine that a 
business credit application is subject to section 1071 before inquiring 
about the applicant's protected demographic information. The Bureau 
does not believe the SBA's existing size standards allow for the quick 
and accurate determination of small business status required for this 
1071 data collection initiative. Specifically, the Bureau does not 
believe this determination can be quickly and accurately made if, as 
required under the SBA's existing size standards, the financial 
institution must determine the appropriate 6-digit NAICS code for the 
business and then apply the NAICS-based size standards to determine 
whether an applicant for business credit is a small business.
---------------------------------------------------------------------------

    \565\ ECOA provides that it is not discrimination for a 
financial institution to inquire about women-owned or minority-owned 
business status, or the ethnicity, race, and sex of principal owners 
pursuant to section 1071. 15 U.S.C. 1691(b)(5).
---------------------------------------------------------------------------

    As discussed above, commenters expressed concern to the Bureau 
about the difficulties in determining the appropriate 6-digit NAICS 
code for businesses and in applying the SBA's NAICS-based size 
standards. They generally preferred a simple small business definition 
and expressed concern that the SBA's approach to defining a small 
business--which bases classification on an applicant's 6-digit NAICS 
code--is relatively complex in this context. The Bureau believes that 
removing a NAICS code-based small business determination as a step in 
determining small business status will both facilitate compliance and 
better achieve the purposes of section 1071. The Bureau understands 
that one reason that commenters expressed a strong desire for a simple 
approach to determining whether an applicant is small is that this 
initial determination may drive the application process. To comply with 
section 1071 requirements, financial institutions may use a different 
application process, or different or additional application materials, 
with small business credit applicants than they do with applicants that 
are not small businesses. Thus, quickly and accurately determining 
whether an applicant is a small business at the outset of the 
application process may be a crucial step, one that financial 
institutions would benefit from being able to seamlessly accomplish. 
Considering the requirements and prohibitions in ECOA with respect to 
protected demographic information, the Bureau understands the import 
that financial institutions have placed on both the speed and accuracy 
of this determination.
    Notwithstanding its decision to not rely on NAICS codes in its 
small business definition, the Bureau believes that NAICS codes possess 
considerable value for section 1071's fair lending purpose as well as 
its business and community development purpose. As discussed in the 
section-by-section analysis of Sec.  1002.107(a)(15) below, the Bureau 
is therefore requiring financial institutions to collect and report 3-
digit NAICS sector codes for applications subject to this final rule. 
However, the Bureau believes that gathering NAICS code information at 
some point during the application process, while still the subject of 
some concern for financial institutions, differs in kind from requiring 
NAICS information as a necessary step to beginning an application (and 
correctly determining which type of application to initiate). In 
addition, the NAICS information now required by the final rule is a 3-
digit NAICS code instead of a 6-digit code as proposed; this 
information will provide valuable data to analyze fair lending patterns 
and identify business subsectors with unmet credit needs, while 
limiting the burden this collection may impose on financial 
institutions and small business applicants.
    The Bureau also believes that its simplified alternative size 
standard will provide reporting results that are largely consistent 
with what would be reported by adopting the full SBA size standards. 
The Bureau used data from the U.S. Census's 2012 Statistics of U.S. 
Businesses (SUSB) and the U.S. Department of Agriculture's 2012 Census 
of Agriculture to analyze how various alternative approaches would 
change the number of businesses considered ``small'' under this rule 
relative to the SBA definition.\566\ Among the 7.2 million small 
employer businesses and farms, the Bureau estimates that 365,000 
businesses that would be small under the SBA's existing size standards 
will not be covered by the Bureau's $5 million gross revenue standard. 
The Bureau further estimates that the Bureau's rule will cover some 
14,000 agricultural businesses that would not be small under the SBA's 
existing size standards. The Bureau believes that such variation with 
respect to the SBA's current size standards is an appropriate trade-off 
for the reasons described herein.
---------------------------------------------------------------------------

    \566\ The 2012 SUSB is the most recent Census product to have 
categories of revenue and employees granular enough to conduct this 
analysis. The Bureau constructed the 2012 equivalents of the second 
and third alternatives due to the vintage of the SUSB data available 
and used the SBA's 2012 size standards for the analysis. The 2012 
SUSB only covers employer firms or businesses with at least one 
employee.
---------------------------------------------------------------------------

    The Bureau notes, however, that some industries will have greater 
divergence between which businesses are small under the Bureau's $5 
million gross annual revenue alternative size standard and which 
businesses are small under the SBA's existing size standards. That is, 
applications for businesses that are small under the SBA's existing 
size standards will be reported to the Bureau less from some industries 
than others. In general, there will be a larger proportion of 
businesses whose applications will not be reported in industries with a 
higher revenue-based size standard. The industries most affected by 
this are the retail trade and construction industries. Other industries 
disproportionately affected may include manufacturing, wholesale trade, 
health care and social assistance, and professional, scientific, and 
technical services. The Bureau received limited public feedback with 
respect to such concerns.
    The Bureau also believes that a simplified size standard will be 
important for financial institutions that may not frequently engage in 
small business lending in determining whether they are covered under 
this final rule. As discussed in the section-by-section analysis of 
Sec.  1002.105(b), small business lending data collection and reporting 
is required only for financial institutions that originated at least 
100 covered credit transactions for small businesses in each of the two 
preceding calendar years. Financial institutions that do not frequently 
lend

[[Page 35270]]

to small businesses will seek to track precisely how many such 
transactions they have originated. The Bureau believes that it is 
important to empower financial institutions to quickly ascertain 
whether a covered credit transaction was originated for a small 
business, so that infrequent lenders can continue to monitor whether 
compliance with this final rule is required.
    The Bureau believes that its $5 million gross annual revenue 
standard is a more efficient and appropriate measure of applicant size 
for purposes of determining whether small business lending data 
collection is required pursuant to section 1071. The Bureau understands 
that the SBA generally bases business concern size standards on average 
annual receipts or the average number of employees of the business 
concern, as customized industry-by-industry across 1,012 6-digit NAICS 
codes. The SBA typically uses two primary measures of business size for 
size standards purposes: (i) average annual receipts \567\ for 
businesses in services, retail trade, agricultural, and construction 
industries, and (ii) average number of employees \568\ for businesses 
in all manufacturing industries, most mining and utilities industries, 
and some transportation, information, and research and development 
industries.\569\ The Bureau understands that the SBA's size standards 
are used to establish eligibility for a variety of Federal small 
business assistance programs, including for Federal government 
contracting and business development programs designed to assist small 
businesses in obtaining Federal contracts and for the SBA's loan 
guarantee programs, which provide access to capital for small 
businesses that are unable to qualify for and receive conventional 
loans elsewhere. The Bureau notes that its $5 million size standard 
will only be used to determine whether small business lending data 
collection is required pursuant to section 1071, and has no bearing on 
eligibility for Federal small business assistance. Moreover, the Bureau 
believes it is far more likely that an applicant will be able to 
readily respond to a question regarding its gross annual revenue for 
the preceding fiscal year--something already contemplated by existing 
Regulation B for all business credit to determine whether adverse 
action notice requirements apply \570\--than offer the closest metric 
currently in use by SBA regulations, which is generally average annual 
receipts across the previous five fiscal years.\571\
---------------------------------------------------------------------------

    \567\ The Bureau understands that the SBA changed its 
regulations on the calculation of average annual receipts for all 
its receipts-based size standards, and for other agencies' proposed 
receipts-based size standards, from a three-year averaging period to 
a five-year averaging period, outside of the SBA Business Loan and 
Disaster Loan Programs. 84 FR 66561 (Dec. 5, 2019).
    \568\ Generally, the average number of employees of the business 
concern is used (including the employees of its domestic and foreign 
affiliates) based upon numbers of employees for each of the pay 
periods for the preceding completed 24 calendar months. See 13 CFR 
121.106(b)(1).
    \569\ To measure business size, the SBA also uses financial 
assets for certain financial industries, and for the petroleum 
refining industry, it uses refining capacity and employees.
    \570\ See 12 CFR 1002.9(a)(3).
    \571\ 13 CFR 121.104(a) and (c).
---------------------------------------------------------------------------

    The Bureau believes that requiring application of existing SBA size 
standards for this rule could result in many financial institutions 
having to undergo extensive operational and/or compliance management 
system changes. The Bureau believes that it will reduce burden for 
financial institutions, particularly those without sophisticated 
compliance management systems or familiarity with SBA lending, to 
comply with a gross annual revenue size standard for the section 1071 
small business definition that better aligns with current lending 
practices.
    If the Bureau were to adopt a small business definition using the 
existing SBA size standards that vary by industry based on 6-digit 
NAICS codes, financial institutions would only be able to request an 
applicant's protected demographic information further along in the 
application process, once they have obtained the multiple pieces of 
data that would be necessary to determine whether the applicant is 
small and, therefore, the 1071 process applies. This delay could make 
it more difficult for financial institutions to collect applicants' 
protected demographic information (particularly for applications that 
are withdrawn or closed for incompleteness early in the application 
process), which is important to both of section 1071's statutory 
purposes. These data collection considerations differ from those 
applicable to SBA lending programs, whereby a lender often cannot (and 
should not) make an accurate eligibility determination for an SBA loan 
until later in the application process, often after a loan has already 
been initially decisioned and after the lender has collected 
information related to size, time in business, and other data.
    In order to allow financial institutions to expeditiously determine 
whether this rule applies, the Bureau is seeking to minimize complexity 
for financial institutions in determining whether a covered application 
is reportable because the applicant business is a small business--a 
necessary determination for the collection of protected demographic 
information pursuant to section 1071. The Bureau believes, and most 
commenters agreed, that this rule will benefit from a universal, easy-
to-apply reporting trigger that does not need to be supported by 
additional documentation or research. Such a reporting trigger must be 
easily understood by small business owners who may be completing an 
application online, or by the tens of thousands of customer-facing 
personnel who take small business applications in an industry with a 
recent turnover rate of over 20 percent.\572\ The Bureau also believes 
that a gross annual revenue reporting trigger will facilitate better 
compliance with section 1071 requirements because it aligns with many 
larger financial institutions' current lending and organizational 
practices, which use gross annual revenue to assign small businesses 
into their retail/small business banking groups.\573\
---------------------------------------------------------------------------

    \572\ Jim Dobbs, Employee churn surges at banks despite pay 
hikes, Am. Banker (Sept. 9, 2022), https://www.americanbanker.com/news/employee-churn-surges-at-banks-despite-pay-hikes.
    \573\ See Fed. Deposit Ins. Corp., Small Business Lending 
Survey, at 12 (2018), https://www.fdic.gov/resources/publications/small-business-lending-survey/2018-survey/section2.pdf (finding that 
a substantial majority of large banks use gross annual revenue (61.8 
percent) as a limit to define small businesses).
---------------------------------------------------------------------------

    Requiring financial institutions to rely on the SBA's existing size 
standards for purposes of 1071 data collection and reporting 
requirements could pose risks to the efficient operation of small 
business lending. Based on the overwhelmingly consistent feedback the 
Bureau has received from stakeholders on this issue, the Bureau 
believes that using the SBA's existing size standards for the purposes 
of section 1071--wherein the financial institution must quickly 
determine the appropriate 6-digit NAICS code for businesses and then 
apply a variety of standards, including potentially gathering 
information to determine five years of the applicant's average annual 
receipts or employee information--would not align with current lending 
and organizational practices. Application of the SBA's existing size 
standards, at the beginning of the application process, could slow down 
the application process, particularly at institutions that otherwise 
would often be able to render credit decisions in a matter of minutes; 
the Bureau believes that financial institutions may be compelled to 
raise the cost of credit or originate fewer covered credit transactions 
as a result.

[[Page 35271]]

Such an outcome could needlessly affect access to credit for small 
businesses. The Bureau believes that eliminating credit opportunities 
or reducing access to credit for small businesses, including women-
owned and minority-owned small businesses, in this way would frustrate 
the statutory purpose of section 1071 to ``enable communities, 
governmental entities, and creditors to identify business and community 
development needs and opportunities of women-owned, minority-owned, and 
small businesses.'' \574\
---------------------------------------------------------------------------

    \574\ ECOA section 704B(a).
---------------------------------------------------------------------------

    The Bureau expects that many financial institutions, for 
efficiency, will bifurcate their business credit application procedures 
based on an initial determination of whether the application will be 
subject to this rule. The Bureau therefore believes that many financial 
institutions will not proceed with taking applicant information until 
the financial institution is able to determine that the applicant is 
small (in which case, this rule requires it to collect and report the 
applicant's protected demographic information) or that the applicant is 
not small (where ECOA generally prohibits the financial institution 
from collecting protected demographic information). If this process 
necessitates determining the correct NAICS code for the applicant, and 
in many cases, requesting five years of average annual receipts or the 
24-month average number of employees from the applicant pursuant to 
SBA's existing size standards, the Bureau believes that businesses 
seeking credit would encounter, at a minimum, otherwise avoidable 
delays in application processing.
    Section 1071 is also unique in that Congress specified that the 
data collection regime include a particular form of revenue for the 
businesses at issue. As discussed in the section-by-section analysis of 
Sec.  1002.107(a)(14) below, section 1071 requires a financial 
institution to collect ``the gross annual revenue of the business in 
the last fiscal year of the women-owned, minority-owned, or small 
business loan applicant preceding the date of the application.'' \575\ 
The Bureau considered whether under section 1071 a financial 
institution should have to apply two different revenue-based rules 
(first, one for determining whether the business is small under the 
existing SBA size standards and therefore 1071 data must be collected 
and reported; and, second, if the business is small, another for 
reporting the business's gross annual revenue in the last fiscal year), 
or whether applying only one revenue-based standard for implementing 
section 1071 could be sufficient. Requiring financial institutions to 
apply different standards could be unnecessarily confusing and 
burdensome, as well as also increase the potential for errors in data 
collection and reporting. Moreover, as discussed below, section 1071 
amends ECOA, which already incorporates the concept of gross annual 
revenue as implemented under existing Regulation B's adverse action 
notice requirements.
---------------------------------------------------------------------------

    \575\ Id.
---------------------------------------------------------------------------

    Small farm definition. The Bureau is not adopting a different small 
business definition for farms. Many agricultural lenders suggested 
aligning with the Farm Credit Administration's (FCA) small farmer 
definition for agricultural financing transactions, primarily arguing 
that: (i) the proposed $5 million threshold is substantially 
overinclusive as applied to the farming community and would cover 
almost all the customers of FCS lenders; (ii) aligning with the FCA's 
``small farmer'' definition would facilitate compliance and reduce 
burden because FCS lenders are very familiar with the standard; and 
(iii) this change would take into account the unique nature of the 
agricultural industry, which is disproportionately dominated by family 
farms.
    The Farm Credit Act of 1971 authorizes the FCS to provide financing 
and services to farmers and ranchers through FCS banks and 
associations. The Act also provides the FCA, an independent Federal 
agency, authority to regulate and examine these institutions and it 
requires them to report annually to FCA about the operations and 
achievements of the associations' lending and service programs for 
young, beginning, and small farmers and ranchers. FCA's definition of 
``small farmer'' is ``a farmer, rancher, or producer or harvester of 
aquatic products who normally generates less than $250,000 in annual 
gross sales of agricultural or aquatic products.'' \576\ The FCA has 
not updated this threshold since it was first adopted in 1998 although 
it has since considered whether to change it.\577\
---------------------------------------------------------------------------

    \576\ Farm Credit Admin., Bookletter 040--Revised: Providing 
Sound and Constructive Credit to Young, Beginning, and Small 
Farmers, Ranchers, and Producers or Harvesters of Aquatic Products, 
at 2 (Aug. 10, 2007), https://ww3.fca.gov/readingrm/Handbook/FCA%20Bookletters/BL-040%20REVISED.docx.
    \577\ 84 FR 5389, 5390 (Feb. 21, 2019) (``Several agricultural 
and economic cycles have occurred since 1998, and we are considering 
whether the $250,000 gross sales amount continues to be appropriate 
or should be revised or indexed to reflect the changes, including 
the economic conditions presently affecting agricultural 
producers.'')
---------------------------------------------------------------------------

    The NPRM made clear the Bureau's intention to cover agricultural 
credit, and the Bureau did not propose a separate small farm definition 
or any other adjustments specifically for agricultural credit. Prior to 
the SBA increasing its size standards for small farms, the Bureau 
acknowledged in the NPRM that its proposed $5 million size standard 
could result in data reporting on applications from approximately 
77,000 businesses that would not be considered small under the SBA size 
standards in effect at that time, the vast majority of which would be 
farms (for which, at that time, the SBA predominantly used a $1 million 
standard). Conversely, the Bureau estimated that 270,000 primarily non-
agricultural businesses that would be small under the SBA's size 
standards in effect at the time of the NPRM would not be covered under 
the proposed $5 million gross annual revenue standard.
    As noted above, the SBA's size standards for agricultural 
industries have increased since the NPRM and now range from $2.25 
million to $34 million average annual receipts--which now means that 
the $5 million gross annual revenue standard the Bureau is finalizing 
is markedly more aligned with SBA's size standards for farms than it 
was at the time of the NPRM. The Bureau believes that these recent 
changes to the SBA size standards, which were based on extensive 
research and a notice and comment rulemaking, further suggest that a 
definition of small farms based on $250,000 in annual gross sales, 
preferred by certain commenters, would not sufficiently cover small 
agricultural businesses.
    The Bureau does not believe that the Small Business Act requires 
the Bureau to adopt a separate definition for small farms, as implied 
by one commenter. The Small Business Act provides that the SBA 
Administrator must ``ensure that the size standard varies from industry 
to industry to the extent necessary to reflect the differing 
characteristics of the various industries and consider other factors 
deemed to be relevant by the Administrator.'' \578\ The Bureau 
believes, and explained to the SBA when obtaining its approval, that 
this rule will benefit from a universal, easy-to-apply reporting 
trigger that reflects the need for a wide variety of financial 
institutions to apply a simple, broad definition of a small business 
that is practical across the many product types, application types, 
technology platforms, and applicants in the market.

[[Page 35272]]

In particular, the Bureau believes that the size standard finalized 
here is consistent with factors that the SBA has previously identified 
as relevant to the proper exercise of its discretion in this respect--
the SBA considers (1) current economic conditions, (2) its mission and 
program objectives, (3) the SBA's current policies, (4) impacts on 
small businesses under current and proposed or revised size standards, 
(5) suggestions from industry groups and Federal agencies, and public 
comments on the proposed rule, and (6) whether a size standard based on 
industry and other relevant data successfully excludes businesses that 
are dominant in the industry.\579\
---------------------------------------------------------------------------

    \578\ 15 U.S.C. 632(a)(3).
    \579\ See 85 FR 62372, 62373 (Oct. 2, 2020) (discussing the 
SBA's revised size standard methodology).
---------------------------------------------------------------------------

    While the Bureau received widespread support for a simple gross 
annual revenue threshold, it also understands, as explained by some 
commenters, that many agricultural lenders generally do not collect 
gross annual revenue for underwriting or regulatory compliance 
purposes, which could complicate use of a gross annual revenue 
threshold to determine small business status. Nonetheless, ECOA section 
704B(e)(2)(F) requires financial institutions to collect and report 
gross annual revenue under section 1071. As discussed in its section-
by-section analysis of Sec.  1002.107(a)(14), the Bureau is finalizing 
comment 107(a)(14)-2, which first clarifies that pursuant to final 
Sec.  1002.107(c), a financial institution shall maintain procedures 
reasonably designed to collect applicant-provided data, including the 
gross annual revenue of the applicant. The final comment then states 
that if a financial institution is nonetheless unable to collect or 
determine the specific gross annual revenue of the applicant, the 
financial institution reports that the gross annual revenue is ``not 
provided by applicant and otherwise undetermined.'' The Bureau believes 
that permitting this reporting flexibility for agricultural lenders and 
other financial institutions will reduce the complexity and difficulty 
of reporting gross annual revenue information, particularly when an 
application has been denied or withdrawn early in the process and the 
gross annual revenue could not be collected.
    While the Bureau acknowledges arguments that the FCA definition 
might facilitate compliance among FCS lender staff and other compliance 
professionals who are already familiar with that definition, the Bureau 
does not believe it would be appropriate to deviate from its otherwise 
widely supported cross-industry approach. While the Bureau acknowledges 
that the market share of total farm business debt held by FCS lenders 
is significant (44.4 percent at the end of 2020 \580\), the Bureau is 
mindful that many other types of non-FCS lenders participate in this 
important small business lending market. Such lenders would not be able 
to leverage familiarity with the existing FCA definition and may engage 
in other types of non-farm lending that would not be subject to this 
definition. As a result, these lenders may not equally benefit from 
applying the FCA definition to agricultural small businesses. Indeed, 
the Bureau understands that an association of community banks issued a 
letter to oppose efforts to obtain special treatment for FCS lenders, 
stating that ``[i]t would be totally inappropriate to exempt FCS 
lenders from onerous regulatory burdens while subjecting smaller 
lenders, such as community banks, to those regulations even as both 
types of lenders are serving the same customer base in many 
instances.'' \581\ The Bureau believes a consistent small business 
definition that applies to all financial institutions will result in 
consistency across the 1071 data, more robust fair lending analyses, 
and arguably an even playing field for compliance across all financial 
institutions.
---------------------------------------------------------------------------

    \580\ Farm Credit Admin., 2021 Annual Report, at 16 (2022), 
https://www.fca.gov/template-fca/about/2021AnnualReport.pdf.
    \581\ Letter from Indep. Cmty. Bankers of Am., to Senate Chairs 
Stabenow and Brown and Ranking Members Boozman and Toomey (June 23, 
2022), https://www.icba.org/docs/default-source/icba/advocacy-documents/letters-to-congress/senate-letter-opposing-fca-independent-authority-act.pdf?sfvrsn=8d2f1c17_0.
---------------------------------------------------------------------------

    The Bureau acknowledges that a $5 million gross annual revenue 
threshold will be somewhat overinclusive relative to SBA and Census of 
Agriculture standards. Some agricultural lenders lament that the 
threshold would cover almost all their lending and several commenters 
argued in favor of the FCA definition instead for section 1071 purposes 
because, they said, it would capture a substantial amount of data while 
mitigating some of the impact of the compliance cost. As discussed 
above, the Bureau believes that its $5 million gross annual revenue 
threshold strikes an appropriate balance between covering the 
applications of most businesses that are considered small under the 
SBA's size standards, while minimizing the number of businesses above 
the SBA's size standards whose applications will be reported to the 
Bureau, and in a way that satisfies the SBA's criteria for approving an 
alternative size standard under its regulations. In striking this 
balance, the Bureau considered section 1071's statutory purposes, and 
it believes that a broader scope of coverage with regard to 
agricultural businesses is warranted, given the historical and/or 
continuing discrimination against Black farmers and the need for 
transparency into agricultural lending both for fair lending 
enforcement and business and community development.
    Other suggested size standards. The Bureau is not adopting a small 
business definition based on 4-digit NAICS codes, as suggested by one 
commenter. As explained above in its discussion of existing SBA size 
standards, the Bureau believes needing to obtain even a 4-digit NAICS 
code at the beginning of the application process would often result in 
a financial institution not being able to determine whether an 
applicant for business credit is small (and thus subject to the data 
collection requirements of this final rule) until later in the 
application process. Similarly, the Bureau believes that a small 
business definition based on both number of employees and gross annual 
revenues (e.g., the 500 employee/$8 million standard set forth in the 
SBREFA Outline and suggested by commenters or one commenter's 100 
employee/$1 million standard) would mean that a financial institution 
would only be able to request an applicant's protected demographic 
information further along in the application process, once they have 
obtained the multiple pieces of data that would be necessary to 
determine whether the applicant is small and, therefore, only at that 
later stage would it be able to determine that such data collection is 
required. This delay could interfere with financial institutions' 
ability to collect these data, particularly for applications that are 
withdrawn or closed for incompleteness early in the application 
process, which would limit the usefulness of the data for section 
1071's statutory purpose of fair lending enforcement.
106(b)(2) Inflation Adjustment
    Inflation is a general increase in the overall price level of the 
goods and services in the economy; deflation marks a general decrease 
in the same. A price index, of which there are several types, measures 
changes in the price of a group of goods and services. The Board's 
Federal Open Market Committee currently finds that an annual increase 
in inflation of 2 percent in the price index for personal

[[Page 35273]]

consumption expenditures, produced by the Department of Commerce, is 
most consistent over the longer run with the Board's mandate for 
maximum employment and price stability.\582\ The United States Bureau 
of Labor and Statistics, which publishes several price indices, found 
that from December 2020 to December 2021, ``consumer prices for all 
items rose 7.0 percent, the largest December to December percent change 
since 1981.'' \583\
---------------------------------------------------------------------------

    \582\ Bd. of Governors of the Fed. Rsrv. Sys., What is inflation 
and how does the Federal Reserve evaluate changes in the rate of 
inflation? (last updated Sept. 2016), https://www.federalreserve.gov/faqs/economy_14419.htm.
    \583\ U.S. Bureau of Labor Stat., Consumer Price Index: 2021 in 
review (Jan. 2022), https://www.bls.gov/opub/ted/2022/consumer-price-index-2021-in-review.htm.
---------------------------------------------------------------------------

    In order to keep pace with changes to the SBA's own size standards 
and the potential impact of future inflation or deflation, the Bureau 
stated in the NPRM that it was considering whether it might update its 
proposed $5 million gross annual revenue size standard over time 
(perhaps at the end of a calendar year in order to allow financial 
institutions to use the same threshold consistently throughout the 
year). The Bureau sought comment on how this should be done and the 
frequency at which it should occur.
    Two community groups and a CDFI lender requested that the Bureau 
address adjustments of its gross annual revenue threshold for defining 
a small business under the rule. The community groups suggested annual 
adjustments for inflation, while the CDFI lender suggested an 
adjustment every five to ten years to account for future inflation and 
keep pace with changes to the SBA's own size standards. Conversely, a 
bank argued against incremental adjustments, stating that the Bureau 
should set its small business definition once in the final rule. 
Another bank suggested that the Bureau wait to determine if the 
threshold needs adjusting after it has sufficient data to analyze after 
several years of collection.
    For the reasons set forth herein, the Bureau is finalizing new 
Sec.  1002.106(b)(2) to provide that every five years after January 1, 
2025, the gross annual revenue threshold set forth in Sec.  
1002.106(b)(1) shall adjust based changes to the Consumer Price Index 
for All Urban Consumers (U.S. city average series for all items, not 
seasonally adjusted), as published by the United States Bureau of Labor 
Statistics (CPI-U). Any such adjustment will be rounded to the nearest 
multiple of $500,000. If an adjustment is to take effect, it will do so 
on January 1 of the following calendar year.
    New comment 106(b)(2)-1 clarifies the Bureau's inflation adjustment 
methodology. The comment explains that the base for computing each 
adjustment (both increases and decreases) is the January 2025 CPI-U; 
this base value will be compared to the CPI-U value in January 2030 and 
every five years thereafter. The comment provides several examples 
illustrating this comparison. New comment 106(b)(2)-1 makes clear that 
if, as a result of rounding to the nearest multiple of $500,000, there 
is no change in the gross annual revenue threshold, there will be no 
adjustment.
    New comment 106(b)(2)-2 provides that if publication of the CPI-U 
ceases, or if the CPI-U otherwise becomes unavailable or is altered in 
such a way as to be unusable, then the Bureau shall substitute another 
reliable cost of living indicator from the United States Government for 
the purpose of calculating adjustments pursuant to final Sec.  
1002.106(b)(2).
    The Bureau agrees with several commenters that it should provide 
for a mechanism to update the rule's $5 million gross annual revenue 
size standard over time to account for the potential impact of 
inflation or deflation. In order to minimize operational disruptions, 
the Bureau is not adopting an annual adjustment for inflation; instead, 
a determination regarding the need to adjust the threshold will occur 
every five years, beginning in 2030, to account for future inflation or 
deflation on a schedule similar to the SBA's own size standards, which 
are required to be reviewed no less frequently than once every five 
years under the Small Business Act.\584\ Recently, the SBA added a 
13.65 percent inflation increase to its receipts- and assets-based size 
standards.\585\ Moreover, in order to mitigate commenters' concerns 
discussed in the section-by-section analysis of Sec.  1002.107(a)(14) 
regarding complexity and difficulty of collecting gross annual revenue 
information, the Bureau will round any such adjustment to the nearest 
multiple of $500,000. The Bureau believes that this rounding, in 
combination with the approach in final comment 107(a)(14)-1--clarifying 
that a financial institution need not verify applicant-provided gross 
annual revenue information, and providing language that a financial 
institution may use to ask the applicant for such information--will 
make it easier for financial institutions to more quickly determine 
small business status for the purpose of rule applicability. The Bureau 
also believes that this approach is consistent with existing Bureau 
procedures for inflation adjustments (albeit in a more streamlined 
way), provides transparency for replication, and will result in less-
frequent changes in the reporting requirements of financial 
institutions, thereby reducing the disruption that an annual inflation 
adjustment might cause in this situation.
---------------------------------------------------------------------------

    \584\ Pub. L. 111-240, 124 Stat. 2504 (2010); see also 13 CFR 
121.102(c) (requiring the SBA examine the impact of inflation on 
monetary size standards (e.g., receipts, tangible net worth, net 
income, and assets) and make necessary adjustments at least once 
every five years).
    \585\ 87 FR 69118 (Nov. 17, 2022).
---------------------------------------------------------------------------

    The Bureau is providing commentary to ensure transparency regarding 
its inflation methodology, which will allow financial institutions to 
better anticipate and prepare for potential inflation or deflation 
adjustments. To further explain its methodology, the Bureau is 
providing the following illustration, which assumes that compliance 
with the rule was required beginning July 1, 2014, subject to the same 
five-year adjustment schedule described above. In this illustration, 
the base for computing each adjustment would be January 2015, which had 
a CPI-U value of 233.707. Here, the CPI-U value for January 2020 
(257.971) would be used for the first five-year inflation update since 
January 2015 and would update the gross annual revenue threshold to 
reflect the change in the CPI between January 2015 and January 2020. As 
demonstrated with the formulas below, the percentage change between 
those two years' CPI-U values would be calculated (about 10.4 percent) 
and then would be applied to the $5 million gross annual revenue 
threshold to get a value of $5,519,112. This would be rounded to 
$5,500,000 and would become the new threshold effective in January 
2021.

[[Page 35274]]

[GRAPHIC] [TIFF OMITTED] TR31MY23.209

    All subsequent adjustments would be made in the same manner. For 
instance, using the above illustrative example, the following 
calculation would be performed in January 2025 (ten years after January 
2015, five years after January 2020):
[GRAPHIC] [TIFF OMITTED] TR31MY23.210

    The CPI-U series \586\ used for the Bureau's inflation adjustment 
methodology is public and can be used by anyone wishing to perform the 
calculation themselves. Additionally, the Bureau of Labor and 
Statistics provides an inflation calculator for this exact CPI-U 
series, which allows any entity to easily calculate an adjusted gross 
annual revenue threshold without the need for manual calculations.\587\
---------------------------------------------------------------------------

    \586\ Specifically, the Bureau of Labor and Statistics series is 
CUUR0000SA0 and a chart with its values for all months and years is 
available at https://data.bls.gov/timeseries/CUUR0000SA0. The CPI-U 
is released on a month lag, so the value for January is available in 
February.
    \587\ This calculator is available at https://www.bls.gov/data/inflation_calculator.htm and uses the CUUR0000SA0 as the basis for 
its calculation. To use this calculator for the illustrative example 
above, enter 5,000,000 in the $ field, enter January 2015 as the 
starting date, and January 2020 in the subsequent date field. Click 
on calculate, and the result is $5,519,111.54, the same number as 
above, which would be rounded to the nearest $500,000, i.e., 
$5,500,000.
---------------------------------------------------------------------------

    In addition to new comment 106(b)(2)-2, discussed above, which 
clarifies the timing of its inflation adjustments, the Bureau believes 
that the adjustment schedule set forth below will also be helpful to 
explain the inflation adjustment timing:

            Table 2--Inflation/Deflation Adjustment Schedule
------------------------------------------------------------------------
                                          Inflation/deflation adjustment
                  Date                               schedule
------------------------------------------------------------------------
January 2025...........................  Base month/year for computing
                                          each adjustment.
January 2030...........................  Reference month/year for the
                                          first five-year inflation
                                          adjustment.
Spring-Summer 2030.....................  Calculation performed to
                                          determine changes in the CPI-U
                                          between January 2025 and
                                          January 2030.
January 2031...........................  If necessary, effective date
                                          for the adjusted gross annual
                                          revenue threshold amount.
January 2035...........................  Reference month/year for the
                                          second five-year inflation
                                          adjustment.
Spring-Summer 2035.....................  Calculation performed to
                                          determine changes in the CPI-U
                                          between January 2025 and
                                          January 2035.
January 2036...........................  If necessary, effective date
                                          for the adjusted gross annual
                                          revenue threshold amount.
------------------------------------------------------------------------

Section 1002.107 Compilation of Reportable Data

107(a) Data Format and Itemization
Background
    ECOA section 704B(e) requires financial institutions to ``compile 
and maintain'' records of information provided by applicants ``pursuant 
to a request under subsection (b),'' and requires them to ``itemiz[e]'' 
such information to ``clearly and conspicuously disclose'' a number of 
data points enumerated in the statute in section 704B(b) and 
(e)(2).\588\ In addition, section 704B(e)(2)(H) provides the Bureau 
with authority to require ``any additional data that the Bureau 
determines would aid in fulfilling the purposes of [section 1071].'' 
Section 1071's statutory purposes are twofold: (1) to facilitate 
enforcement of fair lending laws; and (2) to enable communities, 
governmental entities, and creditors to identify business and community 
development needs and opportunities of women-owned, minority-owned, and 
small businesses.\589\
---------------------------------------------------------------------------

    \588\ As discussed in greater detail above in E.2 of the 
Overview to this part V, the Bureau interprets the phrase ``pursuant 
to a request under subsection (b)'' in section 1071 as referring to 
all of the data points contemplated by ECOA section 704B(e), not 
merely whether the applicant is a minority-owned, women-owned, or 
small business.
    \589\ ECOA section 704B(a).
---------------------------------------------------------------------------

Proposed Rule
    The Bureau proposed to adopt the data points enumerated in ECOA 
section 704B(b) and (e)(2)(A) through (G) largely consistent with its 
proposals under consideration at SBREFA, but with certain changes as 
discussed in the proposed rule. Consistent with its

[[Page 35275]]

approach in the SBREFA Outline,\590\ the Bureau proposed data points 
pursuant to its statutory authority set forth in section 704B(e)(2)(H) 
relating to pricing, time in business, NAICS code, and number of 
workers. In addition, based on feedback from small entity 
representatives and other stakeholders and in the course of developing 
the proposed rule, the Bureau identified several additional data points 
that it believed would be important to the quality and completeness of 
the data collected and would aid significantly in furthering the 
purposes of section 1071. The Bureau proposed to adopt additional data 
points regarding application method, application recipient, denial 
reasons, and number of principal owners. In addition, the Bureau relied 
on ECOA section 704B(e)(2)(H), as well as its authority under 
704B(g)(1), to propose certain clarifications to the data points 
enumerated in section 704B(b) and (e)(2)(A) through (G).
---------------------------------------------------------------------------

    \590\ SBREFA Outline at 34-35.
---------------------------------------------------------------------------

    In regard to the specific method by which a financial institution 
would collect the data points, the proposed rule would have required a 
covered financial institution to compile and maintain data regarding 
covered applications from small businesses, and required that the data 
be compiled in the manner prescribed for each data point and as 
explained in associated Official Interpretations (included in the 
proposed rule) and the Filing Instructions Guide that the Bureau 
anticipated later providing on a yearly basis. The proposed rule then 
explained that the data compiled would include the items described in 
proposed Sec.  1002.107(a)(1) through (21). The Official 
Interpretations, sometimes referred to as official comments or official 
commentary, would provide important guidance on compliance with the 
regulation and were discussed in relation to each data point as well as 
other regulatory provisions. The Filing Instructions Guide would 
provide instructions on the operational methods for compiling and 
reporting data, including which codes to report for different required 
information. The Filing Instructions Guide would be updated yearly, as 
is the Filing Instructions Guide that is used with HMDA compilation and 
reporting.\591\ Proposed comment 107(a)-1 would have provided general 
guidance on complying with Sec.  1002.107(a).
---------------------------------------------------------------------------

    \591\ See generally Fed. Fin. Insts. Examination Council, The 
Home Mortgage Disclosure Act, https://ffiec.cfpb.gov/ (last visited 
Mar. 20, 2023).
---------------------------------------------------------------------------

    The Bureau crafted the proposed rule in consideration of the 
concerns and input of the small entity representatives and other 
stakeholders. First, the proposed rule would generally not have 
required a financial institution to verify applicant-provided 
information and limited the data points proposed pursuant to ECOA 
section 704B(e)(2)(H) to those that the Bureau believed would be most 
useful for the purposes of section 1071. In addition, the Bureau 
considered the costs, including data quality scrubs, automation and 
training, that would be imposed by the collection and reporting of the 
proposed data points; these were discussed in the proposed rule and 
that discussion is now updated in part IX below. The Bureau attempted 
to craft the collection and reporting requirements to be as clear and 
operationally manageable as possible, and requested comment on 
potential methods for increasing clarity and manageability.
    In regard to concerns from small entity representatives and other 
stakeholders about being required to collect applicants' protected 
demographic information for purposes of section 1071, the Bureau noted 
that several small entity representatives reported collecting this kind 
of information currently in certain situations (because they are CDFIs, 
or because they are participating in certain SBA or similar guarantee 
programs). In addition, the Bureau crafted the proposed rule to provide 
flexibility for financial institutions in the collection and reporting 
of this information. The Bureau also did not propose an exemption for 
small financial institutions from reporting data points adopted 
pursuant to ECOA section 704B(e)(2)(H), as suggested by some small 
entity representatives and commenters, though it did propose an 
exemption from the rule for certain institutions with limited small 
business credit originations.
    The Bureau sought comment on its proposed approach to the 
collection and reporting of data points, including the specific 
requests for input above and in the section-by-section analysis of each 
of the proposed data points.
Comments Received
    The Bureau received numerous comments discussing the general data 
point collection and reporting requirements from banks, trade 
associations, credit unions, farm credit institutions, community 
groups, lenders, research institutions, an association of State bank 
supervisors, and a Federal agency. This comment summary section will 
discuss the comments regarding the overall data points first, then 
focus on those that dealt specifically with the data points proposed 
pursuant to ECOA section 704B(e)(2)(H) (often making statements similar 
to those on the overall data points). Comments regarding individual 
data points are discussed below in the section-by-section analyses that 
follow.
    General data point comments. Several community groups and a 
business advocacy group supported the overall data points requirements, 
stating that robust data are essential for understanding underwriting, 
gaps in lending, unmet community needs, and other issues that stand in 
the way of equitable, responsible lending. A business advocacy group 
stated that the recent enhancement of HMDA data proves the importance 
of robust data because of its strongly positive impact on lending to 
minorities. That commenter also stated that the rule should start out 
with the collection of granular data because discrimination often 
involves not only credit denials but also less favorable credit terms.
    A joint comment letter from community groups, community oriented 
lenders, and business advocacy groups stated that CDFIs and mission-
driven lenders, who will have to comply with the data point reporting 
requirements, view the costs as reasonable considering the benefits of 
the rule. Two community-oriented lenders made similar statements, 
saying that they already collect most of this information for 
underwriting and compliance with other requirements. One also stated 
that it does not plan to raise fees or restrict access to credit as a 
result of the rule. One rural community group stated that the data 
points will be important for understanding agricultural lending and for 
that reason supported the inclusion of agricultural lending under the 
rule.
    Several industry commenters stated that the data points were too 
numerous and would be burdensome to collect and report. These 
commenters stated that setting up the compliance system would be 
particularly costly and that the cost would have to be passed on to 
customers, and one suggested that the Bureau should reconsider moving 
forward with the rule. These commenters also stated that financial 
institutions do not currently collect these data points. A trade 
association for online lenders stated that collecting these data points 
would interfere with online lenders' business model and the Bureau 
should obtain this information from other sources, such as the SBA, the 
Minority Business Development Agency, and the Treasury Department. A 
bank stated that 1071 data disclosure

[[Page 35276]]

will help address significant racial and gender gaps but asked that the 
Bureau consider the depth and breadth of the data collected because 
community banks are faced with what it referred to as seemingly 
continuous data collection (for HMDA, Bank Secrecy Act, etc.) and 
regulatory exams. The bank also asked that the collection method be 
``SMART'' (specific, measurable, attainable, realistic, and timely) in 
order to reduce burden.
    Several banks suggested that HMDA data yield useful fair lending 
analyses in the residential mortgage market because those loans are 
underwritten similarly. In contrast, they stated, small business loans 
are more complex and unique and have to be manually underwritten to 
consider numerous variables in accordance with the individual 
institution's standards, rendering any fair lending analyses flawed and 
unreliable. One of these commenters suggested that if fair lending 
analysis is to be performed using only the data points proposed, 
lenders will be forced to revamp and substantially limit the inputs 
used in decision making, ultimately leading to a smaller number of 
product offerings and fewer approvals for small business loans overall.
    Industry commenters also made several other suggestions and 
requests regarding the proposed data points. Two commenters asked that 
the Bureau eliminate or reduce the use of free-form text to report 
additional information, suggesting that the information gathered would 
be burdensome, hard to trend, open to different interpretations, and 
unreliable. Two commenters stated that it was important that applicants 
provide their information voluntarily. A trade association asked for 
reporting flexibility when information is not available, recommending 
the use of ``declined to answer'' if the applicant declined, and ``not 
available'' for all other circumstances in which the applicant did not 
provide the information notwithstanding the lender's inquiry.
    One commenter asked for a rule provision stating that the 
collection and reporting requirements under the rule are not intended 
to limit the range of data that a financial institution may collect, 
use, and share for its own purposes. That commenter stated that 
technology companies currently use numerous data points when making 
credit decisions that enable them to extend credit to a wider range of 
applicants, and limiting their ability to do so could limit access to 
credit for small businesses.
    Issues regarding data points proposed pursuant to ECOA section 
704B(e)(2)(H). The Bureau received numerous comments from lenders, 
community groups, and individual commenters supporting inclusion of the 
data points proposed pursuant to ECOA section 704B(e)(2)(H). Several of 
these commenters stated that such data points are important because the 
dataset must include key underwriting variables in order to fulfill 
section 1071's fair lending purpose. One commenter stated that these 
data points are necessary to ensure proper analysis and not allow 
lenders, as HMDA reporters have done, to hide behind data not collected 
as a reason for lending disparities. Two commenters stated that such 
data points are necessary because robust data are needed to illuminate 
who lenders are serving and who they are excluding.
    Several commenters stated that the Bureau must require the 
collection and public dissemination of a database detailed enough to 
meaningfully achieve section 1071's fair lending and community 
development purposes. Others suggested that the data points proposed 
pursuant to ECOA section 704B(e)(2)(H) will allow comparisons of small 
businesses in general with very small businesses, which they view as 
the bedrock of communities. One commenter said that such data points 
will help CDFIs better understand the small business credit market, 
especially in low-income communities, and whether and how 
discrimination in small business lending is occurring. That commenter 
and another also stated that robust data will help policymakers and the 
public to better understand lending gaps and unmet community needs.
    One lender stated that the proposed data points will provide 
insight on the quality of the capital accessed by different demographic 
groups of small business applicants, which will be useful in not only 
identifying potentially discriminatory lending practices, but also 
highlight capital gaps in the marketplace that lenders may be able to 
fill. It also said that the data will show how financial institutions 
compare across key metrics and help determine if an institution has 
equitable lending, providing an unprecedented snapshot of the lending 
landscape for small businesses.
    The Bureau received a large number of comments, mainly from 
industry, objecting to the inclusion of data points proposed pursuant 
to ECOA section 704B(e)(2)(H). Commenters made many objections, but the 
most common was that such data points are not collected now and would 
add significantly to the burden imposed by the rule, raising costs for 
borrowers. Many commenters also stated that several of these data 
points would be of little use and some suggested that they could result 
in inaccurate data. Many commenters suggested that the extra burden 
would reduce the availability of small business credit, and some stated 
that the extra burden of such data points would limit community banks' 
survivability and speed up consolidation and the closing of branches in 
rural and underserved communities. Other commenters also stated that 
these data points would be particularly difficult for institutions that 
do not have any reporting requirements under HMDA, credit unions, auto 
finance lenders, CDFIs, and/or smaller lenders in general. Several 
commenters stated that because farm credit associations are often 
customer owned, the increased costs would be imposed directly on the 
borrowers. One commenter stated that the data points proposed pursuant 
to ECOA section 704B(e)(2)(H) can fluctuate during loan processing, and 
would create tracking issues and reporting errors. Some commenters 
suggested that small business applicants would not want to provide so 
much information, which would slow down and interfere with the lending 
process.
    Numerous commenters stated that small business lending is complex 
and nuanced and very different from residential lending, and the 
partial information provided by the data points would lead to 
inaccurate interpretations and potentially interfere with current 
credit approval methods. Several of these commenters stated that if 
statistical disparities are detected using the more straightforward 
data points adopted pursuant to ECOA section 704B(e)(2)(A) through (G), 
those disparities can be researched on an institution, transaction, or 
file basis, providing the same information that the Bureau has proposed 
to collect pursuant to 704B(e)(2)(H), but within context and without 
raising false positive flags. Those commenters and others stated that 
including too many unreliable and nuanced data point analyses will 
result in numerous false positives and inaccurate and unfair 
conclusions by community groups and their members, and potentially 
regulators. A State bankers association stated that these data could be 
used against banks as a competitive advantage for credit unions and 
other non-traditional lenders. Conversely, a credit union trade 
association stated that any rule to implement section 1071 will widen 
the competitive gulf between credit unions and big banks and 
``fintechs'' that have the economies of scale and the

[[Page 35277]]

technological sophistication to automate complex functions, and the 
data points proposed pursuant to ECOA section 704B(e)(2)(H) would make 
this problem worse. Another commenter stated that it would be unfair to 
compare some such data points between regulated and non-regulated 
entities because regulated entities have additional costs.
    Some commenters who objected to the inclusion of data points 
pursuant to ECOA section 704B(e)(2)(H) suggested that the Bureau should 
first require the data points enumerated in 704B(e)(2)(A) through (G), 
then add any other appropriate data points over time. They explained 
that this approach would allow the Bureau to assess the burden and 
potential restriction of small business credit imposed by the data 
points in 704B(e)(2)(A) through (G) before moving forward with further 
requirements only if appropriate and beneficial. Some commenters also 
pointed out that HMDA reporting evolved over many years and the ``all 
at once'' approach in the proposal is a mistake and will not allow 
lenders time to adjust.
    Several small lenders and their trade associations stated that if 
the Bureau opts to require some or all of the data points proposed 
pursuant to ECOA section 704B(e)(2)(H), then it should consider partial 
collection of data for community banks and other small lenders. A trade 
association for community banks suggested that the cost of such data 
points would include expensive data quality scrubs to avoid negative 
exam findings, which would be disproportionately borne by smaller 
financial institutions. That commenter was also concerned that the rule 
could require the standardization and homogenization of small business 
lending, damaging the customized and relationship-based lending for 
which community banks are valued. The commenter went on to state that 
if community banks are forced to standardize, it will especially harm 
the vulnerable small businesses that most benefit from the high-touch, 
relationship-based lending that they offer.
    Some commenters stated that the data points proposed pursuant to 
ECOA section 704B(e)(2)(H) would create serious privacy risks. Several 
commenters suggested that this was especially a concern in rural areas 
where the applicant might be identified through certain data points, 
such as the combination of the NAICS code and census tract, and this 
risk might lead some small businesses to not apply for credit. Some of 
these commenters also stated that it would be disadvantageous for 
financial institutions to have access to pricing terms of their 
competitors. One of these commenters stated that collecting more data 
points would increase business borrower perception that this 
information is being used in the credit decision.
    One commenter suggested that data collection mandates in excess of 
what the law requires may be found to be ``arbitrary and capricious,'' 
if a court decides that the Bureau has ``relied on factors which 
Congress has not intended it to consider'' or ``offered an explanation 
for its decision that runs counter to the evidence before the agency.'' 
The commenter did not explain whether or how the proposed data points 
might be viewed this way. Another commenter stated that the full scope 
of data that the rule would require financial institutions to report is 
inconsistent with the operation of business credit markets, and that 
Congress established a limited scope data collection regime in section 
1071. That commenter further stated that if Congress intended to 
require all covered financial institutions to proactively deliver the 
same data required in fair lending enforcement actions, Congress would 
have written that into the law. Although not specifically mentioning 
the relevant legal standard for inclusion of such data, several 
industry commenters argued that some or all of the data points proposed 
pursuant to ECOA section 704B(e)(2)(H) would not fulfill the purposes 
of section 1071.
Final Rule
    As discussed in the section-by-section analyses that follow, the 
Bureau has made changes to many of the proposed data points in order to 
carry out the purposes of section 1071 more effectively and to reduce 
any difficulties the rule might impose on small business lenders. In 
particular, the Bureau has sought to: (1) improve the usefulness of the 
data points for fair lending analysis and for business and community 
development purposes; and (2) facilitate compliance by, among other 
things, focusing on the reporting of information the financial 
institution already collects or possesses. The Bureau's NPRM approach, 
comments received, and final rule (including changes to specific data 
points) are discussed for each data point in turn. The Bureau notes 
that proposed Sec.  1002.107(a)(19), ``women-owned business status,'' 
has been combined with proposed Sec.  1002.107(a)(18), ``minority-owned 
business status,'' and the final Sec.  1002.107(a)(18) data point now 
addresses ``minority-owned, women-owned, and LGBTQI+-owned business 
statuses.'' As a result, the data points in proposed Sec.  1002.107(20) 
and (21) have been renumbered as final Sec.  1002.107(19) and (20).
    The Bureau is finalizing the introductory text to Sec.  
1002.107(a), regarding data format and itemization, to reflect the 
number of data points in the final rule. Final Sec.  1002.107(a) 
provides that a covered financial institution shall compile and 
maintain data regarding covered applications from small businesses, and 
that the data shall be compiled in the manner prescribed in the 
individual data point provisions and the Filing Instructions Guide for 
subpart B for the appropriate year. Furthermore, the data compiled 
shall include the items described in final Sec.  1002.107(a)(1) through 
(20). The Bureau believes that these methods will facilitate compliance 
and yield quality data, and did not receive comments on the specific 
text of Sec.  1002.107(a) or associated commentary.
    The Bureau is finalizing comment 107(a)-1 to provide general 
guidance on complying with Sec.  1002.107(a). Comment 107(a)-1 explains 
that a covered financial institution (i) reports the data enumerated in 
Sec.  1002.107(a) even if the credit originated pursuant to the 
reported application was subsequently sold by the institution; (ii) 
annually reports data for covered applications for which final action 
was taken in the previous calendar year; and (iii) annually reports 
data for a covered application on its small business lending 
application register for the calendar year during which final action 
was taken on the application, even if the institution received the 
application in a previous calendar year. The Bureau believes that these 
operational instructions will clarify a financial institution's 
collection and reporting requirements and so facilitate compliance. The 
Bureau also believes that these instructions will help to ensure the 
accuracy and consistency of the data collected and reported. The Bureau 
did not receive comments on comment 107(a)-1.
    The final rule adds new comment 107(a)-2, which explains that a 
covered financial institution may use technology such as autocorrect 
and predictive text when requesting applicant-provided data under 
subpart B that the financial institution reports via free-form text 
fields, provided that such technology does not restrict the applicant's 
ability to write in its own response instead of using text suggested by 
the technology. The Bureau believes that the ability to use autocorrect 
and predictive text will facilitate the use of free-form text boxes. 
The Bureau considered commenters' objections to the use of free-form 
text

[[Page 35278]]

boxes for collecting and reporting data under this final rule. Although 
the Bureau is aware that data collected with predetermined lists is 
easier to report and work with, the Bureau believes that free-form text 
responses will provide useful information that would not otherwise be 
collected, as they have done for HMDA data, and the use of autocorrect 
and predictive text will facilitate use of free-form text boxes and 
reduce inadvertent errors or typos.
    The Bureau is finalizing comment 107(a)-3 (which was numbered as 
comment 107(a)-2 in the proposal) as proposed, except that the final 
rule adds a web address instead of the placeholder in the proposed 
rule. Final comment 107(a)-3 explains that additional details and 
procedures for compiling data pursuant to Sec.  1002.107 are included 
in the Filing Instructions Guide, which is available at https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/. As explained above, the Bureau did not receive 
comments on the use of the Filing Instructions Guide.
    The Bureau is also adding new comment 107(a)-4, to make clear that 
the Bureau may add additional response options to the lists of 
responses contained in certain of the individual data-point comments, 
via the Filing Instructions Guide, and instructs financial institutions 
to refer to the Filing Instructions Guide for any updates for each 
reporting year. For example, a credit purpose provided frequently in 
the free-form text box for that data point could be added to the 
response options via listing in the Filing Instructions Guide. The 
Bureau believes that such flexibility will enhance the quality and 
currency of the data collected. In addition, because financial 
institutions must refer to the Filing Instructions Guide when 
compiling, maintaining and reporting their data, the Bureau does not 
believe that this flexibility will add operational difficulty to the 
reporting of data under this final rule.
    General data point issues. In regard to the comments suggesting 
that the overall data point collection regime is too burdensome, the 
Bureau notes that most of the data points are enumerated in the statute 
and the Bureau has implemented the data points in such a way as to 
reduce the burden of compilation and reporting as much as feasible 
while fulfilling the purposes of section 1071. The Bureau does not 
require verification of applicant-provided data, allows responses of 
``not applicable'' and ``not provided by applicant and otherwise 
undetermined'' when appropriate, and provides several safe harbors to 
facilitate compliance. In addition, the Bureau believes that it has set 
up the compilation and reporting system in a way that is specific, 
measurable, attainable, realistic and timely, as requested by a 
commenter. In addition, see the discussion below regarding other data 
points considered for further information on the question of the rule's 
burden and the issue of accuracy of fair lending analysis and small 
business credit data.
    In regard to the suggestion that the Bureau use other sources to 
obtain information regarding small business credit instead of via this 
rulemaking, as explained above the Bureau does not believe that 
currently available sources are sufficient to carry out the purposes of 
section 1071, and Congress required the Bureau to promulgate a rule to 
collect the data. In addition, the Bureau notes that the data collected 
under this rule are not exclusive, and financial institutions may 
collect any other data allowable under current law to use in processing 
or underwriting small business credit. For this reason, the Bureau does 
not believe that this final rule will interfere with online lenders' 
business practices, which a commenter was concerned about, or the 
business practices of other entities that offer small business credit. 
In addition, the Bureau does not believe that compilation of data under 
this final rule will interfere with relationship banking by community 
banks, because they will continue to be able to relate to and serve 
customers as they have done previously, and may continue to make credit 
decisions in any legally appropriate fashion that they have done in the 
past.
    As for the commenter's concern that applicant responses be 
voluntary, the Bureau notes that although financial institutions are 
required to have processes and procedures in place to collect these 
data, applicants are free to choose not to answer their requests. For 
the collection of demographic data, applicants may select an option of 
``I do not wish to respond'' or similar. For many of the other data 
points, so long as a financial institution maintains procedures 
reasonably designed to collect applicant-provided data, a financial 
institution may report ``not provided by applicant and otherwise 
undetermined.'' In regard to the commenter's request that the Bureau 
allow responses of ``declined to answer'' and ``not available,'' the 
Bureau believes that the reporting options of ``not provided by 
applicant and otherwise undetermined'' and ``not applicable'' are more 
suited to this data collection, and notes that the commenter did not 
explain why the suggested responses would be better.
    Issues regarding data points adopted pursuant to ECOA section 
704B(e)(2)(H). The Bureau is finalizing its proposed data points with 
certain changes as described in the respective section-by-section 
analyses of those data points below. The Bureau is relying on ECOA 
section 704B(e)(2)(H), as well as its authority under 704B(g)(1), to 
make clarifications to certain of the data points set forth in 704B(b) 
and (e)(2)(A) through (G), as described in the section-by-section 
analyses of those data points below.
    Pursuant to its statutory authority set forth in ECOA section 
704B(e)(2)(H), the Bureau is adopting data points for pricing, time in 
business, NAICS code, number of workers, application method, 
application recipient, denial reasons, and number of principal owners. 
The Bureau has determined that these data points will serve the 
purposes of section 1071, improve the utility of the data for 
stakeholders, and reduce the occurrence of misinterpretations or 
incorrect conclusions based on analysis of an otherwise more limited 
dataset. In finalizing these data points, the Bureau considered the 
additional operational complexity and potential reputational harm 
described by commenters that collecting and reporting these data points 
could impose on financial institutions. The Bureau seeks to respond to 
industry concerns by adopting a limited number of data points that will 
offer the highest value in light of section 1071's statutory purposes. 
For this reason, the Bureau is not adopting certain additional data 
points suggested by commenters such as credit score, applicant's 
disability status, or business structure (see the discussion below).
    In addition, the Bureau did not choose to take an incremental 
approach to adding data points, as several commenters suggested, or 
permit collecting and reporting of certain data points to be phased in 
over time. The Bureau believes the information from the data points 
adopted pursuant to ECOA section 704B(e)(2)(H) will enhance the 
usefulness of the data points enumerated in 704B(e)(2)(A) through (G), 
and further section 1071's purposes for the reasons stated above and in 
the descriptions of those data points in the section-by-section 
analyses below, and so should be collected and reported as soon as 
possible. In addition, data from these data points will be an important 
part of the privacy risk assessment that the Bureau will conduct after 
the first full year of data are received. In response to the

[[Page 35279]]

commenters who expressed concern about privacy risks, the Bureau notes 
that when making modification and deletion decisions prior to 
publication of the data, it intends to consider re-identification risk 
and other cognizable privacy risks. See part VIII below for additional 
information.
    As explained above, numerous industry commenters stated that data 
points adopted pursuant to ECOA section 704B(e)(2)(H) would make the 
rule more burdensome, result in greater costs for not only financial 
institutions but also their small business customers, and potentially 
lead to a reduction in credit availability. The Bureau does not believe 
that the effects on the small business credit market from the data 
points adopted pursuant to ECOA section 704B(e)(2)(H) will be so 
pronounced. Rather, such data points will add only incremental costs to 
the rule,\592\ and the Bureau has carefully crafted all the data points 
in the final rule to provide flexibility by allowing reporting of 
information that is already present in the credit file or easily 
gathered from the applicant. In addition, the final rule does not 
require verification, allows for responses of ``I do not wish to 
respond'' or similar, ``not applicable,'' and ``not provided by 
applicant and otherwise undetermined'' when appropriate, and provides 
several safe harbors to facilitate compliance and reduce costs in the 
compilation and reporting of the data points.
---------------------------------------------------------------------------

    \592\ See part IX.F.5 below for a discussion of the economic 
impacts of an alternative that only includes the data points 
specified in ECOA section 704B(e)(2)(A) through (G).
---------------------------------------------------------------------------

    Numerous industry commenters also stated that the small business 
credit market is different from the residential housing market 
disclosed in HMDA data, and the varied and complex nature of the small 
business application, underwriting and approval processes will cause 
the data collected pursuant to ECOA section 704B(e)(2)(H) to suggest 
false positives for discrimination. Although the potential risk of 
misinterpretation exists with all public data, the Bureau notes that 
any fair lending analysis of the public dataset should be considered 
preliminary to meaningful further investigation, and inferences from 
the public data alone are not determinative of unlawful 
discrimination.\593\ Furthermore, the Bureau believes that the 
additional information from these data points is more likely to 
eliminate false positives than to create them. For example, knowing 
applicants' time in business will help to avoid comparing credit 
outcomes for established businesses with outcomes for riskier start-ups 
and expecting them to be similar. In this way, regulators engaged in 
fair lending analysis, and the financial institutions they are 
examining or researching, will be able to avoid unnecessary further 
investigation.
---------------------------------------------------------------------------

    \593\ In regard to the HMDA dataset for 2020, the Bureau 
publicly stated that ``HMDA data are generally not used alone to 
determine whether a lender is complying with fair lending laws. The 
data do not include some legitimate credit risk considerations for 
loan approval and loan pricing decisions. Therefore, when regulators 
conduct fair lending examinations, they analyze additional 
information before reaching a determination about an institution's 
compliance with fair lending laws.'' See CFPB, FFIEC Announces 
Availability of 2020 Data on Mortgage Lending (June 17, 2021), 
https://www.consumerfinance.gov/about-us/newsroom/ffiec-announces-availability-of-2020-data-on-mortgage-lending/.
---------------------------------------------------------------------------

    Many industry commenters also suggested that information from data 
points adopted pursuant to ECOA section 704B(e)(2)(H) will be 
unreliable and not useful for data users. However, the Bureau considers 
the information required to be reported to be very useful in fulfilling 
the fair lending and business and community development purposes of 
section 1071, as explained in the section-by-section analysis of each 
of these data points below. Although, as one commenter pointed out, 
some of these data may change in the course of credit processing, HMDA 
data and the data from the data points specified in ECOA section 
704B(e)(2)(A) through (G) often do the same. The Bureau believes that 
financial institutions will use the appropriate information from the 
credit file and report accurately, as the overwhelming majority of HMDA 
reporters do now.
    As explained above, some commenters stated that many applicants 
will not want to provide the requested information and some may be 
concerned that the information will be used in the credit decision if 
too much information is requested. The Bureau does not believe that 
these problems will be widespread, and to the extent that they do 
manifest, the financial institution can use the appropriate responses 
to indicate that the applicant did not wish to provide information. The 
Bureau also believes that applicants for small business credit expect 
to be asked for numerous pieces of information, and the applicant-
provided data points adopted pursuant to ECOA section 704B(e)(2)(H) 
(NAICS code, number of workers, time in business, and number of 
business owners) do not appear likely to raise red flags.
    Other commenters were concerned that different types of financial 
institutions would fare differently regarding the data points adopted 
pursuant to ECOA section 704B(e)(2)(H), and this difference would 
create competitive distortions. The Bureau does not believe that the 
structure of a financial institution will have a large effect on the 
difficulty of reporting such data points. Because all covered financial 
institutions have the same responsibilities under this final rule, the 
Bureau believes that the effects on different financial institution 
types will be similar. Numerous commenters also stated that small 
financial institutions, such as community banks and small credit 
unions, would be disadvantaged because they lack the economies of scale 
to allow them to readily absorb the rule's costs. Several of these 
commenters requested an exemption for these institutions from any data 
points adopted pursuant to ECOA section 704B(e)(2)(H), but the Bureau 
has determined that such an additional exemption that focuses 
specifically on such data points is not appropriate. As explained in 
the section-by-section analysis of Sec.  1002.105 above, the proposed 
exemption for certain institutions with limited small business credit 
originations is now finalized at a higher transaction level than 
proposed, exempting a larger number of small financial institutions 
from section 1071's data collection and reporting obligations. 
Furthermore, the usefulness of the data collected would be reduced if 
the dataset is incomplete for some financial institutions. In addition, 
the Bureau will provide assistance to small institutions and compliance 
vendors during the implementation period to help them transition to the 
new rule's requirements.
    In regard to the commenters who discussed legal issues involved in 
this rulemaking, the Bureau notes that each of the data points adopted 
pursuant to ECOA section 704B(e)(2)(H) fulfills the purposes that 
Congress stated in section 1071, fair lending and business and 
community development, as explained in the section-by-section analyses 
that follow. In addition, the Bureau has carefully considered the 
evidence before it, including from the SBREFA process and public 
comments, and has based its decisions regarding these data points on 
that evidence in relation to the factors that Congress intended it to 
consider. Furthermore, as explained above, the Bureau does not consider 
that the full data collected, whether pursuant to ECOA section 
704B(e)(2)(A) through (G) or pursuant to section 704B(e)(2)(H), should 
be used alone to determine whether a lender is complying with fair 
lending laws. When regulators conduct fair lending examinations, they 
will

[[Page 35280]]

consider additional information before reaching a determination about 
an institution's compliance. The Bureau considers the scope of data 
reported to be well within the parameters of congressional intent 
apparent in section 1071.
Other Data Points Considered
    As mentioned above, small entity representatives and other 
stakeholders suggested some additional data points for the Bureau's 
consideration, and the Bureau considered others in the development of 
the proposed rule. Because of the operational complexities likely to be 
posed by each of these potential data points, as well as the reasons 
explained below, the Bureau chose not to propose to include any of the 
following data points in the rule. Nonetheless, the Bureau sought 
comment on whether the following potential data points or any others 
would further the purposes of section 1071 and thus should be 
considered for inclusion in the final rule.
    Type of business/entity structure (sole proprietorship, C-
corporation, limited liability company, partnership, etc.). This 
information could be useful in providing context to the ethnicity, 
race, and sex data regarding applicants' principal owners. However, the 
Bureau believed that collecting the number of principal owners, as 
proposed in Sec.  1002.107(a)(21), would better serve this purpose.
    Credit score. Collecting credit score and other credit information 
could be particularly useful for the fair lending purpose of section 
1071. However, because of the different types of scores and different 
situations in which a financial institution would or would not access 
scores, the Bureau believed that this data point could be quite 
complicated and involve complex sub-fields, which could pose 
operational difficulties for financial institutions in collecting and 
reporting this information. These complexities could also make it 
difficult for data users to understand and interpret credit score data.
    Credit reporting information, including whether credit information 
was accessed. This data point could also be complicated and involve 
complex sub-fields, making it difficult for financial institutions to 
collect and report. As with credit score, these complexities could also 
make it difficult for data users to understand and interpret these 
data. In addition, it was not clear that this information would be 
useful without also collecting credit score.
    Percentage ownership of each principal owner and percentage 
ownership by women and by minorities. This information could be useful 
in providing context to the ethnicity, race, and sex data regarding 
applicants' principal owners. However, the Bureau was concerned that 
requesting this type of percentage data could be confusing to 
applicants and could result in inconsistent responses across applicants 
and institutions. The Bureau believed that collecting the number of 
principal owners (those individuals who each directly own 25 percent or 
more of the equity interests of a business), as proposed in Sec.  
1002.107(a)(21), would better serve this same purpose.
    Whether the applicant has an existing relationship with the 
financial institution and the nature of that relationship. This 
information could provide additional context for a financial 
institution's credit decision, and thus could be useful for both of 
section 1071's statutory purposes. However, the Bureau believed that 
the usefulness of the data collected might not justify the additional 
operational complexity of identifying and tracking such relationships 
for reporting.
    Customer number, and/or unique (but anonymous) identification 
number for applicants or associated persons for tracking of multiple 
applications. This information could be useful to track multiple 
applications by a single small business within a particular financial 
institution, whether submitted at one time or over the course of the 
year. However, the Bureau believed that the potential difficulties 
posed by requiring the reporting of this information--particularly for 
applications that have been withdrawn or abandoned--would not be 
warranted in light of the utility of the data.
Comments Received
    Type of business/entity structure. The Bureau received comments 
from some lenders, community groups, and others requesting the 
inclusion of a data point for type of business structure. The Bureau 
did not receive any comments specifically opposing the inclusion of 
type of business structure, though the Bureau understands the 
overwhelming industry opposition to all data points adopted pursuant to 
ECOA section 704B(e)(2)(H) likely implicates this one.
    Commenters stated that collecting type of business structure would 
allow for better analysis of credit outcomes, because different 
structures may indicate varying levels of sophistication and can be 
viewed differently by creditors. One commenter pointed out that Black 
and Latino business owners are more likely to have non-employer 
businesses, and type of business structure could help identify those 
businesses and track their access to credit. That commenter also stated 
that without the information about business structure, it will not be 
possible to identify gaps in capital access between sole 
proprietorships (often minority owned) and other forms, and so 
collecting business structure will help ensure that future capital 
programs, whether private or public, adequately include or target 
business structures. One commenter stated that business structure, 
along with credit score, would be important for rooting out patterns of 
discriminatory or exclusionary lending practices in the deep South. A 
CDFI lender stated that being able to differentiate between sole 
proprietors versus corporations is also key for philanthropic efforts 
that may aid the work of mission-based lenders working with specific 
underserved communities, and added that it already collects this 
information for the SBA 7(a) program, Paycheck Protection Program, and 
the CDFI Fund. Discussing the Bureau's suggestion that collecting the 
number of principal owners would provide the desired context, a 
commenter stated that under the proposal, only a natural person who 
directly owns at least 25 percent of a business is counted as a 
principal owner, and thus a partnership, corporation, and sole 
proprietorship could appear similarly situated despite presenting 
different credit needs.
    Credit score. The Bureau received numerous comments from community 
groups, community-oriented lenders, business advocacy groups, and 
others requesting the inclusion of a data point for credit score. The 
Bureau did not receive any comments specifically opposing the inclusion 
of credit score, though the Bureau understands the overwhelming 
industry opposition to all data points adopted pursuant to ECOA section 
704B(e)(2)(H) as likely implicating this one.
    Commenters stated that including a data point for credit score, 
along with other key underwriting criteria, was important for effective 
fair lending analysis. A joint letter from community and business 
advocacy groups stated that the Federal Reserve Banks in their annual 
small business surveys have found large disparities in credit access 
even after controlling for credit scores, and other commenters agreed 
that this was the case. Many compared the situation to HMDA, where 
credit scores were only recently required, suggesting that the lack of 
credit scores allowed lenders to avoid accountability. A number of 
community groups stated

[[Page 35281]]

that, in addition to fair lending, credit scores allow users to 
understand the characteristics of applicants that are denied credit so 
as to identify areas of unmet need. A joint letter from community 
groups and community oriented lenders stated that more than half of 
Black individuals and 41 percent of Latinos have low or no credit 
scores, which impacts their ability to access financing. One community 
group stated that since the Bureau implemented the expanded HMDA data 
collection rules, they have determined that in their county Black 
mortgage applicants are more than 10 percent likelier than white 
applicants to be denied for credit history, and that having more robust 
information would allow them to better advocate to their financial 
partners for more equitable credit scoring models in small business 
lending. A CDFI lender stated that lenders rely heavily on credit 
scores to assess borrower risk and creditworthiness, and they are used 
in many cases to screen for pre-qualified and/or pre-approved 
applicants before moving further in the application process. Several 
rural community groups stated that credit score reporting would be 
important for analyzing potential discrimination in farm credit.
    Numerous commenters suggested that requiring credit scores would 
not be as complicated or difficult as the Bureau stated in the proposed 
rule, pointing out that HMDA currently requires credit score reporting 
and this rule could use a similar method. Commenters said lenders that 
rely on an individual or composite credit score of business owners 
should be required to report that score and the scoring model used, as 
is currently required under HMDA. A CDFI lender stated that it would be 
straightforward for lenders to disclose borrower credit scores, type 
(personal or business), and scoring model and version in accordance 
with HMDA procedures, including the options to select not applicable 
and write in the name and credit scoring model if not listed. Once 
commenter suggested requiring only personal credit scores because 
business scores were not yet industry standard. A community group 
suggested that the Bureau use the Federal Reserve Bank of Atlanta's 
small business credit survey method, which they said accommodates a 
single score irrespective of how it was used by the lender. Another 
CDFI lender stated that it already collects credit score for the CDFI 
Fund. Several commenters stated that privacy would not be a problem, 
and some suggested that credit scores could be released in ranges or 
other non-specific methods to avoid any issue.
    Disability status. Although the Bureau did not propose or seek 
comment on the possibility of including the disability status of 
applicant owners as a data point, a number of commenters requested that 
the Bureau do so. An advocacy group for persons with disabilities 
stated that this population is twice as likely as people without 
disabilities to be living in poverty, twice as likely to use costly 
nonbank lending, and twice as likely to be unbanked. They stated 
further that people with disabilities that are part of the labor force 
are more likely to own small businesses than those without 
disabilities, and that for a growing number of adults with 
disabilities, establishing small businesses has become a viable path to 
improve their economic stability and security. Finally, they stated 
that the absence of disability data renders people with disabilities 
invisible and creates an obstacle to understanding and analyzing 
potential discriminatory lending practices and creates a challenge in 
advocating for and designing effective policies. Other commenters 
referred to and supported this organization's comment letter.
    Some commenters stated that discrimination against people with 
disabilities is clearly present in society, and several suggested that 
including a disability data point would further enforcement and 
implementation of section 1071, the Americans with Disabilities Act, 
and various bank vendor procurement programs, amongst other laws and 
initiatives. One commenter stated that people with disabilities often 
face significant economic disparities such as lower net worth or 
thinner credit history that may create barriers to entrepreneurship. A 
CDFI lender stated that it already collects this information for the 
SBA 7(a) program.
    Additional agricultural data. Although the Bureau did not propose 
or seek comment on the issue, two rural community groups requested that 
the final rule include additional data points regarding agricultural 
credit. One of these commenters stated that the Bureau should require 
reporting of farm marketing strategies, years of farmer experience, and 
certain kinds of farm production certifications (USDA Organic, animal 
welfare, labor standard certification, etc.) to help determine if all 
farm operations are treated equally in the lending process. The other 
requested that information regarding base acre payments (farm program 
benefit payments) be reported because information on program benefits 
attached to base acres is valuable to minority farmers' farm credit 
loan making and servicing. That commenter also asked that the Bureau 
require reporting on collateral requirements, on differences in 
appraised value or loans or loan modifications rejected based on 
failure to appraise, on refinancings precipitated by required 
graduation from Farm Service Agency loans, and on all forms of loan 
modifications that have historically been a central factor in farm loss 
for farmers of color.
    Other requested data points. The Bureau received requests for 
several other additional data points that were not proposed and on 
which it did not seek comment. Commenters suggested that the Bureau 
require reporting on veteran status, limited English proficiency 
status, and senior citizen status in order to monitor risks to these 
groups. A CDFI lender stated that it already collects veteran status 
for SBA 7(a) loans and other programs. They also stated that it 
collects information on low-income owned or controlled status for the 
CDFI Fund, though did not specifically ask the Bureau to require 
reporting of that information or veteran status.
    Commenters also requested that the Bureau require reporting of the 
appraised value of collateral in relation to the loan amount, the 
origination date, community of residence (using ZIP code, school zone 
or other demographic data), the type of purchaser of the originated 
credit, and a legal entity identifier (LEI) for the small business 
applicant.
Final Rule
    The Bureau is adopting a limited number of data points pursuant to 
the authority set forth in ECOA section 704B(e)(2)(H) that it believes 
will offer the highest value in light of section 1071's statutory 
purposes. The Bureau believes that the potential additional data points 
that it sought comment on would pose operational complexities, as would 
the other data points suggested by commenters. For these reasons, and 
the reasons explained below, the Bureau is not including any of the 
following data points in this final rule.
    Type of business/entity structure. The Bureau believes that 
collecting the number of principal owners will be more useful than type 
of business structure in providing additional useful context to the 
ethnicity, race, and sex data regarding applicants' principal owners. 
In addition, the Bureau believes that the number of workers and gross 
annual revenue data points will provide useful context regarding the 
size and sophistication of the applicant, which

[[Page 35282]]

appears to address the primary reason that commenters wanted type of 
business structure to be collected.
    Credit score. Although the Bureau agrees with commenters that this 
data would be useful for fair lending analyses, it nonetheless could be 
quite complicated and involve complex sub-fields, which could pose 
operational difficulties for financial institutions, especially given 
the use of business credit scores as well as personal credit scores in 
small business lending.
    Disability status. The Bureau did not propose or seek comment on 
including this data point, and so does not have the benefit of robust 
stakeholder input as to whether and how to implement it. More 
importantly, ECOA does not include disability as one of the enumerated 
bases on which discrimination is prohibited, and so it is not clear 
that the Bureau has the legal authority to include this data point.
    Additional agricultural data. The Bureau did not propose or seek 
comment on including these data points, and so does not have the 
benefit of robust stakeholder input as to whether and how to implement 
them. In addition, the Bureau does not have sufficient other 
information to assess the importance or feasibility of requiring that 
these data points be reported.
    Other requested data points. The Bureau did not propose or seek 
comment on including these data points regarding veteran, limited 
English proficiency, and senior citizen status, and so does not have 
the benefit of robust stakeholder input as to whether and how to 
implement them. In addition, the Bureau does not have sufficient other 
information to assess the importance or feasibility of requiring that 
these data points be reported.
    Credit reporting information, including whether credit information 
was accessed. Commenters did not focus on this potential additional 
data point that the Bureau sought comment on, instead focusing their 
requests on the related potential credit score data point discussed 
above. For the reasons discussed above, the Bureau is not including 
this data point in the final rule.
    Percentage ownership of each principal owner and percentage 
ownership by women and by minorities. The Bureau did not receive 
comments on this potential additional data point that the Bureau sought 
comment on. For the reasons discussed above, the Bureau is not 
including this data point in the final rule.
    Whether the applicant has an existing relationship with the 
financial institution and the nature of that relationship. The Bureau 
did not receive comments on this potential additional data point that 
the Bureau sought comment on. For the reasons discussed above, the 
Bureau is not including this data point in the final rule.
    Customer number, and/or unique (but anonymous) identification 
number for applicants or associated persons for tracking of multiple 
applications. The Bureau did not receive comments on this potential 
additional data point that the Bureau sought comment on. For the 
reasons discussed above, the Bureau is not including this data point in 
the final rule.
107(a)(1) Unique Identifier
Proposed Rule
    ECOA section 704B(e)(2)(A) requires financial institutions to 
collect and report ``the number of the application . . . .'' Regulation 
C includes a similar reporting requirement for a universal loan 
identifier,\594\ though some insured credit unions and depositories 
whose lending activity falls below applicable thresholds are partially 
exempt and only need to report a non-universal loan identifier.\595\ 
Both the universal loan identifier and the non-universal loan 
identifier use only alphanumeric characters, and do not allow use of 
identifying information about the applicant or borrower in the 
identifier. The universal loan identifier is ``unique'' in the national 
HMDA reporting market because it uses a unique LEI for the reporting 
institution and then the identifier is required to be unique within 
that institution.\596\ The universal loan identifier must be no more 
than 45 characters and the non-universal loan identifier must be no 
more than 22 characters.\597\
---------------------------------------------------------------------------

    \594\ 12 CFR 1003.4(a)(1)(i).
    \595\ 12 CFR 1003.3(d)(5).
    \596\ 12 CFR 1003.4(a)(1)(i)(A), (B)(2). The non-universal loan 
identifier is only required to be unique within the annual loan/
application register in which the covered loan or application is 
included. 12 CFR 1003.3(d)(5)(ii).
    \597\ The universal loan identifier length limit is included in 
the Bureau's yearly HMDA Filing Instructions Guide. See CFPB, Filing 
instructions guide for HMDA Data collected in 2023 (2022), https://ffiec.cfpb.gov/. The length limit for the non-universal loan 
identifier is in Regulation C Sec.  1003.3(d)(5).
---------------------------------------------------------------------------

    The Bureau proposed to require that financial institutions report 
an alphanumeric identifier starting with the LEI of the financial 
institution. This unique alphanumeric identifier would have been 
required to be unique within the financial institution to the specific 
covered application and to be usable to identify and retrieve the 
specific file corresponding to the application for or extension of 
credit. The Bureau also proposed commentary with additional details, as 
discussed below.
    For clarity, the Bureau included language in proposed comment 
107(a)(1)-1 that would have explained that the identifier can be 
assigned at any time prior to reporting the application. Proposed 
comment 107(a)(1)-1 would also have provided the formatting 
requirements for the unique identifier. The Bureau proposed an 
identifier of 45 characters or fewer, as is currently required for 
HMDA. The Bureau made clear in the proposal that the unique identifier 
would not need to stay ``uniform'' throughout the application and 
subsequent processing. Proposed comment 107(a)(1)-1 would have also 
explained that refinancings or applications for refinancing must be 
assigned a different identifier than the transaction that is being 
refinanced.
    Proposed comment 107(a)(1)-2 would have made clear that the unique 
identifier must not include any directly identifying information 
regarding the applicant or persons (natural or legal) associated with 
the applicant. The Bureau was aware that internal identification 
numbers assigned by the financial institution to the application or 
applicant could be considered directly or indirectly identifying 
information, and requested comment on this issue. The Bureau also noted 
that due to privacy risks the Bureau was proposing to not publish 
unique identifier in unmodified form; the Bureau sought comment on 
potential modifications to or deletion of this data point in the 
published application-level data. Proposed comment 107(a)(1)-2 would 
have also cross-referenced proposed Sec.  1002.111(c) and related 
commentary, which would have prohibited any personally identifiable 
information concerning any individual who is, or is connected with, an 
applicant, in records retained under proposed Sec.  1002.111.
    As stated above, the Bureau proposed to require that the unique 
identifier begin with the financial institution's LEI. Pursuant to 
proposed Sec.  1002.109(b)(1)(vi), any covered financial institution 
that did not currently use an LEI would have been required to obtain 
and maintain an LEI in order to identify itself when reporting the 
data. Although a ``check digit''--a portion of an identifying number 
that can be used to check accuracy--is required for the HMDA universal 
loan identifier, the Bureau did not propose to require its use in the 
1071 unique identifier.
    The Bureau sought comment on its proposed approach to the unique 
identifier data point. In addition, the

[[Page 35283]]

Bureau requested comment on the use of the LEI in the unique identifier 
and the possible use of a check digit.
Comments Received
    The Bureau received comments on the unique identifier data point 
from several lenders and trade associations. Some commenters supported 
the data point as proposed; several stated that it was a reasonable and 
appropriate means of implementing the statutory requirement. Another 
lender noted that it already reports this type of data for Paycheck 
Protection Program and CDFI Fund lending. A trade association stated 
that community banks prefer not to be required to create this 
identifier too early in the credit origination process. A national auto 
finance trade association noted that its members generally assign 
application or loan numbers to new credit applications, but not 
necessarily to credit line increases, and suggested that financial 
institutions will have this data without needing the Federal Reserve to 
issue a parallel rule to implement section 1071 for motor vehicle 
dealers.\598\
---------------------------------------------------------------------------

    \598\ ECOA authority over motor vehicle dealers lies with the 
Board, not the Bureau, because Regulation B does not apply to a 
person excluded from coverage by section 1029 of the Consumer 
Financial Protection Act of 2010, title X of the Dodd-Frank Wall 
Street Reform and Consumer Protection Act, Public Law 111-203, 124 
Stat. 1376, 2004 (2010).
---------------------------------------------------------------------------

    A community bank stated that the cost of creating a customer 
identification numbering system that does not use the employer 
identification number, taxpayer identification number, or Social 
Security number (SSN) would be passed on to the borrower. That 
commenter requested that the Bureau allow use of the last four digits 
of the employer identification number, taxpayer identification number, 
or SSN for identification purposes. They also expressed confusion as to 
how an LEI (which it may not currently have) could be incorporated with 
the loan number in its system for reporting, and stated that the Bureau 
did not provide sufficient guidance on how to incorporate the unique 
identifiers into its current system.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(1) with a minor edit for clarity. Financial institutions 
will report an alphanumeric identifier, starting with the LEI of the 
financial institution, that is unique within the financial institution 
to the specific covered application. The identifier must be usable to 
identify and retrieve the specific file or files corresponding to the 
application for or extension of credit.
    The Bureau is finalizing comment 107(a)(1)-1 with a minor change. 
As apparent from the instructions in comment 107(a)(1)-1, the Bureau 
chose to follow the well-known and workable HMDA format to avoid 
introducing new complications. With respect to the concerns raised by 
one commenter about the unique identifier data point, the Bureau notes 
that a customer identification number is not required. The unique 
identifier refers to the application or origination being reported, not 
the customer who applies for or borrows the funds. In addition, comment 
107(a)(1)-1 makes clear that financial institutions may assign the 
unique identifier at any time prior to reporting the application, 
facilitating compliance. The Bureau believes that final Sec.  
1002.107(a)(1) will accommodate different institutions' numbering 
systems because the unique identifier can be created separately from 
those internal systems. In order to foster uniformity of format and 
avoid confusion as to what constitutes a ``unique'' identifier, comment 
107(a)(1)-1 now requires that any alphabetical characters in the unique 
identifier be upper-case.
    The Bureau is finalizing comment 107(a)(1)-2 with a minor change 
described below. Final comment 107(a)(1)-2 states that the unique 
identifier must not include any directly identifying information 
regarding the applicant or persons (natural or legal) associated with 
the applicant. In regard to the use of directly identifying 
information, such as an SSN or taxpayer identification number, the 
Bureau notes that section 1071 specifically forbids financial 
institutions from using personally identifiable information concerning 
any individual who is, or is connected with, an applicant in compiling 
and maintaining data for reporting.\599\ Although the Bureau has 
preliminarily determined not to release unique identifier data reported 
to the Bureau in unmodified form in the public, application-level 
dataset, inclusion of a small business's employer identification number 
or a natural person's SSN or taxpayer identification number could 
present a risk of fraud or identity theft. Thus, for clarity, the 
Bureau is including in comment 107(a)(1)-2 that SSN and employer 
identification number, in whole or partial form, are examples of 
directly identifying information that must not be used.
---------------------------------------------------------------------------

    \599\ ECOA section 704B(e)(3).
---------------------------------------------------------------------------

    The final rule requires that the unique identifier begin with the 
financial institution's LEI. Final Sec.  1002.109(b)(1)(vi) requires 
any covered financial institution that does not currently use an LEI to 
obtain and maintain an LEI in order to identify itself when reporting 
data to the Bureau. The Bureau does not believe that including the 
financial institution's LEI in its unique identifiers will pose 
particular difficulties for reporting institutions; as noted above, the 
unique identifier can be assigned at any time prior to reporting an 
application. The Bureau also believes that including the LEI will 
increase the specificity and usefulness of the identifier and the 
record it identifies.
    The Bureau did not receive comments discussing the possible 
inclusion of a ``check digit,'' which is required for the HMDA 
universal loan identifier but was not proposed as part of the 1071 
unique identifier. The Bureau believes that, based on its expectations 
for small business lending data submission platform, a check digit will 
be unnecessary, as well as potentially complicated for small financial 
institutions to implement, and thus it is not included in the final 
rule.
107(a)(2) Application Date
Proposed Rule
    ECOA section 704B(e)(2)(A) requires financial institutions to 
collect and report the ``date on which the application was received.''
    The Bureau proposed to require reporting of application date in 
Sec.  1002.107(a)(2) as the date the covered application was received 
by the financial institution or the date on a paper or electronic 
application form. Proposed comments 107(a)(2)-1 and -2 would have 
clarified the need for a financial institution to take a consistent 
approach when reporting application date, and would have provided 
guidance on how to report application date for applications not 
submitted directly to the financial institution or its affiliate 
(indirect applications). The Bureau also proposed a safe harbor in 
Sec.  1002.112(c)(4), which would have provided that a financial 
institution does not violate proposed subpart B if it reports on its 
small business lending application register an application date that is 
within three calendar days of the actual application date pursuant to 
proposed Sec.  1002.107(a)(2).
    The Bureau sought comment on its approach to collecting application 
date in proposed Sec.  1002.107(a)(2) and associated commentary. The 
Bureau also sought comment on how best to

[[Page 35284]]

define the ``application date'' data point in light of the Bureau's 
definition of ``covered application'' in proposed Sec.  1002.103.
Comments Received
    The Bureau received feedback on its proposal to require reporting 
of application date in Sec.  1002.107(a)(2) from several lenders, trade 
associations, and a community group. Most commenters to address this 
data point supported proposed Sec.  1002.107(a)(2). A trade association 
stated that application date is currently collected in its financial 
institutions' work flows. A trade association urged the Bureau to 
define application date in a manner that is consistent with existing 
Regulation B, so to avoid inconsistency, though it did not identify any 
aspect of proposed Sec.  1002.107(a)(2) that would be inconsistent with 
existing Regulation B. Similarly, a bank urged the Bureau to align 
application date with HMDA--to increase efficiency for the customer, 
facilitate compliance, and avoid duplicative collections--but did not 
identify whether or how proposed Sec.  1002.107(a)(2) would differ from 
how financial institutions report application date under Regulation C. 
A community bank urged the Bureau to provide a concrete definition of 
application date, explaining that a subjective definition would 
discourage banks from small business lending, and that application date 
is often difficult to pinpoint as there frequently is no written 
application and the application process may occur over time, both in-
person and by phone.\600\
---------------------------------------------------------------------------

    \600\ Comments primarily directed at how to define an 
application under section 1071, rather than the date reported for 
that application, are discussed in connection with the section-by-
section analysis of Sec.  1002.103(a) above.
---------------------------------------------------------------------------

Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(2) to require reporting of application date as the date the 
covered application was received or the date on a paper or electronic 
application form. The Bureau believes the flexibility to report either 
the date the covered application was received or the date shown on a 
paper or electronic application form will accommodate institutions' 
varied practices. While several commenters urged the Bureau to align 
reporting of application date with existing Regulation B and Regulation 
C, the commenters did not identify how the proposed definition would 
differ from those regulatory provisions, and the Bureau believes they 
do not conflict. For example, a financial institution may report 
application date based on the date a ``covered application'' was 
received, and final Sec.  1002.103(a) defines a covered application 
largely based on Regulation B's definition of an application in 
existing Sec.  1002.2(f). Similarly, Regulation C Sec.  
1003.4(a)(1)(ii) requires reporting of the date the application was 
received or the date shown on the application form. While a commenter 
urged the Bureau to provide a concrete definition of application date, 
the commenter never indicated whether or how the proposed definition 
was vague.\601\
---------------------------------------------------------------------------

    \601\ As discussed in more detail in the section-by-section 
analysis of Sec.  1002.103(b), if the covered application is 
requesting additional credit on an existing account, all data 
reported, including applicable dates, relate to the new request for 
credit rather than the initial origination.
---------------------------------------------------------------------------

    Final Sec.  1002.107(a)(2) states that application date may be the 
date ``the covered application was received;'' the Bureau has removed 
the phrase that followed in proposed Sec.  1002.107(a)(2), which read 
``by the financial institution . . . '' to reflect that not all covered 
applications will be received directly by the financial institution. 
The Bureau is also adopting new comment 107(a)(2)-2 to provide guidance 
on when an application is ``received'' for covered applications 
submitted directly to the financial institution or its affiliate.
    Comment 107(a)(2)-1 is finalized with minor revisions for clarity 
and consistency, to provide guidance on maintaining a consistent 
approach to reporting application date. Final comment 107(a)(2)-3 
(proposed as comment 107(a)(2)-2) provides guidance on how a financial 
institution reports application date where a covered application was 
not submitted directly to the financial institution or its affiliate. 
Lastly, final comment 107(a)(2)-4 is adopted to note the safe harbor in 
final Sec.  1002.112(c)(1), which provides that a financial institution 
does not violate subpart B if it reports on its small business lending 
application register an application date that is within three business 
days of the actual application date pursuant to final Sec.  
1002.107(a)(2).
107(a)(3) Application Method
Proposed Rule
    ECOA section 704B(e)(2)(H) authorizes the Bureau to require 
financial institutions to compile and maintain ``any additional data 
that the Bureau determines would aid in fulfilling the purposes of 
[section 1071].'' The Bureau believes that application method data will 
aid in fulfilling the purposes of section 1071.
    The Bureau did not address the method of application as a potential 
data point under consideration in the SBREFA Outline. However, during 
the SBREFA process, one CDFI small entity representative suggested 
collecting information regarding the way an application was taken (in 
person, by phone, or online) in order to monitor for possible 
discouragement of applicants.\602\ Relatedly, several small entity 
representatives that took applications for credit primarily or entirely 
online asserted that such channels were less likely to result in 
discrimination and more likely to increase access to credit to women-
owned and minority-owned small businesses.
---------------------------------------------------------------------------

    \602\ SBREFA Panel Report at 30-31.
---------------------------------------------------------------------------

    In light of the feedback during the SBREFA process and further 
consideration by the Bureau of additional data that would aid in 
fulfilling the purposes of section 1071, the Bureau proposed to require 
financial institutions to collect and report application method. The 
Bureau proposed Sec.  1002.107(a)(3) to define this data point as the 
means by which the applicant submitted the covered application directly 
or indirectly to the financial institution. The Bureau also proposed 
commentary to accompany proposed Sec.  1002.107(a)(3).
    The Bureau believed that data on application method would improve 
the market's understanding of how applicants apply for credit which, in 
turn, would facilitate fair lending enforcement and the business and 
community development purposes of section 1071. In addition, the Bureau 
believed that collecting data on application method would aid in 
analysis of multiple data points collected and reported by financial 
institutions, including the ethnicity, race, and sex of applicants' 
principal owners.
    Finally, data on application method would assist in analyzing data 
reported under, and assessing compliance with, proposed Sec.  
1002.107(a)(20), which would have required financial institutions to 
collect principal owners' ethnicity and race via visual observation or 
surname in certain circumstances. The Bureau explained that having 
application method reporting would allow the Bureau and other data 
users to determine, for example, which applications could be subject to 
data collection via visual observation or surname (because the 
financial institution met with the applicant in person) and, together 
with information reported under proposed

[[Page 35285]]

Sec.  1002.107(a)(20), which of those applications did and did not have 
information collected that way.
    The Bureau proposed comment 107(a)(3)-1 to clarify that a financial 
institution would comply with proposed Sec.  1002.107(a)(3) by 
reporting the means by which the applicant submitted the application 
from one of the following options: in-person, telephone, online, or 
mail. Proposed comment 107(a)(3)-1 would have explained how financial 
institutions are to choose which application method to report, 
including via a ``waterfall approach'' when they have contact with an 
applicant in multiple ways. Proposed comments 107(a)(3)-1.i through .iv 
would have provided detailed descriptions and examples of each of the 
four proposed application methods.
    The Bureau proposed comment 107(a)(3)-2 to provide guidance on what 
application method a financial institution would report for 
interactions with applicants both online and by mail. In short, a 
financial institution would have reported application method based on 
the method by which it, or another party acting on its behalf, 
requested the ethnicity, race, and sex of the applicant's principal 
owners pursuant to proposed Sec.  1002.107(a)(20). Proposed comment 
107(a)(3)-2 also would have provided separate examples of when the 
application method should be reported as ``online'' and ``mail.''
    The Bureau sought comment on its proposed approach to this data 
point.
Comments Received
    The Bureau received comments on its proposed application method 
data point from a number of banks, trade associations, and community 
groups. Several commenters supported the Bureau's proposal to require 
financial institutions to report data on application method; some noted 
that such data would facilitate fair lending enforcement and/or further 
the community development purpose of section 1071. A community group 
asserted that data on the application method would enable the 
comparison of application outcomes based on the application channel at 
specific institutions and could also help assess whether applicants are 
receiving comparable access to comparable credit across application 
channels. Another community group stated that data on application 
method would help shed light on the issue of whether newer, online 
lenders are more effective at reaching underserved populations and 
businesses. One commenter suggested the Bureau create more categories, 
particularly to distinguish email from web portal because an 
application received by email often reflects a more personal 
relationship than does an application submitted via web portal.
    In contrast, several banks and trade associations opposed the 
proposed requirement to collect application method data and urged the 
Bureau to drop it from the final rule. A few commenters said that this 
data point was added ``late'' in the rulemaking process or without 
adequate public input.
    Industry commenters explained that application method data are not 
currently collected nor recorded in the loan file. A bank stated that 
it would need to collect the data manually because it does not have a 
way to record or report the information and asserted that this data 
collection requirement would affect its ability to serve the credit 
needs of its community. Several other commenters noted that this data 
point is not a factor in the credit decision and argued that there is 
no information or insight that can be gleaned from it. Some commenters 
also questioned how the data point would provide value in fair lending 
analysis. One commenter suggested the data have limited value and that 
the Bureau's policy goals can be achieved by combining publicly 
available data with section 1071's statutory requirements; for example, 
collection of census tract data will indicate whether a loan was 
originated in a ``credit desert,'' thereby eliminating the need for the 
application method data point.
    Some commenters asserted that the proposed waterfall approach was 
problematic and would introduce complexity into reporting application 
method data. These commenters explained that there are multiple 
interactions between the lender and the applicant throughout the 
application process and suggested that reporting application method 
using the proposed waterfall approach would require the financial 
institution to document each interaction with an applicant. They 
further said that could lead to a cumbersome process in trying to 
determine exactly how an application was received and could result in 
unintentional errors. One industry commenter stated that an application 
may start out as an email request, followed up by a phone call, and 
then be completed in person. This commenter suggested that there would 
be difficulty collecting the data accurately because the proposal did 
not allow for multiple methods of application, particularly because the 
definition of application is at the financial institution's discretion. 
A bank suggested that the Bureau drop the waterfall approach and allow 
financial institutions to designate the best way to determine 
application method. A group of trade associations likewise requested 
that the Bureau drop the waterfall approach, and instead have financial 
institutions report the application method where the ethnicity, race, 
and sex of the applicant's principal owners was requested. A few 
commenters suggested that the application method should be based only 
on the initial contact. Two of these commenters indicated that basing 
the application method on initial contact would provide clear 
requirements in the event that the applicant provides information via 
two methods: for example, when an applicant applies online but later 
provides information by telephone.
    A group of trade associations noted that while the data point is 
about the means by which the application was submitted, the proposed 
commentary discusses when a financial institution meets with the 
applicant or communicates with the applicant by telephone. This 
commenter stated that the proposed commentary was confusing and did not 
provide clear guidance on compliance.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(3) with a number of revisions to the associated commentary. 
Pursuant to its authority under ECOA section 704B(e)(2)(H), the Bureau 
believes that collecting data on application method would aid in 
fulfilling the purposes of section 1071, as explained below.
    Initially, the Bureau believes that data on application method will 
improve the market's understanding of how applicants apply for credit. 
In addition, data on application method will support 1071's statutory 
purposes by, inter alia, providing additional context for the business 
and community development needs of particular geographic regions. For 
instance, application method may help data users analyze the extent to 
which financial institutions may be providing access to credit online 
or by telephone in ``credit deserts'' where financial institutions do 
not have branch operations.
    In addition, the Bureau believes that collecting data on 
application method will aid in analysis of multiple data points 
collected and reported by financial institutions, including the 
ethnicity, race, and sex of applicants' principal owners. For example, 
these data will assist the Bureau and other data users in identifying 
whether applicants are more or less likely to

[[Page 35286]]

provide this (and other) 1071 information in different application 
channels. This information may also assist in determining whether a 
financial institution has procedures to collect applicant-provided data 
at a time and in a manner that are reasonably designed to obtain a 
response, as required by Sec.  1002.107(c).
    The Bureau explained in the NPRM that having application method 
data would be useful in analyzing data reported under, and assessing 
compliance with, proposed Sec.  1002.107(a)(20) related to collecting 
the ethnicity and race of principal owners via visual observation or 
surname in certain circumstances. However, as explained in the section-
by-section analysis of Sec.  1002.107(a)(19) below, the Bureau has 
removed the visual observation or surname requirement from this final 
rule. Consequently, the proposed waterfall approach is less relevant 
for assessing compliance with final Sec.  1002.107(a)(19). In 
combination with the concerns expressed by commenters regarding 
compliance complexities, including the need to document multiple 
interactions between the financial institution and applicant, the 
Bureau has decided not to adopt the proposed waterfall approach for 
reporting application method.
    The Bureau is thus adopting comments 107(a)(3)-1.i through .iv with 
revisions to reflect the removal of the waterfall. The Bureau believes 
these changes will also address a commenter's concern regarding 
potential confusion about the proposed commentary's treatment of 
meetings and other interactions with applicants. Relatedly, the Bureau 
is not finalizing proposed comment 107(a)(3)-2, which would have 
provided guidance on reporting for interactions with applicants both 
via mail and online under the waterfall approach.
    In addition, the Bureau has added new guidance in comment 
107(a)(3)-1 to clarify what a financial institution reports if it 
retains multiple versions of the application form. The Bureau has also 
made a few minor revisions in comments 107(a)(3)-1.i through .iv for 
clarity. Final comment 107(a)(3)-1 lists the options a financial 
institution reports for the means by which an applicant submitted the 
application. In final comment 107(a)(3)-1.i, the Bureau has clarified 
that the in-person application method applies, for example, to those 
applications submitted at a branch office, including applications hand 
delivered by an applicant. In final comment 107(a)(3)-1.ii, the Bureau 
has clarified that an application submitted via telephone call is 
reported as ``telephone.'' In final comment 107(a)(3)-1.iii, the Bureau 
has clarified that an application submitted via website, mobile 
application (commonly known as an app), fax transmission, or text-based 
electronic communication is also reported as ``online.'' The Bureau 
does not believe it is appropriate to distinguish between applications 
submitted by email and applications submitted through a web portal, on 
the basis that an application that is emailed reflects a more personal 
relationship, as suggested by a commenter. The Bureau believes that 
both application methods are appropriately reportable as ``online'' 
because they reflect an electronic communication. The Bureau notes that 
various electronic communication methods provided in final comment 
107(a)(3)-1.iii can reflect a personal relationship. For example, an 
applicant may have begun communications with the financial institution 
through email, followed by text messages, and then submitted the 
application through the financial institution's website. All of these 
methods can potentially reflect a personal relationship.
    The Bureau removed the hand delivery at a teller window example in 
comment 107(a)(3)-1.iv because, under the final rule, an application 
hand delivered by an applicant at a branch is reported as ``in-person'' 
pursuant to final comment 107(a)(3)-1.i. Regarding a suggestion from 
commenters that the Bureau use the method by which ethnicity, race, and 
sex of the principal owners are collected for reporting this data 
point, the Bureau does not believe that such an approach is necessary 
given that it is not finalizing its proposed requirement to collect 
principal owners' ethnicity and race via visual observation or surname 
in certain circumstances. In addition, the Bureau does not believe that 
application method should be based on initial contact, as suggested by 
a few commenters. As explained by commenters, there could be multiple 
interactions between the lender and applicant throughout the pre-
application and application process. Thus, the initial interaction may 
not amount to an application submission because, for example, the 
initial contact was simply an inquiry.\603\ In light of commenters' 
concerns regarding the potential difficulties in identifying 
application method, the Bureau believes that its approach to final 
Sec.  1002.107(a)(3), which is tied to an applicant submitting an 
application, is preferable to the suggestions made by commenters.
---------------------------------------------------------------------------

    \603\ Under Sec.  1002.103(b)(2), a covered application does not 
include inquiries and prequalification requests.
---------------------------------------------------------------------------

    Regarding commenters' concerns about the utility of this data 
point, the Bureau believes that application method data will facilitate 
the fair lending and business and community development purposes of 
section 1071, as explained above. This information cannot be replicated 
by combining data points specifically enumerated in section 1071, such 
as census tract, with other publicly available data. Application method 
is not intended solely to identify ``credit deserts,'' as the commenter 
appeared to suggest, and although census tract information might 
provide information as to where the proceeds will be applied (or the 
location of the applicant's headquarters/main office, or another 
location), that does not necessarily indicate where (or how) the 
financial institution interacted with the applicant. With respect to 
comments stating that application method is not currently collected nor 
is it considered as part of the credit decision, the Bureau believes 
that removal of the proposed waterfall approach will make collecting 
this data easier than contemplated in the proposed rule.
    Finally, this data point was introduced with sufficient time for 
the public to provide feedback and offer alternatives. The data point 
was suggested by small entity representatives during the SBREFA process 
and was included in the SBREFA Panel Report. It was also included in 
the proposed rule and the Bureau specifically sought--and obtained--
comment on it. As noted, the Bureau has made changes as a result of 
that feedback.
107(a)(4) Application Recipient
Proposed Rule
    ECOA section 704B(e)(2)(H) authorizes the Bureau to require 
financial institutions to compile and maintain ``any additional data 
that the Bureau determines would aid in fulfilling the purposes of 
[section 1071].'' The Bureau believes that information regarding how an 
application is received will enhance small business lending data and 
aid in fulfilling the purposes of section 1071.
    The Bureau proposed Sec.  1002.107(a)(4), which would have required 
financial institutions to collect and report the application recipient, 
meaning whether the applicant submitted the covered application 
directly to the financial institution or its affiliate, or whether the 
applicant submitted the covered application

[[Page 35287]]

indirectly to the financial institution via a third party. Proposed 
comment 107(a)(4)-1 would have clarified that if a financial 
institution is reporting actions taken by its agent consistent with 
proposed comment 109(a)(3)-3, then the agent is considered the 
financial institution for the purposes of proposed Sec.  
1002.107(a)(4).
    The Bureau sought comment on its proposed approach to this data 
point.
Comments Received
    The Bureau received comments on the proposed application recipient 
data point from industry and community groups. A community group 
expressed its support, noting that in combination with the application 
method data point under proposed Sec.  1002.107(a)(3), it would help 
stakeholders determine whether traditional banking or online lending is 
most effective in reaching underserved small businesses or whether the 
effectiveness of the lending model depends on local context and 
conditions. A trade association also expressed its support, stating 
that the information can help data users understand the relationship 
between lender and applicant. This commenter further noted that 
recipient data would provide context for other collected and reported 
data and also improve transparency around when and whether an 
intermediary is considered a financial institution for the purposes of 
this data collection. In addition, a CDFI lender stated its general 
support of the Bureau's proposal to collect application recipient data.
    In contrast, a number of banks and trade associations opposed the 
Bureau's proposal to collect application recipient data for various 
reasons. One trade association raised a concern that the application 
recipient data point was not included in the SBREFA Outline and, along 
with several other industry commenters, pointed out it is not one of 
the data points expressly enumerated in ECOA section 704B(e)(2). 
Several industry commenters stated that the data are not currently 
collected and a few of these commenters further stated that such data 
are not used or considered in the underwriting decision. Several 
industry commenters argued that the data point is burdensome and two 
banks stated they would need to collect the data manually because their 
systems are not equipped to collect the data. Other industry commenters 
questioned the value of the data point or how it fulfills the statutory 
purposes of section 1071. One industry commenter stated it is not 
dispositive of fair lending violations. Two banks urged the Bureau to 
drop the data point from the final rule or provide an exemption for 
certain institutions. One of these banks urged the Bureau to drop the 
data point from the final rule because it does not have affiliates nor 
does it accept applications indirectly and thus would not provide any 
data. The other bank commented that community banks should be exempt if 
they do not use actual third parties, but instead use a third-party 
online application system within the bank's firewall, and suggested 
that the only reason this data point should apply is if a bank is truly 
working with a third party, not a vendor who helps manage online tools. 
A trade association urged the Bureau to eliminate the application 
recipient data point from the final rule until a later determination 
can be made regarding its necessity.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(4) and related commentary with a small modification for 
clarity. Final Sec.  1002.107(a)(4) requires the financial institution 
to report whether the applicant submitted the covered application 
directly to the financial institution or its affiliate, or whether the 
applicant submitted the covered application indirectly to the financial 
institution via a third party. Final comment 107(a)(4)-1 explains that 
if a financial institution is reporting actions taken by its agent 
consistent with comment 109(a)(3)-3, then the agent is considered the 
financial institution for the purposes of Sec.  1002.107(a)(4). The 
comment also provides an example. The Bureau believes data on 
application recipient will facilitate fair lending analysis and enable 
a better understanding of business and community development needs. 
Pursuant to ECOA section 704B(e)(2)(H), the Bureau believes that 
collecting data on application recipient will aid in fulfilling the 
purposes of section 1071.
    Regarding commenters' concerns that application recipient data are 
not currently collected nor used in underwriting decisions, the Bureau 
anticipates that financial institutions know and track how they receive 
applications for small business loans. The Bureau does not believe it 
would be difficult to track this information, even if the financial 
institution does not currently collect the information.
    With respect to the comments received that question how application 
recipient data fulfill the purposes of section 1071, the Bureau 
believes that collecting data on application recipient, in combination 
with application method, as discussed above, will improve the market's 
understanding of how small businesses interact with financial 
institutions when applying for credit which, in turn, will facilitate 
fair lending analysis, including the identification of risks in small 
business lending. Regarding the comment that application recipient data 
are not dispositive of fair lending violations, the Bureau agrees that 
such data would not be dispositive of a violation on their own, but 
believes data on application recipient can be used in combination with 
other data points or information to provide a more robust analysis. 
With respect to promoting the business and community development 
purposes of section 1071, the Bureau believes that data on application 
recipient will improve the public's understanding of the structure of 
small business lending originations across the market, the methods by 
which credit is originated for particular groups or underserved 
markets, and trends over time (for example, to the extent applicant 
preferences shift from in-person to online interactions). In addition, 
application recipient data may assist with an understanding of the 
business and community development needs of an area or applicant. For 
example, such data may help data users understand whether financial 
institutions making credit decisions are directly interacting with the 
applicant and/or generally operate in the same community as the 
applicant. Moreover, data on application recipient will allow the 
Bureau and data users to better understand the relationship between the 
covered financial institution and the applicant in the context of 
certain other data collected and reported under this final rule.
    The Bureau is not removing the application recipient data point 
from the final rule or providing an exemption, as suggested by some 
commenters, for financial institutions that do not have affiliates, do 
not accept applications indirectly, and/or do not use third parties. 
Some financial institutions employ a wide variety of lending models in 
extending credit to small businesses. They may receive applications for 
credit directly from the applicant and some financial institutions may 
receive applications routed to them through third parties, such as 
brokers or vehicle or equipment dealers. Some financial institutions 
issue credit cards branded for particular retailers, for which 
applications are taken in person at the retailer's store locations. 
Some brokers and dealers may send applications to a single financial 
institution, while others may

[[Page 35288]]

send them to multiple financial institutions at the same time. In these 
types of application scenarios involving third parties, the financial 
institution may not directly interact with the applicant at all during 
the application process. Information regarding whether the applicant 
submitted the application directly to the financial institution is 
necessary to further the purposes of section 1071, including by 
improving the market's understanding of how small businesses interact 
with financial institutions when applying for credit and whether the 
financial institution is operating in the same community as the small 
business. This is true even if a particular financial institution does 
not accept applications indirectly or does not use third parties, and 
reporting of this data point should be simple for financial 
institutions in that situation.
    Finally, this data point was introduced with sufficient time for 
the public to provide feedback and offer alternatives. It was also 
included in the proposed rule and the Bureau specifically sought--and 
obtained--comment on it. Given the wide variety of lending models 
financial institutions currently use when extending credit to small 
businesses, the Bureau believes it is timely and appropriate to include 
this data point in this final rule.
107(a)(5) Credit Type
Proposed Rule
    Section 1071 requires financial institutions to collect and report 
``the type and purpose of the loan or other credit being applied for.'' 
\604\ (The credit purpose data point is discussed in the section-by-
section analysis of Sec.  1002.107(a)(6) immediately below.) For HMDA 
reporting, Regulation C requires numerous data points that indicate the 
type of credit applied for or originated: the type of guarantees used; 
lien order; loan term; the presence of nontraditional contract terms 
including balloon, interest only, and negative amortization payments; 
variable rate information; open-end status; and reverse mortgage 
status.\605\ Section 1071 provides no additional information or details 
regarding what aspects of credit type should be collected and reported.
---------------------------------------------------------------------------

    \604\ ECOA section 704B(e)(2)(B).
    \605\ Regulation C Sec.  1003.4(a)(2), (14), (25), (27), (28), 
(37), and (38).
---------------------------------------------------------------------------

    The Bureau proposed in Sec.  1002.107(a)(5) to require that 
financial institutions collect and report the following information 
regarding the type of credit applied for or originated: (i) The credit 
product; (ii) The type or types of guarantees that were obtained for an 
extension of credit, or that would have been obtained if the covered 
credit transaction were originated; and (iii) The length of the loan 
term, in months, if applicable. These aspects of credit type are 
discussed in turn below. This proposal was consistent with the approach 
presented in the SBREFA Outline, and would have required the financial 
institution to choose the credit product and guarantee(s) from a 
specified list. (These lists were provided in the commentary 
accompanying proposed Sec.  1002.107(a)(5).) The lists included choices 
for ``Other'' and ``Not provided by applicant and otherwise 
undetermined,'' as appropriate, to facilitate compliance.
    The Bureau sought comment on its proposed approach to the credit 
type data point, including the lists of products and guarantees 
proposed and the other specific requests for input below.
    Credit product. The first subcategory the Bureau proposed to 
include in the credit type data point was the credit product (i.e., a 
commonly understood category of small business lending like term loans 
or lines of credit) which the Bureau considered to be an integral part 
of the statutory requirement to collect credit type.
    Proposed comment 107(a)(5)-1 would have presented the instructions 
for collecting and reporting credit product and the proposed list of 
credit products from which financial institutions would select. 
Proposed comment 107(a)(5)-1 would have explained that a financial 
institution would comply with Sec.  1002.107(a)(5)(i) by selecting the 
credit product requested from the list provided in the comment. It 
would also have explained that if an applicant requests more than one 
credit product, the financial institution reports each credit product 
requested as a separate application. Proposed comment 107(a)(5)-1 would 
have also explained that if the credit product for an application does 
not appear on the list of products provided, the financial institution 
would select ``other'' as the credit product and report the specific 
product via free-form text.
    Proposed comment 107(a)(5)-2 would have explained that, pursuant to 
proposed Sec.  1002.107(c)(1), a financial institution would be 
required to maintain procedures reasonably designed to collect 
applicant-provided data, which includes credit product. However, if a 
financial institution was nonetheless unable to collect or otherwise 
determine credit product information because the applicant did not 
indicate what credit product it sought and the application was denied, 
withdrawn, or closed for incompleteness before a credit product was 
identified, the proposed comment would have explained that the 
financial institution would report that the credit product was ``not 
provided by applicant and otherwise undetermined.''
    Proposed comment 107(a)(5)-3 would have explained how a financial 
institution would report a transaction that involves a counteroffer. 
The comment would have stated that if a financial institution presents 
a counteroffer for a different credit product than the product the 
applicant had initially requested, and the applicant does not agree to 
proceed with the counteroffer, a financial institution would report the 
application for the original credit product as denied pursuant to 
proposed Sec.  1002.107(a)(9). If the applicant agrees to proceed with 
consideration of the financial institution's counteroffer, the 
financial institution would report the disposition of the application 
based on the credit product that was offered, and would not report the 
original credit product applied for. In addition, proposed comment 
107(a)(5)-6 would have explained when ``other sales-based financing 
transaction'' would be used for reporting.
    The Bureau noted that, under its proposal, line increases would be 
reportable so that the small business lending market could be tracked 
accurately. See the section-by-section analysis of Sec.  1002.103(a) 
above for additional details. However, the Bureau did not propose that 
line increases be included as a separate item in the credit product 
list.
    The Bureau sought comment on its proposed approach to this 
subcategory, including the appropriateness and usefulness of the 
products included in the list, whether there were other products that 
should be added, and the proposed treatment of counteroffers. The 
Bureau also sought comment on how financial institutions currently 
handle increases in lines of credit and whether a line increase should 
be considered a credit product, and on whether an overdraft line of 
credit should be considered a product separate from a line of credit 
and thus added to the product list.
    Type of guarantee. The second data field the Bureau proposed to 
include in the credit type data point was guarantee. Proposed comment 
107(a)(5)-4 would have presented the instructions for collecting and 
reporting type of guarantee and the proposed list of guarantees from 
which financial institutions would select. Proposed comment 107(a)(5)-4 
would also have explained that a financial institution

[[Page 35289]]

complies with Sec.  1002.107(a)(5)(ii) by selecting the type or types 
of guarantee(s) obtained for an originated covered credit transaction, 
or that would have been obtained if the covered credit transaction were 
originated, from the list provided in the comment.
    Proposed comment 107(a)(5)-4 would have also explained that the 
financial institution may select, if applicable, up to a maximum of 
five guarantees for a single application or transaction. Small business 
credit may have more than one guarantee, such as an SBA guarantee and a 
personal guarantee, and the Bureau believed that more complete 
information could be collected by requiring as many as five to be 
reported.
    Proposed comment 107(a)(5)-4 would have also explained that if the 
type of guarantee for an application or originated transaction does not 
appear on the list of guarantees provided, the financial institution 
selects ``other guarantee,'' and reports the type of guarantee as free-
form text. As with credit product, the Bureau believed that allowing 
financial institutions to choose ``other'' when a guarantee for the 
application does not appear on the provided list would facilitate 
compliance. In addition, collecting this information on ``other'' 
guarantee types would assist the Bureau in monitoring trends in usage 
of other types of guarantees and key developments in the small business 
lending market, which the Bureau could use to inform any future 
iterations of the list.
    Finally, proposed comment 107(a)(5)-4 would have provided that if 
no guarantee is obtained or would have been obtained if the covered 
credit transaction were originated, the financial institution would 
select ``no guarantee.'' Because a small business credit transaction 
does not always involve use of a guarantee, the Bureau did not propose 
to include ``not provided by applicant and otherwise undetermined'' as 
an option. If no guarantee was identified for an application, the 
financial institution would report ``no guarantee.''
    The Bureau sought comment on its proposed approach to this 
subcategory, including the appropriateness and usefulness of the items 
listed, and whether there are other guarantees that should be added. 
The Bureau also sought comment on whether five is the appropriate upper 
limit for reporting guarantees.
    Loan term. The third subcategory the Bureau proposed to include in 
the credit type data point was the loan term. Proposed comment 
107(a)(5)-5 would have presented the instructions for collecting and 
reporting loan term. Specifically, it would have explained that a 
financial institution complies with proposed Sec.  1002.107(a)(5)(iii) 
by reporting the number of months in the loan term for the covered 
credit transaction, and that the loan term is the number of months 
after which the legal obligation will mature or terminate. The comment 
would have further explained how to measure the loan term and the 
possible use of rounding.
    Proposed comment 107(a)(5)-5 would have also made clear that if a 
credit product, such as a credit card, does not have a loan term, the 
financial institution would report loan term as ``not applicable.'' The 
financial institution would also report ``not applicable'' if the 
application is denied, withdrawn, or determined to be incomplete before 
a loan term has been identified.
    The Bureau sought comment on its proposed approach to this 
subcategory.
Comments Received
    The Bureau received comments on its proposed approach to the credit 
type data point from a number of banks, community-oriented lenders, 
trade associations, community groups, and others.
    Several commenters, including community-oriented lenders, community 
groups, a trade association, and a business advocacy group, supported 
the credit type data point as proposed, though some suggested small 
changes to the three individual subcategories discussed below. One 
commenter stated that to avoid the pitfalls that limited the use of 
HMDA data for spotting predatory trends in mortgages, the Bureau must 
collect sufficiently granular data on applicants and credit terms, 
including credit type. That commenter further stated that this 
information is critical because discrimination is not just evidenced in 
loan denials, but also less favorable credit terms. A community group 
stated that the information collected for the credit type data point 
would allow for more effective analysis than the current CRA small 
business information. A trade association stated that despite the added 
complexity of requiring three ``data points'' for the one listed in the 
statute, the Bureau has accounted for and addressed some of the 
concerns that community banks have raised related to credit type. That 
commenter went on to state its approval of the simple reporting of 
counteroffers and the ability to mark fields as ``not provided by 
applicant'' in the case of incomplete applications. Finally, a lender 
stated that it already collects the credit type information for the 
CDFI Fund.
    Only one commenter opposed the credit type data point as a whole, 
stating that credit type and other data points would be a waste of time 
and efficiency.
    Credit product. Two community groups and an auto finance trade 
association expressed support for the product list the Bureau proposed. 
The community groups stated that the list was nuanced and would provide 
useful differentiation between products. One explained that being able 
to determine which products were accessed could help in understanding 
bias in the credit market more accurately than CRA data currently 
allows for. An auto finance trade association specifically expressed 
support for the inclusion of ``other'' and ``unknown'' to facilitate 
compliance.\606\
---------------------------------------------------------------------------

    \606\ The proposed rule used the terms ``other'' and ``not 
provided by applicant and otherwise undetermined.''
---------------------------------------------------------------------------

    One commenter stressed the importance of providing detail in 
distinguishing credit products, and several commenters requested 
changes to the credit products list. A joint letter from community 
groups and business advocacy groups stated that there might be value in 
separating out mortgages, auto loans and equipment financing as 
discrete secured loan types but treating all other term loan 
applications together, rather than treating secured term loans as one 
category and unsecured term loans as another. A community group asked 
that refinances and renewals be added to the product list, stating that 
this information would help demonstrate community credit needs. That 
commenter went on to state that listing refinances in the credit 
purpose data point, as proposed, would be confusing, and that the 
Bureau should look at the ways refinances are reported under HMDA and 
CRA. Several minority business advocacy groups, along with a joint 
letter from community groups, community oriented lenders, and business 
advocacy groups, responded to the Bureau's request for comment by 
encouraging the Bureau to include ``overdraft line of credit'' in the 
list of credit products. These commenters stated that overdraft can 
contain hidden costs, so having a way to monitor lenders who provide it 
could be useful.. A trade association opposed the inclusion of 
overdraft line of credit in the credit products list, though it did not 
provide a reason. Several community groups commented that the Bureau 
should require reporting of collateral requirements and value, instead 
of simply requiring ``secured'' and ``unsecured'' for items in the 
credit product list. One of these commenters suggested that collateral 
info would

[[Page 35290]]

shed light on underwriting changes and approaches during various 
economic conditions, allow stakeholders to understand why pricing might 
be lower on some loans and the risk that some loans might pose to 
borrowers.
    A joint letter from community and business advocacy groups objected 
to the requirement to report each credit product requested as a 
separate application, stating that this would seem to require the 
lender to report each credit type requested as a separate application 
even when the applicant is seeking only one transaction but is open to 
alternative structures, and even though there would be only one action 
taken and one set of terms.
    Type of guarantee. Several community groups expressed support for 
including guarantees as part of the credit type data point. These 
commenters stated that data on government guarantee programs would 
allow for better analysis of their usage, including whether minority 
and women owned businesses are being steered to these loans. One of 
these commenters stated that requiring reporting on all types of 
guarantees would facilitate analysis of whether minority and women 
owned businesses were receiving more costly or onerous credit. That 
commenter also stated that personal guarantees can at times be abusive, 
and reporting of those would allow better monitoring of this issue. 
Although it did not specifically express support for requiring 
reporting of guarantees, a trade association for auto finance lenders 
stated that its members will have this information for reporting.
    Two industry commenters objected to the collection of guarantees as 
part of the credit type data point on the grounds that the statute does 
not require reporting of guarantees and asking that the credit type 
data point be limited to credit product and loan term. Those 
commenters, and several others who did not object to the general 
guarantee reporting requirement, were concerned in particular about the 
requirement to report what guarantees would have been obtained if the 
transaction had been originated. Some commenters stated that such a 
requirement extends into mere speculation, and would undermine the 
accuracy, reliability, and consistency of the data. Another commenter 
stated that it would not be possible to report what guarantees would 
have been obtained, and joint letter from community groups and business 
advocacy groups stated that the requirement could be problematic in the 
case of a declined application because the lender would be speculating 
as to potential guarantees, such as personal guarantees, from owners or 
non-owners. That comment went on to recommend that the Bureau either 
limit the reporting of this field to offers and counteroffers that are 
made (i.e., allow financial institutions to report type of guarantee as 
``not applicable'' for declined applications, as is permitted with 
respect to the loan term and loan pricing data fields) or, for declined 
applications, require reporting only if the requested guarantee were a 
government or programmatic guarantee (such as SBA, USDA or some other 
third-party guarantee program).
    A community group and two CDFI lenders requested that the list of 
guarantees be changed in certain ways. The community group stated that 
the data should distinguish whether the guarantee is offered by the 
natural person(s) owning the business or the business itself, because 
it matters whether a creditor can seize assets of a person or the 
business. One of the CDFI lenders requested that the guarantee 
categories be broken down further to detail collateral coverage, which 
is often the deciding factor on approval or denial, and because people 
of color own homes (and amass wealth) at much lower rates than whites. 
That commenter went on to suggest that these details could shed light 
on the credit needs of minority small business owners and whether 
financial institutions are applying collateral requirements equitably. 
The other lender requested that State guarantee and local guarantee be 
separated on the list, rather than the combined ``state or local 
guarantee'' that was proposed. That commenter stated that 
differentiating between the performance of these two levels of 
government would be critical for understanding the focus of future 
reforms or capital flows through these entities. The commenter also 
provided statistics suggesting that conflating State and local 
guarantees would not be as informative as separating them.
    Loan term. A community group and a community-oriented lender stated 
their support for the proposed loan term provision. The community group 
stated that loan term length influences pricing and other terms and 
conditions, and would help in explaining differences in these features. 
That commenter also suggested that loan term should be straightforward 
to report for lenders. In addition, a national auto finance trade 
association stated that its members would have this information to 
report.
    A number of banks and a trade association objected to the proposal 
to have the loan term measured from the first payment period rather 
than the date of origination. These commenters stated that they do not 
measure loan term in this way, and having to do so for reporting would 
cause unnecessary and significant compliance difficulties. They asked 
to be able to measure loan term from the date of origination of the 
credit. Another bank objected to the reporting of loan term for 
applications, stating that applicants seldom make an application that 
specifies the desired loan term.
    Although the proposed rule did not discuss how or whether merchant 
cash advance providers would report loan term, the Bureau did seek 
comment on proposed Sec.  1002.107(a)(12)(v) and its commentary, the 
pricing provision for merchant cash advances, including whether to 
require additional pricing information for merchant cash advances, and 
whether merchant cash advances could be structured in ways that evade 
the proposed reporting requirement. Two commenters urged the Bureau to 
make clear that merchant cash advance providers must report loan term, 
and must not use the proposed rule's provision stating that ``not 
applicable'' could be reported for a product that has no loan term. 
These commenters discussed the importance of loan term in comparing 
different credit pricing and stated that merchant cash advances are 
sometimes abusive and are used disproportionately by minority 
businesses. These commenters also stated that loan term can be readily 
ascertained for merchant cash advances and they described different 
methods for doing so. One method suggested was that when a merchant 
cash advance is paid off before reporting, the provider should report 
the actual length of time to repayment. In addition, they suggested 
that for a partially paid merchant cash advance the provider could 
project the amount of time to repayment based on the amount already 
paid. One of these commenters, a cross-sector group of lenders, 
community groups, and small business advocates, stated that merchant 
cash advance providers establish an estimated loan term when they 
underwrite an advance, and that most merchant cash advance contracts 
have an estimated payment amount.
Final Rule
    The Bureau is finalizing Sec.  1002.107(a)(5) certain changes to 
facilitate compliance and enhance the quality and usefulness of the 
data reported. Final Sec.  1002.107(a)(5) requires that financial 
institutions collect and report the following information regarding the 
type of credit applied for or originated: (i) the credit product; (ii)

[[Page 35291]]

the type or types of guarantees that were obtained for an extension of 
credit, or that would have been obtained if the covered credit 
transaction were originated; and (iii) the length of the loan term, in 
months, if applicable.
    The Bureau believes that it is reasonable to interpret the 
statutory term ``credit type'' to comprise the three required 
subcategories, because they are critical to understanding the nature of 
small business credit applied for and provided, as explained below. For 
the reasons discussed herein, the Bureau believes that the 
subcategories of credit product (including collateral), guarantee type, 
and loan term will aid in fulfilling the purposes of section 1071. 
Financial institutions generally have all of the information required 
for this data point when they process applications (and the reporting 
regime is sufficiently flexible when they do not), so the Bureau does 
not believe there is anything in this approach that will impose 
particular operational difficulty. Additionally, the Bureau believes it 
is reasonable to interpret type of credit ``applied for'' to include 
the type of credit actually originated when an application results in 
an extension of credit.
    The statutory term ``type . . . of the loan'' is ambiguous, and the 
Bureau reasonably interprets the term to include the credit product, 
any guarantee obtained, and the term of a loan because an accurate and 
useful record of the ``type'' of loan or credit would include those 
data fields. In the alternative, ECOA section 704B(e)(2)(H) authorizes 
the Bureau to require inclusion of ``any additional data that the 
Bureau determines would aid in fulfilling the purposes of [section 
1071],'' and for the reasons discussed herein, the Bureau has also 
determined that the subcategories of credit product (including 
collateral), guarantee type, and loan term will aid in fulfilling those 
purposes.
    Credit product. The Bureau is finalizing the credit product 
subcategory with certain changes to the associated commentary to 
facilitate compliance and enhance the quality and usefulness of the 
data reported. Final Sec.  1002.107(a)(5)(i) requires financial 
institutions to compile and maintain data on the credit product applied 
for or originated. The Bureau continues to consider credit product to 
be an integral part of the statutory requirement to collect credit 
type. The Bureau believes information about the various products sought 
by applicants will further the purposes of section 1071 by 
demonstrating, for example, how small businesses of different sizes or 
in different sectors choose to pursue, or ultimately access, different 
forms of credit.
    The Bureau distinguishes between secured and unsecured term loans 
and lines of credit in its list of credit products because it believes 
that whether a term loan or line of credit is collateralized can have 
such a significant effect on things like approval rates and pricing 
that secured and unsecured products fundamentally differ in kind. For 
this reason, the Bureau believes that including information on the use 
of collateral in the credit product subcategory will help data users to 
avoid inaccurate interpretations of data. The Bureau believes that 
whether a loan is secured or unsecured will be part of an application 
or loan file and, as a result, will not be operationally difficult to 
report once a financial institution's section 1071 compliance system is 
set up.
    Final comment 107(a)(5)-1 presents the instructions for collecting 
and reporting credit product and the list of credit products from which 
financial institutions will select. Comment 107(a)(5)-1 explains that a 
financial institution complies with Sec.  1002.107(a)(5)(i) by 
selecting the credit product applied for or originated from the list 
provided in the comment. The Bureau believes that the list of credit 
products provided in final comment 107(a)(5)-1 aligns with the most 
common types of credit products in small business lending. Final 
comment 107(a)(5)-1 also explains that if the credit product for an 
application does not appear on the list of products provided, the 
financial institution selects ``other'' as the credit product and 
reports the specific product via free-form text. The Bureau believes 
that allowing financial institutions to choose ``other'' when the 
credit product for the application does not appear on the provided list 
will facilitate compliance. In addition, collecting this information on 
``other'' credit products will assist the Bureau in tracking product 
trends and key developments in the small business lending market, which 
the Bureau can use to inform any future iterations of the list.
    Comment 107(a)(5)-1 also explains that if an applicant requests 
more than one credit product at the same time, the financial 
institution reports each credit product requested as a separate 
application. The issue of how to collect and report multiple products 
applied for at the same time affects several data points, but is most 
salient for credit type. The Bureau believes that requiring a separate 
application to be reported for each credit product requested will yield 
more complete and useful data, and that a financial institution will 
not experience operational difficulties in copying the relevant 
information, identical for most data points, to separate lines in the 
small business lending application register. However, the Bureau has 
changed the language regarding this requirement from the proposed rule, 
in order to clarify that when the applicant is seeking only one 
transaction but is open to alternative product types, the financial 
institution reports only one application. Comment 107(a)(5)-1 now 
includes instructions on how to report credit product when the 
applicant only requests a single covered credit transaction, but has 
not decided which particular product to request. The Bureau believes 
that this new language will facilitate compliance and lead to the 
collection of more accurate data. The issue of reporting requests for 
multiple covered credit transactions at one time is discussed more 
fully in the section-by-section analysis of Sec.  1002.103(a) above.
    As explained above, many commenters suggested changes to the list 
of products in comment 107(a)(5)-1. In regard to the requests to 
separate out mortgages, auto loans and equipment financing as discrete 
secured loan types, to include additional information about collateral, 
and to make ``refinancing'' a credit product rather than a credit 
purpose, the Bureau believes that its credit product taxonomy presents 
a clear, uncomplicated framework using the basic forms of credit 
extended to small businesses. Including types of collateral and 
different refinancings as part of credit products would complicate the 
taxonomy and introduce categorization difficulties, for example with 
partial refinancings. Under the final rule, these types of credit will 
be reported using the credit product applied for or originated, from 
the list in comment 107(a)(5)-1, and the extra information suggested 
may or may not be appropriately included in the credit purpose data 
point under Sec.  1002.107(a)(6), depending on the situation. 
Similarly, the Bureau believes that the overdraft aspect of overdraft 
lines of credit will best be reported using the credit purpose 
``overdraft,'' and that the credit product will then be reported as a 
line of credit, secured or unsecured. The Bureau believes that this 
arrangement will help preserve the uncomplicated framework of the 
credit products list. See the section-by-section analysis of Sec.  
1002.107(a)(6) below for further discussion.
    As a result of further analysis and consideration, the Bureau has 
made one change from the proposal to the final

[[Page 35292]]

credit products list in comment 107(a)(5)-1. The proposed ``credit card 
account'' product has now been separated into ``credit card account, 
not private-label,'' and ``private-label credit card account.'' The 
Bureau believes that private-label credit cards form a distinct and 
important market segment that operates differently from other credit 
cards, and this distinction will facilitate robust data analysis and 
better further the purposes of section 1071. The Bureau also believes 
that financial institutions will have the information needed for 
reporting these different types of accounts readily available, and so 
separating the two types will not cause operational difficulty. In 
addition to the change in the credit product list in comment 107(a)(5)-
1, the Bureau has added new comments 107(a)(5)-2 and -3 to explain the 
difference between these card products and facilitate compliance. Final 
comment 107(a)(5)-2 provides a definition of credit card accounts that 
are not private-label and includes instructions on reporting these 
products. Final comment 107(a)(5)-3 provides a definition of private-
label credit card accounts and includes instructions on reporting these 
products.
    The Bureau is also finalizing comments 107(a)(5)-4, -5 (which were 
numbered as comments 107(a)(5)-2 and -3 in the proposal) and comment 
107(a)(5)-6 as proposed. Final comment 107(a)(5)-4 describes the 
situation in which a financial institution reports that the credit 
product was ``not provided by applicant and otherwise undetermined.'' 
The Bureau believes that permitting this response will facilitate 
compliance and enhance the quality of data collected. As discussed 
above, commenters supported the flexibility afforded by this kind of 
response.
    Final comment 107(a)(5)-5 provides instructions on how a financial 
institution reports a transaction that involves a counteroffer. The 
comment states that if a financial institution presents a counteroffer 
for a different credit product than the product the applicant had 
initially requested, and the applicant does not agree to proceed with 
the counteroffer, a financial institution reports the application for 
the original credit product as denied pursuant to Sec.  1002.107(a)(9). 
If the applicant agrees to proceed with consideration of the financial 
institution's counteroffer, the financial institution reports the 
disposition of the application based on the credit product that was 
offered, and does not report the original credit product applied for. 
The Bureau believes that, in the complex circumstances created by 
counteroffers, the meaning of the type of credit ``applied for'' is 
ambiguous, and it is reasonable to interpret the credit product 
``applied for'' to mean the credit product considered via the 
applicant's response to the counteroffer. For a discussion of the 
Bureau's treatment of counteroffers more generally, see the section-by-
section analysis of Sec.  1002.107(a)(9) below.
    Final comment 107(a)(5)-6 explains that for an extension of 
business credit incident to a factoring arrangement that is otherwise a 
covered credit transaction, a financial institution selects ``other 
sales-based financing transaction'' as the credit product, and provides 
a cross reference to comment 104(b)-1. The Bureau believes that this 
explanation will facilitate reporting of applications involving this 
important market segment.
    Type of guarantee. The Bureau is finalizing the requirement to 
report guarantees as a subcategory of the credit type data point with 
changes to enhance the quality of the data collected and facilitate 
compliance. The final rule requires a financial institution to report 
the type or types of guarantees that were obtained for an extension of 
credit, or that would have been obtained if the covered credit 
transaction were originated.
    The Bureau considers the guarantee obtained for an extension of 
credit to be part of the credit ``type'' because it is fundamental to 
the nature of the transaction in that it meaningfully impacts terms 
such as interest rates, such that guarantee information can help to 
explain potential disparities in outcomes and reduce inaccurate 
conclusions, aiding in fulfilling the fair lending purpose of section 
1071. Indeed, in common parlance, small business credit transactions 
are often referred to using the name of the guarantee (e.g., ``a 7(a) 
loan,'' referring to the SBA 7(a) guarantee). Because various types of 
guarantees are available for different credit products, the Bureau 
believes that guarantee type should constitute a separate subcategory 
within the credit type data point, so that data users can conduct 
separate analyses with respect to credit product and guarantees, and to 
avoid excessive complexity in the credit product data field. The Bureau 
further believes that information on the distribution of government 
loan guarantees (such as those provided in SBA programs) across 
different geographic areas and applicant groups will allow a better 
understanding of how those programs function on the ground, aiding in 
fulfilling the business and community development purpose of section 
1071. As with collateral, information on guarantees is generally a part 
of an application or loan file and the Bureau does not believe it will 
be operationally difficult to report once a financial institution's 
1071 compliance system is set up.
    Final comment 107(a)(5)-7 (which was numbered as comment 107(a)(5)-
4 in the proposal) presents the instructions for collecting and 
reporting type of guarantee and the list of guarantees from which 
financial institutions will select. The Bureau believes the list of 
guarantee types provided in comment 107(a)(5)-7 aligns with the most 
common types of guarantees used in small business lending. Final 
comment 107(a)(5)-7 also explains that a financial institution complies 
with Sec.  1002.107(a)(5)(ii) by selecting the type or types of 
guarantee(s) obtained for an originated covered credit transaction, or 
that would have been obtained if the covered credit transaction were 
originated, from the list provided in the comment.
    The Bureau agrees with the commenters who suggested that clarity 
was needed on how to report guarantee type when the covered credit 
transaction is not originated. Consequently, comment 107(a)(5)-7 now 
states that if an application is denied, withdrawn, or closed for 
incompleteness before any guarantee has been identified, the financial 
institution selects ``no guarantee.'' The Bureau believes that this 
reporting option will facilitate compliance and result in the 
collection of more reliable data. The Bureau also agrees that 
separating State and local guarantees, so that they can be tracked 
individually, will enhance the quality of the data collected. Comment 
107(a)(5)-7 now includes separate items for these guarantee types, and 
states that the financial institution chooses State government 
guarantee or local government guarantee, as applicable, based on the 
entity directly administering the program, not the source of funding. 
The Bureau believes that this instruction will facilitate compliance 
and enhance the quality of the data collected. The Bureau also believes 
that differentiating between State and local guarantees will not cause 
operational difficulty for reporters because the financial institution 
will have the information in the loan file.
    The Bureau understands that there may be some value in collecting 
the additional information suggested by commenters on whether a natural 
person or business makes a guarantee and the nature of the collateral 
backing a guarantee. However, the Bureau

[[Page 35293]]

believes that these items will increase the complexity and operational 
difficulty of compliance in reporting the type of guarantee and has not 
included them in the final rule.
    Loan term. The Bureau is finalizing the requirement to report loan 
term as part of the credit type data point with certain changes to the 
associated commentary to facilitate compliance and enhance the quality 
of the data collected. Final Sec.  1002.107(a)(5)(iii) requires a 
financial institution to report the length of the loan term, in months, 
if applicable.
    As with the consumer lending market, the pricing and sustainability 
of closed-end credit transactions for small businesses are associated 
with term length, and without awareness of the term of the loan, data 
users will have less of an understanding of the types of credit being 
made available to applicants. Credit with a one-month term may differ 
not just in degree but in kind from credit with a 60-month term. The 
Bureau thus believes that the length of the loan term is a fundamental 
attribute of the type of credit that applicants are seeking such that 
it should be treated as a separate subcategory within credit type. As 
with other elements of the credit type data point, loan term 
information will allow data users to reduce inaccurate conclusions or 
misinterpretations of the data, aiding in fulfilling both the fair 
lending and business and community development purposes of section 
1071. Likewise, the loan term will be part of the application or loan 
file and should not be operationally difficult to report once a 
financial institution's 1071 compliance system is set up.
    Final comment 107(a)(5)-8 (which was numbered as comment 107(a)(5)-
5 in the proposal) presents the instructions for collecting and 
reporting loan term. Specifically, it explains that a financial 
institution complies with Sec.  1002.107(a)(5)(iii) by reporting the 
number of months in the loan term for the covered credit transaction, 
and that the loan term is the number of months after which the legal 
obligation will mature or terminate. In the proposed rule, this comment 
included language that would have required financial institutions to 
measure the loan term in the way that loan terms are generally 
described in real property transactions. However, the Bureau agrees 
with those commenters who stated that such a provision would create 
compliance difficulties. Although the final comment continues to allow 
the loan term to be measured for real property transactions in the way 
the Bureau proposed, it makes clear that loan term for small business 
credit is generally measured from the date of origination and should be 
reported that way.
    Final comment 107(a)(5)-8 also makes clear that if a credit 
product, such as a credit card, does not have a loan term, the 
financial institution reports loan term as ``not applicable.'' The 
Bureau believes that permitting the use of ``not applicable'' in these 
situations will facilitate compliance and aid in the collection of 
appropriate data. However, the Bureau does not consider products that 
have an estimated loan term, such as certain merchant cash advances and 
other sales-based financing transactions, as products that do not have 
a loan term. The Bureau agrees with those commenters who suggested that 
merchant cash advance providers should report loan term so that 
appropriate comparisons can be made with other products. Consequently, 
comment 107(a)(5)-8 now provides that for merchant cash advances and 
other sales-based financing transactions, the financial institution 
complies with Sec.  1002.107(a)(5)(iii) by reporting the loan term, if 
any, that the financial institution estimated, specified, or disclosed 
in processing or underwriting the application or transaction. The 
Bureau notes that loan term for a merchant cash advance or other sales-
based financing transaction can also be the estimated loan term 
disclosed in a State or locally required disclosure, if applicable. The 
comment also explains that if more than one loan term is estimated, 
specified, or disclosed, the financial institution reports the one it 
considers to be the most accurate, in its discretion. The Bureau 
believes that these instructions will enhance the quality of the data 
collected and facilitate compliance by providing clear guidance on 
these providers' reporting responsibilities. The Bureau chose not to 
use the other loan term measurements that commenters suggested because 
they would likely have introduced significant operational difficulty. 
The Bureau believes that merchant cash advance and other sales-based 
financing providers will not have operational difficulty reporting an 
estimate that they already possess. If a merchant cash advance or other 
sales-based financing provider does not estimate, specify, or disclose 
a loan term as part of the processing or underwriting of the 
application or transaction, the provider may report that the loan term 
is ``not applicable.''
    The proposed rule's loan term comment would have also provided that 
the financial institution would report ``not applicable'' if the 
application is denied, withdrawn, or determined to be incomplete before 
a loan term has been identified. However, in order to facilitate 
compliance, enhance the quality of information collected, and for 
consistency with the other data points in the final rule, final comment 
107(a)(5)-8 now provides that for a credit product that generally has a 
loan term, the financial institution reports ``not provided by 
applicant and otherwise undetermined'' if the application is denied, 
withdrawn, or determined to be incomplete before a loan term has been 
identified. The Bureau believes that the availability of this response 
will facilitate the reporting of the loan term subcategory for 
applications in these situations.
107(a)(6) Credit Purpose
Proposed Rule
    Section 1071 requires financial institutions to collect and report 
``the type and purpose of the loan or other credit being applied for.'' 
\607\ (The credit type data point is discussed in the section-by-
section analysis of Sec.  1002.107(a)(5) immediately above.)
---------------------------------------------------------------------------

    \607\ ECOA section 704B(e)(2)(B).
---------------------------------------------------------------------------

    The Bureau proposed in Sec.  1002.107(a)(6) to require that 
financial institutions collect and report the purpose or purposes of 
the credit applied for or originated. Proposed comment 107(a)(6)-1 
would have presented instructions for collecting and reporting credit 
purpose and would have provided the proposed list of credit purposes 
from which financial institutions would select.
    The proposed list of credit purposes was similar to the list in the 
SBREFA Outline, with certain adjustments. First, the items on the 
SBREFA list that described types of collateral, such as commercial real 
estate, were updated to more clearly reflect that the financial 
institution would be collecting and reporting the purpose of the loan, 
and not the form of collateral, though the form of collateral might be 
referred to in describing that purpose. In addition, the proposed 
listed purposes involving real property would have differentiated 
between dwelling and non-dwelling real property. The Bureau believed 
that this distinction would help in collecting more precise and useful 
data. To facilitate compliance the Bureau proposed to include ``not 
applicable'' in the purposes list for use when an application is for a 
credit product that generally has indeterminate or numerous potential 
purposes, such as a credit card. Proposed comment 107(a)(6)-5 would 
have also explained

[[Page 35294]]

the use of ``not applicable'' as a response.
    Proposed comment 107(a)(6)-2 would have explained that if the 
applicant indicated or the financial institution was otherwise aware of 
more than one purpose for the credit applied for or originated, the 
financial institution would have reported those purposes, up to a 
maximum of three, using the list provided, in any order it chose.
    Proposed comment 107(a)(6)-3 would have explained that if a purpose 
of the covered credit transaction did not appear on the list of 
purposes provided, the financial institution would report ``other'' as 
the credit purpose and report the purpose as free-form text. For 
efficiency and to facilitate compliance, proposed comment 107(a)(6)-3 
would have also explained that if the application had more than one 
``other'' purpose, the financial institution would choose the most 
significant ``other'' purpose, in its discretion, and would report that 
``other'' purpose. The comment would have then explained that a 
financial institution would report a maximum of three credit purposes, 
including any ``other'' purpose reported.
    Proposed comment 107(a)(6)-4 would have explained that, pursuant to 
proposed Sec.  1002.107(c)(1), a financial institution would maintain 
procedures reasonably designed to collect applicant-provided 
information, which would include credit purpose. However, if a 
financial institution was nonetheless unable to collect or determine 
credit purpose information, the financial institution would have 
reported that the credit purpose was ``not provided by applicant and 
otherwise undetermined.''
    In order to facilitate compliance, the Bureau also proposed 
comments 107(a)(6)-6 and -7. Proposed comment 107(a)(6)-6 would have 
clarified that, as explained in proposed comment 104(b)-4, subpart B 
did not apply to an extension of credit that was secured by 1-4 
individual dwelling units that the applicant or one or more of the 
applicant's principal owners did not, or would not, occupy. Proposed 
comment 107(a)(6)-7 would have clarified the collection and reporting 
obligations of financial institutions with respect to the credit 
purpose data point, explaining that the financial institution would be 
permitted, but not required, to present the list of credit purposes 
provided in comment 107(a)(6)-1 to the applicant. Proposed comment 
107(a)(6)-7 would have further explained that the financial institution 
would also be permitted to ask about purposes not included on the list 
provided in proposed comment 107(a)(6)-1. Finally, proposed comment 
107(a)(6)-7 would have clarified that if an applicant chose a purpose 
or purposes that were similar to purposes on the list provided, but 
used different language, the financial institution would report the 
purpose or purposes from the list provided.
    The Bureau sought comment on its proposed approach to the credit 
purpose data point. In addition, the Bureau sought comment on whether 
there were any purposes that should be added to or modified on its 
proposed list. In particular, the Bureau sought comment on the 
potential usefulness of including ``agricultural credit'' and 
``overdraft line of credit'' in the credit purposes list. Finally, the 
Bureau requested comment on whether further explanations or 
instructions with respect to this data point would facilitate 
compliance.
Comments Received
    The Bureau received comments on its proposed approach to the credit 
purpose data point from a number of lenders, trade associations, and 
community groups, along with a minority business advocacy group. 
Several community groups expressed support for the credit purpose data 
point as proposed by the Bureau, and a CDFI lender explained that it 
already collects this information. A community group stated that the 
proposal accurately captured the wide variety of credit purposes and 
then expressed specific support for distinguishing dwellings from non-
dwellings, allowing reporting of three credit purposes, and inclusion 
of the ``other'' category with a free-form text box. In addition, this 
commenter suggested that the proposed method for credit purpose 
collection could work well with the CRA.
    A trade association representing community banks also supported the 
proposal for credit purpose, especially the flexibility provided by the 
``not applicable'' and ``not provided by applicant and otherwise 
undetermined'' options, and the provision allowing a financial 
institution to report the credit purposes in any order it chooses, when 
the institution is aware of more than one purpose. That commenter said 
that these accommodations would facilitate compliance while still 
achieving the policy goals of the law. A trade association representing 
auto finance lenders also stated support for the flexibility provided 
by the ``not applicable'' and ``not provided by applicant and otherwise 
undetermined'' options. Two banks opposed the credit purpose proposal, 
explaining that it would require extensive changes and burdensome 
ongoing operations, and that the interplay with other regulatory 
requirements was unclear. One of these commenters also questioned the 
usefulness of the data collected. However, neither commenter suggested 
alternative ways to implement the statutorily required credit purpose 
data point.
    Several commenters asked that the Bureau clarify certain aspects of 
the credit purpose proposal. Two industry commenters requested 
clarification of the circumstances when institutions should use ``not 
provided by applicant and otherwise undetermined'' as opposed to ``not 
applicable.'' Several industry commenters requested guidance on when to 
use ``owner-occupied'' versus ``non-owner occupied'' for non-dwelling 
real property. Another asked about how to report when the loan is 
mixed-use (business and consumer purpose). A joint letter from 
community groups and community oriented lenders requested that the 
Bureau clarify that the category ``Working capital (includes inventory 
or floor planning)'' also includes salaries, rents, and other daily 
expenses. A credit union trade association suggested that the Bureau 
clarify how transactions should be reported when made directly to a 
sole proprietor, not to the business directly, explaining that credit 
unions may find it confusing to report a loan purpose that implies that 
the business itself is the recipient.
    Several commenters requested more substantial changes in the 
proposed credit purpose data point. Two joint comment letters, each 
representing multiple community groups and other entities, requested 
that the Bureau require more granular reporting in certain situations, 
especially with regard to real property loans. These comments suggested 
collecting real property loan data on rental purpose, whether buildings 
are mixed-use, the number and type of units in buildings, as well as a 
way to easily connect to a HMDA record for any loan that is reported 
under both regimes. One of these comments asked that the Bureau make it 
easier to determine if a capital expense loan is used to maintain a 
business or expand it. Another community group requested that the 
Bureau disaggregate the purchase-construction-repair purpose from 
refinancing for things like real estate, vehicles, and equipment, 
perhaps by adding a separate data point. Another requested that 
refinancings (along with renewals) should be listed as a credit product 
in the credit type data point, rather than as a credit purpose. That 
same commenter requested that financial institutions not be allowed to 
use their own list of purposes, as

[[Page 35295]]

proposed, and suggested that the Bureau consider providing a sample 
application form, which would include the rule's list of credit 
purposes, to facilitate data collection.
    Several industry commenters responded to the Bureau's request for 
comment on including ``agricultural credit'' as a credit purpose. These 
commenters mostly requested that new purposes specifically geared to 
agricultural lending be included, though they did not offer any 
examples of such purposes. The commenters emphasized that agricultural 
lending is different from other business lending and suggested that 
choosing from the credit purposes listed would be difficult for this 
market. A community group stated that it might be confusing to list 
agricultural credit as a credit purpose as the credit product data 
point would collect that they are farm loans.\608\
---------------------------------------------------------------------------

    \608\ The Bureau notes that the proposed rule did not expressly 
list agricultural loans (or similar) on either the credit products 
list or credit purposes list.
---------------------------------------------------------------------------

    Several community groups and a minority business advocacy group 
responded to the Bureau's request for comment on whether the final rule 
should include ``Overdraft line of credit'' as a credit purpose. These 
commenters supported inclusion of overdraft as a purpose, stating that 
it should be monitored for potential abuses, especially abuses in 
communities of color. No industry commenters discussed the possible 
inclusion of overdraft lines of credit as a credit purpose.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(6) and associated commentary with certain revisions for 
clarity, to improve the usefulness of the data collected, and to 
accommodate a new coverage exclusion for HMDA-reportable transactions. 
Final Sec.  1002.107(a)(6) requires that financial institutions collect 
and report the purpose or purposes of the credit applied for or 
originated.
    Final comment 107(a)(6)-1 provides instructions for collecting and 
reporting credit purpose and presents the list of credit purposes from 
which financial institutions will select. The final list of purposes is 
very similar to the proposed list but deletes two purposes that 
describe credit likely to be HMDA reportable, includes one additional 
purpose (``overdraft'') and makes minor edits to accommodate those 
changes and for clarity. The Bureau believes that the list of credit 
purposes provided in comment 107(a)(6)-1 appropriately aligns with the 
purposes of credit sought in the small business credit market.
    Because the Bureau is adopting an exclusion for HMDA-reportable 
credit, the proposed purposes list's differentiation between dwelling 
and non-dwelling real property is no longer necessary. In addition, the 
purposes in the list that pertained to dwellings were very likely to be 
HMDA-reportable, and so have been removed in the final rule. See the 
section-by-section analysis of Sec.  1002.104(b) above for further 
discussion of this exclusion.
    The Bureau agrees with the commenter who suggested that ``Working 
capital (includes inventory or floor planning)'' will often also 
include salaries, rents, and other daily expenses. However, the final 
rule does not include these items in the credit purposes list 
description of working capital because the Bureau believes the term is 
already clear, and listing these items may cause confusion as to other 
working capital items that are not listed.
    The Bureau has not added ``Agricultural credit'' or specific 
purposes associated with agricultural credit to the list of credit 
purposes in the final rule. First, although ``farm loans'' are not 
listed as a credit product in the credit type data point, the NAICS 
data point in final Sec.  1002.107(a)(15) will make clear when the 
small business borrower is an agricultural business. In addition, other 
business types are not included in the credit purposes list and doing 
so with agriculture could cause confusion. As far as including specific 
agricultural purposes in the purposes list, the commenters who 
suggested this did not provide examples, and the Bureau did not propose 
such purposes. Going forward, the Bureau may learn of specific 
agricultural credit purposes from the ``Other'' free-form text box, and 
if appropriate, potentially add them to the rule later.
    The Bureau agrees that overdraft should be separately identified as 
a credit purpose in the list in comment 107(a)(6)-1 in order to observe 
its use in the market. Rather than ``Overdraft line of credit'' as 
referenced in the proposal's preamble, the Bureau is using the term 
``Overdraft.'' In order to facilitate compliance regarding overdraft as 
a credit purpose, the Bureau is adding new comment 107(a)(6)-8 to the 
final rule, which makes clear that when overdraft is an aspect of the 
covered credit transaction applied for or originated, the financial 
institution reports ``Overdraft'' as a purpose of the credit. The new 
comment also explains that the financial institution reports credit 
type pursuant to Sec.  1002.107(a)(5)(i) as appropriate for the 
underlying covered credit transaction, such as ``Line of credit--
unsecured.'' The Bureau does not believe that reporting overdraft as a 
credit purpose will create operational difficulties for financial 
institutions because the information will be readily apparent as an 
aspect of the credit. Finally, new comment 107(a)(6)-8 makes clear that 
providing occasional overdraft services as part of a deposit account 
offering would not be reported for the purpose of subpart B.
    The Bureau is finalizing comments 107(a)(6)-2 through -5 with minor 
edits to accommodate the removal of purposes related to the exclusion 
for HMDA-reportable transactions and for clarity. Final comment 
107(a)(6)-2 explains that if the applicant indicates or the financial 
institution is otherwise aware of more than one purpose for the credit 
applied for or originated, the financial institution reports those 
purposes, up to a maximum of three, using the list provided, in any 
order it chooses. Since applicants may have more than one purpose for a 
credit transaction, the Bureau believes it is appropriate to require 
collection and reporting of more than one credit purpose for this data 
point in that situation. The Bureau believes that having financial 
institutions report up to three credit purposes will provide useful 
data. The Bureau also believes that allowing financial institutions 
discretion as to the order of the credit purposes reported will 
facilitate compliance.
    Final comment 107(a)(6)-3 explains that if a purpose of an 
application does not appear on the list of purposes provided, the 
financial institution reports ``other'' as the credit purpose and 
reports the credit purpose as free-form text. The Bureau believes that 
allowing financial institutions to choose ``other'' when a credit 
purpose for the application did not appear on the provided list will 
facilitate compliance. In addition, the Bureau believes that collecting 
this information on ``other'' credit purposes will assist in monitoring 
trends in this area and key developments in the small business lending 
market, which the Bureau can use to inform any future changes to the 
list.
    Final comment 107(a)(6)-4 makes clear that, pursuant to final Sec.  
1002.107(c)(1), a financial institution shall maintain procedures 
reasonably designed to collect applicant-provided data, which includes 
credit purpose. However, the comment further explains that if a 
financial institution is nonetheless unable to collect or determine 
credit purpose information,

[[Page 35296]]

the financial institution reports that the credit purpose is ``not 
provided by applicant and otherwise undetermined.'' The Bureau agrees 
with the industry commenters who stated that this provision would 
provide flexibility and believes that permitting use of this response 
will facilitate compliance and enhance the quality of data reported.
    In order to facilitate compliance, final comment 107(a)(6)-5 
explains that if the application is for a credit product that generally 
has indeterminate or numerous potential purposes, such as a credit 
card, the financial institution may report credit purpose as ``not 
applicable.'' As with the ``not provided by applicant and otherwise 
undetermined'' purpose, the Bureau agrees with the industry commenters 
who felt that this provision would provide appropriate flexibility. The 
Bureau does not believe that there will be confusion about the 
situations for which ``not provided by applicant and otherwise 
undetermined'' (as explained in final comment 107(a)(6)-4) and ``not 
applicable'' (as explained in final comment 107(a)(6)-5) are 
appropriate to use. The commenters who suggested that such confusion 
might occur did not explain why the proposed language would not be 
sufficient.
    Final comment 107(a)(6)-6 provides details on the collection of 
credit purposes by financial institutions. The comment states that, 
pursuant to Sec.  1002.107(c)(1), a financial institution shall 
maintain procedures reasonably designed to collect applicant-provided 
data, including credit purpose. In addition, the financial institution 
is permitted, but not required, to present the list of credit purposes 
provided in comment 107(a)(6)-1 to the applicant. The financial 
institution is also permitted to ask about credit purposes not included 
on the list provided in comment 107(a)(6)-1. If the applicant chooses a 
purpose or purposes not included on the provided list, the financial 
institution follows the instructions in comment 107(a)(6)-3 regarding 
reporting of ``other'' as the credit purpose. If an applicant chooses a 
purpose or purposes that are similar to purposes on the list provided, 
but uses different language, the financial institution reports the 
purpose or purposes from the list provided. The Bureau believes that 
the explanations and instructions in the final commentary accompanying 
Sec.  1002.107(a)(6) will reduce any confusion as to how a financial 
institution reports this data point when an application involves 
multiple credit purposes, and in other situations.
    The Bureau believes that prohibiting financial institutions from 
using their own credit purpose lists, as one commenter suggested, would 
not be appropriate because the Bureau does not have sufficient 
information to create a definitively comprehensive credit purposes list 
and wishes to provide institutions the flexibility appropriate to their 
market segment. In regard to that commenter's suggestion that the 
Bureau provide a sample application form, this issue is discussed in 
the section-by-section analysis of appendix E below. In addition, the 
Bureau does not believe additional clarification regarding how to 
report credit purpose for business loans made to sole proprietors is 
necessary.
    Because the Bureau is providing a complete exclusion for HMDA-
reportable transactions in the final rule, the Bureau is not finalizing 
proposed comment 107(a)(6)-6, which would have provided a cross-
reference to the partial exclusion for dwelling-secured credit in the 
proposed rule.
    New comment 107(a)(6)-7 explains that real property is owner-
occupied if any physical portion of the property is used by the owner 
for any activity, including storage. The Bureau adds this explanation 
in response to comments asking for clarity on this issue. The Bureau 
believes that the language provided clearly indicates the meaning of 
``owner-occupied'' for reporting purposes and will facilitate 
compliance and help in the collection of uniform data.
    In regard to the commenters that objected to the entire credit 
purpose data point as excessively burdensome and not providing useful 
information, the Bureau notes that this data point was specified by 
Congress in section 1071 as one that financial institutions must 
collect and report; these commenters did not suggest a different method 
of collection. The Bureau also believes, along with the national trade 
association representing small banks whose comment is described above, 
that the reporting accommodations included in the credit purpose 
provision will facilitate compliance while still achieving the policy 
goals of section 1071.
    Although some additional useful information might be collected if 
the Bureau were to expand the credit purpose data point to include the 
more granular reporting requested by community groups, such changes 
would make the collection more difficult for financial institutions as 
well as potentially confusing for small business applicants; the Bureau 
does not believe that further granularity is necessary at this time, 
especially at the risk of obtaining potentially less accurate or 
complete data overall. In regard to making ``refinancing'' a credit 
product rather than a credit purpose as proposed, the Bureau believes 
that its credit product taxonomy presents a clear, uncomplicated 
framework using the basic forms of credit extended. Making refinancing 
a product would complicate the taxonomy and introduce categorization 
difficulties, for example with partial refinancings. As for including 
renewals, the section-by-section analysis of Sec.  1002.103(b) above 
discusses this issue.
107(a)(7) Amount Applied For
Proposed Rule
    Section 1071 requires financial institutions to collect and report 
``the amount of the credit or credit limit applied for, and the amount 
of the credit transaction or the credit limit approved.'' \609\ The 
Bureau stated in the SBREFA Outline that it was considering requiring 
financial institutions to report the amount applied for data point 
using the initial amount of credit or credit limit requested by the 
applicant at the application stage, or later in the process but prior 
to the financial institution's evaluation of the credit request.\610\
---------------------------------------------------------------------------

    \609\ ECOA section 704B(e)(2)(C).
    \610\ SBREFA Outline at 28.
---------------------------------------------------------------------------

    The Bureau proposed Sec.  1002.107(a)(7) to require a financial 
institution to collect and report ``the initial amount of credit or the 
initial credit limit requested by the applicant.'' Proposed comment 
107(a)(7)-1 would have explained that a financial institution is not 
required to report credit amounts or limits discussed before an 
application is made, but must capture the amount initially requested at 
the application stage or later. In addition, proposed comment 
107(a)(7)-1 would have stated that if the applicant does not request a 
specific amount, but the financial institution underwrites the 
application for a specific amount, the financial institution reports 
the amount considered for underwriting as the amount applied for. 
Finally, proposed comment 107(a)(7)-1 would have instructed that if the 
applicant requests an amount as a range of numbers, the financial 
institution reports the midpoint of that range.
    To address the situation where the financial institution requests 
an amount applied for but the applicant nonetheless does not provide 
one, proposed comment 107(a)(7)-2 would have explained that, in 
compliance with proposed Sec.  1002.107(c)(1), a financial institution 
shall maintain procedures reasonably designed to collect

[[Page 35297]]

applicant-provided information, which includes the credit amount 
initially requested by the applicant. However, if a financial 
institution is nonetheless unable to collect or otherwise determine the 
amount initially requested, the financial institution would have been 
required to report that the amount applied for is ``not provided by 
applicant and otherwise undetermined.''
    Proposed comment 107(a)(7)-3 would have provided instructions for 
reporting the amount applied for in regard to firm offers. Proposed 
comment 107(a)(7)-3 would have explained that when an applicant 
responds to a ``firm offer'' that specifies an amount or limit, which 
may occur in conjunction with a pre-approved credit solicitation, the 
financial institution reports the amount applied for as the amount of 
the firm offer, unless the applicant requests a different amount. If 
the firm offer does not specify an amount or limit and the applicant 
does not request a specific amount, proposed comment 107(a)(7)-3 would 
have explained that the amount applied for is the amount underwritten 
by the financial institution.
    Proposed comment 107(a)(7)-4 would have explained that when 
reporting a covered application that seeks additional credit amounts on 
an existing account, the financial institution reports only the 
additional credit amount sought, and not any previous amounts sought or 
extended. The Bureau noted that a request to withdraw additional credit 
amounts at or below a previously approved credit limit amount on an 
existing open-end line of credit would not be a covered application, 
and so proposed comment 107(a)(7)-4 would not have applied to such a 
situation.
    The Bureau sought comment on its proposed approach to the amount 
applied for data point. The Bureau also requested comment on how best 
to require reporting of amount applied for in situations involving 
multiple products or credit lines under a single credit limit. The 
Bureau also requested comment on potential methods for avoiding 
misinterpretations of disparities between the amount applied for and 
the amount approved or originated. Finally, the Bureau requested 
comment on its proposed approach to reporting when a range of numbers 
is requested.
Comments Received
    The Bureau received comments from lenders, trade associations, 
community groups, and others regarding this proposed data point. 
Community groups and a CDFI lender supporting the Bureau's approach to 
the collection of the amount applied for data point. One commenter said 
that it works with minority farmers whose loans are approved for far 
less than what they originally applied for and that the data would give 
them information regarding lending practices involving minority farm 
businesses. Several commenters stated that amount applied for and 
amount approved or originated are key data for fair lending purposes. 
One said that Black-, Latino-, and Asian-owned businesses have been 
substantially less likely to receive the full small business loan 
amount requested than white-owned small businesses. Another commenter 
requested that the Bureau scrutinize lenders when the application and 
approval amounts are conspicuously close, especially if there is a 
disproportionate impact on women and minority-owned businesses, because 
some lenders may dissuade applicants from making a specific request and 
steer them to the considered underwriting amount that is lower than the 
financing need of the small business.
    A community group noted that amounts should not be reported in 
ranges since the statute requires reporting of amounts and furthermore, 
that ranges are not useful for assessing whether lenders are responding 
adequately to credit needs. This community group also commented that 
with respect to line increases, it makes sense for the lender to report 
the additional amount instead of the additional and original amount 
because it is more precise in terms of being able to assess whether 
credit needs are being met.
    Several industry commenters and a group of State banking regulators 
expressed concerns about collecting the data in light of the lending 
process where the ``amount applied for'' can fluctuate throughout the 
application stage. One trade association commented that financial 
institutions should not be required to report amounts stated before an 
application is made because applicants state a loan amount early on but 
that loan amount usually changes throughout the process for various 
reasons. Another stated that many business credit applications include 
offers, counteroffers, and negotiations. One commenter stated that even 
though the initial amount requested appears useful it does not reflect 
the true dynamic of the small business lending process. The commenter 
reasoned that it is not uncommon during the application process to see 
the actual loan amount fluctuate as the entrepreneur further refines 
their capital needs, and that makes tracking this type of information 
not particularly relevant or reflective of the process. A credit union 
trade association recommended that financial institutions have the 
discretion to report an ``amount applied for'' that is determined at a 
later stage, rather than at the first request of the applicant, because 
reporting the initial credit request could inaccurately represent the 
lending process. A group of state banking regulators commented that 
some applicants may not request an amount or may request a range, and 
some financial institutions will not require such information at the 
outset. They stated that mandating reporting of a requested loan amount 
would impose increased compliance burdens and has the potential to 
disrupt the relationship aspect of small business lending.
    Two industry commenters requested the Bureau clarify how financial 
institutions should report the amount applied for when a firm offer of 
credit specifies a range of possible amounts, for example, amounts 
between $20,000 and $40,000. These commenters stated they believe such 
offers should be deemed not to specify an amount or limit and that 
institutions should be able to report the amount underwritten as the 
amount applied for. They reasoned that reporting the top of the range 
as the amount applied for in these circumstances could be misleading 
because many applicants likely will not qualify for amounts at the top 
of the range. A bank suggested that when an applicant indicates a 
range, each financial institution should be able to decide whether to 
report the low, midpoint, or high end of the range so long as it is 
consistent for the financial institution's entire small business 
lending application register.
    Two business advocacy groups noted that uncertainty regarding key 
definitions could create compliance challenges and requested that the 
Bureau provide additional clarity as to the meaning of ``applied for.'' 
A bank stated that its systems do not have a way to collect and record 
this data point and that it would need to collect it manually, which 
would affect its ability to serve its customers and community.
    The Bureau did not receive comments on how best to require 
reporting for situations involving multiple products or credit lines 
under a single credit limit or potential methods for avoiding 
disparities between amount applied for and amount originated or 
approved.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(7) and associated commentary with revisions and an addition 
in the commentary for

[[Page 35298]]

clarity. The Bureau notes that for HMDA, Regulation C Sec.  
1003.4(a)(7) requires reporting of ``the amount of the covered loan or 
the amount applied for, as applicable,'' which requires reporting of 
the amount applied for only when the credit is not originated. Because 
section 1071 uses the conjunction ``and'' rather than ``or,'' the 
Bureau reads section 1071 to require collection and reporting of the 
amount applied for regardless of whether the application is ultimately 
approved or originated.\611\ The Bureau believes its interpretation of 
``the amount of the credit or credit limit applied for'' pursuant to 
ECOA section 704B(e)(2)(C) is reasonable and appropriate.
---------------------------------------------------------------------------

    \611\ The amount approved or originated data point is addressed 
in the section-by-section analysis of Sec.  1002.107(a)(8).
---------------------------------------------------------------------------

    With respect to the commenter that indicated that some lenders may 
dissuade applicants from making a specific request and steer them to 
the considered underwriting amount, which may be lower than their 
financing needs, the Bureau believes that it is necessary to capture 
both the amount applied for and amount approved or originated to 
fulfill the statutory purposes of section 1071, including facilitating 
fair lending enforcement. The Bureau believes the amount applied for 
and the amount approved data points are necessary to identify 
potentially discriminatory practices, such as discouragement or 
steering, in the lending process. For example, greater differences 
between amount applied for and amount originated among protected groups 
could indicate a fair lending concern. The Bureau notes that if a 
financial institution were to seek to unduly influence or alter the 
amount requested by the applicant in order to avoid reporting it, such 
conduct would violate the requirement in final Sec.  1002.107(c) to not 
discourage an applicant from responding to requests for applicant-
provided data and to maintain procedures to collect such data at a time 
and in a manner that are reasonably designed to obtain a response.
    Regarding commenters' concerns that the amount applied for can 
change throughout the lending process, the Bureau acknowledges that 
there could be complexity in pinpointing the specific initial amount 
requested by an applicant in the fluid process of a small business 
credit application. The Bureau acknowledges that this complexity could 
make this data point challenging for financial institutions to collect 
and report. Nonetheless, the statute requires that the amount applied 
for be reported, and the information is important for both of section 
1071's statutory purposes. The Bureau is finalizing comment 107(a)(7)-1 
with minor edits for clarification. Final comment 107(a)(7)-1 provides 
that the financial institution reports the initial amount of credit or 
the credit limit initially requested by the applicant at the 
application stage and is not required to report credit amounts or 
limits discussed before an application is made. The Bureau believes 
that this guidance will provide a flexible compliance regime that will 
accommodate different business practices. A financial institution will 
not be required to report amounts discussed before the application is 
made, which will accommodate preliminary informal interactions. 
Regarding the recommendation that financial institutions have the 
discretion to report an amount determined at a later stage rather than 
the initial request of the applicant, the Bureau notes that the statute 
requires the amount applied for to be reported even though a small 
business credit application process can be fluid. Therefore, a 
financial institution should report the initial request of the 
applicant if the lending process has already reached the application 
stage. In regard to ranges of amounts requested, the Bureau does not 
believe that permitting financial institutions to decide whether to 
report the low, midpoint, or high end of the range, as requested by a 
commenter, would yield data that will be comparable to the other data 
collected for this data point because different financial institutions 
will be applying different rules for what to report. The Bureau 
believes that more uniform information will be more useful and should 
not create extra difficulty for financial institutions to collect. 
Therefore, to facilitate compliance, final comment 107(a)(7)-1 provides 
that for amounts that were requested as a range of numbers, the 
financial institution reports the midpoint of the range. In addition, 
for clarity, the Bureau moved guidance on what to report if an 
applicant does not request a specific amount to final comment 
107(a)(7)-2, as explained below.
    With respect to the comment that an amount may not be initially 
required or that some applicants may not request an amount or may 
request a range, the Bureau understands that a specific amount may not 
be provided by the applicant and that a specific amount is often not 
required by many financial institutions for products such as credit 
cards, as the financial institution assigns the credit limit as part of 
the credit evaluation process. Final comment 107(a)(7)-2 provides that 
in situations where the applicant does not request a specific amount at 
the application stage, but the financial institution underwrites the 
application for a specific amount, the financial institution reports 
the amount that was considered in underwriting. Final comment 
107(a)(7)-2 also provides that if a particular type of credit product 
does not involve a specific amount requested, then the financial 
institution reports ``not applicable.'' The Bureau believes this method 
will aid compliance with section 1071 and yield appropriate data by 
avoiding the need to report a preliminary number when a financial 
institution's business practices do not result in there being such a 
number to report. For clarity, the Bureau moved guidance regarding 
amounts that are otherwise undetermined that was addressed in proposed 
comment 107(a)(7)-2 to final comment 107(a)(7)-5, as explained below.
    Regarding the request that the Bureau clarify how institutions 
should report the amount applied for when a firm offer of credit 
specifies a range of possible amounts, the Bureau added guidance in 
final comment 107(a)(7)-3 that addresses this situation. ``Firm 
offers'' involve solicitations to small businesses when they have been 
pre-approved for a term loan, line of credit, or credit card.\612\ The 
Bureau understands that financial institutions often provide an amount 
in such solicitations and the Bureau believes that when the applicant 
knows the amount of the pre-approval before responding, that figure 
could appropriately be considered as the amount applied for. However, 
if no amount appears in the pre-approved solicitation, the Bureau 
considers that an applicant responding to the firm offer has not 
requested a specific amount, and reporting of the amount underwritten 
would be appropriate. Final comment 107(a)(7)-3 provides that when an 
applicant responds to a firm offer, a financial institution reports the 
amount applied for as the amount of the firm offer, unless the 
applicant requested a different amount. If, on the other hand, the firm 
offer did not contain a specified amount and the applicant did not 
request one, then the financial institution reports the amount applied 
for as the amount that was underwritten. The Bureau did not propose 
guidance that addresses what financial institutions report when a firm

[[Page 35299]]

offer specifies a range of possible amounts. The Bureau agrees with the 
commenters that such offers should be treated similarly to those 
situations where a firm offer did not specify an amount. To address 
this scenario, final comment 107(a)(7)-3 states that if the firm offer 
specifies an amount or limit as a range of numbers and the applicant 
does not request a specific amount, the amount applied for is the 
amount underwritten by the financial institution. The Bureau believes 
that this guidance will aid compliance and yield useful data.
---------------------------------------------------------------------------

    \612\ See 15 U.S.C. 1681a(l); see also Regulation B comment 
12(b)(7)-1 (describing offers of credit).
---------------------------------------------------------------------------

    The Bureau is finalizing comment 107(a)(7)-4 as proposed. The 
comment explains that when reporting a covered application that seeks 
additional credit amounts on an existing account, the financial 
institution reports only the additional credit amount sought, and not 
any previous amounts extended.
    The Bureau added final comment 107(a)(7)-5 to address situations 
where the initial amount applied for cannot be determined. 
Specifically, the comment provides that under Sec.  1002.107(c)(1), a 
financial institution shall maintain procedures reasonably designed to 
collect applicant-provided data, which includes the credit amount 
initially requested by the applicant (other than for products that do 
not involve a specific amount requested). However, the Bureau 
understands that there may be situations in which amount applied for 
was not collected and could not be otherwise determined. Thus, final 
comment 107(a)(7)-5 provides that if a financial institution is unable 
to collect or otherwise determine the amount initially requested, the 
financial institution reports that the amount applied for is ``not 
provided by applicant and otherwise undetermined.'' The Bureau believes 
that providing this reporting flexibility will facilitate compliance by 
accommodating different business practices.
    With respect to the commenter that indicated that its systems do 
not have a way to collect this data point, the Bureau believes that the 
data on the amount applied for will generally be available in the loan 
files and should not present particular difficulties in reporting. 
Regarding the request from commenters that the Bureau provide 
additional clarity as to the meaning of applied for, the commenters did 
not indicate specific issues in the amount applied for data point that 
require clarification. The Bureau believes it has addressed in this 
final rule the requests for clarity from other commenters as well as 
other clarifications the Bureau believes are appropriate.
107(a)(8) Amount Approved or Originated
Proposed Rule
    Section 1071 requires financial institutions to collect and report 
``the amount of the credit transaction or the credit limit approved.'' 
\613\
---------------------------------------------------------------------------

    \613\ ECOA section 704B(e)(2)(C).
---------------------------------------------------------------------------

    Proposed Sec.  1002.107(a)(8) would have required that the amount 
approved or originated data point be collected and reported as follows: 
(i) for an application for a closed-end credit transaction that is 
approved but not accepted, the financial institution collects and 
reports the amount approved by the financial institution; (ii) for a 
closed-end credit transaction that is originated, the financial 
institution collects and reports the amount of credit originated; and 
(iii) for an application for an open-end credit transaction that is 
originated or approved but not accepted, the financial institution 
collects and reports the amount of the credit limit approved.
    Proposed comment 107(a)(8)-1 would have provided general 
instructions for the amount approved or originated data point, 
explaining that a financial institution reports the amount approved or 
originated for credit that is originated or approved but not accepted. 
For applications that the financial institution, pursuant to proposed 
Sec.  1002.107(a)(9), would have reported as denied, withdrawn by the 
applicant, or incomplete, the financial institution would have reported 
that the amount approved or originated is ``not applicable.''
    Proposed comment 107(a)(8)-2 would have explained that when a 
financial institution presents multiple approval amounts from which the 
applicant may choose, and the credit is approved but not accepted, the 
financial institution reports the highest amount approved. Proposed 
comments 107(a)(8)-3 and -4 would have provided specific instructions 
for identifying and reporting the amount approved or originated for 
closed-end transactions, including refinancings.
    Proposed comment 107(a)(8)-5 would have provided instructions 
regarding counteroffers and the amount approved or originated data 
point, explaining that if an applicant agrees to proceed with 
consideration of a counteroffer for an amount or limit different from 
the amount for which the applicant applied, and the covered credit 
transaction is approved and originated, the financial institution 
reports the amount granted. Proposed comment 107(a)(8)-5 would have 
further explained that if an applicant does not agree to proceed with 
consideration of a counteroffer or fails to respond, the institution 
reports the action taken on the application as denied and reports ``not 
applicable'' for the amount approved or originated. The proposed 
comment would have provided a reference to proposed comment 107(a)(9)-
2, which discusses the action taken data point in relation to 
counteroffers.\614\
---------------------------------------------------------------------------

    \614\ See the section-by-section analysis of Sec.  
1002.107(a)(9) for a complete discussion of how the final rule 
treats reporting obligations for applications involving 
counteroffers.
---------------------------------------------------------------------------

    The Bureau sought comment on its proposed approach to the amount 
approved or originated data point. The Bureau also requested comment on 
potential methods for avoiding misinterpretations of disparities 
between the credit amount or limit applied for and the credit amount or 
limit originated or approved and on the possible use of ranges of 
numbers for reporting the amount applied for and amount approved or 
originated data points. In addition, the Bureau requested comment on 
whether it would be useful and appropriate to require reporting of the 
amount approved as well as the amount originated for closed-end credit 
transactions.
Comments Received
    The Bureau received comments on the amount approved or originated 
data point from lenders, trade associations, and community groups. 
Almost all of the comments received supported the Bureau's proposal. A 
bank and a trade association commented that the Bureau's proposal is a 
reasonable and appropriate means of implementing the statutory 
requirement. A community group and a CDFI lender highlighted the 
usefulness of the data for fair lending purposes, including identifying 
potentially discriminatory lending practices. The CDFI lender suggested 
that the data can help show how financial institutions compare across 
key metrics and reveal capital gaps in the market that lenders may be 
able to fill. Two commenters supported the proposal's requirement that 
data collection on amount approved or originated be required for 
transactions that are approved but not accepted, not just those that 
are originated. A trade association commented that different standards 
are appropriate for closed-end and open-end products, while a community 
group noted that it is appropriate to report the credit limit in cases 
of open-end credit. Another trade association emphasized the Bureau's 
proposal regarding counteroffers and

[[Page 35300]]

that it appropriately allows for negotiations prevalent in small 
business lending. A community group requested that the Bureau not 
permit reporting of amounts in ranges, stating that the statute 
requires reporting of specific amounts and that ranges are not useful 
for assessing whether lenders are responding to credit needs 
adequately.
    Two banks expressed concerns about the overall proposed requirement 
to collect data on amount approved or originated. One suggested that 
the data are meaningless because the majority of loan requests at a 
community bank are not submitted formally and in most cases the amount 
approved is what was requested. That bank also noted that it would be 
rare for the amount to change and it does not have a way to currently 
track the information, thus adding burden. Another bank recommended 
that financial institutions should not be generally required to report 
information on applications where no credit was extended, such as 
applications that were not completed by the applicant or where the 
applicant did not accept the terms. This bank reasoned that the amount 
approved data point is irrelevant because the loan was not originated 
and that it does not further the purposes of section 1071 because the 
information would not help the Bureau materially understand credit 
opportunities nor help ensure fair lending laws are enforced.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(8) and associated commentary as proposed. The Bureau is 
also adding new comment 107(a)(8)-6. The Bureau reads the statutory 
language ``the amount of the credit transaction or the credit limit 
approved'' to require the amount of the credit limit approved to be 
reported for open-end applications, and the amount of the credit 
transaction to be reported for closed-end applications. The Bureau 
believes the phrase ``the amount of the credit transaction or the 
credit limit approved'' to be ambiguous in regard to closed-end 
transactions because the most common meaning of the word 
``transaction'' in the context for closed-end credit transactions would 
be an originated loan. Thus, the Bureau reasonably interprets the 
statute as requiring reporting of the amount originated for closed-end 
credit transactions. In the alternative, section 1071 authorizes the 
Bureau to include any ``additional data that the Bureau determines 
would aid in fulfilling the purposes of [section 1071].'' The Bureau 
believes that it is appropriate to use its exception authority under 
ECOA section 704B(g)(2) to require the amount originated, rather than 
the amount approved, for originated closed-end credit transactions, 
because excluding the amount approved for originated closed-end 
transactions, and requiring collection of the amount originated 
instead, would enhance the utility and quality of the data being 
reported, thus further the fair lending and business and community 
development purposes of section 1071.
    In response to the commenters' suggestion that data on applications 
should not be reported in situations where the application is withdrawn 
or incomplete as well as the commenter's suggestion that the data are 
meaningless, the Bureau believes there is value in the data to be 
reported, even if no amount is reported for the amount approved or 
originated data point. Other information to be reported for the 
application that was, pursuant to Sec.  1002.107(a)(9), withdrawn by 
the applicant or incomplete, can help further the fair lending and 
community development purposes of section 1071. For example, data from 
applications that are withdrawn or incomplete can help identify 
potential discriminatory practices in the application process and also 
indicate demand for credit by small business applicants. This would not 
be possible if data on applications that are withdrawn or incomplete 
are not reported. Accordingly, final comment 107(a)(8)-1 explains that 
for applications a financial institution, pursuant to Sec.  
1002.107(a)(9), reports as denied, withdrawn by the applicant, or 
incomplete, the financial institution reports that the amount 
originated or approved is ``not applicable.'' The Bureau also believes 
that reporting ``not applicable'' for amount approved or originated in 
certain circumstances will facilitate compliance for this data point.
    The Bureau does not believe, as suggested by one commenter, that 
data on applications where the applicant did not accept the terms would 
not further the statutory purposes of section 1071. The data will help 
facilitate fair lending enforcement by indicating the credit that had 
been offered to different types of applicants when the transaction does 
not close and there is no amount originated to report. Reporting data 
with respect to the amount approved will also aid in fulfilling the 
business and community development purpose of section 1071 by providing 
a more complete picture of the credit being offered to different 
businesses and communities.\615\
---------------------------------------------------------------------------

    \615\ The Bureau similarly believes that reporting the amount 
originated on closed-end credit transactions that are originated 
also fulfills the purposes of section 1071. For these transactions, 
reporting of the amount originated would aid in fulfilling the 
enforcement of fair lending laws by indicating the credit that had 
been provided to different types of applicants in actual 
transactions. It would also aid in fulfilling the business and 
community development purpose of section 1071 by providing a more 
complete and accurate picture of the credit actually being provided 
to different businesses and in different communities.
---------------------------------------------------------------------------

    As stated above, the Bureau is finalizing the commentary to Sec.  
1002.107(a)(8) as proposed. Final comment 107(a)(8)-2 provides guidance 
on reporting the amount approved or originated data point when the 
transaction involves multiple approval amounts. The Bureau believes 
that reporting the highest amount approved when credit is approved but 
not accepted will most accurately reflect the amount of credit that was 
made available to the applicant in this situation. Final comments 
107(a)(8)-3 and -4 provide guidance on reporting amount approved or 
originated for closed-end transactions and refinancings, respectively. 
Final comment 107(a)(8)-5 provides guidance on reporting amount 
approved or originated when the transaction involves counteroffers.
    The Bureau is adding comment 107(a)(8)-6 to provide guidance on 
reporting amount approved or originated with respect to existing 
accounts. Comment 107(a)(8)-6 provides that the financial institution 
reports only the additional credit amount approved or originated for an 
existing account, and not any previous amounts that were extended. The 
Bureau believes this will help facilitate compliance for this data 
point.
    The Bureau did not receive specific comments with respect to this 
data point on methods for avoiding misinterpretations of disparities 
between credit amount or limit applied for and credit amount or limit 
originated or approved and whether it would be useful and appropriate 
to require reporting of amount approved as well amount originated for 
originated closed-end credit transactions. The Bureau is therefore not 
requiring reporting of that additional data.
107(a)(9) Action Taken
Proposed Rule
    ECOA section 704B(e)(2)(D) requires financial institutions to 
report the ``type of action taken'' on an application.
    The Bureau proposed in Sec.  1002.107(a)(9) to require reporting of 
the action taken by the financial institution on the covered 
application, reported as originated, approved but not

[[Page 35301]]

accepted, denied, withdrawn by the applicant, or incomplete. In 
addition, the Bureau proposed to categorize all incomplete applications 
as a single category of ``incomplete,'' rather than following the 
approach in Regulation C of separately reporting denials based on 
incompletes and notices of incompleteness. Although the Bureau 
considered expanding the action taken codes to those currently used in 
Regulation C (including preapprovals or purchased loans), the Bureau 
did not believe those additional fields would have been appropriate or 
necessary in the context of section 1071 given the diversity of 
processes and other complexities in the small business lending space 
and because section 1071, unlike HMDA, does not expressly reference 
loan purchases.
    Proposed comment 107(a)(9)-1 would have provided additional clarity 
on when a financial institution should select each of the proposed 
action taken codes. The financial institution would have identified the 
applicable action taken code based on final action taken on the covered 
application.
    Proposed comment 107(a)(9)-2 would have provided instructions for 
reporting action taken on covered applications that involve a 
counteroffer, along with examples. The Bureau's proposed treatment of 
counteroffers would have aligned with how counteroffers are treated 
under existing Sec.  1002.9 notification procedures and how they are 
reported under Regulation C.\616\ The Bureau also considered, but did 
not propose, adding an action taken category or flag for counteroffers. 
The Bureau believed the addition of a counteroffer flag or field would 
have provided limited useful information beyond what would have been 
captured under the proposal.
---------------------------------------------------------------------------

    \616\ Regulation C comment 4(a)(8)(i)-9.
---------------------------------------------------------------------------

    Proposed comment 107(a)(9)-3 would have discussed reporting action 
taken for rescinded transactions. Proposed comment 107(a)(9)-4 would 
have clarified that a financial institution reports covered 
applications on its small business lending application register for the 
year in which final action is taken. Finally, proposed comment 
107(a)(9)-5 would have provided guidance for reporting action taken if 
a financial institution issues an approval that is subject to the 
applicant meeting certain conditions.
    The Bureau sought comment on proposed Sec.  1002.107(a)(9) and its 
associated commentary.
Comments Received
    The Bureau received comment on its proposal in Sec.  1002.107(a)(9) 
to require reporting of action taken from a wide range of lenders, 
trade associations, and community groups.
    Action taken categories in general. A number of commenters, 
including community groups, lenders, and a trade association supported 
the action taken reporting categories in proposed Sec.  1002.107(a)(9). 
Two industry commenters agreed that proposed Sec.  1002.107(a)(9) was a 
reasonable and appropriate means of implementing section 1071. One 
community group stated that the action taken codes are an essential 
metric to enforce fair lending laws and that the proposed action taken 
categories are substantially similar to those used for HMDA reporting, 
and so will be familiar to lenders. A joint letter from community 
groups, community oriented lenders, and business advocacy groups 
similarly supported use of the action taken fields that are also used 
for HMDA reporting. A trade association noted that action taken 
information is not typically collected by motor vehicle dealers in 
indirect vehicle finance transactions, but may be included by the 
finance source as part of the credit application decision.
    Some commenters focused on particular proposed action taken 
categories, urging the Bureau to retain a proposed action taken 
category and not combine categories. For example, a several lenders and 
community groups specifically supported collection on incomplete and 
withdrawn applications. They asserted that it is important to collect 
data on applications that do not go through the full lending process 
(i.e., through loan decisioning) in order to identify potential 
discouragement. Several commenters further explained that capturing 
incomplete and withdrawn applications would be important for fair 
lending assessments, as it would identify potential disparities in 
treatment, discouragement, and steering. In response to the Bureau's 
request for comment on whether to combine the ``withdrawn by 
applicant'' and ``incomplete'' categories, a community group supported 
the Bureau's proposed approach to keep the categories separate. The 
commenter asserted that data analysis and fair lending assessments 
would be more accurate if the withdrawn and incomplete categories are 
kept separate, as they represent different actions by the applicant. 
Another community group commenter supported distinct action taken 
categories for approvals and denials, noting, for example, research 
finding disparities in credit denials for Black, Latino, and Asian 
small businesses.\617\ A lender, however, urged the Bureau to use 
caution in interpreting and analyzing data collected under section 
1071, noting for example that a high denial rate for different types of 
businesses (e.g., small or minority-owned businesses) could be 
reflective of a financial institution's high volume of applications 
from such small businesses and not of a pattern of discriminatory 
lending.
---------------------------------------------------------------------------

    \617\ See Fed. Rsrv. Bank of Atlanta, Small Business Loan 
Turndowns, Personal Wealth and Discrimination (July 2002), https://www.federalreserve.gov/pubs/feds/2002/200235/200235pap.pdf.
---------------------------------------------------------------------------

    In response to the Bureau's request for comment on whether to 
retain the ``approved but not accepted'' category, two community groups 
urged the Bureau to include this category among the available action 
taken options. The commenters argued that the approved but not accepted 
category could be used to identify instances where an applicant was 
offered loan terms that did not meet the needs of the small business 
(such as high pricing or other unfavorable terms), and could be tracked 
to identify potential disparities among women-owned or minority-owned 
small businesses, or other vulnerable populations. Another commenter 
argued that data may be misconstrued if approved but not accepted loans 
are treated as ``denials.''
    In contrast, several community banks urged the Bureau to remove 
certain proposed action taken categories. For example, a community bank 
argued against use of withdrawn by applicant or denied action taken 
codes, stating that there was no reason to report such applications and 
it would violate the applicant's trust. A different community bank 
urged the Bureau to remove the incomplete category, noting that 
financial institutions treat incompleteness as a denial under existing 
Regulation B (because it requires an adverse action notice or a notice 
of incompleteness), and that such events are better captured as denials 
or withdrawals.
    In the NPRM, the Bureau also sought comment on whether the Bureau's 
proposal to categorize all incomplete applications as a single category 
of ``incomplete'' (closed or denied) should instead be reported 
consistent with the approach in Regulation C, which provides separate 
categories for denials (including on the basis of incompleteness) and 
files closed for incompleteness (if the financial institution sent a 
written notice of

[[Page 35302]]

incompleteness). A few industry and community group commenters 
specifically supported diverging from Regulation C and reporting 
denials based on incompleteness as ``incomplete'' applications, rather 
than ``denied'' applications. A CDFI lender and a community group 
stated that doing so would be in line with the intent of section 1071 
and would lead to more accurate data by reserving the denied category 
exclusively for creditworthiness and underwriting factors. One trade 
association stated that such reporting would be easier to comply with 
and provide less opportunity for data errors, while another trade 
association noted that additional subcategories of incomplete would 
create confusion and add difficulty for financial institutions.
    In contrast, several banks and a group of bank trade associations 
urged the Bureau to align reporting of incomplete applications with 
HMDA reporting. A bank commented that aligning with HMDA would increase 
efficiency for the customer, facilitate compliance, and ensure that 
financial institutions only need to collect data once. Similarly, 
several commenters argued that misalignment with HMDA would add 
substantial difficulty for financial institutions required to report 
under HMDA. However, some of those same commenters also stated that 
they were sympathetic to the Bureau's underlying reasons for wanting to 
report all incomplete applications in one category, and argued that 
this was further reason to exclude all HMDA transactions. A bank asked 
for clarification on how to report an application that results in 
adverse action based on incompleteness.
    Treatment of counteroffers. The majority of commenters to address 
the issue, including several lenders, trade associations, and a 
community group, supported the Bureau's proposal as related to 
counteroffers. In response to the Bureau's request for comment on 
whether counteroffers that are not accepted should be reported as 
``approved but not accepted,'' rather than ``denied,'' several 
commenters, including a community group and a CDFI lender, supported 
the Bureau's proposal that declined counteroffers would be recorded as 
denials and accepted counteroffers would be reported as originations. 
Several CDFI lenders further commented that this proposal would avoid 
lenders seeking to game the system and avoid reporting denials by 
giving unreasonable counteroffers likely to be denied by the applicant. 
In contrast, a trade association argued that counteroffers that are not 
accepted should be reported as ``approved but not accepted'' as it 
would better reflect the availability of credit. A bank asked how to 
report an accepted counteroffer that does not ultimately lead to an 
origination, and urged consistency with HMDA.
    In response to the Bureau's request for comment on whether to 
specifically capture data on counteroffers, several industry commenters 
supported the Bureau's proposal to not separately track counteroffers. 
One of these commenters urged the Bureau to not separately track 
counteroffer terms (such as the amount requested and approved) as it 
would create burden for financial institutions, and if the offer was 
ultimately accepted, would not provide meaningful data. Similarly, 
other industry commenters argued that determining what is a 
counteroffer would be difficult and it would be infeasible to capture 
all data points for each counteroffer. A bank said that small business 
lending involves many discussions between the lender and the applicant, 
and so capturing counteroffers would be extraordinarily complex and 
require additional training. The industry commenters also stated that 
capturing counteroffers could lead to confusion and data errors. One of 
the commenters further urged the Bureau to align with Regulation C, 
which it asserted does not require reporting of counteroffers.
    On the other hand, a CDFI lender and a joint letter from community 
and business advocacy groups urged the Bureau to require reporting of 
any counteroffers and their terms. These commenters suggested the 
Bureau modify the action taken fields to add ``counteroffer accepted'' 
and ``counteroffer rejected,'' and require reporting of pricing 
information on these options. The joint letter argued that separate 
reporting of counteroffers would provide visibility into pricing of 
credit offers made but not accepted or offers that otherwise do not 
result in an origination. The commenter further took issue with the 
aspect of the proposal that would require a lender to report it has 
denied an application, when it has in fact it had approved it on 
different terms. A CDFI lender similarly argued that the proposal 
provides a loophole for financial institutions, and urged the Bureau to 
require reporting of pricing on the initial request and any 
counteroffers to prevent exploitative lending. The commenter 
acknowledged, however, that the Bureau's proposal does not penalize 
entities seeking to provide assistance to businesses, which often 
entails multiple counteroffers to best meet the business's needs.
    Finally, the joint letter from community and business advocacy 
groups asserted that the proposed definition of a counteroffer is 
problematic. Under the proposal, a counteroffer was described to occur 
when a financial institution offers to grant credit on terms other than 
those originally requested by the applicant. The commenter stated, 
however, that nothing requires a lender to initially solicit from 
applicants what terms they are seeking (other than amount applied for 
and credit type), and so it would not be clear when to treat an offer 
as a ``counteroffer'' for purposes of the rule.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(9) with a minor revision for consistency, to require 
reporting of the action taken by the financial institution on the 
covered application, reported as originated, approved but not accepted, 
denied, withdrawn by the applicant, or incomplete. Most commenters to 
address this issue generally supported the Bureau's proposed action 
taken categories, noting that the approach was a reasonable one and 
would assist in fair lending enforcement.
    Although the Bureau sought comment on whether to remove or combine 
certain of the action taken categories, the Bureau is finalizing the 
list of categories as proposed in Sec.  1002.107(a)(9). The Bureau is 
not eliminating the ``approved but not accepted category''; data 
collected under this category would reflect demand for credit, and as 
noted by some commenters, could potentially be used to identify offers 
made that do not meet the needs of small businesses. Moreover, no 
commenter expressly urged the Bureau to remove the ``approved but not 
accepted'' category. The Bureau is also retaining the ``withdrawn by 
the applicant'' and ``incomplete'' action taken categories. As noted by 
some commenters, capturing data on incomplete and withdrawn 
applications is important to identifying potential discrimination and 
discouragement during the application process, and thus consistent with 
the purposes of section 1071. Next, the Bureau is keeping ``withdrawn 
by the applicant'' and ``incomplete'' as separate action taken 
categories; the categories represent different actions by the 
applicant, and so keeping them distinct will lead to more accurate data 
analysis, including better fair lending analysis. Moreover, the Bureau 
believes a high incidence of incomplete applications could potentially 
indicate that there is an issue with the level of

[[Page 35303]]

assistance provided by a financial institution (for example, not 
providing reasonable support or assistance to ensure an applicant 
satisfies all credit conditions; or providing more support to some 
applicants than others). Although a couple of community banks urged the 
Bureau to remove the ``denied,'' ``withdrawn by applicant,'' or 
``incomplete'' action taken categories as unnecessary or inconsistent 
with current lender practice, the Bureau believes retaining those 
categories further the purposes of section 1071, as described above.
    The Bureau is also finalizing Sec.  1002.107(a)(9) to require a 
financial institution to report all incomplete applications--whether 
the application is closed or denied based on incompleteness--as the 
``incomplete'' action taken category. While this proposed approach is 
not consistent with Regulation C comments 4(a)(8)(i)-4 and -6, there 
could be potential errors in the data if financial institutions report 
incomplete denials separate from notices of incompleteness. As noted by 
commenters, grouping all incomplete applications together would lead to 
more useful data by reserving the denied category solely for 
creditworthiness and underwriting decisions. Moreover, as noted by 
several commenters, grouping all incomplete applications in one 
category would be easier for financial institutions to implement. 
Although several industry commenters urged the Bureau to align 
reporting of incomplete applications with Regulation C in order to 
increase efficiency and facilitate compliance, those concerns are 
mitigated by the Bureau's decision to exclude reporting of all HMDA-
reportable transactions, as set forth in final Sec.  1002.104(b)(2). 
Indeed, one of the commenters advocating for alignment with Regulation 
C also stated that they were sympathetic to the Bureau's reasons for 
wanting all incomplete applications reported under a single category. 
In response to a commenter's question regarding the reporting of 
applications where an adverse action notice is provided based on 
incompleteness, under final Sec.  1002.107(a)(9), the financial 
institution would report such an application as ``incomplete,'' rather 
than ``denied.'' In response to another commenter's concern that data 
may be misconstrued if approved but not accepted loans are treated as 
``denials,'' the Bureau notes that there is a separate action taken 
category for ``approved but not accepted'' (see final Sec.  
1002.107(a)(9) and associated commentary for reporting of that action 
code).
    The Bureau is also finalizing as proposed its treatment of 
counteroffers in final comment 107(a)(9)-2. The Bureau agrees with 
commenters that this approach (requiring that counteroffers that are 
not accepted to be reported as ``denied,'' rather than ``approved but 
not accepted'') would prevent lenders from trying to improperly 
influence how their data are reported by extending unreasonable 
counteroffers that are likely to be denied. This approach is also 
consistent with existing Sec.  1002.9 notification procedures and 
reporting of counteroffers under Regulation C,\618\ and so will be 
familiar to financial institutions. In response to a commenter's 
concern that this approach would not capture the availability of credit 
(as rejected counteroffers would be reported as ``denials''), the 
Bureau believes the considerations noted above--preventing gamesmanship 
and consistency with existing Regulation B and Regulation C--outweigh 
the potential benefit of alternate reporting. In response to a 
commenter's question about how a financial institution reports an 
accepted counteroffer that does not ultimately lead to an origination, 
the Bureau directs the commenter to final comment 103(a)(9)-2, which 
provides that if an applicant agrees to proceed with consideration of 
the financial institution's counteroffer, the financial institution 
reports the action taken as the disposition of the application based on 
the terms of the counteroffer.
---------------------------------------------------------------------------

    \618\ Regulation C comment 4(a)(8)(i)-9.
---------------------------------------------------------------------------

    The Bureau is also finalizing comment 107(a)(9)-2 to not separately 
track counteroffers as an additional action taken category or flag. As 
noted by some commenters, it would be potentially infeasible to capture 
all data points for every back-and-forth counteroffer with an 
applicant, and attempting to do so would likely lead to confusion, 
heightened complexity, and data errors. The Bureau also believes that 
even without a counteroffer flag or field, the data will capture many 
of the terms of an accepted counteroffers (such as pricing, guarantee, 
etc.), as well as the amount initially requested by the applicant. 
Therefore, the addition of a counteroffer flag or field would provide 
limited useful information beyond what will already be captured under 
section 1071. Moreover, while a counteroffer flag or field might be 
useful as a screening tool for potential discrimination (for example, 
if women-owned businesses or minority-owned businesses are provided 
higher rates of counteroffers or denials compared to male- or non-
Hispanic white-owned businesses), a flag alone would lack any 
specificity that could be leveraged for further fair lending analysis.
    While several commenters urged the Bureau to require reporting of 
accepted and rejected counteroffers, as well as their pricing terms, 
the Bureau does not believe the benefits of additional reporting would 
outweigh the added complexity, logistical challenges, and potential 
data accuracy issues involved in reporting counteroffers. For example, 
while some commenters suggested adding counteroffer rejected and 
counteroffer accepted action taken categories, and to require reporting 
of pricing, the commenter does not explain how a financial institution 
would report multiple back-and-forth counteroffers connected to a 
single covered application, which some commenters report is typical in 
small business lending. Moreover, focusing solely on the pricing term 
of a counteroffer would leave unknown other material terms of a 
counteroffer, such the amount offered, duration, or a requirement to 
have a co-signer or guarantor. In response to commenters' concerns that 
not capturing counteroffers would mean a lack of visibility into 
counteroffers that are made but not accepted, the Bureau agrees that 
such information would not be captured, however, as described above, 
the Bureau believes that reporting of such data would add significant 
complexity, could undermine data quality, and would provide only 
limited additional benefits. Regarding some commenters' criticism that 
the definition of a counteroffer is flawed because it presumes a lender 
has solicited all requested terms from the applicant, the Bureau 
believes the description of a counteroffer in final comment 107(a)(9)-2 
as an offer to grant credit or terms other than those originally 
requested by the applicant is a reasonable one: an applicant will 
likely specifically request the terms most important to the applicant, 
the definition is consistent with existing Regulation B and Regulation 
C and so will be familiar to financial institutions, and the commenters 
do not propose an alternative.
    The Bureau is finalizing the commentary to Sec.  1002.107(a)(9) 
with minor revisions for clarity and consistency. Final comment 
107(a)(9)-1 provides additional clarity on when a financial institution 
should select each of the proposed action taken codes. The comment 
further clarifies that a financial institution identifies the 
applicable action taken code based on final action taken on the covered 
application.

[[Page 35304]]

    Final comment 107(a)(9)-2 provides instructions for reporting 
action taken on covered applications that involve a counteroffer, along 
with examples. As described above, final comment 107(a)(9)-2 provides 
that if a financial institution makes a counteroffer to grant credit on 
terms other than those originally requested by the applicant and the 
applicant declines to proceed with the counteroffer or fails to 
respond, the institution reports the action taken as a denial on the 
original terms requested by the applicant. If the applicant agrees to 
proceed with consideration of the financial institution's counteroffer, 
the financial institution reports the action taken as the disposition 
of the application based on the terms of the counteroffer.
    Final comment 107(a)(9)-3 discusses reporting action taken for 
rescinded transactions. Final comment 107(a)(9)-4 clarifies that a 
financial institution reports covered applications on its small 
business lending application register for the year in which final 
action is taken. Finally, final comment 107(a)(9)-5 provides guidance 
for reporting action taken if a financial institution issues an 
approval that is subject to the applicant meeting certain conditions.
107(a)(10) Action Taken Date
Proposed Rule
    In addition to requiring financial institutions to collect and 
report the type of action they take on an application, ECOA section 
704B(e)(2)(D) requires financial institutions to collect and report the 
``date of such action.''
    The Bureau proposed Sec.  1002.107(a)(10) to require action taken 
date to be reported as the date of the action taken by the financial 
institution. Proposed comments 107(a)(10)-1 through -5 would have 
provided additional details on how to report the action taken date for 
each of the action taken categories in proposed Sec.  1002.107(a)(9). 
For example, proposed comment 107(a)(10)-1 would have explained that 
for denied applications, the financial institution reports either the 
date the application was denied or the date the denial notice was sent 
to the applicant.
    Proposed comment 107(a)(10)-4 would have explained that for covered 
credit transactions that are originated, a financial institution 
generally reports the closing or account opening date. That proposed 
comment also stated that if the disbursement of funds takes place on a 
date later than the closing or account opening date, the institution 
may, alternatively, use the date of initial disbursement.
    The Bureau sought comment on its proposed approach to the action 
taken date data point as well as whether it should adopt data points to 
capture application approval date and/or the date funds are disbursed 
or made available.
Comments Received
    The Bureau received comments on the proposed action taken date data 
point from lenders, trade associations, and consumer groups. One 
commenter expressed its support for the data points regarding an 
application, including action taken date, noting that the data will 
provide insight regarding the quality of the capital accessed and that 
it will be useful in identifying potentially discriminatory lending 
practices, as well as highlight capital gaps in the marketplace that 
lenders may be able to fill. Furthermore, this commenter noted that the 
data will show how financial institutions compare across key metrics 
and help determine if the institution has equitable lending. Industry 
commenters expressed their support for the proposed data point as a 
reasonable and appropriate means of implementing the statutory 
requirement. A CDFI lender noted that defining ``action taken date'' as 
the one in which the financial institution acts is correct.
    Several commenters provided feedback on whether the Bureau should 
adopt separate data points for application approval date and the date 
funds were disbursed or made available. A trade association opposed 
adoption of separate data points for the date the application was 
approved and the date the funds were disbursed or made available. This 
trade association reasoned that it would add degrees of complexity to 
the compliance process and the Bureau would be chasing de minimis data 
points that have diminishing value. A bank also opposed the separate 
data points explaining that the Bureau would already gather enough 
information from gathering the application date and the action taken 
date to find timing discrepancies and suggested the Bureau focus more 
on underwriting data to determine discriminatory and other fair lending 
issues. A CDFI lender explained that in many cases the gap between an 
approval and disbursal of funds can be affected by several factors 
outside a lender's control, such as an applicant's availability to sign 
closing documents.
    On the other hand, three commenters urged the Bureau to adopt 
separate data points for application approval date and the date funds 
were disbursed or made available. A community group commented that 
separate data fields would be important for fair lending and community 
development purposes because if any institutions are delaying the 
availability of funds for unreasonable periods of time after loan 
approval, they would not be serving community needs, and it could also 
possibly indicate fair lending problems if protected classes 
disproportionately experience delays. Another community group suggested 
that discrimination in the agricultural industry occurs when loan 
approvals are delayed or not approved in a timely manner. This 
community group noted that untimely disbursement of funds could 
drastically impact the opportunity for a small business to succeed. 
They further noted that farmers lose entire seasons of income when the 
operating loans which they timely applied for are not approved in a 
timely manner. A third community group stated that lenders have a 
history of delaying loan approvals for farmers of color compared to 
white farmers.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(10) and its associated commentary with minor edits for 
clarity and consistency. The Bureau believes the action taken date data 
point is a reasonable interpretation of ECOA section 704B(e)(2)(D), 
which requires financial institutions to collect and report the ``date 
of such action'' taken on an application. The Bureau notes that its 
approach for this data point largely mirrors the Regulation C approach 
for action taken date in Sec.  1003.4(a)(8)(ii) and related commentary, 
with modifications to align with the action taken categories in final 
Sec.  1002.107(a)(9).
    Final Sec.  1002.107(a)(10) requires financial institutions to 
report the date of the action taken by the financial institution on the 
application. Final comments 107(a)(10)-1 through -5 provide guidance on 
how to report the action taken date for each of the action taken 
categories provided in final Sec.  1002.107(a)(9). For applications 
that were denied, final comment 107(a)(10)-1 provides that a financial 
institution reports either the date the application was denied or the 
date the denial notice was sent to the applicant. For applications that 
were withdrawn by the applicant, final comment 107(a)(10)-2 provides 
that a financial institution reports either the date the express 
withdrawal was received or the date shown on the notification form in 
the case of a written withdrawal. For applications that were approved 
but not accepted by the applicant, final

[[Page 35305]]

comment 107(a)(10)-3 provides that a financial institution reports any 
reasonable date, such as the approval date, the deadline for accepting 
the offer, or the date the file was closed. The comment notes, however, 
that the financial institution should generally be consistent in its 
approach.
    The Bureau is finalizing comments 107(a)(10)-4 and -5 with minor 
edits for clarity and consistency to facilitate compliance. Final 
comment 107(a)(10)-4 provides that for applications that result in an 
extension of credit, a financial institution generally reports the 
closing or account opening date. However, if the disbursement of funds 
takes place on a date later than the closing or account opening date, 
the institution may, alternatively, use the date of initial 
disbursement. The comment further provides that the financial 
institution should generally be consistent in its approach. Final 
comment 107(a)(10)-5 provides that for applications that are closed for 
incompleteness, a financial institution reports either the action taken 
date or the date the denial or incompleteness notice was sent to the 
applicant.
    The Bureau is not adopting in this final rule a requirement that 
financial institutions report both the date the application was 
approved and the date the funds were disbursed. Two of the commenters 
who requested this change specifically focused on loan approval delays, 
which seems to indicate the issue is with delays in the loan approval 
process rather than the timing of the fund disbursements or credit 
availability. The application date and action taken date together will 
provide information about the length of time it takes for an 
application to reach the credit decision. In addition, the Bureau 
believes that the time between a loan's approval and the date of funds 
availability is dependent on many factors, some of which may not be 
within the control of the financial institution, as suggested by a 
commenter. Accordingly, the Bureau is not adopting a requirement that 
financial institutions report, in all cases, the date the funds were 
disbursed or made available.
107(a)(11) Denial Reasons
Proposed Rule
    ECOA section 704B(e)(2)(H) authorizes the Bureau to require 
financial institutions to compile and maintain ``any additional data 
that the Bureau determines would aid in fulfilling the purposes of 
[section 1071].'' The Bureau proposed Sec.  1002.107(a)(11) to require 
financial institutions to collect and report the principal reason or 
reasons an application was denied.
    Proposed Sec.  1002.107(a)(11) would have required reporting of the 
principal reason or reasons the financial institution denied the 
covered application. Proposed comment 107(a)(11)-1 would have explained 
that a financial institution complies with proposed Sec.  
1002.107(a)(11) by reporting the principal reason or reasons it denied 
the application, indicating up to four reasons, and the financial 
institution would report only the principal reason or reasons it denied 
the application, even if there are fewer than four reasons. The 
proposed comment provided an example to illustrate. The proposed 
comment would have also stated that the reason(s) reported must 
accurately describe the principal reason or reasons the financial 
institution denied the application. Finally, the proposed comment 
provided a list of denial reasons from which financial institutions 
would select the principal reason or reasons for denying a covered 
application.
    Proposed comment 107(a)(11)-1 would also have explained that a 
financial institution would have reported the denial reason as 
``other'' where none of the enumerated denial reasons adequately 
describe the principal reason or reasons it denied the application, and 
the institution would report the denial reason or reasons as free-form 
text. Proposed comment 107(a)(11)-2 would have clarified that a 
financial institution complies with proposed Sec.  1002.107(a)(11) by 
reporting that the requirement is not applicable if the action taken on 
the application, pursuant to Sec.  1002.107(a)(9), is not a denial.
    The Bureau sought comment on its proposed approach to the denial 
reasons data point, including whether the denial reason categories 
listed in proposed comment 107(a)(11)-1 sufficiently cover the common 
credit denial reasons in the small business lending industry. The 
Bureau also sought comment on the potential utility of denial reason 
data as well as on the potential burdens to industry in reporting 
denial reasons, in light of the proposed denial reason categories and 
the data's ability to aid in fulfilling the purposes of section 1071.
Comments Received
    The Bureau received comments on the denial reasons data point from 
lenders, trade associations, and community groups. A number of these 
commenters supported the Bureau's proposal to collect data on denial 
reasons, stating that it would aid in fair lending analysis and further 
the community development purpose of section 1071. A community group 
said that an analysis of different types of lenders could determine 
whether industry-wide practices could be creating unnecessary barriers, 
and denial reason data could help to illuminate those practices. Some 
commenters noted that denial reasons can help policymakers and the 
public determine legitimate reasons that small businesses do not 
qualify for certain forms of credit and will, in turn, enable 
policymakers to work towards solutions. A trade association commented 
that the data has the potential to help identify ways to improve 
service in underserved communities and agreed this is an opportunity to 
provide financial institutions with data to evaluate their business 
underwriting criteria and address potential gaps as needed. Another 
community group stated that this data point is one of the single most 
important items the Bureau can collect in its aim to carry out section 
1071 and illuminate the reasons behind disparate results in small 
business lending. A bank commented that reporting of denial reasons 
would help identify roadblocks to gaining access to credit.
    Commenters generally agreed with the Bureau's approach to 
collecting reasons for denial. Community groups supported the range of 
the Bureau's proposed list of reasons for denial as well as the 
Bureau's proposal for a financial institution to select up to four 
reasons. A trade association commented that the proposed list of 
reasons for denial adequately cover the potential reasons and noted 
that the list largely aligns with the HMDA/Regulation C denial reasons. 
This commenter also noted the importance of the option for financial 
institutions to select ``other'' and report additional denial reason 
information as free-form text.
    Several community groups suggested that personal credit score must 
be included as an option as it is often cited as the reason for denial. 
They asserted that if low credit scores or other reasons for denial 
correlate with a business owner's race or location, but do not 
correlate with loan performance, then it would be important for lenders 
to use alternative methods for assessing creditworthiness that do not 
have a disparate impact on business owners of color or certain 
communities. Another commenter suggested that the Bureau consider 
clarifying the government criteria option, recommending that the option 
should only be used if no other principal reason applies and should 
come after other reasons to ensure that it does not mask those other 
reasons. A trade association suggested that the

[[Page 35306]]

Bureau allow financial institutions the discretion to choose whether to 
report the data; however, that commenter also indicated that if the 
Bureau were to require the denial reasons data point then the proposed 
denial reasons did represent a full picture of the typical reasons for 
denial. Other commenters suggested the Bureau follow the flexible 
approach of financial institutions providing denial reasons in ECOA 
adverse action notices. Two banks asked the Bureau to compare the 
reporting requirement against other reporting regimes, such as HMDA and 
CRA, to avoid duplicative and inconsistent reporting.
    Some industry commenters opposed the Bureau's proposal to collect 
denial reasons. A few commenters stated that these data are not tracked 
or maintained. A bank said stated they will need to build a new and 
independent tracking system if the data are mandated. A joint trade 
association letter noted that in indirect vehicle financing 
transactions, dealerships are not often provided and do not have access 
to reasons why a third-party financing source denied a credit 
application. A bank questioned what the Bureau intends to do with the 
data and stated that it is not necessary to meet the goals and 
requirements of section 1071. The bank further asserted that it would 
eventually result in additional regulatory requirements that continue 
to push small and mid-size lenders from the small business lending 
market. Another bank raised concerns about reporting denial reason 
data, asserting that there are multiple factors involved in the 
decisions and the use of raw data without any other means to evaluate 
the individual decisions made could lead to allegations of 
discrimination against banks based solely upon data that reflect 
disparate impact based on ethnicity, race, or gender. Another commenter 
expressed a similar concern that requiring denial reasons under certain 
categories could lead to damaging misinterpretations. A trade 
association urged the Bureau to drop the denial reasons data point from 
the final rule, stating that the requirement is drafted in a rigid 
manner that is unlikely to produce accurate or reliable data. That 
commenter also stated that the Bureau and other regulatory agencies 
already have access to these data because financial institutions are 
already providing denial reasons under the ECOA adverse action notice 
requirement. In addition, commenters further noted that the proposed 
denial reason data point is incompatible with the Bureau's flexible 
approach to providing adverse action reasons in ECOA adverse action 
notices.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(11) and associated commentary with minor revisions. The 
final rule requires that financial institutions collect and report, for 
denied applications, the principal reason or reasons the financial 
institution denied the covered application. The Bureau believes data 
regarding denial reasons will further the fair lending and business and 
community development purposes of section 1071. Data on denial reasons 
will allow data users to better understand the rationale behind denial 
decisions, help identify potential fair lending concerns, and provide 
financial institutions with data to evaluate their business 
underwriting criteria and address potential gaps as needed. Robust data 
on application denial reasons across applicants, financial 
institutions, products, and communities should help target limited 
resources and assistance to applicants and communities, thus furthering 
section 1071's business and community development purpose. Furthermore, 
data on denial reasons will help data users analyze potential denial 
disparities, and could facilitate more efficient and less burdensome 
fair lending examinations. Therefore, pursuant to ECOA section 
704B(e)(2)(H), the Bureau determines that collecting data on denial 
reasons would aid in fulfilling the purposes of section 1071.
    Final comment 107(a)(11)-1 explains that a financial institution 
reports the principal reason or reasons it denied the application, 
indicating up to four reasons and makes clear that the financial 
institution reports only the principal reason or reasons it denied the 
application. Final comment 107(a)(11)-1 also provides a list of denial 
reasons from which financial institutions select the principal reason 
or reasons for denying a covered application. In addition, final 
comment 107(a)(11)-1 explains that a financial institution reports the 
denial reason as ``other'' when none of the enumerated denial reasons 
adequately describes the principal reason or reasons it denied the 
application, and reports the denial reason or reasons as free-form 
text. The Bureau believes that including the option to select ``other'' 
will facilitate compliance and that collecting such information will 
enable the Bureau to observe trends and key developments in the small 
business lending market. In addition, the Bureau may use the 
information to inform any future iterations of the list.
    The Bureau is making a revision in comment 107(a)(11)-1.iii to 
change ``use of loan proceeds'' to ``use of credit proceeds'' to 
reflect commonly understood categories of small business lending like 
term loans or lines of credit. The Bureau is also making a 
clarification in comment 107(a)(11)-1.iii to broaden the scope of the 
``use of credit proceeds'' denial reason. Final comment 107(a)(11)-
1.iii explains that a financial institution reports the denial reason 
as ``use of credit proceeds'' if it denies an application because, as a 
matter of policy or practice, it places limits on lending to certain 
kinds of businesses, products, or activities it has identified as high 
risk. The Bureau is removing the example provided in the proposed rule 
because the Bureau does not believe an example is necessary and 
financial institutions know what they consider to be high risk to them. 
Moreover, financial institutions may have different policies on credit 
activities or products they consider high risk such that a high risk 
activity or product to one financial institution may not be considered 
high risk to another.
    The Bureau is also making a minor revision in comment 107(a)(11)-
1.v to clarify that a denial reason based on collateral refers to 
collateral that was insufficient or otherwise unacceptable to the 
financial institution. The Bureau also removed the example that 
appeared in proposed comment 107(a)(11)-1.vi.
    The Bureau is making a minor change in comment 107(a)(11)-1.vii to 
clarify that a denial reason based on ``government criteria'' refers to 
government loan program criteria. Government loan program criteria for 
this purpose refers to those loan programs backed by government 
agencies that have specific eligibility requirements. Accordingly, 
final comment 107(a)(11)-1.vii lists ``government loan program 
criteria'' as a denial reason option.
    The Bureau does not share the concerns raised by commenters that 
denial reason data may lead to unjustified conclusions that do not 
necessarily meet the goals and purposes of section 1071. Rather, as 
explained above, the Bureau believes data on denial reasons can help 
identify potential lending concerns and help data users analyze 
potential denial disparities. In fact, the Bureau believes that 
including denial reasons in 1071 data should reduce the risk of 
inaccurate accusations of fair lending violations, as it would allow 
financial institutions to point to potentially legitimate reasons for 
disparities.

[[Page 35307]]

    With respect to the comments that denial reasons are not currently 
tracked or maintained, the Bureau believes that most financial 
institutions already have information on denial reasons, or at least 
should be prepared to provide the information. The Bureau understands 
from commenters that there may be creditors that are not subject to the 
adverse action notice requirements under Regulation B and such 
institutions may face greater challenges in implementing the denial 
reason data reporting requirement than those institutions that are 
already subject to Regulation B requirements.\619\ Nevertheless, the 
Bureau believes that data on denial reasons will further the fair 
lending and business and community development purposes of section 1071 
by helping to identify potential fair lending concerns and providing 
financial institutions with data to evaluate their lending criteria and 
address potential gaps. Moreover, data on denial reasons not only help 
identify potential fair lending concerns, but are critical to 
understanding the rationale behind a financial institution's decision 
to deny credit, which can provide small business applicants the 
information they need to be able to access capital.
---------------------------------------------------------------------------

    \619\ Existing Sec.  1002.9(a)(3) requires creditors to provide 
the specific reasons for adverse action taken or to notify business 
credit applicants of their right to request the reasons for denying 
an application or taking other adverse action.
---------------------------------------------------------------------------

    For transactions involving indirect vehicle financing where the 
dealership may not have the reasons why a third-party financing source 
denied a credit application, the Bureau believes that the entity that 
makes the final credit decision will be able to provide or obtain the 
reasons for denying a credit application. See section-by-section 
analysis of Sec.  1002.109(a)(3) for a discussion of which institutions 
have a reporting obligation in transactions involving multiple 
financial institutions.
    With respect to the suggestion from a commenter that the Bureau 
should allow financial institutions to report denial reason data 
voluntarily, the Bureau believes optional reporting is not the 
appropriate approach, given the need for consistent and meaningful data 
to further the purposes of section 1071.
    Regarding the suggestion that the denial reason data point in the 
final rule should mirror the HMDA reporting requirements or other 
reporting regimes, the Bureau's approach to the final rule is to 
largely mirror the Regulation C reporting requirements but with 
modifications that better reflect the business or agricultural lending 
(rather than mortgage lending) context. The Bureau believes that 
aligning closely to a known regulatory scheme, such as Regulation C, 
will facilitate compliance. Regarding the suggestion that the Bureau 
provide more flexibility so that financial institutions can report the 
reasons that were provided in an adverse action notice, the Bureau 
believes, and as a commenter noted, the denial reasons proposed and 
finalized in this rule are a comprehensive list and represent a full 
picture of the common denial reasons for small business credit. In 
addition, the Bureau believes the inclusion of ``other'' as a reason 
for denial and the free-form text field, which will enable financial 
institutions to report a denial reason that is not otherwise listed, 
will provide flexibility, and will facilitate compliance.
107(a)(12) Pricing Information
Proposed Rule
    ECOA section 704B(e)(2)(H) authorizes the Bureau to require 
financial institutions to compile and maintain ``any additional data 
that the Bureau determines would aid in fulfilling the purposes of 
[section 1071].'' The Bureau proposed, in Sec.  1002.107(a)(12), to 
require financial institutions to report certain pricing information 
for covered credit transactions. Specifically, proposed Sec.  
1002.107(a)(12)(i)(A) would have required financial institutions to 
report the interest rate that is or would be applicable to the covered 
credit transaction; proposed Sec.  1002.107(a)(12)(ii) would have 
required financial institutions to report the total origination charges 
for a covered credit transaction; proposed Sec.  1002.107(a)(12)(iii) 
would have required financial institutions to report the broker fees 
for a covered credit transaction; proposed Sec.  1002.107(a)(12)(iv) 
would have required financial institutions to report the total amount 
of all non-interest charges that are scheduled to be imposed over the 
first annual period of the covered credit transaction; proposed Sec.  
1002.107(a)(12)(v) would have required financial institutions to 
report, for merchant cash advances or other sales-based financing 
transactions, the difference between the amount advanced and the amount 
to be repaid; and proposed Sec.  1002.107(a)(12)(vi) would have 
required financial institutions to report information about any 
prepayment penalties applicable to the covered credit transaction.
    Proposed comment 107(a)(12)-1 would have clarified that, for 
applications that the financial institution reports as denied, 
withdrawn by the applicant, or incomplete, the financial institution 
reports pricing information as ``not applicable.'' Proposed Sec.  
1002.107(a)(12) would have applied only to credit transactions that 
either have been originated or have been approved by the financial 
institution but not accepted by the applicant.
Comments Received
    The Bureau sought comment on proposed Sec.  1002.107(a)(12) and its 
commentary, including on additional information that could help reduce 
misinterpretations of disparities in pricing, such as more information 
about the nature of the collateral securing the credit. The Bureau also 
sought comment on ways to reduce burden on financial institutions with 
respect to overlaps or conflicts between State law disclosure 
requirements and the Bureau's proposal. Numerous commenters addressed 
the proposed pricing data point in their feedback. The Bureau addresses 
feedback on proposed Sec.  1002.107(a)(12) generally in this section; 
feedback on specific aspects of proposed Sec.  1002.107(a)(12)(i) 
through (vi) is addressed in the section-by-section analyses that 
follow.
    Many commenters expressed views on whether the Bureau should 
require financial institutions to report any pricing data. Some 
commenters, including community groups, trade associations, a lender, 
and a technology service provider, supported the inclusion of pricing 
information. These commenters stated pricing information will help data 
users understand not simply whether credit is available to certain 
borrowers, but the terms of such credit. Several community groups said 
that pricing information would help with fair lending analysis, with 
one community group stating that academic research and mystery shopping 
tests suggested the presence of discrimination in the small business 
lending market. Other community groups said that pricing information 
would allow users to identify unmet business needs. A community group 
commented that lenders were already collecting much of the proposed 
pricing data for SBA and CDFI programs, while a trade association 
supported the proposal but noted that CDFIs would need more time to 
comply than larger financial institutions.
    Industry commenters generally opposed including pricing information 
in the final rule. These commenters made several arguments in support 
of their position. First, they asserted that the final rule should 
include only data points specifically enumerated in the

[[Page 35308]]

statute. One commenter suggested that because pricing was not expressly 
enumerated in the statute, Congress therefore did not intend for the 
data collected and reported pursuant to section 1071 to include pricing 
information. Other commenters said that pricing data (along with other 
data points adopted pursuant to ECOA section 704B(e)(2)(H)) would 
increase the burden on financial institutions because, for example, 
pricing information can change throughout the application and 
underwriting process. And several industry commenters who generally 
objected to the inclusion of any data points pursuant to section 
704B(e)(2)(H) claimed that lenders lack systems that can calculate or 
collect all the proposed pricing data.
    Second, these commenters stated that commercial financing is less 
standardized than consumer financing, such that pricing is influenced 
by a wide variety of factors that they believed would not be adequately 
reflected in the 1071 data. Factors cited included the credit score of 
the applicant, the nature and value of collateral, the loan purpose and 
type, the presence of bundled services, the applicant's cash flow, the 
type of business, the size of any down payment, the strength of any 
guarantee, and debt service coverage ratio. Commenters elaborated on 
certain factors specific to certain financial institutions or 
transaction types. For example, a few commenters stated that community 
banks might make loans with higher interest rates than other lenders to 
comply with safety and soundness requirements. Some agricultural 
lenders and a trade association commented that farm credit borrowers 
periodically receive patronage dividends from lenders, which 
effectively lowers the cost of credit. And a group of trade 
associations representing the insurance premium financing industry 
stated that the pricing of insurance premium financing is determined 
almost entirely by the value of the unearned premiums, negating the 
benefit of pricing data for these transactions.
    The absence of information about these other factors affecting the 
price of credit, commenters argued, would cause data users to draw 
inaccurate conclusions when analyzing pricing in the 1071 data. As a 
result, commenters claimed, financial institutions would suffer 
reputational harm from erroneous accusations of fair lending violations 
or other harmful pricing practices. However, a community group 
commented that advocates knew how to responsibly use pricing data and 
typically approach regulators or industry before publicizing pricing 
discrepancies. Industry commenters also argued that misleading data 
would reduce financial institutions' willingness to consider 
individualized factors in the lending process, restricting the 
availability of credit to small business applicants.
    Many industry commenters also opposed the disclosure of any pricing 
information because of competition and privacy concerns. These 
commenters claimed that disclosure would reveal confidential 
information that would put financial institutions at a disadvantage. 
For example, competitors could attract borrowers with loans that were 
cheaper but inferior in other respects. These commenters also asserted 
that disclosure of pricing information would harm the privacy interests 
of applicants, especially in small communities where users could re-
identify borrowers.
    Instead of including pricing information in the final rule, several 
industry commenters suggested that analysis of pricing data was more 
appropriate in the supervision and examination context. One trade 
association asserted that requiring pricing data in the rule would be 
redundant of, or usurp, the supervisory activities of the prudential 
regulators because those agencies also collect and use pricing 
information in their exams. Another group of trade associations said 
the Bureau could use information it gathers in the course of exercising 
its supervision authority to determine whether pricing data could 
further fair lending purposes before requiring such data in the rule.
    In contrast to industry commenters, who generally objected to 
reporting any pricing information, community groups requested 
additional pricing information. Specifically, numerous community groups 
and a minority business advocacy group, as well as some lenders and a 
technology service provider, asked the Bureau to require financial 
institutions to report the annual percentage rate (APR) for a covered 
credit transaction. These commenters stated that APR was the only 
easily understandable, uniform, and comprehensive single pricing 
measure for comparing diverse transactions. These commenters generally 
did not argue that the proposed pricing data point lacked value, but 
that APR would provide additional information that was superior in 
certain respects. For example, a cross-sector group of lenders, 
community groups, and small business advocates asserted that the 
diversity of transactions in the small business lending market 
increased the value of APR, because comparing loan pricing would be 
difficult without a single measure. This group further stated that 
unlike the proposed pricing data, which lacked a time period, APR 
standardizes the cost of a transaction over a year.
    A few commenters believed that APR would make the pricing data 
easier for data users to understand. Some stated that although 
sophisticated data users might be able to estimate APR from the 
proposed data points, the 1071 data should allow anyone to gain 
information about small business loan pricing. Also, the cross-sector 
group's comment discussed above noted that many small business owners 
are familiar with APR from their consumer financing transactions.
    Regarding burden, several of these commenters asserted that 
calculating APR was feasible in the small business lending market, with 
many noting that APR is a formula amenable to calculation through an 
automated process using generally available software. For non-
traditional transactions such as merchant cash advances, commenters 
suggested estimating the term length from repayment data or from the 
term, if any, that the financial institution calculated during the 
underwriting process. Indeed, some of these commenters also believed 
that the market was evolving toward the use of APR for commercial 
finance transactions. They cited the New York and California commercial 
financing disclosure laws, as well as private disclosure initiatives 
that include the APR, such as the SMART Box and Small Business 
Borrower's Bill of Rights.\620\ A CDFI lender predicted that financial 
institutions would eventually use a single disclosure to comply with 
all State disclosure laws, which would resolve any issues with 
differing APR methodologies among the states. A bank commented that if 
the Bureau required pricing information, it should adopt only APR 
because reporting APR was simpler than reporting multiple pieces of 
pricing information.
---------------------------------------------------------------------------

    \620\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July 
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B; 
Innovative Lending Platform Ass'n, The SMART Box Model Disclosure--
In Depth, https://innovativelending.org/smart-box-model-disclosure-depth/ (last visited Mar. 20, 2023); Responsible Bus. Lending Coal., 
Small Business Borrower's Bill of Rights (2021), http://www.borrowersbillofrights.org/bill-of-rights.html.
---------------------------------------------------------------------------

    A few commenters suggested alternatives if the Bureau did not adopt 
APR, including requiring APR for a subset of transactions for which

[[Page 35309]]

calculating APR was feasible or having the Bureau calculate and publish 
APR data itself.
    Although industry commenters largely did not address APR, a few 
offered arguments against its inclusion in the final rule. A group of 
trade associations questioned the existence of a trend toward the use 
of APR in commercial financing, noting that only California and 
Virginia had adopted commercial financing disclosure laws at the time 
of the NPRM. This group also speculated that Congress believed APR may 
be inappropriate for the small business lending market because it did 
not extend TILA to commercial credit in the Dodd-Frank Act. Other 
commenters discussed the burden of reporting APR. Several banks stated 
that lenders would need to change their systems to calculate APR for 
small business loans. A State bankers association asserted that the 
terms of small business loans did not allow APR to be calculated. And a 
CDFI lender stated that APR calculations are infeasible for loans made 
under the SBA's 7(a) program.\621\ Such loans, the commenter explained, 
have fees that may vary based on the type or purpose of the loan, which 
makes the APR difficult to determine accurately.
---------------------------------------------------------------------------

    \621\ See Cong. Rsch. Serv., Small Business Administration 7(a) 
Loan Guaranty Program, https://fas.org/sgp/crs/misc/R41146.pdf 
(updated June 30, 2022) (discussing the SBA's flagship 7(a) loan 
guarantee program).
---------------------------------------------------------------------------

    Finally, some commenters directed their feedback to the scope of 
the proposed pricing data point. Some community groups asked the Bureau 
to require pricing information for all counteroffers because, they 
asserted, such information would illuminate situations where lenders 
are prepared to extend credit on less desirable terms than those 
requested by the applicant. An industry commenter recommended limiting 
the pricing information to originated transactions because it believed 
pricing information for approved applications held no fair lending 
value. But some community groups commented that including approved 
applications in reported pricing data would further fair lending 
purposes, such as allowing data users to evaluate whether financial 
institutions are offering high-priced loans to minority applicants that 
the applicants do not accept. A trade association commented that the 
pricing information should include only interest rate and origination 
charges but offered no explanation for its position.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(12) and associated commentary with certain adjustments. 
Final Sec.  1002.107(a)(12)(i) through (vi) require reporting of the 
following for covered credit transactions that are originated or 
approved by the financial institution but not accepted by the 
applicant: interest rate; total origination charges; broker fees; the 
total amount of all non-interest charges that are scheduled to be 
imposed over the first annual period; for a merchant cash advance or 
other sales-based financing transaction, the difference between the 
amount advanced and the amount to be repaid; and information about any 
applicable prepayment penalties. The details of final Sec.  
1002.107(a)(12)(i) through (vi) are discussed in turn in the section-
by-section analyses that follow; the discussion here focuses on the 
Bureau's overall approach to the pricing data point.
    The Bureau is finalizing comment 107(a)(12)-1 as proposed, which 
clarifies that, for applications that the financial institution reports 
as denied, withdrawn by the applicant, or incomplete, the financial 
institution reports pricing information as ``not applicable.''
    As discussed in the NPRM, the Bureau believes that pricing data 
will further both the fair lending purpose and the business and 
community development purpose of section 1071. The majority of small 
businesses are run by a single owner without extensive financial 
experience or expert staff to navigate the commercial credit 
marketplace, which lacks many of the Federal protections found in 
consumer lending.\622\ Heightened risks to fair lending and small 
business development may arise from different pricing for the same 
products and the selective marketing of higher-priced or even predatory 
and unsustainable products. Because price-setting is integral to the 
functioning of any market, any analysis of the small business lending 
market--including to enforce fair lending laws or identify community 
and business development opportunities--would be less meaningful 
without this information.
---------------------------------------------------------------------------

    \622\ For example, TILA's standardized disclosure requirements 
for residential mortgage loans and limits on linking compensation to 
mortgage loan terms, including pricing, do not apply to business 
loans. See, e.g., 15 U.S.C. 1639b, Regulation Z Sec.  1026.36 
(TILA's prohibition on basing mortgage loan originator compensation 
on loan terms).
---------------------------------------------------------------------------

    Research conducted for the Department of Commerce has found that 
minority-owned businesses tend to pay higher interest rates on business 
loans than those that are not minority-owned,\623\ and a report by the 
Federal Reserve Bank of Atlanta found that minority-owned firms more 
frequently applied for potentially higher-cost credit products, and 
were also more likely to report challenges in obtaining credit, such as 
being offered high interest rates.\624\ In addition, research conducted 
for the SBA has found that Black- and Hispanic-owned businesses were 
less likely to have business bank loans and more likely to use more 
expensive credit card financing.\625\ The 2020 Small Business Credit 
Survey by a collaboration of Federal Reserve Banks found that small 
business applicants to nonbank lenders, such as online lenders and 
finance companies, were more likely to report high interest rates or 
unfavorable terms than applicants to depository institutions.\626\ To 
the extent that the recovery from the lingering economic disruptions 
following the COVID-19 pandemic is still ongoing when covered financial 
institutions begin collecting data under this final rule, and in regard 
to emergencies affecting small business access to credit that may occur 
in the future, tracking pricing in this segment of the market is 
particularly important.
---------------------------------------------------------------------------

    \623\ Minority Bus. Dev. Agency, U.S. Dep't of Com., Disparities 
in Capital Access between Minority and Non-Minority-Owned 
Businesses: The Troubling Reality of Capital Limitations Faced by 
MBEs, at 3, 5, 21, 36-37 (2010), https://archive.mbda.gov/page/executive-summary-disparities-capital-access-between-minority-and-non-minority-businesses.html.
    \624\ Fed. Rsrv. Bank of Atlanta, Report on Minority Owned 
Firms: Small Business Credit Survey (Dec. 2019), https://www.fedsmallbusiness.org/-/media/project/smallbizcredittenant/fedsmallbusinesssite/fedsmallbusiness/files/2019/20191211-ced-minority-owned-firms-report.pdf.
    \625\ Alicia Robb, Financing Patterns and Credit Market 
Experiences: A Comparison by Race and Ethnicity for U.S. Employer 
Firms, at 47 (2018) (prepared for Off. of Advocacy, Small Bus. 
Admin.), https://advocacy.sba.gov/2018/02/01/financing-patterns-and-credit-market-experiences-a-comparison-by-race-and-ethnicity-for-u-s-employer-firms/.
    \626\ However, the survey noted that online lenders tended to 
receive applications with lower credit scores so applicant risk 
could play a role in higher interest rates for nonbank lenders. See 
2020 Small Business Credit Survey at 15.
---------------------------------------------------------------------------

    The Bureau believes pricing data are important because they offer 
useful insight into underwriting disparities and are necessary for data 
users to examine predatory pricing or pricing disparities. For example, 
they might show that a particular market segment is expanding and 
apparently filling an important need, but the new credit offered might 
be predatory in nature. Pricing information will allow the Bureau and 
others to understand the situation more accurately. Data collection 
without pricing information

[[Page 35310]]

could have the unintended consequence of incentivizing irresponsible 
lending, as providers seeking to increase representation of underserved 
groups could be encouraged to adopt high-cost models of lending.
    Without information on pricing, data users would be unable to 
screen for fair lending pricing risks, and regulators would be less 
able to focus their enforcement and supervision resources appropriately 
on situations of greater possibility for questionable activities. In 
addition, if potential discriminatory conduct is monitored effectively 
in regard to credit approvals, but not in regard to pricing, industry 
compliance systems may focus solely on approvals and denials and ignore 
potential pricing disparities. Having pricing data available will also 
increase transparency and help demonstrate to lenders where business 
opportunities exist to offer sustainable credit to underserved markets. 
In addition, it could demonstrate to small businesses the availability 
of more affordable credit.
    Pricing information that is separately enumerated as the interest 
rate and general categories of fees will allow data users to more 
precisely analyze the components of a credit transaction's price. For 
example, data users will be able to identify potentially discriminatory 
price disparities within upfront fees charged to borrowers at 
origination that may not be visible in a single pricing metric. 
Similarly, information about which components of a transaction's price 
may be relatively more expensive should allow data users to better 
identify business and community development initiatives because they 
will be able to target their initiative at the particular component, 
such as the interest rate, that may be most responsible for the 
relatively high price of the transaction. The Bureau's decision not to 
require reporting of APR, as requested by some commenters, is discussed 
in more detail below.
    The Bureau disagrees with commenters who suggested the pricing data 
point lacks congressional authorization. ECOA section 704B(e)(2)(H) 
authorizes the Bureau to require financial institutions to compile and 
maintain ``any additional data that the Bureau determines would aid in 
fulfilling the purposes of [section 1071].'' This provision reflects 
Congress's understanding that certain information not explicitly 
identified in section 1071 may advance the statutory purposes. As 
described herein, the pricing data point satisfies this standard.
    The Bureau understands that the small business lending market is 
flexible and tailored to the situations of small business applicants 
and borrowers. For this reason, pricing for small business credit is 
affected by numerous factors, some of which are not reflected in the 
1071 data. For example, the final rule does not require financial 
institutions to report applicants' credit scores, which would provide 
useful information for explaining pricing differences between 
transactions. But the Bureau believes that commenters have understated 
the amount of information the final rule includes about factors 
relevant to pricing. For example, the final rule includes information 
about the existence and nature of collateral; \627\ the credit purpose 
and type; \628\ the applicant's industry,\629\ size,\630\ and history; 
\631\ the type of guarantee; \632\ and the type of the lender.\633\ 
This information will provide important context for pricing data.
---------------------------------------------------------------------------

    \627\ See final Sec.  1002.107(a)(5) (indicating whether credit 
is secured or unsecured); final Sec.  1002.107(a)(6) (suggesting, 
along with the credit type data point, whether a loan is secured by 
a dwelling).
    \628\ See final Sec.  1002.107(a)(5) (credit type); final Sec.  
1002.107(a)(6) (credit purpose). The Bureau also notes that 
insurance premium finance transactions are not covered by the final 
rule (see final Sec.  1002.104(b)(3)). Thus, the unique challenges 
of interpreting pricing information cited by commenters for those 
transactions will not affect data users.
    \629\ See final Sec.  1002.107(a)(15) (NAICS code).
    \630\ The gross annual revenue and number of workers data points 
are related to the applicant's size. See final Sec.  1002.107(a)(14) 
and (16).
    \631\ See final Sec.  1002.107(a)(17) (time in business).
    \632\ See final Sec.  1002.107(a)(5)(ii) (guarantees).
    \633\ See final Sec.  1002.109(b) (financial institution 
identifying information).
---------------------------------------------------------------------------

    More broadly, the 1071 data need not reflect every determinant of 
credit pricing to provide value to users. The pricing data will further 
fair lending enforcement by allowing regulators to better understand 
fair lending risks and allocate their resources accordingly. As 
explained in the NPRM, HMDA data have long served a similar function. 
Some commenters questioned the analogy to HMDA data, citing greater 
standardization in the mortgage market. But the same basic utility--
signaling fair lending risk--exists even if the nature of the signal 
differs. Indeed, with respect to entities it supervises, the Bureau 
similarly uses pricing data, when available in small business 
examinations, to help identify fair lending risk.
    Regarding suggestions that the Bureau consult supervisory and 
examination data before adopting any pricing data requirements, the 
Bureau has relied on its experience in these areas while developing the 
final rule. The Bureau does not believe this rule is redundant of the 
supervision and examination activities of any Federal agency. Moreover, 
confidential supervisory information available only to Federal 
regulators is no substitute for a publicly available dataset.
    Furthermore, comments that focus narrowly on comparisons between 
applicants ignore the business and community development purpose of 
section 1071. Data users can examine pricing data at a more general 
level to further this purpose. For example, government entities could 
develop loan programs designed to increase the availability of credit 
to certain small businesses whose existing financing options carry high 
prices.
    Regarding comments about the harmful consequences of potentially 
misleading data, the Bureau anticipates noting when disclosing the 1071 
data that the data alone generally do not offer proof of compliance 
with fair lending laws.\634\ And the Bureau expects community groups to 
use the data responsibly, with knowledge of these limitations, which 
such groups say they have. The Bureau does not believe, as suggested by 
commenters, that pricing data would reduce the availability of credit 
to small business applicants. Instead, by helping to reduce fair 
lending risk and identify business and community development 
opportunities, the pricing data will help expand access to credit. 
Privacy and confidentiality concerns about the pricing data are 
discussed in part VIII.B.6.x below.
---------------------------------------------------------------------------

    \634\ For example, the FFIEC cautions users of HMDA data that 
``HMDA data are generally not used alone to determine whether a 
lender is complying with fair lending laws.'' CFPB, Summary of 2021 
Data on Mortgage Lending (2022), https://www.consumerfinance.gov/data-research/hmda/summary-of-2021-data-on-mortgage-lending/.
---------------------------------------------------------------------------

    The Bureau understands that many financial institutions will incur 
costs to collect and report pricing information. The Bureau has 
attempted to reduce the difficulty of collecting and reporting these 
data in several ways. For example, final Sec.  1002.107(a)(12) is 
limited to approved applications and originated transactions. These are 
transactions for which financial institutions generally would have to 
determine the price to approve (or originate) the transaction. Other 
transactions--i.e., those that are denied, withdrawn by the applicant, 
or incomplete--are likely to have pricing information that is subject 
to change or that has not yet been determined. In addition, final Sec.  
1002.107(a)(12) generally takes a broad, functional approach to the 
reportability of pricing information, rather than defining 
reportability according to complex factors such as how a fee is

[[Page 35311]]

denominated or the nature of the collateral securing a transaction. The 
Bureau believes this will simplify the collection and reporting 
process. Despite any remaining burden for financial institutions, the 
Bureau believes that pricing data are important for achieving both of 
section 1071's purposes.
    Further reducing the potential difficulty of reporting pricing 
data, the Bureau has decided against requiring financial institutions 
to report APR at this time. Calculating and reporting APR across the 
diverse types of commercial transactions covered by the final rule may 
require complex estimates to generate necessary variables for the APR 
formula. Many merchant cash advances, for example, lack a disclosed 
periodic payment amount. Thus, financial institutions would have to 
estimate this term, if they do not do so now, to calculate an APR. 
Although financial institutions may estimate some of the necessary 
information during underwriting, they may not estimate it according to 
the same formula, and may not maintain such information in a system 
designed for data reporting. The Bureau understands that many financial 
institutions will calculate APR to comply with State commercial 
financing disclosure laws.\635\ But many financial institutions are not 
currently subject to such State laws, or are subject to State laws that 
do not require APR disclosure.\636\ As noted in the NPRM, the Bureau 
will continue to monitor regulatory developments in the small business 
lending market. The Bureau considered requiring reporting of APR only 
for transactions where it is less complex to calculate, as some 
commenters suggested. But a limited-transaction APR reporting 
requirement would negate two important benefits that commenters cited 
for APR: using it to compare diverse types of transactions and to apply 
a single intuitive pricing measure for nontraditional types of 
financing.
---------------------------------------------------------------------------

    \635\ Cal. Dep't of Fin. Prot. & Innovation, Commercial 
Financing Disclosures (2022), https://dfpi.ca.gov/wp-content/uploads/sites/337/2022/06/PRO-01-18-Commercial-Financing-Disclosure-Regulation-Final-Text.pdf; N.Y. Dep't of Fin. Servs., Proposed 
Disclosure Requirements for Certain Providers of Commercial 
Financing Transactions (2022), https://www.dfs.ny.gov/system/files/documents/2022/09/rp_23nycrr600_text_20220914.pdf.
    \636\ Utah Dep't of Fin. Insts., Commercial Financing 
Registration and Disclosure Act (2022), https://le.utah.gov/xcode/Title7/Chapter27/C7-27_2022050420220504.pdf.
---------------------------------------------------------------------------

    The Bureau understands commenters' concerns over the accessibility 
and comparability of rate and fees versus APR. Final Sec.  
1002.107(a)(5)(iii) requires financial institutions to report loan 
term; the Bureau has added to final comment 107(a)(6)-8 a requirement 
that financial institutions report, for merchant cash advances and 
other sales-based financing, the loan term, if any, that the financial 
institution estimated, specified, or disclosed in processing or 
underwriting the application or transaction. This information will 
provide important context for data users comparing the pricing of 
different transactions and help address the criticism over the lack of 
a time period for pricing data. Regarding accessibility, the Bureau 
believes the pricing data will be generally understandable by data 
users. Most of the pricing data are similar to information found on 
existing consumer and commercial credit disclosures, including the 
State commercial financing disclosures cited by commenters. 
Additionally, the Bureau anticipates that government agencies, 
researchers, press organizations, community groups, and others will 
publish research and reports using the small business lending data, 
just as they do now with HMDA data. These publications may render 
pricing information in a form more accessible to other users.
    Finally, the Bureau is not adopting modifications to the scope of 
the pricing data point. As discussed above, limiting the pricing data 
to approved and originated transactions reduces the difficulty of 
reporting while providing important information about the pricing 
decisions of financial institutions. The Bureau does not believe, as 
suggested by a commenter, that approved but not accepted applications 
lack value for fair lending analysis. Rather, these applications are 
similarly valuable because they also reflect transactions for which the 
lender has made a credit decision and set the pricing for the 
transaction. Lastly, limiting final Sec.  1002.107(a)(12) to interest 
rate and origination charges would deprive data users of the benefits 
of other pricing information. The importance of each aspect of the 
pricing data point is discussed in the section-by-section analyses that 
follow.
107(a)(12)(i) Interest Rate
Proposed Rule
    Proposed Sec.  1002.107(a)(12)(i)(A) would have required financial 
institutions to report the interest rate that is or would be applicable 
to the covered credit transaction. If the interest rate is adjustable, 
proposed Sec.  1002.107(a)(12)(i)(B) would have required the submission 
of the margin, index value, and index name that is or would be 
applicable to the covered credit transaction at origination.\637\
---------------------------------------------------------------------------

    \637\ It should be noted that not all covered credit 
transactions include an interest rate. Final Sec.  
1002.107(a)(12)(v) applies to certain covered credit transactions 
that do not include an interest rate. The discussion of final Sec.  
1002.107(a)(12)(iv) below also addresses other covered credit 
transactions that may not include an interest rate.
---------------------------------------------------------------------------

    Proposed comment 107(a)(12)(i)-1 would have clarified that if a 
covered credit transaction includes an initial period with an 
introductory interest rate, after which the interest rate adjusts, a 
financial institution complies by reporting information about the 
interest rate applicable after the introductory period. Proposed 
comment 107(a)(12)(i)-2 would have explained that a financial 
institution reports the interest rate applicable to the amount of 
credit approved or originated reported in proposed Sec.  1002.107(a)(8) 
if a covered credit transaction includes multiple interest rates 
applicable to different credit features. Lastly, proposed comment 
107(a)(12)(i)-3 listed a number of indices to report and directed that 
if the index used does not appear on the list of indices provided, the 
financial institution reports ``other'' and provides the name of the 
index via free-form text field.
    Proposed Sec.  1002.107(a)(12)(i)(B) would have provided that, for 
adjustable interest rates based upon an index, a financial institution 
must report the margin, index value, and index name that is or would be 
applicable to the covered credit transaction at origination. Proposed 
comment 107(a)(12)(i)-4 would have clarified that a financial 
institution complies with proposed Sec.  1002.107(a)(12)(i)(B) by 
reporting the index value at the time the application is approved by 
the financial institution. The Bureau sought comment on whether the 
index value should be reported based on a different time period or 
whether the index value should be reported at the time of approval.
    The Bureau sought comment on proposed Sec.  1002.107(a)(12)(i) and 
its commentary, including whether a different measure of pricing would 
provide more accurate data, whether additional information about 
pricing (for example, amortization type or adjustment frequency) would 
provide beneficial data to help ascertain fair lending risk and further 
the business and community development purpose of section 1071, and 
whether there are additional indices that should be included in the 
list from which financial institutions choose to report the applicable 
index on adjustable rate transactions. Lastly, the Bureau sought

[[Page 35312]]

comment on whether there may be covered credit transactions where the 
interest rate may change after origination based on factors such as if 
the borrower maintains an account at the financial institution or if 
some other condition is met, and if so, whether additional commentary 
would be helpful to provide more guidance on which rate to report in 
that circumstance.\638\
---------------------------------------------------------------------------

    \638\ The Bureau did not receive any comments on this 
solicitation.
---------------------------------------------------------------------------

Comments Received
    The Bureau received comments specifically regarding the collection 
of interest rate from banks and trade associations, among others. While 
some commenters supported the Bureau's proposal, several industry 
commenters had questions regarding how the provision would work. The 
community group stated that interest rate information is beneficial as 
long as data users have access to both the initial interest rate and 
the interest rate after a potential initial rate reset. An industry 
commenter agreed that interest rate information would be helpful in 
conducting fair lending analyses. In contrast, a bank commenter 
asserted that interest rate information is of limited value.
    Regarding the details of the Bureau's proposal to collect interest 
rate, a bank commenter noted that commercial loans may have more than 
one interest rate. With respect to indices for variable rate 
transactions and the Bureau's solicitation of comment on whether the 
index value should be reported based on a different time period or if 
at approval is the most appropriate time to measure, a group of trade 
associations asserted in their comment that the index value is often 
not related to the timing of approval or origination, and will not 
provide useful data, while a bank commented that it would be less 
burdensome to report the index value used to establish the interest 
rate rather than the value at the time of approval. A State bankers 
association asserted that the index value at approval may not have any 
connection to the price of the loan, providing the example of 
agricultural lending where the rate and terms are set after the 
financial institution approves the loan. Two industry commenters noted 
that the index value could change between approval and origination. 
Another bank requested that Constant Maturity Treasury (CMT) rate be 
included in the list of indices. Two trade associations inquired as to 
how to report an internal index used to set the rate on a variable rate 
transaction, while a bank commenter stated that use of internal indices 
that are unique to a financial institution would make interest rate 
data difficult to interpret.
    A bank requested clarification of the term ``introductory period.'' 
Another bank asserted that for a variable interest rate transaction 
with a five-year introductory period, the interest rate data reported 
at approval will be outdated and inaccurate when the period ends. 
Finally, a trade association inquired as to how a financial institution 
would report an interest rate that is unknown at origination, such as a 
line of credit whose interest rate changes based on the amount 
advanced.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(12)(i) with one addition, as well as with other adjustments 
and additions to the commentary to address comments received regarding 
introductory interest rate periods and adjustable interest rates. Final 
Sec.  1002.107(a)(12)(i) requires financial institutions to report the 
interest rate that is or would be applicable to the covered credit 
transaction. If the interest rate is adjustable, final Sec.  
1002.107(a)(12)(i)(B) requires the submission of the margin, index 
value, introductory rate period expressed in months (if applicable), 
and the index name that is or would be applicable to the covered credit 
transaction. As with all aspects of pricing within Sec.  
1002.107(a)(12), this requirement applies to credit transactions that 
either have been originated or have been approved by the financial 
institution but not accepted by the applicant.
    The Bureau believes that collection of the interest rate on the 
covered credit transaction furthers both the fair lending purpose and 
the business and community development purpose of section 1071 by 
allowing regulators, small business advocates, and industry to conduct 
fair lending reviews and monitor the market for emerging high-cost 
products. In addition, the availability of this pricing metric will 
provide pricing transparency and will encourage the development of 
successful lending models because policymakers, community 
organizations, investors, banks seeking partnerships, and others will 
have better visibility into which business models are successful at 
providing sustainable credit to minority-owned, women-owned, and other 
underserved small businesses.
    Furthermore, research has found that minority-owned businesses tend 
to obtain, or be offered, higher interest rates on business credit than 
non-minority-owned businesses.\639\ The collection of interest rate 
(along with fees) will allow the Bureau, other government agencies, and 
other data users to have insight into the existing market, monitor the 
market for potentially troubling trends, and conduct fair lending 
analyses that adequately take into account this important metric.
---------------------------------------------------------------------------

    \639\ U.S. Dep't of Com., Minority Business Development Agency, 
Disparities in Capital Access between Minority and Non-Minority-
Owned Businesses: The Troubling Reality of Capital Limitations Faced 
by MBEs, at 3, 5, 21, 36-37 (2010), https://archive.mbda.gov/page/executive-summary-disparities-capital-access-between-minority-and-non-minority-businesses.html.
---------------------------------------------------------------------------

    In general, interest rate information should be in or readily 
determinable from the credit file, and thus available for reporting. To 
the extent that it is not, the Bureau notes that certain State-level 
commercial lending disclosures, notably those of California and New 
York, require the disclosure of APR.\640\ Because the interest rate 
must be known to calculate APR, the Bureau believes that final Sec.  
1002.107(a)(12)(i) imposes little burden on financial institutions that 
already include the interest rate on such disclosures required by State 
law, as well as on the contract between the financial institution and 
the applicant.
---------------------------------------------------------------------------

    \640\ See N.Y. S.898, section 803(c) (signed Jan. 6, 2021) 
(amending S.5470-B), https://legislation.nysenate.gov/pdf/bills/2021/s898; Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235.
---------------------------------------------------------------------------

    As noted above, final Sec.  1002.107(a)(12)(i) remains largely the 
same as proposed Sec.  1002.107(a)(12)(i). However, the Bureau has 
added to final Sec.  1002.107(a)(12)(i)(B) a requirement that financial 
institutions report the initial rate period expressed in months (if 
applicable) (along with the margin, index value, and the index name 
that is or would be applicable to the covered credit transaction, as 
proposed). The Bureau agrees with commenters that for transactions with 
a variable interest rate where there is an initial rate and the 
interest rate resets after a certain period, at the time the financial 
institution approves the transaction and sets the interest rate, the 
financial institution will not know the future value of the index used 
to create the interest rate. By collecting the number of months of the 
initial period (if any), the rule will allow data users to determine 
the accurate interest rate applicable to the transaction because they 
will have the name of the index and the timing of the index value. For 
example, as written in final comment 107(a)(12)(i)-2, if a

[[Page 35313]]

financial institution originates a covered credit transaction with a 
fixed initial interest rate of 0 percent for six months following 
origination, after which the interest rate will adjust according to a 
Prime index rate plus a 3 percent margin, the financial institution 
reports the 3 percent margin, the number ``6'' for the length of the 
initial rate period, Prime as the name of the index used to adjust the 
interest rate, and ``not applicable'' for the index value.
    New comment 107(a)(12)(i)-1 clarifies that a financial institution 
complies with Sec.  1002.107(a)(12)(i) by reporting the interest rate 
applicable to the amount of credit approved or originated as reported 
pursuant to final Sec.  1002.107(a)(8). The Bureau is adopting this 
comment to address the issue raised by a commenter as to how a 
financial institution would report an interest rate that is unknown at 
origination or where the rate changes based on the amount advanced, 
such as with some lines of credit.
    The Bureau is adopting comment 107(a)(12)(i)-2 (renumbered from 
107(a)(12)(i)-1 in the proposal) with several alterations. Final 
comment 107(a)(12)(i)-2 clarifies that if a covered credit transaction 
includes an initial period with an introductory interest rate of 12 
months or less, after which the interest rate adjusts upwards or shifts 
from a fixed to a variable rate, a financial institution complies with 
the provision by reporting information about the interest rate 
applicable after the introductory period. If a covered transaction 
includes an initial rate period of more than 12 months after which the 
interest rate resets, a financial institution complies with the 
provision by reporting information about the interest rate applicable 
prior to the reset period. Final comment 107(a)(12)(i)-2 also provides 
two examples to illustrate these scenarios. The Bureau's revisions to 
this comment address a commenter's request to clarify the term 
``introductory period'' (which the Bureau has done by clarifying that 
an introductory period includes an initial period of 12 months or less 
after which the interest rate adjusts upward or shifts from a fixed to 
a variable rate), as well as another commenter's concern that in a 
transaction with a five-year introductory period, the interest rate 
reported at approval will be outdated and inaccurate when the period 
ends.
    Final comment 107(a)(12)(i)-3 (renumbered from proposed comment 
107(a)(12)(i)-2 with one non-substantive adjustment) clarifies that if 
a covered credit transaction includes multiple interest rates 
applicable to different credit features, a financial institution 
complies with Sec.  1002.107(a)(12)(i) by reporting the interest rate 
applicable to the amount of credit approved or originated reported 
pursuant to final Sec.  1002.107(a)(8). The comment also provides an 
example.
    Final comment 107(a)(12)(i)-4 (renumbered from proposed comment 
107(a)(12)(i)-3) includes a list of indices for reporting the 
appropriate index for variable rate transactions, and also specifies 
that a financial institution reports ``other'' and reports the index 
name in free-form text if the applicable index is not listed. The 
Bureau has added CMT to the list of indices in the comment, as 
requested by a commenter. In response to requests from a number of 
commenters for clarification as to how a financial institution should 
report internal indices, the Bureau has also added ``Internal Index'' 
to the list of indices in the comment. The Bureau believes that 
allowing financial institutions to choose ``other'' when an index used 
does not appear on the provided list will facilitate compliance. In 
addition, collecting this information on ``other'' indices will assist 
the Bureau in monitoring trends in this area and key developments in 
the small business lending market, which the Bureau could use to inform 
any future iterations of the list.
    Final comment 107(a)(12)(i)-5 (renumbered from proposed comment 
107(a)(12)(i)-4) clarifies that a financial institution complies with 
Sec.  1002.107(a)(12)(i) by reporting the index value used to set the 
rate that is or would be applicable to the covered transaction. 
Proposed comment 107(a)(12)(i)-4 would have required financial 
institutions to report, for covered transactions with an adjustable 
interest rate, the index value applicable at the time the application 
was approved by the financial institution. Some commenters stated that 
the index value at the time of approval may have no relationship to the 
index value used to set the interest rate and that it would be less 
burdensome to report the index value used to establish the interest 
rate rather than the value at the time of approval. To address these 
concerns, the Bureau has adjusted final comment 107(a)(12)(i)-5 to 
require reporting of the index value used to set the rate that is or 
would be applicable to the covered transaction. In most cases, this 
will be the index value at the time of approval, because the financial 
institution will set the pricing when the credit decision is made, but 
in cases where there might be a difference, this comment as revised 
will ensure that financial institutions are reporting the index value 
actually used to establish the interest rate, rather than the value 
that otherwise exists at the time of approval.
107(a)(12)(ii) Total Origination Charges
Proposed Rule
    Proposed Sec.  1002.107(a)(12)(ii) would have required financial 
institutions to report the total origination charges for a covered 
credit transaction. Total origination charges are the total amount of 
all charges payable directly or indirectly by the applicant and imposed 
directly or indirectly by the financial institution at or before 
origination as an incident to or a condition of the extension of 
credit, expressed in dollars.
    Proposed comment 107(a)(12)(ii)-1 would have clarified that charges 
imposed uniformly in cash and credit transactions are not reportable. 
Proposed comment 107(a)(12)(ii)-2 would have provided guidance on 
reporting charges imposed by third parties. Proposed comment 
107(a)(12)(ii)-3 would have clarified that broker fees are included in 
the total origination charges.\641\ Proposed comment 107(a)(12)(ii)-4 
would have provided guidance on reporting charges for other products or 
services paid at or before origination. And proposed comment 
107(a)(12)(ii)-5 would have listed examples of reportable charges.
---------------------------------------------------------------------------

    \641\ For more information on broker fees, see the section-by-
section analysis of Sec.  1002.107(a)(12)(iii) below.
---------------------------------------------------------------------------

    The Bureau sought comment on proposed Sec.  1002.107(a)(12)(ii) and 
its commentary, including whether concepts and guidance adapted from 
Regulation Z, such as proposed comment 107(a)(12)(ii)-1 on comparable 
cash transactions, were applicable in the small business lending 
context such that they should be incorporated as drafted. The Bureau 
also sought comment on whether to enumerate certain types of charges 
separately in the 1071 data, and whether to include or exclude certain 
types of charges in the total origination charges.
Comments Received
    The Bureau received comments specifically regarding total 
origination charges from several banks and trade associations, along 
with a community group and a joint letter from a cross-sector group of 
lenders, community groups, and small business advocates.
    A few industry commenters questioned the utility of information 
about total origination charges. For example, several commenters 
asserted that proposed Sec.  1002.107(a)(12)(ii) would not provide 
useful data because the amount of origination charges may vary based on 
factors not captured by

[[Page 35314]]

the 1071 data, such as geographical differences in appraisal fees. A 
group of trade associations stated that including broker fees while 
itemizing them separately in another data field would inflate the 
amount of origination charges. And a bank preferred to report only 
origination points but believed that such data would provide only 
limited value. This commenter did not define origination points but the 
Bureau understands the term to refer to one way that financial 
institutions denote fees paid to the lender for originating the loan. 
However, the cross-sector group commented that total origination 
charges would be especially helpful for data users examining the cost 
of merchant cash advances because these transactions include upfront 
fees not otherwise captured in the pricing data.
    A few commenters asserted that reporting total origination charges 
would be burdensome. For example, several industry commenters stated 
that calculating the finance charge under Regulation Z, which defines 
certain charges similar to the proposed total origination charges data 
field, is complex and not performed for commercial credit transactions. 
And a trade association suggested that the proposed treatment of 
certain charges, such as a borrower's premium for property insurance, 
was unclear.
    Several commenters addressed specific aspects of total origination 
charges. For example, a community group stated that charges imposed 
uniformly in cash and credit transactions should be reportable because, 
they asserted, such charges are rare and the existence of such an 
exclusion may encourage fee shifting. Conversely, a trade association 
stated that any charge imposed uniformly on all applicants should be 
excluded because such a charge could not be the source of a pricing 
disparity. Several industry commenters stated that third-party charges 
should be excluded because the imposition of such fees is often outside 
a financial institution's control, while a group of trade associations 
found the treatment of such charges confusing. Finally, another trade 
association stated that aligning the definition of total origination 
charges to Regulation C's definition of origination charges used to 
report data under HMDA \642\ would provide helpful clarity because the 
Regulation C definition is understood to include only charges retained 
by the financial institution.
---------------------------------------------------------------------------

    \642\ 12 CFR 1003.4(a)(18).
---------------------------------------------------------------------------

Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(12)(ii) with additional clarifying commentary. Final Sec.  
1002.107(a)(12)(ii) requires financial institutions to report the total 
amount of all charges payable directly or indirectly by the applicant 
and imposed directly or indirectly by the financial institution at or 
before origination as an incident to or a condition of the extension of 
credit, expressed in dollars. As with all aspects of pricing within 
Sec.  1002.107(a)(12), this requirement applies to credit transactions 
that either have been originated or have been approved by the financial 
institution but not accepted by the applicant.
    The Bureau is finalizing comments 107(a)(12)(ii)-1 through -5 as 
proposed. In addition, the Bureau is adopting final comment 
107(a)(12)(ii)-6, which clarifies the reporting of a net lender credit 
provided by a financial institution to an applicant at origination.
    As discussed in the NPRM, total origination charges provide 
information about an important component of pricing for small business 
credit: the upfront cost of originating and extending credit. This 
relatively specific information enables insight into credit pricing 
that would be obscured by more general information, such as the trade-
offs between the interest rate and the upfront charges. Indeed, new 
comment 107(a)(12)(ii)-6 enhances users' ability to examine the 
relationship between components of credit pricing by clarifying how to 
report net lender credits provided to the applicant. For example, 
without information about net lender credits, transactions where a 
borrower accepted a lender credit at origination in exchange for a 
higher interest rate would appear to have inflated prices. Moreover, by 
generally covering all upfront fees and credits regardless of how they 
are structured and denominated, final Sec.  1002.107(a)(12)(ii) limits 
financial institutions' opportunity to shift fees to excluded charges 
by giving similar fees different names. Thus, final Sec.  
1002.107(a)(12)(ii) will enable users to better understand pricing 
disparities and identify potential business and community development 
opportunities.
    The Bureau disagrees with commenters who claimed that information 
about total origination charges would not have value. Although such 
charges are affected by factors not included in the 1071 data, final 
Sec.  1002.107(a)(12)(ii) will still provide insight into pricing in 
the small business lending market. General information about upfront 
charges will enable users to better understand fair lending 
disparities, even if they cannot conclusively determine the existence 
of unlawful disparities from the data alone. And users need not attempt 
to make precise comparisons among individual applicants to identify 
business and community development needs and opportunities. Regarding 
broker fees, the Bureau believes that such charges are an important 
component of the upfront cost of credit and notes that Regulation Z 
also includes them in the finance charge.\643\ Also, broker fees are 
separately itemized in final Sec.  1002.107(a)(12)(iii) so that users 
who are concerned about the impact of including broker fees can deduct 
them from the total origination charges.
---------------------------------------------------------------------------

    \643\ Compare final comment 107(a)(12)(ii)-3, with Regulation Z 
Sec.  1026.4(a)(3).
---------------------------------------------------------------------------

    Regarding commenters' concerns about burden, the Bureau understands 
that some financial institutions find calculation of the finance charge 
in Regulation Z Sec.  1026.4--which is similar to final Sec.  
1002.107(a)(12)(ii)'s description of total origination charges--to be 
complex. But final Sec.  1002.107(a)(12)(ii) is simpler in several 
important respects. First, final Sec.  1002.107(a)(12)(ii) excludes all 
credit costs occurring after origination of a covered credit 
transaction, such as interest and time-price differential. And final 
Sec.  1002.107(a)(12)(ii) adopts a more inclusive approach to upfront 
charges than Regulation Z's finance charge, which has numerous 
provisions addressing specific fees.\644\ This simplified approach 
should make the total origination charges less burdensome to calculate 
than the finance charge. Regarding a commenter's question about the 
treatment of a borrower's premium for property insurance, this charge 
is handled using the general approach to charges for other products or 
services described in comment 107(a)(12)(ii)-4: such charges are 
included in the total origination charges only if the financial 
institution requires the purchase of such other product or service as a 
condition of or an incident to the extension of credit.
---------------------------------------------------------------------------

    \644\ For example, the finance charge excludes application fees 
charged to all applicants for credit, and numerous fees in 
transactions secured by real property. See Regulation Z Sec.  
1026.4(c)(1) (application fees) and (7) (real estate-related fees).
---------------------------------------------------------------------------

    The Bureau is not making certain specific changes to the total 
origination charges data field suggested by commenters. First, final 
Sec.  1002.107(a)(12)(ii) maintains the

[[Page 35315]]

exclusion for charges imposed uniformly in cash and credit 
transactions, similar to the exclusion in Regulation Z's finance 
charge, because the Bureau believes that pricing data better serves 
section 1071's statutory purposes when it focuses on the cost of credit 
that the lender is imposing rather than capturing all costs that may be 
associated with a particular transaction (whether financed or not). 
Furthermore, the Bureau is not excluding charges simply because a 
financial institution imposes them uniformly on all applicants for 
credit. Even if such charges--given their uniformity--were to hold no 
value for fair lending analysis, they would still be part of the 
upfront cost of credit that data users may wish to examine in 
identifying business and community development needs and opportunities. 
Final Sec.  1002.107(a)(12)(ii) also adopts the proposal's treatment of 
third-party charges, with such charges being reportable only if a 
financial institution either requires the use of a third party as a 
condition of or an incident to the extension of credit, even if the 
applicant can choose the third party; or retains a portion of the 
third-party charge, to the extent of the portion retained.\645\ This 
approach focuses final Sec.  1002.107(a)(12)(ii) on those upfront 
third-party charges that are effectively set by the lender as a cost of 
credit. The Bureau believes this approach is consistent with that 
requested by commenters who did not want third-party charges to be 
reportable if they were outside of a financial institution's control. 
Regulation Z's finance charge definition uses a similar standard for 
third-party charges, and the Bureau is not aware of significant 
confusion over its applicability. Finally, Regulation C's definition of 
total origination charges, which is taken directly from the amount 
disclosed to borrowers of closed-end consumer credit transactions 
secured by real property,\646\ is limited in ways that the Bureau 
believes would reduce the value of final Sec.  1002.107(a)(12)(ii) in 
the small business lending context. For example, new comment 
107(a)(12)(ii)-6 clarifies that financial institutions may report a 
negative amount to reflect a net credit provided by the lender, but 
such credits could not be included in Regulation C's total origination 
charges data point.
---------------------------------------------------------------------------

    \645\ See final comment 107(a)(12)(ii)-2.
    \646\ Regulation Z Sec.  1026.38(f)(1).
---------------------------------------------------------------------------

107(a)(12)(iii) Broker Fees
Proposed Rule
    Proposed Sec.  1002.107(a)(12)(iii) would have required financial 
institutions to report the broker fees for a covered credit 
transaction. Broker fees are the total amount of all charges included 
in the total reportable origination charges that are fees paid by the 
applicant directly to a broker or to the financial institution for 
delivery to a broker, expressed in dollars. Proposed comment 
107(a)(12)(iii)-1 would have provided an example of reporting different 
types of broker fees. Proposed comment 107(a)(12)(iii)-2 would have 
clarified that financial institutions would use a ``best information 
readily available'' standard regarding fees paid directly to a broker 
by an applicant.
    The Bureau sought comment on proposed Sec.  1002.107(a)(12)(iii) 
and its commentary, including on the knowledge that financial 
institutions might have about direct broker fees and the challenges of 
reporting such information.
Comments Received
    The Bureau received comments specifically regarding broker fees 
from several lenders, trade associations, and community groups. A 
community group stated that information about broker fees would help 
data users monitor for abusive practices. Conversely, a group of trade 
associations asserted that the Bureau had not established that broker 
fees were inflating the cost of credit in the small business lending 
market. This commenter also speculated that Congress was unconcerned 
with broker fees in this market because it had not extended certain 
TILA protections to commercial transactions or explicitly identified 
broker fees in section 1071.
    Several commenters addressed the reporting of broker fees paid 
directly to the broker. A trade association commented that the amount 
of such fees may be difficult for a financial institution to obtain, 
while a bank said that documenting efforts to verify direct broker fees 
would be burdensome. A community group said that the Bureau's proposed 
``best information readily available'' standard was reasonable, while a 
joint letter from community groups and business advocacy groups asked 
the Bureau to separately itemize indirect broker fees in order to 
provide more information about charges that are imposed by the lender.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(12)(iii) and associated commentary as proposed. As with all 
aspects of pricing within Sec.  1002.107(a)(12), this requirement to 
report broker fees applies to credit transactions that either have been 
originated or have been approved by the financial institution but not 
accepted by the applicant.
    As discussed in the NPRM, loan brokers play an important role in 
the small business lending market. The market has shifted to include 
more nonbank and nontraditional lenders offering different types of 
financial products, which creates opportunities for intermediaries, 
such as brokers, who might assist applicants in navigating among 
potential lenders or products.\647\ These intermediaries offer benefits 
to applicants but also create risks for those applicants arising from 
misaligned incentives.\648\ Indeed, the small business lending market 
lacks certain substantive protections against misconduct that are found 
in the consumer credit market, such as the prohibition on basing 
certain loan originator compensation on the terms of a 
transaction.\649\
---------------------------------------------------------------------------

    \647\ See, e.g., 2022 Small Business Credit Survey (reporting 
that 40 percent of respondents applied for credit at either an 
online lender or a finance company in 2021).
    \648\ See Fin. Stability Oversight Council, 2016 Annual Report, 
at 126 (2016), https://home.treasury.gov/system/files/261/FSOC-2016-Annual-Report.pdf (discussing intermediaries in alternative lending 
arrangements and explaining that ``[i]n other markets, business 
models in which intermediaries receive fees for arranging new loans 
but do not retain an interest in the loans they originate have, at 
times, led to incentives for intermediaries to evaluate and monitor 
loans less rigorously''). Because of the potential risks involved in 
multi-party business arrangements, the FFIEC's Interagency Fair 
Lending Examination Procedures emphasize the importance of 
understanding the role that brokers play in a financial 
institution's lending process. Fed. Fin. Insts. Examination Council, 
Interagency Fair Lending Examination Procedures, at 3 (2009), 
https://www.ffiec.gov/PDF/fairlend.pdf (instructing examiners to 
consider an institution's organization of its credit decision-making 
process, including identification of the delegation of separate 
lending authorities and the extent to which discretion in pricing or 
setting credit terms and conditions is delegated to various levels 
of managers, employees, or independent brokers or dealers and an 
institution's loan officer or broker compensation program).
    \649\ Regulation Z Sec.  1026.36 (implementing TILA's 
prohibition on basing residential mortgage loan originator 
compensation on loan terms).
---------------------------------------------------------------------------

    Information about broker fees will help data users better 
understand the small business lending market in general and the impact 
broker fees have on credit pricing in particular. Although broker fees 
are included in final Sec.  1002.107(a)(12)(iii)'s definition of total 
origination charges, separately enumerating the total broker fees will 
allow data users to better understand the role that brokers play in the 
price of

[[Page 35316]]

small business credit. For example, data users will be able to analyze 
whether broker fees specifically appear to be creating fair lending 
risk or higher-priced transactions for certain communities. Empowering 
data users to engage in this level of analysis will aid in fulfilling 
both the fair lending enforcement and business and community 
development purposes of the statute.
    The Bureau acknowledges the lack of data regarding the extent to 
which broker fees may or may not be inflating the cost of credit. This 
insufficiency, however, is exactly what 1071 data are intended to help 
address. Moreover, final Sec.  1002.107(a)(12)(iii) is valuable to data 
users even in the absence of any problematic pricing practices 
regarding brokers because it will help shed light on an important 
aspect of commercial financing arrangements. The final rule includes 
numerous data points, including much of the pricing data point, that do 
not capture information that about intrinsically or especially abusive 
conduct, but that will help data users identify fair lending concerns 
and identify business and community development needs and 
opportunities. Regarding Congress's intent, the Bureau notes that 
section 1071 expressly authorizes the Bureau to require financial 
institutions to compile and maintain ``any additional data that the 
Bureau determines would aid in fulfilling the purposes of [section 
1071].'' \650\ As discussed herein, final Sec.  1002.107(a)(12)(iii) 
satisfies this requirement.
---------------------------------------------------------------------------

    \650\ ECOA section 704B(e)(2)(H).
---------------------------------------------------------------------------

    The Bureau understands that financial institutions often may not 
have complete access to information regarding the amount of broker fees 
that an applicant pays directly to a broker. Thus, final comment 
107(a)(12)(iii)-2 clarifies that a financial institution may rely on 
the best information readily available to the financial institution at 
the time final action is taken. Information readily available can 
include, for example, information provided by an applicant or broker 
that the financial institution reasonably believes regarding the amount 
of fees paid by the applicant directly to the broker. The Bureau 
believes commenters may be overestimating the burden associated with 
this standard, which contemplates only consulting information 
``readily'' available rather than performing a searching inquiry into 
the amount of direct broker fees. As noted in the NPRM, the same 
standard is used for reporting certain HMDA data under Regulation C, 
and it does not appear to be unduly burdensome in that context.\651\ 
Additionally, many nonbank financial institutions will need to 
determine the amount of broker fees in certain circumstances to comply 
with State commercial financing disclosure laws.\652\
---------------------------------------------------------------------------

    \651\ See Regulation C comments 4(a)(31)-4 and 4(a)(32)-5.
    \652\ For example, California's commercial financing disclosure 
law requires lenders to determine the finance charge, which includes 
``any charge that would be a finance charge under 12 CFR part 
1026.4.'' Cal. Code Regs. tit. 10, section 943(a)(1), https://dfpi.ca.gov/wp-content/uploads/sites/337/2022/06/PRO-01-18-Commercial-Financing-Disclosure-Regulation-Final-Text.pdf. In turn, 
Regulation Z Sec.  1026.4(a)(3) generally includes fees charged by a 
mortgage broker, whether paid directly or indirectly. California law 
also requires separate disclosure of broker fees that are included 
in the amount financed by the borrower. Cal. Code Regs. tit. 10, 
section 956(a)(5).
---------------------------------------------------------------------------

    Finally, the Bureau is not requiring separate itemization of 
indirect broker fees at this time. Such fees could be imposed for a 
variety of reasons and in a variety of ways; the Bureau believes that 
additional information and stakeholder feedback would be beneficial 
before adopting such a requirement.
107(a)(12)(iv) Initial Annual Charges
Proposed Rule
    Proposed Sec.  1002.107(a)(12)(iv) would have required financial 
institutions to report the total amount of all non-interest charges 
that are scheduled to be imposed over the first annual period of the 
covered credit transaction, expressed in dollars.
    Proposed comment 107(a)(12)(iv)-1 would have provided an example of 
how to calculate the amount to report. Proposed comment 107(a)(12)(iv)-
2 would have highlighted that a financial institution should exclude 
interest expenses from the initial annual charges reported. Proposed 
comment 107(a)(12)(iv)-3 would have noted that a financial institution 
should not include any charges for events that are avoidable by the 
applicant, including for example, charges for late payment, for 
exceeding a credit limit, for delinquency or default, or for paying 
items that overdraw an account. Proposed comment 107(a)(12)(iv)-4 would 
have provided examples of initial annual charges that may be scheduled 
to be imposed during the initial annual period, including monthly fees, 
annual fees, and other similar charges. Finally, proposed comment 
107(a)(12)(iv)-5 would have clarified that a financial institution 
complies with the provision by reporting as the default the highest 
amount for a charge scheduled to be imposed, and provides an example of 
how to calculate the amount reported when the scheduled fee to be 
imposed may be reduced based upon a specified occurrence.
    The Bureau sought comment on proposed Sec.  1002.17(a)(12)(iv) and 
its commentary, including whether to include or exclude certain types 
of charges as reportable under initial annual charges. The Bureau also 
sought comment on the likelihood that financial institutions would 
schedule charges in the second year of a covered credit transaction and 
beyond specifically in an effort to avoid reporting the charges for 
purposes of section 1071. Finally, the Bureau sought comment on how it 
should treat situations where the applicant has informed the financial 
institution that it expects to regularly incur ``avoidable charges,'' 
and whether such charges should be reported as a scheduled charge.
Comments Received
    The Bureau received comments specifically regarding the collection 
of initial annual charges from lenders, trade associations, and 
community groups.
    A community group stated that the Bureau should finalize the 
provision as proposed, but that the Bureau should conduct research to 
determine if lenders are shifting fees beyond the first year. Several 
community groups and a lender requested that the Bureau require 
financial institutions to also report charges scheduled to be imposed 
after the first year to avoid encouraging lenders to impose charges 
disproportionately in the later years of the loan's term.
    With respect to avoidable fees, a community group stated that the 
Bureau should include all fees that could be imposed at the lender's 
discretion in order to avoid evasion. A bank and a joint letter from 
bank trade associations argued that including avoidable fees that the 
applicant intends to incur would unfairly inflate the prices of some 
loans and create documentation problems for lenders. One commenter 
asserted that, for loans with terms shorter than one year, financial 
institutions should not be made to speculate as to what constitutes the 
initial period on short term loans and what could occur during the 
initial annual period regarding charges.
    A State bankers association expressed concern that the terms 
``scheduled'' and ``initial period following origination'' were not 
defined in the NPRM. That commenter and a bank asserted that many 
charges that may be incurred during the first year may be uncertain,

[[Page 35317]]

such as an inspection fee for a construction project where the timing 
of inspections is determined by events occurring after origination. The 
State bankers association also stated that some loans may have multiple 
transactions within a one-year period, such as a line of credit that 
was originated and then increased, and asserted that it is unclear 
whether associated charges would be reported twice or combined.
Final Rule
    For the reasons set forth herein, the Bureau is adopting Sec.  
1002.107(a)(12)(iv) and associated commentary with additions and 
adjustments to commentary to address comments regarding speculative 
charges and transactions with terms of less than one year. Final Sec.  
1002.107(a)(12)(iv) provides that a financial institution reports only 
charges scheduled to be imposed over the first annual period of the 
covered credit transaction. The Bureau understands that there are a 
variety of ways that small business credit transactions may be 
structured. This includes, for example, whether there is an interest 
rate imposed on the transaction, whether there are finance charges, and 
whether there are a myriad of other fees that may be scheduled to be 
paid or are contingent upon some occurrence. In addition, the Bureau 
understands that scheduled fees may constitute a substantial part of 
the cost of a covered credit product, and without knowledge of those 
fees, the cost of the credit would be incomplete. The Bureau believes 
that final Sec.  1002.107(a)(12)(iv) enables data users to have a more 
accurate understanding of the cost of the covered credit transaction 
than if the data lacked information about scheduled fees.
    There may be small business credit transactions that do not include 
an interest rate, but do include a monthly finance charge. If the 
financial institution were only required to report the interest rate on 
these types of transactions, the true cost of credit would be obscured 
because the monthly finance charge would not be reported. In addition, 
small business credit, like consumer credit, may include a number of 
other fees, such as annual fees and other similar charges. The 
information collected and reported under final Sec.  
1002.107(a)(12)(iv) allows data users to have a more complete picture 
of the cost of the covered credit transaction and promotes market 
transparency, thus furthering the business and community development 
purpose of section 1071. In addition, this pricing data furthers the 
fair lending purpose of section 1071 as it enhances the ability to 
understand the cost of credit and any disparities that may exist.
    The Bureau believes that by requiring only scheduled charges to be 
reported (rather than the submission of all potential charges, some of 
which could be speculative), the data reported will be more accurate 
than if a financial institution were to make an educated guess as to 
what unscheduled charges will be imposed over the first annual period. 
Final Sec.  1002.107(a)(12)(iv) does not require a financial 
institution to itemize the charges reported thereunder. The Bureau also 
believes that requiring charges to be itemized would add a considerable 
amount of complexity for financial institutions in collecting and 
reporting the initial annual charges, given the range of fees that 
could be charged and the variations in how they might be imposed.
    A financial institution complies with final Sec.  
1002.107(a)(12)(iv) by not including charges for events that are 
avoidable by the applicant; this restriction is explained more fully in 
final comment 107(a)(12)(iv)-3 (unchanged from the proposal), which 
provides examples of types of avoidable charges. As noted above, the 
Bureau believes that the accuracy of the data reported is enhanced by 
only including charges that are scheduled to be imposed and not 
including potential charges that are contingent upon an action (or 
inaction) by the borrower. The Bureau also believes that only requiring 
financial institutions to report such charges for the first year, and 
not the life of the loan, will reduce any burden associated with 
reporting the data. This information should be included in the contract 
and, at most, would require a simple calculation to arrive at the total 
charges for the initial annual period. An example of how to calculate 
the initial annual charges for the first annual period is found in 
final comment 107(a)(12)(iv)-1. Additionally, to address comments 
received regarding uncertain or speculative charges, the Bureau has 
revised final comment 107(a)(12)(iv)-1 to state explicitly that, in a 
transaction where there will be a charge in the initial annual period 
following origination but the amount of that charge is uncertain at the 
time of origination, a financial institution complies by not reporting 
that charge as scheduled to be imposed during the initial annual period 
following origination.
    The Bureau is finalizing comments 107(a)(12)(iv)-2 (providing that 
a financial institution complies with the provision by excluding any 
interest expense from the initial annual charges reported) and -4 
(providing examples of charges scheduled to be imposed during the 
initial annual period) as proposed. The Bureau is also finalizing 
comment 107(a)(12)(iv)-5 as proposed. This comment provides additional 
explanation about what amount to report when the financial institution 
provides a discount on the charge if certain conditions are met. The 
Bureau understands that some financial institutions may provide a 
discount on specific charges when certain conditions are met. For 
example, a financial institution may provide a discount on a monthly 
charge if the borrower maintains a checking account at the financial 
institution. In such a circumstance, final Sec.  1002.107(a)(12)(iv)-5 
requires the financial institution to report the non-discounted amount 
to maintain consistency across the data that are reported by all 
financial institutions.
    The Bureau is adopting new comment 107(a)(12)(iv)-6 to clarify 
that, for a transaction with a term less than one year, a financial 
institution complies with the provision by reporting all charges 
scheduled to be imposed during the term of the transaction. This 
comment was added to address requests for clarification regarding how 
to report the data for transactions with terms less than one year as 
well as what is meant by initial annual period.
107(a)(12)(v) Additional Cost for Merchant Cash Advances or Other 
Sales-Based Financing
Proposed Rule
    Proposed Sec.  1002.107(a)(12)(v) would have required financial 
institutions to report additional cost data for merchant cash advances 
or other sales-based financing transactions. Specifically, this cost is 
the difference between the amount advanced and the amount to be repaid, 
expressed in dollars. Proposed comment 107(a)(12)(v)-1 would have 
provided an example of the difference between the amount advanced and 
the amount to be repaid for a merchant cash advance.
    The Bureau sought comment on proposed Sec.  1002.107(a)(12)(v) and 
its commentary, including whether to require additional pricing 
information for merchant cash advances, and whether merchant cash 
advances could be structured in ways that evade the proposed reporting 
requirement, such as by omitting or making variable the amount to be 
repaid.
Comments Received
    The Bureau received comments specifically regarding this aspect of 
the

[[Page 35318]]

proposal from several industry and community group commenters. Several 
joint letters from community groups, community oriented lenders, and 
business advocacy groups, as well as a trade association, asked the 
Bureau to require reporting the loan term for merchant cash advances or 
other sales-based financing transactions. These commenters stated that 
the loan term was necessary to compare the pricing of merchant cash 
advances, and offered potential methodologies for estimating unknown 
loan terms, including those from State commercial financing disclosure 
laws. A lender asked the Bureau to accommodate future transaction types 
by allowing financial institutions to report amounts under Sec.  
1002.107(a)(12)(v) even if the transaction is not a merchant cash 
advance or other sales-based financing transaction. Finally, a cross-
sector group of lenders, community groups, and small business advocates 
agreed that Sec.  1002.107(a)(12)(v), along with the other pricing 
data, would capture the cost of merchant cash advances.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(12)(v) and comment 107(a)(12)(v)-1 as proposed. Final Sec.  
1002.107(a)(12)(v) requires financial institutions to report the 
difference between the amount advanced and the amount to be repaid, 
expressed in dollars, for merchant cash advances or other sales-based 
financing transactions. As with all aspects of pricing within final 
Sec.  1002.107(a)(12), this requirement applies to credit transactions 
that either have been originated or have been approved by the financial 
institution but not accepted by the applicant.
    As discussed in the NPRM, some types of commercial financing 
contain pricing terms that are difficult to reflect in data about 
interest rate and fees. For example, under a typical merchant cash 
advance, a merchant receives a cash advance and promises to repay it 
(plus some additional amount) to the merchant cash advance provider. 
Merchant cash advance providers generally do not provide an interest 
rate, and while they may charge fees at origination or during the first 
year, the majority of a merchant cash advance's cost to the merchant 
comes from the additional amount repaid by the merchant on top of the 
amount advanced. This additional amount may be expressed as a multiple 
of the amount advanced in the form of a factor rate or percentage, or 
it may be derived by comparing the total payback amount to the amount 
actually advanced. This additional amount is typically not 
characterized as interest, so it would not be reported under final 
Sec.  1002.107(a)(12)(i). Nor is this additional amount characterized 
as a fee charged at origination or scheduled to be imposed during the 
first year after the transaction, so it would not be reported under 
final Sec.  1002.107(a)(12)(ii) or (iv). Without an additional pricing 
data field to capture this additional amount along with any other fees 
the merchant cash advance provider charges, data users attempting to 
analyze merchant cash advance pricing would miss most of the cost of 
credit associated with these transactions. Therefore, the inclusion of 
this data field aids in fulfilling both the fair lending enforcement 
and business and community development purposes of the statute.
    The Bureau believes that collecting and reporting this data will 
impose relatively little burden on financial institutions, because they 
can determine the additional amount repaid by computing the difference 
between the amount of revenue purchased and the purchase price 
typically found in the merchant cash advance contract. Commenters 
generally did not make assertions to the contrary.
    As discussed in the section-by-section analysis of Sec.  
1002.107(a)(5) above, the Bureau is requiring, for merchant cash 
advances and other sales-based financing transactions, that financial 
institutions report the loan term, if any, that the financial 
institution estimated, specified, or disclosed in processing or 
underwriting the application or transaction. This information will 
allow data users to better understand and use the information reported 
pursuant to final Sec.  1002.107(a)(12)(v). However, the Bureau is not 
adopting one commenter's suggestion regarding future transaction types 
that may resemble merchant cash advances or other sales-based 
financing, as the Bureau believes such transactions should be 
adequately covered by the ``other sales-based financing'' label and 
thus this information would be reportable for such transactions.
107(a)(12)(vi) Prepayment Penalties
Proposed Rule
    Proposed Sec.  1002.107(a)(12)(vi)(A) would have required financial 
institutions to report whether the financial institution could have 
included a prepayment penalty under the policies and procedures 
applicable to the covered credit transaction. Proposed Sec.  
1002.107(a)(12)(vi)(B) would have required financial institutions to 
report whether the terms of the covered credit transaction include a 
charge imposed for paying all or part of the transaction's principal 
before the date on which the principal is due. Proposed comment 
107(a)(12)(vi)-1 would have provided additional information on how to 
determine whether the applicable policies and procedures allow a 
financial institution to include prepayment penalties in the loan 
agreement.
    The Bureau sought comment on proposed Sec.  1002.107(a)(12)(vi) and 
its commentary, including whether to enumerate other types of 
contingent charges separately in the 1071 data to more accurately 
reflect the cost of covered credit transactions. The Bureau also sought 
comment on whether there are alternative data that would provide 
similar insight into whether certain borrowers are being steered into 
covered credit transactions containing prepayment penalty terms or 
other similar contingent terms.
Comments Received
    The Bureau received comments regarding the reporting of prepayment 
penalty information from lenders, trade associations, and community 
groups. A number of community groups supported the proposal to collect 
prepayment penalty information. One asserted that information on 
prepayment penalties is important for data users to determine whether 
such charges are targeting underserved borrowers. Another noted that 
research by the Federal Reserve Board shows that many small business 
borrowers do not expect the balloon finance charge that many merchant 
cash advances and other transactions impose for prepayment.\653\ A 
joint letter from community and business advocacy groups requested that 
the Bureau ensure that financial institutions cannot evade the 
reporting requirement by changing how prepayment penalties are 
described.
---------------------------------------------------------------------------

    \653\ Barbara Lipman & Ann Marie Wiersch, Bd. of Governors of 
the Fed. Rsrv. Sys., Browsing to Borrow: ``Mom & Pop'' Small 
Business Owners' Perspectives on Online Lenders and Products (June 
2018), https://www.federalreserve.gov/publications/files/2018-small-business-lending.pdf.
---------------------------------------------------------------------------

    A number of trade associations and banks questioned the necessity 
of prepayment penalty data and claimed that it would be misleading. A 
group of trade associations stated that the Bureau offered no evidence 
that these penalties impact community development or are used in a 
discriminatory fashion. The same commenter also asserted that nearly 
all merchant cash advance providers collect a charge for prepaying the 
amount advanced, but this charge would not be reflected in the proposed

[[Page 35319]]

prepayment penalty data point, leading to the data appearing to inflate 
the apparent cost of non-merchant cash advance credit. A State bankers 
association asserted that nondiscriminatory reasons exist for certain 
loans to have prepayment penalties even if a lender's general policies 
and procedures do not provide for them, so the reported data could not 
be used to detect steering. A bank stated that the proposal would not 
detect steering because it does not clarify whether the prepayment 
penalty applies to the transaction requested or the transaction 
approved.
    Two trade association comments asserted that lending policies are 
written in general terms and do not address prepayment penalties. 
Another trade association commented that it is possible that every loan 
``could'' have a prepayment penalty.
    A number of commenters requested that the Bureau change the scope 
of the data collection. A lender stated that the data collection should 
be limited to a binary flag and not require details on the potential 
penalties themselves. Two banks and a State bankers association stated 
that the data collection should be limited to whether a prepayment 
penalty was actually charged because a lender's policies might change 
during the reporting year and are dependent on external factors, such 
as the requirements of a third-party guarantor. A joint letter from 
community and business advocacy groups asserted that the Bureau should 
require reporting of the amount of any prepayment penalty and the term 
over which the penalty could be imposed. Finally, a cross-sector group 
of lenders, community groups, and small business advocates stated that 
the data collection should be modified to capture the balloon finance 
charge that nearly all merchant cash advances, and many other small 
business loans, charge on prepayment. This commenter stated that, 
because this charge is the finance charge that would be paid over the 
original term of the loan, it would not be considered a ``penalty.''
Final Rule
    For the reasons set forth herein, the Bureau is adopting final 
Sec.  1002.107(a)(12)(vi) with one technical correction, adopting 
comment 107(a)(12)(vi)-1 as proposed, and adding new comment 
107(a)(12)(vi)-2 regarding charges that become due immediately on 
prepayment. Final Sec.  1002.107(a)(12)(vi)(A) requires a financial 
institution to report whether it could have included a charge to be 
imposed for paying all or part of the transaction's principal before 
the date on which the principal is due under the policies and 
procedures applicable to the covered credit transaction 
(notwithstanding whether such a provision was in fact included in this 
specific credit transaction). Final Sec.  1002.107(a)(12)(vi)(B) 
requires financial institutions to report whether the terms of the 
covered credit transaction do in fact include such a charge. These 
provisions allow data users to determine what percentage of covered 
credit transactions could contain a prepayment penalty term, what 
percentage of such transactions actually contain such a term, and, 
together with other data points, the demographic profile of borrowers 
whose contracts do and do not include the term. The two provisions work 
together to allow data users to better determine whether certain 
borrowers are being steered towards covered credit transactions 
containing prepayment penalty terms.
    Final comment 107(a)(12)(vi)-1 elaborates on the requirement to 
report whether financial institutions could have included a prepayment 
penalty in the covered credit transaction to clarify that the 
applicable policies and procedures are those that the financial 
institution follows when evaluating applications for the specific 
credit type and credit purpose requested. The Bureau believes this 
provision will ensure that similar credit products are being analyzed 
together and reduces the possibility that potential fair lending risk 
is incorrectly identified. In response to commenters who said that 
financial institutions' policies may change during the reporting year, 
the Bureau notes that comment 107(a)(12)(vi)-1 explains that the 
relevant policies and procedures are those in effect at the time of the 
covered credit transaction. A financial institution would not report 
based on different policies and procedures that might be adopted later 
in the reporting period.
    New comment 107(a)(12)(vi)-2 explains that a financial institution 
complies with final Sec.  1002.107(a)(12)(vi) by reporting as a 
prepayment penalty any balloon finance charge that may be imposed for 
paying all or part of the transaction's principal before the date on 
which the principal is due and provides an example which illustrates a 
balloon finance charge that should be reported. As explained above, one 
commenter stated that most merchant cash advances and many other 
transactions have finance charges that would be paid over the entire 
term of the loan but that immediately become due on prepayment. The 
Bureau agrees that it was not sufficiently clear that these balloon 
finance charges would have been covered under the proposed description 
of a prepayment penalty. In addition, another commenter asked the 
Bureau to make clear that financial institutions cannot evade the 
reporting requirement by changing how prepayment penalties are 
described. New comment 107(a)(12)(vi)-2 was added to address both of 
these concerns.
    In response to commenters asserting that prepayment penalty data 
are unnecessary or misleading, the Bureau notes that small business 
loan contracts may include prepayment penalties and the penalties can 
be sizable and structured as a percent of the remaining outstanding 
balance. The Bureau also understands that there may be concern among 
stakeholders, including community groups, that certain small business 
applicants may be steered toward loans containing prepayment penalty 
terms. The collection of data regarding which contracts contain a 
prepayment penalty and whether a prepayment penalty could have been 
imposed on specific contract types allows the data to be analyzed for 
fair lending purposes to see if certain groups are more frequently 
entering into contracts containing prepayment penalties. From a market 
competition standpoint, financial institutions may want to know how 
frequently their competitors are using prepayment penalties, and 
collection of these data could improve market transparency and new 
product development opportunities. The Bureau is not convinced by 
commenters' assertions that the data will not be valuable nor that it 
should require reporting of additional data related to prepayment 
penalties. The Bureau believes the type of data required to be reported 
pursuant to final Sec.  1002.107(a)(12)(vi) strikes the right balance 
between collecting information helpful to analyze for the purposes 
mentioned above and not requiring financial institutions to provide 
information regarding prepayment penalties.
107(a)(13) Census Tract
Proposed Rule
    Section 1071 requires financial institutions to collect and report 
``the census tract in which is located the principal place of business 
of the . . . applicant.'' \654\ This provision is similar to Regulation 
C, which requires reporting of the census tract in certain 
circumstances if the property securing the loan (or proposed to secure 
the loan,

[[Page 35320]]

if the transaction was not originated) is in a county with a population 
of more than 30,000.\655\ Under Regulation C, the financial institution 
generally finds the census tract by geocoding using the address of the 
property. Geocoding is the process of using a particular property 
address to locate its geographical coordinates, and from those 
coordinates one can identify the corresponding census tract.
---------------------------------------------------------------------------

    \654\ ECOA section 704B(e)(2)(E).
    \655\ Regulation C Sec.  1003.4(a)(9)(ii)(C). Regulation C also 
requires reporting of the property address for all applications.
---------------------------------------------------------------------------

    CRA reporting of business loans by depository institutions also 
requires reporting of census tract. The Bureau understands that CRA 
allows reporting of a census tract based on the address or location 
where the proceeds of the credit will be principally applied.\656\
---------------------------------------------------------------------------

    \656\ See 2015 FFIEC CRA Guide at 16.
---------------------------------------------------------------------------

    The Bureau proposed Sec.  1002.107(a)(13) to require financial 
institutions to collect and report the census tract data point using a 
``waterfall'' approach. The proposed rule would have required a 
financial institution to collect and report the census tract in which 
is located: (i) The address or location where the proceeds of the 
credit applied for or originated will be or would have been principally 
applied; or (ii) If the information in (i) is unknown, the address or 
location of the main office or headquarters of the applicant; or (iii) 
If the information in both (i) and (ii) is unknown, another address or 
location associated with the applicant. In addition, the proposed rule 
would have required that the financial institution also indicate which 
one of the three types of addresses or locations listed in (i), (ii), 
or (iii) the census tract is based on. Although the proposed rule did 
not specifically require it, the Bureau assumed that financial 
institutions or their vendors would generally use a geocoding tool to 
analyze the appropriate address to identify a census tract number.
    The proposed approach would have required a financial institution 
to report the census tract of the proceeds address if it was available 
but would not have required a financial institution to ask about it 
specifically. Financial institutions would have been able to apply the 
waterfall approach to the addresses they were currently collecting; 
they would not have been required to specifically ask for the proceeds 
or headquarters addresses. In addition, the proposed method would have 
allowed a financial institution to report that it was unsure about the 
nature of the address if it had no information as to the nature or 
function of the business address it possessed.
    Proposed comment 107(a)(13)-1 would have provided general 
instructions on using the waterfall reporting method, with examples for 
guidance. The Bureau believed that this comment would facilitate 
compliance and sought comment on whether any additional instructions or 
examples would be useful.
    Proposed comment 107(a)(13)-2 would have explained that a financial 
institution would comply with proposed Sec.  1002.107(a)(13) by 
identifying the appropriate address or location and the type of that 
address or location in good faith, using appropriate information from 
the applicant's credit file or otherwise known by the financial 
institution. The comment would also have made clear that a financial 
institution would not be required to investigate beyond its standard 
procedures as to the nature of the addresses or locations it collects.
    Proposed comment 107(a)(13)-3 would have explained that pursuant to 
proposed Sec.  1002.107(c)(1) a financial institution would be required 
to maintain procedures reasonably designed to collect applicant-
provided information, which would include at least one address or 
location for an applicant for census tract reporting. However, the 
comment would have further explained that if a financial institution 
was nonetheless unable to collect or otherwise determine any address or 
location for an application, the financial institution would report 
that the census tract information was ``not provided by applicant and 
otherwise undetermined.''
    The Bureau proposed a safe harbor in Sec.  1002.112(c)(1) 
(renumbered as Sec.  1002.112(c)(2) in the final rule), which would 
have stated that an incorrect entry for census tract would not be a 
violation of ECOA or subpart B if the financial institution obtained 
the census tract by correctly using a geocoding tool provided by the 
FFIEC or the Bureau. Proposed comment 107(a)(13)-4 would have cross-
referenced that provision. See the section-by-section analysis of Sec.  
1002.112(c)(2) below for additional discussion of this safe harbor.
    During the SBREFA process, some small entity representatives 
explained that they generally collect the main office address of the 
small business, which for sole proprietorships will often be a home 
address, and were generally not aware of the proceeds address. The 
Bureau's proposed waterfall approach would accommodate this situation 
by allowing financial institutions to report census tract using the 
address that they currently collect. While several small entity 
representatives were already geocoding applicants' addresses, others 
were concerned about the burden associated with geocoding for HMDA and 
one expressed a preference for the CRA method of geocoding, as did 
several other stakeholders. Accordingly, the Bureau sought comment on 
the difference between geocoding for HMDA and for CRA, and any specific 
advantages or disadvantages associated with geocoding under either 
method. In regard to a small entity representative's request for a 
Federal government tool capable of batch processing for geocoding of 
addresses, the Bureau noted that it was considering the utility of such 
a tool. As the SBREFA Panel recommended, the Bureau sought comment on 
the feasibility and ease of using existing Federal services to geocode 
addresses in order to determine census tract for section 1071 reporting 
purposes (such as what is offered by the FFIEC for use in reporting 
HMDA and CRA data).
    The Bureau sought comment on its proposed approach to the census 
tract data point. In addition to the specific requests for input above, 
the Bureau noted that the waterfall method was intended to allow CRA 
reporters to provide the same data for both reporting regimes, but 
requested comment on whether the proposed method would achieve this 
goal and, if not, whether and how this data point should be further 
coordinated with CRA.
Comments Received
    The Bureau received comments on this aspect of the proposal from 
numerous lenders, trade associations, community groups, and others. 
Several commenters supported the inclusion of the census tract data 
point, and many specifically discussed and supported the proposed 
waterfall approach to reporting. One CDFI lender stated that it 
currently collects this information for the CDFI Fund. Several 
community groups discussed the importance of knowing where loans were 
made to combat redlining and ensure that socially disadvantaged farmers 
and other small businesses can have appropriate access to credit. A 
community group and a trade association agreed with the Bureau's 
proposal that the waterfall method would allow section 1071 reporting 
to match CRA requirements. Another trade association said that 
financial institutions would be able to use an address provided by the 
applicant and agreed that reporting of the proceeds address would allow 
coordination with CRA, though it did not comment on the

[[Page 35321]]

proposed waterfall. Although they supported the waterfall approach, two 
community groups requested that financial institutions be required to 
ask for the location where the proceeds of the credit would be used, 
stating that this method would allow for better coordination with CRA 
and better fulfillment of the purposes of section 1071.
    Several industry commenters stated that the census tract data point 
would be confusing and difficult to report. One commenter pointed out 
that multiple applicant addresses and address changes for applicants 
would complicate reporting. A national auto finance trade association 
stated that its members do not work with census tracts and that 
technical and process changes would be necessary to deliver this data.
    A trade association stated that geocoding will be a significant 
burden for many credit unions, the vast majority of which do not 
collect census tract information for small business loans. That 
commenter further stated that although some CDFI credit unions collect 
census tract information, many are completely unfamiliar with census 
tracts--particularly credit unions that are not HMDA reporters. The 
commenter also said that the FFIEC geocoder does not permit batch 
inputs, which it said further slows application processes. Finally, the 
commenter requested that the Bureau develop a free tool that permits 
batch inputs and better enables efficient and cost-effective 
compliance.
    Two banks and a trade association commented that many banks that 
are not HMDA reporters are unfamiliar with census tracts. Commenters 
also stated that the FFIEC geocoder works efficiently for addresses in 
and close to metro areas, but not as easily for more rural addresses, 
and in relation to new subdivisions and developments. They further 
pointed out that when an address is not ``matched'' in the FFIEC 
system, it requires manual plotting, which is time-consuming and 
difficult, and stated that a bank that makes strictly agricultural 
loans might find many non-matching addresses. Finally, two of these 
commenters suggested that reporting the State and county codes should 
be sufficient when there is no match in the FFIEC geocoder.
    Several industry commenters specifically objected to the waterfall 
reporting method, which they stated was confusing and difficult, and 
many suggested it should not be mandatory. Some of these commenters 
requested clarification on how to report if there are multiple proceeds 
addresses, or if the bank learns of a different proceeds address after 
the loan closes. In addition, two commenters asked that the Bureau 
clarify whether the census tract should match the mailing address of 
the applicant or the physical address.
    Numerous banks and trade associations stated that section 1071 
reporting requirements, especially the census tract data point, 
overlapped or conflicted with HMDA and CRA reporting requirements, 
creating unnecessary difficulties. Most of these commenters asked that 
the Bureau coordinate these requirements and provide a complete 
exemption from section 1071, HMDA, or CRA for loans that overlap. 
Commenters requesting exemptions did not explain why the use of the 
proceeds address would not allow coordination between section 1071 and 
CRA census tract reporting.
    Some industry commenters expressed concern that census tract 
information, especially when combined with the NAICS business type and 
other reported data, could facilitate reidentification of small 
business applicants. These commenters stated that this risk would be 
greater in rural areas.
    Comments addressing the Bureau's proposed safe harbor for use of 
certain geocoders are addressed in the section-by-section analysis of 
Sec.  1002.114(c)(1) below.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(13) and associated commentary with a minor edit for 
clarity. Final Sec.  1002.107(a)(13) requires that financial 
institutions collect and report the census tract data point using the 
``waterfall'' approach described above.
    In regard to the comments expressing concern about the burden 
associated with collecting and reporting census tract information using 
a geocoder and by other means, the Bureau notes that census tract is 
specifically enumerated as a data point in the statute. In addition, 
the Bureau believes that its reporting method for the census tract data 
point leverages existing industry information collection practices and 
will result in useful information to further section 1071's purposes 
while avoiding imposing much additional burden on financial 
institutions. The waterfall method allows a financial institution to 
report census tract using an address it already has, with no further 
investigation; allows a financial institution to avoid further 
investigation when it is unsure about the nature of the address 
reported; and allows current CRA reporters to report the same address 
for this rule as they do for CRA.\657\ In addition, the waterfall 
method prioritizes the proceeds address, which the Bureau considers to 
be particularly useful for both the fair lending and business and 
community development purposes of section 1071.
---------------------------------------------------------------------------

    \657\ As explained below, the current CRA rulemaking envisions 
replacing small business and small farm CRA data collection with the 
1071 data collection, but in the event CRA data is still reported 
under the current regime for some period of time after compliance 
with this rule is required, the Bureau believes that the ability to 
report the same data in the interim should reduce any operational 
difficulties related to census tract. See 87 FR 33884, 33997, 34005 
(June 3, 2022).
---------------------------------------------------------------------------

    The waterfall approach adopted in the final rule requires a 
financial institution to report the census tract of the proceeds 
address if it is available, but does not require a financial 
institution to ask about it specifically. This provision is meant to 
address potential concerns about reporters spending time on complex, 
fact-specific questions and unintentionally misreporting this data 
point, which could occur if financial institution staff have to 
determine what kind of address they are reporting based on insufficient 
information. The Bureau believes that this option will be particularly 
helpful if the application is denied or withdrawn early in the 
application process before the nature of any address provided by the 
applicant is clear.
    Requiring financial institutions to inquire as to the address where 
the proceeds will be applied, as some commenters requested, might 
result in slightly more proceeds addresses being reported. However, the 
Bureau does not believe that the extra information reported in certain 
instances would be worth the extra difficulty across all small business 
applications. In addition, the Bureau believes that the waterfall 
approach in collecting census tract data provides sufficient 
flexibility; making use of the waterfall voluntary, as some commenters 
suggested, would result in less useful information being collected 
while only reducing difficulty by a small amount. In regard to the 
comment asking whether the physical or mailing address or location 
should be used, the Bureau notes that the credit proceeds will be 
applied at a physical location, and the main office or headquarters of 
a business will also occupy a physical location. The third option in 
the waterfall, ``another address or location,'' does not suggest the 
nature of such an address, but the financial institution will need to 
have enough information to determine a census tract for that location.
    As explained above, the Bureau understands that CRA currently 
requests reporting of a census tract based on the

[[Page 35322]]

address or location where the proceeds of the credit will be 
principally applied.\658\ The Bureau also believes that CRA reporting 
on this data point is reasonably flexible, and a financial institution 
will be able to coordinate the two compliance regimes to report the 
same census tract. The commenters who stated that this data point would 
conflict with CRA reporting did not explain why they believed this to 
be so, and other industry commenters agreed that the census tract data 
point for section 1071 would allow coordinated reporting with CRA. The 
Bureau also notes that the recent CRA interagency proposed rule, if 
finalized, would eventually replace CRA small business and small farm 
data with data collected pursuant to section 1071, in which case this 
issue would likely be moot.\659\
---------------------------------------------------------------------------

    \658\ See, e.g., Off. of the Comptroller of Currency, Fed. Rsrv. 
Sys., Fed. Deposit Ins. Corp., Community Reinvestment Act; 
Interagency Questions and Answers Regarding Community Reinvestment; 
Guidance, 81 FR 48506, 48551-52 (July 25, 2016).
    \659\ See 87 FR 33884, 33997, 34005 (June 3, 2022).
---------------------------------------------------------------------------

    Although the Bureau sought comment on the differences between HMDA 
and CRA census tract reporting, no commenters provided information on 
this issue. In regard to commenter concerns about overlaps or conflicts 
with HMDA reporting, the Bureau notes that the final rule excludes 
HMDA-reportable transactions from coverage, as discussed in the 
section-by-section analysis of Sec.  1002.104(b)(2) above, so that 
concern is now moot as well.
    The Bureau notes that section 1071's description of the census 
tract data point refers to the census tract for the applicant's 
``principal place of business.'' \660\ The Bureau considers the 
waterfall approach in final Sec.  1002.107(a)(13) to be a reasonable 
interpretation of the undefined statutory term ``principal place of 
business,'' which the Bureau understands not to have a standard 
definition, and thus believes to be ambiguous. First, the Bureau 
believes that the address or location of the main office or 
headquarters of the applicant fits easily into one of the common 
meanings of ``principal place of business.'' In addition, the Bureau 
anticipates that, generally, the address where the loan proceeds will 
be applied will also be the main office or headquarters address.\661\ 
The primary exception to this principle will be in the case of credit 
intended for purchase, construction/improvement, or refinancing of real 
property; under these circumstances, the Bureau reasonably interprets 
the term ``principal place of business'' to mean the principal location 
for business activities relating to the extension of credit at issue. 
Although ``another address or location associated with the applicant'' 
might not always be the principal place of business of the applicant, 
the Bureau considers this information to be the financial institution's 
best option for reporting data on the principal place of business when 
the nature of a location is unknown.
---------------------------------------------------------------------------

    \660\ ECOA section 704B(e)(2)(E).
    \661\ According to U.S. Census 2019 SUSB data, there are 
6,081,544 firms with fewer than 500 employees (which will be used, 
for this purpose, as a rough proxy for a ``small business''); those 
firms collectively have 6,588,335 establishments (i.e., locations). 
This means that, at most, approximately 8 percent of firms with 
fewer than 500 employees could have more than one location. See U.S. 
Census Bureau, 2019 SUSB Annual Datasets by Establishment Industry 
(Feb. 2022), https://www.census.gov/programs-surveys/susb/data/tables.html. According to the U.S. Census Bureau's Non-employer 
Statistics, there are 27,104,006 non-employer establishments 
(regardless of revenue size). Non-employer firms account for fewer 
than 4 percent of all sales, though, and the vast majority are sole 
proprietorships. While not impossible, the Bureau believes it is 
very unlikely that non-employer firms would have more than one 
location. See U.S. Census Bureau, All Sectors: Nonemployer 
Statistics by Legal Form of Organization and Receipts Size Class for 
the U.S., States, and Selected Geographies: 2019 (2019), https://data.census.gov/cedsci/table?q=NONEMP2019.NS1900NONEMP&tid=NONEMP2019.NS1900NONEMP&hidePreview=true.
---------------------------------------------------------------------------

    In the alternative, section 1071 authorizes the Bureau to include 
any ``additional data that the Bureau determines would aid in 
fulfilling the purposes of [section 1071].'' The Bureau has determined 
that requiring reporting of the proceeds address will aid in fulfilling 
both the fair lending and business and community development purposes 
of section 1071 by providing more useful information on the location of 
the activity financed for fair lending analysis and understanding where 
the business and community development is occurring. Requiring 
reporting of another address or location associated with the applicant 
when both the proceeds address and the main office or headquarters 
address are not available will provide location data when otherwise 
none would be present, thus also aiding in fulfilling both the fair 
lending and business and community development purposes of section 1071 
by providing more useful information on location for fair lending 
analysis and understanding where the business and community development 
will likely be occurring. In addition, requiring data on the nature of 
the address reported will aid in fulfilling both the fair lending and 
business and community development purposes of section 1071 by 
facilitating accurate analyses of the data reported. Also, in the 
alternative, to the extent that ``the principal place of business of 
the . . . applicant'' is understood to mean only ``main office or 
headquarters address'' (which, as explained above, the Bureau does not 
adopt as its interpretation of the statutory term) the Bureau believes 
it is appropriate to use its exception authority under ECOA section 
704B(g)(2) to provide that financial institutions in certain situations 
may report the proceeds address or ``another address or location 
associated with the applicant,'' because the Bureau believes those 
addresses will carry out the purposes of section 1071 more 
appropriately than requiring the main office or headquarters address in 
every situation.
    The Bureau is finalizing comment 107(a)(13)-1 through -4 with a 
minor edit for consistency. Comment 107(a)(13)-1 provides general 
instructions on using the waterfall reporting method, with examples for 
guidance, which will facilitate compliance.
    Final comment 107(a)(13)-2 explains that a financial institution 
complies with Sec.  1002.107(a)(13) by identifying the appropriate 
address or location and the type of that address or location in good 
faith, using appropriate information from the applicant's credit file 
or otherwise known by the financial institution. The comment also makes 
clear that a financial institution is not required to investigate 
beyond its standard procedures as to the nature of the addresses or 
locations it collects. The Bureau believes that this guidance strikes 
the right balance by allowing flexibility in reporting, and also 
requiring appropriate good faith compliance in exercising that 
flexibility, thereby yielding quality data. In regard to commenters' 
concerns about reporting census tract when there are multiple proceeds 
addresses, the Bureau notes that the rule requires reporting using the 
address where the proceeds will be or would have been principally 
applied, and allows for other addresses to be used if that address is 
unknown. As final comment 107(a)(13)-2 makes clear, as long as a 
financial institution determines which address to use in good faith, it 
will be in compliance with the rule. The Bureau believes that including 
detailed instructions on how to determine which proceeds address to 
report would increase the difficulty of reporting while only marginally 
enhancing the quality of the data reported. In regard to the comment 
about what to report when the proceeds or other address changes, 
because comment 107(a)(13)-2 requires that the address/location be 
identified in good faith, an address that the financial institution 
knows is no longer accurate

[[Page 35323]]

would not be appropriate to use in determining the census tract when a 
more accurate address is available.
    Final comment 107(a)(13)-3 explains that pursuant to final Sec.  
1002.107(c)(1) a financial institution is required to maintain 
procedures reasonably designed to collect applicant-provided data, 
which includes at least one address or location for an applicant for 
census tract reporting. However, the comment further explains that if a 
financial institution is nonetheless unable to collect or otherwise 
determine any address or location for an application, the financial 
institution reports that the census tract information was ``not 
provided by applicant and otherwise undetermined.'' Based on the 
Bureau's understanding of financial institutions' application 
procedures, the Bureau believes it is highly unlikely that a financial 
institution will not obtain some type of address for the applicant. 
Nonetheless, the Bureau permits financial institutions to report this 
data point using the ``not provided by applicant and otherwise 
undetermined'' response in order to facilitate compliance in those rare 
instances when the financial institution does not have the data 
requested. The reference in the comment to final Sec.  1002.107(c)(1) 
makes clear, however, that a financial institution must maintain 
procedures reasonably designed to collect at least one address. As with 
the previous comment, the Bureau believes that this comment strikes the 
right balance by facilitating compliance and also emphasizing the 
requirement to collect appropriate data.
    Final comment 107(a)(13)-4 cross-references a safe harbor the 
Bureau is finalizing in Sec.  1002.112(c)(2), which states that an 
incorrect entry for census tract will not be a violation of ECOA or 
subpart B if the financial institution obtains the census tract by 
correctly using a geocoding tool provided by the FFIEC or the Bureau. 
See the section-by-section analysis of Sec.  1002.112(c)(2) below for 
additional discussion of this safe harbor. In regard to commenters' 
requests for a new Federal geocoding tool that allows for batch 
processing, the Bureau continues to explore this option.
    Finally, as discussed above, some commenters were concerned about 
reidentification risk in regard to census tract reporting, especially 
when combined with NAICS industry codes and other data, and especially 
in rural areas. The Bureau appreciates concerns regarding the potential 
re-identification risk posed by the publication of unmodified census 
tract data. Accordingly, the Bureau believes that, if it decides to 
publish census tract, modification may be appropriate to mitigate 
potential re-identification risk to small business applicants and 
related natural persons. The Bureau notes that it will consider 
carefully what data will be publicly released, and will carefully 
protect applicant privacy, while preserving the utility of the dataset. 
See part VIII.B.6.xi below for discussion of this issue.
107(a)(14) Gross Annual Revenue
Proposed Rule
    Section 1071 requires financial institutions to collect and report 
``the gross annual revenue of the business in the last fiscal year of 
the . . . applicant preceding the date of the application.'' \662\
---------------------------------------------------------------------------

    \662\ ECOA section 704B(e)(2)(F).
---------------------------------------------------------------------------

    Proposed Sec.  1002.107(a)(14) would have required reporting of the 
gross annual revenue of the applicant for its preceding full fiscal 
year prior to when the information is collected. The Bureau proposed to 
require reporting of a specific value for gross annual revenue--rather 
than a range--to simplify the reporting of gross annual revenue 
information for financial institutions and because it believed that a 
precise value would be more useful for data users, including the 
Bureau.
    Proposed comment 107(a)(14)-1 would have clarified that a financial 
institution need not verify gross annual revenue information provided 
by the applicant to comply with proposed Sec.  1002.107(a)(14), as some 
small entity representatives and other stakeholders suggested. The 
proposed comment would have explained that the financial institution 
may rely on statements of or information provided by the applicant in 
collecting and reporting gross annual revenue. The proposed comment 
would have also stated, however, that if the financial institution 
verifies the gross annual revenue provided by the applicant, it must 
report the verified information. The Bureau believed that a requirement 
to verify gross annual revenue could be operationally difficult for 
many financial institutions, particularly in situations in which the 
financial institution does not collect gross annual revenue currently. 
The Bureau also did not believe that such a requirement was necessary 
in fulfilling either of section 1071's statutory purposes. However, the 
Bureau believed that reporting verified gross annual revenue when the 
financial institution already possesses that information would not be 
operationally difficult and would enhance the accuracy of the 
information reported.
    Proposed comment 107(a)(14)-1 would have also provided specific 
language that a financial institution could use to ask about an 
applicant's gross annual revenue and would have explained that a 
financial institution could rely on the applicant's answer. The Bureau 
believed this language would facilitate compliance for financial 
institutions that currently do not collect gross annual revenue, 
collect it only in limited circumstances, or would otherwise find its 
collection challenging, as some small entity representatives and other 
stakeholders suggested.
    Overall, the Bureau believed that this approach in proposed comment 
107(a)(14)-1--clarifying that a financial institution need not verify 
applicant-provided gross annual revenue information and providing 
language that a financial institution may use to ask for such 
information--should reduce the complexity and difficulty of collecting 
gross annual revenue information.
    The Bureau believed that situations could arise in which the 
financial institution has identified that an applicant is a small 
business for the purposes of proposed Sec.  1002.106(b) through, for 
example, an initial screening question asking whether the applicant's 
gross annual revenue is below $5 million, but then the specific gross 
annual revenue amount could not be collected. Therefore, the Bureau 
proposed comment 107(a)(14)-2, which would have first clarified that 
pursuant to proposed Sec.  1002.107(c)(1), a financial institution 
shall maintain procedures reasonably designed to collect applicant-
provided information, including the gross annual revenue of the 
applicant. The proposed comment would have then stated that if a 
financial institution is nonetheless unable to collect or determine the 
specific gross annual revenue of the applicant, the financial 
institution reports that the gross annual revenue is ``not provided by 
applicant and otherwise undetermined.'' The Bureau believed that 
permitting this reporting flexibility would reduce the complexity and 
difficulty of reporting gross annual revenue information, particularly 
when an application has been denied or withdrawn early in the process 
and the gross annual revenue could not be collected.
    Proposed comment 107(a)(14)-3 would have clarified that a financial 
institution is permitted, but not required, to report the gross annual 
revenue for the applicant that includes the revenue of affiliates as 
well. The proposed comment would have stated that, for example, if the 
financial

[[Page 35324]]

institution does not normally collect information on affiliate revenue, 
the financial institution reports only the applicant's revenue and does 
not include the revenue of any affiliates when it has not collected 
that information. The Bureau believed that permitting, but not 
requiring, a financial institution to include the revenue of affiliates 
will carry out the purposes of section 1071 while reducing undue burden 
on financial institutions in collecting gross annual revenue 
information. Proposed comment 107(a)(14)-3 would have concluded by 
explaining that in determining whether the applicant is a small 
business under proposed Sec.  1002.106(b), a financial institution may 
rely on an applicant's representations regarding gross annual revenue, 
which may or may not include affiliates' revenue. This approach 
regarding affiliate revenue in proposed comment 107(a)(14)-3 was 
consistent with the approach regarding affiliate revenue for purposes 
of determining whether an applicant is a small business under proposed 
Sec.  1002.106(b). The Bureau believed that this operational 
equivalence between proposed Sec.  1002.107(a)(14) and proposed Sec.  
1002.106(b) would facilitate compliance and enhance the consistency of 
the data.
    In the NPRM, the Bureau expressed skepticism regarding some small 
entity representatives' suggestions to allow estimation or 
extrapolation of gross annual revenue based on partially reported 
revenue, noting, for example, that a seasonal business's bank 
statements for its busy season would likely yield an inflated gross 
annual revenue when extrapolated to a full year. The Bureau sought 
comment on whether financial institutions should be permitted to 
estimate or extrapolate gross annual revenue from partially reported 
revenue or other information, and how such estimation or extrapolation 
would be carried out. The Bureau also noted that estimation or 
extrapolation of gross annual revenue would be sufficient for the 
purposes of determining small business status under proposed Sec.  
1002.106(b), subject to the requirement under proposed comment 
107(a)(14)-1 that a financial institution must report verified gross 
annual revenue information if available.
    The Bureau sought comment on its proposed approach to the gross 
annual revenue data point, as well as the specific requests for comment 
above. As the SBREFA Panel recommended, the Bureau also sought comment 
on how the timing of tax and revenue reporting can best be coordinated 
with the collection and reporting of gross annual revenue. In addition, 
the Bureau sought comment on the effect of cash flow versus accrual 
accounting on reporting of gross annual revenue.
Comments Received
    The Bureau received comments on its proposed approach to the gross 
annual revenue data point from a range of lenders, trade associations, 
and community groups. With the exception of several agricultural 
lenders, industry commenters generally did not object to the Bureau's 
proposal to require the collection and reporting of gross annual 
revenue as required by ECOA section 704B(e)(2)(F) and three commenters 
(two community groups and a lender) expressed support for the proposed 
gross annual revenue data point. One of the community groups asserted 
that the gross annual revenue of the small business is a critical data 
element since research shows that smaller businesses are less likely to 
receive loans and that this data point is needed to assess whether 
banks are meeting credit needs of small businesses. The other community 
group remarked that it was critically important to allow for analysis 
looking at smaller buckets of small businesses based on gross revenue.
    Several agricultural lenders, echoing comments from a major 
agricultural credit trade association, argued that the Bureau should 
not require the collection or reporting of gross annual revenue 
information for agricultural credit and urged the Bureau to use its 
exception authority to eliminate this data point for agricultural 
credit. The commenters argued that collecting gross annual revenue 
information would pose substantial challenges for them given the 
prevalence of the ``non-standard'' agricultural borrower, including the 
majority of farmers who only farm on a part-time basis, and because 
many agricultural loans are currently decisioned with principal 
reliance on credit scoring systems, without considering revenue from 
farming or off-farm income. One agricultural lender explained that its 
underwriting standards include personal W-2 and other off-farm income, 
arguing that inclusion of that information in reporting this data point 
would be misleading as to the size of the business applying for a loan 
because off-farm income is not truly business income. The same 
commenter asserted that if, on the other hand, the off-farm income is 
not reported, the data would be misleading as they would show many 
loans approved to farmers with low business revenue (where they have 
sufficient personal income) and other loans denied to farmers with 
higher business revenue (because of insufficient personal income). 
Another commenter noted it was unclear how to calculate gross annual 
revenue for many agricultural credit transactions because for both 
estate planning and asset preservation purposes, many family farms are 
set up using complex business entities consisting of multiple trusts, 
corporations, partnerships, and limited liability entities, and that 
this means that the applicant signing the note may differ from the 
denoted mortgagors and guarantors, but all of whom are family members 
or business entities they own. Many of these agricultural lenders 
suggested that instead of gross annual revenue information, the 
appropriate metric for agricultural credit should be ``gross sales of 
agricultural or aquatic products'' as defined by the Farm Credit 
Administration in the prior year.
    Some bank commenters suggested the Bureau align with other 
reporting regimes (such as HMDA and CRA) by adopting a definition of 
gross annual revenue based on annual revenue relied upon to make the 
credit decision. Several explained inconsistencies among regulatory 
approaches to gross annual revenue, pointing out the Bureau's proposal 
would require collecting gross annual revenue from the preceding fiscal 
year, whereas HMDA reporting requires use of the income considered in 
making the credit decision and the CRA utilizes gross annual revenue 
used to make the credit decision. Several commenters asserted that 
using a prior year's gross annual revenue would be problematic for many 
small businesses that cannot produce usable financial statements, 
including tax returns, immediately upon the close of a fiscal year. One 
such commenter elaborated that tax returns, which are often the only 
available income statements, may not be ready until September, 
resulting in many lenders relying on a tax return from two years ago or 
using a pro forma revenue outline. Another bank commenter asserted that 
using similar, but differently defined, data points between section 
1071 and CRA would complicate the reporting process and could be 
avoided by aligning the definitions. One commenter recommended aligning 
with CRA for originated loans by using gross annual revenue used to 
make the credit decision, but for non-originated loans (which are not 
reported under the CRA) using gross annual revenue information that has 
been provided by applicants absent credit decisions (such as in cases 
of some withdrawn or incomplete applications).

[[Page 35325]]

    Some commenters provided market intelligence related to the 
collection of gross annual revenue data. A trade association stated 
that collecting gross annual revenue information can be complicated 
because many small businesses have loan guarantors and co-borrowers. 
Another trade association explained that in the vehicle financing 
context, the borrower employee who is responsible for acquiring the 
vehicle may not be familiar with the total revenue of the company and 
the owner(s) of the company may not want to share this information with 
all employees. A few industry commenters stated that there are many 
instances where gross annual revenue information is not collected in 
the normal course of business because underwriting may be based on 
other factors such as a cash flow analysis, net income, or debt-to-
service ratio. For this reason, one of these commenters stated that it 
should be clear that applicants have no obligation to provide gross 
annual revenue information. Another asserted that where an applicant 
declines to provide gross annual revenue information, the Bureau is 
creating a significant regulatory challenge for the financial 
institution by requiring it to submit application-level information 
when it will not know for certain whether the business is a small 
business nor have any reliable way of obtaining gross annual revenue 
information absent a third-party provider, which do not exist for many 
industries. Conversely, a community group stated that gross annual 
revenue was likely to be collected as part of the underwriting process.
    A number of industry commenters requested clarification regarding 
how to report gross annual revenue information. A few commenters 
requested guidance regarding appropriate sources for gross annual 
revenue information. One bank commenter requested consistency in what 
defines gross annual revenue and asked whether gross sales listed on a 
tax return constitute an acceptable source for this information. 
Another commenter asked the Bureau to delineate whether tax returns, 
accountant prepared financial statements, or internal profit and loss 
statements constitute acceptable source documentation.
    Several industry commenters asked for guidance or made suggestions 
regarding how to calculate gross annual revenue. One asked whether the 
Bureau intends for gross annual revenue to be defined as the total of 
all income (account credits) for the year before subtracting any 
expenses (account debits). Another asked whether, in the case of a 
business that uses a calendar year for its fiscal year and applies for 
a loan early in the next fiscal year with many unknown numbers related 
to the prior fiscal year, the applicant should provide an estimate or 
whether the applicant should provide the information from the next 
preceding fiscal year. Two commenters suggested that the Bureau clarify 
that different business units within the financial institution may use 
different methods to determine gross annual revenue, as long as the 
methods are used consistently within each business unit. Another asked 
if, in the case of an applicant that owns two or more businesses, the 
financial institution should only collect and report the gross annual 
revenue of the business being financed and not combined revenues of all 
owned businesses.
    A number of industry commenters asked for clarification and made 
suggestions regarding how to report gross annual revenue for a startup 
business, a new line of business, or a business with a change in 
structure or ownership. A few commenters asked whether ``zero'' and/or 
``not available'' is an acceptable response for a startup business. One 
commenter urged the Bureau to define gross annual revenue in a 
straightforward manner that does not impact credit opportunities (nor 
compliance) for newly formed businesses that do not have historical 
gross annual revenue. Another commenter suggested the Bureau address or 
exempt new businesses from section 1071 reporting. Two commenters asked 
whether ``zero'' or ``not provided by applicant and otherwise 
undetermined'' should be reported when a borrower is establishing a new 
line of business but already has revenue in other businesses; one also 
asked if treatment should differ based on whether or not the new 
business line was in the same industry as the existing businesses. A 
bank commenter opined that for a start-up business, the financial 
institution should use the actual gross annual revenue to date 
(including the reporting of $0 if a new business has had no revenue to 
date) and that pro-forma projected revenue figures should not be 
reported since these figures do not reflect actual gross revenue. 
Another bank commenter suggested the Bureau develop FAQs and other 
documents that applicants can consult to help them determine what 
number to supply for gross annual revenue, particularly when a business 
is starting up or establishing a new business line. Another industry 
commenter asked how to handle situations where there is a change in 
structure or ownership of the business and it is unclear how the gross 
annual revenue should apply to the applicant.
    Two industry commenters specifically suggested changes related to 
how to report the gross annual revenue of single purpose entities and 
other real estate financing vehicles. Both suggested allowing a 
financial institution to rely on the gross annual revenue generated by 
the property or the applicant's projected gross annual revenue for 
purposes of determining the small business status of the applicant. One 
also suggested specific revisions to the commentary to incorporate its 
suggestions.
    The Bureau also received some general comments regarding the 
treatment of gross annual revenue information from an applicant's 
affiliate. A trade association expressed support for the Bureau's 
proposal to clarify that a financial institution need not verify gross 
annual revenue information provided by the applicant and is permitted--
but not required--to report the gross annual revenue for the applicant 
that includes the revenue of affiliates as well. Two community group 
comments urged the Bureau to require reporting on the gross annual 
revenue of parent companies and beneficial owners of limited liability 
companies in order to avoid obfuscating extensive property ownership.
    Some industry commenters provided suggestions regarding how to 
handle gross annual revenue information from the parent companies or 
affiliates of applicants. A bank inquired whether revenue or income 
relied upon from co-signers or guarantors that are not affiliates of 
the borrower should be factored into the gross annual revenue 
determination. A group of trade associations suggested specific 
technical revisions to the commentary for clarity. Two bank commenters 
noted there may be inconsistencies in the data where one institution 
looks like it is lending more to small(er) businesses because it opts 
not to include gross annual revenue of affiliates. Two other commenters 
asked that reportable gross annual revenue be the gross annual revenue 
of both the applicant and all of its affiliates. A bank recommended the 
Bureau further explain how to handle situations where the applicant is 
using multiple owned businesses/affiliates to support sufficient 
cashflow, and whether there are repercussions for excluding/including 
multiple revenues used in the credit decision. A group of trade 
associations representing the commercial real estate industry asked

[[Page 35326]]

the Bureau to provide additional guidance on what types of entities may 
be affiliates of an applicant, e.g., as a result of common ownership or 
common control. Another trade association suggested that the Bureau 
make minor revisions to commentary to clarify that a lender that does 
not collect affiliate revenue in all transactions is not precluded from 
collecting affiliate revenue in some transactions.
    A few commenters specifically asked for clarity regarding the 
treatment of real estate affiliate revenue. These commenters explained 
that many of their loans are to real estate investors who often form 
and apply through a single[hyphen]purpose limited liability company 
that has no gross annual revenue (and therefore would meet the proposed 
definition of a small business) but that may be affiliates of many 
other single[hyphen]purpose limited liability companies and individual 
owners. These commenters noted that they typically underwrite these 
loans based on a schedule of other real estate in which the single 
purpose entity (or its sponsor) has an ownership interest and by using 
a global debt coverage calculation that considers the combined income 
of the applicant and all affiliated businesses, which can often exceed 
$5 million annually. A group of trade associations representing the 
commercial real estate industry stated that under the SBA's general 
principles of affiliation, the single purpose entities that own that 
other real estate would be affiliates of the applicant single purpose 
entity, because of the overlapping ownership interest. They also stated 
that the single purpose entities on the schedule of real estate could 
additionally be affiliates of the applicant single purpose entity where 
one or more officers, directors, managing members, or partners controls 
the board of directors or management of both the applicant single 
purpose entity and the single purpose entities on the schedule of real 
estate. A bank asked the Bureau to clarify that such businesses should 
be determined to be ``small businesses'' for which data collection and 
reporting is required only if the combined income of the business and 
its related affiliates does not exceed the threshold set. The group of 
trade associations suggested revisions to the commentary that, in the 
case of single purpose entities, would allow a financial institution to 
consider the owners of any real property listed on a schedule of real 
estate as affiliates of the applicant and would also, under certain 
circumstances, allow a financial institution to estimate the gross 
annual revenue of any income-producing real property for purposes of 
determining an applicant's small business status. They also suggested 
that for an applicant that is a newly created single purpose entity, a 
financial institution should be permitted to apply the $5 million gross 
annual revenue threshold to either the gross annual revenue of the 
property for its most recent fiscal year under its prior owner or the 
single purpose entity's projected gross annual revenue.
    Some commenters asked for guidance or argued in favor of using 
estimates and extrapolations when exact gross annual revenue 
information is unavailable. A bank asked if using an estimate was 
permitted when the applicant does not have prior fiscal year 
information completed. Another commenter suggested that when an 
applicant does not provide information regarding its gross annual 
revenue but that applicant's revenue is tracked through a technology 
company's online platform (e.g., its sales on the company's online 
marketplace), a covered financial institution should be able to report 
gross annual revenue based on revenue information obtained from the 
platform data. The commenter argued that permitting use of this 
alternative data point would serve the purposes of section 1071 by 
enabling technology companies to collect and report information on a 
greater number of applications, while also reducing the compliance 
burden for financial institutions. Two commenters argued that for 
consistency, the Bureau should allow financial institutions to 
extrapolate or estimate an applicant's gross annual revenue, claiming 
that the Bureau proposed to allow institutions (not just applicants) to 
rely on extrapolated or estimated revenue data for determining whether 
or not a business is a small business.
    Many industry commenters supported the Bureau's proposal to permit 
financial institutions to rely upon gross annual revenue information 
provided by the applicant without any requirement to verify. Many of 
these commenters noted that they do not currently collect gross annual 
revenue information with every application and even if it is collected, 
they do not always verify the amount provided, as underwriting is often 
based on other factors such as a cash flow analysis or debt-to-service 
ratio. One commenter noted that the flexibility to use the gross annual 
revenue provided by the applicant and without verification allows 
financial institutions to continue using current, proven underwriting 
practices and does not add to the compliance burden by requiring 
additional revenue verification steps.
    The Bureau received some general comments regarding its proposal to 
not require verification of gross annual information but to require 
reporting of verified information when available. Two banks requested 
further clarification regarding the meaning of ``verification,'' one of 
whom argued that neither the identification and assessment of income 
figures (not the same as gross annual revenue) by a financial 
institution during the underwriting and credit decision process nor the 
post-origination independent testing and validation of the small 
business data file should be considered ``verification.'' The other 
bank stated that exact gross annual revenue information is not always 
known until a tax return is completed and asked if the self-reported 
gross annual revenue information should be reported or the information 
found later on the tax return.
    Two community groups urged the Bureau to require the verification 
of gross annual revenue information. One noted that tax returns are 
generally available and can be used to confirm the applicant's gross 
annual revenue information. The other asserted that because the 
accuracy of determining whether credit needs of small businesses are 
being met hinges on the accuracy of collecting and reporting the 
revenue size of the business and because using tax documents or cash 
flow information makes it feasible for the lender to verify annual 
revenue, the Bureau should require the verification of gross annual 
revenue information. This community group argued that if affiliates are 
not accounted for in data collection, the data could include businesses 
that exceed the revenue limits established by the Bureau, thereby 
reducing the efficacy of the data in reporting on the experiences of 
small businesses in the lending marketplace. The commenter suggested 
that the Bureau thus investigate this issue and determine whether there 
are feasible methods a lender can use to identify the presence of 
affiliates.
    Some industry commenters suggested the Bureau provide a safe harbor 
and/or remove its proposed requirement to report verified gross annual 
revenue information. Commenters requested the Bureau specify that the 
financial institution has no responsibility to verify the number 
supplied by the applicant. A few commenters also suggested the Bureau 
institute a safe harbor to ensure that whatever gross annual revenue 
number is supplied by the applicant can be reported. Commenters urged 
the Bureau to clarify that a financial institution is not liable

[[Page 35327]]

for misinterpretation in answering questions or providing information 
to the applicant beyond the proposed gross annual revenue question. One 
commenter suggested that if it is the lender's practice to revise the 
application information in its system to reflect what it believes to be 
a verified number, the Bureau should permit the lender to report the 
verified number retained in its system, rather than requiring the 
lender to maintain both numbers in its system. This commenter also 
argued that a lender's verification of revenue should not result in the 
lender being required to change the applicant's self-classification as 
being a small business or not being a small business because the 
determination of whether or not an applicant is a ``small business'' 
needs to be made by the applicant at the time of application.
    Several community groups and a CDFI lender expressed support for 
reporting gross annual revenue as a specific dollar amount rather than 
in ranges. These commenters emphasized the importance of having precise 
and accurate data on gross annual revenue because this information is a 
fundamental determinant of whether a business is deemed to be small and 
all of its attendant information is captured and collected as part of 
the 1071 dataset. One commenter argued gross annual revenue in discrete 
units rather than bands was needed to assess the availability of credit 
to the smallest businesses, especially those owned by women and people 
of color. Another commenter asserted that revenue categories should be 
more detailed than those in the CRA small business loan data because 
research revealed the inadequacies with the CRA classifications since 
businesses with revenues below $500,000 had markedly less access to 
loans than businesses with revenues above this amount. This commenter 
argued in the alternative that should the Bureau adopt a range for 
gross annual revenue, it should select the mid-point with $10,000 
increments as a continuous variable as the most accurate for capturing 
experiences of the range of small businesses in the lending 
marketplace.
    With regard to the time frame for usability of gross annual revenue 
information, a bank stated that gross annual revenue information should 
only be usable for one fiscal year. A trade association suggested that 
financial institutions not be required to re-request gross annual 
revenue for new credit applications when they can rely on their records 
from previous transactions.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(14) and associated commentary with revisions for clarity 
and consistency. Final Sec.  1002.107(a)(14) requires reporting of the 
applicant's gross annual revenue for its preceding fiscal year. The 
Bureau is requiring that financial institutions report a specific value 
for gross annual revenue--rather than a range--to simplify the 
reporting of gross annual revenue information for financial 
institutions and because it believes a precise value is more useful for 
data users, including the Bureau. However, the Bureau has not yet 
determined how it will publish gross annual revenue data in the 
dataset. The Bureau will consider whether modification techniques, such 
as ranges, may be appropriate after it conducts its full privacy 
analysis. See part VIII below for further discussion about the privacy 
analysis and public disclosure of data.
    The Bureau is not categorically exempting agricultural credit from 
the requirement to collect and report gross annual revenue, as 
requested by some commenters. The Bureau understands, as noted by 
commenters, that most farmers in this country farm on a part-time basis 
and that the gross annual revenue data point may pose challenges given 
the prevalence of ``non-standard'' agricultural borrowers such as 
customers applying jointly despite having separate farming operations. 
The Bureau also understands from commenters that many Farm Credit 
System lenders decision applications without either considering off-
farm income or revenue from farming; instead, lenders rely principally 
on credit scoring systems. Nevertheless, the Bureau believes that 
omitting the gross annual revenue data point for agricultural credit 
transactions would introduce inconsistency in data collected across 
different industries and would not support section 1071's statutory 
purposes. The Bureau notes that data users will be able to identify 
agricultural credit transactions using the reported 3-digit NAICS code 
and make any necessary adjustments in their analyses to account for 
particularities unique to agricultural industries. The Bureau also 
believes, as discussed below, that the suggested gross annual revenue 
question in final comment 107(a)(14)-1 will facilitate compliance for 
agricultural lenders that currently do not collect gross annual 
revenue, particularly because the financial institution may rely on the 
applicant's answer. As discussed above in the section-by-section 
analysis of Sec.  1002.106(b), the Bureau does not believe that ``gross 
sales of agricultural or aquatic products'' in the prior year would be 
an appropriate metric for agricultural credit in this final rule, nor 
that this should form the basis for a separate small business 
definition for agricultural businesses.
    The Bureau has considered the comments regarding the collection and 
reporting of gross annual revenue and it believes its approach in final 
comment 107(a)(14)-1--clarifying that a financial institution need not 
verify applicant-provided gross annual revenue information, and 
providing language that a financial institution may use to ask for such 
information--will reduce commenters' concerns regarding complexity and 
difficulty of collecting gross annual revenue information.
    Final comment 107(a)(14)-1 clarifies that a financial institution 
reports the applicant's gross annual revenue for the fiscal year 
preceding when the information was collected. The Bureau believes this 
will clarify the timing requirements for collection of the gross annual 
revenue data point. The final comment provides specific language that a 
financial institution may use to ask about an applicant's gross annual 
revenue and explains that a financial institution may rely on the 
applicant's answer (unless subsequently verified or updated), even if 
the applicant's statements or information is based on estimation or 
extrapolation. The Bureau believes this language will facilitate 
compliance for financial institutions that currently do not collect 
gross annual revenue, collect it only in limited circumstances, or 
would otherwise find its collection challenging, as some commenters 
suggested.
    Final comment 107(a)(14)-1 also clarifies that a financial 
institution need not verify gross annual revenue information provided 
by the applicant to comply with final Sec.  1002.107(a)(14). The 
comment explains that the financial institution may rely on the 
applicant's statements or on information provided by the applicant in 
collecting and reporting gross annual revenue. The comment also states, 
however, that if the financial institution verifies the gross annual 
revenue provided by the applicant it must report the verified 
information. The Bureau understands, as noted by industry commenters, 
that a requirement to verify gross annual revenue would be 
operationally difficult for many financial institutions, particularly 
in situations in which the financial institution does not currently 
collect gross annual revenue. The Bureau does not believe that such a

[[Page 35328]]

requirement is necessary to fulfill either of section 1071's statutory 
purposes. However, the Bureau believes that reporting verified revenue 
when the financial institution already possesses that information will 
not be operationally difficult and will enhance the accuracy of the 
information collected. For the same reasons and for the reasons 
outlined in its discussion of final comment 107(c)-5, the Bureau is 
clarifying in final comment 107(a)(14)-1 that a financial institution 
reports updated gross annual revenue data if it obtains more current 
data from the applicant during the application process. The comment 
states that if this updated information is on data the financial 
institution has already verified, the financial institution reports the 
information it believes to be more accurate, in its discretion.
    With respect to the suggestions that the Bureau further clarify the 
meaning of ``verify,'' the Bureau believes that additional specificity 
in the rule itself could unnecessarily constrain financial 
institutions. The Bureau interprets the word ``verification'' to mean 
the intentional act of determining the accuracy of information 
provided, in this case for the purpose of processing and underwriting 
the credit application, and potentially changing that information to 
reflect the determination. Gross annual revenue information that may or 
may not be more accurate than applicant-provided data and is not part 
of a financial institution's verification of the file's applicant-
provided data or used by the institution in processing or underwriting 
the application need not be reported. The Bureau agrees with the 
commenter who stated that post-origination independent testing and 
validation of the small business data file does not constitute 
``verification.'' In situations where a financial institution verifies 
only a portion of the small business's provided gross annual revenue 
figure (perhaps because the institution is relying on that portion for 
its credit decision), the financial institution has not verified the 
entire gross annual revenue amount provided by the applicant, and it 
may continue to rely on the applicant's statement or information, and 
it need not report the partially verified information.
    The Bureau does not believe it would be appropriate to use a 
definition of gross annual revenue for this rule based on the annual 
revenue relied upon to make the credit decision. Given both the 
statutory language requiring the collection and reporting of ``the 
gross annual revenue of the business in the last fiscal year'' and 
section 1071's statutory purposes, the Bureau believes that using the 
small business's entire gross annual revenue, which may differ from 
revenue relied upon in making the credit decision, is the better 
approach to implement this data point in final Sec.  1002.107(a)(14). 
Moreover, the Bureau notes that--unlike for this final rule--a 
business's gross annual revenue is not determinative of either HMDA or 
CRA coverage. Here, the Bureau believes it is important to obtain the 
applicant's entire gross annual revenue for more accurate 
identification of business and community development needs and 
opportunities. The Bureau thus agrees with commenters that gross annual 
revenue data are important to assess the availability of credit to the 
smallest firms, especially those owned by women, minorities, and 
LGBTQI+ individuals. Moreover, for credit transactions that are 
underwritten without consideration or collection of a small business's 
gross annual revenue, no information would be reported for this data 
point under a relied-upon standard. Lastly, the Bureau believes it 
important to ensure that the gross annual revenue figure used to 
determine small business status is the same total figure as the gross 
annual revenue reported for the data point. Using different figures 
could create data discrepancies and disconnects and would ultimately 
result in greater compliance risk for financial institutions.
    In addition, the Bureau does not believe that financial 
institutions need a safe harbor to ensure that whatever gross annual 
revenue number is supplied by the applicant can be reported or that it 
would be appropriate to remove the requirement to report verified gross 
annual revenue information when the financial institution in fact 
verifies it. Final comment 107(a)(14)-1 already clarifies that a 
financial institution need not verify gross annual revenue information 
provided by the applicant to comply with final Sec.  1002.107(a)(14) 
and thus a safe harbor is not necessary to allow reporting of the gross 
annual revenue number supplied by the applicant. As one commenter 
explained, some financial institutions already revise application 
information in their systems with a verified gross annual revenue 
number and thus the Bureau does not believe that reporting verified 
revenue when the financial institution already possesses that 
information will be operationally difficult. In such situations, the 
financial institution may report the verified number retained in its 
system and is not required to maintain both numbers in its system. 
Moreover, the Bureau agrees with the commenter who stated that the 
accuracy of determining whether the credit needs of small businesses 
are being met hinges on collecting and reporting the revenue size of 
the business and thus the Bureau believes that reporting verified 
revenue when available will enhance the accuracy of the information 
collected.
    With respect to requests for guidance from commenters regarding 
acceptable sources of gross annual revenue information, the Bureau does 
not believe it would be appropriate to require the use of any specific 
documentation. However, the Bureau notes that gross annual revenue 
information can be reasonably derived from a variety of sources 
including tax returns, accountant-prepared financial statements, 
internal profit and loss statements, cash flow analyses, or any type of 
business income documentation that the financial institution reasonably 
relies on in the normal course of business.
    With respect to comments regarding how to calculate gross annual 
revenue, the Bureau notes that the suggested applicant question in 
final comment 107(a)(14)-1 states that gross annual revenue is the 
amount of money the business earned before subtracting taxes and other 
expenses. The comment further states that an applicant may provide 
gross annual revenue calculated using any reasonable method. Different 
business units within the financial institution may use different 
methods to ascertain gross annual revenue, as long as the methods are 
used consistently within each business unit.
    The Bureau believes that situations could arise in which the 
financial institution has identified that an applicant is a small 
business for the purposes of final Sec.  1002.106(b) through, for 
example, a screening question asking whether the applicant's gross 
annual revenue is $5 million or less, but then the financial 
institution is unable to collect or determine a specific gross annual 
revenue amount. Therefore, the Bureau is finalizing comment 107(a)(14)-
2 substantively as proposed. The comment first clarifies that pursuant 
to final Sec.  1002.107(c), a financial institution shall maintain 
procedures reasonably designed to collect applicant-provided data, 
including the gross annual revenue of the applicant. The final comment 
then states that if a financial institution is nonetheless unable to 
collect or determine the specific gross annual revenue of the 
applicant, the financial institution reports that the gross annual 
revenue is ``not provided by applicant and otherwise undetermined.'' 
The

[[Page 35329]]

Bureau believes that permitting this reporting flexibility will reduce 
the complexity and difficulty of reporting gross annual revenue 
information, particularly when an application has been denied or 
withdrawn early in the process and gross annual revenue could not be 
collected.
    The Bureau is finalizing comment 107(a)(14)-3 with minor revisions 
for clarity and consistency. The Bureau is adopting commenters' 
suggestions to add a cross reference to comment 106(b)(1)-3 and to 
remove an example provided in the proposed commentary for additional 
clarity. This example would have provided that if the financial 
institution does not normally collect information on affiliate revenue, 
the financial institution reports only the applicant's revenue and does 
not include the revenue of any affiliates when it has not collected 
that information. The Bureau shares the commenter's concern that this 
comment may be interpreted to preclude a financial institution that 
does not collect affiliate revenue in all transactions from collecting 
affiliate revenue in some transactions and believes the comment is 
sufficiently clear without this example.
    Final comment 107(a)(14)-3 also clarifies that a financial 
institution is permitted, but not required, to report the gross annual 
revenue for the applicant that includes the revenue of affiliates as 
well. For example, if the financial institution has not collected 
information on affiliate revenue, the financial institution reports 
only the applicant's revenue and does not include the revenue of any 
affiliates. The Bureau is adopting suggested revisions to comment 
107(a)(14)-3 and additionally notes that a financial institution that 
does not collect affiliate revenue in all transactions is not precluded 
from collecting affiliate revenue in some transactions. The Bureau 
believes this comment is responsive to one commenter's question about 
how to report gross annual revenue for an applicant with two businesses 
because it permits, but does not require, reporting of gross annual 
revenue for an applicant that includes the revenue of affiliates, which 
may include a business with common ownership. Final comment 107(a)(14)-
3 concludes by explaining that in determining whether the applicant is 
a small business under proposed Sec.  1002.106(b), a financial 
institution may rely on an applicant's representations regarding gross 
annual revenue, which may or may not include affiliates' revenue. The 
Bureau noted that final comment 106(b)-3 follows the same approach to 
affiliate revenue for purposes of determining whether an applicant is a 
small business under final Sec.  1002.106(b). The Bureau believes that 
this operational equivalence between final Sec.  1002.107(a)(14) and 
final Sec.  1002.106(b) will facilitate compliance and enhance data 
consistency.
    The Bureau recognizes, as noted by commenters, that there may be 
inconsistencies in the data where one financial institution looks like 
it is lending more to small(er) businesses as it opts not to include 
gross annual revenue of affiliates versus another financial institution 
that opts to include such revenue when it reports the gross annual 
revenue of an applicant. However, the Bureau is not requiring reporting 
of the gross annual revenue of both the applicant and all of its 
affiliates, nor is it requiring reporting of revenue for parent 
companies and beneficial owners of limited liability companies. The 
Bureau believes that permitting, but not requiring, a financial 
institution to include the revenue of affiliates will carry out the 
purposes of section 1071 while reducing undue burden on financial 
institutions in collecting gross annual revenue information. The Bureau 
considered whether there are feasible methods to identify the presence 
of affiliate revenue, as a commenter suggested, but ultimately has 
determined that such an identifier could interfere with allowing a 
financial institution to rely on an applicant's self-reported gross 
annual revenue information and, in any case, would introduce additional 
complexity into reporting. In response to a question about whether 
revenue or income relied upon from co-signers or guarantors that are 
not affiliates of the applicant should be factored into the gross 
annual revenue determination, the Bureau notes that the final rule only 
requires the collection and reporting of gross annual revenue of the 
applicant.
    The Bureau understands there may also be instances, as indicated by 
one commenter, where the applicant may use multiple owned businesses/
affiliates to support sufficient cashflow, and in those instances, a 
financial institution may rely on an applicant's representations 
regarding gross annual revenue that include affiliates' revenue. For 
additional guidance on what types of entities may be affiliates of an 
applicant, e.g., as a result of common ownership or common control, see 
the section-by-section analyses of Sec. Sec.  1002.102(a) and 
1002.106(b).
    The Bureau has considered the comments regarding the treatment of 
real estate affiliate revenue, but is not adopting revisions to, in the 
case of single purpose entities, allow a financial institution to 
categorize all owners of any real property listed on an applicant's 
Schedule Of Real Estate Owned as affiliates of the applicant. The 
Bureau is likewise not adopting revisions to allow a financial 
institution to estimate or project the gross annual revenue of any 
income-producing real property for purposes of determining the 
applicant's small business status. The Bureau agrees that under the 
SBA's general principles of affiliation, ``common investments'' 
affiliation can be based on shared investments in or joint ownership of 
real estate.\663\ Thus, the owners of real estate that is also owned by 
the applicant may be affiliates of the applicant. However, the Bureau 
is not adopting the suggested revisions to commentary because affiliate 
determinations are inherently fact-specific and rebuttable,\664\ and 
the Bureau does not believe it would be appropriate to categorize all 
entities as affiliates based on a form listing.
---------------------------------------------------------------------------

    \663\ See 13 CFR 121.103(f) (``Individuals or firms that have 
identical or substantially identical business or economic interests 
(such as family members, individuals or firms with common 
investments, or firms that are economically dependent through 
contractual or other relationships) may be treated as one party with 
such interests aggregated.'') (emphasis added); Small Bus. Admin., 
Small Business Compliance Guide: A Guide to the SBA's Size Program 
and Affiliation Rules (July 2020), https://www.sba.gov/sites/default/files/2020-10/AFFILIATION%20GUIDE_Updated%20%28004%29-508.pdf.
    \664\ See, e.g., 13 CFR 121.103(f) (``Where SBA determines that 
such interests should be aggregated, an individual or firm may rebut 
that determination with evidence showing that the interests deemed 
to be one are in fact separate.'').
---------------------------------------------------------------------------

    The Bureau has considered the comments regarding whether financial 
institutions should be permitted to estimate or extrapolate gross 
annual revenue from partially reported revenue or other information, 
and is making a minor revision in final comment 107(a)(14)-1 to 
emphasize a manageable method for collecting full gross annual revenue 
when a financial institution does not already do so. Specifically, 
final comment 107(a)(14)-1 clarifies that a financial institution may 
rely on the applicant's statements or on information provided by the 
applicant in collecting and reporting gross annual revenue, even if the 
applicant's statement or information is based on estimation or 
extrapolation, and that an applicant may provide gross annual revenue 
calculated using any reasonable method. As such, when an applicant does 
not yet have fiscal year information completed (a hypothetical provided 
by a commenter), the applicant may choose to provide its gross annual 
revenue using any reasonable method, including

[[Page 35330]]

estimating or extrapolating based on a prior fiscal year's tax return. 
The Bureau believes that this flexibility will help address concerns 
from commenters that tax returns may not be immediately available upon 
the close of a fiscal year. As noted by another commenter, an applicant 
may alternatively wish to provide revenue figures generated by a 
technology company's online platform (e.g., through sales on the 
company's online marketplace). The Bureau notes that under final Sec.  
1002.107(b), however, a financial institution must report verified 
gross annual revenue information if available. Moreover, as provided by 
new comment 107(c)-5, a financial institution reports updated 
applicant-provided data if it obtains more current data during the 
application process; if this updated information is on data the 
financial institution has already verified, the financial institution 
reports the information it believes to be more accurate, in its 
discretion.
    The Bureau also wishes to clarify some apparent confusion among 
some commenters who claimed that the proposal would have allowed 
financial institutions to extrapolate or estimate an applicant's 
revenue to determine whether or not a business is a small business. The 
proposal indicated that financial institutions could rely on 
extrapolated or estimated revenue information provided by applicants. 
The Bureau is making this position clear with final comment 107(a)(14)-
1. The Bureau sought comment on whether financial institutions should 
be permitted to estimate or extrapolate gross annual revenue from 
partially reported revenue or other information, and how such 
estimation or extrapolation would be carried out. On this issue, the 
Bureau does not believe that it would be appropriate to permit such 
estimation or extrapolation for the identification of small businesses 
about whom data collection and reporting is required, and thus 
financial institutions' own extrapolation or estimation should likewise 
not be used in reporting gross annual revenue in order to maintain 
consistency.
    With respect to comments asking how to report gross annual revenue 
for a startup business, a new line of business, and/or a business with 
a change in structure or ownership, the Bureau is adding new comment 
107(a)(14)-4, which notes that in a typical startup business situation, 
the applicant will have no gross annual revenue for its fiscal year 
preceding when the information is collected because either the startup 
existed but had no gross annual revenue or it simply did not exist in 
the preceding fiscal year. In these situations, the financial 
institution reports that the applicant's gross annual revenue in the 
prior fiscal year is ``zero.'' The Bureau agrees with the commenter 
that suggested, for a start-up business, the financial institution 
should use the actual gross annual revenue for its preceding fiscal 
year (including the reporting of $0 if a new business has had no 
revenue to date) and that pro forma projected revenue figures should 
not be reported since these figures do not reflect actual gross 
revenue.
    In situations where an applicant is establishing a new line of 
business but already has revenue in other businesses, such as in the 
case of a sole proprietor with an established in-home child-care center 
who now seeks financing to start a new line of business offering house-
cleaning services, the Bureau notes that final comment 107(a)(14)-3 
clarifies that a financial institution is permitted, but not required, 
to report the gross annual revenue for the applicant that includes the 
revenue of affiliates as well. This comment may also apply to 
situations where there is a change in structure or ownership of the 
business. In response to a question from a commenter, the Bureau does 
not believe that treatment of affiliate gross annual revenue 
information should differ based on whether or not the new business line 
was in the same industry as the existing businesses. The Bureau notes 
that according to the definition of affiliate provided in final Sec.  
1002.102(a), which refers to the SBA's rules for determining 
affiliation (13 CFR 121.103), affiliation is not limited to businesses 
in the same industry. The Bureau also notes that final Sec.  
1002.106(a) defines a business as having the same meaning as the term 
``business concern or concern'' in 13 CFR 121.105, which expressly 
provides that a firm will not be treated as a separate business concern 
if a substantial portion of its assets and/or liabilities are the same 
as those of a predecessor entity and that the annual receipts and 
employees of the predecessor will be taken into account in determining 
size. This successor-in-interest rule would apply to situations where a 
business reorganized, and a new entity emerges with essentially the 
same assets and liabilities as the old concern.\665\
---------------------------------------------------------------------------

    \665\ See Size Appeal of Willowheart, LLC, SBA No. SIZ-5484, at 
*4 (July 10, 2013).
---------------------------------------------------------------------------

    The Bureau is not exempting new businesses from having application 
data reported, as suggested by one commenter, because the Bureau 
believes that doing so would contravene section 1071's statutory 
purposes. The Bureau does not believe that the final rule will 
disproportionately impact credit opportunities (or compliance) for 
newly formed businesses that do not have the historical gross annual 
revenue. However, as suggested by a commenter, the Bureau will track 
questions related to collecting and reporting gross annual revenue 
information and may develop FAQs or other materials as necessary to 
help financial institutions help applicants determine what number to 
supply for gross annual revenue, particularly when a business is 
starting up or establishing a new business line.
    The final rule does not permit financial institutions the option to 
use the gross annual revenue figures provided by an applicant for up to 
three years from the date of an application for which the information 
was gathered, as requested by one commenter. However, under final Sec.  
1002.107(d), discussed below, the Bureau is permitting financial 
institutions to reuse previously collected gross annual revenue 
information when the data were collected within the same calendar year 
as the current covered application. The statutory requirement is for 
the applicant's gross annual revenue in the last fiscal year preceding 
the date of the application; the Bureau does not believe that revenue 
information from years prior to the last fiscal year would satisfy this 
requirement.
107(a)(15) NAICS Code
Proposed Rule
    The SBA customizes its size standards on an industry-by-industry 
basis using 1,012 6-digit NAICS codes.\666\ The first two digits of a 
NAICS code broadly capture the industry sector of a business. The third 
digit captures the industry's subsector, the fourth captures the 
industry group, the fifth captures the industry code, and the sixth 
captures the national industry. The NAICS code thus becomes more 
specific as digits increase and the 6-digit code is the most specific.
---------------------------------------------------------------------------

    \666\ See U.S. Census Bureau, North American Industry 
Classification System, at 41 (2022) https://www.census.gov/naics/reference_files_tools/2022_NAICS_Manual.pdf. At the time of the 
NPRM, there were 1,057 6-digit NAICS codes. See U.S. Census Bureau, 
North American Industry Classification System, at 26 (2017) https://www.census.gov/naics/reference_files_tools/2017_NAICS_Manual.pdf.
---------------------------------------------------------------------------

    ECOA section 704B(e)(2)(H) authorizes the Bureau to require 
financial institutions to compile and maintain ``any additional data 
that the Bureau determines would aid in fulfilling the purposes of 
[section 1071].'' The Bureau proposed in Sec.  1002.107(a)(15) to 
require that

[[Page 35331]]

financial institutions collect and report an applicant's 6-digit NAICS 
code. Proposed comment 107(a)(15)-1 would have provided general 
background on NAICS codes and would have stated that a financial 
institution complies with proposed Sec.  1002.107(a)(15) if it uses the 
NAICS codes in effect on January 1 of the calendar year covered by the 
small business lending application register that it is reporting. 
Proposed comment 107(a)(15)-2 would have clarified that, when a 
financial institution is unable to collect or determine the applicant's 
NAICS code, it reports that the NAICS code is ``not provided by 
applicant and otherwise undetermined.''
    The Bureau also proposed that financial institutions be permitted 
to rely on NAICS codes obtained from the applicant or certain other 
sources, without having to verify that information itself. 
Specifically, proposed comment 107(a)(15)-3 would have clarified that, 
consistent with proposed Sec.  1002.107(b), a financial institution may 
rely on applicable applicant information or statements when collecting 
and reporting the NAICS code and would have provided an example of an 
applicant providing a financial institution with the applicant's tax 
return that includes the applicant's reported NAICS code. Proposed 
comment 107(a)(15)-4 would have provided that a financial institution 
may rely on a NAICS code obtained through the financial institution's 
use of business information products, such as company profiles or 
business credit reports, which provide the applicant's NAICS code.
    The Bureau believed that collecting the full 6-digit NAICS code (as 
opposed to the 2-digit sector code) would better enable the Bureau and 
other stakeholders to drill down and identify whether disparities arise 
at a more granular level and would also enable the collection of better 
information on the specific types of businesses that are accessing, or 
struggling to access, credit. For example, a wide variety of 
businesses, including those providing car washes, footwear and leather 
goods repair, and nail salons, all fall under the 2-digit sector code 
81: Other Services (except Public Administration). With a 2-digit NAICS 
code, all of these business types would be combined into one analysis, 
potentially masking different characteristics and different outcomes 
across these business types.
    To address concerns related to the complexity of determining a 
correct NAICS code, the Bureau proposed a safe harbor to indicate that 
an incorrect NAICS code entry is not a violation of subpart B if the 
first two digits of the NAICS code are correct and the financial 
institution maintains procedures reasonably adapted to correctly 
identify the subsequent four digits (see proposed Sec.  
1002.112(c)(2)). The proposed NAICS-specific safe harbor would have 
been available to financial institutions in addition to the general 
bona fide error exemption under proposed Sec.  1002.112(b).
    The Bureau sought comment on its proposal to collect 6-digit NAICS 
codes together with the safe harbor described in proposed Sec.  
1002.112(c)(2). The Bureau also sought comment on whether requiring a 
3-digit NAICS code with no safe harbor would be a better alternative.
Comments Received
    The Bureau received comments from a wide range of lenders, trade 
associations, community groups, and others regarding the reporting of a 
6-digit NAICS code as proposed in Sec.  1002.107(a)(15). Numerous 
community groups as well as a few lenders supported the Bureau's 
proposal and urged collection of a 6-digit NAICS code. Several 
commenters emphasized that 1071 data would adequately achieve a fair 
lending purpose only if they contain key variables that are used in 
underwriting and enable meaningful fair lending analysis. Commenters 
stated that NAICS codes provide critical context to understanding 
credit underwriting decisions and help ensure that fair lending 
analysis is focused on similarly situated businesses. A few commenters 
stated that these data must be reported so that lenders cannot hide 
behind data not collected as the justification for their lending 
disparities.
    A bank and a bank trade association stated that NAICS code could 
potentially be helpful in demonstrating a non-discriminatory basis for 
credit decisions with respect to applicants in different industries. 
The trade association stated that, at most, the Bureau should only add 
limited data points pursuant to ECOA section 704B(e)(2)(H) that are 
considered by the financial institution in the credit underwriting 
process, citing NAICS code and time in business as examples.
    Another trade association said that NAICS codes have the advantage 
of being independently defined and available for reference. The 
commenter stated that if a NAICS code is supplied by the applicant and 
published by the Bureau only in the aggregate, the NAICS code can 
contribute useful information without unduly burdening lenders.
    Some commenters stated that a 2- or 3-digit NAICS code would be too 
high a level of aggregation to facilitate fair lending analysis. A CDFI 
lender stated that a 6-digit code will offer the most precise insight 
into the industries that lenders serve, whereas a 3-digit NAICS code 
will leave unnecessary ambiguity in the data. The commenter provided 
the example of a dry cleaner sharing the same 3-digit NAICS code as a 
mortuary and a parking lot.
    Furthermore, a number of community groups and several lenders 
stated that 6-digit NAICS codes are useful for identifying certain 
industries' ability to access small business credit and to identify 
areas of unmet need. For example, one community group asserted that the 
ability to identify needs and opportunities for small businesses 
requires the ability to compare lending by sector to the total number 
of businesses in that sector based on other public data sources.
    Moreover, some lenders and community groups said that it is already 
standard practice for many small business lenders to collect NAICS 
codes. For example, these commenters noted that lenders already collect 
NAICS codes for SBA loans, Equal Employment Opportunity Commission 
certifications, and CDFI loans.
    In contrast, many industry commenters, along with several business 
advocacy groups and other commenters, generally opposed the data points 
proposed pursuant to ECOA section 704B(e)(2)(H), including NAICS code, 
as discussed in the section-by-section analysis of Sec.  1002.107(a) 
above. In addition, the majority of industry commenters to address this 
issue specifically opposed collection of 6-digit NAICS codes. These 
commenters expressed concerns about the burden on both lenders and 
applicants and the complexity of determining the appropriate NAICS 
code. Concerns raised by commenters included, for example, that 
collecting NAICS codes would slow the loan application process; most 
lenders are unfamiliar with NAICS codes or do not currently collect 
them; lenders would have to change their operating procedures 
significantly which would create strain on staff and resources; and it 
would add more costs to the lending process which may be passed on to 
small business borrowers.
    Many industry commenters also voiced concern regarding accuracy and 
data integrity, explaining that small businesses often do not know 
their NAICS code or may operate in multiple NAICS sectors. Other 
challenges cited by commenters included the business changing over 
time; codes having overlapping definitions; and

[[Page 35332]]

classifications being prone to human error. For example, two trade 
associations noted that their members who made Paycheck Protection 
Program loans reported that many applicants were unfamiliar with NAICS 
codes. Additionally, some industry commenters expressed concern about 
verifying applicant-provided data and potential liability if the NAICS 
code is incorrect. One commenter noted that NAICS code classifications 
could be subject to change based on SBA rulemaking and thus financial 
institutions would need to monitor such developments. A credit union 
trade association stated that the identification of business and credit 
needs can be accomplished without explicit reference to NAICS codes, 
such as by leveraging already existing data sources and voluntary 
surveys of business owners. In addition, the trade association asserted 
that sector-specific analysis of business credit supply and demand is 
best left to the SBA, which already collects NAICS information through 
its lending programs.
    Several commenters raised concerns that requiring NAICS codes would 
add confusion to the lending process. A trade association argued that 
requiring NAICS codes will create frustration for the small business 
borrower, including delayed application processing, and additional time 
and operational burden by banks to ensure the information is gathered 
and entered. They asserted that while NAICS codes are generally 
provided with some tax documents, lenders found borrower confusion when 
making Paycheck Protection Program loans, particularly when certain 
NAICS codes allowed for a more generous loan amount and certain small 
businesses were unable to benefit from higher loan amounts for certain 
sectors due to mismatched NAICS codes. Another commenter stated that 
applicants may struggle to determine which code to report, especially 
if the nature of the business changes over time or falls under multiple 
categories.
    A number of industry commenters also expressed concern regarding 
privacy risks in collecting the 6-digit NAICS code. These commenters 
highlighted the risk of borrower re-identification, particularly in 
rural areas and smaller communities. Some commenters stated that NAICS 
code combined with census tract would make it easy to re-identify a 
small business. In addition, while a community group supported 
collection of a 6-digit code, it stated that the public database should 
provide only 4-digit NAICS codes to address privacy concerns.
    In addition, a few commenters asserted that collecting NAICS codes 
would not advance the purposes of section 1071, arguing that collecting 
NAICS codes does not provide information that would inform fair lending 
analysis. For example, one bank stated that NAICS code would be of 
minimal value to fair lending analytics given the complexity of small 
business lending, such as the scope and size of the business. Moreover, 
several banks stated that they do not currently collect NAICS codes and 
that NAICS codes are not used in underwriting or financial analysis 
purposes.
    A few industry commenters supported collection of a 2-digit NAICS 
code, stating that this would achieve the intended policy goal without 
creating unnecessary burdens and heightened costs, as well as protect 
the privacy of market participants. A trade association for online 
lenders supported collection of a 4-digit NAICS code, stating it would 
provide sufficient information while mitigating risk of re-
identification and avoiding potential impacts and delays to the 
borrower during the application process. A joint letter from community 
and business advocacy groups urged the Bureau to permit the submission 
of a 3-digit code where the applicant does not provide a 6-digit code. 
Finally, one commenter suggested that the Bureau coordinate with the 
U.S. Census Bureau to create a suffix to a business's NAICS code that 
would identify its minority-owned or women-owned status. The commenter 
stated that this would create efficiencies across organizations and 
provide an easier and more neutral method of collecting demographic 
information on applications. The commenter further noted that this 
suffix could be easily masked when loans are sent to underwriters to 
ensure it does not impact their decisions.
Final Rule
    For the reasons set forth herein, the Bureau is revising Sec.  
1002.107(a)(15) to require that financial institutions collect a 3-
digit NAICS code for the applicant. The Bureau is also finalizing 
proposed comments 107(a)(15)-1, -2, and -5, with minor adjustments for 
consistency. Final comment 107(a)(15)-1 explains what a NAICS code is, 
and final comment 107(a)(15)-2 addresses what to report if a financial 
institution is unable to collect or otherwise determine the applicant's 
NAICS code. Proposed comments 107(a)(15)-3 and -4, which addressed a 
financial institution's reliance on information from the applicant and 
from other sources, have been removed as those issues are now addressed 
in final comment 107(b)-1. Final comment 107(a)(15)-3 (proposed as 
comment 107(a)(15)-5) cross-references the safe harbor in final Sec.  
1002.111(c)(3) for incorrect 3-digit NAICS code entries. The Bureau has 
considered commenters' concerns regarding the difficulties in obtaining 
an accurate NAICS code as well as the importance of NAICS codes for 
fair lending and community development analysis. The Bureau believes 
that collecting the 3-digit NAICS code will achieve the right balance 
between minimizing burden on financial institutions and small business 
applicants, while also providing valuable data to analyze fair lending 
patterns and identify industry subsectors with unmet credit needs.
    The Bureau believes that NAICS code data will considerably aid in 
fulfilling both section 1071's fair lending purpose and its business 
and community development purpose, even if the NAICS code is not 
necessary for determining whether an applicant is a small business. 
While it will not provide the same level of detail as a 6-digit code, 
the 3-digit code will still help ensure that fair lending analysts are 
comparing applicants with similar profiles, thereby controlling for 
factors that might provide non-discriminatory explanations for 
disparities in underwriting and pricing decisions. Moreover, NAICS 
subsector codes are useful for identifying business and community 
development needs and opportunities of small businesses, which may 
differ widely based on industry, even controlling for other factors. 
For example, 3-digit NAICS codes will help data users identify 
subsectors where small businesses face challenges accessing credit and 
understand how small businesses in different industries use credit. 
Furthermore, the Bureau believes that publication of NAICS codes 
(subject to potential modification and deletion decisions by the 
Bureau, as discussed in part VIII below) will help provide for some 
consistency and compatibility with other public datasets related to 
small business lending activity, which generally use NAICS codes. This 
ability to synthesize 1071 data with other datasets may help the public 
use the data in ways that advance both the business and community 
development and fair lending purposes of section 1071. The Bureau 
agrees with commenters' concerns that the 2-digit NAICS code would not 
provide sufficiently detailed information to aid regulators and the 
public in monitoring particular industries' access to small business 
credit.

[[Page 35333]]

    The Bureau recognizes that covered financial institutions not 
currently using NAICS codes will need to gain familiarity with the 
NAICS code system and refer to NAICS subsector classifications for all 
relevant applications before reporting 3-digit NAICS codes to the 
Bureau. To address concerns related to the complexity of determining a 
correct NAICS code, particularly for covered financial institutions 
that do not currently use NAICS codes, the Bureau is permitting a 
financial institution to rely on applicable applicant information or 
statements when compiling and reporting the NAICS code, as well as 
permitting a financial institution to rely on a NAICS code obtained 
through the financial institution's use of business information 
products, such as company profiles or business credit reports (see 
final comment 107(b)-1). In other words, a financial institution may 
rely on oral or written statements from an applicant, other information 
provided by an applicant such as a tax return, or third-party sources 
such as business information products. The Bureau believes that being 
able to rely on NAICS codes obtained from the applicant or third-party 
sources significantly eases potential difficulties for financial 
institutions in collecting and reporting a 3-digit NAICS code and 
mitigates concerns about inadvertently reporting an inaccurate code.
    In response to industry concerns regarding the accuracy of the 
NAICS code and the burden of verifying applicant-provided data, the 
Bureau emphasizes that financial institutions are permitted to rely on 
NAICS codes obtained from the applicant or third-party sources, without 
having to verify that information. Furthermore, the Bureau has expanded 
the NAICS code safe harbor in final Sec.  1002.112(c)(3), which makes 
clear that the safe harbor extends to financial institutions that rely 
on an applicant's representations or on other information regarding the 
NAICS code. Final Sec.  1002.112(c)(3) also provides a safe harbor for 
incorrect 3-digit NAICS code entries, where the financial institution 
identifies the NAICS code itself, provided that it maintains procedures 
reasonably adapted to correctly identify a 3-digit NAICS code. The 
Bureau has also removed the term ``appropriate'' from the regulatory 
text of Sec.  1002.107(a)(15). The Bureau believes the term is 
unnecessary, particularly in light of the revisions to the NAICS code 
safe harbor in final Sec.  1002.112(c)(3), and removing it may help 
avoid potential confusion regarding NAICS codes the financial 
institution obtains from the applicant or other sources.
    Additionally, the Bureau understands that multiple NAICS codes may 
apply to a single business. While this may be more of a concern with 6-
digit codes, if more than one 3-digit code applies to a single 
business, only one 3-digit NAICS code should be reported.
    The Bureau acknowledges community groups' concern that collecting 
anything less than 6-digit NAICS codes will result in less precise data 
about industry classification. The Bureau nonetheless believes that its 
final rule requiring collection and reporting of 3-digit NAICS codes 
(along with the expanded safe harbor) strikes an appropriate balance in 
addressing the concerns raised by industry and the importance of NAICS 
code information in fair lending and community development analysis. 
The Bureau will monitor the utility of the NAICS code data point and, 
if warranted, may revisit the required number of digits in the future.
    Although the Bureau will address re-identification concerns 
generally by modifying or deleting data upon publication, the Bureau 
notes that its shift to 3-digit NAICS codes will decrease the risk of 
re-identification of small business borrowers and related natural 
persons in rural areas and smaller communities. See part VIII below for 
further discussion about the privacy analysis and public disclosure of 
data.
107(a)(16) Number of Workers
Proposed Rule
    ECOA section 704B(e)(2)(H) authorizes the Bureau to require 
financial institutions to compile and maintain ``any additional data 
that the Bureau determines would aid in fulfilling the purposes of 
[section 1071].'' In the proposed rule, the Bureau stated that it 
believed that data providing the number of persons working for a small 
business applicant would aid in fulfilling the business and community 
development purpose of section 1071. These data would allow users to 
better understand the job maintenance and creation that small business 
credit is associated with and help track that aspect of business and 
community development.
    Proposed Sec.  1002.107(a)(16) would have required financial 
institutions to report the number of non-owners working for the 
applicant.
    Proposed comment 107(a)(16)-1 would have discussed the collection 
of the number of workers. The proposed comment would have stated that 
in collecting the number of workers from an applicant, the financial 
institution would explain that full-time, part-time, and seasonal 
workers, as well as contractors who work primarily for the applicant, 
would be counted as workers, but principal owners of the business would 
not. The proposed comment would have further stated that if the 
financial institution was asked, it would explain that volunteers would 
not be counted as workers. This treatment of part-time, seasonal, 
contract, and volunteer workers would follow the SBA's method for 
counting employees,\667\ with minor simplifications. The Bureau sought 
comment on whether further modifications to the number of workers data 
point were needed to facilitate this operational simplification.
---------------------------------------------------------------------------

    \667\ See 13 CFR 121.106(a).
---------------------------------------------------------------------------

    Proposed comment 107(a)(16)-1 would have also explained that 
workers for affiliates of the applicant would only be counted if the 
financial institution were also collecting the affiliates' gross annual 
revenue.
    The proposed comment would have further explained that the 
financial institution could rely on statements of or information 
provided by the applicant in collecting and reporting number of 
workers, but if the financial institution verifies the number of 
workers provided by the applicant, it must report the verified 
information.
    Proposed comment 107(a)(16)-1 would have also provided sample 
language that a financial institution could use to ask about the number 
of workers, if it does not collect the number of workers by another 
method. The Bureau provided the sample language in the proposed 
comment, which implements the simplified version of the SBA definition 
referenced above. The Bureau sought comment on this method of 
collection, and on the specific language proposed.
    Proposed comment 107(a)(16)-2 would have first clarified that a 
financial institution shall maintain procedures reasonably designed to 
collect applicant-provided information, including the number of workers 
of the applicant. The proposed comment would have then stated that if a 
financial institution is nonetheless unable to collect or determine the 
number of workers of the applicant, the financial institution reports 
that the number of workers is ``not provided by applicant and otherwise 
undetermined.''
    The Bureau sought comment on its proposed approach to the number of 
workers data point, as well as on the specific requests for comment 
above.

[[Page 35334]]

The Bureau also sought comment on whether financial institutions 
collect information about the number of workers from applicants using 
definitions other than the SBA's, and how the collection of this data 
point could best be integrated with those collections of information.
Comments Received
    The Bureau received comments on its proposed number of workers data 
point from lenders, trade associations, and community groups. A number 
of commenters supported the Bureau's proposal. A few commenters urged 
the Bureau to adopt the number of workers data point, suggesting that 
it is important for business and community development purposes. A CDFI 
lender and community group commenter said that the number of workers 
data point will help provide a greater understanding of owner-operated 
and microbusiness needs and accessibility to affordable credit. Another 
community group commented that the data point provides insight into the 
number of jobs created, retained and/or supported by access to credit. 
This community group further noted that the data point would also 
assist in analysis of whether businesses of various sizes fare 
differently in the lending marketplace. Many community groups expressed 
support for collecting data on the number of workers because they 
believe it will help indicate whether smaller businesses of various 
sizes will require more support and technical assistance when it comes 
to credit access. A minority business advocacy group commented that the 
data will help determine various levels of economic development and 
impact across the country. A few commenters agreed with the Bureau's 
proposed method of collecting the number of non-owner workers and 
including part-time staff, seasonal staff, and contractors that work 
primarily for the business.
    A trade association commented that the important considerations are 
that the Bureau provide language for lenders to provide to applicants 
to help applicants correctly answer the question and that the Bureau 
emphasize that financial institutions may rely on statements made by 
the applicant without incurring risk. Another industry commenter 
suggested that the final rule enable principal owners to count 
themselves as workers because this method is more common in industry 
and would avoid confusion. A bank recommended that the final rule 
expressly permit covered financial institutions to collect required 
data from applicants through a variety of means, including on the 
application form, supplemental documents or forms, or the sample data 
collection form. A CDFI lender suggested that the Bureau require 
financial institutions to report the breakdown of full-time and part-
time workers.
    The Bureau received many comments from industry opposing the 
proposal to collect data on the number of workers. Some commenters 
stated that data on the number of workers is not currently collected 
and that some customers do not readily have this information available, 
though several noted they had collected it for Paycheck Protection 
Program loans. A trade association stated that the data are unfamiliar 
to the applicant or difficult to obtain and will result in additional 
complexity, confusion, and significant operational and regulatory 
costs. Several commenters indicated that it is not a factor in the 
credit decision. A bank stated that it is not in the banker's role to 
determine this information and there is no reason to collect and 
monitor this data point if the small business is a creditworthy 
borrower.
    A few industry commenters questioned the value of this data point, 
arguing that it would not aid in fulfilling the fair lending purpose of 
section 1071. Two asserted that without context (for example, 
separating full-time versus part-time and contract workers) there seems 
to be little value in collecting the information. One suggested that 
collection is further complicated when the gross annual revenue of an 
affiliate is considered, because then the number of workers for the 
affiliate must be included. Several industry commenters also stated 
that the proposed general exclusion of affiliate employees is 
problematic because some of these employees may perform substantial 
services for the applicant.
    A bank commented that the CRA already considers the impact of 
adding jobs through small business and community development loans. 
Another bank commented that SBA uses either the gross annual revenue or 
number of workers, depending on the type of business, to qualify 
businesses as small and because the Bureau's proposal already contains 
a gross annual revenue size test, it would be unnecessary to collect 
the number of workers because it is irrelevant to the credit decision 
and determining the size of the business.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(16) with an addition and a minor revision to the associated 
commentary. Pursuant to its authority under ECOA section 704B(e)(2)(H), 
the Bureau believes that data on the number of workers will aid in 
fulfilling the business and community development purpose of section 
1071. Data on the number of persons working for a small business 
applicant will provide data users and relevant stakeholders with a 
better understanding of the job maintenance and creation that small 
business credit provides.
    In response to comments regarding the complexity and difficulty in 
collecting information about the number of workers, the Bureau is 
adding a new comment to require that financial institutions report the 
number of workers using ranges rather than reporting the specific 
number of workers. Final comment 107(a)(16)-1 provides that a financial 
institution complies with Sec.  1002.107(a)(16) by reporting the number 
of people who work for the applicant using the ranges prescribed in the 
Filing Instructions Guide. The Bureau believes that reporting the 
number of workers in ranges rather than a specific numerical value will 
eliminate some of the collection difficulties expressed by commenters, 
such as determining the exact number of employees when that number 
varies throughout the year.
    The Bureau is finalizing comment 107(a)(16)-2 (renumbered from 
comment 107(a)(16)-1 in the proposed rule) with some revisions as well 
as additional guidance on how a financial institution may collect 
information about the number of workers in light of final comment 
107(a)(16)-1. Specifically, a financial institution may collect the 
number of workers from an applicant using the ranges specified by the 
Bureau in the Filing Instructions Guide (as indicated in final comment 
107(a)(16)-1) or as a numerical value. Final comment 107(a)(16)-2 
retains from proposed comment 107(a)(16)-1 the discussion on collecting 
the number of workers, including the sample language to provide to 
applicants to ask about the number of workers and the statement that a 
financial institution may rely on the applicant's response, but the 
Bureau is making minor edits for clarity. The Bureau agrees with 
commenters that these provisions are helpful, and is including them to 
facilitate compliance.
    The Bureau agrees with commenters' recommendations that financial 
institutions should be able to rely on statements made by the applicant 
and should be permitted to collect required data from applicants 
through a variety of means. First, the rule does not limit the means by 
which the number of workers data can be collected, and

[[Page 35335]]

though it provides optional language to use, it does not require the 
use of that language. The Bureau believes that allowing financial 
institutions to rely on applicant-provided data will sufficiently 
safeguard accuracy such that the resulting data will aid in fulfilling 
the purposes of section 1071. The Bureau also believes that reporting 
the verified number of workers when the financial institution already 
possesses that information will not be operationally difficult, and 
will enhance the accuracy of the information collected. To facilitate 
compliance with the regulation, the Bureau provides guidance related to 
reliance on all applicant-provided data, including number of workers, 
in final comment 107(b)-1. Generally, that comment permits reliance on 
statements of the applicant or information provided by an applicant; 
however, if a financial institution verifies information, it reports 
the verified data. For more information on relying on statements made 
by or provided by an applicant, see the section-by-section analysis of 
Sec.  1002.107(b).
    The Bureau is finalizing comment 107(a)(16)-3 (renumbered from 
proposed comment 107(a)(16)-2) with a minor edit for clarity. Final 
comment 107(a)(16)-3 cites to Sec.  1002.107(c), which provides that a 
financial institution shall maintain procedures reasonably designed to 
collect applicant-provided data, which includes the number of workers 
of the applicant. Comment 107(a)(16)-3 further explains that a 
financial institution reports that the number of workers is ``not 
provided by applicant and otherwise undetermined'' if, despite such 
procedures, the financial institution is unable to collect or determine 
the information. The Bureau believes that allowing this response will 
facilitate compliance when an applicant does not provide the requested 
data.
    The final rule does not require financial institutions to report 
the distinction between various worker categories such as full time 
versus part time, as recommended by some commenters. The Bureau 
believes that requiring distinctions between various worker categories 
could introduce unnecessary complexity and compliance challenges. The 
final rule also does not include principal owners in the number of 
workers, as recommended by a commenter. The final rule requires the 
separate collection of the number of principal owners in final Sec.  
1002.107(a)(20), and the Bureau believes that this differentiation will 
improve the granularity and usefulness of the data collected.
    The Bureau acknowledges comments noting that some financial 
institutions do not collect or maintain data on number of workers nor 
is the information used in their credit decisions. However, the Bureau 
believes that number of workers is critical to further the business and 
community development purpose of section 1071 and the Bureau does not 
believe it will be particularly difficult for financial institutions to 
obtain this information if they do not do so already. The Bureau has 
also provided sample language in final comment 107(a)(16)-2 that a 
financial institution may use to ask an applicant about the number of 
workers.
    With respect to questions from commenters about how the number of 
workers data point meets section 1071's purposes, as discussed above 
the Bureau believes the data will provide insight into small business 
credit that contributes to job creation and maintenance, as well as 
other trends in the small business market's ability to grow and 
maintain workers, and the full set of data required to be collected and 
reported under this final rule should provide sufficient context for 
meaningful understanding of this data point. Regarding the comment that 
the CRA already considers the impact of adding jobs through small 
business and community development loans, the Bureau notes that data 
collected under section 1071 vary from data collected under CRA and the 
institutions subject to section 1071 are not necessarily subject to 
CRA. Regarding the concerns raised by commenters that the number of 
workers for an applicant's affiliates must be counted if the 
affiliates' gross annual revenues are considered, the Bureau notes that 
the applicant is already providing information on affiliate(s) in this 
situation, and the financial institution can simply ask a question 
regarding number of workers, perhaps using the language provided in 
final comment 107(a)(16)-2, and tell the applicant to include affiliate 
information.
107(a)(17) Time in Business
Proposed Rule
    ECOA section 704B(e)(2)(H) authorizes the Bureau to require 
financial institutions to compile and maintain ``any additional data 
that the Bureau determines would aid in fulfilling the purposes of 
[section 1071].'' In the proposed rule, the Bureau stated that it 
believed that data providing the time in business of a small business 
applicant would aid in fulfilling both the business and community 
development and fair lending purposes of section 1071.
    The Bureau proposed Sec.  1002.107(a)(17) to require a financial 
institution to collect and report the time the applicant has been in 
business, described in whole years, as relied on or collected by the 
financial institution. Proposed Sec.  1002.107(a)(17) would have 
required the data be reported in whole years, rather than ranges of 
time, because a financial institution would have a definite number of 
years if it collects this information presently, and the Bureau 
believed that time in business reported in whole years would make the 
data more granular and useful.
    Proposed comment 107(a)(17)-1 would have provided guidance on how 
to report one of the two methods (relied on or collected) for reporting 
the time-in-business data point. The proposed comment would have 
explained that, regardless of which method is used, the financial 
institution must report the time in business in whole years, or 
indicate if a business has not begun operating yet, or has been in 
operation for less than a year. Proposed comment 107(a)(17)-1 would 
have explained that when the financial institution relies on an 
applicant's time in business as part of a credit decision, it reports 
the time in business relied on in making the credit decision. However, 
the comment would have further explained that proposed Sec.  
1002.107(a)(17) would not require the financial institution to rely on 
an applicant's time in business in making a credit decision.
    Proposed comment 107(a)(17)-1 would have also explained that the 
financial institution may rely on statements or information provided by 
the applicant in collecting and reporting time in business; however, 
pursuant to proposed Sec.  1002.107(b), if the financial institution 
verifies the time in business provided by the applicant, it must report 
the verified information. This guidance would have applied whether the 
financial institution relies on the time in business in making its 
credit decision or not, although the Bureau believed that verification 
would be very uncommon when the financial institution is not relying on 
the information.
    Proposed comment 107(a)(17)-2 would have provided instructions on 
how to report the time in business relied on in making the credit 
decision. The proposed comment would have stated that when a financial 
institution evaluates an applicant's time in business as part of a 
credit decision, it reports the time in business relied on in making 
the credit decision. For

[[Page 35336]]

example, the proposed comment would have further explained, if the 
financial institution relies on the number of years of experience the 
applicant's owners have in the current line of business, the financial 
institution reports that number of years as the time in business. 
Similarly, if the financial institution relies on the number of years 
that the applicant has existed, the financial institution reports the 
number of years that the applicant has existed as the time in business. 
Proposed comment 107(a)(17)-2 would have then concluded by stating that 
a financial institution reports the length of business existence or 
experience duration that it relies on in making its credit decision, 
and is not required to adopt any particular definition of time in 
business.
    Proposed comment 107(a)(17)-3 would have stated that a financial 
institution relies on an applicant's time in business in making a 
credit decision if the time in business was a factor in the credit 
decision, even if it was not a dispositive factor. The proposed comment 
would have provided the example that if the time in business is one of 
multiple factors in the financial institution's credit decision, the 
financial institution has relied on the time in business even if the 
financial institution denies the application because one or more 
underwriting requirements other than the time in business are not 
satisfied.
    Proposed comment 107(a)(17)-4 would have clarified that if the 
financial institution does not rely on time in business in considering 
an application, pursuant to proposed Sec.  1002.107(c)(1) it shall 
still maintain procedures reasonably designed to collect applicant-
provided information, which includes the applicant's time in business. 
The proposed comment would have explained that in collecting time in 
business from an applicant, the financial institution complies with 
proposed Sec.  1002.107(a)(17) by asking for the number of years that 
the applicant has been operating the business it operates now. The 
proposed comment would have further explained that when the applicant 
has multiple owners with different numbers of years operating that 
business, the financial institution collects and reports the greatest 
number of years of any owner. Proposed comment 107(a)(17)-4 would have 
then concluded by making clear that the financial institution does not 
need to comply with the instruction if it collects and relies on the 
time in business by another method in making the credit decision.
    Proposed comment 107(a)(17)-5 would have explained that pursuant to 
proposed Sec.  1002.107(c)(1) a financial institution shall maintain 
reasonable procedures to collect information provided by the applicant, 
which includes the time in business of the applicant, but if the 
financial institution is unable to collect or determine the time in 
business of the applicant, the financial institution reports that the 
time in business is ``not provided by applicant and otherwise 
undetermined.''
    The Bureau sought comment on its proposed approach to this data 
point. The Bureau also sought comment on whether time-in-business 
information may be less relevant or collectable for certain products or 
situations (such as retailer-branded credit cards acquired at point of 
sale) and whether reporting ``not applicable'' should be allowed in 
those instances. In addition, the Bureau sought comment on whether 
there should be an upper limit on time in business--for example, to 
allow reporting of ``over 20 years'' for any applicant of that 
duration, rather than requiring reporting of a specific number of 
years.
Comments Received
    The Bureau received comments on its proposed time in business data 
point from a number of lenders, trade associations, and community 
groups. A number of commenters supported the Bureau's proposal to 
collect time in business data with some pointing out the importance of 
time in business for the fair lending and community development 
purposes of section 1071. A trade association noted that time in 
business data are potentially useful for lenders, policymakers, 
regulators, and communities and that this is a common credit 
consideration for the type of small business lending undertaken by 
certain financial institutions. This trade association asserted that 
the data can help explain differences in underwriting risk among small 
business applicants and avoid misinterpretation of the dataset by 
distinguishing potentially riskier new businesses from established 
businesses. A community group stated that this data point is needed to 
assess if access to credit is reasonably available and whether there 
are geographical barriers that do not seem present in other areas based 
on analysis of the data. This commenter further stated that such 
analysis can help stakeholders identify and ameliorate any access to 
credit barriers for younger firms.
    A bank and a trade association commented that this data point could 
be helpful in demonstrating a non-discriminatory basis for different 
credit decisions and may provide helpful context for evaluating the 
basis for credit decisions and conducting an accurate, fact-based fair 
lending analysis. A community group stated that lenders already collect 
or consider the number of years a small business has been in operation 
as it is an element of loan risk and underwriting. This commenter 
further stated that time-in-business data would allow the assessment of 
whether businesses of similar duration are likely to receive credit at 
comparable terms, such as by comparing Black-owned, Latino-owned, and 
Asian-owned start-ups with white-owned start-ups. A number of 
commenters noted in discussing data points, including time in business, 
that fair lending analysis requires a robust set of key variables that 
are used in underwriting. Relatedly, other commenters stated that data 
collected under the Bureau's rule must be sufficient to allow data 
users to understand the characteristics of applicants that are denied 
credit so as to identify areas of unmet need and also to be able to 
compare declined applicants with those who are approved for credit to 
look for evidence of discrimination.
    Commenters specifically pointed out the importance of collecting 
information regarding whether a business is a start-up. A community 
group noted start-ups and younger businesses generally have more 
difficulties qualifying for credit, and other commenters pointed out 
that it is well known that start-ups often struggle to access 
financing.
    In contrast, the Bureau received many comments from lenders and 
trade associations generally opposing the Bureau's proposal to collect 
time in business. One trade association questioned how asking how long 
a company has been in operation furthers fair lending purposes. A few 
banks stated that the information is not considered for underwriting 
purposes or relevant to the creditworthiness of the applicant. An 
agricultural lender asserted that time in business data can be unknown, 
misleading, or not relevant. A few industry commenters asserted that 
time in business data are not currently collected or maintained by 
lenders. Some commenters said collecting time in business data would 
impose compliance burden and one also said that it would add friction 
to the application process. A bank stated that customers do not have 
this type of information readily available when applying for a 
commercial loan. Another bank noted that the data point adds a layer of 
complexity, will not provide useful information that advances section 
1071, and goes beyond what other laws,

[[Page 35337]]

such as HMDA, require financial institutions to collect. A trade 
association commented that time in business is unfamiliar to the 
applicant or difficult to obtain and will result in additional 
complexity, confusion, and significant operational and regulatory 
costs. Another trade association said this data point involves 
complexities because many small businesses cannot provide an exact 
amount of time in business due to name changes, mergers and 
acquisitions, and other routine events that complicate this 
calculation. A bank stated that its borrowers rarely keep good enough 
records to properly state the date they began doing business. An 
agricultural lender stated that time in business can be difficult to 
determine for a farming operation that may have begun as a lifestyle 
venture or arose from multiple generations of farming.
    Some commenters expressed concerns with the data to be collected as 
well as the method of reporting. A bank stated that it makes loans for 
startup companies and relies on the applicant's experience in the given 
industry rather than the length of time they have operated their 
current business; however, underwriting for an established business 
uses the length of time that specific business has been in operation. 
Although the Bureau's proposal allows for the consideration of business 
experience or business longevity, this commenter and several others 
asserted that the resulting data gathered will not be comparable and 
analysis of that data will be meaningless. Another bank stated that in 
most cases, the credit decision is a combination of the number of years 
the applicant has been in business and the number of years the 
principals have been in the industry, but if one institution reports 
the number of years the applicant has been in business and another 
reports the number of years of experience of the principals, they would 
not appear to be as similarly situated as they are; therefore, it will 
be impossible to make comparisons or draw accurate conclusions with 
respect to the information submitted. Another bank pointed out this 
same issue and stated that the mixture of responses would lead to 
unreliable information, unjustifiable conclusions, and unjustified 
burden on applicants and financial institutions. Other banks and a 
trade association also indicated that the credit decision can be based 
on a combination of the number of years the applicant has been in 
business and the number of years the principals have been in the 
industry. Two of these commenters also said that the Bureau did not 
provide guidance on how to report the data in these circumstances.
    A bank trade association commented that many small business 
borrowers create new entities for various reasons and expressed concern 
that the data collected could suggest lenders are giving more favorable 
treatment to new small businesses as opposed to existing ones. Another 
trade association stated that collecting time in business using 
management or owner experience rather than the age of the business 
itself undercuts the Bureau's rationale that time in business could 
explain the difference in underwriting risk among small business 
applicants and avoid misinterpretation of data. This commenter 
recommended that time in business be collected at the financial 
institution's option. A bank was concerned that time in business data 
may make it appear to discriminate against start-up businesses, 
explaining that its practice has been to avoid providing financing for 
start-up businesses unless it can secure government guaranties because 
in distressed areas where the bank generally lends, start-up businesses 
have historically been unable to sustain a repayment history for the 
loan term due to business closure and liquidation. Therefore, the bank 
explained, if comparing this information for fair lending, it will 
appear that they are discriminating against start-up businesses when 
there are studies showing that minority-owned businesses are under-
financed as start-ups.
    Several commenters requested the Bureau provide clarification on 
certain aspects of reporting the data point or made recommendations for 
reporting the data. A bank suggested that the Bureau collect the time 
the business has been active regardless of ownership experience or time 
the current owners have owned this business. A community group 
recommended that financial institutions be required to report the time 
in business used when underwriting the loan because time in business 
could refer to either the time period since the business was formally 
incorporated or the time period of operation. A bank requested 
clarification on temporary lapses in business and how to report 
seasonal businesses. Several agricultural lenders and a trade 
association suggested that if this data point is not dropped then the 
Bureau should tie it to the established Farm Credit data point, ``Year 
began Farming,'' because Farm Credit associations already collect 
``Year began farming.'' These commenters reasoned that there would be 
needless confusion in the context of agricultural credit if there were 
separate and competing definitions of ``Time in business'' and ``Year 
began farming.'' A bank recommended that the easiest way to report time 
in business information is with a number in the column; however, it 
suggested that for newer businesses, particularly for those with less 
than one year in business, the number should be reported in ranges, 
e.g., 0-6 months or 7-12 months. A community group said that credit 
card lenders should not be able to routinely report ``not applicable'' 
for this data point because the information should not be too hard to 
ask for on an application form. A bank and a trade association 
requested that the Bureau allow all financial institutions to report 
the applicant's time in business, whether used in credit underwriting 
or collected from the applicant, and to rely on the information 
provided by the applicant. These commenters also requested that the 
Bureau include in the final rule a safe harbor from liability for 
reporting the applicant-provided time in business. Another trade 
association also recommended that the Bureau clarify that financial 
institutions may rely on statements made by the applicant without 
incurring risk.
    A bank commented that putting an upper limit on years to report is 
not a good idea and said that time in business should always be 
reported as a specific number of years. The bank reasoned that there 
are businesses that struggle at the 5 year mark, the 10 year mark, or 
the 50 year mark. According to this bank, one should not assume that 
applicants are ``fine'' because those years are above an arbitrary 
number the Bureau has chosen.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(a)(17) with revisions to the regulatory text and commentary. 
As explained below, financial institutions will be required to report 
the time the applicant has been in business, but the Bureau has revised 
the requirements to provide financial institutions more flexibility in 
collecting the information. Pursuant to its authority under ECOA 
section 704B(e)(2)(H), the Bureau determines that collecting data on 
time in business will further the purposes of section 1071, as further 
explained below.
    The Bureau believes that time in business will advance both 
statutory purposes of section 1071. Research illustrates the role that 
start-ups and new businesses play in the business ecosystem and in 
promoting important community development aims, such as

[[Page 35338]]

creating new jobs.\668\ Financial institutions often have special 
credit policies regarding start-ups and other young businesses, 
including whether the institution will extend credit to start-ups at 
all, the type(s) of credit products start-ups and new businesses can 
apply for, and the amount of credit for which they can be approved. 
Studies generally show that start-ups experience greater difficulty in 
accessing credit.\669\
---------------------------------------------------------------------------

    \668\ See, e.g., Small Bus. Admin., 2018 Small Business 
Profiles, at 1-2 (2018), https://www.sba.gov/advocacy/2018-small-business-profiles-states-and-territories?utm_medium=email&utm_source=govdelivery; John 
Haltiwanger et al., Who Creates Jobs? Small versus Large versus 
Young, 95(2) Review of Econ. & Stat., at 347-61 (2013), https://direct.mit.edu/rest/article/95/2/347/58100/Who-Creates-Jobs-Small-versus-Large-versus-Young.
    \669\ For example, a Federal Reserve Bank of New York report, 
based on data from the 2016 Small Business Credit Surveys that 
included information from 12 Federal Reserve Banks, provides 
statistics on how start-ups are less likely to receive credit as 
compared to mature businesses, even with comparable credit scores. 
See Fed. Rsrv. Bank of N.Y., Small Business Credit Survey: Report on 
Start-up Firms, at iv (2017), https://www.newyorkfed.org/medialibrary/media/smallbusiness/2016/SBCS-Report-StartupFirms-2016.pdf.
---------------------------------------------------------------------------

    Time in business data will benefit data users, including financial 
institutions, policymakers, economic analysts, and communities by 
allowing them to better identify the proportion of small businesses 
seeking credit that are start-ups or relatively new businesses, the 
type(s) of credit offered to these groups, the geographic setting of 
these businesses, the types of financial institutions that are reaching 
such businesses, and where communities might focus business development 
efforts. The data may also aid policymakers in addressing issues 
impacting the growth of small start-ups. The data, particularly as to 
unmet demand, could help interested financial institutions identify 
lending opportunities to reach more start-ups and new businesses, 
promoting both business and community development. This data point will 
also facilitate fair lending analyses by providing a useful control to 
identify similarly situated applicants and eliminate some false 
positives, while also allowing monitoring of potential disparate 
treatment of relatively new minority- and women-owned small businesses.
    The Bureau understands from commenters that there are complexities 
associated with collecting time in business information from an 
applicant for various reasons, including applicant difficulty providing 
an exact time because of prior name changes, events that affected the 
applicant's structure, multi-generational ownership, and others 
discussed by commenters above. In light of the feedback received, the 
Bureau has revised the requirements for reporting time in business 
information, based on the financial institution's procedures. The 
Bureau is also not finalizing this data point to include data as relied 
on by the financial institution to make a decision. Rather, the final 
rule requires financial institutions to report time in business as 
collected or otherwise obtained. Although this requirement is similar 
to reporting the time in business relied on, the new language makes 
clear that the financial institution reports the time in business 
collected or obtained regardless of whether it relied on that 
information in underwriting the application. Commenters indicated that 
they may base their credit decision on a combination of factors, such 
as the time the applicant has been in existence and the time the owners 
have been in the industry, while other commenters indicated that they 
do not collect or use time in business for underwriting purposes. The 
Bureau believes that standardizing the time in business data point to 
be based on what the financial institution collects or obtains 
streamlines the requirement and provides flexibility for the financial 
institution to report time in business information based on its credit 
policies or programs rather than having to select a time in business 
method specifically for reporting pursuant to this rule. Accordingly, 
the Bureau is not finalizing ``as relied on or collected by the 
financial institution'' in the regulatory text. Final regulatory text 
for Sec.  1002.107(a)(17) requires reporting of the time the applicant 
has been in business; however, the Bureau is providing further details 
guidance in commentary regarding time in business collection and 
reporting, as explained below. As some commenters suggested, allowing 
different methods for measuring time in business will have an effect on 
the comparability of the data, but information about the time in 
business actually collected by the financial institution for its own 
purposes will be useful for fair lending analysis and will impose less 
operational difficulty than requiring reporting based on a single 
definition. For example, this method will allow a financial institution 
to use the ``year began farming'' date, as suggested by some 
commenters, to report time in business without further inquiry.
    Final comment 107(a)(17)-1.i provides that a financial institution 
reports time in business in whole years if, as part of its procedures, 
it collects or obtains the number of years an applicant has been in 
business. Final comment 107(a)(17)-1.i also provides guidance to make 
clear that if the financial institution reports the number of whole 
years, the financial institution rounds down to the nearest whole year. 
Final comment 107(a)(17)-1.ii provides that if a financial institution 
does not collect or obtain the number of years an applicant has been in 
business, but as part of its procedures it determines whether or not 
the applicant has been in business less than two years, then the 
financial institution reports the applicant's time in business as 
either less than two years or two or more years. Final comment 
107(a)(17)-1.iii provides that if a financial institution does not 
collect or obtain time in business, either as number of years or a 
determination as to whether the applicant has been in business less 
than two years, then the financial institution complies with the rule 
by asking the applicant whether it has been in business less than two 
years or two or more years. The Bureau is not finalizing the provision 
in proposed comment 107(a)(17)-1.ii to require financial institutions 
to indicate whether an applicant has not begun operating yet or has 
been in operation less than a year. In addition, the Bureau is not 
requiring that newer business applicants' time in business be reported 
in ranges, as one commenter suggested. The Bureau believes that time in 
business information reported in whole years or an indication of over 
or under two years can provide data users with robust information 
regarding start-ups and newer businesses as well as the maturity of 
other businesses, thus furthering the purposes of section 1071 while 
also simplifying collection and reporting. Issues such as whether to 
report the time in business based on the time of incorporation or time 
of business opening, lapses in business operation such as for a 
seasonal business, and new business entities that do not actually 
constitute a new enterprise should all be considered within the 
financial institution's discretion in collecting time in business. The 
Bureau does not believe that these scenarios will have a significant 
effect on the quality of the data reported, but crafting a rule that 
takes them into account could considerably increase the operational 
difficulty of compliance.
    Final comment 107(a)(17)-2 provides that a financial institution 
that collects time in business as part of its procedures is not 
required to collect or obtain time in business information pursuant to 
a specific definition for the purposes of this rule. The comment

[[Page 35339]]

provides examples of how a financial institution may define time in 
business, including by asking the applicant when the business started 
or based on the owner's experience in the industry. As discussed above, 
the Bureau understands from commenters that a financial institution may 
collect and/or consider for underwriting both the number of years the 
applicant has been in business and the number of years of experience an 
owner has in the industry. In response to a comment requesting 
clarification and to mitigate other commenter concerns, final comment 
107(a)(17)-2 provides that if a financial institution collects the 
number of years the applicant has existed as well as another measure of 
time in business, such as the number of years of experience an owner 
has in the industry, the financial institution reports the number of 
years the applicant has existed as the time in business. The Bureau 
believes that this method will result in more uniform and comparable 
data on time in business and should not cause operational difficulty 
because the financial institution will be reporting information that it 
already collects.
    Comment 107(a)(17)-3 (renumbered from proposed comment 107(a)(17)-
6) is finalized with minor clarifications. Final comment 107(a)(17)-3 
provides that a financial institution is required to maintain 
procedures reasonably designed to collect applicant-provided data, 
which includes time in business; however, if the financial institution 
is nonetheless unable to collect this information, then the financial 
institution reports ``not provided by applicant and otherwise 
undetermined'' for the time in business data point. The Bureau believes 
that providing this reporting option will facilitate compliance.
    The Bureau acknowledges commenters' arguments that time in business 
is not collected by some financial institutions now nor used by such 
institutions for underwriting purposes. However, other industry 
commenters indicated that they do collect and use time in business for 
underwriting (for example, commenters stated the credit decision is 
based on a combination of the number of years the applicant has been in 
business and the number of years the principals or owners have in the 
industry).
    Commenters also expressed concern with the burden associated with 
collecting time in business information. The Bureau does not believe it 
would be too difficult for financial institutions to collect this 
information if they do not already do so, and the ability to merely ask 
whether a business has existed for less than two years or two years or 
more should reduce any complexity for applicants in providing the 
information. The Bureau also believes that collection of time in 
business will further the dual purposes of section 1071, as discussed 
above. The final rule does not permit time in business information be 
reported at the financial institution's option, as the Bureau believes 
that if it made this data point optional, very little data would be 
reported.
    With respect to the concern raised by a commenter that reporting 
time in business information may cause a financial institution to 
appear to discriminate against start-up businesses because of its 
policy to avoid providing financing to start-ups, the Bureau believes 
that time in business information will help mitigate concerns of data 
misrepresentation and help explain the credit decision made by a 
financial institution. For example, data indicating that an applicant 
is relatively new with little experience or financial history could 
explain why the financial institution denied the application or 
approved it for less than what was applied for.
    With respect to the recommendation that the Bureau allow all 
financial institutions to report the applicant's time in business 
whether used in credit underwriting or collected from the applicant, 
the final rule provides this flexibility for financial institutions. 
The final rule also allows the financial institution to collect 
applicant-provided data, including time in business information, from 
appropriate third-party sources. See final Sec.  1002.107(b).
    The Bureau is not adopting a safe harbor from liability for 
reporting the applicant-provided time in business for the reasons 
provided in the section-by-section analysis of Sec.  1002.112(c). 
Guidance related to relying on information provided by an applicant and 
appropriate third-party sources, including time in business 
information, is provided in final comment 107(b)-1. (Similar content 
was included in proposed comment 107(a)(17)-1.) That comment explains 
that a financial institution needs report verified information only if 
it verifies information from the applicant for its own business 
purposes. Because the rule makes clear that a financial institution may 
rely on statements made by or information from the applicant regarding 
time in business and need not verify its accuracy, the Bureau does not 
believe that a safe harbor is necessary. For more information on 
relying on information provided by an applicant, see the section-by-
section analysis of Sec.  1002.107(b).
107(a)(18) Minority-Owned, Women-Owned, and LGBTQI+-Owned Business 
Statuses Background
    ECOA section 704B(b) requires financial institutions to inquire 
whether applicants for credit are minority-owned and/or women-owned 
businesses and to maintain a record of the responses to that inquiry 
separate from the applications and accompanying information. Section 
704B(c) provides that applicants for credit may refuse to provide 
information requested pursuant to 704B(b). ECOA section 704B(e)(2)(H) 
authorizes the Bureau to require financial institutions to compile and 
maintain ``any additional data that the Bureau determines would aid in 
fulfilling the purposes of [section 1071].'' The Bureau is finalizing 
Sec.  1002.107(a)(18) to address how a financial institution would 
collect and report an applicant's minority-owned and women-owned 
business statuses, along with LGBTQI+-owned business status which the 
Bureau believes would aid in fulfilling the purposes of section 1071.
    The Bureau proposed appendix F to provide instructions to aid 
financial institutions when collecting minority-owned business status 
pursuant to proposed Sec.  1002.107(a)(18) and women-owned business 
status pursuant to proposed Sec.  1002.107(a)(19). However, there was 
some duplication between what was contained in proposed appendix F and 
in proposed Sec.  1002.107(a)(18) and (19) and associated commentary.
    As discussed further herein, final Sec.  1002.107(a)(18) differs 
from proposed Sec.  1002.107(a)(18) in a number of ways, largely to 
streamline the rule and facilitate compliance. First, the final rule 
combines proposed Sec.  1002.107(a)(18) and (19) into final Sec.  
1002.107(a)(18). Next, final Sec.  1002.107(a)(18) also requires 
collection of LGBTQI+-owned business status. Finally, the commentary to 
final Sec.  1002.107(a)(18) incorporates the information contained in 
proposed appendix F.
Proposed Rule--Proposed Sec.  1002.107(a)(18) and (19)
    In order to implement the section 1071 requirement that financial 
institutions inquire whether applicants for credit are minority-owned 
and/or women-owned businesses, the Bureau proposed Sec.  
1002.107(a)(18) to address minority-owned business status, and Sec.  
1002.107(a)(19) to address women-owned business status. The text of 
these

[[Page 35340]]

proposed provisions was otherwise identical in their language. Proposed 
Sec.  1002.107(a)(18) and (19) would have required financial 
institutions to collect and report whether an applicant is a minority-
owned or women-owned business, respectively. Proposed Sec.  
1002.107(a)(18) and (19) would also have required financial 
institutions to collect and report whether minority-owned business 
status or women-owned business status, respectively, was being reported 
based on previously collected data pursuant to proposed Sec.  
1002.107(c)(2). When the financial institution requests minority-owned 
and women-owned business statuses from an applicant, the financial 
institution would have been required to inform the applicant that the 
financial institution cannot discriminate on the basis of the 
applicant's minority-owned or women-owned business status, or on 
whether the applicant provides this information. Finally, proposed 
Sec.  1002.107(a)(18) and (19) would have referred to proposed appendix 
F for additional details regarding how financial institutions are 
required to collect and report minority-owned or women-owned business 
statuses, respectively. Proposed appendix F would have included a 
requirement that a financial institution inform an applicant that the 
applicant is not required to respond to the financial institution's 
questions regarding the applicant's minority-owned business status and 
women-owned business status and inform the applicant of a prohibition 
on financial institutions requiring applicants to provide this 
information.\670\
---------------------------------------------------------------------------

    \670\ Proposed appendix G would have included a similar 
requirement to notify applicants that they are not required to 
provide information regarding principal owners' ethnicity, race, and 
sex and of a similar prohibition on financial institutions requiring 
that applicants provide such information.
---------------------------------------------------------------------------

    Proposed comments 107(a)(18)-1 and 107(a)(19)-1 would have 
clarified that a financial institution would be required to ask an 
applicant if it is a minority-owned business or women-owned business, 
respectively, for each covered application unless the financial 
institution is permitted to report minority-owned business status or 
women-owned business status, respectively, based on previously 
collected data. Additionally, the financial institution would have been 
required to permit an applicant to refuse to answer the financial 
institution's inquiry and to inform the applicant that it is not 
required to provide the information. The financial institution would 
have reported the applicant's response, its refusal to answer the 
inquiry (such as when the applicant indicates that it does not wish to 
provide the requested information), or its failure to respond (such as 
when the applicant fails to submit a data collection form) to the 
inquiry.
    Proposed comments 107(a)(18)-2 and 107(a)(19)-2 would have 
explained that a financial institution must inform the applicant that 
the financial institution cannot discriminate on the basis of an 
applicant's minority-owned business status or women-owned business 
status, respectively, or on whether the applicant provides the 
information. These proposed comments would also have clarified that a 
financial institution may combine this non-discrimination notice 
regarding minority-owned business status or women-owned business 
status, respectively, with the similar non-discrimination notices that 
a financial institution is required to provide when requesting women-
owned business status or minority-owned business status, respectively, 
and a principal owner's ethnicity, race, and sex if a financial 
institution requests such information in the same data collection form 
or at the same time.
    Proposed comments 107(a)(18)-3 and 107(a)(19)-3 would have 
explained how, pursuant to proposed Sec.  1002.111(b), financial 
institutions must record an applicant's response regarding minority-
owned business status and women-owned business status pursuant to 
proposed Sec.  1002.107(a)(18) or (19), respectively, separate from the 
application and accompanying information. These proposed comments would 
have also provided examples of how responses could be recorded 
separately from the application and accompanying information.
    Proposed comments 107(a)(18)-4 and 107(a)(19)-4 would have stated 
that pursuant to proposed Sec.  1002.107(c)(1), a financial institution 
shall maintain procedures reasonably designed to collect applicant-
provided information, which includes the applicant's minority-owned 
business status or women-owned business status, respectively. However, 
if a financial institution did not receive a response to its inquiry, 
the financial institution would have reported that the applicant's 
minority-owned business status or women-owned business status, 
respectively, is ``not provided by applicant.''
    Proposed comments 107(a)(18)-5 and 107(a)(19)-5 would have stated 
that notwithstanding proposed Sec.  1002.107(b) (regarding verification 
of applicant-provided information), a financial institution would have 
reported the applicant's response, its refusal to answer the inquiry, 
or its failure to respond to the inquiry pursuant to proposed Sec.  
1002.107(a)(18) or (19), respectively, even if the financial 
institution verifies or otherwise obtains an applicant's minority-owned 
business status or women-owned business status for other purposes. 
Moreover, a financial institution would not have been required or 
permitted to verify the applicant's responses to the financial 
institution's inquiries pursuant to proposed Sec.  1002.107(a)(18) or 
(19) regarding minority-owned business status or women-owned business 
status, respectively.
    Proposed comments 107(a)(18)-6 and 107(a)(19)-6 would have 
clarified that a financial institution does not report minority-owned 
business status or women-owned business status, respectively, based on 
visual observation, surname, or any basis other than the applicant's 
response to the inquiry that the financial institution makes to satisfy 
proposed Sec.  1002.107(a)(18) or (19), respectively, or, if the 
financial institution was permitted to report based on previously 
collected data, on the basis of the applicant's response to the inquiry 
that the financial institution previously made to satisfy Sec.  
1002.107(a)(18) or (19), respectively.
    Proposed comments 107(a)(18)-7 and 107(a)(19)-7 would have 
clarified that a financial institution may report minority-owned 
business status or women-owned business status, respectively, based on 
previously collected data if the financial institution is permitted to 
do so pursuant to proposed Sec.  1002.107(c)(2) and its commentary.
    The Bureau sought comment on its proposed approach to these data 
points, including the proposed methods of collecting and reporting the 
data. The Bureau also requested comment on whether additional 
clarification regarding any aspect of these data points is needed. In 
particular, the Bureau sought comment on whether applicants are likely 
to have difficulty understanding and determining the information they 
are being asked to provide and, if so, how the Bureau may mitigate such 
difficulties.
Proposed Rule--Proposed Appendix F
    Proposed appendix F would have provided instructions to aid 
financial institutions when collecting minority-owned business status 
pursuant to proposed Sec.  1002.107(a)(18) and women-owned business 
status pursuant to proposed Sec.  1002.107(a)(19).
    The Bureau proposed appendix F pursuant to its authority under ECOA

[[Page 35341]]

section 704B(g)(1) to prescribe such rules and issue such guidance as 
may be necessary to carry out, enforce, and compile data pursuant to 
section 1071, in order to facilitate compliance with the statutory 
requirements to collect minority-owned and women-owned business 
statuses pursuant to 704B(b)(1). Further, the Bureau proposed appendix 
F pursuant to its obligation in 704B(g)(3) to issue guidance to 
facilitate compliance with the requirements of section 1071, including 
assisting financial institutions in working with applicants to 
determine whether the applicants are women-owned or minority-owned 
businesses.
    The Bureau sought comment on the proposed instructions, and 
generally sought comment on whether additional clarification regarding 
any aspect of the proposed instructions was needed. The Bureau further 
requested comment on whether additional or different instructions were 
needed for financial institutions that choose not to use a paper data 
collection form to collect minority-owned business status or women-
owned business status, such as collecting such information using a web-
based or other electronic data collection form, or over the telephone. 
The Bureau also sought comment regarding the challenges faced by both 
applicants and financial institutions by the data collection 
instructions prescribed in appendix F and specifically requested 
comment on ways to improve the data collection of minority-owned 
business status and women-owned business status.
Comments Received--Women-Owned and Minority-Owned Business Statuses
    The Bureau received comments on proposed Sec.  1002.107(a)(18) and 
(19) and appendix F from some industry and community group commenters. 
Commenters uniformly supported the Bureau's proposal that the financial 
institution would rely solely on the applicant to determine minority-
owned and women-owned business statuses, and that institutions should 
not be required or permitted to verify an applicant's response. One 
commenter requested that a financial institution not be required to 
conduct any follow-up if an applicant fails to provide the information. 
Another noted that owners and ownership status may change from day to 
day. One said that the back-office functions of financial institutions 
will need to ensure the data are being reported correctly and identify 
any issues in the data, which will require an increase in staff.
    A commenter asserted that applicants should be permitted to self-
report whether they have been certified by a third-party organization 
as a minority- and/or women-owned business and the name of the 
certifying organization, which it said would promote the objectives of 
section 1071 by encouraging responses of relevant and verifiable 
information. Another commenter suggested that the Bureau coordinate 
with the U.S. Census to create a minority and women-owned business 
suffix to a business's NAICS code which identifies their minority or 
women-owned business status.
    Regarding appendix F, some commenters supported the proposed 
approach to collecting information. Several commenters requested that 
the Bureau eliminate duplication and include all mandatory statements 
in the rule text, rather than in the appendices.
Comments Received--LGBTQI+-Owned Business Status
    As discussed in the section-by-section analysis of Sec.  
1002.102(k) and (l) above, regarding the definitions for LGBTQI+ 
individual and LGBTQI+-owned business, the Bureau sought comment on 
whether it should adopt a data point to collect an applicant's lesbian, 
gay, bisexual, transgender, or queer (LGBTQ+)-owned business status, 
similar to the way it proposed to collect minority-owned business 
status and women-owned business status.
    The Bureau received comments from several banks, individual 
commenters, and community groups on this issue. Some commenters did not 
support including such a data point in the final rule, generally 
stating that asking for such information would be offensive, would be 
considered an invasion of privacy, or would damage bank-customer 
relationships. One commenter said that applicants are unlikely to 
provide this information and that an applicant's LGBTQ+-owned business 
status is not considered in the lending process and thus should not be 
part of this data collection.
    A few commenters also stated that asking for such information could 
potentially further segregate and stigmatize LGBTQ individuals and 
their businesses, when they already face bias and discrimination. These 
commenters also raised concerns about the privacy and security of the 
collected information, noting that storing it with financial 
institutions and in a nationwide database exposes the information to 
not only authorized persons but also potentially to hackers. These 
commenters argued that although there is some protection in the Federal 
employment law context due to the U.S. Supreme Court's opinion in 
Bostock v. Clayton County,\671\ there are States where discrimination 
against LGBTQ individuals is legal and thus inferences about one's 
sexuality could have serious negative impacts. They also expressed 
concern that this information could be used for unintended purposes. 
One commenter also expressed a concern that previously collected 
information about an applicant's LGBTQ+-owned business status could be 
used inappropriately.
---------------------------------------------------------------------------

    \671\ 140 S. Ct. 1731 (2020). See the section-by-section 
analysis of Sec.  1002.107(a)(19), under Proposed Rule--Collecting 
Sex, for a discussion of the Court's holdings in Bostock.
---------------------------------------------------------------------------

    Other commenters supported inclusion of LGBTQ+-owned business 
status in the final rule, generally asserting the collection of 
information about a business' LGBTQ+-owned status is appropriate and 
necessary under the law. One commenter stated that businesses owned by 
LGBTQ+ individuals face discrimination and bias and urged the Bureau to 
use its ECOA section 704B(e)(2)(H) authority to require the collection 
of such information. Another commenter argued that data about lending 
availability to LGBTQ-owned businesses will enhance the Bureau's 
ability to enforce fair lending laws to protect them from 
discrimination in credit, and identify their credit needs. Another 
commenter stated that collecting applicants' LGBTQ+-owned business 
status is necessary to ensure that LGBTQ+ small business owners are 
being treated fairly by lenders and fulfill the purposes of section 
1071. One commenter suggested that the Bureau include an inquiry to 
identify businesses who have experienced impermissible sex 
discrimination under ECOA without requiring information on the owners' 
specifically held identities if they do not wish to disclose them. This 
commenter suggested this would be consistent with the Bureau's proposal 
regarding the collection of ethnicity and race.
    A commenter also stated that there is public and congressional 
support for the collection of LGBTQ+-owned business status information, 
noting that H.R. 1443, the LGBTQ Business Equal Credit Enforcement and 
Investment Act, would have amended ECOA to include a definition for 
``LGBTQ-owned business'' and require the collection of LGBTQ-owned 
business status.\672\
---------------------------------------------------------------------------

    \672\ H.R. 1443, 117th Cong. (2021).
---------------------------------------------------------------------------

    Commenters suggested that the Bureau adopt the same approach it 
proposed using for collecting minority-owned and women-owned business 
statuses, by providing applicants with a definition for LGBTQ-owned 
business

[[Page 35342]]

status and allowing respondents to indicate whether they are or are not 
such a business. Another commenter recommended that financial 
institutions not be allowed to collect or report such information on 
the basis of visual observation, surname analysis, or any method other 
than applicant-provided responses. This commenter also stated that 
financial institutions should not be permitted or required to verify an 
applicant's LGBTQ+-owned business status.
Final Rule--Business Status in General
    For the reasons set forth herein, the Bureau is adopting Sec.  
1002.107(a)(18) with a number of changes to require collection of 
minority-owned business status, to incorporate collection women-owned 
business status (from proposed Sec.  1002.107(a)(19)) and to add 
LGBTQI+-owned business status, along with a number of conforming 
changes to the commentary. The Bureau has also incorporated information 
from proposed appendix F into the commentary to final Sec.  
1002.107(a)(18),\673\ added additional commentary for parity with final 
Sec.  1002.107(a)(19) regarding collection of principal owners' 
ethnicity, race, and sex, and updated a number of cross-references.
---------------------------------------------------------------------------

    \673\ In certain instances where language in proposed appendix F 
and commentary to proposed Sec.  1002.107(a)(18) and (19) were 
similar, language in the final regulatory text or commentary has 
been revised to improved clarity. In other instances, language from 
proposed appendix F is imported wholesale to provide clarity and 
streamline the rule.
---------------------------------------------------------------------------

    Final Sec.  1002.107(a)(18) requires the collection of information 
regarding whether the applicant is a minority-owned, women-owned, and/
or LGBTQI+-owned business. When requesting minority-owned, women-owned, 
and LGBTQI+-owned business statuses from an applicant, Sec.  
1002.107(a)(18) requires that a financial institution inform the 
applicant that the financial institution cannot discriminate on the 
basis of minority-owned, women-owned, or LGBTQI+-owned business 
statuses, or on whether the applicant provides this information.
    Final comment 107(a)(18)-1 clarifies that a financial institution 
must ask an applicant whether it is a minority-owned, women-owned, and/
or LGBTQI+-owned business. A financial institution must permit an 
applicant to refuse (i.e., decline) to answer the inquiries and must 
inform the applicant that it is not required to provide the 
information. The financial institution must report the applicant's 
substantive responses, that the applicant declined to answer, or its 
failure to respond to an inquiry, as applicable.
    Final comment 107(a)(18)-2 clarifies that a financial institution 
must provide the applicants with definitions of the terms minority-
owned business, women-owned business, and LGBTQI+-owned business when 
inquiring about these business statuses. A financial institution 
satisfies this requirement if it provides the definitions set forth in 
the sample data collection form in appendix E.
    Final comment 107(a)(18)-3 clarifies that a financial institution 
may combine on the same paper or electronic data form the business 
status questions along with the data requested in Sec.  1002.107(a)(19) 
(principal owners' ethnicity, race, and sex) and Sec.  1002.107(a)(20) 
(number of principal owners).
    Final comment 107(a)(18)-4 (renumbered from comment 107(a)(18)-2 in 
the proposal and incorporating additional information from proposed 
appendix F) explains that a financial institution must inform the 
applicant that the financial institution cannot discriminate on the 
basis of an applicant's business statuses or on whether the applicant 
provides the information. Under the final rule, a financial institution 
must also inform the applicant that Federal law requires it to ask for 
an applicant's minority-owned, women-owned, and LGBTQI+-owned business 
statuses to help ensure that all small business applicants for credit 
are treated fairly and that communities' small business credit needs 
are being fulfilled (this disclosure would have been optional under the 
NPRM). The Bureau believes that this notice should be compulsory, 
rather than voluntary, to ensure that applicants receive information 
about the data collection rule and its purposes. See the section-by-
section analysis of Sec.  1002.107(a)(19) for further explanation and 
discussion of comments received on this issue.
    Final comment 107(a)(18)-5 explains that a financial institution 
must maintain the record of an applicant's responses to the financial 
institution's inquiry separate from the application and accompanying 
information.
    Final comment 107(a)(18)-6 explains that if a financial institution 
does not receive a response to the financial institution's inquiry for 
purposes of Sec.  1002.107(a)(18), the financial institution reports 
that the applicant's business statuses were ``not provided by 
applicant.''
    Final comment 107(a)(18)-7 explains that a financial institution 
reports that the applicant responded that it did not wish to provide 
the information about an applicant's business statuses if the applicant 
declines or refuses to provide the information by selecting such a 
response option on a paper or electronic form. The financial 
institution reports an applicant's refusal to provide such information 
in this way, if the applicant orally declines to provide such 
information for a covered application taken by telephone or another 
medium that does not involve providing any paper or electronic 
documents.
    Final comment 107(a)(18)-8 explains that if an applicant both 
provides a substantive response to the financial institution's inquiry 
regarding business status and also checks the ``I do not wish to 
provide this information'' box or similar for that question, the 
financial institution reports the applicable business status(es) 
provided by the applicant (rather than reporting that the applicant 
declined to provide the information).
    Final comment 107(a)(18)-9 explains that, notwithstanding Sec.  
1002.107(b) (regarding verification of applicant-provided data), a 
financial institution must report the applicant's substantive 
response(s), that the applicant declined to answer the inquiry, or the 
applicant's failure to respond to the inquiry, even if the financial 
institution verifies or otherwise obtains an applicant's business 
statuses for other purposes, and provides an example of such a 
situation.
    With regard to commenters who asserted that applicants should be 
able to rely upon minority-owned or women-owned business status 
certifications received from a third-party organization, the Bureau 
believes that the definitions of minority-owned or women-owned business 
statuses from third-party organizations may not align with the 
definitions found in section 1071 and codified in this rule, and thus 
reliance on them would not be appropriate. As addressed above, final 
comment 107(a)(18)-2 clarifies that a financial institution must 
provide applicants with definitions of the terms minority-owned 
business, women-owned business, and LGBTQI+-owned business, as provided 
in this rule, when asking questions about these business statuses.
Final Rule--LGBTQI+-Owned Business Status
    For the reasons set forth herein, the Bureau is exercising its 
authority under ECOA section 704B(e)(2)(H) to require financial 
institutions to request information about whether an applicant is a 
LGBTQI+-owned business. The Bureau believes that the collection of this 
information will further section

[[Page 35343]]

1071's statutory purposes. Specifically, the Bureau believes that the 
collection of this information will help address an information gap 
about small business lending and facilitate fair lending enforcement 
and the identification of business and community development needs and 
opportunities for small businesses.
    Based on the limited information available, the Bureau believes 
that LGBTQI+-owned businesses may experience particular challenges 
accessing small business credit. For example, one report found that, 
while LGBTQ businesses were equally likely to apply for financing, they 
were less likely to receive it, with about 46 percent of LGBTQ-owned 
businesses reporting that they had received none of the financing that 
they had applied for in the past year, as compared to 35 percent of 
non-LGBTQ businesses that applied for funding. The report noted that 
LGBTQ-owned businesses were more likely than non-LGBTQ businesses to 
explain their denial was due to lenders not approving financing for 
``businesses like theirs'' (33 percent versus 24 percent), among other 
reasons.\674\ The same report also found that LGBTQ-owned businesses 
that applied for Paycheck Protection Program funding in 2021 were less 
successful in receiving funding applied for than non-LGBTQ 
businesses.\675\
---------------------------------------------------------------------------

    \674\ Spencer Watson et al., Ctr. for LGBTQ Economic Advancement 
& Research and Movement Advancement Project, LGBTQ-Owned Small 
Businesses in 2021, 10-11 (July 2021), http://www.lgbtq-economics.org/research/lgbtq-small-businesses-2021 (analyzing 2021 
data from Small Business Credit Survey administered by the Federal 
Reserve Banks). As used in the report, the term ``LGBTQ-owned 
business'' refers to businesses where individuals who identify as 
lesbian, gay, bisexual, transgender, or queer own 50 percent or more 
of the business. Id. at note a.
    \675\ Id. at 8-9 (only 54 percent of LGBTQ-owned businesses 
received all the Paycheck Protection Program funding they applied 
for in 2021, and 17 percent received none of the funding applied 
for, compared to 68 percent and 10 percent of all non-LGBTQ owned 
businesses, respectively).
---------------------------------------------------------------------------

    ECOA section 704B(e)(2)(H) provides the Bureau with broad 
discretion to collect ``any'' additional data it determines would aid 
in fulfilling the purposes of section 1071. As discussed, the Bureau 
has determined that the collection of business applicants' LGBTQI+-
owned business status information, in addition to requiring information 
on principal owners' specifically held sex/gender identity, as 
discussed in the section-by-section analysis of Sec.  1002.107(a)(19) 
below, will facilitate the purposes of section 1071 and is thus 
exercising its authority under section 1071 to require its collection.
    Similar to the proposed (and final) approaches for collecting 
women-owned and minority-owned business statuses, financial 
institutions are required to provide the definition of ``LGBTQI+-owned 
business'' under Sec.  1002.102(l) when requesting information about an 
applicant's LGBTQI+-owned business status as provided by final comment 
107(a)(18)-2. Financial institutions are also required to provide the 
same notices when requesting an applicant's LGBTQI+-owned business 
status, such as the notice that the applicant is not required to 
provide the information under final comment 107(a)(18)-1 and other 
notices under final comment 107(a)(18)-4. Other provisions set out in 
commentary for minority-owned and women-owned business statuses 
likewise apply to LGBTQI+-owned business status; for example, a 
financial institution reports only the applicant's response to the 
inquiry about its LGBTQI+-owned business status, even if it verifies or 
otherwise obtains an applicant's LGBTQI+-owned business status for 
other purposes. See, e.g., comments 107(a)(18)-6, -7, and -9.
    Final comment 107(a)(18)-5 also clarifies that an applicant's 
responses about whether it is an LGBTQI+-owned business must be kept 
separately from the small business's application form and accompanying 
documents. ECOA section 704B(b)(2) requires a financial institution to 
maintain a record of the ``responses to [the] inquiry'' required by 
section 704B(b)(1) separate from the application and accompanying 
information. As explained in part E.2 in the Overview to this part V, 
the Bureau interprets section 704B(b)(2) to refer to an applicant's 
responses to protected demographic information, which includes whether 
the applicant is a minority-owned business and/or a women-owned 
business, and the ethnicity, race, and sex of the applicant's principal 
owners. This is because these data points require financial 
institutions to request demographic information that has no bearing on 
the creditworthiness of an applicant and that financial institutions 
would not be otherwise able to request absent the data collection 
requirements under section 1071 and the final rule as a result of 
Regulation B's general prohibition on inquiring about the sex of an 
applicant or any other person in connection with a credit 
transaction.\676\ Likewise, the Bureau considers the LGBTQI+-owned 
business status data point to be protected demographic information that 
has no bearing on an applicant's creditworthiness, as also noted by 
some commenters, and which financial institutions would be unable to 
collect without the requirement to do so in final Sec.  
1002.107(a)(18). As a result, the Bureau believes that it is necessary 
to require a financial institution to maintain an applicant's response 
to the inquiry about whether it is a LGBTQI+-owned business separately 
from the rest of the business's application and accompanying 
information under final Sec.  1002.111(b), similar to the requirement 
with respect to responses about an applicant's minority-owned and 
women-owned business statuses.
---------------------------------------------------------------------------

    \676\ 86 FR 56356, 56386-87 (Oct. 8, 2021); id. at 56501-02. See 
also 12 CFR 1002.5(b).
---------------------------------------------------------------------------

    The Bureau acknowledges commenters' concerns that requesting 
information as to whether applicants are LGBTQI+-owned businesses could 
be offensive, be considered an invasion of privacy by applicants, or 
damage bank-customer relationships. Final comment 107(a)(18)-4 provides 
that a financial institution must inform the applicant that Federal law 
requires it to ask for an applicant's minority-owned, women-owned, and 
LGBTQI+-owned business statuses to help ensure that all small business 
applicants for credit are treated fairly and that communities' small 
business credit needs are being fulfilled. Sample language for this 
notice, which provides a brief, plain language explanation of the 
purpose of the data collection, appears in the sample data collection 
form in appendix E. The Bureau believes providing such context will 
help to mitigate negative reactions an applicant may have to a 
financial institution's request for such information. Further, as 
stated on the sample data collection form, applicants have the right to 
refuse to provide this information, as provided under comment 
107(a)(18)-1.
    The Bureau acknowledges commenters' arguments that applicants are 
unlikely to respond to the inquiry about LGBTQI+ status and that 
therefore financial institutions should not be required to ask. 
However, the Bureau and other data users are unable to conduct 
comprehensive fair lending and business and community development 
analyses without this data point, even as applicants are individually 
entitled to refuse to provide it.
    Some commenters expressed concern that LGBTQI+-owned business 
status could be detrimentally used against LGBTQI+ individuals and 
their businesses. As discussed in greater detail in part VIII below, 
the Bureau acknowledges that an individual person's LGBTQI+ status 
likely is sensitive personal information that could pose personal 
privacy risks as well as other non-personal commercial

[[Page 35344]]

privacy risks. Part VIII also contains a more comprehensive analysis of 
how privacy interests may be appropriately protected. In addition, the 
Bureau is finalizing Sec.  1002.110(e), which prohibits financial 
institutions and third parties from disclosing protected demographic 
information except in limited circumstances.
107(a)(19) Ethnicity, Race, and Sex of Principal Owners
    ECOA section 704B(e)(2)(G) requires financial institutions to 
compile and maintain certain information, including the race, sex, and 
ethnicity of an applicant's principal owners. However, section 1071 
does not set out what categories should be used when collecting and 
reporting this information. The Bureau proposed Sec.  1002.107(a)(20) 
to address how a financial institution would collect and report the 
ethnicity, race, and sex of an applicant's principal owners.
    Proposed Sec.  1002.107(a)(20) would have required financial 
institutions to collect and report the ethnicity, race, and sex \677\ 
of the applicant's principal owners as well as whether this information 
is being reported based on previously collected data pursuant to 
proposed Sec.  1002.107(c)(2). It would have also required financial 
institutions to report, in certain circumstances, whether ethnicity and 
race are being reported by the financial institution on the basis of 
visual observation or surname analysis. Proposed Sec.  1002.107(a)(20) 
would have required financial institutions to collect and report 
ethnicity, race, and sex data as prescribed in proposed appendix G. 
Proposed appendix G would have included a requirement that a financial 
institution inform an applicant that the applicant is not required to 
respond to the financial institution's questions regarding its 
principal owners' ethnicity, race, or sex and would have also included 
a prohibition on financial institutions requiring applicants to provide 
this information. Proposed Sec.  1002.107(a)(20) would have also 
required that when the financial institution requests ethnicity, race, 
and sex information from an applicant, the financial institution must 
inform the applicant that the financial institution cannot discriminate 
on the basis of a principal owner's ethnicity, race, or sex, or on 
whether the applicant provides this information. The Bureau also put 
forth for public comment a sample data collection form in proposed 
appendix E that financial institutions would be able use to collect 
ethnicity, race, and sex information.
---------------------------------------------------------------------------

    \677\ While ECOA section 704B(e)(2)(G) uses ``race, sex, and 
ethnicity,'' the Bureau reordered them to ``ethnicity, race, and 
sex'' for purposes of the proposal, so that they would appear 
alphabetically and for consistency with how they appear in 
Regulation C. The Bureau is using the same approach for this final 
rule.
---------------------------------------------------------------------------

    The Bureau is finalizing the statutory requirement to collect 
principal owners' ethnicity, race, and sex in Sec.  1002.107(a)(19). 
Below, the Bureau first discusses its general approach to collecting 
principal owners' ethnicity, race, and sex. Second, the Bureau 
discusses finalizing its proposal to collect ethnicity and race 
information using certain aggregate categories and disaggregated 
subcategories. Third, the Bureau discusses its approach to requiring 
the collection of sex by applicant self-identification (using only a 
free-form text field for a paper or electronic form, or by self-
description for applications taken orally) and without the use of 
response categories. Finally, the Bureau discusses its decision not to 
require collection of principal owners' ethnicity and race via visual 
observation and/or surname analysis. The Bureau has incorporated 
information from proposed appendix G into the commentary to final Sec.  
1002.107(a)(19) \678\ and has updated a number of cross-references.
---------------------------------------------------------------------------

    \678\ In certain instances where language in proposed appendix G 
and commentary to proposed Sec.  1002.107(a)(20) were substantially 
similar, language in the final regulatory text or commentary has 
been revised to improve clarity. In other instances, language from 
proposed appendix G is imported wholesale to provide clarity and 
streamline the rule.
---------------------------------------------------------------------------

Proposed Rule--Collecting Ethnicity, Race, and Sex, In General
    Proposed comment 107(a)(20)-1 would have clarified how a financial 
institution collects ethnicity, race, and sex information. It would 
have stated that unless a financial institution is permitted to report 
ethnicity, race, and sex information based on previously collected data 
pursuant to proposed Sec.  1002.107(c)(2), a financial institution must 
ask an applicant to report its principal owners' ethnicity, race, and 
sex for each covered application and that the financial institution 
must permit an applicant to refuse to answer the financial 
institution's inquiry. It would have required financial institutions to 
inform the applicant that it is not required to provide the 
information. Proposed comment 107(a)(20)-1 would have further clarified 
that the financial institution must report the applicant's responses, 
its refusal to answer the inquiries, or its failure to respond to the 
inquiries, and explain that in certain situations, discussed in 
proposed comments 107(a)(20)-7 and -8 and in proposed appendix G, a 
financial institution may also be required to report one or more 
principal owners' ethnicity and race (but not sex) based on visual 
observation and/or surname analysis. Proposed comment 107(a)(20)-1 
would have cross-referenced proposed appendix G for additional 
instructions.
    Proposed comment 107(a)(20)-2 would have explained that a financial 
institution must inform the applicant that the financial institution 
shall not discriminate on the basis of a principal owner's ethnicity, 
race, or sex or on whether the applicant provides that information. It 
would have also clarified that a financial institution may combine this 
non-discrimination notice with the similar non-discrimination notices 
that a financial institution would have been required to provide when 
requesting minority-owned business status and women-owned business 
status if a financial institution had requested minority-owned business 
status, women-owned business status, and/or a principal owner's 
ethnicity, race, and sex in the same data collection form or at the 
same time.
    Proposed comment 107(a)(20)-3 would have explained how, pursuant to 
proposed Sec.  1002.111(b), financial institutions must record 
applicants' responses regarding a principal owner's ethnicity, race, 
and sex pursuant to Sec.  1002.107(a)(20) separate from the application 
and accompanying information. This proposed comment would have also 
provided examples of how responses could be recorded separately from 
the application and accompanying information.
    Proposed comment 107(a)(20)-4 would have clarified that a financial 
institution is required to maintain procedures reasonably designed to 
collect applicant-provided information pursuant to proposed Sec.  
1002.107(c)(1), including the ethnicity, race, and sex of an 
applicant's principal owners. However, if a financial institution is 
nonetheless unable to collect the principal owners' ethnicity, race, or 
sex from the applicant and if the financial institution is not required 
to report the principal owners' ethnicity and race based on visual 
observation and/or surname, the financial institution would have been 
required to report that the principal owner's ethnicity, race, or sex 
(as applicable) is ``not provided by applicant.''
    Proposed comment 107(a)(20)-12 would have clarified that a 
financial institution is neither required nor permitted to verify the 
ethnicity, race, or sex information that the applicant

[[Page 35345]]

provides for purposes of proposed Sec.  1002.107(a)(20), even if the 
financial institution verifies or otherwise obtains the ethnicity, 
race, or sex of the applicant's principal owners for other purposes. 
The Bureau also solicited comment on whether it would be useful to 
expressly codify this application of the principle in the commentary.
    Additionally, the proposed comment would have explained that, if an 
applicant refuses to respond to the inquiry pursuant to proposed Sec.  
1002.107(a)(20) or fails to respond to this inquiry, the financial 
institution reports that the applicant declined to provide the 
information or did not respond to the inquiry (as applicable), unless 
the financial institution is required to report ethnicity and race 
based on visual observation and/or surname analysis. Finally, the 
proposed comment would have explained that the financial institution 
does not report ethnicity, race, or sex pursuant to proposed Sec.  
1002.107(a)(20) based on information that the financial institution 
collects for other purposes.
    Proposed comment 107(a)(20)-5 would have explained that generally 
an applicant determines its principal owners and decides whether to 
provide information about principal owners. It would have further 
stated that, nonetheless, a financial institution may be required to 
report ethnicity and race information based on visual observation and/
or surname analysis and may need to determine if a natural person with 
whom the financial institution meets in person is a principal owner. It 
would have explained how a financial institution determines who is a 
principal owner in the event that the financial institution may be 
required to report ethnicity and race information based on visual 
observation and/or surname. It would have also provided examples of how 
the financial institution can make that determination and noted that 
the financial institution is not required to verify any responses 
regarding whether a natural person is a principal owner.
    The Bureau sought comment on those proposed general aspects of 
collecting and reporting principal owners' ethnicity, race, and sex, 
including comments on the challenges that financial institutions may 
have implementing them.
Comments Received--Collecting Ethnicity, Race, and Sex, In General
    The Bureau received comments regarding the collection of ethnicity, 
race, and sex for applicants' principal owners, in general, from a wide 
range of commenters including lenders, trade associations, community 
groups, individual commenters, a software vendor, and others. Within 
these general comments, commenters addressed a number of issues 
including alignment with HMDA, lack of applicant responses, 
verification of applicant-provided data, privacy issues, and concerns 
related to burden and cost. These issues, and others, are discussed in 
turn below.\679\
---------------------------------------------------------------------------

    \679\ The Bureau also received comments about specific aspects 
of the Bureau's proposal for collecting and reporting principal 
owners' ethnicity, race, and sex information, including collecting 
ethnicity and race using aggregate categories and disaggregated 
subcategories; collecting sex; and collecting ethnicity and race via 
visual observation and/or surname analysis in certain circumstances. 
Such comments are discussed further below in this section-by-section 
analysis of Sec.  1002.107(a)(19).
---------------------------------------------------------------------------

    General support and concerns. The Bureau received comments from 
lenders, trade associations, community groups, and others regarding its 
proposal, at a general level, for collecting information about the 
ethnicity, race, and sex of principal owners.
    Many commenters supported the Bureau's proposal and the creation of 
a comprehensive small business lending database. These commenters said 
that collecting information about the ethnicity, race, and sex of small 
business applicants' principal owners will help address a lack of such 
information in existing lending data; facilitate enforcement of fair 
lending laws; and enable stakeholders to understand and identify needs 
and opportunities, remove barriers, and advocate for women-owned, 
minority-owned, and small businesses. Some commenters also emphasized 
generally that the data disclosure would shed light on racial and 
gender gaps and discrimination, which they noted are long-standing 
issues and which have been exacerbated by the COVID-19 pandemic. One 
commenter characterized the collection of this information as long 
overdue.
    Many commenters expressing general support for the Bureau's 
proposal emphasized that the demographic data collected under the final 
rule must be robust, disaggregated, detailed, and include information 
on underwriting criteria and on race, gender identity, sexual 
orientation, and disability status in order to enable meaningful 
analysis.
    Several lenders and a business advocacy group stated that the data 
would help lenders improve their lending practices. One commenter that 
Congress's adjustments to the SBA's Paycheck Protection Program in the 
program's second round, to prioritize minority-owned and women-owned 
businesses and microbusinesses and set aside funds for CDFIs, could not 
have happened without access to Paycheck Protection Program lending 
data, including demographic data. Another commenter stated that the 
small business lending data collection is necessary to gather critical 
data on lending beyond what is collected by the SBA.
    Some commenters emphasized that HMDA data, which include 
demographic and socioeconomic information, have provided valuable 
insight on racial and income disparities in the home mortgage lending 
market and have been an important tool to hold lenders accountable as 
well as to determine how to meet unmet credit needs. Several commenters 
also emphasized that after Congress included demographic information as 
part of the HMDA data collection, the number of mortgages to people of 
color and people with modest incomes increased; these commenters 
anticipate a similar outcome for small business lending after data 
collected under this final rule are published.
    One commenter stated that the collection of demographic data for 
each of an applicant's principal owners would help provide the public 
with a sense of the varying percentages of ownership by women or 
minorities above or below the 50 percent threshold for minority-owned 
or women-owned businesses and help determine if businesses with 
different minority ownership levels have distinct borrowing 
experiences.
    The Bureau also received comments expressing generally applicable 
concerns and requests for clarification about its proposal for 
collecting ethnicity, race, and sex information. Several commenters 
said that the Bureau's proposal includes duplicative content in the 
proposed rule text, commentary, and appendices, which they said could 
complicate compliance. These commenters recommended that any mandatory 
requirements be in the final regulatory text, rather than spread out 
among the regulation, commentary, and appendices. Another commenter 
asserted that the proposed rules for collecting demographic information 
are too complex.
    Another argued that a significant hurdle in implementing the 
Bureau's proposal is that while ECOA requires financial institutions to 
be blind to factors such as ethnicity, race, and sex in lending, they 
must collect and report information on those same factors under the 
Bureau's proposed rule (including by visual observation and surname

[[Page 35346]]

analysis under certain circumstances). This commenter asserted that the 
Bureau's proposal is irreconcilable with ECOA and cannot be reasonably 
implemented without compromising the data collected. Another commenter 
predicted that requiring financial institutions to collect ethnicity, 
race, or sex information would lead to possible favoritism, 
discrimination, and stereotyping. (Similar concerns were raised 
specifically with respect to collection of ethnicity and race 
information by visual observation and/or surname analysis; these 
commenters are discussed separately below.)
    One commenter asked the Bureau to clarify how a financial 
institution should report an applicant's principal owners' ethnicity, 
race, and sex information if a representative of a small business 
applicant states they need to check with the principal owners for such 
information, but the application is withdrawn or declined before the 
information is provided. The commenter stated that because borrowers 
may apply to many lenders for a loan, reporting on withdrawn 
applications would skew collected loan data. The commenter also asked 
for clarification about how to report under similar circumstances, 
where an application has been approved, but still no information has 
been provided. This commenter suggested the Bureau provide options for 
a financial institution to report that an applicant ``declined to 
answer'' for applicants that specifically refused to provide responses 
and ``not available'' for other circumstances, including withdrawn 
applications or applicant non-responsiveness.
    Another commenter suggested that the Bureau should collect 
demographic data for ``applicants,'' which it characterized as the 
natural persons completing the application. This commenter argued that 
such information would further the fair lending purposes of section 
1071, because loan applicants may be subject to different treatment 
based on factors such as their ethnicity, race, or gender, citing a 
study finding that prospective loan applicants were subject to 
differential treatment on the basis of their race and gender in the 
pre-application stage.\680\
---------------------------------------------------------------------------

    \680\ Nat'l Cmty. Reinvestment Coal., Racial and Gender Mystery 
Shopping for Entrepreneurial Loans: Preliminary Overview (2020), 
https://ncrc.org/wp-content/uploads/2020/02/NCRC-Mytery-Shopping-Race-and-Gender-v8.pdf.
---------------------------------------------------------------------------

    An industry commenter asked whether a financial institution could 
collect demographic information at a greater level of specificity than 
proposed by the Bureau. Another asked whether a financial institution 
is permitted to reconcile discrepancies or inaccuracies in self-
reported ethnicity or race data with the use of software or other 
relevant information.
    Alignment with HMDA. Some industry commenters urged the Bureau to 
align the collection of principal owners' ethnicity, race, and sex 
information under the final rule with the collection of such 
information for mortgage applicants under Regulation C, whether exactly 
or to the greatest extent possible. One commenter also suggested 
alignment with existing Regulation B, which also requires the 
collection of certain demographic information for certain 
mortgages.\681\ These commenters said that consistency between the HMDA 
and section 1071 data collections would reduce confusion for financial 
institutions and applicants, facilitate efficient data collection such 
as by allowing data to be collected only once for applications covered 
by both HMDA and section 1071, facilitate compliance, reduce burden, 
and make the collected data more usable across regulations.
---------------------------------------------------------------------------

    \681\ Under existing Regulation B, a creditor is required to 
collect applicant ethnicity, race, sex, marital status, and age 
information for an application for credit primarily for the purchase 
or refinancing of a dwelling occupied or to be occupied by the 
applicant as a principal residence, where the extension of credit 
will be secured by the dwelling. 12 CFR 1002.13(a). Regulation B 
provides that the ethnicity and race information shall be requested 
either by using specified aggregate ethnicity and race categories, 
or the aggregate and disaggregated ethnicity and race categories set 
forth under Regulation C. Id.
---------------------------------------------------------------------------

    Several commenters identified issues that could arise for 
applications reportable under both section 1071 and HMDA, if the data 
collection requirements under the two regulatory regimes did not match. 
They said that financial institutions could potentially be required to 
collect data using different forms and to have systems capable of 
maintaining separate sets of data for the same transaction under the 
Bureau's proposal. Some also said that applicant confusion about the 
differences between the two regimes may reduce applicants' willingness 
to provide the requested information. (Commenters more specific 
concerns about how overlapping data collection obligations would work 
are discussed in more detail below.) Some commenters generally urged 
the Bureau to either align the HMDA and section 1071 data collection 
requirements or to exempt loans from one regime that are reportable 
under the other to avoid such issues.
    Concerns related to specific transactions or institutions.\682\ 
Some commenters expressed support for, or concerns about, the 
collection of principal owners' ethnicity, race, and sex information in 
the context of specific types of transaction or institutions.
---------------------------------------------------------------------------

    \682\ The Bureau received a number of comments responding to the 
Bureau's proposal regarding the collection of protected demographic 
information vis-[agrave]-vis certain types of institutions and 
transactions, many of which are discussed in the section-by-section 
analyses of Sec.  1002.104 (covered transactions and excluded 
transactions), Sec.  1002.105 (covered financial institutions and 
exempt institutions), and Sec.  1002.107(c) (time and manner of 
collection). The Bureau also received comments on specific aspects 
of the Bureau's proposal to collect principal owners' ethnicity, 
race, and sex information, in the context of specific types of 
institutions and transactions. See the Bureau's discussion of such 
comments in the referenced parts of this preamble for more detail.
---------------------------------------------------------------------------

    Some commenters raised general concerns about the proposed 
collection of ethnicity, race, and sex information by small banks or 
community banks. A few commenters said that requesting ethnicity, race, 
and sex information has the potential to negatively impact their 
relationships with their customers. One stated that such inquiries 
could make customers distrustful of their banks and raise privacy 
concerns, and urged the Bureau to consider the impact that the 
collection of such information may have on the relationship-based 
banking model of community banks.
    A number of commenters, including many agricultural lenders, 
expressed general support for the collection of demographic data. One 
commenter stated that the proposed collection of demographic 
information would help reveal and prevent unfair agricultural lending 
practices. Other commenters stated support for demographic data 
collection, provided that the rule's definition of small business is 
tailored for the agricultural credit context. One commenter expressed 
concern about the burden for collecting and reporting demographic 
information for agricultural lenders and farmers.
    Some commenters emphasized particular difficulties for collecting 
ethnicity, race, and sex information for credit applications taken in 
retail environments (also referred to as ``point of sale'' 
applications/transactions). These commenters noted that credit 
applications taken in retail store environments differ from those 
typically taken at banks because customers expect speed and efficiency 
in the application process, and expressed their concern that the 
Bureau's proposal would add complexity and length to application 
processes, due in part to detailed questions about ethnicity, race, and 
sex.

[[Page 35347]]

These commenters also expressed concerns about having retail store 
associates ask for this information. Commenters said that many 
retailers may use oral, interview-style, in-store application 
processes, and that retail store associates do not have the training to 
make such inquiries or handle customer questions or reactions. Several 
commenters also stated that small business applicants may feel 
uncomfortable providing ethnicity, race, and sex information in public 
retail spaces. Another commenter predicted that the majority of small 
business credit applications submitted at the point of sale would lack 
demographic information. Some of these commenters also urged the Bureau 
to exempt private label and co-branded credit applications, along with 
other types of credit originated at or facilitated through retailers 
such as revolving lines of credit and installment loans (e.g., point of 
sale credit), from the rule's requirements in various ways--such as by 
exempting all such applications, or those for lines of credit below 
$50,000, from the requirement to collect demographic information.
    A group of trade organizations stated that insurance premium 
finance transactions should not be included within the scope of the 
final rule, in part because State insurance law generally prohibits or 
discourages insurance agents from collecting information about race, 
religion, national origin, or ethnicity of an insured business's owners 
on behalf of lenders, and insurers do not collect such information as a 
result.
    Several other trade associations urged the Bureau to clarify how 
the rule's data collection requirements apply to indirect vehicle 
finance transactions. Beyond generally urging the Bureau to exempt such 
transactions from the final rule, two trade associations stated a 
survey of their automobile and truck dealer members reflected concerns 
about training employees to collect ethnicity, race, and sex 
information, particularly with respect to implementing the Bureau's 
proposed visual observation and surname data collection requirement.
    Lack of applicant responses. Several commenters raised concerns 
about a potential lack of applicant responses to the proposed 
demographic information questions.\683\ A bank stated that it 
encounters difficulties in meeting the HMDA reporting requirements 
because mortgage loan applicants are reluctant to provide demographic 
information and it anticipates similar reactions from small businesses. 
Other commenters argued that low demographic response rates in the 
Paycheck Protection Program indicates that most small business 
applicants will likely decline or fail to provide demographic 
information. Thus, some commenters said, records with missing 
demographic data will likely need to be either excluded from fair 
lending analyses or data users will have to use proxies for the missing 
information, asserting that this outcome calls into question the 
benefits of the data collection versus the costs. Another commenter 
said that the high number of applications for small business credit 
made online, and situations where the person providing information for 
a given application may be one of several owners or a company officer 
and not an owner themselves, may also lead to a high percentage of 
applicants who do not provide responses. One commenter asserted that 
small business owners may react negatively to the amount of paperwork 
associated with this rule's data collection requirements and as a 
result decide not to provide their principal owners' information. 
Finally, a commenter suggested that the Bureau require demographic 
information to be collected after a credit decision has been made, 
rather than before.
---------------------------------------------------------------------------

    \683\ A number of commenters also expressed concerns about data 
quality in the specific context of their comments about the Bureau's 
proposal to require financial institutions to collect at least one 
principal owners' race and ethnicity information via visual 
observation and/or surname under certain circumstances. These 
comments are discussed in more detail below.
---------------------------------------------------------------------------

    Verification. Several industry commenters and a women's business 
advocacy group argued that financial institutions should not be 
required or permitted to verify applicant-provided data about a 
principal owner's ethnicity, race, or sex. One commenter suggested that 
the Bureau should determine if there are ways for it to verify if 
reported data are accurate and correct. (Similar comments specifically 
regarding collection of information via visual observation or surname 
are discussed in more detail below.)
    Reduced demand for traditional credit. Several industry commenters 
asserted that the collection of principal owners' protected demographic 
information could potentially make borrowing from traditional lenders 
less attractive for small businesses due to applicant discomfort or 
objections to inquiries for such information. One predicted that 
applicants may, as a result, turn to credit cards, payday loans, or 
nontraditional online financing for their credit needs.
    Privacy. Several industry commenters stated that small business 
customers may find the collection of protected demographic information 
that could become public to be an invasion of privacy. They generally 
expressed concern that such information could be used to re-identify 
borrowers, which could in turn harm the reputation or image of a small 
business applicant. A bank said this concern is particularly salient in 
small communities, and that if public information is used to determine 
the identities of a bank's customers and the pricing terms offered to 
them, it could result in a competitive disadvantage for the bank versus 
other lenders.
    Burden and costs for collecting ethnicity, race, and sex 
information. Several industry commenters raised concerns about the 
burden or compliance costs for financial institutions associated 
collecting principal owners' ethnicity, race, and sex information under 
the proposal. Other commenters raised similar concerns in the context 
of specific types of transactions or institutions, or related to 
specific aspects of the Bureau's proposal for collecting this 
information, which are discussed in the relevant parts of this section-
by-section analysis.
    One commenter expressed concern that financial institutions may 
need to increase the prices and fees for credit to cover increased 
compliance costs related to the collection and storage of ethnicity, 
race, and sex information. Another stated that collecting principal 
owners' ethnicity, race, and sex information would require online 
lenders to make system changes, which it said would be different from 
those needed by traditional lenders. This commenter urged the Bureau to 
allow lenders to report aggregate, as opposed to application level, 
data to reduce this burden. Another commenter said that because does 
not currently collect ethnicity information currently and its core 
processing system does not include a field for this information, it 
would need to collect this data field manually.
    One commenter stated that collecting information for up to four 
principal owners as proposed would be burdensome for both financial 
institutions and applicants. A lender said that reporting such 
information for all principal owners would take a large amount of space 
on its small business lending application register. That commenter also 
suggested that the Bureau require demographic information for only one 
principal owner instead of all principal owners, asserting that this 
would not impact the quality of the data because the

[[Page 35348]]

applicant's minority-owned and women-owned business statuses would 
still be collected.
    In contrast, another lender did not anticipate incurring 
significant costs related to the collection of ethnicity, race, and sex 
information because it already gathers such information or similar 
information for other small business lending programs and funding 
opportunities such as the SBA's 7(a) Loan Program; the Paycheck 
Protection Program; the Wells Fargo Diverse Community Capital Program; 
and the CDFI Fund. The commenter stated that adjusting to section 1071 
data collection requirements will primarily entail updating software, 
compliance training, and updating materials. The commenter anticipated 
minimal ongoing costs that will be considered normal costs of doing 
business and said it does not plan on raising fees or restricting 
access to credit as a result. The commenter also urged the Bureau to 
coordinate with the CDFI Fund to streamline section 1071 reporting 
requirements.
    Direct reporting to the Bureau or third parties, or use of other 
data sources. A number of industry commenters suggested that protected 
demographic information should be self-reported by applicants directly 
to a central database or registry, whether maintained by the Bureau or 
by third parties.
    Some commenters urged the Bureau to work with Secretaries of State 
so that demographic data generally or information about a business's 
minority-owned, women-owned, and/or LGBTQI+-owned business statuses are 
voluntarily registered at the same time that a small business registers 
with its State. One commenter stated that this would allow small 
businesses to provide information to a trusted entity and lenders could 
then verify demographic data with the relevant State--thus avoiding 
delays and confusion from applicants during the loan application 
process.
    Other commenters suggested that the Bureau provide ways for small 
businesses to report their demographic information directly to the 
Bureau. Several suggested the Bureau develop a form for the collection 
of ethnicity, race, and sex information that could be sent directly to 
the Bureau. Others suggested that the Bureau establish a tool, portal, 
or online system for applicants to input their demographic information 
or to certify their desire to not provide information. One commenter 
stated that the regulatory trend has shifted from requiring collection 
and reporting of beneficial ownership information by financial 
institutions to having small businesses report directly to the 
government. Generally, these commenters said that applicants should be 
provided with a unique identifier, either by the Bureau or the 
financial institutions, that could be used to match applicant 
demographic information with loan information. Several commenters said 
that the financial institution should also be given the ability to 
match its records with the central database, to enable their internal 
fair lending compliance monitoring efforts. Some commenters also 
suggested the Bureau coordinate with other Federal agencies, such as 
the SBA, U.S. Department of the Treasury, Internal Revenue Service, or 
the U.S. Census Bureau, to develop the database, gather information for 
other data points, or purge records as necessary.
    Some of these commenters stated that direct reporting to the Bureau 
would avoid the need for financial institutions to collect ethnicity 
and race information via visual observation or surname analysis. These 
commenters also stated that this would resolve privacy concerns 
applicants may have in providing demographic information to their 
lenders. Commenters also asserted that direct reporting would inform 
applicants of the Bureau's role in the data collection, promote 
applicant self-reporting of demographic information, and likely 
increase response rates because it would provide applicants with 
assurances of confidentiality and because applicants would not be 
concerned that financial institutions would improperly use the data.
    Several commenters argued that direct reporting to the Bureau would 
have other benefits for financial institutions, including lessening or 
eliminating the risk of inappropriate use of demographic data by 
financial institutions; reducing a financial institutions' compliance 
costs and burden; avoiding the need for financial institutions to 
establish firewalls; lowering litigation and regulatory risk; reducing 
the risk of reputational harm for asking for sensitive data; and 
lowering barriers to entry in financial services. Commenters also 
stated that direct reporting would be more efficient for applicants 
because information would be maintained in one place and could be 
updated as needed, as opposed to being provided for each application. 
Commenters further suggested that the Bureau would benefit from 
receiving real-time data on applicant demographics, which they claimed 
would simplify and enhance analysis and publication and would allow the 
Bureau to directly manage the collection, storage, and standardization 
of the data.
    Some commenters suggested that instead of requiring financial 
institutions to collect data, the Bureau should coordinate with other 
government agencies, like the Internal Revenue Service and the U.S. 
Census Bureau, which already collect demographic and other data on 
small businesses, to avoid burden to financial institutions and which 
would result in the Bureau having better data to use for analyses. One 
commenter suggested that the Bureau should use the demographic analysis 
approach being used by the U.S. Census Bureau and develop educational 
materials for financial institutions about the methodology. Another 
commenter suggested the Bureau buy information from Google or Facebook.
    Applicant and financial institution education and guidance. A range 
of commenters urged the Bureau to provide education and guidance about 
the final rule for applicants, the public, and financial institutions. 
The commenters generally stated that the Bureau should engage in an 
education and/or media campaign to explain the final rule and its 
purposes to develop trust with small business communities and comfort 
for applicants by explaining the role of the data collection for 
facilitating fair lending and to encourage small businesses to provide 
their protected demographic information.
    Many of these commenters also suggested that the Bureau develop 
guidance and materials such as frequently asked questions and 
factsheets to explain the rule and its purposes. A few commenters 
suggested developing materials for applicants regarding the ethnicity, 
race, and sex data collection inquiries, such as how to respond if a 
principal owner is multi-ethnic or multi-racial, so applicants can 
accurately respond and financial institution employees are not asked to 
interpret or clarify such requirements.
    Commenters also recommended developing guidance materials for 
financial institutions to use in explaining the final rule, including 
training resources and disclosures to explain the reasons and purpose 
for the data collection. They also suggested that such materials be 
translated into the top ten languages spoken in the United States 
according to the U.S. Census Bureau.
Final Rule--Collecting Ethnicity, Race, and Sex, in General
    For the reasons set forth herein, the Bureau is finalizing the 
requirement to collect principal owners' ethnicity, race, and sex with 
certain changes. Among

[[Page 35349]]

other things, the Bureau is: (1) finalizing its proposed requirement 
for financial institutions to collect ethnicity and race information 
using aggregate categories and disaggregated subcategories, using the 
specific categories and subcategories in the proposal; (2) finalizing 
the requirement for financial institutions to collect information about 
a principal owner's sex, which generally will permit an applicant to 
respond to an inquiry about the principal owner's ``sex/gender'' 
through free-form text or self-description for oral applications; and 
(3) not finalizing its proposed requirement to collect and report at 
least one principal owner's ethnicity and race information on the basis 
of visual observation and/or surname analysis under certain 
circumstances. These three specific aspects of the final rule are each 
discussed in detail below.
    Final Sec.  1002.107(a)(19) (proposed as Sec.  1002.107(a)(20)) 
requires financial institutions to collect and report information about 
the ethnicity, race, and sex of small business applicants' principal 
owners. In line with the proposal, final Sec.  1002.107(a)(19) provides 
that when requesting such information from an applicant, the financial 
institution must inform the applicant that it cannot discriminate on 
the basis of a principal owner's ethnicity, race, or sex, or on the 
basis of whether the applicant provides this information (non-
discrimination notice).
    The final rule does not require a financial institution to report 
whether the reported ethnicity, race, and sex information was based on 
previously collected data (as permitted by proposed comment 107(c)(2)-
7). This information would have provided additional context for the 
Bureau and others when application method was reported as being other 
than in-person but ethnicity or race information were reported as 
collected through visual observation or surname. Because the Bureau has 
decided not to require the use of visual observation and surname 
analysis in the final rule, however, the Bureau does not believe that 
capturing information about data reuse is still necessary and thus has 
removed that requirement from final Sec.  1002.107(a)(19) to streamline 
and facilitate compliance.
    The Bureau acknowledges commenters' concerns about repetition 
across the rule's regulatory text, commentary, and appendices, and has 
made a number of changes to reduce duplication and otherwise streamline 
this aspect of the final rule to facilitate compliance. In particular, 
the Bureau has removed proposed appendix G, relocating unique content 
into the commentary for final Sec.  1002.107(a)(19). The Bureau has 
also adjusted the commentary accompanying final Sec.  1002.107(a)(19) 
to reflect changes to the regulatory text described above, as well as 
the addition of LGBTQI+-owned business status where women- and 
minority-owned business statuses are mentioned.
    Final comment 107(a)(19)-1 generally clarifies how a financial 
institution must ask an applicant for its principal owners' ethnicity, 
race, and sex. The financial institution must permit an applicant to 
refuse to answer the financial institution's inquiries and must inform 
the applicant that it is not required to provide the information. It 
also establishes how a financial institution reports the applicant's 
responses to its inquiries about ethnicity, race, and sex.
    Final comment 107(a)(19)-2 (incorporating instruction 3 from 
proposed appendix G) explains that a financial institution must provide 
an applicant with the definition of principal owner in final Sec.  
1002.102(o) and that a financial institution satisfies the requirement 
if it provides the definition as set forth in the sample data 
collection form in final appendix E.
    Final comment 107(a)(19)-3 (incorporating instruction 2 from 
proposed appendix G) explains that a financial institution may combine 
on the same paper or electronic data collection form the questions 
about a principal owner's ethnicity, race, and sex with the number of 
the applicant's principal owners pursuant to Sec.  1002.107(a)(20) and 
the applicant's minority-owned, women-owned, and LGBTQI+-owned business 
statuses pursuant to Sec.  1002.107(a)(18).
    Final comment 107(a)(19)-4 (based on proposed comment 107(a)(20)-2) 
explains that the non-discrimination notice required when a financial 
institution requests a principal owner's ethnicity, race, and sex may 
be combined with the non-discrimination notice that is required when 
requesting information about an applicant's minority-owned, women-
owned, and LGBTQI+-owned business statuses, when such information is 
collected on the same form or at the same time. The comment has been 
updated to reflect the addition of LGBTQI+ business status to final 
Sec.  1002.107(a)(18), and to state that a financial institution must 
(as opposed to ``may'' as proposed) inform an applicant that Federal 
law requires it to ask for the principal owners' ethnicity, race, and 
sex/gender to help ensure that all small business applicants for credit 
are treated fairly and that communities' small business credit needs 
are being fulfilled, for reasons discussed further below.
    Final comment 107(a)(19)-5 (based on proposed comment 107(a)(20)-3) 
provides that a financial institution must maintain the record of an 
applicant's responses to inquiries pursuant to Sec.  1002.107(a)(19) 
separate from the application and accompanying information, and cross-
references final Sec.  1002.111(b) and comment 111(b)-1.
    Final comment 107(a)(19)-6 (based on proposed comment 107(a)(20)-4) 
addresses reporting when information about a principal owner's 
ethnicity, race, or sex is not provided by an applicant. While a 
financial institution must maintain procedures reasonably designed to 
collect applicant-provided data, the comment acknowledges that there 
may be circumstances under which an applicant does not provide 
ethnicity, race, or sex information. The final comment has also been 
updated to include explanatory examples, including examples from 
proposed appendix G (instruction 13).
    Final comment 107(a)(19)-7 (adapted from instruction 12 in proposed 
appendix G) addresses how a financial institution reports an 
applicant's response that it declines to provide information about a 
principal owner's ethnicity, race, or sex.
    Final comment 107(a)(19)-8 (adapted from instruction 16 in proposed 
appendix G) addresses how a financial institution reports an 
applicant's conflicting responses for its principal owner's ethnicity, 
race, or sex information, when the applicant selects a response option 
indicating it does not wish to provide the information but also selects 
an answer option providing a substantive response to the question at 
issue.
    Final comment 107(a)(19)-9 (based on proposed comment 107(a)(20)-
12) explains that a financial institution reports principal owners' 
ethnicity, race, and sex information as provided by the applicant, even 
if the financial institution verifies or otherwise obtains such 
information for other purposes. This comment no longer references 
collection of ethnicity and race via visual observation or surname.
    Final comment 107(a)(19)-10 (substantially adapted from instruction 
25 of proposed appendix G and proposed comments 107(a)(20)-6.iv, -7.iv, 
and -8) addresses how to report ethnicity, race, and sex information 
for an applicant with fewer than four principal owners.
    Final comment 107(a)(19)-11 (substantially adapted from instruction 
26 of proposed appendix G) explains that a financial institution 
reports one or

[[Page 35350]]

more principal owners' ethnicity, race, or sex information based on 
previously collected data under Sec.  1002.107(d), the financial 
institution does not need to collect any additional ethnicity, race, or 
sex information for other principal owners (if any).
    Final comment 107(a)(19)-12 (substantially adapted from instruction 
24 of proposed appendix G) explains that a guarantor's ethnicity, race, 
and sex is not collected or reported unless they are also a principal 
owner of the applicant.
    General support and concerns. The Bureau agrees with commenters 
that the statutorily required collection of detailed ethnicity, race, 
and sex information about small business applicants' principal owners 
will facilitate the stated purposes of section 1071 to assist in the 
enforcement of fair lending laws and enable communities, governmental 
entities, and creditors to understand and identify needs and 
opportunities of women-owned, minority-owned, and small 
businesses.\684\ The collection of ethnicity, race, and sex information 
in the HMDA context under Regulation C, for example, is essential to 
the Bureau's efforts to monitor financial institutions for fair lending 
compliance in the home mortgage market and to efforts by the Bureau, 
policymakers, and others to identify trends, gaps, and potential 
solutions for addressing any issues uncovered by the data. Recent 
changes to Regulation C to collect disaggregated ethnicity and race 
data have also added to the Bureau's and others' understanding of the 
home mortgage marketplace.\685\ The Bureau believes that the collection 
of principal owners' ethnicity, race, and sex information will 
similarly provide important insights into the small business lending 
market and help enable the identification of potential discriminatory 
lending.
---------------------------------------------------------------------------

    \684\ See ECOA section 704B(a).
    \685\ In 2015, the Bureau issued a final rule (2015 HMDA Rule) 
amending Regulation C to incorporate several changes made under the 
Dodd-Frank Wall Street Reform and Consumer Protection Act. See 80 FR 
66128 (Oct. 28, 2015). One of the changes that was implemented was 
the collection of mortgage applicants' race and ethnicity 
information using aggregate categories and disaggregated 
subcategories. Id. This data has been used by the Bureau, for 
example, to examine how home buying experiences differ among Asian 
American and Pacific Islander subgroups. See CFPB, Data Point: Asian 
American and Pacific Islanders in the Mortgage Market (July 2021), 
https://files.consumerfinance.gov/f/documents/cfpb_aapi-mortgage-market_report_2021-07.pdf.
---------------------------------------------------------------------------

    The Bureau also agrees that in combination with other collected 
information such as the number of an applicant's principal owners under 
final Sec.  1002.107(a)(20) and whether the applicant is a minority-
owned, women-owned, and/or LGBTQI+-owned small business under final 
Sec.  1002.107(a)(18), the collection of principal owners' ethnicity, 
race, and sex information will help the Bureau and others to understand 
lending market dynamics at different levels of ownership by individuals 
of certain ethnicities, races, and/or sexual or gender population 
subgroups. Transparency will not only help facilitate fair lending 
enforcement, but reduce uncertainty for financial institutions and help 
them to identify areas of unmet credit demand into which they could 
consider increasing product availability. In turn, small business 
owners will benefit from increased credit availability. The Bureau 
believes that other information about a covered application is still 
important for fulfilling section 1071's statutory purposes even when 
the applicant has declined to provide any protected demographic 
information. Such information can still provide insight into lending to 
small businesses pursuant to section 1071's business and community 
development purpose. Moreover, the lack of demographic information for 
a covered application itself could be important information for the 
Bureau and others to assess potential reasons for and solutions to 
correct such information gaps in the future.
    Regarding the comment its proposed rules for collecting demographic 
data are too complex, and comments that suggested streamlining these 
provisions, the Bureau notes that it is not finalizing the proposed 
requirement to collect ethnicity and race via visual observation or 
surname data. As a result, the Bureau has removed that provision, and 
related requirements, from the final rule. The Bureau has also moved 
all instructions and information about collecting and reporting 
ethnicity, race, and sex information to the commentary for final Sec.  
1002.107(a)(19). The Bureau believes these changes streamline and 
simplify the ethnicity, race, and sex data collection requirements, 
which will facilitate financial institutions' compliance with the final 
rule.
    Regarding a commenter's assertion that this data collection 
requirement conflicts with ECOA, the Bureau notes that section 1071 
amends ECOA to require the collection of the race, sex, and ethnicity 
of the principal owners of small businesses. Moreover, ECOA also 
provides that inquiries to collect data under section 1071 are not 
considered discrimination under the statute.\686\ The final rule also 
includes protections against the improper use of protected demographic 
information, including the firewall requirement in final Sec.  
1002.108, the provision restricting re-disclosure of protected 
demographic information in final Sec.  1002.110(e), and the 
recordkeeping requirements in final Sec.  1002.111(b).
---------------------------------------------------------------------------

    \686\ 15 U.S.C. 1691(b)(5).
---------------------------------------------------------------------------

    Regarding a commenter's request for clarification as to how a 
financial institution should report these data if responses were 
provided by an applicant's representative before action is taken on the 
application, or that an applicant declined to provide the requested 
information. As discussed above, final comments 107(a)(19)-1, -6, and -
7 clarify the various reporting options for reporting data collected 
pursuant to final Sec.  1002.107(a)(19): financial institutions will be 
required to report an applicant's responses to the ethnicity, race, and 
sex inquiries; their selection of a response that they decline to 
provide information (e.g., by selecting an answer option of ``I do not 
wish to provide this information'' or similar); and a response of ``not 
provided by the applicant'' if an applicant does not provide any 
response. The final rule also requires an applicant to report the 
action taken on an application under Sec.  1002.107(a)(9), including 
whether originated or if the application was withdrawn by the applicant 
or is incomplete. Given these provisions, the Bureau does not believe 
it is necessary to include an option for a financial institution to 
indicate that the applicant or a principal owner was not available, as 
suggested by the commenter.
    The Bureau is not requiring the collection of demographic 
information for a natural person completing an application on behalf of 
a small business, as suggested by a commenter. ECOA section 
704B(e)(2)(G) specifically requires financial institutions to compile 
and maintain information about the ethnicity, race, and sex of ``the 
principal owners of the business.'' The statute does not require 
financial institutions to collect such information for any other 
individuals. The Bureau acknowledges the possibility of discrimination 
occurring against an applicant's non-principal owner representative, 
but in light of the statutory directive to collect demographic 
information about the applicant' principal owners, and the associated 
complexity that adding such a requirement could involve, the Bureau 
does not believe that it would be appropriate to adopt such a 
requirement at this time. The Bureau may, however, revisit at a later 
date whether the collection of such information would aid in fulfilling 
the purposes of section

[[Page 35351]]

1071 in the future as it enhances its understanding of the small 
business credit marketplace.
    Regarding a commenter's inquiry as to whether a financial 
institution could collect more specific demographic data than required 
by the rule. Final Sec.  1002.107(a)(19) establishes that financial 
institutions must inquire about applicants' principal owners' 
ethnicity, race, and sex and must permit applicants to provide certain 
specified responses; certain responses include the option of providing 
additional information via free-form text field.
    One commenter asked whether a financial institution can reconcile 
discrepancies or inaccuracies in applicants' self-reported ethnicity or 
race data. Final comment 107(a)(19)-1 provides that the financial 
institution is not permitted to report a principal owner's ethnicity, 
race, or sex on any basis other than applicant-provided data, which may 
include previously provided data pursuant to final Sec.  1002.107(d). 
As a result, financial institutions must report applicant responses as 
provided by the applicant, even if the institution perceives possible 
discrepancies or inaccuracies.
    Alignment with HMDA. The Bureau generally agrees with commenters 
that some degree of alignment with the HMDA data collection 
requirements under Regulation C would promote consistency and may 
reduce potential confusion for financial institutions, applicants, and 
data users. However, the Bureau does not believe that the collection of 
data as to small business owners should necessarily be the same in each 
aspect as it is for home mortgage applicants. Although the collection 
of ethnicity, race, and sex data in both contexts serves related fair 
lending purposes, Regulation C and this final rule are authorized under 
different statutes and for different markets. Further, both Regulation 
C and this final rule were developed in consideration of the 
information available to the Bureau at the time of each rulemaking, 
including comments received in response to the Bureau's proposals and 
current research and standards as to the measurement of such factors. 
As demographic data collection best practices and standards evolve, the 
Bureau considers such information in its decision-making. The Bureau 
refers readers to the relevant parts of this section-by-section 
analysis for discussion of its rationale for its decisions on the 
collection of ethnicity, race, and sex.
    The Bureau notes that it is exempting HMDA-reportable transactions 
from the data collection requirements of this final rule due to, in 
part, to commenters' concerns about potentially duplicative and/or 
inconsistent requirements for reporting ethnicity, race, and sex. See 
the section-by-section analysis of Sec.  1002.104(b)(2) for additional 
information.
    Concerns related to specific transactions or institutions. The 
Bureau is not adopting special rules for the collection of protected 
demographic information for particular types of transactions or 
lenders. The Bureau believes it is important to collect nationwide, 
comprehensive ethnicity, race, and sex data for all covered 
applications to fulfill the purposes of section 1071. However, the 
Bureau acknowledges commenters' concerns about the potential challenges 
in collecting such information in certain situations or for certain 
types of lenders and appreciates, in particular, the importance of 
trust in furthering important relationships between small businesses 
and their local banks. For this reason, among others, the Bureau is not 
finalizing its proposal to collect ethnicity and race information via 
visual observation or surname analysis, as explained further in the 
relevant part of this section-by-section analysis below.
    To help applicants' understanding of the section 1071 data 
collection, the Bureau has made edits to the sample data collection 
form in final appendix E to include sample text that explains the 
purpose of the rulemaking and clarifies that the inquiries on the form 
for an applicant's status as a minority-owned, women-owned, and/or 
LGBTQI+-owned small business and its principal owners' ethnicity, race, 
and sex information are required under Federal law. The sample form, of 
course, continues to note that applicants are not required to provide 
any of the requested demographic information. The Bureau also 
anticipates developing materials to help small businesses understand 
the rule, as described at the end of part I above.
    The Bureau does not believe that agricultural credit transactions 
should be viewed or treated differently from other covered transactions 
under the final rule, with regard to the collection of principal 
owners' ethnicity, race, or sex information. As explained in the 
section-by-section analysis of Sec.  1002.104, generally there is 
insufficient information available about agricultural credit markets; 
nevertheless, there is evidence that these markets are affected by 
historical and/or continuing discrimination. Moreover, farms are an 
important means of capital formation for families and communities. 
Collecting principal owners' ethnicity, race, and sex information for 
agricultural credit transactions will help facilitate the Bureau's and 
others' understanding of the agricultural credit sector of the small 
business lending marketplace and will help to further the enforcement 
of fair lending laws for that part of the market. The Bureau also 
anticipates that the collection of this information may increase access 
to responsible and affordable agricultural credit for a diverse cross-
section of the population, by helping creditors and others identify 
needs of and opportunities for small farms, including those that are 
minority-, women-, and/or LGBTQI+-owned.
    Likewise, the Bureau is not adopting separate rules or exemptions 
for credit applications taken at point of sale. As explained further in 
the section-by-section analysis of Sec.  1002.107(c), regarding the 
time and manner of collection, the Bureau generally believes that the 
same rules should apply across all covered credit transactions and 
covered financial institutions, and that the arguments made by point of 
sale providers are not unique in nature or can be addressed through 
other means. Likewise, the Bureau does not believe there should be 
special considerations for the collection of ethnicity, race, and sex 
information for private label credit, for which commenters raised 
similar concerns.
    Because the Bureau is exempting insurance premium financing 
transactions from coverage under the final rule in Sec.  
1002.104(b)(3), commenters' concerns summarized above about collecting 
protected demographic information for such transactions are rendered 
moot.
    With regard to comments raising concerns about collecting 
ethnicity, race, and sex information in the context of indirect auto 
finance transactions, the Bureau refers readers to its discussion at 
the section-by-section analysis of Sec.  1002.109(a)(3). As discussed 
there, the Bureau believes that auto dealers are generally unlikely to 
be collecting 1071 data on behalf of covered financial institutions 
because they are often the last entity with authority to set the 
material credit terms of a covered credit transaction. But even in 
situations where dealers are acting as conduits and are thus collecting 
information on behalf of another financial institution, comment 
5(a)(2)-3 to the Board's Regulation B states that persons such as loan 
brokers and correspondents do not violate ECOA or Regulation B if they 
collect information that they are otherwise prohibited from collecting, 
where the purpose of collecting the information is to provide it to a 
creditor

[[Page 35352]]

that is subject to HMDA or another Federal or State statute or 
regulation requiring data collection.\687\ The Bureau also does not 
believe that any specialized knowledge is necessary to collect 1071 
data if dealers do collect such data.
---------------------------------------------------------------------------

    \687\ This language aligns with comment 5(a)(2)-3 in the 
Bureau's Regulation B, to which the Bureau is adding a reference to 
subpart B for additional clarity.
---------------------------------------------------------------------------

    Lack of applicant responses. The Bureau acknowledges concerns 
raised by commenters about the potential for low applicant response 
rates to the required inquiries for information about their principal 
owners' ethnicity, race, and sex. As discussed in the NPRM, such 
concerns motivated the Bureau's proposal to require financial 
institutions to collect at least one principal owner's ethnicity and 
race information through visual observation and/or surname analysis 
under certain circumstances. The Bureau explained that the similar data 
collection requirement for the HMDA data collection has been an 
important tool in supporting response rates.
    As discussed in more detail regarding the Bureau's proposal that 
financial institutions collect principal owners' ethnicity and race via 
visual observation or surname in certain circumstances, the Bureau 
believes that such a requirement could help support response rates in 
the right context. However, at this time, the Bureau has elected to 
address concerns about applicants' potential unwillingness to 
voluntarily provide their principal owners' ethnicity, race, and sex 
information by providing further clarification as to the requirement 
that an institution maintain procedures to collect applicant-provided 
data at a time and in a manner that are reasonably designed to obtain a 
response under final Sec.  1002.107(c). For example, final Sec.  
1002.107(c)(2) sets forth minimum criteria when collecting applicant-
provided data directly from the applicant that must be included within 
a financial institution's procedures to ensure they are reasonably 
designed to obtain a response, including seeking to collect such 
information before notifying an applicant of action taken on a covered 
application, ensuring that the request for applicant-provided data is 
prominently displayed or presented, ensuring the collection does not 
have the effect of discouraging applicants from providing a response, 
and ensuring that applicants can easily respond to a request for the 
data. The Bureau also anticipates developing materials to educate small 
business owners about the small business lending data collection and 
its purposes, which may impact their willingness to provide demographic 
information. Further, as discussed in the section-by-section analysis 
of final appendix E, the sample data collection form will also include 
language that explains, in plain language, the purpose for the 
collection of demographic information under the final rule. At this 
time, the Bureau believes that these measures will improve applicant 
response rates to the protected demographic information inquiries under 
the final rule. However, the Bureau will continue to assess whether and 
what further measures may be needed to improve response rates.
    The Bureau's decision not to change the timing for collecting 
protected demographic information to after a credit decision has been 
made, as suggested by a commenter, is discussed in the section-by-
section analysis of Sec.  1002.107(c).
    Verification. Commenters urged the Bureau to provide that financial 
institutions are not permitted or required to verify the ethnicity, 
race, or sex of a principal owner and to codify this requirement in the 
final rule. The Bureau agrees. Final comment 107(a)(19)-9 clarifies 
that a financial institution may only report an applicant's responses 
as to its principal owners' ethnicity, race, and sex, even if it 
verifies or otherwise obtains the information for other purposes.
    Reduced demand for traditional credit. The Bureau appreciates some 
commenters' concerns that inquiries about their principal owners' 
ethnicity, race, and sex information might discourage small businesses 
from seeking credit with traditional lenders. The Bureau anticipates 
that while there may be some period of initial hesitation by small 
businesses to provide such information, small businesses will become 
more familiar with the requests for their demographic information over 
time and such requests will be considered a normal part of the process 
for seeking business credit. Further, as described at the end of part I 
above, the Bureau anticipates developing and distributing materials 
about the final rule directed at small businesses. The Bureau also 
expects that such materials, by furthering applicant understanding of 
the 1071 data collection, will ease the compliance burden for financial 
institutions in implementing the final rule.
    Privacy. The Bureau received comments generally expressing concerns 
that small businesses' owners' demographic information could be used to 
identify the businesses and their owners. As discussed in greater 
detail in part VIII below, after receiving a full year of reported 
data, the Bureau will assess privacy risks associated with the data and 
make modification and deletion decisions to the public application-
level dataset. The Bureau takes the privacy of such information 
seriously and will be making appropriate modifications and deletions to 
any data before making it public, and intends to continue engage with 
the public about how to mitigate privacy risk.
    With respect to concerns that small business applicants may find 
the collection of protected demographic information to be an invasion 
of privacy, in amending ECOA to require the collection of an 
applicant's principal owners' ethnicity, race, and sex information, 
Congress implicitly determined that the benefits of collecting such 
information outweigh any invasion of privacy concerns. Nevertheless, 
the Bureau notes that it has included sample language in the sample 
data collection form in appendix E explaining the purpose of the data 
collection, and, as noted, it anticipates developing materials to 
further help small businesses understand the purposes of the rule. In 
addition, the final rule provides safeguards for applicants' protected 
demographic information by requiring that such information be kept 
separately from their applications and accompanying information under 
Sec.  1002.111(b), through the firewall requirement in Sec.  1002.108, 
and in Sec.  1002.110(e) restricting financial institutions' re-
disclosure of protected demographic data to third parties.
    Burden and costs for collecting ethnicity, race, sex information. 
The Bureau appreciates that financial institutions will face some 
initial costs and burden in implementing the final rule, such as from 
making changes to its policies, procedures, systems, training programs, 
and in other areas. However, as noted by one commenter, the Bureau 
believes that for many financial institutions covered by the final 
rule, there will be manageable ongoing costs related to the data 
collection after an initial implementation period.
    The Bureau does not believe it would be appropriate to permit 
financial institutions to report only aggregate data, as opposed to 
application-level data, as suggested by one commenter. First, the 
statute clearly contemplates the collection of individual loan-level 
information. Section 1071's information gathering requirement provides 
that a financial institution is required to collect and maintain 
information ``in the

[[Page 35353]]

case of any application to a financial institution . . .'' (emphasis 
added).\688\ Further, the statute requires the financial institution to 
compile and maintain ``a record of the information provided by any loan 
applicant,'' including loan identifying information such as the number 
of the application and the date on which the application was 
received.\689\ Given this language, the Bureau believes that Congress 
intended that financial institutions compile and maintain application-
level information and submit the information--compiled in that way--to 
the Bureau.
---------------------------------------------------------------------------

    \688\ ECOA section 704B(b).
    \689\ ECOA section 704B(e)(2).
---------------------------------------------------------------------------

    Second, the Bureau believes that it is necessary to have specific 
ethnicity, race, and sex data for individual principal owners to allow 
assessments of whether there are trends in the data, including for 
businesses with different amounts of ownership by individuals of 
certain ethnicities, races, or sex, which cannot be captured through 
the minority-owned, women-owned, and LGBTQI+-owned business status data 
points alone. As a result, the Bureau rejects a commenter's suggestion 
that the Bureau require the collection of only one principal owner's 
ethnicity, race, and sex information.
    Direct reporting to the Bureau or third parties, or use of other 
data sources. The Bureau is not, at this time, establishing a mechanism 
by which small businesses might directly submit demographic information 
to the agency. The Bureau notes, in this respect, that the statute 
calls for financial institutions to collect these data and report them 
to the Bureau. In addition, the mechanisms described by the statute do 
not envision the Bureau ever knowing the identity of any small business 
submitting data, which would occur if small businesses were to file 
demographic data directly with the Bureau.
    However, the final rule does not foreclose industry from developing 
mechanisms to make demographic data collection and submission more 
effective or efficient. For example, industry might seek to foster the 
development of third-party mechanisms that would let financial 
institutions collect and report demographic information in tokenized 
form so that they themselves do not have access to that demographic 
data. To the extent that industry stakeholders are interested in the 
development of such mechanisms in connection with meeting their 
obligations under the final rule, the Bureau is willing to engage with 
them on these issues in order to ensure that any such developments 
ensure appropriate data quality and protection, do not burden or create 
obligations for applicants, and otherwise accord with the rule and the 
statute; to the extent necessary and appropriate, the Bureau would also 
need to adjust certain regulations and technical guidance. In 
considering appropriate data quality and protection, the Bureau will 
want to ensure that such a third-party system does not compromise 
privacy or other important protections or create opportunities for the 
sale of personal data.
    Some commenters suggested that, as opposed to requiring financial 
institutions to collect and report demographic data, the Bureau should 
instead use data, for example, that is gathered by other Federal 
agencies or buy it from outside sources. However, Congress's intent 
with ECOA section 704B was to require financial institutions to collect 
demographic information from applicants that would then be reported to 
the Bureau. Gathering such information from other sources would not be 
aligned with this intent. Further, the Bureau believes that requiring 
financial institutions to collect demographic information during the 
application process will help to ensure comprehensive, nationwide 
demographic data collection about small business lending, which will in 
turn help enable the identification of potential discriminatory lending 
practices and identification of the needs and opportunities of small 
businesses, including women-owned, minority-owned, and LGBTQI+-owned 
businesses. Data that have been collected in other contexts and for 
other purposes, and analyzed pursuant to those agencies' methods for 
those other purposes, would not achieve what the Bureau believes is 
necessary to meet section 1071's statutory objectives. Further, some of 
the approaches suggested by commenters would not be feasible, such as 
buying data from sources outside of the Federal government, because 
they do not identify a small business applicant's principal owners. The 
Bureau also notes that it has worked with other Federal regulators so 
that they can tailor data collections in this area to take advantage of 
data collected under this rule, thereby reducing burden on regulated 
entities.
    Applicant and financial institution education and guidance. With 
respect to commenters' requests that the Bureau educate and explain the 
final rule and its requirements to small business applicants, the 
public, and financial institutions, and to provide translations of the 
sample data collection form into other languages, the Bureau refers 
readers to its discussion regarding compliance and technical assistance 
at the end of part I above. Likewise, the Bureau agrees with commenters 
that it is important to provide a disclosure to applicants to generally 
explain the rule and its purpose. Instruction 4 to proposed appendix G 
would have explained that a financial institution may inform applicants 
that Federal law requires it to ask for the principal owners' 
ethnicity, race, and sex to help ensure that all small business 
applicants for credit are treated fairly and that communities' small 
business credit needs are being fulfilled. In response to comments 
about the importance of helping applicants to understand the reasons 
for the data collection,\690\ under the final rule financial 
institutions are required to provide such information (see final 
comment 107(a)(19)-4); sample language effecting this provision is 
included on the sample data collection form at appendix E.
---------------------------------------------------------------------------

    \690\ This was reaffirmed in user testing. See CFPB, User 
testing for sample data collection form for the small business 
lending final rule at app. A (Mar. 2023), https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------

Proposed Rule--Collecting Ethnicity and Race Using Aggregate Categories 
and Disaggregated Subcategories
    The Bureau proposed that financial institutions request principal 
owners' ethnicity and race using both aggregate categories as well as 
disaggregated subcategories.
    With respect to ethnicity data collection, the Bureau proposed 
using the same aggregate categories (i.e., Hispanic or Latino and Not 
Hispanic or Latino) and disaggregated subcategories as are used in 
Regulation C. With respect to race data collection, the Bureau proposed 
using the same aggregate categories as are used in Regulation C (i.e., 
American Indian or Alaska Native; Asian; Black or African American; 
Native Hawaiian or Other Pacific Islander; and White). The Bureau also 
proposed using the same disaggregated subcategories for the Asian race 
category and the Native Hawaiian or Other Pacific Islander race 
category, as well as with respect to the American Indian or Alaska 
Native race category, including by inviting an applicant to provide the 
name of a principal or enrolled tribe. In addition, the Bureau proposed 
adding disaggregated subcategories for the Black or African American 
race category, which are not used when

[[Page 35354]]

collecting data pursuant to Regulation C.
    The Bureau explained that OMB has issued standards for the 
classification of Federal data on ethnicity and race.\691\ OMB's 
government-wide standards provide a minimum standard for maintaining, 
collecting, and presenting data on ethnicity and race for all Federal 
reporting purposes. These standards have been developed to provide ``a 
common language for uniformity and comparability in the collection and 
use of data on ethnicity and race by Federal agencies.'' 
\692\[thinsp]The OMB standards provide the following minimum categories 
for data on ethnicity and race: Two minimum ethnicity categories 
(Hispanic or Latino; Not Hispanic or Latino) and five minimum race 
categories (American Indian or Alaska Native; Asian; Black or African 
American; Native Hawaiian or Other Pacific Islander; and White). The 
aggregate categories for ethnicity and race in Regulation C, which the 
Bureau proposed to use in the section 1071 final rule, conform to the 
OMB standards.
---------------------------------------------------------------------------

    \691\ Off. of Mgmt. & Budget, Revisions to the Standards for the 
Classification of Federal Data on Race and Ethnicity, 62 FR 58782, 
58782-90 (Oct. 30, 1997) (OMB Federal Data Standards on Race and 
Ethnicity).
    \692\ See id.
---------------------------------------------------------------------------

    The Bureau also explained that in addition to the minimum data 
categories for ethnicity and race, the OMB's standards provide 
additional key principles. First, self-identification is the preferred 
means of obtaining information about an individual's ethnicity and 
race, except in instances where observer identification is more 
practical.\693\ Second, the collection of greater detail is encouraged 
as long as any collection that uses more detail is organized in such a 
way that the additional detail can be aggregated into the minimum 
aggregate categories for data on ethnicity and race. More detailed 
reporting, which can be aggregated to the minimum categories, may be 
used at the agencies' discretion. Lastly, Federal agencies must produce 
as much detailed information on ethnicity and race as possible; 
however, Federal agencies shall not present data on detailed categories 
if doing so would compromise data quality or confidentiality 
standards.\694\
---------------------------------------------------------------------------

    \693\ See id.
    \694\ See id.
---------------------------------------------------------------------------

    The Bureau noted that although OMB received comments requesting the 
creation of a separate Arab or Middle Eastern ethnicity category prior 
to the adoption of the OMB Federal Data Standards on Race and Ethnicity 
in 1997, OMB accepted the Interagency Committee's recommendation not to 
include one in the 1997 minimum standards for reporting of Federal data 
on race and ethnicity. OMB stated that while it was adopting the 
Interagency Committee's recommendation, it believed additional research 
was needed to determine the best way to improve data on this population 
group.\695\
---------------------------------------------------------------------------

    \695\ Id. at 58782.
---------------------------------------------------------------------------

    The Bureau further explained that in 2017, OMB requested comment on 
the Federal Interagency Working Group for Research on Race and 
Ethnicity's (Working Group's) proposals to update the OMB Federal Data 
Standards on Race and Ethnicity.\696\ The Working Group proposed adding 
a Middle Eastern or North African classification to the Federal Data 
Standards on Race and Ethnicity and to issue specific guidelines for 
the collection of detailed data for American Indian or Alaska Native, 
Asian, Black or African American, Hispanic or Latino, Native Hawaiian 
or Other Pacific Islander, and White groups.\697\ The Working Group 
also considered whether race and ethnicity should be collected using 
separate questions versus a combined question. The OMB Federal Data 
Standards on Race and Ethnicity have not been updated, however, in the 
time since OMB's 2017 request for comment.
---------------------------------------------------------------------------

    \696\ 82 FR 12242 (Mar. 1, 2017).
    \697\ See OMB Federal Data Standards on Race and Ethnicity.
---------------------------------------------------------------------------

    The Bureau stated its belief that it is also important to consider 
the data standards that the U.S. Census Bureau (Census Bureau) uses in 
the Decennial Census. The definition of Hispanic or Latino origin used 
in the 2010 and 2020 Census questionnaire refers to a person of Cuban, 
Mexican, Puerto Rican, South or Central American, or other Spanish 
culture or origin regardless of race.\698\ The 2010 and 2020 Census 
disaggregated the Hispanic or Latino ethnicity into four categories 
(Mexican, Mexican American, or Chicano; Puerto Rican; Cuban; and 
Another Hispanic, Latino or Spanish origin) and included an area where 
respondents could provide (i.e., write in) a specific Hispanic, Latino, 
or Spanish origin group as additional information.\699\
---------------------------------------------------------------------------

    \698\ See U.S. Census Bureau, 2010 Official Questionnaire, 
https://www.census.gov/history/pdf/2010questionnaire.pdf (2010 
Census Official Questionnaire), and U.S. Census Bureau, 2020 
Official Questionnaire, https://www2.census.gov/programs-surveys/decennial/2020/technical-documentation/questionnaires-and-instructions/questionnaires/2020-informational-questionnaire.pdf 
(2020 Census Official Questionnaire).
    \699\ See 2010 Census Official Questionnaire and 2020 Census 
Official Questionnaire.
---------------------------------------------------------------------------

    The Bureau explained that the 2010 and 2020 Census questionnaires 
listed three of OMB's five aggregate race categories (American Indian 
or Alaska Native; Black or African American; and White). Although the 
questionnaires do not list the aggregate race categories for Asian or 
for Native Hawaiian or Other Pacific Islander, they do list the related 
disaggregated subcategories for the Asian race category (i.e., Asian 
Indian, Chinese, Filipino, Japanese, Korean, Vietnamese, Other Asian), 
and for the Native Hawaiian and Other Pacific Islander race category 
(i.e., Native Hawaiian, Chamorro,\700\ Samoan, Other Pacific Islander). 
These questionnaires also included three areas where respondents could 
write in a specific race: a specific Other Asian race, a specific Other 
Pacific Islander race, or the name of an enrolled or principal tribe in 
the American Indian or Alaska Native category.\701\ Additionally, the 
2020 Census allowed respondents to write in a specific origin for the 
White category and for the Black or African American category. For 
respondents who did not identify with any of the five minimum OMB race 
categories, the Census Bureau included a sixth race category--Some 
Other Race--on the 2010 and 2020 Census questionnaires. Respondents 
could also select one or more race categories and write-in 
options.\702\
---------------------------------------------------------------------------

    \700\ The questionnaire for the 2010 Census included ``Guamanian 
or Chamorro,'' but the questionnaire for the 2020 Census included 
only ``Chamorro.''
    \701\ See 2010 Census Official Questionnaire and 2020 Census 
Official Questionnaire.
    \702\ See id.
---------------------------------------------------------------------------

    The Bureau noted that on February 28, 2017, the Census Bureau 
released its 2015 National Content Test: Race and Ethnicity Analysis 
Report. This National Content Test provided the U.S. Census Bureau with 
empirical research to contribute to the planning for the content of the 
2020 Census' race/ethnicity questions. The report presented findings to 
the Census Bureau Director and executive staff on research conducted to 
assess optimal design elements that could be used in question(s) on 
race and ethnicity. It noted that Americans view ``race'' and 
``ethnicity'' differently than in decades past and that a growing 
number of people find the current race and ethnicity categories 
confusing, or they wish to see their own specific group reflected on 
the Census questionnaire. The National Content Test's research found 
that there have been a growing number of people who do not identify 
with any of the official OMB race categories, and that an increasing 
number of respondents have been racially classified as ``Some Other

[[Page 35355]]

Race.'' This was primarily because of reporting by Hispanics who did 
not identify with any of the OMB race categories, but it also noted 
that segments of other populations, such as Afro-Caribbean and Middle 
Eastern or North African populations, did not identify with any of the 
OMB race categories.\703\ The 2015 National Content Test: Race and 
Ethnicity Analysis Report concluded that optimal design elements that 
may increase reporting, decrease item non-response, and improve data 
accuracy and reliability include: (1) a combined race and ethnicity 
question with detailed checkbox options; (2) a separate ``Middle 
Eastern or North African'' response category; and (3) instructions to 
``Mark all that apply'' or ``Select all that apply'' (instead of ``Mark 
[X] one or more boxes'').\704\
---------------------------------------------------------------------------

    \703\ U.S. Census Bureau, 2015 National Content Test: Race and 
Ethnicity Analysis Report, Executive Summary, at ix (Feb. 28, 2017), 
https://www2.census.gov/programs-surveys/decennial/2020/program-management/final-analysis-reports/2015nct-race-ethnicity-analysis.pdf.
    \704\ Id. at 83-85.
---------------------------------------------------------------------------

    The Census Bureau did not ultimately incorporate these design 
elements into the questionnaire for the 2020 Decennial Census, but 
instead continued to ask about ethnicity and race in two separate 
questions. While the questionnaire did not provide detailed check box 
options for the White race category or for the Black or African 
American race category, the questionnaire did add write-in options and 
noted examples. For White, it noted examples of German, Irish, English, 
Italian, Lebanese, and Egyptian. For Black or African American, it 
noted examples of African American, Jamaican, Haitian, Nigerian, 
Ethiopian, and Somali.\705\ Notwithstanding the approach used by the 
Census Bureau for the 2020 Decennial Census, the Bureau requested 
comment on whether the approach and design elements set forth in the 
2015 National Content Test: Race and Ethnicity Report Analysis (whether 
in whole or in part) would improve data collection that otherwise 
furthers section 1071's purposes, improve self-identification of race 
and ethnicity by applicants and response rates, or impose burdens on 
financial institutions collecting and reporting this information.
---------------------------------------------------------------------------

    \705\ See 2020 Census Official Questionnaire.
---------------------------------------------------------------------------

    The Bureau proposed that financial institutions must permit 
applicants to provide a principal owner's ethnicity and race using the 
aggregate categories used for HMDA data collection, which conform to 
the OMB standards. The Bureau believed that aligning the aggregate 
ethnicity and race categories for this rule's data collection with the 
HMDA data collection would promote consistency and could reduce 
potential confusion for applicants, financial institutions, and other 
users of the data.
    The Bureau also proposed that applicants must be permitted to 
provide a principal owner's ethnicity and race using the disaggregated 
subcategories used in HMDA data collection, which also conform to one 
of the key principles in the OMB standards: encouraging the collection 
of greater detail as long as any collection that uses more detail is 
organized in such a way that the additional detail can be aggregated 
into the minimum aggregate categories for data on ethnicity and race. 
With respect to ethnicity data collection, the Bureau proposed that 
applicants must be permitted to provide a principal owner's ethnicity 
using the disaggregated subcategories used in HMDA data collection. For 
race data collection, the Bureau proposed that applicants must be 
permitted to provide a principal owner's race using the disaggregated 
subcategories for the Asian race category and the Native Hawaiian or 
Other Pacific Islander race category. The Bureau also proposed that 
applicants must be permitted to provide a principal owner's race using 
disaggregated subcategories for the Black or African American race 
category, which is not currently used in HMDA data collection. Lastly, 
similar to HMDA, the Bureau proposed inviting an applicant to provide 
the name of a principal or enrolled tribe for each principal owner with 
respect to the American Indian or Alaska Native race category.
    The Bureau explained that it was proposing use of disaggregated 
subcategories for this rulemaking, in part, for general consistency 
with existing HMDA reporting requirements. Further, collection and 
reporting using disaggregated subcategories could be beneficial when 
attempting to identify potential discrimination or business and 
community development needs in particular communities. While 
disaggregated data may not be useful in analyzing potential 
discrimination where financial institutions do not have a sufficient 
number of applicants or borrowers within particular subgroups to permit 
reliable assessments of whether unlawful discrimination may have 
occurred, disaggregated data on ethnicity and race may help identify 
potentially discriminatory lending patterns in situations in which the 
numbers are sufficient to permit such fair lending assessments. The 
Bureau noted that additionally, as suggested in the 2015 National 
Content Test: Race and Ethnicity Report Analysis, the use of 
disaggregated subcategories may increase response rates.
    The Bureau acknowledged, however, that including the disaggregated 
subcategories for four principal owners may make data collection more 
difficult in certain situations, such as for applications taken solely 
by telephone or for paper applications taken at retail locations. Given 
these concerns, the Bureau sought comment on whether an accommodation 
should be made for certain application scenarios, for example by 
permitting financial institutions to collect ethnicity and race 
information using only the aggregate categories or to permit financial 
institutions to collect ethnicity, race, and sex information on only 
one principal owner in those scenarios. The Bureau also noted that 
FinCEN's customer due diligence rule excludes from certain of its 
requirements point-of-sale transactions for the purchase of retail 
goods or services up to a limit of $50,000.\706\ The Bureau did not 
propose this approach given the different purposes and requirements of 
the customer due diligence rule (as well as FinCEN's related customer 
identification program rule) \707\ and section 1071. Nonetheless, the 
Bureau sought comment on whether covered applications taken at retail 
locations, such as credit cards and lines of credit with a credit limit 
under a specified amount (such as $50,000), should be excepted from 
some or all of the requirement to obtain principal owners' ethnicity, 
race, and sex information.
---------------------------------------------------------------------------

    \706\ 31 CFR 1010.230(h)(1)(i). The customer due diligence 
rule's exclusion for certain point of sale transactions is based on 
the ``very low risk posed by opening such accounts at [a] brick and 
mortar store.'' Fin. Crimes Enf't Network, U.S. Dep't of Treas., 
Guidance: Frequently Asked Questions Regarding Customer Due 
Diligence Requirements for Financial Institutions, at Q 29 (Apr. 3, 
2018), https://www.fincen.gov/sites/default/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf.
    \707\ FinCEN's customer identification program rule does not 
contain a point of sale exclusion. While the rule permits 
verification of customer identity information within a reasonable 
time after an account is opened, the collection of required customer 
information must occur prior to account opening. See 31 CFR 
1020.220(a)(2)(i)(A) and (ii). For credit card accounts, a bank may 
obtain identifying information about a customer from a third-party 
source prior to extending credit to the customer. 31 CFR 
1020.220(a)(2)(i)(C).
---------------------------------------------------------------------------

    The Bureau also sought comment on its proposed use of the HMDA 
aggregate categories, the HMDA disaggregated subcategories (including 
the ability to provide additional information if an applicant indicates 
that a principal owner is Other Hispanic or Latino, Other Asian, or 
Other Pacific Islander), and the proposed addition of

[[Page 35356]]

disaggregated subcategories for the Black or African American category. 
Additionally, the Bureau sought comment regarding whether it would be 
helpful or appropriate to provide additional clarification or to pursue 
a different approach regarding the ability of a principal owner to 
identify as Other Hispanic or Latino, Other Asian, or Other Pacific 
Islander or to provide additional information if a principal owner is 
Other Hispanic or Latino, Other Asian, or Other Pacific Islander. The 
Bureau also sought comment on whether any additional or different 
categories or subcategories should be used for section 1071 data 
collection, and whether the collection and reporting of ethnicity and 
race should be combined into a single question for purposes of section 
1071 data collection and reporting. The Bureau further sought comment 
on whether an additional category for Middle Eastern or North African 
should be added and, if so, how this category should be included and 
defined. In addition, the Bureau sought comment on whether 
disaggregated subcategories should be added for the aggregate White 
category, and if so, what disaggregated subcategories should be added 
and whether the applicant should be permitted to write in or otherwise 
provide other disaggregated subcategories or additional information. 
The Bureau also sought comment on whether the approach and design 
elements set forth in the 2015 National Content Test: Race and 
Ethnicity Report Analysis would improve data collection or otherwise 
further section 1071's purposes, as well as whether it would pose any 
particular burdens or challenges for financial institutions collecting 
and reporting this information. Finally, the Bureau sought comment on 
whether, similar to data collection pursuant to Regulation C, financial 
institutions should be limited to reporting a specified number of 
aggregate categories and disaggregated subcategories and, if so, 
whether such a limitation should be described in the sample data 
collection form.
    Proposed comments 107(a)(20)-6 and -7 would have provided guidance 
on collecting and reporting ethnicity and race information, 
respectively. The proposed comments would have explained that 
applicants must be permitted to provide a principal owner's ethnicity 
or race using aggregate categories and disaggregated subcategories and 
would have also listed the aggregate categories and disaggregated 
subcategories that applicants must be permitted to use. The proposed 
comments would have also explained that applicants must be permitted to 
select one, both, or none of the aggregate categories and as many 
disaggregated subcategories as the applicant chooses, even if the 
applicant does not select the corresponding aggregate category. The 
proposed comments would have stated that, if an applicant provides 
ethnicity or race information for a principal owner, the financial 
institution reports all of the aggregate categories and disaggregated 
subcategories provided by the applicant, and the proposed comments 
would have provided examples. The proposed comments would have stated 
that a financial institution must also permit the applicant to refuse 
to provide ethnicity or race information for one or more principal 
owners and explain how a financial institution reports ethnicity or 
race information if an applicant declines to provide the information or 
fails to respond. Finally, the proposed comments would have explained 
how a financial institution reports ethnicity or race information if an 
applicant has fewer than four principal owners, and they would have 
provided examples.
Comments Received--Collecting Ethnicity and Race Using Aggregate 
Categories and Disaggregated Subcategories
    The Bureau received comments from a range of commenters, including 
lenders, trade associations, community groups, and a business advocacy 
group, on its proposal to collect ethnicity and race using aggregate 
categories and disaggregated subcategories.
    Several banks and a group of trade associations opposed the 
proposal to collect ethnicity and race information using disaggregated 
subcategories. Specifically, these commenters asserted that the 
disaggregated subcategories do not add value to fair lending reviews or 
findings in the HMDA context because there is not enough disaggregated 
subcategory data from which to draw fair lending conclusions, as 
mortgage applicants do not often use the disaggregated subcategories. 
Thus, they said, disaggregated subcategories should not be adopted for 
this data collection. The group of trade associations also stated that 
the Bureau's analysis of 2018 HMDA data shows that mortgage applicants 
largely selected one ethnicity or race field and asserted that the 
Bureau has not shown that small business credit applicants are likely 
to behave differently. A small business owner also objected to the 
Bureau's proposal on the grounds that applicants would not report the 
ethnicity and race of their principal owners accurately and, if faced 
with a long list of categories, would choose not to report. This 
commenter also asserted that the Bureau's proposal does not align with 
other government data collections and would hinder data analysis.
    Two of those banks and the group of trade associations also 
objected on the grounds that collecting disaggregated data in the HMDA 
context has been burdensome and frustrating for applicants and lenders. 
The trade associations also argued that including disaggregated 
subcategories would impose more burden than under Regulation C because 
ethnicity and race data would need to be collected for up to four 
principal owners under the Bureau's proposal, whereas it would 
generally be collected for only one or two applicants for the HMDA data 
collection. This commenter also emphasized that for ethnicity and race 
data collection under Regulation C, financial institutions are required 
to read aloud all of the ethnicity and race disaggregated subcategories 
when taking a mortgage application over the phone, which the commenter 
asserted has been frustrating for mortgage applicants and would likely 
be frustrating for small business applicants as well.
    The group of trade associations and a bank further argued for use 
of only the aggregate categories currently used in Regulation C and the 
OMB Federal Data Standards on Race and Ethnicity, without any new 
aggregate or disaggregated categories. As discussed above regarding 
general comments about the Bureau's proposal for collecting ethnicity, 
race, and sex, the Bureau also received some comments requesting that 
demographic information collection generally (including on race and 
ethnicity) for this rule should be the same, or similar to the greatest 
extent possible, as for Regulation C.
    In contrast, many community groups and a minority business advocacy 
group, as well as some industry commenters, generally supported 
collecting ethnicity and race using aggregate categories and 
disaggregated subcategories as proposed by the Bureau. These commenters 
stated that collecting detailed, disaggregated ethnicity and race data 
on small business applicants' owners, and particularly for those of 
color, will over time provide transparency as to the different 
experiences of racial and ethnic subgroups in the small business 
lending marketplace, further fair lending enforcement, and support the 
objectives of section 1071. Several commenters emphasized that 
disaggregated data will help capture

[[Page 35357]]

potential discrimination and allow for targeted support. One stated 
that the proposal will add nuance to fair lending assessments and that 
aggregate racial and ethnic categories mask economic disparities and 
differences in social capital and experiences.
    Many of these commenters highlighted that HMDA data has revealed 
that racial and ethnic subgroups have different experiences in the home 
buying market. These commenters argued that, similarly, disaggregated 
ethnicity and race data are necessary to allow assessments in the small 
business lending marketplace. Several of these commenters specifically 
noted that research based on 2019 HMDA data shows that Asian American 
and Pacific Islander communities and Hispanic/Latino subgroups fare 
differently in the mortgage market. One commenter noted, as an example 
of different experiences, that participants in its homebuying seminars 
have stated that language barriers often create difficulties in the 
home buying process. Other commenters noted the importance of 
disaggregated data for business lending specifically, generally citing 
findings in the Federal Reserve Banks' Small Business Credit Survey: 
2021 Report on Employer Firms that firms owned by people of color were 
less likely to receive the full of amount financing sought than white-
owned businesses.
    Some commenters stated that they supported the Bureau's proposed 
approach of generally aligning with HMDA's aggregate categories and 
disaggregated subcategories for ethnicity and race and also adding new 
disaggregated subcategories. Two commenters affirmed that the HMDA 
ethnicity and race categories and subcategories are also relevant for 
small business lending. A lender commented that this approach will 
reveal different experiences in the small business lending market, but 
also provide familiar reporting standards. Another lender stated that 
aligning many of the ethnicity and race categories with those for HMDA 
would promote consistency and reduce confusion. One community group 
stated that based on the HMDA experience, it anticipates that 
applicants will not have difficulty understanding the information being 
requested regarding race as long as the sample form is clear for both 
lenders and applicants to follow.
    Many commenters also supported the specific ethnicity and race 
aggregate categories and disaggregated subcategories proposed. Some 
called out their support for particular groups of disaggregated 
subcategories, for example for the Hispanic/Latino population, Asian, 
and Native Hawaiian or Other Pacific Islander aggregate categories. 
Some commenters noted that none of these communities are monoliths and 
different subgroups have different experiences in seeking credit. One 
commenter made a similar statement regarding African American and 
African immigrant communities in the residential mortgage context.
    A community group operating in New York City suggested adding 
certain subgroups listed as examples in the Other Latino or Hispanic 
disaggregated ethnicity subcategory and in the Other Asian 
disaggregated race subcategory. The community group suggested adding an 
ethnicity subcategory for Dominican, because in New York City 
Dominicans make up a larger percentage of the population than Puerto 
Ricans, one of the proposed disaggregated ethnicity subcategories. The 
commenter also suggested adding Colombian, Ecuadorian, and Honduran 
disaggregated ethnicity subcategories. This commenter further suggested 
adding Bangladeshi and Pakistani disaggregated race subcategories, 
under the Asian aggregate race category, stating that these populations 
make up 6 percent and 8 percent, respectively, of the Asian population 
in New York City.
    Many commenters expressed specific support for the proposed 
disaggregated Black or African American race subcategories. One 
commenter stated that there are distinct differences in the experiences 
and treatment of different subgroups and that many of these subgroups 
have tight-knit communities and thus it is important that this data 
collection captures such nuances, and another stated that 
disaggregation generally has proven to have value in the HMDA context.
    Regarding the American Indian or Alaska Native aggregate race 
category, several commenters supported the Bureau's proposal to include 
a write-in text field for an applicant to name a principal owner's 
enrolled or principal tribe, though some also were concerned that there 
would be insufficient information on indigenous small business owners 
as a result of small sample sizes, which could mask the credit needs of 
that community.
    Some commenters supported adding an additional category for Middle 
Eastern or North African in the final rule, in response to the Bureau's 
request for comment. One commenter stated that individuals of Middle 
Eastern or North African descent are often left with little choice but 
to select White as their race, despite a long history of discrimination 
in the United States, and that adding this category would meet the 
spirit of section 1071. Several other commenters stated that a Middle 
Eastern or North African category should be added to capture 
discrimination against and barriers for applicants of Middle Eastern or 
North African descent. A couple of commenters suggested that North 
African and Middle Eastern could be addressed as its own category or as 
disaggregated subcategories. However, a group of trade associations 
argued against the proposal for a Middle Eastern or North African 
category, noting that OMB never finalized its proposal to include such 
a category in its Federal standards on race and ethnicity.
    Regarding disaggregated ethnicity and race categories generally, a 
joint letter from community groups and business advocacy groups 
suggested that the Bureau provide in the final rule that the ethnicity 
and race categories will be maintained and updated in alignment with 
OMB's standards and that the specifications will be adjusted in filing 
instructions that the Bureau issues from time to time.
    Several commenters responded to the Bureau's request for comment on 
whether to combine the proposed questions about ethnicity and race. 
These commenters did not support combining the questions. A group trade 
associations noted that while the Census Bureau's 2015 National Content 
Test: Race and Ethnicity Report Analysis showed that many individuals 
that select Hispanic or Latino as their ethnicity do not make any race 
selections because they do not identify with the aggregate race 
categories, the race and ethnicity questions were ultimately not 
combined for 2020 Decennial Census. The commenter also reiterated that 
the questions are separate for HMDA data collection purposes, and 
stated that the same approach should be used for this rule to maintain 
consistency across data collection rules and with the Census Bureau's 
approach, reduce burden for financial institutions, and facilitate data 
analyses.
    One commenter urged the Bureau to allow applicants to provide an 
additional disaggregated subcategory in addition to those specified in 
the proposal beside ``other'' in a text field in the same manner that 
American Indian or Alaska Natives can identify tribal affiliation. The 
commenter stated this would allow applicants to write in responses such 
as Nicaraguan or Hmong that may provide important additional 
information for fair lending enforcement.

[[Page 35358]]

    A bank asserted that for the ethnicity and race data collection 
under Regulation C, when applicants select a disaggregated ethnicity or 
race subcategory, the selection prevents the applications from being 
associated with the corresponding aggregate category. The commenter 
stated that this issue impacts how some lenders' application and 
origination performance with specific communities appears and urged the 
Bureau to fix the issue in the Regulation C data collection and ensure 
it is not replicated for the section 1071 data collection.
Final Rule--Collecting Ethnicity and Race Using Aggregate Categories 
and Disaggregated Subcategories
    For the reasons set forth herein, the Bureau is finalizing its 
proposal to collect information about the ethnicity and race of 
principal owners using aggregate categories and disaggregated 
subcategories generally as proposed. However, the Bureau has revised 
the commentary related to the collection of ethnicity and race data to 
reduce repetition among the appendices and the commentary and to 
reflect other changes, as explained below.
    The Bureau agrees with commenters that the disaggregated ethnicity 
and race subcategories will provide meaningful data that will further 
section 1071's purposes. Such data will be beneficial in identifying 
potential discrimination or business and community development needs in 
particular communities, including by providing insight into variations 
in borrowing experiences by ethnicity and race across the small 
business lending marketplace, even if not all applicants make ethnicity 
or race disaggregated subcategory selections. For example, in the HMDA 
context, the Bureau has used disaggregated race data collected under 
Regulation C to find that some Asian American and Pacific Islanders 
subgroups fare better than others in the mortgage market.\708\ Other 
data users have been able to draw conclusions and make policy 
recommendations to address differences and disparities in home lending 
among subgroups in the Hispanic or Latino community using disaggregated 
HMDA subcategories.\709\ The Bureau believes that disaggregated 
ethnicity and race data in the section 1071 data collection will 
similarly advance section 1071's purpose in enabling communities, 
governmental entities, and creditors to identify business and community 
development needs and opportunities of businesses with owners that are 
members of ethnic and racial subgroups, regardless of whether those 
businesses meet the definition of a minority-owned small business.
---------------------------------------------------------------------------

    \708\ Bureau of Consumer Fin. Prot., Data Point: Asian American 
and Pacific Islanders in the Mortgage Market (July 2021), https://files.consumerfinance.gov/f/documents/cfpb_aapi-mortgage-market_report_2021-07.pdf.
    \709\ See Agatha So et al., Nat'l Cmty. Reinvestment Coal., 
Hispanic Mortgage Lending: 2019 HMDA Analysis (2019), https://www.ncrc.org/hispanic-mortgage-lending-2019-analysis/.
---------------------------------------------------------------------------

    With respect to the fair lending enforcement purpose of section 
1071, the Bureau recognizes that disaggregated data may not be useful 
in analyzing potential discrimination where financial institutions do 
not have a sufficient number of applicants or borrowers within 
particular subgroups to permit reliable assessments of whether unlawful 
discrimination may have occurred. However, the Bureau believes there 
will be--as has proven to be the case in the HMDA data--situations in 
which the numbers are sufficient to permit such fair lending 
assessments. The Bureau also believes that the use of disaggregated 
subcategories may increase ethnicity and race response rates by small 
business applicants. Requiring the collection of disaggregated race and 
ethnicity data also follows a key principle set forth in the OMB 
Federal Data Standards on Race and Ethnicity to encourage applicants to 
self-identify their principal owners' race and ethnicity, by providing 
more inclusive options for applicant self-reporting.\710\
---------------------------------------------------------------------------

    \710\ See 62 FR 58782, 58789 (Oct. 30, 1997).
---------------------------------------------------------------------------

    The Bureau is not, at this time, adding additional disaggregated 
ethnicity and race subcategories beyond those set forth in the NPRM. 
While one commenter suggested adding a few disaggregated ethnicity and 
race categories, such suggestions were based on the demographics of a 
specific city and it is unclear whether they would provide useful data 
in a nationwide data collection. The Bureau notes that if an 
applicant's principal owner does not clearly identify with any of the 
listed disaggregated ethnicity or race subcategories associated with a 
specific aggregate ethnicity or race category, many of the aggregate 
ethnicity and race categories have an associated ``Other'' 
disaggregated subcategory (e.g., ``Other Hispanic or Latino,'' ``Other 
Asian,'' ``Other Black or African American,'' and ``Other Pacific 
Islander'') that give the applicant opportunities to provide a specific 
subcategory not listed or otherwise provide additional ethnicity or 
race information.\711\
---------------------------------------------------------------------------

    \711\ The exceptions are the ``American Indian or Alaska 
Native'' aggregate race category, which provides applicants with an 
opportunity to write in or provide additional information about 
their principal owner's enrolled or principal tribe, the ``Not 
Hispanic or Latino'' aggregate ethnicity category, and the ``White'' 
aggregate race category.
---------------------------------------------------------------------------

    The Bureau also is not adding a separate, disaggregated subcategory 
for applicants to write in ethnicity or race information, as suggested 
by a commenter. The Bureau recognizes that some applicants may not 
clearly identify with the Bureau's designated ethnicity and race 
aggregate categories and disaggregated subcategories, despite the 
``Other'' disaggregated ethnicity and race subcategories associated 
with the aggregate ethnicity and race categories in the final rule. The 
Bureau also notes that the 2020 Decennial Census and the Census 
Bureau's American Community Survey include a separate ``Some Other 
Race'' category, which provided respondents with the ability to write 
in additional information.\712\ However, the Census Bureau's use of 
this race category is statutorily required and the best practice for 
Federal agencies is to not include a ``Some Other Race'' category 
unless required by law.\713\ The Bureau believes it is important that 
the race and ethnicity information be capable of being aggregated to or 
associated with the five OMB aggregate categories for race and the two 
aggregate categories for ethnicity in the OMB Federal Data Standards on 
Race and Ethnicity to facilitate the Bureau's and others' ability to 
analyze and use the collected data. As noted above, applicants will be 
able to use the associated ``Other'' disaggregated subcategories 
associated with many of the aggregate race and ethnicity categories to 
provide their principal owners' information and, as clarified by final 
comments 107(a)(19)-13 and -14, will also be able to make multiple 
selections for their principal owners' race and/or ethnicity to 
accurately reflect their racial and ethnic identities.
---------------------------------------------------------------------------

    \712\ See 2020 Census Official Questionnaire; 2022 American 
Community Survey Questionnaire.
    \713\ See Chief Statistician of the U.S., Flexibilities and Best 
Practices for Implementing the Office of Management and Budget's 
1997 Standards for Maintaining, Collecting, And Presenting Federal 
Data on Race and Ethnicity (Statistical Policy Directive No. 15), 
n.32 (July 2022) (citing the Science, State, Justice, Commerce, and 
Related Agencies Appropriations Act, 2006, Public Law 109-108, tit. 
II, 119 Stat. 2289, 2308-09 (2005)), https://www.whitehouse.gov/wp-content/uploads/2022/07/Flexibilities-and-Best-Practices-Under-SPD-15.pdf; id. at 8-9.
---------------------------------------------------------------------------

    The Bureau likewise is not combining the questions about ethnicity 
and race at this point in time. Commenters generally did not support or 
did not state a position on combining the ethnicity and race questions. 
The Bureau notes that the 2020 Decennial

[[Page 35359]]

Census and the 2022 American Community Survey also do not combine the 
questions.\714\
---------------------------------------------------------------------------

    \714\ The 2020 Decennial Census and the 2022 American Community 
Survey both ask separate questions for Hispanic, Latino, or Spanish 
origin, and for race. See 2020 Census Official Questionnaire; U.S. 
Census Bureau, 2022 American Community Survey Questionnaire, https://www2.census.gov/programs-surveys/acs/methodology/questionnaires/2022/quest22.pdf.
---------------------------------------------------------------------------

    Some commenters expressed concern that the Bureau's proposal for 
the American Indian or Alaska Native aggregate race category, which 
does not have specifically listed disaggregated subcategories but 
permits applicants to write in the name of a principal owner's enrolled 
or principal tribe, would lead to small sample sizes and thus 
insufficient information to make assessments about indigenous small 
business owners and those communities. At this time, the Bureau is not 
making any changes to its approach for the American Indian or Alaska 
Native aggregate race category. The Bureau notes that the Census 
Bureau's 2020 Decennial Census and 2022 American Community Survey 
similarly listed American Indian or Alaska Native as an aggregate race 
category, do not list specific disaggregated subcategories, and ask 
respondents to ``Print [the] name of enrolled or principal tribe(s)'' 
along with suggested write-in options.\715\ As explained in the 2015 
National Content Test: Race and Ethnicity Race Report Analysis, there 
are hundreds of American Indian and Alaska Native tribes, villages, and 
groups, and checkboxes for the largest groups would only represent a 
small percentage of the American Indian and Alaska Native 
population.\716\ Given this research, the Bureau believes that its 
approach to the American Indian or Alaska Native aggregate race 
category is appropriate and is thus not including a list of suggested 
write-in examples at this time.
---------------------------------------------------------------------------

    \715\ See 2020 Census Official Questionnaire; U.S. Census 
Bureau, 2022 American Community Survey Questionnaire.
    \716\ 2015 National Content Test: Race and Ethnicity Report 
Analysis, at 52 (``[W]e know from Census Bureau research that there 
are hundreds of very small detailed [American Indian and Alaska 
Native] tribes, villages, and indigenous groups for which Census 
Bureau data is collected and tabulated, and if we were to employ the 
six largest American Indian groups and Alaska Native groups as 
checkboxes, they would represent only about 10 percent of the entire 
AIAN population.'').
---------------------------------------------------------------------------

    The Bureau has also decided against specifically collecting data on 
Middle Eastern or North African populations at this point in time, 
whether as an aggregate ethnicity or race category, a disaggregated 
ethnicity or race subcategory, or through some other inquiry, due to 
uncertainty about how a Middle Eastern or North African category should 
be defined. As detailed in the NPRM, the Census Bureau and OMB have 
considered, over the course of years, whether to include a separate 
Arab or North African, or alternatively Middle Eastern or North 
African, classification in the Decennial Census and the Federal Data 
Standards on Race and Ethnicity.\717\ But, despite a 2017 
recommendation by a Federal interagency working group to add such a 
classification to the OMB Federal Data Standards on Race and Ethnicity, 
the standards have not been updated. And, although it was recommended 
in the 2015 National Content Test: Race and Ethnicity Report Analysis 
that a separate Middle Eastern or North African classification be 
adopted for the 2020 Decennial Census, no Middle Eastern or North 
African classification was included due to questions about whether the 
information should be collected as an ethnicity or race category.\718\ 
Given the unsettled nature of how to best collect information about 
Middle Eastern and North African populations, the Bureau is not 
including a separate classification for Middle Eastern or North African 
at this point in time. The Bureau notes, however, that OMB is currently 
in the process of reviewing and revising the standards for collecting 
data on race and ethnicity for the Federal government and may revise 
the standards by the summer of 2024.\719\ The Bureau will be reviewing 
OMB's efforts and other developments that may arise in the area of 
ethnicity and race data collection and measurement.
---------------------------------------------------------------------------

    \717\ 62 FR 58782 (Oct. 30, 1997); 82 FR 12242 (Mar. 1, 2017).
    \718\ Hansi Lo Wang, No Middle Eastern or North African Category 
on the 2020 Census, Bureau Says, Nat'l Pub. Radio (Jan. 29, 2018), 
https://www.npr.org/2018/01/29/581541111/no-middle-eastern-or-north-african-category-on-2020-census-bureau-says. See also U.S. Census 
Bureau, 2015 NCT, at xiii, 84-85.
    The Bureau notes that after the NPRM was published, the U.S. 
Department of the Treasury published an interim final rule in March 
2022 related to data collection for its State Small Business Credit 
Initiative (SSBCI) program, which establishes that recipients of 
SSBCI funding must maintain and submit information about small 
business program beneficiaries' principal owners' Middle Eastern or 
North African ancestry, through a separate ancestry question. U.S. 
Dep't of Treas., State Small Business Credit Initiative; 
Demographics-Related Reporting Requirements, 87 FR 13628 (Mar. 10, 
2022).
    \719\ Off. of Mgmt. & Budget, Initial Proposals for Updating 
OMB's Race and Ethnicity Statistical Standards, 88 FR 5375 (Jan. 27, 
2023). Proposals and questions for which OMB is soliciting comment 
include collecting race and ethnicity information using one combined 
question, adding a Middle Eastern or North African minimum reporting 
category, requiring the collection of detailed race and ethnicity 
categories by default, and certain updates to terminology, among 
others.
---------------------------------------------------------------------------

    The Bureau is not committing at this time to updating the rule's 
ethnicity and race aggregate categories and disaggregated subcategories 
to align with future changes to OMB Federal Data Standards on Race and 
Ethnicity. First, the data points the Bureau is finalizing under Sec.  
1002.107(a)(18) and (19), regarding minority-owned business status and 
the ethnicity and race of principal owners, are statutorily mandated. 
Second, the Bureau notes that the OMB Federal Data Standards on Race 
and Ethnicity establish only minimum standards for the collection of 
race and ethnicity information, which the data collection under 
Regulation C already expands upon.\720\ Third, it is unknown what the 
changes to the Federal standards will be and whether the collection of 
information based on any revised race and ethnicity aggregate 
categories and/or disaggregated subcategories would further the 
purposes of section 1071. The Bureau, however, will track forthcoming 
developments as to the Federal government's standards for the 
collection of race and ethnicity information. Regarding updates to data 
point response options, see final comment 107(a)-4.
---------------------------------------------------------------------------

    \720\ As explained by the Bureau in 2015, the race and ethnicity 
disaggregated subcategories under Regulation C go beyond the minimum 
categories set forth in the OMB Federal Data Standards on Race and 
Ethnicity by adding subpopulations used in the 2000 and 2010 
Decennial Census. See 80 FR 66128, 66190 (Oct. 28, 2015).
---------------------------------------------------------------------------

    As supported by some commenters, the Bureau believes it is 
important to collect information about principal owners that identify 
with subgroups within the Black or African American community, 
particularly as the Black or African American community in the United 
States diversifies. The Bureau does not believe it is necessary to use 
the exact same aggregate categories and disaggregated subcategories for 
ethnicity and race as are used for data collection under Regulation C 
(which would preclude the Black or African American race disaggregated 
subcategories), as suggested by some commenters. Certainly, the 
Bureau's experience with ethnicity and race data collection under HMDA 
informed the Bureau's considerations for its proposals and for this 
final rule. However, although the collection of ethnicity, race, and 
sex data in both contexts serves related fair lending purposes, 
Regulation C and this final rule are authorized under different 
statutes and for different markets. The Bureau believes that the added 
Black or African American race disaggregated subcategories it proposed 
and is finalizing will provide additional

[[Page 35360]]

information that will further the purposes of section 1071, as 
explained below.
    According to a Pew Research Center report, while 4.6 million, or 
one in ten, Black individuals in the United States were born in a 
different country in 2019, it is projected that by 2060 the number will 
increase to 9.5 million, or more than double the current level.\721\ 
Within this changing demographic, there are socio-economic differences 
between Black immigrant-headed households and other immigrant 
households in the United States, between Black immigrant-headed 
households and U.S.-born Black American headed- households, and among 
Black immigrant-headed households by region of origin. For example, the 
report found that in 2019, poverty rates within the Black immigrant 
population vary by region, with fewer than one-in-five African-born (16 
percent) and Central American- or Mexican-born Black immigrants (16 
percent) living below the poverty line, and 11 percent and 12 percent 
of Caribbean- and South American-born Black immigrants, 
respectively.\722\ The Bureau is not collecting immigrant status as 
part of the section 1071 data collection. However, this research 
indicates to the Bureau that there could be important distinctions 
between subgroups of the Black or African American communities in the 
small business lending marketplace. The Bureau believes that the 
collection of information about small businesses whose principal owners 
identify among the Black or African American subgroups will allow it 
and others to better understand if there are distinct differences in 
patterns in lending to small businesses with owners in these subgroups 
and help fulfill the fair lending enforcement and business and 
community development purposes of section 1071.
---------------------------------------------------------------------------

    \721\ Christine Tamir & Monica Anderson, Pew Rsch. Ctr., One-in-
Ten Black People Living in the U.S. Are Immigrants, at 7 (Jan. 20, 
2022), https://www.pewresearch.org/race-ethnicity/wp-content/uploads/sites/18/2022/01/RE_2022.01.20_Black-Immigrants_FINAL.pdf.
    \722\ See id. at 28-31.
---------------------------------------------------------------------------

    Based on its experience with Regulation C, the Bureau believes that 
after some initial burden to implement the ethnicity and race reporting 
requirements, there should be minimal ongoing burden for financial 
institutions related to the collection and reporting of applicants' 
self-provided responses regarding their principal owners' aggregate 
category and disaggregated subcategory ethnicity and race selections. 
However, the Bureau acknowledges the concern raised by one commenter 
that, unlike in mortgage transactions where generally there are only up 
to two applicants, under the Bureau's proposal, ethnicity and race 
information could be collected for up to four principal owners. The 
commenter generally noted that because of this potential for an 
applicant to have up to four principal owners, for applications taken 
over the phone, it could be frustrating for applicants and financial 
institution employees and officers to read all of the ethnicity and 
race aggregate categories and disaggregated subcategories out loud, as 
is currently the practice under Regulation C. In consideration of this 
issue, the Bureau has added a comment to provide clarification for 
collecting ethnicity and race information orally, such as over the 
phone. Final comment 107(a)(19)-16 generally clarifies that when 
collecting ethnicity and race information orally, the financial 
institution is not required to read aloud every disaggregated ethnicity 
and race subcategory. Instead, a financial institution will be able to 
orally present the lists of aggregate ethnicity and race categories, 
followed by the disaggregated subcategories (if any) associated with 
the specific aggregate ethnicity or race categories selected or 
requested to be heard by the applicant. Comment 107(a)(19)-16 will also 
clarify, among other things, that after the applicant has made its 
selection(s) (if any), the financial institution must also ask if the 
applicant wishes to hear any other lists of disaggregated 
subcategories. The comment also provides that the financial institution 
may not present the applicant with the option to decline to provide 
ethnicity or race information without also presenting the applicant 
with the specified ethnicity or race aggregate categories and 
disaggregated subcategories. Comment 107(a)(19)-16 also generally 
provides that if an applicant has more than one principal owner, a 
financial institution will have the flexibility to ask for the 
principal owners' ethnicity and race information in a way that reduces 
repetition.
    With regard to one commenter's request that the Bureau ensure that 
an applicant's selection of a disaggregated ethnicity or race 
subcategory does not prevent the application from being associated with 
the corresponding aggregate ethnicity or race category, the Bureau does 
not anticipate that the commenter's concern will be an issue for the 
1071 data collection. The Bureau also notes that the commenter's issue 
is not present for reporting under Regulation C, as stated by the 
commenter. When reporting an applicant's disaggregated ethnicity or 
race subcategory selections under Regulation C, the aggregate ethnicity 
or race category is disclosed in the derived aggregate ethnicity or 
race field in the publicly released data. To the extent the commenter 
is referring to a concern about how an applicant may select a 
disaggregated ethnicity or race subcategory, without also selecting the 
associated aggregate category, the Bureau believes that allowing 
applicants to make such a selection and requiring a financial 
institution to report that selection as it was made, and recognizes 
that individuals may have varying racial and ethnic identities.
    To further this goal, final comment 107(a)(19)-1 states that 
financial institutions report responses as provided by applicants. 
Generally, this is the case even if they contain obvious discrepancies 
and inaccuracies.\723\ Upon further review, however, the Bureau has 
revised the commentary for final Sec.  1002.107(a)(19) to clarify that 
if an applicant provides additional ethnicity or race information in a 
write-in field on a paper or electronic data collection form but does 
not select (e.g., by a check mark on a paper form) the corresponding 
``Other'' disaggregated subcategory (e.g., ``Other Hispanic or 
Latino,'' ``Other Asian,'' ``Other Black or African American,'' and 
``Other Pacific Islander''), the financial institution is permitted, 
but not required, to report the corresponding ``Other'' ethnicity or 
race disaggregated subcategory as well. Similarly, if an applicant 
provides the name of an enrolled or principal tribe but does not also 
indicate that the principal owner is American Indian or Alaska Native 
on a paper or electronic data collection form, the financial 
institution is permitted, but not required, to report American Indian 
or Alaska Native as well. This change aligns with the similar 
instruction regarding such situations in Regulation C.\724\
---------------------------------------------------------------------------

    \723\ The Bureau notes that comment 107(a)(19)-8 provides 
clarification that in the specific situation where an applicant both 
provides a substantive response to a request for a given principal 
owner's ethnicity, race, or sex (by identifying the principal 
owner's race, ethnicity, or sex) and also indicates that it does not 
wish to provide the information (e.g., by selecting an option that 
states ``I do not wish to provide this information'' or similar), 
the financial institution reports the substantive response provided 
by the applicant (rather than reporting that the applicant responded 
that it did not wish to provide the information).
    \724\ See, e.g., 12 CFR part 1002, appendix B, instruction 9.ii.
---------------------------------------------------------------------------

    The Bureau has also made changes to the commentary specifically 
regarding the collection of ethnicity and race information to 
incorporate unique

[[Page 35361]]

content from the instructions for collecting ethnicity and race 
information in proposed appendix G, which the Bureau is removing from 
the final rule, as explained earlier in this section-by-section 
analysis.\725\ These changes include updated numbering, added 
references to the sample data collection form at final appendix E, and 
further clarification regarding applicability of the instructions when 
ethnicity and race information is requested on a paper or electronic 
data collection form, versus orally (e.g., telephone applications). The 
Bureau has also removed proposed clarification in each of the ethnicity 
and race-related comments regarding ethnicity and race information that 
an applicant has specifically indicated it is declining to provide, 
which it did not provide, or which is not applicable, including because 
the applicant has fewer than four principal owners.\726\ The Bureau has 
either deleted such content where duplicative of similar content in 
final comment 107(a)(19)-1 (``General'') or moved it to new, generally 
applicable comments at final comments 107(a)(19)-6 (``Ethnicity, race, 
or sex of principal owners not provided by applicant''), 107(a)(19)-7 
(``Applicant declines to provide information about a principal owner's 
ethnicity, race, or sex''), and 107(a)(19)-10 (``Reporting for fewer 
than four principal owners'').
---------------------------------------------------------------------------

    \725\ These comments were proposed comments 107(a)(20)-6 and 
107(a)(20)-7. These proposed comments generally correspond with 
final comments 107(a)(19)-13 and 107(a)(20)-14.
    \726\ The clarification was originally at proposed comments 
107(a)(20)-6.iv and -7.iv.
---------------------------------------------------------------------------

Proposed Rule--Collecting Sex
    Proposed comment 107(a)(20)-8 would have clarified that a financial 
institution is required to permit an applicant to provide a principal 
owner's sex using one or more of the following categories: Male, 
Female, the applicant prefers to self-describe their sex (with the 
ability of the applicant to write in or otherwise provide additional 
information), and also would have permitted the applicant to refuse to 
provide the information. The sex categories would have also been on the 
sample data collection form proposed as appendix E, in response to a 
query about the principal owner's ``Sex,'' with a direction to ``Check 
one or more.'' Instruction 6 of proposed appendix G would have 
similarly required financial institutions to permit applicants to use 
the sex categories as listed on proposed appendix E as responses for a 
principal owner's sex.
    In the NPRM, the Bureau stated that it was generally proposing that 
financial institutions use the sex categories from Regulation C when 
requesting that applicants provide the sex information of their 
principal owners, but that it was also proposing the self-describe 
response option. The Bureau explained that Federal, State, and local 
government agencies have been moving to providing additional options 
for designating sex. At the Federal level, the Bureau noted that, for 
example, the Department of State had announced that it was planning to 
offer the option of a new gender marker for non-binary, intersex, and 
gender non-conforming persons for passports and Consular Reports of 
Birth Abroad as an alternative to male or female.\727\ The Bureau also 
noted that the Food and Drug Administration includes the gender options 
of female, male, intersex, transgender, and ``prefer not to disclose'' 
on certain patient forms.\728\ The Bureau also discussed how a number 
of States and the District of Columbia, as well as some local 
governments, offer an alternative sex or gender designation to male and 
female (e.g., ``X'') on government-issued documents and forms such as 
drivers' licenses and identification cards, and in some cases birth 
certificates.\729\
---------------------------------------------------------------------------

    \727\ See U.S. Dep't of State, Proposing Changes to the 
Department's Policies on Gender on U.S. Pass ports and Consular 
Reports of Birth Abroad (June 30, 2021), https://www.state.gov/proposing-changes-to-the-departments-policies-on-gender-on-u-s-passports-and-consular-reports-of-birth- abroad/. The Department of 
State subsequently made this option available in April 2022. See 
U.S. Dep't of State, X Gender Marker Available on U.S. Passports 
Starting April 11, 2022 (Mar. 31, 2022), https://www.state.gov/x-gender-marker-available-on-u-s-passports-starting-april-11/.
    \728\ See U.S. Food & Drug Admin., MedWatch forms FDA 3500 and 
3500A (Sept. 12, 2018) (approved under OMB No. 0910-0291), https://www.fda.gov/media/76299/download and https://www.fda.gov/media/69876/download.
    \729\ See, e.g., Cal. S.B. 179, Gender identity: female, male or 
nonbinary (Oct. 16, 2017), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB179; State of California 
Dep't of Motor Vehicles, Driver's License or ID Card Updates, 
https://www.dmv.ca.gov/portal/driver-licenses-identification-cards/updating-information-on-your-driver-license-or-identification-dl-id-card/ (last visited Mar. 20, 2023); Colo. Dep't of Revenue, Change 
of Sex Designation, https://drive.google.com/file/d/1PeYZd7U43ar6Flg8lFAT1Etg1EPdLVUy/view; State of Connecticut Dep't 
of Motor Vehicles, Gender Designation on a License or Identification 
Card, https://portal.ct.gov/-/media/DMV/20/29/B-385.pdf; District of 
Columbia Dep't of Motor Vehicles, Procedure For Establishing or 
Changing Gender Designation on a Driver License or Identification 
Card (June 13, 2017), https://dmv.dc.gov/sites/default/files/dc/sites/dmv/publication/attachments/DC%20DMV%20Form%20Gender%20Self-Designation%20English.pdf, DC Driver License or Identification Card 
Application (Jan. 2019), https://dmv.dc.gov/sites/default/files/dc/sites/dmv/publication/attachments/DMV%20BOE%20Application_2-25-19.pdf; Maine Bureau of Motor Vehicles, Gender Designation Form 
(Nov. 4, 2019), https://www1.maine.gov/sos/bmv/forms/GENDER%20DESIGNATION%20FORM.pdf; State of Nevada Dep't of Motor 
Vehicles, Name Changes, https://dmvnv.com/namechange.htm; State of 
New Jersey Dep't of Health, Off. of Vital Statistics and Registry, 
Request Form and Attestation (REG-L2) to Amend Sex Designation to 
Reflect Gender Identity on a Birth Certificate--Adult (Feb. 2019), 
https://www.nj.gov/health/forms/reg-l2_1.pdf; 2019 N.J. Sess. Law 
Serv. ch. 271; New Mexico Motor Vehicle Div., Request for Sex 
Designation Change, http://realfile.tax.newmexico.gov/mvd10237.pdf; 
New Mexico Dep't of Health, Request to Change Gender Designation on 
a Birth Certificate (Oct. 2019), https://www.nmhealth.org/publication/view/form/5429/; Virginia Dep't of Motor Vehicles, 
Driver's License and Identification Card Application (July 1, 2021), 
https://www.dmv.virginia.gov/webdoc/pdf/dl1p.pdf; Washington State 
Dep't of Licensing, Change of Gender Designation (Nov. 2019), 
https://www.dol.wa.gov/forms/520043.pdf; N.Y. City Dep't of Homeless 
Servs., Off. of Policy, Procedures and Training, Transgender, Non-
binary, and Intersex Clients (July 15, 2019), https://www1.nyc.gov/assets/dhs/downloads/pdf/dhs_policy_on_serving_transgender_non_binary_and_intersex_clients.pdf
.
---------------------------------------------------------------------------

    The Bureau further explained that the Supreme Court's 2020 opinion 
in Bostock v. Clayton County had concluded that sex discrimination 
encompasses sexual orientation discrimination and gender identity 
discrimination, and that these forms of discrimination necessarily 
involve consideration of sex.\730\ The Supreme Court reached this 
conclusion in the context of title VII of the Civil Rights Act of 1964, 
as amended,\731\ which prohibits sex discrimination in employment.\732\ 
Following the issuance of the Supreme Court's opinion, the Bureau 
issued an interpretive rule clarifying that ECOA's and Regulation B's 
prohibition on discrimination based on sex protects against 
discrimination based on sexual orientation, gender identity, actual or 
perceived nonconformity with sex-based or gender-based stereotypes, and 
the sex of people associated with the applicant.\733\ The Bureau noted 
that other Federal agencies have similarly clarified that other 
statutes that protect against discrimination based on sex protect 
against discrimination based on sexual orientation and gender 
identity.\734\
---------------------------------------------------------------------------

    \730\ See Bostock, 140 S. Ct. 1731.
    \731\ 42 U.S.C. 2000e et seq.
    \732\ Bostock, 140 S. Ct. 1731.
    \733\ 86 FR 14363 (Mar. 16, 2021). See also Letter from CFPB to 
Serv. & Advocacy for GLBT Elders (SAGE) (Aug. 30, 2016), https://files.consumerfinance.gov/f/documents/cfpb_sage-response-letter_2021-02.pdf.
    \734\ See, e.g., 86 FR 32637 (June 22, 2021) (Department of 
Education interpreting title IX of the Education Amendments of 
1972); 86 FR 27984 (May 25, 2021) (Department of Health and Human 
Services interpreting section 1557 of the Affordable Care Act); 
Memorandum from Jeanine M. Worden, Acting Assistant Secretary for 
Fair Housing and Equal Opportunity, Implementation of Executive 
Order 13988 on the Enforcement of the Fair Housing Act (Feb. 11, 
2021), https://www.hud.gov/sites/dfiles/PA/documents/HUD_Memo_EO13988.pdf (Department of Housing and Urban Development 
interpreting the Fair Housing Act).

---------------------------------------------------------------------------

[[Page 35362]]

    The Bureau additionally explained that some other Federal agencies 
had also begun to re-consider how they collect information on sex by 
including questions about sexual orientation and gender identity as 
part of questions about sex. The Bureau cited the example of the Census 
Bureau's Household Pulse Survey,\735\ which asks questions about sex 
assigned at birth, current gender identity, and sexual 
orientation.\736\ The Bureau also noted that other Federal agencies and 
initiatives have encouraged sexual orientation and gender identity data 
collection in health care settings.\737\
---------------------------------------------------------------------------

    \735\ U.S. Census Bureau, Phase 3.2 Household Pulse Survey 
(undated), https://www2.census.gov/programs-surveys/demo/technical-documentation/hhp/Phase_3.2_Household_Pulse_Survey_FINAL_ENGLISH.pdf. As of the date 
of this document, the Household Pulse Survey is in Phase 3.7, which 
started on December 9, 2022. See U.S. Census Bureau, Household Pulse 
Survey Phase 3.7 (Dec. 9, 2022, updated Dec. 14, 2022), https://www.census.gov/newsroom/press-releases/2022/household-pulse-phase-3-7.html. The survey questionnaire used for Phase 3.7 includes the 
same three questions noted by the Bureau in the NPRM. See U.S. 
Census Bureau, Phase 3.7 Household Pulse Survey (undated), https://www2.census.gov/programs-surveys/demo/technical-documentation/hhp/Phase_3-7_Household_Pulse_Survey_ENGLISH.pdf.
    \736\ Specifically, the Household Pulse Survey includes the 
following three questions: (1) What sex were you assigned at birth, 
on your original birth certificate? (A respondent could provide a 
response of male or female.); (2) Do you currently describe yourself 
as male, female or transgender? (A respondent also could provide a 
response of ``none of these.''); (3) Which of the following best 
represents how you think of yourself? (A respondent may select from 
the following responses: (a) Gay or lesbian; (b) Straight, that is 
not gay or lesbian; (c) Bisexual; (d) Something else; or (e) I don't 
know.
    \737\ See, e.g., Off. of Disease Prevention & Health Promotion, 
Healthy People (2020), https://www.healthypeople.gov/2020/topics-objectives/topic/lesbian-gay-bisexual-and-transgender-health; Off. 
of the Nat'l Coordinator of Health Info. Tech., 2021 
Interoperability Standards Advisory (2021), https://www.healthit.gov/isa/sites/isa/files/inline-files/2021-ISA-Reference-Edition.pdf; Ctrs. for Disease Control & Prevention, 
Collecting Sexual Orientation and Gender Identity Information (Apr. 
1, 2020), https://www.cdc.gov/hiv/clinicians/transforming-health/health-care-providers/collecting-sexual-orientation.html.
---------------------------------------------------------------------------

    The Bureau explained that in light of feedback it received during 
the SBREFA process, among other matters, the Bureau was proposing to 
add the option for ``I prefer to self-describe'' (with the ability of 
the applicant to write in or otherwise provide additional information) 
for the principal owner's sex in addition to the options currently used 
on the HMDA sample data collection form.
    Proposed comment 107(a)(20)-8 would have explained that a financial 
institution would have been required to permit an applicant to provide 
a principal owner's sex using one or more of the following categories: 
Male, Female, and/or that the principal owner prefers to self-describe 
their sex. It would have further explained that, if an applicant 
indicated that a principal owner preferred to self-describe their sex, 
the financial institution would have been required to permit the 
applicant to provide additional information about the principal owner's 
sex. The financial institution would have been required to report to 
the Bureau the additional information provided by the applicant as 
free-form text.
    Proposed comment 107(a)(20)-8 would have stated that a financial 
institution would be required to permit an applicant to select as many 
categories as the applicant chooses and that the financial institution 
would report the category or categories selected by the applicant, 
including any additional information provided by the applicant, or 
would report that the applicant refused to provide the information or 
failed to respond. It would have clarified that a financial institution 
would not have been permitted to report sex based on visual 
observation, surname, or any basis other than the applicant-provided 
information. Finally, proposed comment 107(a)(20)-8 would have 
explained how a financial institution would report sex if an applicant 
had fewer than four principal owners, would have provided an example, 
and would have directed financial institutions to proposed appendix G 
for additional information on collecting and reporting a principal 
owner's sex.
    The Bureau sought comment on its proposed approach to requesting 
information about a principal owner's sex, including the opportunity 
for self-identification (by allowing the applicant to write in or 
otherwise provide additional information). The Bureau also sought 
comment on whether the sample data collection form should list examples 
from which the applicant could choose. The Bureau also sought comment 
on whether, alternatively, sex should be collected solely via the ``I 
prefer to self-describe'' option (with the ability of an applicant to 
write in or otherwise provide additional information). The Bureau also 
sought comment on whether applicants should be restricted from 
designating more than one category for a principal owner's sex.
    The Bureau also sought comment on whether financial institutions 
should be required to ask separate questions regarding sex, sexual 
orientation, and gender identity and, if so, what categories should be 
offered for use in responding to each question. The Bureau also sought 
comment on whether it should adopt a data point to collect an 
applicant's lesbian, gay, bisexual, transgender, or queer plus 
(LGBTQ+)-owned business status, similar to the way it proposed to 
collect minority-owned business status and women-owned business status 
under proposed Sec.  1002.107(a)(18) and (19).\738\ The Bureau also 
sought comment on whether including such questions would improve data 
collection or otherwise further section 1071's purposes, as well as 
whether it would pose any particular burdens or challenges for 
industry.
---------------------------------------------------------------------------

    \738\ For a discussion of the comments received by the Bureau 
with regard to its request for comment on whether to include a data 
point to collect information about applicants' LGBTQ+-owned business 
status, the Bureau refers readers to the section-by-section analyses 
of Sec. Sec.  1002.102(k) (definition of LGBTQI+ individual), 
1002.102(l) (definition of LGBTQI+-owned business), and 
1002.107(a)(18) (minority-owned, women-owned, and/or LGBTQI+-owned 
business status).
---------------------------------------------------------------------------

    Finally, the Bureau also requested information on Federal, State, 
and local government initiatives, as well as private sector 
initiatives, involving questions regarding sexual orientation and 
gender identity in demographic information.
Comments Received--Collecting Sex
    The Bureau received comments from community groups, banks, trade 
associations, and individuals on its proposal for collecting 
information about principal owners' sex. Commenters addressed both 
general issues as well as specific aspects of the proposal, including 
whether to collect sexual orientation and gender identity data.
    General comments. A couple of commenters opposed collecting 
information about principal owners' sex. An individual commenter stated 
that it does not make sense to collect such information because 
society's view of gender is still evolving. A lender suggested removing 
the sex of principal owners (along with several other data points) to 
reduce the amount of detail in the rule.
    One industry commenter supported the collection of sex data as 
proposed; others supported the Bureau's proposal but suggested that the 
Bureau use the term ``gender'' instead of ``sex'' to be consistent with 
modern usage. One suggested that the Bureau also include sex category 
options for transgender and nonbinary.
    Another commenter said that sharing information about principal 
owners' gender identity and sexual orientation should be voluntary for 
applicants,

[[Page 35363]]

noting that individuals that are a part of the lesbian, gay, bisexual, 
transgender, queer, intersex, and asexual (LGBTQIA) community are 
concerned about harassment and should be protected.
    Collection of sexual orientation and gender identity information. 
Most of the comments received by the Bureau in response to its proposal 
for collecting information about a principal owner's sex were in the 
context of whether the Bureau should also collect information about 
principal owners' sexual orientation and gender identity.
    Several banks, trade associations, and individual commenters 
opposed adding inquiries about principal owners' sexual orientation and 
gender identity to the final rule. A few stated that bank employees 
would feel uncomfortable requesting this information; that applicants 
would refuse to provide the information or would be offended by the 
questions; or that separate questions for sex, sexual orientation, and 
gender identity would be invasive.
    A few of these commenters stated that requiring financial 
institutions to ask separate questions for sex, sexual orientation, and 
gender identity could potentially further segregate and stigmatize 
LGBTQ individuals and their businesses, when members of that community 
already face bias and discrimination. These commenters also raised 
concerns about the security of the collected information, noting that 
storing it with financial institutions and in a nationwide database 
exposes the information to not only a number of persons with authorized 
access but also potentially to hackers. These commenters stated that 
although there is some protection from employment discrimination under 
Federal law due to Bostock, there are States where discrimination 
against LGBTQ individuals in other forms is legal and inferences about 
one's sexuality could have serious negative impacts. The commenters 
also expressed concern that the information could be used for other 
purposes, with one commenter additionally expressing a concern that 
such previously collected data could be used for unintended purposes. 
Another commenter stated that the information should be requested only 
if information is also provided to applicants to allow them to make 
informed decisions about providing the information, which includes a 
warning that discrimination based on sexual orientation may be allowed 
in certain States. Some commenters also opposed collecting information 
on principal owners' gender identity and sexual orientation, on the 
grounds that such information is not needed by financial institutions 
to make loans and it should have no bearing on an applicant's ability 
to qualify for a loan.
    Several other industry commenters expressed concern that adding 
more inquiries to a demographic data collection form would add 
complexity to the collection process and increase the burden on 
financial institutions. One urged the Bureau to not include inquiries 
about such personal information in the business lending process without 
more stakeholder input as to the benefits and burdens of collecting the 
data and before publishing such sensitive information. These commenters 
also suggested that the Bureau give financial institutions the option 
of collecting the information.
    Some commenters suggested that the Bureau should include only 
``Male'' and ``Female'' categories as responses to a request for a 
principal owner's sex information. One bank opposed the inclusion of 
options for gender choices and free-form text, stating that there are 
many possible gender categories and including those categories or a 
write-in field could dilute the data and lead to inconclusive findings. 
Several lenders also specifically urged use of only ``Male'' and 
``Female'' categories as answer options in the final rule, for 
alignment with sex categories used to collect HMDA data, on the grounds 
that it would avoid confusion among financial institutions and 
applicants, promote efficient implementation and reporting, reduce 
administrative complexity, and facilitate compliance. One bank 
expressed concern about use of the proposed self-describe sex response 
option for applications reported under both HMDA and section 1071.
    In contrast, a range of commenters, including many community 
groups, research and advocacy groups, community-oriented lenders, and 
individual commenters, urged the Bureau to require the collection of 
more detailed and accurate information about gender identity and sexual 
orientation than would be collected under the Bureau's proposal. These 
commenters generally stated that more detailed information is necessary 
to account for small businesses owned by people with intersectional 
identities and orientations, to see if they experience discrimination, 
enforce fair lending laws, and to allow policymakers and the public to 
have a better understanding of and address gaps and community needs. 
Several commenters asserted that to the final rule should reflect that 
gender is not binary and be more inclusive. Others argued that 
collecting principal owners' gender identity information will enhance 
the Bureau's and the public's ability to enforce ECOA for transgender 
individuals and gender minorities and collecting their sexual 
orientation information will likewise facilitate the same as to 
lesbians, gays, bisexuals, and other sexual minorities, consistent with 
the purposes of section 1071. Another commenter stated that collecting 
information about gender identity and sexual orientation would reduce 
the burden of implementing future legislation requiring such 
collection.\739\ Another commenter said that collecting data on gender 
identity and sexual orientation would allow lenders, especially CDFIs, 
to be more accountable to their mission of economic justice and 
financial inclusion. Some commenters urged the Bureau to follow best 
practices and directed the Bureau to resources made available and 
research conducted by the Williams Institute at the University of 
California Los Angeles School of Law.
---------------------------------------------------------------------------

    \739\ The commenter cited the LGBTQ Business Equal Credit 
Enforcement and Investment Act (H.R. 1443, 117th Cong. (2021)), 
which sought to amend ECOA section 704B to require the collection of 
an applicant's principal owners' sexual orientation and gender 
identity, in addition to information about sex.
---------------------------------------------------------------------------

    A number of these commenters urged the Bureau to not conflate lines 
of inquiry for gender identity and sexual orientation, with some 
specifically suggesting separate sets of questions, either in addition 
to or in place of, the inquiry about principal owners' sex as proposed 
by the Bureau.\740\
---------------------------------------------------------------------------

    \740\ For example, some commenters suggested separate categories 
for gender (Cis woman, Cis man, Trans woman, Trans man, Non-binary 
or gender non-conforming, and Other (with a write-in text field)) 
and sexual orientation (straight/heterosexual, bisexual, and queer, 
and other (with a write-in text field)).
---------------------------------------------------------------------------

    One commenter stated that respondents are unlikely to consider 
sexual orientation and gender identity to be sensitive and would likely 
provide their information, citing a study as to the collection of such 
information in health centers and another relating to attitudes of 
sexual minorities responding to a 2020 survey administered by the 
Census Bureau. Commenters also noted that other Federal surveys ask 
questions about gender identity and sexual orientation, including the 
Census Bureau and the Centers for Disease Control and Prevention, and 
that questions to identify transgender respondents are included on 
State and investigator-led surveys. One commenter asserted that the 
proposal collects less information than other Federal agencies, citing 
the example of the Census Bureau.

[[Page 35364]]

    Commenters also noted that the Federal government has long 
considered what best practices should apply for the measurement of 
sexual orientation and gender identity information, such as through the 
Federal Interagency Working Group on Improving Measurement of Sexual 
Orientation and Gender Identity in Federal Surveys, and by 
commissioning a study looking at the measurement of sex, gender 
identity, and sexual orientation through the National Academies of 
Sciences, Engineering, and Medicine (the National Academies).\741\
---------------------------------------------------------------------------

    \741\ Since the comment period for the NPRM closed, the National 
Academies published its report on the study. See Nat'l Acad. of 
Scis., Eng'g, & Med., Measuring Sex, Gender Identity, and Sexual 
Orientation (2022), https://www.ncbi.nlm.nih.gov/books/NBK578625/pdf/Bookshelf_NBK578625.pdf.
---------------------------------------------------------------------------

    Legal authority. Several research and advocacy organizations argued 
that the Bureau has the legal authority to collect information about 
the gender identity and sexual orientation of principal owners. 
Generally, these commenters stated that ECOA and section 1071 provide 
the Bureau with a broad grant of authority to issue regulations 
requiring the collection of gender identity and sexual orientation 
data. The commenters also highlighted that unlawful discrimination 
based on ``sex'' under ECOA includes discrimination based on sexual 
orientation and gender identity, consistent with the U.S. Supreme 
Court's decision in Bostock. As a result, they said, collecting sexual 
orientation and gender identity data would facilitate the purposes of 
section 1071 by enhancing the agency's ability to understand small 
business lending discrimination based on sexual orientation and gender 
identity, enforce fair lending laws, and identify business and 
community development needs and opportunities of small businesses.
    However, several industry commenters argued that the collection of 
sexual orientation and gender identity information is not clearly 
required. One stated that there is no indication in the statute that 
Congress intended the term ``sex'' as used in section 1071 to encompass 
sexual orientation and/or gender identity. Another emphasized that the 
statute focuses on the collection and reporting of data about the 
defined term ``women-owned businesses,'' and asserted it is thus not 
apparent that the section 1071 data collection is meant to include such 
data. Another commenter argued that neither Congress nor the Supreme 
Court in Bostock has taken specific action to change the scope of the 
prohibition against sex discrimination in ECOA to include 
discrimination on the bases of sexual orientation and gender identity.
    Need for information on gender identity and sexual orientation. 
Some community groups and research and advocacy organizations generally 
stated that data are needed to understand LGBTQI+ individuals' and 
business owners' experiences in accessing small business credit. Some 
emphasized that available Federal small business or fair lending data 
do not currently include sexual orientation and gender identity 
information. One commenter noted that the Federal data that exist on 
LGBTQ individuals' access to credit are generally limited to the 
population of cohabitating same-sex couples because such data are often 
collected through a marital status question on Census Bureau surveys.
    Nevertheless, these commenters stated that available research 
suggests that sexual and gender minorities encounter discrimination 
when attempting to access credit. The commenters cited research, based 
on the 2019 Federal Reserve Board Survey of Household Economic 
Decisionmaking, finding that LGBT individuals (and particularly LGBT 
persons of color and depending on gender) are more likely to have their 
applications for credit rejected and that they are more likely to be 
approved for less credit than they wanted.\742\ The commenters stated 
that studies based on HMDA data have also found that same-sex couples 
are denied home loans more often and that the loans they do receive 
have higher interest rates and fees than different-sex couples of 
similar financial and credit quality. Similarly, loans made in 
neighborhoods with a higher density of LGBTQI+ individuals generally 
have higher interest rates and fees than neighborhoods with a lower 
density.\743\ One commenter stated that the analysis likely understates 
these disparities due to HMDA data limitations.\744\ A research and 
policy organization focusing on gender identity and sexual orientation 
issues also cited reports and analyses highlighting disparities in home 
ownership between LGBT adults and non-LGBT adults, same-sex couples and 
different-sex couples, and among sexual minorities versus heterosexual 
individuals and also suggesting that home ownership among transgender 
adults is particularly low.\745\ This commenter also stated that such 
research noting disparities among LGBTQI+ persons based upon race, sex, 
and sexual orientation suggests that the data collected under section 
1071 should allow identification of individuals who may have 
intersectional identities.
---------------------------------------------------------------------------

    \742\ Spencer Watson et al., Ctr. for LGBTQ Econ. Advancement & 
Rsch., The Economic Well-Being of LGBT Adults in the U.S. in 2019 
(2021), https://lgbtq-economics.org/wp-content/uploads/2021/06/The-Economic-Well-Being-of-LGBT-Adults-in-2019-Final-1.pdf.
    \743\ See Jason Richardson & Karen Kali, Nat'l Cmty. 
Reinvestment Coal., Same-Sex Couples and Mortgage Lending (June 22, 
2020), https://ncrc.org/same-sex-couples-and-mortgage-lending/; Hua 
Sun & Lei Gao, Lending Practices to Same-Sex Borrowers, 116 Procs. 
of the Nat'l Acad. of Sci. (PNAS) PROCs. NAT'L ACAD. SCI. 9293 (Mar. 
16, 2019), https://doi.org/10.1073/pnas.1903592116.
    \744\ See Jason Richardson & Karen Kali, Nat'l Cmty. 
Reinvestment Coal., Same-Sex Couples and Mortgage Lending (June 22, 
2020), https://ncrc.org/same-sex-couples-and-mortgage-lending/.
    \745\ Studies cited by the commenters include, for example: Adam 
P. Romero, Shoshana K. Goldberg, & Luis A. Vasquez, Williams Inst., 
LGBT People and Housing Affordability, Discrimination, and 
Homelessness (2020), https://williamsinstitute.law.ucla.edu/wp-content/uploads/LGBT-Housing-Apr-2020.pdf; Kerith Conron, Williams 
Inst., Financial Services and the LGBTQ+ Community: A Review of 
Discrimination in Lending and Housing, Testimony Before the 
Subcommittee on Oversight and Investigations (2019), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Testimony-US-House-Financial-Services-Oct-2019.pdf; Freddie Mac, The LGBT 
Community: Buying and Renting Homes (2018), http://www.freddiemac.com/fmac-resources/research/pdf/Freddie_Mac_LGBT_Survey_Results_FINAL.pdf; Kerith J. Conron, 
Shoshana K. Goldberg, & Carolyn T. Halpern, Sexual Orientation and 
Sex Differences in Socioeconomic Status: A Population-Based 
Investigation in the National Longitudinal Study of Adolescent to 
Adult Health, 72 J. Epidemiology & Cmty. Health 1016 (Nov. 2018), 
https://pubmed.ncbi.nlm.nih.gov/30190439.
---------------------------------------------------------------------------

    Commenters also noted that LGBTQI+ individuals and businesses are 
key parts of the population and economy in this country, yet face 
discrimination and disparities in a number of areas. They stated that 
there are an estimated 11 million LGBT adults, which make up around 4.5 
percent of the total U.S. adult population. They stated that high 
numbers of LGBTQ adults have self-reported experiences with physical 
and verbal abuse and violence, job loss, and workplace harassment and 
discrimination. They also noted that prior to the COVID-19 pandemic, 
LGBTQ individuals were more likely to report having experienced 
economic hardship, from unemployment, homelessness, and in other areas. 
The commenters also emphasized that studies show that during the 
pandemic, LGBTQ adults, and particularly LGBTQ people of color and 
gender minorities, have disproportionately experienced the negative 
financial effects of the COVID-19 pandemic, including food insecurity, 
job loss, and housing insecurity.\746\ One

[[Page 35365]]

commenter also highlighted that research shows that transgender 
individuals are disadvantaged as compared to their cisgendered 
counterparts across a number of socio-economic factors, such as 
education levels and percentages living at or below the poverty level, 
among others.\747\
---------------------------------------------------------------------------

    \746\ See Thom File & Joey Marshall, U.S. Census Bureau, 
Household Pulse Survey Shows LGBT Adults More Likely to Report 
Living in Households With Food and Economic Insecurity Than Non-LGBT 
Respondents (Aug. 11, 2021), https://www.census.gov/library/stories/2021/08/lgbt-community-harder-hit-by-economic-impact-of-pandemic.html; Brad Sears, Kerith J. Conron, & Andrew R. Flores, 
Williams Inst., The Impact of the Fall 2020 COVID-19 Surge on LGBT 
Adults in the US (Feb. 2021), https://williamsinstitute.law.ucla.edu/wp-content/uploads/COVID-LGBT-Fall-Surge-Feb-2021.pdf; Christy Mallory, Brad Sears, & Andrew R. Flores, 
Williams Inst., COVID-19 and LGBT Adults Ages 45 and Older in the US 
(May 2021), https://williamsinstitute.law.ucla.edu/wp-content/uploads/COVID-LGBT-45-May-2021.pdf; Kerith J. Conron & Kathryn K. 
O'Neill, Williams Inst., Food Insufficiency Among Transgender Adults 
During the COVID-19 Pandemic (Dec. 2021), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Trans-Food-Insufficiency-Dec-2021.pdf; Movement Advancement Project, The Delta 
Variant & the Disproportionate Impacts of COVID-19 on LGBTQ 
Households in the U.S., Results from an August/September 2021 
National Poll (Nov. 2021), https://www.lgbtmap.org/file/2021-report-delta-impact-v2.pdf.
    \747\ See Kerith J. Conron & Kathryn K. O'Neill, Williams Inst., 
Food Insufficiency Among Transgender Adults During the COVID-19 
Pandemic (Dec. 2021), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Trans-Food-Insufficiency-Dec-2021.pdf.
---------------------------------------------------------------------------

    One commenter cited a study estimating that about 7.7 million LGBT 
adults live in States without explicit statutory protections against 
discrimination on the basis of sexual orientation and gender identity 
in credit.\748\ This commenter also noted research finding that while 
30 States have laws analogous to ECOA, only about half explicitly 
prohibit discrimination on the basis of sexual orientation or gender 
identity, leaving a significant number of LGBT adults in the United 
States without protection from credit discrimination under State 
law.\749\ Further, this commenter stated that LGBTQ businesses may 
generally have a particular need for credit, because they often lack 
the family support other small business entrepreneurs may rely upon to 
begin their businesses.
---------------------------------------------------------------------------

    \748\ Kerith J. Conron & Shoshana K. Goldberg, Williams Inst., 
LGBT People in the US Not Protected by State Non-Discrimination 
Statutes (Apr. 2020), https://williamsinstitute.law.ucla.edu/wp-content/uploads/LGBT-ND-Protections-Update-Apr-2020.pdf.
    \749\ Christy Mallory, Luis A. Vasquez, & Celia Meredith, 
Williams Inst., Legal Protections for LGBT People After Bostock v. 
Clayton County (Aug. 2020), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Bostock-State-Laws-Jul-2020.pdf.
---------------------------------------------------------------------------

    Suggestions for collecting sexual orientation and gender identity 
information. A number of commenters suggested specific modifications to 
the Bureau's proposal, generally by either adding response categories 
to the proposed (single) inquiry about a principal owner's sex; by 
recommending two separate inquiries for the identification of a 
principal owner's gender (as opposed to sex) and sexual orientation; or 
by suggesting separate inquiries as to each of a principal owner's sex, 
gender identity, and sexual orientation.
    Generally, commenters who suggested additional response categories 
suggested adding such options in the context of a single inquiry for 
information about a principal owner's sex. Some commenters suggesting 
adding an additional category, such as ``Other,'' to allow the Bureau 
to analyze whether nonbinary individuals face discrimination from 
lenders and urged the Bureau to avoid a data collection that forces 
applicants to provide their principal owners' information on a strict 
binary sex/gender basis. Several industry commenters suggested the 
Bureau remove the self-describe option with a write-in text field with 
a third category, such as ``non-binary.'' These commenters expressed 
concern that the write-in text field may create data integrity problems 
or add complexity to reporting standards.
    Other commenters suggested specific sex categories for the Bureau's 
consideration. A group of trade associations suggested adding sex 
categories for transgender and nonbinary. A community group suggested 
adding a ``non-binary'' sex category and any others according to best 
practices, in order to bring transparency as to the treatment of that 
population. Another suggested adding ``Non-binary,'' ``Transgender 
Male,'' ``Transgender Female,'' stating that these categories are 
widely accepted by the LGBTQ community, will provide more data, and 
will be more inclusive. This commenter also supported allowing 
applicants to select one or more options. A CDFI lender recommended 
that the Bureau include a list of examples that an applicant could 
refer to when self-describing, like intersex, non-binary, or 
transgender. This commenter stated that providing examples for the 
self-describe option would streamline the data collection and analysis.
    A bank suggested that instead of requesting information from 
applicants about their principal owners' sex, that the Bureau identify 
a principal owners' information based on what is listed on the 
principal owner's driver's license. The bank noted that some states, 
like New York, allow residents who identify as nonbinary or intersex to 
use an ``X'' marker on their State driver's licenses and stated that 
beneficial owners' driver's licenses must be provided as a result of 
FinCEN's customer due diligence rule when an account is opened. The 
bank acknowledged that different states may not allow the use of an 
``X'' marker and that some principal owners may not identify with the 
gender marker on their driver's license but suggested that aligning the 
data collection with this supporting documentation would remove the 
potential for error and regulatory scrutiny.
    Some commenters urged the Bureau to revise its proposal to include 
two sets of inquiries, one addressing gender identity and the other 
sexual orientation, each with multiple categories from which an 
applicant could select. One community group suggested two separate 
inquiries are necessary, to accurately measure disparities and 
discrimination. The community group suggested that for the inquiry 
about gender identity, response options could include ``Male,'' 
``Female,'' ``Transgender,'' and ``Do not identify as female, male, or 
transgender.'' For the inquiry about sexual orientation, the community 
group stated response options could include ``Straight,'' ``Gay or 
lesbian,'' ``Bisexual,'' and ``Transsexual, or gender non-conforming.'' 
This commenter also suggested the Bureau consult experts on these 
issues. Some other community groups suggested that, to reflect current 
language around gender-identity and expression, categories for gender 
should include ``Cis woman,'' ``Cis man,'' ``Trans woman,'' ``Trans 
man,'' ``Non-binary or gender non-conforming,'' and ``Other'' (with a 
write-in text field). For sexual orientation, the commenters suggested 
``Straight/heterosexual,'' ``Bisexual,'' ``Queer,'' and ``Other'' (with 
a write-in text field). One commenter noted that the answer options for 
each inquiry should include those to allow the applicant to choose not 
to state its response and an ``Other'' option (with a write-in text 
field).
    Several research and policy organizations focusing on gender 
identity and sexual orientation issues generally stated that because 
sex, sexual orientation, and gender identity are related but 
intellectually distinct concepts, the Bureau should collect such 
information through three separate inquiries addressing each concept 
instead of through one question asking about a principal owner's sex. A 
community group stated that the Bureau's proposal does not sufficiently 
encompass gender, gender identity, and sexual orientation to address 
fair lending concerns.

[[Page 35366]]

    Research and policy organizations also suggested the Bureau take an 
approach similar to that used in the Census Bureau's Household Pulse 
Survey, which they characterized as taking a ``two-step'' approach to 
asking about a respondent's sex, with one question about the 
respondent's sex assigned at birth and a second question about their 
current gender. They also recommended the Household Pulse Survey 
approach in asking a separate question about sexual orientation, which 
the commenters noted aligns with a recommendation from a 2009 Sexual 
Minority Assessment Research Team report \750\ on best practices for 
asking questions about sexual orientation on surveys. One also urged 
the Bureau to examine a two-step approach to sex for the final rule, 
noting that it was based on research and recommended by a panel of 
experts known as the Gender Identity in U.S. Surveillance group, 
through the Williams Institute at the University of California Los 
Angeles School of Law, as one that is likely to have high sensitivity 
and specificity in distinguishing transgender and gender minority 
respondents from cisgender respondents.\751\ The commenter also 
recommended that the Bureau consider if any refinements are necessary 
in the context of section 1071, conduct user testing, and also 
coordinate in the future with other Federal agencies to improve its 
measurements of principal owners' sex.
---------------------------------------------------------------------------

    \750\ Sexual Minority Assessment Rsch. Team (SMART), Williams 
Inst., Best Practices for Asking Questions About Sexual Orientation 
on Surveys (2009), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Best-Practices-SO-Surveys-Nov-2009.pdf.
    \751\ The GenIUSS Grp., Williams Inst., Best Practices for 
Asking Questions to Identify Transgender and Other Gender Minority 
Respondents on Population-Based Surveys (Sept. 2014), https://williamsinstitute.law.ucla.edu/publications/geniuss-trans-pop-based-survey/.
---------------------------------------------------------------------------

    For the question about sexual orientation, research and policy 
organizations recommended using the same or similar questions as 
presented in the Census Bureau's Household Pulse Survey and the 2009 
Sexual Minority Assessment Research Team report. A community group also 
suggested that the Bureau adopt the Census Bureau's approach with the 
Household Pulse Survey, but stated that more response categories may be 
necessary to better capture the LGBTQIA+ community.
    Selection of multiple responses. The Bureau received several 
responses to the Bureau's question about whether applicants should be 
restricted from designating more than one category for a principal 
owner's sex. Two commenters supported the Bureau's proposal to allow an 
applicant to select multiple sex categories, stating that limiting 
applicants to one answer option may be viewed as marginalizing the 
principal owner's personal characteristics for individuals whose gender 
is fluid. Another suggested allowing the selection of just one response 
category, which it said would streamline data collection. Two research 
and policy organizations suggested that the Bureau limit applicants 
from selecting more than one response to the inquiry about sex assigned 
at birth because medical records in the United States generally allow 
only male or female sex assignments. They also suggested that the 
Bureau allow just one selection in response to a question about sexual 
orientation. But for gender identity, the applicant suggested allowing 
applicants to select multiple response options.
    Self-describe response option. Several commenters supported the 
Bureau's proposed ``I prefer to self-describe'' option (with the 
ability to write in or otherwise provide additional information). A 
business advocacy group stated that the information collected from the 
option will bring attention to inequitable lending practices based on 
gender identity. As noted above, one commenter supported the proposed 
answer option, but suggested that the Bureau include a list of 
examples. The commenter opposed, however, the use of the option as the 
only way to collect information about principal owners' sex. Another 
commenter supported having the ``I prefer to self-describe'' option as 
the only way used to collect sex information, stating that this 
approach would promote diversity and acceptance and that the Bureau's 
proposal may make applicants feel uncomfortable expressing their true 
gender identity.
    However, several industry and research and policy organization 
commenters opposed the proposed ``I prefer to self-describe'' option. 
One commenter said it would be confusing for applicants and bank 
employees, and recommended having the Bureau's data collection for 
principal owners' sex match that under Regulation C. Other commenters 
generally cited data quality concerns related to potential write-in 
field responses. Two such commenters noted that in the HMDA free-form 
ethnicity and race data, they commonly see responses that would fit 
into an existing category and expressed concern that similar issues 
would arise under the Bureau's proposal. Two industry commenters also 
noted that the write-in field could diminish the accuracy and utility 
of collected data, because fewer responses would be reported for other 
listed categories. One industry commenter also noted that a write-in 
field may add complexity to reporting standards. Another stated that 
the Bureau may encounter varying spellings and misspellings, which 
would create reporting burdens and diminish the accuracy of the 
information received by the Bureau.
    A research and policy organization stated that because the Bureau 
will not be including write-in responses in what is released to or 
analyzed for the public, write-in responses allowing applicants to 
self-describe their principal owners' sex, sexual orientation, or 
gender identity would prevent respondents from being included in the 
data for analysis. The commenter suggested that the Bureau assess the 
performance of questions as to gender identity and sexual orientation 
first and then make revisions as needed. The commenter also stated that 
it also did not recommend including the proposed ``I prefer to self-
describe'' option as a way to capture individuals with intersex traits, 
and noted that it is not generally recommended that researchers capture 
information on intersex status through a question on sex.
    Other research and policy organizations stated a concern that free-
form text responses would require substantial effort by the Bureau and 
others to distinguish transgender individuals and gender minorities 
from respondents using the ``I prefer to self-describe'' option, even 
though female or male responses would have been appropriate. This 
commenter noted that analysis of free-form text fields can be time-
intensive and responses challenging to categorize, leading to discarded 
data, reduced sample sizes, lessened statistical power, and potentially 
errors in classification. The commenter also noted that although a 
write-in response for gender identity to capture the many gender 
identities and communities that exist may work in some circumstances, 
it does not recommend it for a data collection of the anticipated size 
and complexity of the effort under section 1071. With regard to sexual 
orientation, the commenter noted that most people with same-sex 
attraction are likely to choose the terms gay, lesbian, or bisexual if 
they are the only terms provided, and thus a self-describe option would 
just reduce the number of identifiably lesbian, gay, and bisexual 
principal owners in the section 1071 data collection and reduce the 
usefulness of the data.

[[Page 35367]]

    Intersex status. Research and policy organizations suggested that 
the Bureau add a specific inquiry regarding variations of sex 
characteristics in the final rule or in the future, to identify 
intersex business owners and their experiences. They emphasized that 
people with variations in sex characteristics may comprise as much as 
1.7 percent of the population. And, although little population-based 
data exists, according to the commenter, intersex people face 
documented social and health disparities. This in turn, they said, 
could affect their economic opportunities. Moreover, according to the 
commenter, the increased visibility of intersex individuals could also 
make small business owners with intersex traits more vulnerable to 
discrimination. They also stated that the Department of Justice's Title 
IX Legal Manual rationale--finding that title IX's prohibition on sex 
discrimination includes discrimination based on sex characteristics, 
including intersex traits--should also apply to ECOA. They noted that a 
consensus study from the National Academies had recommended that the 
Federal government develop and evaluate measures to identify intersex 
populations and recommended that the Bureau review another pending 
National Academies study with recommendations on this area.\752\
---------------------------------------------------------------------------

    \752\ See Nat'l Acads. of Scis., Eng'g, & Med., Understanding 
the Well-Being of LGBTQI+ Populations (2020), https://nap.nationalacademies.org/catalog/25877/understanding-the-well-being-of-lgbtqi-populations. The National Academies has issued the 
report anticipated by the commenter. See Nat'l Acads. of Scis., 
Eng'g, & Med., Measuring Sex, Gender Identity, and Sexual 
Orientation for the National Institutes of Health (2022), https://www.ncbi.nlm.nih.gov/books/NBK578625/pdf/Bookshelf_NBK578625.pdf.
---------------------------------------------------------------------------

Final Rule--Collecting Sex
    For the reasons set forth herein, the Bureau has revised its 
proposal regarding the collection of information about the sex of the 
principal owners of a small business applicant. Under final comment 
107(a)(19)-15, if collecting the information using a paper or 
electronic form, the financial institution must make the request using 
the term ``sex/gender'' and must permit applicants to respond by using 
free-form text. If collecting the information orally, the financial 
institution must inform the applicant of the opportunity to provide 
each principal owner's sex/gender and record the response. As with 
other protected demographic information, the applicant can refuse to 
provide the requested information. Unlike the Bureau's proposal, the 
final rule does not use specific sex categories, such as ``Male'' and 
``Female,'' for a principal owner's sex/gender. The Bureau has made 
conforming changes, removed duplicative content, and updated cross-
references, in comment 107(a)(19)-15 and other comments that relate to 
collection of principal owners' sex.
    As an initial matter, the Bureau believes that collecting 
information about a principal owner's sex, gender identity, and sexual 
orientation is within section 1071's mandate. Following the Supreme 
Court's holding in Bostock, even though the term ``sex'' is not defined 
in ECOA or in Regulation B, the Bureau interprets ECOA's and Regulation 
B's prohibitions against discrimination on the basis of ``sex'' to 
include discrimination based on sexual orientation and gender 
identity.\753\ As stated by the Court, sex discrimination encompasses 
sexual orientation discrimination and gender identity discrimination, 
as those forms of discrimination necessarily involve consideration of 
sex.\754\ Because section 1071 is an enumerated provision of ECOA and 
the final rule is part of Regulation B, this interpretation as to what 
is included within the scope of the term ``sex'' necessarily applies to 
the collection of information about a principal owner's ``sex'' under 
section 1071 as well.
---------------------------------------------------------------------------

    \753\ Bostock, 140 S. Ct. 1731; 86 FR 14363 (Mar. 16, 2021).
    \754\ See Bostock, 140 S. Ct. 1731.
---------------------------------------------------------------------------

    The Bureau believes further that available research, including that 
cited by commenters and discussed above, showing disparities in access 
to credit across gender identity and sexual orientation supports the 
importance of collecting gender identity and sexual orientation small 
business lending data.\755\
---------------------------------------------------------------------------

    \755\ See, e.g., Ctr. for LGBTQ Econ. Advancement & Rsch., The 
Economic Well-Being of LGBT Adults in the U.S. in 2019 (June 2021), 
https://lgbtq-economics.org/research/lgbt-adults-2019/ (LGBT adults 
more likely than non-LGBT adults to report being turned down by 
lenders and to be offered credit at rates higher than desired); Hua 
Sun & Lei Gao, Lending practices to same-sex borrowers, Proceedings 
of the Nat'l Acad. Sci. of the U.S. of Am. (May 2019), https://doi.org/10.1073/pnas.1903592116 (finding same-sex couples more 
likely to be denied a mortgage than different-sex couples); J. 
Shahar Dillbary & Griffin Edwards, An Empirical Analysis of Sexual 
Orientation Discrimination, 86 U. Chi. L. Rev. 1 (2019), https://lawreview.uchicago.edu/publication/empirical-analysis-sexual-orientation-discrimination (finding that same-sex male home loan co-
applicants were less likely to have their loan applications accepted 
compared to white, different-sex co-applicant pairs; male same-sex 
pairs with Black applicants had significantly worse acceptance 
outcomes).
---------------------------------------------------------------------------

    There was no clear consensus among commenters as to how information 
about the sex of small businesses' principal owners should be 
collected. As described above, the Bureau received a diverse array of 
comments recommending a range of response options to the proposed 
inquiry about a principal owner's sex and suggesting questions in 
addition to, or instead of, the Bureau's proposed query about a 
principal owner's sex. The Bureau notes that at the Federal level, 
there is wide variance in data collection approaches, question 
phrasing, and answer options, and that the Federal government's 
approach is in flux.\756\ For example, on January 11, 2023, shortly 
before this rule was issued, OMB released new recommendations for 
agencies on the best practices for the collection of sexual 
orientation, gender identity, and sex characteristics data on Federal

[[Page 35368]]

statistical surveys, including strategies to preserve data privacy and 
safety.\757\ The Bureau also notes the consensus study from the 
National Academies cited by a commenter that indicates that the terms 
used to describe individuals who identify as or exhibit attractions and 
behaviors that do not align with heterosexual or traditional male-
female binary gender norms are evolving.\758\
---------------------------------------------------------------------------

    \756\ See 86 FR 56356, 56482 (Oct. 8, 2021) (discussing approach 
used by the Census Bureau's Household Pulse Survey, asking separate 
questions for sex assigned at birth, current gender identity, and 
sexual orientation); id. at 56482 n.686 (discussing other Federal 
agency approaches in health care settings). See also 31 CFR 
35.28(h), (i) (in annual reports by participants in the U.S. 
Treasury's State Small Business Credit Initiative (SSBCI) program, 
requiring information about program beneficiaries' principal owner's 
gender (using categories: female; male; nonbinary; prefer to self-
describe, with an option to write in information; prefer not to 
respond; or that the business did not answer) and sexual orientation 
(using categories: gay or lesbian; bisexual; straight, that is, not 
gay, lesbian, or bisexual; something else; prefer not to respond; or 
that the business did not answer); 2020 Census Official 
Questionnaire (inquiring as to each person's sex (e.g., ``What is 
Person 1's sex? Mark (x) ONE box.''), with answer options: ``Male'' 
and ``Female'' and asking about the relationships with other 
household members (e.g., ``How is this person related to Person 1? 
Mark (X) ONE box.''), with answer options including, inter alia, 
``opposite-sex husband/wife/spouse'', ``opposite-sex unmarried 
partner, ``same-sex husband/wife/spouse'', and ``same-sex unmarried 
partner''); Soc. Sec. Admin., How do I change the sex identification 
on my Social Security record? (KA-01453) (last updated Oct. 25, 
2022), https://faq.ssa.gov/en-us/Topic/article/KA-01453 (individuals 
can provide sex identification evidence that is binary or non-
binary, but stating that SSA record systems currently require a sex 
designation of female or male); U.S. Dep't of State, X Gender Marker 
Available on U.S. Passports Starting April 11, 2022 (Mar. 31, 2022), 
https://www.state.gov/x-gender-marker-available-on-u-s-passports-starting-april-11/; U.S. Equal Emp. Opportunity Comm'n, EEOC Adds X 
Gender Marker to Voluntary Questions During Charge Intake Process 
(June 27, 2022), https://www.eeoc.gov/newsroom/eeoc-adds-x-gender-marker-voluntary-questions-during-charge-intake-process; Admin. for 
Children & Fams., U.S. Dep't of Health & Hum. Servs., Proposed 
Information Collection Activity; Domestic Victims of Human 
Trafficking Program Data (OMB #0970-0542), 87 FR 45107 (July 27, 
2022) (proposing changes to collection of participant demographics 
for Domestic Victims of Human Trafficking Services and Outreach 
Program grant programs); Admin. for Children & Fams., U.S. Dep't of 
Health & Hum. Servs., Proposed Information Collection Activity; SOAR 
(Stop, Observe, Ask, Respond) to Health and Wellness Training (SOAR) 
Demonstration Grant Program Data (New Collection), 87 FR 52386 (Aug. 
25, 2022) (indicating that data to be collected with regard to the 
SOAR program will include client sex, gender identity, sexual 
orientation.)
    \757\ Off. of Mgmt. & Budget, Off. of the Chief Statistician of 
the U.S., Recommendations on the Best Practices for the Collection 
of Sexual Orientation and Gender Identity Data on Federal 
Statistical Surveys (Jan. 11, 2023), https://www.whitehouse.gov/wp-content/uploads/2023/01/SOGI-Best-Practices.pdf.
    \758\ Nat'l Acads. of Scis., Eng'g, & Med., Understanding the 
Well-Being of LGBTQI+ Populations 1-2. See also Nat'l Acads. of 
Scis., Eng'g, & Med., Measuring Sex, Gender Identity, and Sexual 
Orientation 1-4 to 1-5 (discussing terms and identities associated 
with the concepts of gender, sex, and sexual orientation).
---------------------------------------------------------------------------

    As a result of these factors, the Bureau believes that an approach 
that allows principal owners to designate their sex/gender with the 
ability to write-in or provide additional information (such as in a 
free-form field on a paper or electronic form) will encourage applicant 
self-identification using terminology that may change over time. To 
increase applicants' autonomy to provide responses they feel best 
characterize their principal owners, the final rule does not include 
additional sex category responses suggested by commenters nor does it 
require a financial institution to provide a list of example responses 
when requesting that an applicant provide its principal owners' sex. 
This approach mitigates the concern of some commenters that a list of 
disaggregated categories would be difficult for some lender staff to 
ask and for some applicants to be asked.
    In partial response to the several commenters who urged that the 
Bureau use the term ``gender'' instead of ``sex,'' the Bureau is 
requiring financial institutions to use the term ``sex/gender'' when 
requesting information about principal owners' sex. As explained above, 
the Bureau interprets ECOA's and Regulation B's prohibitions against 
discrimination on the basis of ``sex'' to also include, inter alia, 
discrimination based on gender identity; this interpretation as to what 
is included within the scope of the term ``sex'' necessarily also 
applies to the collection of information about a principal owner's 
``sex'' under section 1071.\759\ The Bureau believes that requiring 
financial institutions to ask for information about ``sex/gender'' will 
provide principal owners with the flexibility and autonomy to use terms 
that they prefer.
---------------------------------------------------------------------------

    \759\ 86 FR 14363 (Mar. 16, 2021).
---------------------------------------------------------------------------

    Although some commenters requested that the Bureau require the 
collection of principal owners' sexual orientation information and 
intersex status in addition to the collection of information about 
their gender identity, the final rule does not include these specific 
inquiries. The Bureau believes that such specific inquiries about 
individuals would likely be perceived as more invasive than a general 
request as to ``sex/gender'' and, as explained above, the overall 
LGBTQI+-ownership status of the business. Accordingly, the Bureau is 
concerned that questions to this effect could impact the overall 
willingness of applicants to provide demographic information, as noted 
by some commenters.
    Some commenters expressed concerns that collecting data via write-
in text fields may lead to data analysis issues. The Bureau anticipates 
that its review of responses to the sex/gender inquiry will result in 
data that could be used by the Bureau and other regulators and, once 
grouped into categories, publicly released subject to any necessary 
modifications or deletions for privacy purposes.
    The Bureau believes that principal owners' sex/gender and 
applicants' LGBTQI+-owned business status data points together strike a 
balance that respects for small business owners' autonomy in self-
identification, while also providing the Bureau and the public with 
information needed to further section 1071's statutory purposes.
    The Bureau recognizes that the way financial institutions will 
collect data about sex under the final rule differs from the collection 
of information about the sex of home mortgage applicants under 
Regulation C/HMDA.\760\ Although the collection of ethnicity, race, and 
sex data in both contexts serves related fair lending purposes, the two 
regulations have different legal authorities, cover different markets, 
and were developed at different times. The Bureau has specifically 
tailored the collection of sex data under this final rule implementing 
section 1071 for the small business lending context, in consideration 
of the comments received and of continuing developments in Federal 
government's approach to collecting information about sex, gender 
identity, and sexual orientation.
---------------------------------------------------------------------------

    \760\ As the Bureau is exempting HMDA-reportable transactions 
from the data collection requirements of the final rule, in Sec.  
1002.104(b)(2), strict consistency between reporting categories is 
unnecessary.
---------------------------------------------------------------------------

    The Bureau has also considered commenters' statements that small 
business applicants may feel uncomfortable and have privacy concerns 
about providing sensitive information to lenders related to the sex of 
their principal owners. As discussed in greater detail in part VIII 
below, after receiving a full year of reported data, the Bureau will 
assess privacy risks associated with this data and on that basis, make 
appropriate pre-publication modification and deletion decisions. The 
Bureau takes the privacy of such information seriously and intends to 
make appropriate modifications and deletions.
    Commenters also included suggestions for whether to allow 
applicants to select only one or multiple response categories in 
response to questions related to a principal owner's sex. As explained 
above, the Bureau has decided to include only a self-describe response 
option in response to the question about a principal owner's sex/gender 
at this time, rendering these comments moot.
    One commenter stated that providing information about a principal 
owner's sexual orientation and gender identity should be optional for 
the applicant. The Bureau agrees, and applicants have a right to refuse 
to provide responses to questions about protected demographic 
information. As explained in final comment 107(a)(19)-1, financial 
institutions must permit an applicant to refuse to answer the financial 
institution's inquiry and must inform the applicant that it is not 
required to provide the information.
    With regard to some commenters' suggestion that questions about a 
principal owner's gender identity and sexual orientation should be 
optional for financial institutions, the Bureau is not requiring 
separate questions for sex, gender identity, and sexual orientation for 
the reasons above. Thus, these commenters' suggestion is moot.
    The Bureau does not believe it would be appropriate, however, to 
remove the requirement to collect principal owners' sex, suggested by 
some commenters. As discussed above, the collection of information 
about sex is required under section 1071.
    The Bureau is not requiring financial institutions to report what 
sex or gender is indicated on a principal owner's State driver's 
license, as requested by one commenter. As the commenter acknowledged, 
State requirements differ as to what residents may select as to their 
sex and/or gender on their State government-issued identification and 
the available selections may not be adequate as to a principal owner's 
self-

[[Page 35369]]

identified sex and/or gender. As noted above, the Bureau believes that 
the collection of principal owners' sex information under this rule 
should be based solely on an applicant's self-identification. However, 
as the commenter also pointed out, some governmental authorities allow 
individuals to indicate their sex as ``X'' in government-issued 
documents. Nothing in this rule would interfere with a principal owner 
choosing to designate their sex in that way in the self-describe 
response option.
    With regard to one commenter's statement that the Bureau should not 
allow the use of previously collected information due to concern about 
misuse of such data, the final rule specifies how previously collected 
information may be used, as discussed further in the section-by-section 
analyses of Sec. Sec.  1002.107(d) and 1002.110(e) below.
    Regarding a commenter's suggestion that the Bureau should consult 
further with stakeholders before finalizing any publication of 
information about sexual orientation and gender identity of principal 
owners, the Bureau intends to engage further with stakeholders before 
publishing data, as discussed in part VIII below.
Proposed Rule--Collecting Ethnicity and Race via Visual Observation or 
Surname in Certain Circumstances
    The Bureau proposed that financial institutions be required to 
collect and report at least one principal owner's ethnicity and race 
based on visual observation and/or surname in certain circumstances. 
This would have been required if the financial institution met in 
person with one or more of the applicant's principal owners and the 
applicant did not provide ethnicity, race, or sex information for at 
least one principal owner in response to the financial institution's 
inquiry pursuant to proposed Sec.  1002.107(a)(20).
    The Bureau noted that demographic response rates in the SBA's 
Paycheck Protection Program data are much lower when compared to 
ethnicity, race, and sex response rates in HMDA data.\761\ The Bureau 
reasoned that without a visual observation and/or surname collection 
requirement, meaningful analysis of principal owner ethnicity and race 
data could be difficult, significantly undermining section 1071's 
purposes. Historically, one challenge under HMDA has been the 
reluctance of some applicants to voluntarily provide requested 
demographic information, such as ethnicity and race. The Bureau 
explained that the requirement in Regulation C to collect race, sex, 
and ethnicity on the basis of visual observation or surname is an 
important tool to address that challenge, and that it believes that the 
requirement has resulted in more robust response rates in the HMDA 
data.
---------------------------------------------------------------------------

    \761\ Small Bus. Admin., Paycheck Protection Program Weekly 
Reports 2021, Version 11, at 9 (effective Apr. 5, 2021), https://www.sba.gov/sites/default/files/2021-04/PPP_Report_Public_210404-508.pdf. Paycheck Protection Program data were taken from 2021 loans 
for which the collection form for principal owner demographics was 
included in the application itself and, for most of that time, was 
featured on the first page of the application.
---------------------------------------------------------------------------

    Accordingly, the Bureau proposed that financial institutions 
collect at least one principal owner's ethnicity and race (but not sex) 
on the basis of visual observation and/or surname in the circumstances 
described above. Under the Bureau's proposal, a financial institution 
would not have been required to collect ethnicity and race via visual 
observation and/or surname if the applicant provided any demographic 
information regarding any principal owner. For applicants with multiple 
principal owners, the financial institution may not be able to 
determine whether the applicant had provided the demographic 
information of the principal owner who met in person with the financial 
institution or for another principal owner. The Bureau sought comment 
on this proposed approach. The Bureau also sought comment on whether a 
financial institution should be required to collect a principal owner's 
ethnicity and/or race via visual observation and/or surname if the 
applicant has only one principal owner, the applicant does not provide 
all of the principal owner's requested demographic information, and the 
financial institution meets in person with the principal owner. The 
Bureau noted that in this situation, the financial institution would be 
able to ``match'' any demographic information that the applicant 
provides with the correct principal owner because there is only one 
principal owner.
    Proposed comment 107(a)(20)-9 would have explained that a financial 
institution would be required to report ethnicity and race based on 
visual observation and/or surname in certain circumstances. It would 
have further explained that a financial institution would not be 
required to report based on visual observation and/or surname if the 
principal owner only meets in person with a third party through whom 
the applicant is submitting an application to the financial 
institution.
    Proposed comment 107(a)(20)-10 would have clarified that a 
financial institution meets with a principal owner in person if an 
employee or officer of the financial institution or one of its 
affiliates has a meeting or discussion with the applicant's principal 
owner about an application and can visually observe the principal 
owner. The proposed comment would have also provided examples of 
situations where the financial institution meets in person with a 
principal owner and where it does not. The Bureau requested comment on 
this approach and whether there should be additional or different 
examples.
    Proposed comment 107(a)(20)-11 would have clarified that a 
financial institution uses only aggregate categories when reporting 
ethnicity and race based on visual observation and/or surname and would 
have directed financial institutions to proposed appendix G for 
additional information on collecting and reporting ethnicity and race 
based on visual observation and/or surname. The Bureau requested 
comment on whether to permit, but not require, financial institutions 
to use the disaggregated subcategories as well when reporting ethnicity 
and race based on visual observation and/or surname.
    In addition to the specific matters identified above, the Bureau 
sought comment on its proposed approach to this data point, the 
proposed methods of collecting and reporting the data, and on whether 
additional clarification regarding any aspect of this data point is 
needed.
Comments Received--Collecting Ethnicity and Race via Visual Observation 
or Surname in Certain Circumstances
    General comments. The Bureau received comments from many banks, 
trade associations, community groups, members of Congress, small 
business owners, service providers, and others on its proposal that 
financial institutions be required to collect at least one principal 
owner's ethnicity and race on the basis of visual observation and/or 
surname under certain circumstances. A community group, a joint letter 
from community and business advocacy groups, and a CDFI lender 
supported the proposed requirement, emphasizing that demographic data 
collection via visual observation and surname analysis has been 
required by Regulation C for many years. The community group also 
commented that ethnicity and race information, including information 
collected via visual observation and/or surname as proposed, will allow 
data users to assess how the experiences of small businesses differ by 
approximate amount of minority ownership in the

[[Page 35370]]

business, particularly when combined with information about an 
applicant's number of principal owners under proposed Sec.  
1002.107(a)(21).
    Many commenters objected to the proposed requirement. A number of 
industry commenters stated that the Bureau should require only the 
reporting of applicant-provided data. A number of agricultural lenders, 
a trade association, a service provider, a community group, and a 
business advocacy group stated that while they support the collection 
of demographic information and the need for robust data, they do not 
support the proposed requirement. A few industry commenters said that 
the Bureau should only require best efforts to collect demographic 
information.
    Use of visual observation and surname to collect sex. A number of 
commenters, including banks, trade associations, community groups, and 
LGBTQI+ advocacy groups, supported the Bureau's proposal to not require 
the use of visual observation and/or surname to report a principal 
owner's sex. Several LGBTQI+ advocacy groups commented that visual 
observation of the gender expression of principal owners would 
inevitably rely upon sex stereotypes and lead to inaccurate 
determinations of sex, gender identity, or sexual orientation. A 
community group similarly stated that it would not be possible in some 
cases to use visual observation to accurately identify gender. Several 
industry commenters stated that requiring financial institutions to 
determine the sex of principal owners would make employees 
uncomfortable and potentially offend applicants who had declined to 
provide this information.
    In contrast, some banks requested that the visual observation and 
surname requirement for this rule be aligned with Regulation C and thus 
apply to data on sex as well as for ethnicity and race. These 
commenters said that alignment with Regulation C would reduce reporting 
errors and financial institutions' compliance burden because financial 
institutions would not need to use additional resources to understand 
and implement different data collection requirements.
    Data accuracy and related concerns. Many commenters, including a 
range of lenders, trade associations, community groups, several members 
of Congress, business advocacy groups, and others, were concerned that 
the proposed requirement would yield unreliable ethnicity and race 
data.
    Some commenters argued that such a requirement would introduce 
error, bias, and subjectivity into the data collection process, leading 
to inaccurate or distorted data. Several said that such purported bias 
should not be part of the underwriting process or that section 1071 was 
intended to combat this type of bias. One commenter said that banks do 
not consider the ethnicity, race, or gender of small business 
applicants and argued that they should not be required to guess such 
information. Other commenters asserted that inaccuracies in the 
collected data would not support rigorous analysis, would not serve the 
purposes of section 1071, and would be inconsistent with congressional 
intent to collect reliable data on small business credit. Several other 
commenters similarly stated that data collected via visual observation 
or surname would impair analyses, conclusions, and policies based on 
such data.
    Several commenters asserted that data collected pursuant to the 
proposed requirement would be inaccurate because the process would be 
based on or encourage the use of racial stereotypes or assumptions. 
Several other commenters asserted that ethnicity and race 
determinations made by visual observation have been prone to error or 
unreliable, with some citing materials on own-race bias, other-race 
effect, and similar issues. Some commenters predicted that the proposed 
requirement may cause some lenders to rely on surname alone to avoid 
determining ethnicity and race based on visual observation. Others said 
that the proposed requirement should not be finalized because it could 
risk perpetuating discrimination and insert racial stereotyping into 
application processes, posing risks to applicants and financial 
institutions alike. A community group stated that the proposed data 
collection method raises fair lending concerns. With respect to 
reporting ethnicity and race based on surname, several commenters 
asserted that surname analysis was unreliable and obsolete.
    Commenters also identified specific circumstances that they said 
could lead to inaccurate ethnicity and race determinations based on 
visual observation and surname. Some commenters argued that the 
provision does not account for situations such as adoption, surname 
changes, and multi-ethnic or multi-racial identities. Other commenters 
alleged that visual observation and surname analysis would likely be 
inaccurate or unreliable as a result of increasing demographic 
diversity. Several asserted that racial and ethnic identities are 
personal, influenced by a number of different factors, and should be 
confirmed only by the applicant. Another commenter likewise stated that 
the Bureau should only require lenders to report based on applicant-
provided data to promote accuracy and inclusivity. Several commenters 
noted that a principal owner's ethnicity and race could be reported 
differently by different lenders under the proposed requirement.
    Some commenters said that loan officers and bank employees lack the 
expertise or training to make ethnicity and race determinations, and 
that the proposed requirement would lead to guessing. Another commenter 
said the proposed requirement would create training and other 
employment hurdles without producing meaningful information.
    Several commenters noted that the proposed requirement would result 
in inaccurate data when the person filling out the application is not a 
principal owner of the business, but rather an employee. Commenters 
also asserted that data would be misleading when the ethnicity and race 
of the principal owner meeting with the bank is not representative of 
the other principal owners of the business. One commenter asserted that 
the proposed requirement could subject lenders to liability because 
they do not always interact with principal owners.
    Some commenters opposed the proposed requirement on the grounds 
that data collected using this method would be, they said, generally 
unrepresentative of small business applicants. They predicted low 
response rates to inquiries about ethnicity and race for this rule, 
based on the experience of the Paycheck Protection Program, and argued 
that ethnicity and race data would be based on visual observation and 
surname analysis for a disproportionate number of applications, which 
these commenters posited would result in inaccurate data. Several 
commenters stated that, as a result, inaccuracies attributable to the 
use of visual observation and surname analysis would be magnified, 
making the data collected unrepresentative of the applicant population 
and not useful for any analyses. Others commented that ethnicity and 
race data reported based on visual observation or surname would be both 
inaccurate and unrepresentative because of the increased use of digital 
application processes with no visual component. A trade association 
anticipated low applicant response rates to the demographic questions 
based on its members' experience that customers express anger or are 
reluctant to provide ownership information as required by FinCEN's 
customer due diligence rule. This commenter expected that

[[Page 35371]]

applicants would not want to provide demographic information due to 
concerns that it would be used in the credit process, despite any 
assurances to the contrary on the sample data collection form.
    Customer relationships. Many commenters asserted that the proposed 
requirement would impair customer relationships, citing small business 
lending as more relationship-dependent than other forms of credit. A 
number of commenters stated that it would make bank employees and 
applicants uncomfortable, with some suggesting specifically that this 
could occur when in-person applicants witness employees filling out 
demographic information that the applicants declined to provide. A 
number of commenters likewise said it would negatively impact customer 
relationships. One argued that because banks are more likely to have 
ongoing interactions with a small business owner than someone seeking a 
mortgage, offense taken from visual observation or surname analysis 
would be more detrimental.
    Several agricultural lenders expressed concern that the disclosure 
on the proposed sample data collection form informing applicants about 
the obligation of lenders to report ethnicity and race information 
through visual observation and/or surname analysis would be negatively 
received by applicants, stating that applicants might perceive the 
notice as an indication that the lender intends to or must contradict 
the applicant's wishes. A trade association suggested that applicants 
would feel uncomfortable providing their demographic information if 
they receive notice that such information would not be subject to a 
firewall, which would lead to a greater use of visual observation and 
surname analyses.
    Right to refuse. A range of commenters opposed the proposal on the 
grounds that applicants have a right to decline to provide demographic 
information. One commenter said that the proposed requirement would 
further damage the public's confidence in financial institutions and 
heighten privacy concerns, because it would contradict an applicant's 
decision to not provide the requested information. Several cited the 
high percentage of Paycheck Protection Program loan applicants that did 
not report demographic data as showing applicant concerns about privacy 
and the importance of voluntary reporting.
    Some commenters stated that the proposal is inconsistent with, or 
that it inappropriately circumvents, section 1071's provision that an 
applicant may refuse to provide protected demographic information and 
urged the Bureau to respect that right. One commenter said that section 
1071 is structured to require financial institutions to make inquiries 
for their customers' information and to allow applicants to refuse to 
provide such information; given this framework, the commenter 
questioned whether requiring collection would be permissible under the 
statute when an applicant has already refused to provide the 
information. One commenter said that applicants may not understand that 
if they decline to answer demographic inquiries that lenders will 
determine and report their ethnicity and race anyway. Several 
commenters highlighted that HMDA, in contrast to section 1071, does not 
provide a comparable right of refusal.
    Burden and cost. A few commenters objected to the proposed 
requirement on the grounds that it would impose significant costs on 
some lenders. One commenter identified costs to create and maintain 
policies and procedures, apply these consistently, conduct ongoing 
training, and audit compliance, while another said the proposal would 
require substantial changes to its loan processes, systems, and 
compliance protocols to implement. A commenter said that reliance on 
proxying, inference, or visual observation would impose a number of 
cost and compliance concerns. Several commenters asserted that lenders 
may face substantial costs to train employees to make determinations; 
one said this training could be complex for front-line employees who 
are currently taught that ECOA and other laws prohibit the collection 
of ethnicity and race information. A CDFI lender stated that the 
proposed requirement would impose less burden on larger banks and 
online lenders, either because they will have a higher number of online 
loan applications or because they already report demographic 
information on the basis of visual observation and surname under HMDA.
    Response rates. Several commenters disputed that the higher 
responses rates in HMDA data, compared with lower response rates in 
Paycheck Protection Program data, could be attributed to HMDA's visual 
observation and surname requirement, and also disputed that this 
proposed requirement could improve response rates for financial 
institutions complying with the small business lending rule. Some 
suggested that the Bureau's concern with low response rates based on 
the Paycheck Protection Program experience is misplaced, arguing that 
those response rates were attributable to the program's emergency 
nature, and the rush by all parties to submit and process applications. 
Commenters also noted that Paycheck Protection Program may not inform 
the likely response rates under this rule because that program covered 
a wider range of businesses than the Bureau's proposal.
    Purported conflicts with ECOA and Regulation B. Some commenters 
raised concerns about conflicts between the proposed requirement and 
subpart A of Regulation B and ECOA. One commenter stated that the 
proposed requirement is prohibited by 12 CFR 202.5, which provides that 
a creditor may not inquire about the race, color, religion, national 
origin, or sex of an applicant or any other person in connection with a 
credit transaction. Several commenters said that the proposed 
requirement would require bank employees to consider factors that ECOA 
prohibits creditors from considering. Commenters also generally stated 
that the proposed requirement conflicts with the fair lending training 
provided to bank employees and will insert race as a factor in the 
credit application process.
    Several commenters said that a visual observation and surname 
requirement would not align with, or would violate, the statutory 
firewall requirement, noting that the lenders would have to determine a 
borrower's ethnicity and race but then have to ``forget'' and isolate 
the information when making credit decisions. One requested that 
information collected via visual observation and/or surname not be 
subject to the firewall provision because of the difficulty in 
maintaining the firewall requirements for data collected this way.
    In-person meetings. A number of commenters raised concerns that the 
proposed requirement would damage the relationships that community 
banks, traditional banks, or small- to mid-sized banks have with their 
customers. One asserted that in-person interactions are important for 
community lenders, such as CDFI banks, to understand customers, to make 
customers feel comfortable, and to identify products and services 
responsive to the needs of lower income and other underserved 
communities. Others emphasized that such lenders value and rely on 
repeated, in-person interactions with customers, saying that the 
proposed requirement would disproportionately affect them, but would 
favor large banks and online lenders that did not see applicants and 
thus would not have to employ the visual observation or surname 
analysis. One commenter suggested that all lenders should be subject to 
the

[[Page 35372]]

proposed requirement, because online lenders can still conduct surname 
analyses. Another said that the proposed requirement would 
disproportionately subject CDFI lenders to the risks of reporting 
inaccurate data, including reputational damage, and greater operational 
and compliance burden. A commenter urged that the Bureau exempt 
community banks from the proposed requirement.
    In contrast, some commenters suggested that the proposed 
requirement would not generate much data as a result of a shift away 
from in-person interactions, thus limiting or negating its value. One 
such commenter predicted that much small business lending will likely 
be through credit cards, which it said would not provide an opportunity 
to implement the requirement, and as a result data collected via visual 
observation and surname would be associated with certain loan types 
that may be received by higher revenue applicants.
    Some commenters suggested that lenders, their employees, and 
applicants would try to avoid visual observation and surname analysis. 
Several said that the proposed requirement would discourage loan 
officers and applicants from meeting in person or by video call. Others 
stated that some banks may shift applications online, impairing the 
personal interaction some banks have with their communities. One 
commenter predicted that the proposed requirement would discourage 
small business applicants from seeking credit.
    Another commenter argued that the proposed requirement is 
unnecessary because financial institutions do not always meet with the 
principal owners of a business. Several commenters said that ethnicity 
and race determinations from visual observation and surname analysis 
may not be representative of the applicant population, would be 
inconsistent, and would not be comparable to other data.
    One commenter said that the requirement would be difficult to apply 
because a financial institution may not know if the principal owner's 
demographic information had already been collected to assess if the 
visual observation and surname requirement applies, such as in the 
context of a brief interaction that is later determined to be an in-
person meeting that would trigger the proposed requirement. Others 
asked for clarity on whether the proposed requirement would be 
triggered if any bank employee met in person with a principal owner, 
even if not involved with the credit application (for example when 
signing closing documents). Another commenter stated that financial 
institutions should not be required to determine if an individual is a 
principal owner, a necessary condition to collect data on a principal 
owner's ethnicity and race via visual observation and surname analysis, 
if the small business applicant chooses not to disclose its ownership 
structure.
    Litigation and compliance risk. Some commenters were concerned that 
the proposed requirement would subject financial institutions and their 
employees to enforcement actions or litigation if they erred in 
determining a principal owner's ethnicity or race. Several stated that 
despite good faith efforts, such errors could subject lenders to 
examiner scrutiny, litigation, negative media, and erroneous 
discrimination claims by third parties, or subject them to customer 
complaints. One commenter stated that regulators could use financial 
institutions' best-guess, but erroneous determinations to pursue 
disparate impact cases, or customers could bring discrimination cases, 
if they are able to reverse engineer the inadvertently incorrect 
ethnicity or race determinations made by financial institutions. A 
community group suggested that financial institutions would avoid 
reporting ethnicity or race at all to avoid litigation risk.
    Several business advocacy groups suggested that certain lenders may 
use this provision to fabricate ethnicity and race data in order to 
make their lending practices appear more equitable, accessible, and 
unbiased.
    Implementation and other comments. A number of commenters offered 
specific suggestions regarding particular aspects of the proposal, 
notwithstanding other objections they may have raised regarding whether 
it should be finalized at all. Several urged the Bureau to provide 
guidance materials and sample disclosures, and to engage in education 
efforts to encourage applicants to self-report their demographic 
information, with some suggesting these options in place of the 
proposed provision. Some said the Bureau should develop guidance that 
lenders could use to avoid questions of interpretation and to learn 
about resources they can use to make ethnicity and race determinations 
on the basis of a principal owner's surname. Several suggested that the 
Bureau provide a uniform surname classification standard.
    One commenter requested an exemption from the proposed requirement 
(and the collection of ethnicity and race generally) for retail credit, 
on the grounds that many applicants will decline to provide demographic 
information about their principal owners given the sensitivity of the 
information. Other commenters stated that automobile and truck dealers 
had expressed concerns about the proposed requirement and did not think 
it would be possible to report detailed demographic information based 
on visual observation. Another commenter recommended that the Bureau 
exempt sole proprietors from the proposed requirement, noting that sole 
proprietor transactions are unique and may not provide meaningful data 
on the commercial credit market served by small, non-bank lenders.
    Several commenters opposed the proposed requirement, arguing that 
the use of visual observation and surname is outdated. Two commenters 
stated that these methods employed in Regulation C were implemented 
many years ago, and that the Bureau should follow more current 
government agency practices, citing a 2021 policy memo from USDA \762\ 
rescinding the use of visual observation to determine ethnicity or race 
for certain Federal food programs. One commenter stated that, as with 
participants in the USDA programs, some small business owners may not 
want their ethnicity or race determined by others, may perceive 
discriminatory treatment, and may avoid applying for credit.
---------------------------------------------------------------------------

    \762\ U.S. Dep't of Agric., Collection of Race and Ethnicity 
Data by Visual Observation and Identification in the Child and Adult 
Care Food Program and Summer Food Service Program--Policy Recission 
(May 17, 2021), https://www.fns.usda.gov/cn/Race-and-Ethnicity-Data-Policy-Rescission.
---------------------------------------------------------------------------

    One commenter stated that the scope of the proposed requirement was 
unclear, noting that the NPRM preamble and proposed commentary provided 
that a financial institution would have to identify at least one 
principal owner by visual observation or surname if the applicant does 
not provide the ethnicity and race of at least one principal owner, 
even though institutions are obligated to collect the ethnicity, race, 
and sex of each of the small business applicant's principal owners. 
Several commenters requested that financial institutions should only be 
required to collect aggregate ethnicity and race categories.
    One commenter suggested the use of an automated proxy analysis of 
surnames as an alternative to the proposed requirement. Another said 
that the Bureau could determine ethnicity and race with the data 
reported by lenders based on surname analysis.
    Several commenters urged that, if the proposed requirement is 
finalized, demographic data should note when they are collected via 
visual observation or surname.

[[Page 35373]]

Final Rule--Collecting Ethnicity and Race via Visual Observation or 
Surname in Certain Circumstances
    The Bureau is not finalizing its proposed visual observation and/or 
surname analysis requirement for the reasons set forth below. Final 
Sec.  1002.107(a)(19) (proposed as Sec.  1002.107(a)(20)) no longer 
includes references to the reporting of ethnicity and race based on 
visual observation and surname. The Bureau is likewise not adopting 
proposed comment 107(a)(20)-9, regarding reporting based on visual 
observation and/or surname; proposed comment 107(a)(20)-10, regarding 
meeting in person with a principal owner; and proposed comment 
107(a)(20)-11, regarding the use of aggregate categories when reporting 
using visual observation or surname. The Bureau has also removed other 
references to the collection of ethnicity and race data via visual 
observation and/or surname from other locations in the final rule.
    In making this decision, the Bureau carefully considered the 
numerous comments it received, the statute, the history of the use of 
visual observation and surname analysis under HMDA, and the recent 
history of the collection of demographic information related to the 
Paycheck Protection Program. The Bureau believes, based on its 
expertise and the longstanding use of visual observation and surname 
analysis in HMDA, that collection of demographic information via visual 
observation or surname analysis has the capacity to improve response 
rates for demographic information--without particular risk to data 
accuracy,\763\ introduction of bias or racial stereotyping into the 
underwriting process,\764\ increased litigation/compliance risk, or 
violations of existing ECOA/Regulation B,\765\ as suggested by some 
commenters. The Paycheck Protection Program experience also suggests 
that there may be benefits in such a requirement.
---------------------------------------------------------------------------

    \763\ While some commenters suggested that data inaccuracies 
from visual observation and surname analysis would have limited the 
usefulness, integrity, reliability, or quality of the collected data 
and conclusions or policies based upon the data, the Bureau has not 
found this to be the case in HMDA and would not expect it to be so 
here either. A loan officer reporting their perception of an 
applicant's ethnicity and race could not do so ``incorrectly'' 
(other than by intentionally mis-reporting their perception); in 
fact, a loan officer's perception of an applicant's protected 
demographic information may be more important for fair lending 
analyses than how the applicant self-identifies.
    \764\ Collecting lenders' perceptions of the ethnicity and race 
of applicants, whether or not such perceptions are what the 
applicant would consider ``accurate,'' could have enabled an 
analysis of potential bias by lenders. But the mere recordation of 
those perceptions is unlikely to create bias on the basis of those 
perceptions.
    \765\ Inquiring about an applicant's ethnicity and race (or 
collecting such information via visual observation or surname, if 
the Bureau were finalizing that aspect of the proposal) will not, in 
fact, violate Regulation B's prohibition on inquiring about certain 
protected characteristics of an applicant in connection with a 
credit transaction, nor is doing so under HMDA/Regulation C a 
violation. Regulation B implements ECOA, of which section 1071 is a 
part. Section 1002.5 of Regulation B, and its amendments under this 
final rule, make clear that the collection of ethnicity and race 
pursuant to this rule would not violate Regulation B.
---------------------------------------------------------------------------

    Nonetheless, the Bureau believes that a requirement to collect 
principal owners' ethnicity and race via visual observation or surname 
could pose particular challenges for small business lending that are 
not present in mortgage lending. For example, applicants and co-
applicants are clearly identified as such in mortgage applications--
making it obvious whose demographic information has, or has not, been 
self-reported. In contrast, this final rule--as mandated by section 
1071--requires a record of the applicant's responses to a request for 
protected demographic information to be kept separate from the 
application, and prohibits inclusion of personally identifiable 
information in records compiled and maintained pursuant to this rule. 
This could make tracking whose information has, or has not, been self-
reported by the applicant particularly challenging. As commenters 
pointed out, a financial institution might be interacting with a 
representative of a small business who is not a principal owner, or the 
institution may not know--particularly early in the application 
process--if a particular person is a principal owner.
    In addition, the Bureau is mindful, consistent with the comments it 
received, that much of the lending to small businesses in smaller 
communities and in underserved and rural areas occurs through 
relationship banking that involves more frequent and more personal 
contact with applicants. The Bureau is also mindful of concerns raised 
by lenders that rely on in-person engagement that their customer 
relationships may be negatively impacted by customer discomfort with a 
visual observation and surname data collection requirement, 
particularly during initial implementation of this final rule. The 
Bureau also acknowledges the concerns expressed by commenters that bank 
employees may feel uncomfortable making ethnicity and race 
determinations on the basis of visual observation or surname. On the 
other hand, the Bureau acknowledges comments that the prevalence of 
online lending processes and use of credit cards in small business 
lending could mean few opportunities for in-person or video-enabled 
meetings and thus for the collection of ethnicity and race via visual 
observation or surname.
    The Bureau's decision not require financial institutions to collect 
principal owners' ethnicity and race information via visual observation 
or surname at this time renders moot the comments about implementation 
of such a requirement, as well as those suggesting alternatives to the 
proposal.
    The Bureau intends to actively monitor financial institutions' 
response rates to inquiries regarding demographic data to ensure that 
applicants are not being discouraged in any way from providing their 
demographic data pursuant to this final rule and to determine whether 
any future adjustments to the rule may be warranted.
107(a)(20) Number of Principal Owners
Proposed Rule
    Proposed Sec.  1002.107(a)(21) would have required financial 
institutions to collect and report the number of the applicant's 
principal owners. Proposed comment 107(a)(21)-1 would have explained 
that a financial institution would be able to collect an applicant's 
number of principal owners by requesting the number of principal owners 
from the applicant or by determining the number of principal owners 
from information provided by the applicant or that the financial 
institution otherwise obtains. If the financial institution asks the 
applicant to provide the number of its principal owners, proposed 
comment 107(a)(21)-1 explained that the financial institution would 
have been required to provide the definition of principal owner set 
forth in proposed Sec.  1002.102(o). The proposed comment also 
clarified that, if permitted pursuant to proposed Sec.  1002.107(c)(2), 
a financial institution could report an applicant's number of principal 
owners based on previously collected data.
    Proposed comment 107(a)(21)-2 would have clarified the relationship 
between the proposed requirement to collect and report the number of 
principal owners in proposed Sec.  1002.107(a)(21) with the proposed 
requirement to report verified information in proposed Sec.  
1002.107(b). The proposed comment would have stated that the financial 
institution may rely on an applicant's statements in collecting and 
reporting the number of the applicant's principal owners. The financial 
institution would not have been required to verify the number of

[[Page 35374]]

principal owners provided by the applicant, but if the financial 
institution did verify the number of principal owners, then the 
financial institution would report the verified number of principal 
owners.
    Proposed comment 107(a)(21)-3 would have stated that pursuant to 
proposed Sec.  1002.107(c)(1), a financial institution would be 
required to maintain procedures reasonably designed to collect 
applicant-provided information, which includes the applicant's number 
of principal owners. However, the proposed comment would have explained 
that if a financial institution is nonetheless unable to collect or 
determine the number of principal owners of the applicant, the 
financial institution would report that the number of principal owners 
is ``not provided by applicant and otherwise undetermined.''
    In addition to seeking comment on its proposed approach to the 
collection and reporting of the number of principal owners generally, 
the Bureau also sought comment on whether to instead, or additionally, 
require collection and reporting of similar information about owners 
(rather than principal owners). The Bureau raised, as an example, 
whether financial institutions should be required to collect and report 
the number of owners that an applicant has that are not natural 
persons.
Comments Received
    The Bureau received comments on this aspect of the proposal from a 
number of lenders, trade associations, and community groups. Two 
lenders and a community group supported the Bureau's proposal for 
collecting and reporting the number of an applicant's principal owners. 
The community group stated that the information would help determine 
whether experiences in the small business lending marketplace are 
different if an owner is a woman or minority, even if a small business 
does not meet the criteria for a minority-owned or women-owned 
business. Further, knowing the number of a business's principal owners 
would help data users identify businesses with varying percentages of 
ownership by women or minorities above or below the 50 percent 
threshold for minority-owned or women-owned businesses. One lender 
stated that the number of principal owners data point, along with 
others proposed by the Bureau, would provide insight on the quality of 
capital being accessed by small businesses, assist in showing how 
financial institutions compare across different metrics, and help 
determine if an institution is engaged in equitable lending. This 
commenter also stated that in its experience, there are a number of 
small business lending programs and funding opportunities that require 
similar data. Thus, this commenter stated its expectation that the 
reporting requirements in the Bureau's final rule would satisfy 
requirements across a number of such programs and reduce administrative 
burden. Specifically, the commenter noted that it had gathered similar 
data on owners for Paycheck Protection Program loans it originated.
    A number of lenders and trade associations opposed the Bureau's 
proposal to collect information about the number of an applicant's 
principal owners. Two such commenters stated that the information does 
not serve the purposes of section 1071, unless it is to allow second 
guessing of applicant-provided responses as to their minority-owned or 
women-owned status or the Bureau intends to require the collection of 
ethnicity, race, and sex data for all of an applicant's principal 
owners. One bank stated that the proposed number of principal owners 
data point would not offer any insight into lending patterns, as it is 
not considered in the underwriting process. Another bank argued that 
the data point is not necessary because there is no evidence that 
lenders use an applicant's number of principal owners as a basis for 
discrimination. One bank questioned the benefit of collecting such 
information, stating that a business's ownership and principals may 
change on a day-to-day basis. Another commenter stated that the 
information collected may inadequately or erroneously describe an 
applicant's ownership structure, particularly where the legal structure 
of the applicant's ownership may make such determinations difficult. 
Several commenters also stated that the data point is unnecessary, 
because similar information is already collected in other contexts 
(such as under FinCEN's customer due diligence rule) and regulators 
already examine banks for fair lending compliance.
    Several commenters cited costs and burden as the basis for their 
objections. Two banks stated that it would be expensive to collect the 
information, with one also noting that the costs would be passed down 
to customers and communities. Another bank stated that because it does 
not collect information about the number of an applicant's principal 
owners currently, the proposed requirement would entail changes to its 
operating procedures and suggested that the Bureau could obtain this 
information from the Internal Revenue Service instead. With regard to 
indirect vehicle financing transactions, a trade association stated 
that information about the number of principal owners is not part of 
the data transmitted between dealers and finance companies and is not 
used for business purposes, thus technical and process changes would be 
needed to collect and report the data.
    A few industry commenters objected to the collection and reporting 
of the number of an applicant's principal owners on the basis of 
privacy, stating that the data point could be used to identify 
applicants. One said that this concern was particularly relevant for 
small communities with limited numbers of small businesses. Two others 
urged the Bureau to not publish the data point publicly to protect 
applicants' privacy.
    An agricultural lender said it was unclear how financial 
institutions should report the number of principal owners for family 
farmers. This lender emphasized that the ownership of many family farm 
businesses is complex and may involve multiple business entities for 
risk management purposes, with separate entities for different farm 
operations. The commenter provided as an example a situation where a 
person owns only one farm parcel but works several farm parcels that 
are owned by a parent through multiple business entities and trusts.
    Some industry commenters objected to this proposed data point as 
part of their general objection to the Bureau's data points proposed 
pursuant to ECOA section 704B(e)(2)(H). These commenters generally 
argued that such data points, including the number of an applicant's 
principal owners, do not add value or advance the purposes of achieving 
fair lending or of ECOA; are not used or collected for underwriting or 
financial analysis; go beyond what other laws require financial 
institutions to collect; add unnecessary complexity and detail to the 
rule; and would add to the burden and costs for implementing the rule, 
especially for small covered financial institutions.
    Two industry commenters objected to the data point on the grounds 
that in the absence of other information about an applicant's 
ownership, such as the number of owners or percentages of ownership, 
the information could lead to incorrect assumptions about the ownership 
structure of a small business applicant. For example, the commenters 
noted that if demographic data are reported for one individual, it 
could lead to a conclusion that the applicant has only one principal 
owner, when the applicant has several owners, but only

[[Page 35375]]

one with more than a 25 percent ownership share.
    Two commenters urged the Bureau to provide a regulatory safe harbor 
for reporting information about an applicant's number of principal 
owners, as part of a global safe harbor for all applicant provided 
data, or a safe harbor similar to that in proposed Sec.  1002.112(c).
    Several community groups suggested additional data points related 
to ownership. One such commenter suggested that the Bureau require 
financial institutions collect and report the percentage amount of a 
principal owner's ownership. This information, argued the commenter, 
would enable the Bureau to refine its data and reveal specific 
disparities in lending by ownership composition. Another commenter 
suggested that the Bureau require financial institutions to ask 
applicants for the number of individuals who own less than 25 percent 
of the applicant, to provide more insight on the distribution of small 
businesses and their experiences. One other commenter instead suggested 
that the Bureau add additional data points to measure the percentage of 
ownership by women and by people of color, to further enable 
evaluations of access to credit based on the proportion of ownership 
and control by such individuals.
    A joint letter from community and business advocacy groups 
requested that the Bureau clarify proposed comment 107(a)(21)-3, which 
stated that if a financial institution is unable to collect or 
``otherwise determine'' an applicant's number of principal owners, the 
financial institution should report it as unknown. The community groups 
asked the Bureau to clarify the meaning of the phrase ``otherwise 
determine,'' and specifically whether financial institutions may limit 
its investigation to documents obtained from the applicant in the 
normal course of an application, or if they have an obligation to 
conduct a due diligence investigation of corporate records.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing the 
requirement for financial institutions to collect and report the number 
of an applicant's principal owners, renumbered as Sec.  
1002.107(a)(20), and its associated commentary. In consideration of the 
comments received, the Bureau is doing so pursuant to its authority 
under ECOA section 704B(g)(1) to prescribe such rules and issue such 
guidance as may be necessary to carry out, enforce, and compile data 
under section 1071 and under ECOA section 704B(e)(2)(H), which 
authorizes the Bureau to require financial institutions to compile and 
maintain ``any additional data that the Bureau determines would aid in 
fulfilling the purposes of [section 1071].''
    The Bureau believes that the information will provide important 
context for other information collected and reported under the rule and 
thus serve the purposes of section 1071. The Bureau acknowledges that, 
as argued by commenters, the number of an applicant's principal owners 
may not be information considered by financial institutions in the 
underwriting process or, by itself, serve as the basis of 
discrimination. However, as noted by other commenters, information 
about the number of small businesses' principal owners will help data 
users, including the Bureau, understand how small business applicants' 
experiences in the lending marketplace differ on the basis of the 
demographic composition of their ownership and identify business and 
community development needs and opportunities. Thus, even if an 
applicant is not a women-owned, minority-owned, or LGBTQI+-owned 
business under Sec.  1002.107(a)(18), through the number of principal 
owners data point, data users will still have some insight into what 
proportion of the small business's ownership has the demographic 
characteristics provided by the applicant.
    The Bureau acknowledges some commenters' concerns that the number 
of principal owners data point would not provide a comprehensive 
picture of an applicant's ownership structure. Final Sec.  1002.102(o) 
defines a principal owner as an individual who directly owns 25 percent 
or more of the equity interests of a business. As a result, the 
requirement to collect information about the number of an applicant's 
principal owners will not account for individuals with either indirect 
ownership or less than 25 percent ownership in the business. However, 
the Bureau believes that this supports, rather than counsels against, 
inclusion of this data point in the final rule.
    The Bureau also is not adding other data points related to 
ownership to the final rule. The Bureau considered the general 
likelihood that an individual responding for the applicant would know 
the information being requested in formulating its proposal. The Bureau 
believes that applicants are likely to know the number of its principal 
owners and will be willing to provide that information. Overall, the 
Bureau believes that the number of principal owners data point, 
particularly in combination with information about an applicant's 
business statuses under Sec.  1002.107(a)(18), strikes a balance so 
that the Bureau is likely to receive useful data that will allow it and 
others to develop a nuanced understanding of small business lending 
practices generally, even if it does not present a complete picture of 
each applicant's ownership structure.
    The Bureau does not believe that the fact that some applicants have 
complicated ownership structures necessitates removal of this data 
point from the final rule. Although some small business applicants, 
such as family farmers, may have ownership structures where there are 
many owners and/or where ownership is through various business 
entities, the rule's definition for principal owner means that 
applicants would be required to identify only individuals, and not 
entities or trusts, with direct ownership in the business and would not 
need to trace ownership through multiple business entities or provide 
information about individuals with small equity shares in the business. 
Under comment 107(a)(20)-1, this definition would be provided to an 
applicant in conjunction with the request for the number of its 
principal owners. The Bureau believes that the straightforward 
definition in Sec.  1002.102(o) will assist applicants in providing 
this information.
    Further, the Bureau believes the information about the number of an 
applicant's principal owners will be useful and facilitate the purposes 
of section 1071, even if a specific applicant's ownership changes over 
time. Under the Bureau's proposal, as with the final rule, applicants 
are asked for information in relation to individual, covered 
applications to allow data users, in the aggregate, to ascertain 
lending patterns at the institution or community levels. The data meets 
the final rule's purposes if it is accurate at the time the data are 
collected. Identifying changes in ownership over time will also further 
the business and community development and fair lending purposes of 
section 1071.
    Some commenters suggested that the number of principal owners data 
point should not be required under the final rule because similar 
information is collected in other contexts. However, the definition of 
principal owner under Sec.  1002.102(o) has been specifically tailored 
by the Bureau to meet the purposes of section 1071. Information about 
differently defined owners under different regulatory regimes, reported 
to other regulatory authorities, does not facilitate section 1071's 
purposes of fair lending enforcement and identification of business and 
community

[[Page 35376]]

development needs and opportunities, nor could such data be matched to 
a particular covered application reported under section 1071.
    With respect to commenters' arguments that the additional burden 
and costs that would result from the number of principal owners data 
point warrant its removal from the final rule, the Bureau notes first 
that commenters did not identify any specific costs or burdens with 
reporting the number of principal owners data point in particular, as 
much as concern about the costs and burden of reporting data points 
adopted pursuant to the Bureau's statutory authority in ECOA section 
704B(e)(2)(H) generally. The Bureau acknowledges that financial 
institutions will experience some initial expenses and burden in 
implementing new regulatory data collection requirements. However, the 
Bureau understands that financial institutions already collect and 
maintain information about the ownership of certain businesses under 
FinCEN's customer due diligence rule. The Bureau does not believe that 
there will be significant costs and burden associated with collecting 
and reporting information about applicants' principal owners 
specifically, as opposed to generally as part of a new data collection 
regime. The Bureau considers the data points it is adopting pursuant to 
section 704B(e)(2)(H)--including the number of an applicant's principal 
owners and the corresponding costs and burden to implement their 
collection--necessary to facilitate the purposes of section 1071.
    The Bureau does not believe that a specific safe harbor is 
necessary for reporting the number of an applicant's principal owners, 
as urged by commenters. As provided in final comment 107(a)(20)-2 
(proposed as comment 107(a)(21)-2), a financial institution is entitled 
to rely on the statements provided by the applicant in collecting and 
reporting the information provided by the applicant. As a result, any 
such good faith reporting by a financial institution of the number of 
an applicant's principal owners that the financial institution has no 
reason to believe is inaccurate will not be a violation of the 
regulation's requirements.
    In response to commenters' concerns that information about an 
applicant's number of principal owners may be used to identify 
applicants, the Bureau will review the data received to complete the 
full privacy analysis to determine the privacy risks associated with 
the publication of the application-level data as discussed in part 
VIII, below. The Bureau takes the privacy of such information seriously 
and will be making appropriate modifications and deletions to any data 
before making it public.
    With respect to commenters' request that the Bureau clarify 
financial institutions' obligation to determine the number of an 
applicant's principal owners, the Bureau believes that the proposed 
commentary is sufficiently clear and does not need to be revised. The 
Bureau's intent in proposed comment 107(a)(21)-3 that a financial 
institution report that the number of principal owners is ``not 
provided by the applicant and is otherwise undetermined'' was to refer 
to the possibility that a financial institution may not know the number 
of the applicant's principal owners if, despite maintaining reasonably 
designed procedures to obtain the information, the applicant does not 
provide the information and the financial institution does not 
otherwise verify such information. The Bureau has also revised comment 
107(b)-1 to clarify what information may be used to verify information. 
Given these other statements in the commentary, the Bureau does not 
believe that further clarification of financial institutions' 
obligation to determine the number of an applicant's principal owners 
is necessary.
    As explained in the section-by-section analysis of Sec.  
1002.102(o), the Bureau has changed the definition of principal owner 
to use the term ``individual'' instead of ``natural person'' for 
comprehensibility reasons. Accordingly, the commentary for final Sec.  
1002.107(a)(20) has likewise been updated to refer to individuals and 
not natural persons.
    To streamline the commentary, the Bureau has revised comment 
107(a)(20)-1 (proposed as 107(a)(21)-1) to remove the first sentence as 
to requesting the number of an applicant's principal owners from the 
applicant or determining such information from other information, as 
duplicative of content in comment 107(b)-1, which applies to the number 
of principal owners data point. For similar reasons, it has removed the 
last sentences of comments 107(a)(20)-1 and -2, regarding the use of 
previously collected data and about verification, as straightforward 
applications of final Sec.  1002.107(d) and (b), respectively, that 
would not provide any new content. Otherwise, the Bureau is 
substantially finalizing the commentary for Sec.  1002.107(a)(20) with 
changes to reflect updated numbering for the data point and also 
updating and adding cross-references to other parts of the final rule.
107(b) Reliance on and Verification of Applicant-Provided Data
Proposed Rule
    ECOA section 704B(e)(1) provides that ``[e]ach financial 
institution shall compile and maintain, in accordance with regulations 
of the Bureau, a record of the information provided by any loan 
applicant pursuant to a request under [section 704B(b)].'' \766\ 
Section 1071 does not impose any requirement for a financial 
institution to verify the information provided by an applicant.
---------------------------------------------------------------------------

    \766\ ECOA section 704B(e)(1).
---------------------------------------------------------------------------

    During the SBREFA process, a number of small entity representatives 
urged the Bureau to require collection and reporting of a number of 
data points based only on information as provided by the 
applicant.\767\ No small entity representatives stated that they 
thought verification should be generally required. The industry 
stakeholders who commented on this issue asked that the Bureau not 
require verification of applicant-provided information. The Bureau did 
not receive any comments on this issue from community group 
stakeholders during the SBREFA process.
---------------------------------------------------------------------------

    \767\ SBREFA Panel Report at 26.
---------------------------------------------------------------------------

    The Bureau proposed in Sec.  1002.107(b) that unless otherwise 
provided in subpart B, the financial institution would be able to rely 
on statements of the applicant when compiling data unless it verified 
the information provided, in which case it would be required to collect 
and report the verified information. The Bureau believed that requiring 
verification of collected data would greatly increase the operational 
burden of the rule. Proposed comment 107(b)-1 would have explained that 
a financial institution could rely on statements made by an applicant 
(whether made in writing or orally) or information provided by an 
applicant when compiling and reporting applicant-provided data; the 
financial institution would not be required to verify those statements. 
Proposed comment 107(b)-1 would have further explained, however, that 
if the financial institution did verify applicant statements for its 
own business purposes, such as statements relating to gross annual 
revenue or time in business, the financial institution would report the 
verified information. The comment would have gone on to explain that, 
depending on the circumstances and the financial institution's 
procedures, certain applicant-provided data could be

[[Page 35377]]

collected without a specific request from the applicant. For example, 
gross annual revenue could have been collected from tax return 
documents. In addition, the proposed comment would have made clear that 
applicant-provided data are the data that are or could be provided by 
the applicant, including those in proposed Sec.  1002.107(a)(5) through 
(7), and (13) through (21).
    The Bureau sought comment on its proposed approach to verification 
of the 1071 data points, including the specific guidance that would 
have been presented in comment 107(b)-1. The Bureau also sought comment 
on whether financial institutions should be required to indicate 
whether particular data points being reported have been verified or 
not.
Comments Received
    The Bureau received comments on this aspect of the proposal from 
numerous lenders, trade associations, community groups, and a business 
advocacy group. Several lenders and trade associations supported the 
proposed provision, agreeing with the Bureau that requiring 
verification of collected data would greatly increase the operational 
burden of the rule. These commenters did not object to reporting 
verified information when a financial institution verifies applicant 
statements for its own business purposes. Several of these commenters 
did, however, object to the possible inclusion of a provision requiring 
financial institutions to flag whether or not they had verified 
reported data, a question that the NPRM had sought comment on. Although 
these commenters did not discuss reasons for objecting to the 
verification flag, the context suggests that they were concerned about 
the operational difficulty of carrying out such a provision.
    Several banks and trade associations supported the ability to rely 
on unverified applicant-provided data, but objected to the requirement 
to report verified information when the financial institution verifies 
applicant statements for its own business purposes. Some of these 
commenters pointed out that verification may happen after the initial 
application, different lenders have different methods of verification, 
and updating the information for reporting would be operationally 
difficult. One of these commenters stated that the verification may be 
carried out by different staff using different platforms, and section 
1071 does not mention verification. Other commenters suggested that the 
term ``verification'' was not sufficiently clear, and sometimes a 
financial institution would collect documents such as tax forms that 
contain information that conflicts with applicant statements, for 
example a different NAICS number, even though the financial institution 
is not ``verifying'' that data point. Other commenters expressed 
concern about how reporting information verified later would affect use 
of the ``firewall.'' A group of trade associations stated that 
collecting the verified information would provide little benefit and 
the already difficult implementation of the rule would be made even 
more onerous by this provision. In addition, one commenter stated that 
the verification provision was similar to HMDA, which they considered 
to be very onerous.
    A community group and a women's business advocacy group suggested 
that the final rule should require additional verification. The 
community group stated that verification of a few key data points that 
are generally verified by lenders now, such as gross annual revenue, or 
that can be easily checked, such as the NAICS code, should be required. 
A business association urged the Bureau to look into ways to verify 
that the correct information is offered and reports are accurate.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(b) with additional language making clear that a financial 
institution may rely on information from appropriate third-party 
sources as well as the applicant, and other edits for clarity. Final 
Sec.  1002.107(b) provides that unless otherwise provided in subpart B, 
the financial institution may rely on information from the applicant, 
or appropriate third-party sources, when compiling data. Section 
1002.107(b) further states that if the financial institution verifies 
applicant-provided data, however, it shall report the verified 
information.
    The Bureau is also finalizing associated comment 107(b)-1 with 
phrasing edits similar to those in the regulation text, and revised and 
additional cross-references to facilitate compliance. Final comment 
107(b)-1 explains that a financial institution may rely on statements 
made by an applicant (whether made in writing or orally) or information 
provided by an applicant when compiling and reporting applicant-
provided data; the financial institution is not required to verify 
those statements or that information. Comment 107(b)-1 further 
explains, however, that if the financial institution does verify 
applicant statements or information for its own business purposes, such 
as statements relating to gross annual revenue or time in business, the 
financial institution reports the verified information. The comment 
also makes clear that when collecting certain applicant-provided data, 
depending on the circumstances and the financial institution's 
procedures, a financial institution may collect and rely on information 
from appropriate third-party sources without requesting it from the 
applicant. The comment then provides further guidance on collection and 
verification of applicant-provided data, including a list of applicant-
provided data points. In order to facilitate compliance, final comment 
107(b)-1 also adds references to two comments that explain restrictions 
regarding verification of certain data points.
    The Bureau believes that requiring verification of applicant-
provided data points would greatly increase the operational burden of 
the rule, and that relying on applicant-provided data, whether directly 
from the applicant or through appropriate third-party sources, will 
ensure sufficient accuracy to carry out the purposes of section 1071. 
As explained above, section 1071 does not speak to verification; rather 
it refers only to compiling and maintaining a record of certain 
information provided by an applicant. However, the Bureau believes that 
requiring financial institutions to collect and report (for this final 
rule) information that they have already verified will only add slight 
operational difficulty, and will enhance the accuracy and usefulness of 
the data, thereby furthering the purposes of section 1071. The Bureau 
is implementing this requirement pursuant to its authority under ECOA 
section 704B(g)(1) to prescribe rules in order to carry out, enforce, 
and compile data pursuant to section 1071, and as an interpretation of 
the statutory phrase ``compile and maintain'' in ECOA section 
704B(e)(1). In the Bureau's view, the fact that the statute does not 
use the specific word ``verification'' is not relevant to this issue 
because the verification that the financial institution chooses to 
carry out is a standard part of compiling and maintaining the 
information provided by the applicant. The Bureau also believes that 
this requirement will improve the quality and usefulness of the 
resulting dataset, thereby furthering the purposes of section 1071.
    In regard to the possibility of the final rule requiring financial 
institutions to report whether or not certain data points have been 
verified, the Bureau notes that no commenters expressed support for 
this idea, while several opposed it.

[[Page 35378]]

The Bureau believes that such a requirement would impose considerable 
operational difficulty, and it is not clear that any uses of this 
information would justify the increased burden. Consequently, the final 
rule does not include this provision.
    As discussed above, several commenters suggested that verification 
might occur at different times on different platforms and be carried 
out by different personnel. Although credit processing is complex, the 
Bureau anticipates that financial institutions will report data using 
the applicant's whole credit file in order to provide accurate 
information, as is done with HMDA. Although implementing the final rule 
so that verified information can be reported will add operational 
difficulty, such difficulty should be greatly reduced once the rule is 
implemented and the gathering of data is standardized within the 
financial institution. In addition, the fact that different financial 
institutions have different processes should not cause a problem 
because each financial institution can implement the rule to coordinate 
with its own processes. As explained above, the Bureau believes that 
requiring reporting of the verified information when the financial 
institution verifies for its own purposes will benefit data users in 
carrying out the purposes of section 1071 by enhancing the quality of 
the data reported.
    Several commenters were concerned about how the term 
``verification'' would be interpreted in relation to unused information 
in the credit file that might conflict with applicant-provided data. 
The Bureau interprets the word ``verification'' to mean the intentional 
act of determining the accuracy of information provided, in this case 
for the purpose of processing and underwriting the credit applied for, 
and potentially changing that information to reflect the determination. 
Loan file information that may or may not be more accurate than 
applicant-provided data and is not part of a financial institution's 
verification of the file's applicant-provided data or used by the 
institution in processing or underwriting the loan need not be 
reported. For example, a financial institution that uses a tax form to 
verify gross annual revenue, but does not consider or use the NAICS 
information on the tax form, may continue to rely on the applicant-
provided NAICS information. However, if a financial institution 
believes the tax form information to be more accurate and chooses to 
report it instead of the applicant-provided data, it may do so.
    The Bureau does not believe that requiring the reporting of data 
that is later verified will interfere with the final rule's firewall 
provision, which exists to protect against disclosure of protected 
demographic information for which verification is not allowed. For 
further discussion of the firewall provision see the section-by-section 
analysis of Sec.  1002.108 below.
    The Bureau does not believe it would be appropriate, as suggested 
by some commenters, require financial institutions to verify applicant-
provided data when they do not already do so for their own business 
purposes. As stated by several commenters and explained above, 
requiring verification merely for the purpose of data collection would 
impose significant operational difficulty and expense on reporters.
107(c) Time and Manner of Collection
Proposed Rule
    Although the definition of ``application'' triggers a financial 
institution's duty to collect 1071 data, the application definition 
does not necessarily govern when that data must be collected. The 
language and structure of section 1071--which applies to 
``applications'' from ``applicants''--indicates that the data must be 
collected sometime during the application process, but does not provide 
further detail.\768\
---------------------------------------------------------------------------

    \768\ See, e.g., ECOA section 704B(b) (``[I]n the case of any 
application to a financial institution . . . .'') and 704B(c) (``Any 
applicant . . . may refuse to provide any information requested . . 
. .'') (emphases added)).
---------------------------------------------------------------------------

    Proposed Sec.  1002.107(c)(1) would have required a covered 
financial institution to maintain procedures to collect applicant-
provided data under proposed Sec.  1002.107(a) at a time and in a 
manner that is reasonably designed to obtain a response. The Bureau 
believed there would be benefits to providing a flexible approach 
concerning when applicant-provided data must be collected during the 
application process. Given the variety of application processes in the 
small business lending space, the Bureau believed that requiring data 
collection to occur within a narrow window could affect data quality 
and disrupt financial institution practices. On the other hand, the 
Bureau believed that safeguards would be necessary to ensure that 
financial institutions are not evading or delaying their obligation to 
collect data in a manner that detrimentally affects response rates.
    Proposed comments 107(c)(1)-1 and -2 would have clarified the 
meaning of financial institution ``procedures'' and would have 
emphasized a financial institution's latitude to establish procedures 
concerning the time and manner that it collects applicant-provided 
data, provided that those procedures are reasonably designed to collect 
the applicant-provided data in proposed Sec.  1002.107(a). Proposed 
comment 107(c)(1)-3 would have clarified what constitutes ``applicant-
provided data'' in proposed Sec.  1002.107(c)(1).
    Proposed comment 107(c)(1)-4 would have provided additional 
guidance on financial institutions' procedures that are reasonably 
designed to obtain a response. Proposed comment 107(c)(1)-4 would have 
provided that a financial institution shall assess on a periodic basis 
whether its procedures are reasonably designed. Proposed comment 
107(c)(1)-4 would have explained that one way a financial institution 
may be able to assess whether its procedures are reasonably designed 
would be, once 1071 data are made publicly available, to compare its 
response rate with similarly situated financial institutions (for 
example, those that offer similar products, use a similar lending 
model, or are of a similar size).
    Proposed comments 107(c)(1)-5 and -6 would have provided examples 
of procedures that generally are and are not reasonably designed to 
obtain a response. Proposed comment 107(c)(1)-5 would have provided 
that, although a fact-based determination, a procedure reasonably 
designed to obtain a response is one in which a financial institution 
requests applicant-provided data at the time of a covered application; 
the earlier a financial institution seeks to collect applicant-provided 
information, the more likely the timing of collection is reasonably 
designed to obtain an applicant response. Conversely, proposed comment 
107(c)(1)-6 would have provided that, as a general matter, a procedure 
is not reasonably designed to obtain a response if a financial 
institution requests applicant-provided data simultaneous with or after 
notifying an applicant of action taken on the covered application. 
Proposed comment 107(c)(1)-6 would have provided that depending on the 
particular facts, however, these procedures may be reasonably designed 
to obtain a response; for example, if the financial institution has 
evidence or a reason to believe that under its procedures the response 
rate would be similar to or better than other alternatives.
    Proposed comment 107(c)(1)-7 would have explained that a financial 
institution reports updated applicant-provided data if it obtains more 
current

[[Page 35379]]

data during the application process. Proposed comment 107(c)(1)-8 would 
have provided guidance in the event a financial institution changes its 
determination regarding an applicant's status as a small business.
    The Bureau sought comment on proposed Sec.  1002.107(c)(1) and 
associated commentary.
Comments Received
    The Bureau received comment on proposed Sec.  1002.107(c)(1) from a 
number of lenders, trade associations, and community groups. Commenters 
expressed a range of views.
    General comments related to proposed Sec.  1002.107(c)(1). A number 
of commenters, mainly from industry, supported the flexibility provided 
in proposed Sec.  1002.107(c)(1), including provisions that would have 
allowed financial institutions leeway to establish data collection 
procedures that best fit within their processes and business models. A 
CDFI lender emphasized that lenders have varying intake processes. 
Similarly, a trade association noted that while it anticipates most 
CDFIs will collect 1071 data as early in the application process as 
possible, including at the time an application is triggered, lenders 
should have flexibility to respond to market concerns. Trade 
associations representing automobile dealers urged the need for 
flexibility, for example, to accommodate the different methods by which 
data is collected (online and in-person) and the different parties 
involved in a credit transaction. A CDFI lender argued that the 
application and timeline often depends on the applicant themselves, 
further supporting the need for flexibility. A number of commenters 
argued for flexible collection, pointing out that small business 
lending, unlike mortgage lending, does not involve highly regimented 
application procedures. Trade associations representing automobile 
dealers further argued that flexibility would facilitate compliance 
without diminishing the information reported.
    Commenters representing community banks similarly stressed the need 
for flexibility. A trade association asked the Bureau to provide 
community banks with flexibility in how and when to collect 1071 data 
during the lending process and latitude to determine what are 
reasonable collection practices. The commenter emphasized the iterative 
nature of small business lending, noting that the application process 
can span weeks or months to complete. The commenter urged the Bureau to 
avoid designating a prescriptive point in time when sufficient data has 
been gathered to trigger reporting. They further stated that community 
banks are good at satisfying regulatory requirements, do not need to be 
second-guessed in how or when they accomplish data collection, and that 
the Bureau should not be concerned about community banks' ability to 
maintain data quality and completeness. Even with the proposed 
flexibility, a community bank generally opposed proposed Sec.  
1002.107(c)(1), stating that the requirements are similar to HMDA, 
which are very onerous and unduly burdensome on small and mid-size 
institutions.
    Comments related to the reasonably designed standard. As described 
above, proposed comments 107(c)(1)-4 through -6 would have provided 
additional guidance and examples of reasonably designed procedures. The 
Bureau received numerous comments concerning proposed comments 
107(c)(1)-4 through -6 from a range of stakeholders.
    The Bureau received a number of comments on its general approach in 
proposed comments 107(c)(1)-4 through -6 to provide examples of 
procedures that are and are not reasonably designed to obtain a 
response. A CDFI lender and a trade association representing CDFIs 
supported the proposed commentary and the description of ``reasonably 
designed'' procedures for collecting applicant-provided data. The trade 
association noted that the examples were helpful to identify what 
lenders should avoid and agreed that it is important to have safeguards 
to ensure the data are collected in a manner reasonably designed to 
obtain a response.
    In contrast, other commenters argued that proposed Sec.  
1002.107(c)(1) and associated commentary are ambiguous or incomplete 
and urged the Bureau to provide further guidance. A trade association 
representing online small business lenders expressed concern that 
financial institutions would have increased compliance costs to avoid 
unintentional non-compliance. For example, financial institutions may 
believe they are required to compare response rates at different parts 
of the loan application cycle, compare results similar to an A/B 
testing scheme, or otherwise consistently seek to ascertain the best 
ways to obtain 1071 applicant-provided data. The commenter suggested 
the Bureau provide additional guidance so that financial institutions 
can ensure they meet the reasonableness standard. Another commenter 
similarly requested that the Bureau provide more guidance on the 
reasonableness standard, and in particular clarify that financial 
institutions have flexibility to design self-assessment methods best 
suited to their products, processes, and business models.
    Among the proposed examples of reasonably designed procedures, the 
Bureau received the most comments related to the timing of collection. 
The comments spanned a range of positions, with some commenters 
advocating for a more restricted time period for collection of 
applicant-provided data while other commenters sought a more flexible 
approach. For example, some community groups argued that financial 
institutions should be required to collect applicant-provided data at 
the time of a covered application. One of these commenters said that 
requiring collection at the time of application would increase the 
likelihood of successfully receiving the requested information, and 
that the benefits of early collection outweigh the costs. Another 
commenter similarly asserted that collection at the time of a covered 
application would maximize responses and urged the Bureau to make it a 
requirement, rather than merely a suggestion, as set forth in the 
proposal. A credit union also said that if a customer does not provide 
1071 data with an application, it will be challenging for a financial 
institution to accurately collect and report the required data.
    In contrast, a number of industry commenters took issue with 
proposed comment 107(c)(1)-6, which would have provided that collection 
of applicant-provided data simultaneous with or after notifying an 
applicant of action taken is generally not reasonably designed to 
obtain a response. Many of these commenters argued that financial 
institutions should have flexibility to collect applicant-provided data 
after decisioning an application. A few commenters went further, 
arguing that collection should be permitted or required to occur after 
finalizing credit documents, after a credit decision is made, or during 
closing. One commenter stated that although the proposed rule asserts 
to provide flexibility for financial institutions, proposed comments 
107(c)(1)-5.i and -6.i (identifying procedures concerning the timing of 
collection of applicant-provided data that generally would and would 
not be reasonably designed to obtain a response) claw back that 
flexibility by expressing a clear preference that would discourage 
financial institutions from collecting 1071 data at any time except 
early in the application process. The commenter suggested the Bureau 
instead clarify that a financial institution has flexibility to

[[Page 35380]]

sequence collection at a time it determines is reasonable for its 
business and products, subject to the self-assessment process 
articulated in proposed 107(c)(1)-4.
    Commenters advanced several arguments for why financial 
institutions should be permitted to collect applicant-provided data 
after a credit decision is made on a covered application. First, a 
couple of commenters stated that it would minimize friction during the 
application process; they asserted that mandating 1071 data collection 
while the application is pending would frustrate the application 
process, create additional obstacles, and increase the likelihood of 
abandoned applications. Several technology providers and a trade 
association representing technology providers said that the application 
process is already lengthy enough given existing legal and underwriting 
requirements. The commenters further stated that the streamlined and 
user-friendly application experience that technology companies have 
sought to establish would be further frustrated if 1071 data is 
required to be collected early in the application process. Some of the 
commenters argued that sequencing of 1071 data collection involves a 
tradeoff between getting small businesses to respond to 1071 data 
requests and getting small businesses to apply for credit at all. 
Another trade association similarly emphasized the need for 
flexibility, particularly for fast-paced processes that render a 
decision in minutes.
    Several of the commenters argued that collection of applicant-
provided data early in the process could cause an applicant to believe 
that such information would be considered as part of the credit 
decision, therefore potentially discouraging an applicant from applying 
for credit. A group of technology providers stated that collection of 
demographic information before a credit decision is made may invite the 
perception of bias in the application process, especially if an 
applicant is later denied credit. The commenters cited a Federal 
Reserve Banks survey, which they stated showed that minority-owned 
businesses were more likely than white-owned businesses to report that 
they did not apply for financing because they either believed they 
would be turned down or found the application process too difficult or 
confusing.\769\ The commenters argued that requiring collection of 
applicant-provided data before a credit decision is made would 
exacerbate identified concerns of discouragement and undermine the 
purposes of section 1071. Similarly, a couple commenters expressed 
concerns about discouragement if demographic information is collected 
early in the application process. Two CDFI lenders stated that they had 
received feedback from applicants that providing demographic data early 
in the application process felt intrusive and raised concerns for the 
applicant that their responses would negatively affect their 
application. As a result, one said that it had moved collection of 
demographic information from the loan application stage to the loan 
closing stage.
---------------------------------------------------------------------------

    \769\ Citing Fed. Rsrv. Bank of Atlanta et al., Small Business 
Credit Survey: 2021 Report on Firms Owned by People of Color, at 25 
(Apr. 15, 2021), https://www.fedsmallbusiness.org/survey/2021/2021-report-on-firms-owned-by-people-of-color.
---------------------------------------------------------------------------

    A couple of commenters challenged the Bureau's assertion that 
applicants will be less likely to respond to requests for the action 
taken. One commenter noted that the proposed rule improperly places the 
burden on the financial institution that wants to collect 1071 data 
after action is taken on an application to show that response rates 
would be similar to or better than alternative collection methods. 
Another asserted that Paycheck Protection Program data demonstrate that 
applicants are less likely to answer a question about their race on a 
credit application. A trade association representing equipment and 
leasing finance companies similarly asserted that post-decision 
collection would improve response rates.
    Commenters advanced several other arguments for why applicant-
provided collection should be permitted or required to occur after 
decisioning an application. A trade association representing equipment 
and leasing finance companies predicted that collecting applicant-
provided data with the credit application would lead applicants to 
provide little information given the speed of the transaction, which is 
often completed in minutes. The commenter also asserted that the person 
initially completing the application is often not the business owner or 
familiar with the owner, and so would lack the requisite knowledge to 
provide certain 1071-required information. If, on the other hand, the 
financial institution can follow-up electronically or through other 
means with the business, the commenter asserted that the request could 
be directed to the person in the best position to provide the 
information. The commenter further stated that collecting 1071 data 
during the application stage would be particularly problematic for 
vendor finance transactions because the vendor collecting application 
information has no regulatory requirement to do so, and so would 
unlikely take the time to gather the required information. Another 
commenter asserted that post-decision collection would also ensure that 
underwriters would not have access to an applicant's responses related 
to ethnicity, race, and sex. The commenter asserted that financial 
institutions could ensure data is collected by making it part of the 
closing procedures for approved loans and as part of remediation 
efforts for non-approved loans.
    In addition to seeking comment related to the timing of collection, 
the Bureau sought comment on proposed Sec.  1002.107(c)(1) and 
associated proposed commentary generally, including on the other 
examples in proposed comments 107(c)(1)-5 and -6 of procedures that 
generally would and would not be reasonably designed to obtain a 
response. The Bureau further asked commenters whether it would be 
useful to provide additional examples. In response, commenters raised a 
number of issues related to the commentary on reasonably designed 
procedures in proposed comments 107(c)(1)-4 through -6.
    Several commenters weighed in on the provision in proposed comment 
107(c)(1)-4 that financial institutions shall ``reassess on a periodic 
basis'' whether its procedures are reasonably designed to obtain a 
response. One commenter stated that it would be appropriate for 
financial institutions to conduct periodic reassessments of their 
collection procedures, but urged that procedures should not need to be 
reexamined more frequently than once every three years. The commenter 
suggested an additional safeguard would be to encourage consistent 
collection across individual institutions and small business lending 
sectors. Another commenter urged the Bureau to provide greater clarity 
on how frequent ``periodic'' testing must occur so that financial 
institutions can allocate resources accordingly, and encouraged the 
Bureau to take into account different products and resources among 
financial institutions. A business advocacy group urged the Bureau not 
to treat an applicant's decision to not to provide 1071 data as 
evidence that a lender lacks reasonably designed procedures.
    A couple of commenters provided feedback on the use of response 
rates. A community group and a minority

[[Page 35381]]

business advocacy group asked the Bureau to reconsider guidance in 
proposed comment 107(c)(1)-4 that a financial institution may assess 
the reasonableness of its procedures by, for example, comparing its 
response rate with similarly situated financial institutions. The 
commenters argued that peers may also not be making a reasonable effort 
to collect the data, and that it would be better to have a concrete 
metric, for example, based on other data collection efforts with good 
response rates.
    A handful of commenters asked the Bureau to take other actions 
related to proposed Sec.  1002.107(c)(1), including to provide 
additional clarifications and guidance. First, a trade association 
asked the Bureau to clarify that lenders need only request 1071-
required data once. Next, a group of trade associations asked for 
clarification on proposed comment 107(c)(1)-7, which would have 
provided that a financial institution reports updated applicant-
provided data if it obtains more current data during the application 
process. The commenter said that the requirement to ``update'' 
information is ambiguous, and inquired whether a financial institution 
would be required to update information if an applicant supplies 
updated data without a request from the financial institution. The 
commenter also asserted that it was unclear how proposed comment 
107(c)(1)-7 relates to proposed Sec.  1002.107(b) related to the 
reporting of verified information where obtained. A network of 
financial institutions specializing in agricultural lending stated that 
certain lenders use the information included in scoring models to 
determine whether the applicant business is a ``small business,'' and 
so would not be able to identify applications involving a small 
business for which demographic information must be collected, until 
after a credit decision is made. The commenter argued that because ECOA 
and the Fair Credit Reporting Act require a timely decision be made and 
communicated, it would be a direct conflict of the regulations to delay 
communicating a credit decision to a customer solely to acquire data 
for demographic reporting purposes.
    Several commenters asked the Bureau to provide additional guidance 
on the manner in which applicant-provided data can be collected, 
including disclosures and sample forms for collection. A CDFI lender 
asked the Bureau to share best practices on disclosures or assurances a 
lender can provide applicants when collecting demographic information 
to allay concerns about how the data will be used. A community bank and 
a community group urged the Bureau to provide a data collection form 
for financial institutions to use when collecting 1071 data from 
applicants. The community bank asserted that use of a data collection 
form would increase borrower response rates, as demonstrated by 
Paycheck Protection Program statistics. The commenter also argued that 
absent a uniform CFPB-issued form, collection will be flawed and the 
data useless. A community group stated that the Bureau may want to 
create a sample application form with all required data elements in 
order to facilitate data collection. Finally, a bank and a trade 
association urged the Bureau to expressly permit covered financial 
institutions to collect required data from applicants through a variety 
of means, including on an application form, on supplemental documents 
or forms, or on the proposed sample data collection form. The 
commenters stated that certain applicant-provided data points, such as 
number of workers, time in business, and NAICS code, are not on the 
sample data collection form. The commenters stated that except for data 
points required to be collected on the sample data collection form and 
kept separate, financial institutions should be permitted to collect 
the other data points through various means or forms.
    Comments requesting special treatment for particular transactions 
or financial institutions. Several commenters urged the Bureau exempt 
particular types of transactions or lenders from coverage under the 
rule, primarily due to concerns about the specific characteristics of 
these application processes and the particular difficulty of collecting 
demographic information in light of these characteristics.\770\ As 
discussed in the NPRM, the proposed rule would not have made any 
exceptions concerning the time and manner of collecting 1071 data for 
point of sale transactions.\771\ In response to the Bureau's request 
for comment on point of sale transactions, two trade association 
commenters and a community group stated that such transactions should 
be provided special treatment or exceptions. The two trade 
associations, one representing industry and another representing 
retailers, opposed rule coverage for private label applications, 
focusing particularly on point of sale transactions. One stated that 
credit applications are taken at the point of sale or at a customer 
service desk using interview-style or interactive processes. The 
commenters asserted that customers would feel uncomfortable answering 
questions related to their race, sex, and ethnicity in such a public 
place, without the necessary privacy accommodations. They also argued 
that collecting applicant-provided data would significantly lengthen 
the application process, frustrating retailers' focus on speed, 
efficiency, and limiting time spent in the checkout line. The 
commenters further asserted that requiring 1071 data collection at the 
point of sale would impede the availability of commercial credit 
applications in-store, both because businesses would not want to apply 
for credit and because retailers would no longer offer in-store private 
label credit. One also argued that point of sale transaction data would 
be of reduced data quality: the data may be collected from persons who 
are not the principal owners of a business and may therefor lack the 
relevant knowledge, the environment is not conducive to collecting 
detailed information, and the data would reflect the retailer's, rather 
than a financial institution's, clientele. The commenter also said that 
retail staff are unable to manage sensitive demographic information and 
that retailers will not appreciate allegations of discrimination if an 
application is left pending or denied. A few commenters suggested that 
if the Bureau were to include private label or co-branded transactions 
(which often occur as point of sale transactions) in the final rule, it 
should exempt transactions under $50,000 to mitigate the impact of 
inclusion and provide consistency with FinCEN's customer due diligence 
rule. Similarly, a trade association stated that if point of sale 
transactions are included, credit lines below $50,000 should be 
excepted from the requirement to obtain demographic information.
---------------------------------------------------------------------------

    \770\ See also the section-by-section analysis of Sec.  1002.104 
(covered credit transactions) concerning additional comments related 
to private-label credit and insurance premium finance transactions, 
and the section-by-section analysis of Sec.  1002.105 (covered 
financial institutions and exempt institutions) concerning indirect 
lending.
    \771\ 86 FR 56356, 56487-88 (Oct. 8, 2021).
---------------------------------------------------------------------------

    In contrast, a community group urged the Bureau not to provide 
special treatment for point of sale transactions, arguing that point of 
sale transactions should follow a similar procedure as other covered 
transactions. The commenter voiced agreement for the Bureau's 
suggestion in the proposed rule that retail stores can use the sample 
data collection form (printed or online) for point of sale 
transactions.
    Next, a trade association representing insurance premium finance 
lenders and insurance agents and brokers similarly argued that the 
Bureau's rule should not apply to insurance premium finance

[[Page 35382]]

lenders, asserting that such lenders cannot collect 1071 data until 
after funding. Comments regarding insurance premium finance are 
discussed in the section-by-section analysis of Sec.  1002.104(b)(3).
    Finally, one trade association argued for the exemption of captive 
vehicle finance lenders, based in part on concerns about the collection 
of small business lending data. The commenter argued that because 
indirect lenders do not interact with the applicant, they cannot gather 
certain data required by section 1071, and therefore the motor vehicle 
dealer would be the only party capable of requesting the applicant's 
protected demographic information. However, the commenter asserted, the 
dealer is outside the CFPB's authority and is currently prohibited by 
ECOA from gathering this information. The commenter stated that the 
proposal would put pressure on dealers to collect otherwise protected 
information. The commenter further noted that the employee acquiring 
the vehicle may not be familiar with the requested data, such as total 
revenue or ownership structure. In addition, the commenter voiced 
concerns about purportedly having to collect data at each stage of the 
process, potentially by multiple covered financial institutions. The 
commenter argued that requiring collection of 1071 data (such as 
ethnicity, race, and sex information) at multiple points in the process 
would be unnecessary, costly, and duplicative, and could expose 
financial institutions to liability.
Final Rule--Overview of Final Sec.  1002.107(c)
    For the reasons set forth below, the Bureau is finalizing Sec.  
1002.107(c)(1) to require a covered financial institution to not 
discourage an applicant from responding to requests for applicant-
provided data under final Sec.  1002.107(a) and to otherwise maintain 
procedures to collect such data at a time and in a manner that are 
reasonably designed to obtain a response. The Bureau is adopting new 
Sec.  1002.107(c)(2) to identify certain minimum components when 
collecting data directly from the applicant that must be included 
within a financial institution's procedures to ensure they are 
reasonably designed to obtain a response. The Bureau is also adopting 
new Sec.  1002.107(c)(3) to provide the additional safeguard that a 
covered financial institution must maintain procedures to identify and 
respond to indicia that it may be discouraging applicants from 
responding to requests for applicant-provided data, including low 
response rates for applicant-provided data. Finally, new Sec.  
1002.107(c)(4) provides that low response rates for applicant-provided 
data may indicate that a financial institution is discouraging 
applicants from responding to requests for applicant-provided data or 
otherwise failing to maintain procedures to collect applicant-provided 
data that are reasonably designed to obtain a response. The Bureau is 
finalizing Sec.  1002.107(c) pursuant to its authority in ECOA section 
704B(g)(1) to prescribe such rules and issue such guidance as may be 
necessary to carry out, enforce, and compile data pursuant to section 
1071. For the reasons discussed below, final Sec.  1002.107(c) is 
necessary to collect 1071 data from applicants and prevent financial 
institutions from discouraging or influencing an applicant's response.
    Final Sec.  1002.107(c) seeks to provide a balance between 
flexibility and ensuring data collection occurs without discouragement 
and otherwise in a time and manner likely to generate a robust 
response. On the one hand, the Bureau believes there are benefits to 
preserving some flexibility concerning the time and manner in which 
applicant-provided data are collected. As noted by a number of 
commenters, there are benefits to providing a flexible approach given 
the variety of application processes in the small business lending 
space. The Bureau believes that financial institutions may need 
latitude to adjust data collection practices to fit within their own 
processes and business models; requiring data collection at a single 
point in time, or only through a particular method, may affect data 
quality and disrupt financial institutions' practices.
    On the other hand, the Bureau believes that collection of 
applicant-provided data is essential to fulfilling the purposes of 
section 1071. The Bureau therefore believes that substantial safeguards 
are necessary to ensure that financial institutions do not discourage 
applicants from responding to requests for applicant-provided data or 
otherwise evade or delay their obligation to collect 1071 data in a 
manner that detrimentally affects response rates.
    The Bureau is also implementing revisions to final Sec.  
1002.107(c) to provide additional clarity to covered financial 
institutions concerning the reasonably designed standard and minimum 
requirements. These changes are responsive to feedback from commenters 
that proposed 1002.107(c)(1) and associated commentary would have been 
ambiguous and potentially inconsistent, and requesting further clarity 
and guidance. The revisions to final Sec.  1002.107(c) and responses to 
commenter feedback are discussed in depth below.
Final Rule--Sec.  1002.107(c)(1) in General
    Final Sec.  1002.107(c)(1) requires a covered financial institution 
to not discourage applicants from responding to requests for applicant-
provided data under Sec.  1002.107(a) and to otherwise maintain 
procedures to collect such data at a time and in a manner that are 
reasonably designed to obtain a response. As discussed above, the 
Bureau believes this general standard provides flexibility to 
accommodate various small business lending models while also imposing a 
general duty to maintain procedures concerning the collection of 
applicant-provided data that are reasonably designed to obtain a 
response, including not discouraging applicant responses. In general, 
reasonably designed procedures will seek to maximize collection of 
applicant-provided data and minimize missing or erroneous data, and 
procedures cannot be reasonably designed if they permit financial 
institutions to engage in conduct that discourages applicants from 
responding to requests for applicant-provided data. While the Bureau 
believes that reasonably designed procedures to collect applicant-
provided data inherently must not discourage applicants from 
responding, in response to comments seeking additional clarity on the 
Bureau's understanding of reasonably designed procedures, the Bureau is 
now clearly articulating the prohibition against discouragement.
    Comments 107(c)(1)-1 and -3 are finalized with minor revisions for 
clarity and consistency. Final comment 107(c)(1)-2 is revised to affirm 
a financial institution's flexibility to establish procedures 
concerning the time and manner that it collects applicant-provided 
data, provided that its procedures otherwise meet the requirements of 
final Sec.  1002.107(c).
    New comment 107(c)(1)-4 (part of which was proposed as part of 
comment 107(c)(1)-3) clarifies that applicant-provided data can be 
obtained without a direct request to the applicant and can be based on 
other information provided by the applicant or through appropriate 
third-party sources.
    The Bureau is revising comment 107(c)(1)-5 (proposed as comment 
107(c)(1)-7) to clarify that a financial institution reports updated 
data if it obtains more current data from the applicant during the 
application process. In response to a commenter's

[[Page 35383]]

request for additional guidance on whether a financial institution must 
update data if the applicant provides the information without a request 
from the financial institution, the Bureau notes that final comment 
107(c)(1)-5 requires a financial institution to report data updated by 
the applicant regardless of whether the financial institution solicits 
the information. The commenter also asked how proposed comment 
107(c)(1)-7 differs from proposed Sec.  1002.107(b), which would have 
permitted a financial institution to rely on statements of the 
applicant when compiling data, unless verified information was 
available. Both final comment 107(c)(1)-5 and final Sec.  1002.107(b) 
require reporting of updated information where available; the former is 
focused on data provided by the applicant, while the latter is focused 
on data verified by the financial institution. Thus, no matter the 
source, a financial institution should report updated data where 
available. To the extent a financial institution receives updates from 
the applicant on data the financial institution has already verified, 
final comment 107(c)(1)-5 is revised to clarify that a financial 
institution reports the information it believes to be more accurate, in 
its discretion.
Final Rule--Sec.  1002.107(c)(2) Applicant-Provided Data Collected 
Directly From the Applicant
    The Bureau is adopting new Sec.  1002.107(c)(2), which provides 
that for data collected directly from the applicant, procedures that 
are reasonably designed to obtain a response must include four specific 
components, which are further described below. The Bureau is adopting 
new Sec.  1002.107(c)(2) to provide financial institutions additional 
clarity on minimum criteria the Bureau believes are necessary for a 
financial institution's procedures to be ``reasonably designed'' to 
obtain a response. Although proposed comments 107(c)(1)-4 through -6 
would have provided examples of procedures that generally were and were 
not reasonably designed, as discussed above, the Bureau received 
feedback that proposed Sec.  1002.107(c)(1) and associated comments 
would have been ambiguous, been incomplete, or increased compliance 
burdens on financial institutions seeking to avoid unintentional non-
compliance. The Bureau also believes that greater clarity will increase 
compliance and help ensure financial institutions put such safeguards 
into place.
    New comment 107(c)(2)-1 provides general guidance on what are 
reasonably designed procedures and the minimum criteria required under 
final Sec.  1002.107(c)(2). Comment 107(c)(2)-1 clarifies that whether 
a financial institution's procedures are reasonably designed is a fact-
based determination that may depend on a number of factors, and that 
procedures that are reasonably designed to obtain a response may 
therefore require additional provisions beyond the minimum criteria set 
forth in Sec.  1002.107(c)(2). In general, reasonably designed 
procedures will seek to maximize collection of applicant-provided data 
and minimize missing or erroneous data.
    The specific components that must be included within a financial 
institution's procedures pursuant to final Sec.  1002.107(c)(2) are 
each discussed in turn below.
    Provisions primarily related to the timing of collection. The 
Bureau is adopting new Sec.  1002.107(c)(2)(i), which requires covered 
financial institutions to maintain procedures that provide for the 
initial request for applicant-provided data to occur prior to notifying 
an applicant of final action taken on a covered application. The Bureau 
believes this requirement strikes the right balance between providing 
financial institutions some flexibility to time the initial collection 
of applicant-provided data at a point that works for their business 
models, while also putting in place a guardrail to ensure that 
applicant-provided data is not collected so late in the process that it 
jeopardizes the likelihood of receiving a response from an applicant. 
Unlike proposed Sec.  1002.107(c)(1), which did not set forth any 
concrete timing deadlines for the collection of applicant-provided 
data, final Sec.  1002.107(c)(2)(i) requires financial institutions to 
initially seek to collect applicant-provided data, at the latest, 
before notifying the applicant of final action taken on a covered 
application. The Bureau is adopting this revision for several reasons, 
described below.
    Foremost among them, the Bureau believes that initial attempts to 
collect applicant-provided data after notifying an applicant of action 
taken on an application--particularly if the action taken is a denial--
are likely to result in higher rates of missing data. This view is 
unchanged from the Bureau's initial position at the NPRM stage, which 
similarly encouraged collection early in the process and before 
notifying the applicant of action taken on the application.\772\ Not 
only will late collections miss withdrawn or incomplete applications--
information about which is essential to the purposes of section 1071--
but it will also likely jeopardize the probability of responses from 
declined applicants. Unlike originated applications, which have 
continuous touch points between an applicant and a lender, the Bureau 
believes it is highly unlikely that an applicant will continue to 
engage in any information gathering process after being denied a 
request for credit. Significantly, no commenter provided a viable 
solution for ensuring collection of 1071 data after an application is 
denied.
---------------------------------------------------------------------------

    \772\ As discussed above, proposed comment 107(c)(1)-5 would 
have provided that although a fact-based determination, a procedure 
reasonably designed to obtain a response is one in which a financial 
institution requests applicant-provided data at the time of a 
covered application. Conversely, proposed comment 107(c)(1)-6 would 
have provided that a procedure is generally not reasonably designed 
to obtain a response if a financial institution requests applicant-
provided data simultaneous with or after notifying an applicant of 
action taken on the covered application.
---------------------------------------------------------------------------

    Next, final Sec.  1002.107(c)(2)(i) provides a bright line point in 
the application process before which financial institutions must 
initially seek to collect applicant-provided data, therefore responding 
to certain commenter feedback that the proposed standard would be 
ambiguous. As noted by one commenter, although the proposal asserted to 
provide flexibility for financial institutions to collect applicant-
provided data at any point during the application process, so long as 
the procedures are reasonably designed, the proposed commentary clawed 
back that flexibility by expressing a clear preference for collection 
before notifying an applicant of the outcome of its application. The 
Bureau agrees this fluid framing may cause confusion, and believes 
providing a defined time frame early enough in the process when 
applicant-provided data must be collected will assist financial 
institutions with compliance.
    Finally, other changes in the final rule counsel in favor of 
adopting a more concrete timing standard for the collection of 
applicant-provided data. Unlike the proposal, which would have included 
a requirement in certain circumstances for financial institutions to 
collect information about an applicant's ethnicity and race based on 
visual observation and/or surname analysis if the applicant did not 
itself provide such information, as discussed in the section-by-section 
analysis of Sec.  1002.107(a)(19) above, the final rule does not 
include such a requirement. As

[[Page 35384]]

a result, financial institutions might be less motivated to obtain 
demographic information early enough in the process, when the applicant 
is still actively engaged and more likely to respond to data requests.
    As described above, some commenters urged the Bureau to tighten the 
timing requirement to require collection in a narrow timeframe, while 
others asked the Bureau to expand the timing requirement to widely 
permit collection even after notifying an applicant of action taken on 
a covered application. The Bureau is not adopting either approach. 
Although the Bureau agrees with commenters who argued that collection 
at the time of a covered application will likely increase applicant 
responses rates in most instances, given the fluid and heterogenous 
nature of small business lending, the Bureau believes designating a 
narrow time-frame may be overly restrictive.
    On the other hand, the Bureau is also not permitting financial 
institutions to attempt the initial collection of applicant-provided 
data after notifying an applicant of action taken on an application. 
Industry commenters' principal argument was that collection of 
sensitive applicant-provided data before decisioning an application 
could lead to discouragement: applicants may be concerned that the 
information will be used against them in the credit decision and thus 
will either not provide the information or not proceed with the credit 
transaction altogether. Industry commenters also raised the concern 
that financial institutions could be accused of bias if an applicant is 
ultimately denied credit after providing protected demographic 
information.
    The Bureau does not believe that early collection will discourage 
applicants from disclosing certain demographic information and does not 
believe this concern expressed by commenters outweighs the benefits of 
early data collection. Initially, concerns of discouragement may be 
mitigated by the mandatory disclosure language set forth in final 
comments 107(a)(18)-3 and 107(a)(19)-3, and included on the sample data 
collection form in appendix E, which explains to applicants the reason 
the information is being collected and that the information cannot be 
used to discriminate against the applicant. If, however, an applicant 
remains concerned about providing applicant demographic information, 
the applicant can always choose to not provide any requested 
information (e.g., by selecting ``I do not wish to provide this 
information'' or similar for any of the demographic information 
inquiries). As set forth in final comments 107(a)(18)-1 and 107(a)(19)-
1, a financial institution must permit an applicant to refuse or 
decline to answer inquiries regarding the applicant's protected 
demographic information and must inform the applicant that the 
applicant is not required to provide the information. These protections 
ensure that any applicant who does not feel comfortable providing a 
response to the demographic inquiries, is not required to do so.
    Similarly, the Bureau does not believe that requiring an initial 
collection attempt before notifying an applicant of action taken will 
result in fewer applicants voluntarily providing certain demographic 
information. The Bureau notes that financial institutions regularly 
collect, at the time of application, demographic information required 
by Regulation C without issue. Although certain commenters cited to the 
Paycheck Protection Program as evidence that the collection of 
demographic information at the time of application results in low 
response rates, the demographic response rates for Regulation C are 
significantly higher than for the Paycheck Protection Program, with 
only 14.3 and 14.7 percent of HMDA respondents not providing a response 
for race and ethnicity, respectively.\773\ Thus, the lower response 
rate for Paycheck Protection Program applicants is likely due to 
independent factors. Moreover, to the extent that a financial 
institution believes that applicants may be reluctant to provide 
demographic data before an application is decisioned, new Sec.  
1002.107(c)(2)(i) only requires a financial institution to make an 
initial collection attempt before notifying an applicant of action 
taken; nothing prevents a financial institution from making another 
attempt to collect data required by this rule after the application is 
decisioned.
---------------------------------------------------------------------------

    \773\ See 86 FR 56356, 56483 (Oct. 8, 2021) (noting that 
demographic response rates in the SBA's Paycheck Protection Program 
data are ``much lower when compared to ethnicity, race, and sex 
response rates in HMDA data. For instance, roughly 71 percent of 
respondents in the [Paycheck Protection Program] data did not 
provide a response for race, compared to only 14.7 percent in the 
HMDA data. Roughly 66 percent of respondents in the [Paycheck 
Protection Program] data did not provide a response for ethnicity, 
compared to only 14.3 percent in the HMDA data.'') (citing Small 
Bus. Admin., Paycheck Protection Program Weekly Reports 2021, 
Version 11, at 9 (effective Apr. 5, 2021), https://www.sba.gov/sites/default/files/2021-04/PPP_Report_Public_210404-508.pdf.
---------------------------------------------------------------------------

    Ultimately, any applicant reluctance to provide demographic (or 
other applicant-provided data) pre-decision is not outweighed by the 
commonsense conclusion that applicants will be unwilling and 
unmotivated to provide information after being denied a request for 
credit. After a denial, an applicant will have no independent reason to 
continue discussions with the lender, much less respond to new requests 
for information. In this respect, 1071 data collection is distinct from 
current collection efforts by CDFIs that generally seek to collect 
demographic information for originated loans, but not denied loans. 
While CDFI commenters' practice of collecting demographic data at loan 
closing may make sense for other regulatory regimes, it would not be 
effective at capturing data on denied, incomplete, or withdrawn 
applications.\774\ Although some commenters asserted that response 
rates would be better if demographic information is collected post-
decision, significantly, none of the commenters were able to provide 
persuasive evidence in support of their assertion, to rebut the belief 
that applicants are unlikely to respond to information requests once 
they are no longer involved in the application process, or to offer a 
workable solution to ensure robust data collection post-decision. While 
one commenter suggested that financial institutions could collect 
applicant-provided data ``as part of remediation efforts for non-
approved loans,'' the commenter provided no specifics as to what this 
would entail, or how or why it would be effective.
---------------------------------------------------------------------------

    \774\ See, e.g., 12 CFR 1805.803 (identifying data collection 
and reporting requirements for the CDFI program, which provides that 
a financial institution recipient shall ``compile data on gender, 
race, ethnicity, national original, or other information on 
individuals that utilize its products and services . . . .'') 
(emphasis added).
---------------------------------------------------------------------------

    Next, commenters stated that permitting post-decision collection 
would minimize friction in the application process. These commenters 
argued that streamlining the application process is of paramount 
importance to their business, and any additional delay could frustrate 
the application process and lead to abandoned applications. The Bureau 
agrees that new Sec.  1002.107(c)(2)(i) may require financial 
institutions to take some minimal additional steps during the 
information gathering stage of the application process, but believes 
that these additional minimal steps are necessary to fulfill the 
purposes of section 1071 and should not impact meaningfully the rate of 
abandoned applications. Moreover, as discussed in the section-by-
section analysis of Sec.  1002.107(d), the Bureau has provided 
flexibilities for financial institutions to reuse some applicant-
provided data under certain circumstances, which may alleviate the

[[Page 35385]]

need for repeated collections. In response to an industry commenter's 
argument that applicants are unlikely to respond to 1071 data requests 
given the speed of certain application processes, the Bureau notes that 
the applicant is less likely to respond if the data is requested post-
decision when the applicant is no longer engaged in the process at all. 
Given the relatively limited time it would take to collect 1071 data, 
the Bureau also rejects commenters' assertion that requesting 1071 data 
will negatively impact whether a small business applies for credit at 
all. No commenter provided persuasive evidence that applicants will 
avoid seeking credit because of data collection under this rule.
    Commenters raised a handful of additional arguments. In response to 
a commenter's argument that the person initially completing the 
application may not be the business owner or have the requisite 
knowledge, the Bureau notes that new comment 107(c)(2)-2.v permits a 
financial institution to follow-up with additional attempts to collect 
the information through different means or at another time. Moreover, 
given that approximately 82 percent of small businesses are non-
employer firms,\775\ the Bureau believes in most instances the 
individual completing the form will have the relevant information.
---------------------------------------------------------------------------

    \775\ White Paper at 8; see also U.S. Small Bus. Admin., Off. of 
Advocacy, 2022 Small Business Profile, at 2 (2022), https://cdn.advocacy.sba.gov/wp-content/uploads/2022/08/30121338/Small-Business-Economic-Profile-US.pdf (identifying 33,185,550 small 
businesses, of which 27,104,006 have no employees).
---------------------------------------------------------------------------

    Next, in response to a comment that post-decision collection would 
ensure underwriters do not have access to protected demographic 
information, the Bureau agrees, but does not believe that such 
considerations trump the importance of ensuring data are collected in 
the first place. Indeed, the fact that ECOA section 704B(d)(2) 
contemplates that underwriters and other employees involved in making a 
credit determination may have access to applicant-provided data 
demonstrates that Congress envisioned that financial institutions may 
collect 1071 data before decisioning an application. In any event, 
concerns about access to demographic information are adequately 
addressed by the firewall provision in final Sec.  1002.108, as well as 
the general prohibition from discriminating on a prohibited basis in 
any aspect of a credit transaction in existing ECOA and Regulation B.
    Finally, one commenter indirectly took issue with the requirement 
to collect applicant-provided data in advance of notifying an applicant 
of action taken by noting that certain lenders would use decision 
scoring models to also determine whether the applicant is a ``small 
business,'' such that demographic information could only be collected 
after a decision is made on the application. Initially, the Bureau 
notes that nothing prevents a financial institution from inquiring 
whether the applicant is a ``small business,'' and if so, seeking 
applicant-provided data before decisioning the covered application. 
Indeed, as discussed in final comment 107(c)(2)-2.i, the earlier in the 
application process the financial institution initially seeks to 
collect applicant-provided data, the more likely the timing of 
collection is reasonably designed to obtain a response. The Bureau also 
does not agree that delaying communicating a credit decision to an 
applicant in order to acquire demographic or other applicant-provided 
data would violate ECOA and the Fair Credit Reporting Act. The Bureau 
does not believe there is a conflict between the laws; any delay would 
be minimal, would not affect the timeframes under existing Regulation B 
to provide required notices when decisioning a credit application,\776\ 
and could be avoided by collecting applicant-provided data in advance, 
as discussed above.\777\
---------------------------------------------------------------------------

    \776\ Existing Regulation B Sec.  1002.19(a)(1) requires a 
creditor to notify an applicant of action taken within 30 days after 
receiving a completed application.
    \777\ See Epic Sys. Corp. v. Lewis, 138 S. Ct. 1612, 1624 (2018) 
(``When confronted with two Acts of Congress allegedly touching on 
the same topic, this Court is not at `liberty to pick and choose 
among congressional enactments' and must instead strive `to give 
effect to both.' '' (citation omitted)).
---------------------------------------------------------------------------

    For the reasons discussed above, including that collection 
occurring post-final action would undermine the purposes of section 
1071, the Bureau is requiring financial institutions to maintain 
procedures to collect applicant-provided data before notifying the 
applicant of final action on the application.\778\ The Bureau is also 
adopting new comment 107(c)(2)-2.i, which provides additional guidance 
concerning when financial institutions must initially seek to collect 
1071 applicant-provided data. New comment 107(c)(2)-2.i clarifies that 
Sec.  1002.107(c)(2) requires that under no circumstances may the 
initial request for applicant-provided data occur simultaneous with or 
after notifying an applicant of final action taken on a covered 
application.\779\
---------------------------------------------------------------------------

    \778\ Although final Sec.  1002.107(c)(2)(i) requires collection 
before notifying an applicant of final action on an application, the 
Bureau anticipates that in the vast majority of cases financial 
institutions will also collect applicant-provided data before 
decisioning an application. The Bureau is requiring collection based 
on when an applicant is notified of final action on the application, 
however, given the concerns noted above (particularly related to the 
applicant's willingness to stay engaged) and because a financial 
institution may have an easier time controlling when an applicant is 
notified, versus when an application is decisioned.
    \779\ Nor may a financial institution seek to evade Sec.  
1002.107(c)(2)(i) by initially seeking to collect applicant-provided 
data after it has signaled to the applicant that its application has 
been decisioned and the likely outcome, even if the financial 
institution has not yet formally notified the applicant of action 
taken on the covered application. Such conduct would not constitute 
procedures reasonably designed to obtain a response, as required 
pursuant to Sec.  1002.107(c)(1).
---------------------------------------------------------------------------

    Although new Sec.  1002.107(c)(2)(i) requires a financial 
institution to make an initial collection attempt prior to notifying an 
applicant of action taken, new comment 107(c)(2)-2.v clarifies that a 
financial institution has latitude to make additional requests for 
applicant-provided data, including after notifying the applicant of 
action taken. In response to a trade association's request that the 
Bureau clarify how many times a financial institution must request 1071 
data, new comment 107(c)(2)-2.v clarifies that a financial institution 
is permitted, but not required, to make more than one attempt to obtain 
applicant-provided data if the applicant does not respond to an initial 
request. For example, a financial institution may decide to make 
multiple requests if it is concerned that applicants may not be as 
forthcoming early in the process, if it has multiple opportunities to 
request 1071 data that work well within its business processes, or as 
another method to encourage greater applicant response.
    Provisions primarily related to the manner of collection. New Sec.  
1002.107(c)(2)(ii) through (iv) sets forth provisions that financial 
institutions must incorporate into their procedures for collecting 
applicant-provided data directly from the applicant to ensure that such 
procedures are reasonably designed to obtain a response and do not 
discourage a response. New Sec.  1002.107(c)(2)(ii) requires financial 
institutions to maintain procedures that provide the request for 
applicant-provided data is prominently displayed or presented. New 
comment 107(c)(2)-2.ii provides further guidance on the requirement, 
clarifying that a financial institution must ensure an applicant 
actually sees, hears, or is otherwise presented with the request for 
applicant-provided data, and that if the request is obscured or likely 
to be overlooked or missed by the applicant, it is not reasonably 
designed. For example, a financial institution

[[Page 35386]]

seeking to collect 1071 data in connection with a digital application 
likely does not have reasonably designed procedures if it uses a 
bypassable hyperlink for 1071 data collection while other data are 
requested through click-through screens.
    New Sec.  1002.107(c)(2)(iii) requires that the financial 
institution's procedures must not have the effect of discouraging 
applicants from responding to a request for applicant-provided data. 
New comment 107(c)(2)-2.iii clarifies that a covered financial 
institution that collects applicant-provided data in a time or manner 
that directly or indirectly discourages or obstructs an applicant from 
responding or providing a particular response violates the rule. The 
comment also provides further guidance on procedures that may avoid the 
effect of discouraging a response. For example, comment 107(c)(2)-
2.iii.B explains a covered financial institution avoids discouraging a 
response by requiring an applicant to provide a response in order to 
proceed with a covered application, including, as applicable, a 
response of ``I do not wish to provide this information'' or similar. 
While optional, requiring an applicant to provide a response, 
particularly for the collection of demographic applicant information, 
may be one of the most effective methods a financial institution can 
use to maximize collection of such data.
    The Bureau notes that other aspects of this final rule are 
similarly directed at ensuring applicants are not discouraged from 
providing a response. For example, in response to a commenter's request 
that the Bureau provide potential disclosure language and sample 
collection forms financial institutions can use with applicants to 
allay concerns about how data will be used, the Bureau notes that the 
final rule provides for such required disclosure language and a sample 
disclosure form. For instance, final comments 107(a)(18)-4 and 
107(a)(19)-4, concerning collection of applicant demographic 
information, require financial institutions to inform the applicant 
both that a financial institution cannot discriminate on the basis of 
the applicant's responses to data collected pursuant to Sec.  
1002.107(a)(18) and (19) and that Federal law requires them to ask for 
an applicant's demographic information to help ensure that all small 
business applicants for credit are treated fairly and that communities' 
small business credit needs are being fulfilled. The Bureau believes 
such explanations, which are included in the sample data collection 
form in appendix E, are important to inform applicants why the request 
is being made and to assure them that financial institutions may not 
use the information collected for a discriminatory purpose.\780\
---------------------------------------------------------------------------

    \780\ In response to a community group's suggestion that the 
Bureau create a sample form with all required data elements, the 
Bureau notes that, except for collection of certain demographic 
information, many financial institutions already collect some or all 
of the data required by this final rule, or may opt do so in a 
myriad of ways. See the section-by-section analysis of appendix E 
for further discussion of why the Bureau is not adopting sample or 
model forms for the collection of other types of data required by 
this rule.
---------------------------------------------------------------------------

    Finally, new Sec.  1002.107(c)(2)(iv) requires that the financial 
institution's procedures include provisions that ensure applicants can 
easily respond to a request for applicant-provided data. New comment 
107(c)(2)-2.iv provides additional guidance and examples of procedures 
that would and would not make it easy for an applicant to provide a 
response. The comment further clarifies that a financial institution 
complies with Sec.  1002.107(c)(2)(iv) if it requests the applicant to 
respond to inquiries made pursuant to Sec.  1002.107(a)(18) and (19) 
through a reasonable method intended to keep the applicant's responses 
discrete and protected from view. For example, if an applicant is 
completing a paper application form, a financial institution may 
request that the applicant return a paper data collection form 
requesting demographic data in a sealed envelope provided by the 
financial institution.
    In response to a commenter's suggestion that the Bureau permit 
financial institutions to collect applicant-provided data through a 
variety of means, the Bureau notes that nothing requires a financial 
institution to request applicant-provided data in a single format or 
manner, and indeed new comment 107(c)(2)-2.iv expressly contemplates 
that a financial institution may use multiple methods to collect 
applicant-provided data.
Final Rule--Sec.  1002.107(c)(3) Procedures To Monitor Compliance
    The Bureau is adopting new Sec.  1002.107(c)(3) to require that a 
covered financial institution maintain procedures designed to identify 
and respond to indicia of potential discouragement, including low 
response rates for applicant-provided data. The Bureau is adopting new 
Sec.  1002.107(c)(3) in order to provide greater clarity and safeguards 
on the type of infrastructure financial institutions are expected to 
have in place in order to ensure compliance with final Sec.  
1002.107(c)(1) and (2). Although the Bureau anticipates that the 
particular components of a financial institution's procedures will vary 
from institution to institution, to provide regulatory clarity, new 
comment 107(c)(3)-1 provides a list of procedures the Bureau generally 
expects financial institutions will maintain in order to identify and 
respond to indicia of potential discouragement.\781\
---------------------------------------------------------------------------

    \781\ The Bureau acknowledges that financial institutions may 
not have all the necessary data to conduct a robust peer analysis of 
response rates until after 1071 data collection has been in effect 
for some period of time, and that the availability and robustness of 
a peer analysis will also depend on the extent to which 1071 data 
are made publicly available. In the meantime, the Bureau still 
expects financial institutions to monitor response rates internally 
and in comparison to public data, as available.
---------------------------------------------------------------------------

    In response to commenters' request for additional guidance on 
proposed comment 107(c)(1)-4, which would have required financial 
institutions to reassess on a periodic basis, based on available data, 
whether its procedures are reasonably designed to obtain a response, 
the Bureau notes that new Sec.  1002.107(c)(3) and comment 107(c)(3)-1 
clarify the type of monitoring expected of financial institutions. In 
response to a commenter's question about whether a financial 
institution is permitted or required to engage in testing beyond peer 
analysis, such as A/B testing or other methods, the Bureau notes that 
nothing in the final rule requires a financial institution to do so. 
While a financial institution is certainly free to experiment with 
different procedures to see which are most effective for its business 
model, a financial institution may typically comply with final Sec.  
1002.107(c) by following the minimum factors and guidelines set forth 
in final Sec.  1002.107(c)(1) through (3) and associated commentary. In 
response to a commenter's request for further guidance on what 
constitutes ``periodic'' peer testing, the Bureau notes initially that 
the term ``periodic'' does not appear in new Sec.  1002.107(c)(3) or 
its associated commentary. The Bureau does anticipate, however, regular 
monitoring under new Sec.  1002.107(c)(3) in order to identify and 
respond to indicia of potential discouragement. There is no designated 
number or time frame for how often that monitoring must occur; rather, 
the precise cadence and scope will vary depending on the financial 
institution's procedures for collecting applicant-provided data, its 
business model, and other relevant factors.
Final Rule--Sec.  1002.107(c)(4) Low Response Rates
    The Bureau is adopting new Sec.  1002.107(c)(4) to provide that a 
low

[[Page 35387]]

response rate for applicant-provided data may indicate discouragement 
or other failure by a covered financial institution to maintain 
procedures to collect applicant-provided data that are reasonably 
designed to obtain a response. Similar to proposed comment 107(c)(1)-4, 
which would have provided that a financial institution may compare its 
response rate to peer institutions as a method to assess whether its 
procedures are reasonably designed, final Sec.  1002.107(c)(4) 
identifies the importance of response rates as a method to assess 
whether a financial institution has reasonably designed procedures. The 
Bureau anticipates that in many instances, a low response rate may 
indicate a failure to comply with final Sec.  1002.107(c)(1) and (2). 
The Bureau is adopting Sec.  1002.107(c)(4) in order to provide covered 
financial institutions clarity on the type of information that may be 
used to assess a financial institution's procedures.
    The Bureau is adopting new comment 107(c)(4)-1 to provide further 
guidance on how to assess response rates. The comment clarifies that 
``response rate'' generally refers to whether the financial institution 
has obtained some type of response to requests for applicant-provided 
data (including, as applicable, a response from the applicant of ``I do 
not wish to provide this information'' or similar). However, 
significant irregularities in a particular response (for example, very 
high rates of ``I do not wish to provide this information'' or similar) 
may also indicate that a financial institution does not have reasonably 
designed procedures. In particular, significant irregularities may 
indicate the financial institution is somehow steering, improperly 
interfering with, or otherwise discouraging or obstructing an 
applicants' preferred response. New comment 107(c)(4)-1 further 
clarifies that response rates may be measured, as appropriate, as 
compared to financial institutions of a similar size, type, and/or 
geographic reach, or other factors, as appropriate.
    In response to commenters' concern that peer comparisons may not be 
an effective method to assess the reasonableness of a financial 
institution's procedures if all peers are not making reasonable 
efforts, the Bureau agrees that peer comparisons alone are not 
determinative. Comparing a financial institution's response rates to 
its peers is just one possible indicator of whether a financial 
institution has procedures reasonably designed to obtain a response. 
Even if a financial institution maintains a response rate commensurate 
with its peers, if all peers have low response rates overall or 
maintain procedures not reasonably designed to obtain a response, the 
financial institution may still violate Sec.  1002.107(c). The Bureau 
does not believe it would be appropriate at this time, however, to set 
a specific percentage or metric for response rates, as suggested by 
some commenters, as the appropriate response rate may depend on a 
number of factors, differ from institution to institution, and change 
over time, for example, as financial institutions refine their 
collection methods.
Requests for Special Treatment for Particular Types of Transactions or 
Types of Financial Institutions
    The Bureau is not adopting exceptions concerning the time and 
manner of collection of demographic information for particular types of 
transactions or by particular financial institutions, as requested by 
some commenters. For the reasons described below, the Bureau believes 
the same time and manner rules should apply across all covered credit 
transactions and all covered financial institutions.
    Initially, the Bureau believes that point of sale transactions 
should follow the same rules as all covered credit transaction types, 
and thus does not believe that an exemption for such transactions, as 
suggested by some commenters, would be appropriate. The Bureau 
understands that many (though not all) point of sale applications, 
particularly those for smaller credit amounts or to purchase particular 
goods in a store, are submitted on-site at the point of sale and 
decisioned in real time. Many of the commenters' arguments for 
exclusion of point of sale transactions were identical to the arguments 
set forth by commenters above for why financial institutions should be 
permitted to collect 1071 data after decisioning an application, 
including arguments based on the speed and fast-paced nature of the 
application process, that applicants would be discouraged from 
responding or proceeding with the transaction, and that the person 
completing the application may lack the requisite knowledge. For the 
same reasons discussed above, the Bureau likewise does not believe that 
an exemption would be appropriate for point of sale transactions.
    In response to commenters' concerns that applicants will not feel 
comfortable answering questions related to their ethnicity, race, and 
sex in a public place, the Bureau believes that financial institutions 
can develop procedures to accommodate collection in this setting, 
including by using the sample collection form developed by the Bureau 
(in paper or electronic format) or creating more private locations for 
the collection of data in-store. The Bureau also does not believe that 
specialized knowledge is necessary to collect these data, and believes 
that retailers and their employees can collect and maintain data with 
the necessary precautions to safeguard applicant information, as they 
do with other sensitive data provided in connection with a credit 
application. As to a commenter's argument that retailers will have 
limited motivation to collect small business lending data, the Bureau 
notes that a financial institution that retains a third party to offer 
its financial products has significant control and responsibility over 
how its products are offered, including the power and responsibility to 
require third-party partners to seek to collect required data and 
otherwise comply with applicable law. In response to a commenter's 
argument that data collected on point of sale transactions will reflect 
the retailer's, rather than the financial institution's, footprint, the 
Bureau notes that a financial institution chooses its retail partners. 
Finally, although some commenters asserted that the collection of 1071 
data will deter applicants from seeking credit or retailers from 
providing in-store private label credit, they provided no evidence to 
support this claim.
    Several commenters requested that if the Bureau includes point of 
sale or similar transactions in the final rule, the Bureau should 
nonetheless exempt such transactions under $50,000 or except such 
transactions from the requirement to obtain demographic data. These 
commenters stated that such an exemption would be consistent with 
FinCEN's customer due diligence rule, which excludes from certain of 
its requirements point of sale transactions to provide credit products 
solely for the purchase of retail goods/services up to a limit of 
$50,000. The Bureau is not adopting such an approach here, given the 
different purposes and requirements of the customer due diligence rule 
and section 1071. The purpose of FinCEN's rule is to improve financial 
transparency and prevent criminals and terrorists from misusing 
companies to disguise their illicit activities and launder their ill-
gotten gains.\782\ The

[[Page 35388]]

customer due diligence rule's exclusion for certain point of sale 
transactions is based on the ``very low risk posed by opening such 
accounts at [a] brick and mortar store.'' \783\ While the customer due 
diligence rule focuses on accounts (including certain originated 
loans), obtaining data on denials is essential to section 1071's 
purposes. Moreover, unlike FinCEN's rule, which requires covered 
financial institutions to collect certain essential information, 
section 1071 only requires that financial institutions seek to collect 
applicants' protected demographic information, and permits applicants 
to refuse to provide that information. Given these key differences, the 
Bureau is not adopting an exclusion for point of sale applications 
below $50,000. See also the section-by-section analysis of Sec.  
1002.104, which discusses requests for minimum transaction amount 
thresholds.
---------------------------------------------------------------------------

    \782\ See Fin. Crimes Enf't Network, Information on Complying 
with the Customer Due Diligence (CDD) Final Rule, https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule 
(last visited Mar. 20, 2023).
    \783\ Fin. Crimes Enf't Network, Guidance, at Q 29 (Apr. 3, 
2018), https://www.fincen.gov/sites/default/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf.
---------------------------------------------------------------------------

    Next, trade associations representing insurance premium finance 
lenders and insurance agents and brokers similarly argued that the 
Bureau's rule should not apply to insurance premium finance lenders, in 
part because such lenders cannot collect 1071 data until after funding. 
New Sec.  1002.104(b)(3) excludes insurance premium financing, 
therefore resolving these commenters' concerns.
    Finally, the Bureau does not believe it would be appropriate to 
categorically exclude captive vehicle finance lenders should be 
excluded from coverage. The commenter's request was primarily based on 
the argument that dealers--who primarily interact with applicants--are 
currently prohibited by ECOA from gathering certain protected 
demographic information. As further discussed in the section-by-section 
analysis of Sec.  1002.109(a)(3), Regulation B issued by the Board of 
Governors of the Federal Reserve System (12 CFR part 202) and 
applicable to dealers provides in comment 5(a)(2)-3 that ``[p]ersons 
such as loan brokers and correspondents do not violate the ECOA or 
Regulation B if they collect information that they are otherwise 
prohibited from collecting, where the purpose of collecting the 
information is to provide it to a creditor that is subject to [HMDA] or 
another Federal or State statute or regulation requiring data 
collection.'' In response to the commenter's concern that dealers may 
not be familiar with all required data under section 1071, such as 
gross annual revenue or ownership structure information, the Bureau 
first notes that dealers are often the last entity with authority to 
set the material credit terms of the covered credit transaction, and so 
are generally unlikely to be collecting 1071 data on behalf of other 
reporting financial institutions. Second, even in situations where the 
dealer is acting as a mere conduit, and thus may be collecting 
information on behalf of another financial institution, the Bureau 
expects that the dealer can request 1071 data from the applicant, just 
like a covered financial institution would do. Finally, the commenter's 
concerns that data must be collected at each stage of the process, 
potentially by multiple covered financial institutions, may be 
misplaced; nothing in the proposed or final rule would require a 
financial institution (or a third party collecting data on its behalf) 
to collect data multiple times in connection with a single covered 
application.
107(d) Previously Collected Data
Proposed Rule
    Proposed Sec.  1002.107(c)(2) would have permitted, but not 
required, a financial institution to reuse previously collected data to 
satisfy proposed Sec.  1002.107(a)(13) through (21) if the data were 
collected within the same calendar year as the current covered 
application and the financial institution had no reason to believe the 
data are inaccurate. The Bureau believed that, absent a reason to 
suspect otherwise, recently collected 1071 data are likely to be 
reliable.
    Proposed comments 107(c)(2)-1 through -7 would have provided 
additional guidance and examples of when certain data can be reused by 
a financial institution, including what data can be reused, when 
information is considered collected in the same year, when a financial 
institution may have reason to believe data are inaccurate, and when a 
financial institution may reuse data regarding minority-owned business 
status, women-owned business status, and data on the principal owners' 
ethnicity, race, and sex.
    The Bureau sought comment on Sec.  1002.107(c)(2) and associated 
commentary.
Comments Received
    The Bureau received comment on proposed Sec.  1002.107(c)(2) from a 
range of lenders, trade associations, and community groups. A few 
commenters noted that it is commonplace for lenders to receive multiple 
applications from a borrower. For example, a community bank stated that 
it is typical for borrowers to submit numerous loan requests during the 
year, and expressed concern about what it referred to as ``repetitive 
completion'' of data points. A trade association similarly noted that 
financial institutions often have customers with multiple facilities, 
which may have been obtained all at once or over time.
    Some commenters generally supported a provision that would allow 
financial institution to reuse certain data for some period of time. A 
community group supported allowing lenders to use previously collected 
data if an application is continued at a later date. However, the 
commenter urged against permitting reuse beyond a year, noting that the 
characteristics of the small business may change (such as revenue 
size).
    In response to the Bureau's request for comment on the issue, a 
number of commenters urged the Bureau to adjust the time frame for 
reuse. A CDFI lender urged that, at a minimum, the Bureau update the 
time frame to ``within 12 months,'' rather than the same calendar year, 
noting that there is no reason to believe data are inaccurate for 
applications submitted close in time, but that fall between two 
calendar years. A trade association urged the Bureau to permit reuse 
for ``the same or prior calendar year.'' The commenter argued that 
permitting reuse of data would reduce applicant burden and that it 
would be unnecessarily restrictive to require financial institutions to 
collect anew previously obtained data that is still likely to be 
accurate. The commenter further noted that a financial institution can 
repopulate previously provided data, and the applicant can certify that 
the data are still accurate or update the data. A community bank argued 
that a one-year period was too short considering that its agricultural 
clients often annually reapply for draw down lines of credit (used to 
purchase crop inputs for the year), during which period a borrower's 
small business and principal owner status are unlikely to change.
    A couple of community banks and group of trade associations urged 
the Bureau to permit reuse for a 24-month or two-year period. One of 
the banks stated that it is common for businesses to obtain a new 
product from a financial institution in the first three years, rather 
than the first year alone. Another trade association argued for a 
three-year reuse period. The commenter also argued that reuse should be 
permitted for any data the financial institution does not normally 
gather in connection with credit applications, such as data regarding 
minority-owned business status, women-owned business status,

[[Page 35389]]

and data on the principal owners' ethnicity, race, and sex, as well as 
gross annual revenue information if not typically collected. A 
community bank argued that if there are no changes to the data, a 
financial institution should be permitted to reuse data indefinitely. 
Finally, a community bank asserted that prior collected data should be 
reusable for the same amount of time across all data points, unless 
there is a reason to believe they are inaccurate. However, the 
commenter continued, reuse of gross annual revenue data should be 
updated every fiscal year and gender should be updated every year given 
that gender identity may change. The commenter asserted that ethnicity 
and race information about the principal owner(s) should not change 
absent a change in principal owner(s).
    In contrast, a community groups, community-oriented lenders, and 
business advocacy groups, as well as an individual commenter opposed 
reuse of prior collected data in certain circumstances. The joint 
letter and the minority business advocacy group specifically opposed 
reuse of information about a principal owner's ethnicity, race, and sex 
information if the business previously responded ``I do not wish to 
provide this information.'' The commenters asserted that opinions may 
shift, which may make a person more likely to provide the requested 
information. The commenters further noted that it is not a big burden 
on financial institutions to attempt to gather the information again 
and doing so goes to the purposes of section 1071. An individual 
commenter argued that the proposed reuse of previously collected data 
about an applicant's sex, sexual orientation and gender identification 
would have a negative impact on members of the LGBTQ community. The 
commenter was concerned that information collected for one purpose 
would be used for a non-intended purpose, such as to classify and 
segregate LGBTQ members applying for a small business loan. The 
commenter stated that by collecting data on an applicant's sex, sexual 
orientation, and gender identification, LGBTQ members are at risk that 
their data may be used for unintended purposes outside 1071 data 
collection.
    In response to the Bureau's request for comment on whether 
financial institutions should be required to notify applicants that 
information they provide may be reused for subsequent applications, one 
community bank suggested the Bureau add a disclosure on the sample data 
collection form noting that the information may be reused, and if the 
information has changed, to inform the applicant's lender.
    A community bank asked how the reuse provision could be implemented 
in light of the proposed firewall provision. The commenter noted that 
because the firewall provision prohibits review by underwriters of 
demographic information, it is unclear how a financial institution can 
reasonably rely on data collected in the same calendar year if that 
data is inaccessible to the lender. Another commenter asked for 
clarification whether data (specifically demographic data) collected in 
prior years could be reused, and what to do if there are multiple 
collections. Specifically, the commenter gave the example of an 
applicant that provides demographic information for one application, 
and then chooses not to provide demographic information for a 
subsequent application, and asking which collection should be reported.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.107(d) (proposed as Sec.  1002.107(c)(2)) to permit, but not 
require, a financial institution to reuse previously collected data to 
satisfy Sec.  1002.107(a)(13) through (20) if (a) the data were 
collected within the 36 months preceding the current covered 
application (except that to satisfy Sec.  1002.107(a)(14), on gross 
annual revenue, the data must be collected within the same calendar 
year as the current covered application) and (b) the financial 
institution has no reason to believe the data are inaccurate. As 
discussed above, the majority of commenters to weigh in on this issue 
supported reuse of data for some period of time, with many commenters 
urging the Bureau to extend the time period for reuse from the same 
calendar year to multiple years. As noted by one bank, it is common for 
businesses to seek a new product within three years of a prior 
origination, with fewer requests occurring within one year. Allowing 
reuse will also reduce the need for applicants to repeatedly provide 
the same information over a short period of time, as noted by some 
commenters. The Bureau also believes permitting reuse will reduce 
burden on financial institutions, particularly those with an 
established relationship with a business. In addition, the Bureau 
believes that permitting reuse will assist in fast-paced transactions, 
such as requests for additional credit amounts on an existing account. 
Based on these reasons and the feedback from commenters, the Bureau now 
believes that 36 months strikes the appropriate balance of permitting 
reuse for a short enough period of time that the data are likely to be 
reliable, while also permitting a long enough period of reuse to avoid 
a financial institution from having to make repeated information 
requests to returning customers.
    In response to a commenter's concern that characteristics of a 
small business may change during a time period greater than a year, the 
Bureau notes that any dramatic shifts will likely be known to a 
financial institution considering a new covered application. In those 
circumstances, the financial institution either will have already 
collected updated information (in which case the updated information 
would be reported pursuant to final comment 107(d)-4) or the financial 
institution will have reason to believe certain data are inaccurate, in 
which the case the financial institution cannot reuse that data 
pursuant to final Sec.  1002.107(d)(2). Indeed, the Bureau believes 
that final Sec.  1002.107(d)(2), the provision prohibiting reuse of 
data if the financial institution has reason to believe the prior 
collected data are inaccurate, will identify the majority of situations 
where the data are no longer reliable. For example, as set forth in 
final comment 107(d)-6, a financial institution may have reason to 
believe data are inaccurate if it knows that the applicant has had a 
change in ownership or a change in an owner's percentage of ownership. 
Similarly, a financial institution may also have reason to know data 
are inaccurate if the business indicates that is has opened several new 
store locations recently. In that case, the financial institution may 
have reason to ask for updated data on gross annual revenue, number of 
workers, and potentially other data points.
    Some commenters raised concerns about reuse of data regarding a 
principal owner's race, sex, and ethnicity information, particularly if 
the business previously responded ``I do not wish to provide this 
information.'' Another commenter stated that identities, and 
particularly gender identity, may shift, and so the information should 
be collected at least every year. The Bureau understands that how an 
applicant wishes to identify may shift over time. However, as noted 
above, the Bureau believes that a 36-month period provides the right 
balance of permitting reuse for a period of time to reduce repetitive 
collections, but also require financial institutions collect the data 
anew once a substantial amount of time has passed. Although the final 
rule permits reuse of applicant demographic data pursuant to final 
Sec.  1002.107(d), final comment 107(d)-9 provides that a financial 
institution may not reuse data

[[Page 35390]]

to satisfy Sec.  1002.107(a)(18) and (19) unless the data were 
collected in connection with a prior covered application pursuant to 
subpart B. The Bureau believes that reuse of applicant demographic data 
should be limited in this manner to ensure that data reported were 
collected in a manner that aligns with the protections and selection 
options set forth in final Sec.  1002.107(a)(18) and (19).
    Although the Bureau is finalizing Sec.  1002.107(d) to permit reuse 
of certain data collected within a 36-month period, the Bureau notes 
that a financial institution may--at any time, even outside a three-
year period--use reasonable procedures to reaffirm data previously 
collected. The Bureau understands that many financial institutions have 
years of experience serving a particular small business's credit needs 
and so may seek to streamline new credit requests to avoid duplicative 
or unnecessary collection efforts. In this respect, it is important to 
note that the final rule does not prevent a financial institution from 
identifying efficient ways to gather 1071 required data, including by 
leveraging prior 1071 data to streamline the collection process. For 
example, even if it has been more than three years since a business 
submitted an application for credit, a financial institution may 
reaffirm prior collected data about whether the business is minority-
owned, women- owned, and LGBTQI+-owned, and the ethnicity, race, and 
sex of the principal owners of the business by, for example, providing 
the applicant with a data collection form pre-populated with its prior 
responses and confirming with the applicant that the information 
remains accurate or making any changes noted by the applicant. Methods 
that reaffirm prior collected data may be particularly useful in 
faster-paced transactions, such as requests for additional credit 
amounts.
    A bank asked how the reuse provision can be implemented in light of 
the proposed firewall provision, noting that because the firewall 
provision prohibits review by underwriters of demographic information, 
it is unclear how a financial institution can reasonably rely on 
previously collected data if it is inaccessible to the lender. The 
Bureau does not believe that the firewall provision in final Sec.  
1002.108 will conflict or render unusable the reuse provisions in final 
Sec.  1002.107(d), as suggested by some commenters. Initially, the 
Bureau notes that the firewall provision only applies to information 
regarding whether the applicant is a minority-owned business, a women-
owned business, or an LGBTQI+-owned business under Sec.  
1002.107(a)(18) and regarding the ethnicity, race, and sex of the 
applicant's principal owners under Sec.  1002.107(a)(19), but not other 
applicant-provided data. In any event, if an employee or officer is 
typically tasked with collecting data required under Sec.  
1002.107(a)(18) and (19), and is otherwise not involved in making any 
determination concerning a covered application, providing that employee 
with access to an applicant's prior responses to data requests under 
Sec.  1002.107(a)(18) and (19) would not violate the firewall. Thus, 
final comment 108(a)-1(ii)(f) provides the example that reviewing 
previously collected data to determine if it can be used for a later 
covered application pursuant to Sec.  1002.107(d) is not an activity 
that constitutes being involved in making a determination regarding a 
covered application. Finally, if a financial institution determines 
that it is not feasible to limit an employee's or officer's access to 
an applicant's prior responses to the financial institution's inquiries 
under final Sec.  1002.107(a)(18) and (19) and provided the notice 
required under final Sec.  1002.108(d) to the applicant at the time the 
data were collected, the financial institution can permit that employee 
or officer to reuse the collected data for a 36-month period as set 
forth in final Sec.  1002.107(d).
    In response to a commenter's question concerning what previously 
reported data can be used, and how to resolve conflicting answers 
provided at different times, the Bureau notes that final comment 
107(d)-4 provides that a financial institution should use updated 
information if available.
    In response to its request for comment on the issue in the NPRM, 
the Bureau received feedback from an industry commenter that the sample 
data collection form should include a disclosure that information can 
be reused for section 1071 reporting purposes, and that an applicant 
should inform its lender if there have been any changes. The Bureau is 
finalizing the sample data collection form without a disclosure about 
potential reuse of data. Including such language could distract an 
applicant from other language on the form (such as why the data is 
being collected) and risks potentially confusing an applicant, who 
might not understand that reuse is limited to 1071. Relatedly, the 
collection form accurately identifies why the information is being 
collected whether or not the data are later reused--to help ensure that 
all small business applicants are treated fairly and that communities' 
small business credit needs are being fulfilled.
    Final comment 107(d)-1 (proposed as comment 107(c)(2)-1) is revised 
to clarify that reuse of data pursuant to final Sec.  1002.107(d) is 
limited to reuse for the purpose of reporting such data pursuant to 
Sec.  1002.109. In response to an individual commenter's concern about 
potential misuse of 1071 data, the Bureau has adopted new Sec.  
1002.110(e), which prohibits a financial institution from disclosing or 
providing to third parties the information it collects pursuant to 
final Sec.  1002.107(18) and (19) except in limited circumstances. In 
addition, financial institutions remain prohibited from using 1071 
data--particularly data about whether the business is minority-owned, 
women-owned, or LGBTQI+-owned, and the ethnicity, race, and sex of the 
principal owners of the business--in a manner that violates ECOA, 
existing Regulation B, or any other applicable law. For example, 
existing Sec.  1002.4(a) prohibits a creditor from discriminating 
against an applicant on a prohibited basis in any aspect of a credit 
transaction. Similarly, existing Sec.  1002.6(b)(1) prohibits a 
creditor from taking a prohibited basis into account in any system of 
evaluating the creditworthiness of an applicant, except as expressly 
provided for by ECOA or Regulation B. Thus, just because this final 
rule gives a financial institution permission to collect ethnicity, 
race, and sex/gender information for the limited purposes of section 
1071, a financial institution still remains prohibited from considering 
that data in a manner that violates ECOA, existing Regulation B, or any 
other applicable law.
    Final comments 107(d)-2 and -3 (proposed as comments 107(d)-2 and -
3) contain minor revisions for consistency and clarity. Final comment 
107(d)-2 identifies the particular data that can be reused. The comment 
also clarifies that other data required by final Sec.  1002.107(a) 
cannot be reused, as those data points are specific and unique to each 
covered application. Final comment 107(d)-3 clarifies instances where 
data have not been ``previously collected'' and so cannot be reused 
under final Sec.  1002.107(d).
    The Bureau is adopting new comment 107(d)-4 to clarify that if a 
financial institution obtains updated information relevant to the data 
required to be collected and reported pursuant to final Sec.  
1002.107(a)(13) through (20), and the applicant subsequently submits a 
new covered application, the financial institution must use the updated 
information in connection with the new covered application or seek to 
collect the data again. Final comment

[[Page 35391]]

107(c)(2)-4 also provides an example of updated information.
    Final comment 107(d)-5 (proposed as comment 107(c)(2)-4) is revised 
to provide guidance on how to measure the 36-month period for potential 
reuse of certain data, and provides an illustrative example.
    Final comment 107(d)-6 (proposed as comment 107(c)(2)-5) contains 
minor revisions for consistency and clarity, and an example of when a 
financial institution has reason to believe data may be inaccurate and 
so cannot be reused for a subsequent covered application.
    As noted above, final Sec.  1002.107(d)(1) permits a financial 
institution to reuse gross annual revenue data if collected within the 
same calendar year as the current covered application. The Bureau is 
adopting a narrower window for the reuse of gross annual revenue data 
than other previously collected data given the language in ECOA section 
704B(e)(2)(F) requiring financial institutions to compile ``gross 
annual revenue of the business in the last fiscal year . . . preceding 
the date of the application.'' Given that the statute identifies a 
specified time frame for the collection of gross annual revenue, it 
would be more consistent with the statute to permit reuse of gross 
annual revenue only within the same calendar year. Moreover, given that 
gross annual revenue data already looks back to the prior fiscal year, 
adding an additional 36-month period could affect data quality. The 
Bureau is also adopting new comment 107(d)-7 to provide guidance on 
when gross annual revenue information is considered collected in the 
same calendar year, and so may be reused by a financial institution in 
certain circumstances. In particular, the comment discusses 
applications that span more than one calendar year.
    The Bureau is adopting new comment 107(d)-8 to clarify that if a 
financial institution decides to reuse data about the applicant's time 
in business, the financial institution must update the data to reflect 
the passage of time, and provides an illustrative example.
    Lastly, final comment 107(d)-9 (proposed as comments 107(c)(2)-6 
and -7) is revised to provide guidance on when data regarding minority-
owned business status, women-owned business status, LGBTQI+-owned 
business status, and data on the principal owners' ethnicity, race, and 
sex may be reused by a financial institution in a subsequent covered 
application.

Section 1002.108 Firewall

Background
    ECOA section 704B(d) generally limits the access of certain 
individuals at a financial institution or its affiliates to certain 
information provided by an applicant pursuant to section 1071. The 
Bureau calls this requirement in 704B(d) to limit access to information 
a ``firewall.''
    More specifically, ECOA section 704B(d)(1) states that ``[w]here 
feasible,'' underwriters and other officers and employees of a 
financial institution or its affiliates ``involved in making any 
determination concerning an application for credit'' cannot have access 
to any information provided by the applicant pursuant to a request 
under 704B(b). That is, the statute limits access not only by 
underwriters and persons making an underwriting decision but also by 
anyone else involved in making any determination concerning an 
application. However, it does not expressly define the term 
``feasible'' or provide clarification regarding what it means to be 
``involved in making any determination concerning an application for 
credit.''
    Additionally, under ECOA section 704B(d)(2), if a financial 
institution determines that an underwriter, employee, or officer 
involved in making a determination ``should have access'' to any 
information provided by the applicant pursuant to a request under 
704B(b), the financial institution must provide a notice to the 
applicant of the underwriter's access to such information, along with 
notice that the financial institution may not discriminate on the basis 
of such information. Section 704B(d)(2) does not expressly define or 
describe when an underwriter, employee, or officer ``should have 
access,'' nor does it explain the relationship, if any, between when a 
financial institution determines that an individual ``should have 
access'' under 704B(d)(2) and whether it is ``feasible'' to implement 
and maintain a firewall under 704B(d)(1).
Proposed Rule
    Scope of the firewall. In the NPRM, the Bureau explained its belief 
that section 1071 is ambiguous with respect to the meaning of ``any 
information provided by the applicant pursuant to a request under 
subsection (b).'' On the one hand, ECOA section 704B(b)(1) directs 
financial institutions to inquire whether a business is ``a women-
owned, minority-owned, or small business,'' so the phrase could be 
interpreted as referring only to these three data points. However, 
section 704B(e) indicates that the scope of 704B(b) is much broader. It 
instructs financial institutions that ``information provided by any 
loan applicant pursuant to a request under subsection (b) . . . shall 
be itemized in order to clearly and conspicuously disclose'' data 
including the loan type and purpose, the amount of credit applied for 
and approved, and gross annual revenue, among other things. In other 
words, 704B(e) designates all of the information that financial 
institutions are required to compile and maintain--not simply an 
applicant's status as a women-owned, minority-owned, or small 
business--as information provided by an applicant ``pursuant to a 
request under subsection (b).''
    Information deemed provided pursuant to 704B(b) is subject not only 
to the firewall under 704B(d) but also to a right to refuse under 
704B(c) and separate recordkeeping requirements under 704B(b)(2). 
Applying these special protections to many of the data points in 
704B(e), such as an applicant's gross annual revenue or the amount 
applied for, would be extremely difficult to implement because this 
information is critical to financial institutions' ordinary operations 
in making credit decisions.
    In order to resolve these ambiguities, the Bureau gave different 
meanings to the phrase ``any information provided by the applicant 
pursuant to a request under subsection (b)'' with respect to ECOA 
section 704B(e) as opposed to 704B(b)(2), (c), and (d). With respect to 
the scope of the firewall, the Bureau interpreted the phrase to refer 
to the data points in proposed Sec.  1002.107(a)(18) (minority-owned 
business status) and proposed Sec.  1002.107(a)(19) (women-owned 
business status), as well as proposed Sec.  1002.107(a)(20) (ethnicity, 
race, and sex of principal owners). None of these data points has any 
bearing on the creditworthiness of the applicant. Moreover, a financial 
institution generally could not inquire about this demographic 
information absent section 1071's mandate to collect and report the 
information, and ECOA prohibits a financial institution from 
discriminating against an applicant on the basis of the information. 
Thus, the Bureau believed that the best effectuation of congressional 
intent was to apply section 1071's limitation on access and right to 
refuse provisions to all demographic information collected pursuant to 
section 1071 and not to whether an applicant is a small business or any 
of the non-demographic data points proposed in Sec.  1002.107(a).

[[Page 35392]]

    Accordingly, the Bureau proposed that financial institutions need 
only limit access under ECOA section 704B(d) to an applicant's 
responses to the financial institution's specific inquiries regarding 
women-owned business status and minority-owned business status and the 
ethnicity, race, and sex of principal owners, but not to an applicant's 
small business status.\784\ Additionally, the proposal would have 
clarified that this prohibition on allowing certain employees and 
officers to access certain information does not extend to ethnicity or 
race information about principal owners that the financial institution 
collects via visual observation or surname. It would have also 
clarified that the prohibition does not extend to an applicant's 
responses to inquiries regarding demographic information made for 
purposes other than data collection pursuant to section 1071 or to an 
employee's or officer's knowledge due to activities unrelated to the 
inquiries made to satisfy the financial institution's obligations under 
section 1071 (e.g., an employee knows that the applicant is a minority-
owned business or women-owned business due to information provided to 
qualify for a special purpose credit program or an officer knows a 
principal owner's ethnicity, race, or sex due to participation in a 
community group or association).
---------------------------------------------------------------------------

    \784\ SBREFA Outline at 36-37.
---------------------------------------------------------------------------

    As noted above, section 1071 prohibits access to certain 
information by underwriters and other officers and employees of a 
financial institution or its affiliates ``involved in making any 
determination concerning an application for credit.'' Consistent with 
the statute, the Bureau proposed that a financial institution need only 
prohibit the access of an employee or officer to demographic 
information pursuant to section 1071 if that employee or officer is 
involved in making a determination concerning an applicant's covered 
application. The Bureau further proposed defining the phrase ``involved 
in making any determination concerning a covered application'' to mean 
participating in a decision regarding the evaluation of a covered 
application, including the creditworthiness of an applicant for a 
covered credit transaction. The NPRM noted that this group of employees 
and officers includes, but is not limited to, employees and officers 
who serve as underwriters. Additionally, the NPRM would have explained 
that the decision that the employee or officer makes or participates in 
must be about a specific covered application. An employee or officer 
would not be involved in making a determination concerning a covered 
application if the employee or officer is involved in making a decision 
that affects covered applications generally, the employee or officer 
interacts with small businesses prior to them becoming applicants or 
submitting a covered application, or the employee or officer makes or 
participates in a decision after the financial institution has taken 
final action on the application, such as decisions about servicing or 
collecting a covered credit transaction.
    Feasibility of establishing and maintaining a firewall. In the 
NPRM, the Bureau also noted that ECOA section 704B(d) contains 
significant ambiguities with respect to how financial institutions, in 
practical terms, should determine how to implement a firewall to limit 
access to certain information provided by applicants pursuant to 
section 1071. Indeed, based on feedback from stakeholders during the 
SBREFA process, it appeared that in many instances financial 
institutions that find it not ``feasible'' to implement and maintain a 
firewall will be the same institutions determining that relevant 
individuals ``should have access'' to the information provided by an 
applicant pursuant to 704B(b). The Bureau believed that reading these 
two provisions in isolation from each other would likely result in 
significant confusion and challenges, particularly for smaller 
financial institutions.
    Accordingly, the Bureau proposed that section 1071's firewall 
requirement be implemented by reading the ``should have access'' 
language in ECOA section 704B(d)(2) in conjunction with the 
``feasibility'' language in 704B(d)(1). As proposed, it would not be 
feasible for a financial institution to implement and maintain a 
firewall with respect to a given employee or officer involved in making 
a determination concerning a covered application if the financial 
institution determines that employee or officer should have access to 
one or more of the applicant's responses to the financial institution's 
inquiries under proposed Sec.  1002.107(a)(18) through (20). 
Conversely, it would be feasible for a financial institution to 
implement and maintain a firewall if the financial institution 
determines that no employee or officer involved in making a 
determination concerning a covered application should have access to 
the applicant's responses to the financial institution's inquiries 
under proposed Sec.  1002.107(a)(18) through (20). Thus, the Bureau 
proposed that the prohibition on certain individuals accessing 
information as set forth in proposed Sec.  1002.108(b) would not apply 
to an employee or officer if the financial institution determines that 
it is not feasible to limit that employee's or officer's access to one 
or more of an applicant's responses to the financial institution's 
inquiries under proposed Sec.  1002.107(a)(18) through (20), and the 
financial institution provides the notice required under proposed Sec.  
1002.108(d) to the applicant.
    The Bureau further proposed that it is not feasible to limit access 
as required pursuant to proposed Sec.  1002.108(b) if the financial 
institution determines that an employee or officer involved in making 
any determination concerning a covered application should have access 
to one or more applicants' responses to the financial institution's 
inquiries under proposed Sec.  1002.107(a)(18) through (20). The Bureau 
proposed to define the phrase ``should have access'' to mean that an 
employee or officer may need to collect, see, consider, refer to, or 
otherwise use the information to perform that employee's or officer's 
assigned job duties. As proposed, a financial institution may determine 
that an employee or officer should have access for purposes of proposed 
Sec.  1002.108 if that employee or officer is assigned one or more job 
duties that may require the employee or officer to collect (based on 
visual observation, surname, or otherwise), see, consider, refer to, or 
use information otherwise subject to the prohibition in proposed Sec.  
1002.108(b). The employee or officer would not have to be required to 
collect, see, consider, refer to or use such information or to actually 
collect, see, consider, refer to or use such information. It would be 
sufficient if the employee or officer might need to do so to perform 
the employee's or officer's assigned job duties. Additionally, a 
financial institution may determine that all employees or officers with 
the same job description or assigned duties should have access for 
purposes of proposed Sec.  1002.108. However, if a financial 
institution determines that one or more employees or officers involved 
in making any determination concerning a covered application should 
have access for purposes of proposed Sec.  1002.108, the financial 
institution would have been responsible for ensuring that the employees 
or officers only access and use the protected information for lawful 
purposes.
    Exception to establishing and maintaining a firewall. As explained 
above, the Bureau proposed to implement the statutory exception to the 
requirement to establish and maintain a firewall in Sec.  1002.108. The

[[Page 35393]]

exception would allow financial institutions to give certain employees 
or officers access to protected demographic information if the 
financial institution determines that they should have access to that 
information. However, in such circumstances, the financial institution 
would need to comply with the statutory requirement to provide a notice 
in lieu of limiting access. Thus, the Bureau proposed that, in order to 
satisfy the exception, as set forth in proposed Sec.  1002.108(c), a 
financial institution would be required to provide a notice.
    The Bureau proposed that the financial institution be required to 
provide the notice to, at least, each applicant whose responses to the 
financial institution's inquiries under proposed Sec.  1002.107(a)(18) 
through (20) would be accessed by an employee or officer involved in 
making a determination concerning that applicant's covered application. 
As an alternative, the Bureau proposed that the financial institution 
could provide the required notice to a larger group of applicants, 
including all applicants, if it determines that one or more officers or 
employees should have access to protected demographic information.
    The Bureau further proposed that the notice provided to satisfy the 
exception in proposed Sec.  1002.108(c) must inform the applicant that 
one or more employees and officers involved in making determinations 
concerning the applicant's covered application may have access to the 
applicant's responses regarding the applicant's minority-owned business 
status, its women-owned business status, and its principal owners' 
ethnicity, race, and sex. The Bureau proposed language for the required 
notice and stated that a financial institution would be required to use 
the language set forth in proposed comment 108(d)-2 or substantially 
similar language when providing the notice.
    The Bureau also proposed timing requirements for providing the 
notice. The Bureau proposed that, if the financial institution provides 
the notice orally, it must provide the notice prior to asking the 
applicant if it is a minority-owned business or women-owned business 
and prior to asking for a principal owner's ethnicity, race, or sex. If 
the financial institution provided the notice on the same paper or 
electronic data collection form as the inquiries about minority-owned 
business status, women-owned business status, and the principal owners' 
ethnicity, race, or sex, the financial institution would have been 
required to provide the notice at the top of the form. If the financial 
institution provided the notice required by proposed Sec.  1002.108(d) 
in an electronic or paper document that is separate from the data 
collection form inquiring about the applicant's minority-owned business 
status, its women-owned business status, and its principal owners' 
ethnicity, race, and sex, the financial institution would have been 
required to provide the notice at the same time as or prior to 
providing the data collection form. Additionally, the NPRM would have 
clarified that the notice required pursuant to proposed Sec.  
1002.108(d) must be provided with the non-discrimination notices 
required pursuant to proposed Sec.  1002.107(a)(18) through (20).
    Requests for comment. The Bureau sought comment on its proposed 
approach to the statutory firewall requirement and whether a different 
approach might result in a better policy outcome. The Bureau also 
sought comment on the scope of the proposed firewall requirement and 
the exception to establishing and maintaining a firewall. The Bureau 
specifically sought comment on whether the proposed firewall should 
apply to information about principal owners' ethnicity and race that is 
obtained via visual observation and/or surname analysis. Finally, the 
Bureau generally requested comment on whether additional clarification 
is needed regarding the firewall requirement.
Comments Received
    The Bureau received comments on its proposed approach to the 
firewall requirement from a wide range of commenters including lenders, 
trade associations, business advocacy groups, community groups, small 
business owners and other individuals, and members of Congress. A 
majority of these comments addressed the feasibility of establishing 
and maintaining a firewall and/or addressed the notice required to rely 
on the exception. Numerous commenters sought the elimination of or 
exemptions to the firewall requirement. Other commenters sought 
additional guidance on some or all of the firewall provisions, 
including the scope of the firewall and determining who ``should have 
access'' to the protected information.
    General. A community group commenter said that the proposed 
firewall provisions appropriately protect applicants, and another 
stated that the formulation of the proposed firewall provisions was 
reasonable. A CDFI lender said that while smaller financial 
institutions might not be able to establish and maintain a firewall, 
the NPRM provided sufficient flexibility in its firewall provisions to 
facilitate implementation. A women's business advocacy group encouraged 
the Bureau to look at ways to make a more secure firewall and noted 
that the feasibility standard in the proposed rule seemed to remove the 
firewall's effectiveness. Another commenter cautioned that the proposed 
firewall would not stop lenders from using information inappropriately 
and in a manner that harms small business applicants.
    In contrast, a large number of lenders, trade associations, and 
individual commenters requested that the Bureau eliminate the firewall. 
Some of these commenters said that the firewall should be eliminated 
because it would create competitive disadvantages or overburden certain 
financial institutions. Others said that it should be eliminated 
because the firewall would overburden all covered financial 
institutions. Many commenters said that the firewall will add 
complexity, create burden and regulatory risk, and/or increase the cost 
of compliance. A few commenters said that the firewall provisions could 
result in financial institutions being required to purchase or create 
new technology or systems. Some commenters noted that the additional 
expense could result in an increased cost of credit, limited access to 
credit, and/or the cessation of certain products being offered. One 
commenter further stated that the costs of such a requirement would 
likely decimate small businesses' access to credit because financial 
institutions will either decrease or stop their small business lending.
    One bank commenter asked that the Bureau create a simple way for 
the commenter to certify that the firewall concept cannot work for its 
entire institution without exception, equivocation, or a repetitive 
review. This commenter further indicated that it would provide a short 
and simple disclosure (one half of a letter size page or less) to all 
of its commercial applicants to document its compliance. The commenter 
said that the proposed firewall requirements gave it concern and 
appeared to be a ``gotcha'' clause in the proposed rule. In particular, 
they indicated it was concerned with a portion of proposed comment 
108(c)-1 that would have said that a financial institution cannot 
permit all employees and officers to have access simply because it has 
determined that one or more employees or officers should have access.
    Some commenters said that they had not been able to devise a 
workable method for improving what they called

[[Page 35394]]

the firewall's ``prohibit-or-disclose regime,'' and suggested that the 
Bureau needed to exercise its statutory authority to eliminate the 
firewall provision. These commenters and others also noted that 
eliminating the firewall requirement would align the rule implementing 
section 1071 with HMDA/Regulation C, which they said has required 
collection of demographic information for decades without any known 
incidents, despite the absence of any firewall.
    Some commenters said that the Bureau should eliminate the firewall 
because it is unnecessary. A commenter also noted that the firewall 
requirement presents unique compliance challenges because the 
requirement is different than HMDA and will require unique systems. A 
few commenters said that the firewall serves no purpose or has no 
practical value. A few other commenters noted that the firewall is 
impractical or serves no purpose when applications are not anonymous, 
such as in smaller communities or where the employee or officer making 
determinations has an existing relationship with the applicant.
    A few commenters asked the Bureau to create a platform, portal, or 
other system for applicants to report demographic information directly 
to the Bureau so that financial institutions could avoid having to 
intake such information at all.
    Scope of the firewall. Comments on the scope of the proposed 
firewall requirement largely requested clarification. These commenters 
requested additional guidance regarding the types of employees and 
officers that would be subject to the firewall with one commenter 
asserting that the standard in the proposed rule was vague and 
subjective. This commenter also requested additional clarity regarding 
the definition of the phrase ``involved in making any determinations 
concerning an application for credit.'' Some commenters requested that 
specific groups of employees (such as software engineers and data 
scientists, bankers and managers who provide information or counseling 
on available credit products, and employees who gather information and 
submit applications to unrelated financial institutions who may take 
assignments of the credit contract) explicitly be excluded from the 
scope of the firewall requirement. However, a trade association said it 
supported the proposed definition of the phrase ``involved in making 
any determination concerning a covered application.''
    One commenter specifically agreed that the firewall should not 
extend to an applicant's status as a small business.
    Regarding application of the proposed firewall requirement to 
demographic information collected via visual observation or surname, 
one commenter requested guidance on how to comply with the firewall for 
such information. Another commenter urged the Bureau not to include 
information collected via visual observation or surname within the 
scope of the firewall. In contrast, another commenter noted that if the 
firewall is meant to prevent a credit decision based on protected 
information, it should not matter how the demographic information is 
collected.
    Some commenters requested clarification or guidance regarding the 
firewall's applicability to information collected pursuant to HMDA or 
other laws or regulations. One commenter said that an employee or 
officer should not be subject to the firewall if the employee or 
officer accessed demographic information collected pursuant to section 
1071 in order to satisfy HMDA or another regulatory requirement.
    A commenter said that the firewall should only apply to 
applications originated completely online.
    Feasibility of establishing and maintaining a firewall. A 
significant majority of the comments about the firewall provisions 
specifically addressed the feasibility of establishing and maintaining 
a firewall. Overwhelmingly, these commenters said that the firewall 
would be impossible, difficult, inefficient, and/or costly to implement 
for certain financial institutions.
    Numerous commenters said that the firewall is not or may not be 
feasible for smaller institutions, such as credit unions and other 
community-based financial institutions with limited staff and 
resources. Numerous commenters also said that the firewall would not be 
workable with some business models, loan processes, and/or decision-
making structures. Specifically, commenters asserted that the firewall 
would be impossible or impractical with high-contact and relationship-
based lending models and with lending models that rely on loan officers 
to collect information from applicants. One commenter said that the 
logistics of implementing a firewall would be too much for most 
lenders.
    While some commenters said that the firewall requirement would 
unfairly burden and punish smaller financial institutions or 
traditional financial institutions in favor of larger financial 
institutions and online lenders, others said that the firewall may not 
be feasible for larger institutions or online lenders. Specifically, 
some commenters said that the firewall would not be feasible for larger 
institutions because they would have to make substantial investments in 
technology to implement a firewall. One commenter said that while it 
was a larger financial institution, its business lending department was 
small, which would make establishing and maintaining a firewall 
impossible, infeasible, or burdensome.
    Many commenters said that lenders would need to change their 
operations, hire additional staff, reconfigure systems, and/or invest 
significant sums in technology in order to establish and maintain a 
firewall. Some commenters asserted that the costs of doing these things 
may be prohibitive. A few commenters said that the firewall would 
disrupt their process, and one commenter said that the firewall 
requirement could diminish a loan officer's ability to fully engage 
with their clients efficiently and timely. With regard to indirect 
vehicle financing, a few commenters said that there is not currently a 
mechanism to shield and transmit data for such transactions and noted 
there would be a one-time cost exceeding $4 million to develop such a 
mechanism.
    Some commenters requested additional clarification or guidance on 
the feasibility standard. A few commenters specifically requested a 
clearer feasibility standard. Some recommended that the Bureau provide 
clear guidance about when a firewall is or is not feasible and how a 
covered financial institution may determine the feasibility of 
establishing and maintaining a firewall. A few commenters said that the 
Bureau should clarify the operational factors (such as existing 
staffing, software capability, other existing systems and operations, 
and costs of making changes) that a financial institution may consider 
when determining feasibility and when an employee or officer should 
have access to protected demographic information collected pursuant to 
section 1071. Two of these commenters requested that the commentary 
specifically state that a financial institution may determine that a 
firewall is not feasible if it would need to hire additional staff in a 
line of business. Another commenter said that a financial institution 
should be permitted to consider department size in determining 
feasibility.
    Two commenters said that the Bureau should expressly state that a 
financial institution has discretion to determine when a firewall is or 
is not feasible. These commenters further said that a financial 
institution's determination that a firewall is not feasible should be

[[Page 35395]]

left to the sole and exclusive discretion of financial institutions, 
effectively creating a safe harbor for institutions' determinations of 
feasibility. Another commenter said that the Bureau should also 
consider adding a feasibility-related safe harbor provision in Sec.  
1002.112(c) that allows for variations in determining feasibility. 
Other commenters recommended that a determination of feasibility or 
infeasibility should satisfy the rule if done in conformity with 
written procedures. Finally, one commenter said that it did not believe 
that the Bureau could create a feasibility standard that would allow a 
financial institution to determine whether it is required to implement 
a firewall pursuant to the rule.
    Providing a notice in lieu of establishing and maintaining a 
firewall. A significant number of the commenters who said that it would 
not or may not be feasible to implement and maintain a firewall also 
opposed providing a notice in lieu of establishing and maintaining a 
firewall. Generally, commenters said that the notice may raise privacy 
concerns among some applicants, create confusion, and/or create 
competitive disadvantages for financial institutions that provide the 
notice. Some commenters said that requiring a notice would create an 
additional compliance and/or administrative burden, and one said that 
the notice may slow down the loan process because financial 
institutions will need to explain the required language. Several 
commenters said that the notice could cause customer complaints (as 
well as customer confusion) if some financial institutions are not 
required to provide the notice. Several commenters said that applicants 
may want to obtain loans from financial institutions that do not 
provide the notice, and some said this ultimately could result in a 
reduction of applicant choice, a reduction of applicant access to 
credit, or increased cost of credit.
    A number of commenters said that providing the applicant with 
notice of the fact that their demographic data will be shared could 
raise questions or suspicions of whether the data plays a role in 
credit decisions or doubts about the impartiality of the credit 
decision, or could cause unwarranted scrutiny from individuals 
receiving the notice. Some commenters said that the notice may cause 
applicants to think the financial institution is not adequately staffed 
or cannot maintain the confidentiality of applicant information. One 
commenter suggested that the language of the proposed notice is 
inflammatory. Another commenter said that the proposed notice implied 
that some financial institutions are inherently more likely to engage 
in unfair lending, to the extent that a ``government warning'' is 
necessary. The commenter further stated that this implication is an 
unwarranted insult to the integrity and fairness of the shareholders 
and management of smaller community banks, and they would most likely 
prefer to withdraw from or significantly curtail small business lending 
than rely on the proposed exception to the firewall requirement by 
providing the notice.
    Different commenters identified financial institutions that would 
need to provide the notice as smaller financial institutions, mid-sized 
financial institutions, community banks, credit unions, or more 
traditional financial institutions (i.e., not online lenders). However, 
one commenter predicted that lenders of many sizes, business models, 
and regulatory levels will conclude that employees and officers 
involved in making a determination concerning an application should 
have access to demographic information collected under section 1071 and 
provide the notice.
    A number of commenters suggested that the notice could inhibit the 
collection of demographic information and/or undercut section 1071's 
statutory purposes because it might influence applicants not to provide 
the requested information. One commenter said the notice might result 
in more applicants at community banks opting not to provide their 
demographic information, and in turn, more community banks having to 
report ethnicity and race information based on visual observation or 
surname. Another commenter said that providing the notice may affect an 
applicant's willingness to provide demographic information as the 
notice gives the perception that the information would likely be used 
to discriminate. Likewise, some commenters said that providing the 
notice to qualify for the firewall exception at the same time as the 
non-discrimination notice is especially problematic and could result in 
applicants declining to provide the requested information. Some 
commenters said that giving the notices together could result in other 
harms, such as harm to existing customer relationships. Two commenters 
suggested that the notice requirement is counterproductive because 
applicants may be less inclined to provide demographic information if 
they are told that decision makers may access their demographic 
information.
    A bank said that the Bureau should eliminate the notice because 
applicants will know that the person making the inquiries pursuant to 
section 1071 will be making determinations regarding applications. 
Another bank said that the notice is useless because no one reads 
disclosures, and customers already know that lenders cannot 
discriminate.
    A few commenters requested specific revisions to the notice. One 
commenter said that the Bureau should revise the notice to align with a 
HMDA notice. Another commenter requested that the Bureau align the 
notice with the disclosure used for HMDA and stated that this means 
that the disclosure would be provided with requests for demographic 
information on covered applications, regardless of whether the 
financial institution can maintain a firewall, and would emphasize that 
the information is being requested/collected for government monitoring 
of lenders' fair lending performance and compliance, cannot influence 
credit decisions, and is voluntary for applicants to provide. A third 
commenter said that in lieu of having a firewall requirement, the 
Bureau should develop a model disclosure to applicants explaining the 
data gathering process, similar to the disclosure provided in the 
government monitoring section of the home mortgage application.
    A commenter said that the Bureau should exercise its authority to 
allow institutions to provide a Bureau-developed disclosure to 
applicants explaining that there may be access to the data and explain 
that the institution must not discriminate based on the information. 
The commenter further said that the Bureau should develop and provide 
the disclosure in Spanish as well as English when it publishes the 
final rule and add other translations over time.
    A trade association supported the Bureau's proposal to develop 
model disclosures that lenders could use when notifying applicants of 
an employee's or officer's access to personal information. Another 
trade association supported an exception to the firewall requirement 
and a model disclosure that alerts applicants that an employee or 
officer may have access to demographic information, but does not tell 
applicants that such individuals will have access to such information. 
Two other commenters supported allowing financial institutions to 
provide a notice to applicants in lieu of restricting access to 
applicants' protected demographic information if a financial 
institution determines that it is not feasible to limit access to one 
or more of an applicant's responses to the financial institution's 
inquiries. A community group

[[Page 35396]]

commenter said that the notice is an important aspect of the proposed 
rule.
    Requests for exemptions from the firewall requirements. Many 
commenters requested that the Bureau exempt certain financial 
institutions from the firewall requirement, though not all commenters 
agreed on which institutions should be exempted. One commenter 
requested an exemption for financial institutions with assets of less 
than $1.384 billion (the CRA small bank threshold as of January 1, 
2022),\785\ and another for institutions with assets of less than $5 
billion. A few commenters said that financial institutions with assets 
of less than $10 billion should be exempted. Other commenters said that 
``smaller'' or ``community based institutions'' or ``community banks'' 
or ``credit unions'' should be exempted. One commenter said that 
community banks should be exempt from the notice requirement.
---------------------------------------------------------------------------

    \785\ Bd. of Governors of the Fed. Rsrv. Sys. & Fed. Deposit 
Ins. Corp., Agencies release annual asset-size thresholds under 
Community Reinvestment Act regulations (Dec. 16, 2021), https://www.federalreserve.gov/newsevents/pressreleases/bcreg20211216a.htm; 
Fed. Fin. Insts. Examination Council, Explanation of the Community 
Reinvestment Act Asset-Size Threshold Change (Dec. 16, 2021), 
https://www.ffiec.gov/cra/pdf/2022_Asset_Size_Threshold.pdf.
---------------------------------------------------------------------------

    Other commenters said that certain institutions should be provided 
an ``automatic'' exception to the firewall, such that smaller 
institutions could avoid the analysis and documentation required to 
show that an institution qualifies for the exception.
    Several commenters said that, due in whole or in part to the 
firewall requirement, certain institutions should be exempted from the 
entire rule. One commenter said that banks under $1 billion should be 
exempted on this basis, a few said community banks should be exempted 
on this basis, and one commenter said that all but the largest lenders 
or all depository lenders should be exempted.
    One commenter said that as an alternative to exempting community 
banks from the firewall requirement, the Bureau could require all 
financial institutions to provide the notice to all applicants, 
regardless of whether information is firewalled.
Final Rule
    For the reasons set forth herein, the Bureau is generally 
finalizing the firewall requirement with additional clarifications in 
the commentary regarding the definitions of ``involved in making any 
determination concerning a covered application'' and ``should have 
access,'' the scope of the firewall, determining feasibility, the 
nature of the exception, and applying the exception to a specific 
employee or officer or group of similarly situated employees or 
officers. In addition, the Bureau has eliminated the requirement to use 
specific language when providing the notice required to qualify for the 
exception and, instead, has provided sample language for the notice. 
This sample language appears in the sample data collection form at 
appendix E. The Bureau has also revised the firewall provisions to 
align with other changes to the final rule, such as the inclusion of 
LGBTQI+-owned business status collected pursuant to final Sec.  
1002.107(a)(18) as protected demographic information subject to the 
firewall and the elimination of the requirement to collect certain 
information via visual observation or surname.
    Final Sec.  1002.108(b) states the general prohibition on access to 
applicants' protected demographic information by certain persons. The 
Bureau is finalizing Sec.  1002.108(b) and comments 108(b)-1 and 
108(b)-2 with changes for clarity and consistency with other portions 
of the final rule. Specifically, Sec.  1002.108(b) has been revised to 
include LGBTQI+-owned business status, and cross-references have been 
updated to reflect changes elsewhere in the final rule. Final Sec.  
1002.108(b) states that unless the exception under final Sec.  
1002.108(c) applies, an employee or officer of a covered financial 
institution or a covered financial institution's affiliate shall not 
have access to an applicant's responses to inquiries that the financial 
institution makes pursuant to this subpart regarding whether the 
applicant is a minority-owned business, a women-owned business, or an 
LGBTQI+-owned business under final Sec.  1002.107(a)(18), and regarding 
the ethnicity, race, and sex of the applicant's principal owners under 
final Sec.  1002.107(a)(19), if that employee or officer is involved in 
making any determination concerning that applicant's covered 
application. Comments 108(b)-1 and -2 have been re-ordered. Final 
comment 108(b)-1 and final comment 108(b)-2 have been revised to 
clarify the scope of the prohibition.
    While many commenters said that the Bureau should eliminate the 
firewall requirement, or should exempt certain covered financial 
institutions or certain types of transactions from the firewall 
requirement, the Bureau does not believe it is appropriate to abrogate 
this statutory requirement through section 1071's general exception 
authority beyond the exception provided in the statutory firewall 
provision itself. Congress, which would have been aware of the HMDA 
data collection regime (including its lack of a firewall) at the time 
that section 1071 was enacted, specifically required that financial 
institutions limit certain employees' and officers' access to 
demographic information that financial institutions request from 
applicants in order to comply with section 1071. While Congress allowed 
an exception to the general requirement to establish and maintain a 
firewall in certain circumstances (i.e., when the financial institution 
determined that an employee or officer should have access to the 
demographic information and a firewall would not be feasible), the 
language of the statute suggests that Congress did not intend for the 
Bureau to eliminate the prohibition on access more broadly. 
Furthermore, Congress only authorized the Bureau to create exceptions 
to the requirements in section 1071 where necessary or appropriate to 
carry out section 1071's purposes. The Bureau does not believe that 
eliminating the firewall is necessary or appropriate to carry out 
section 1071's purposes.
    Moreover, the Bureau believes that it has separately addressed many 
of the concerns about the ability of smaller institutions and 
institutions with limited staff to implement a firewall in other 
sections of the final rule. In particular, the Bureau has increased the 
origination threshold for coverage in Sec.  1002.105(b). As a result, 
many smaller institutions and institutions with limited staff will not 
be subject to any provisions of the final rule, including the firewall 
requirement.
    Because the requirement to collect certain information via visual 
observation or surname is not included in final Sec.  1002.107(a)(19), 
it is not necessary to address the comments about the applicability of 
the firewall requirements to information collected via those methods. 
The Bureau has accordingly removed references to collecting information 
via visual observation or surname from final comments 108(a)-2.i and 
108(b)-2.ii. Similarly, because HMDA reportable loans are excluded 
transactions pursuant to final Sec.  1002.104(b)(2), it is not 
necessary to address comments asking for guidance on how to apply the 
firewall requirement if a loan is subject to both HMDA and this final 
rule.
    Regarding comments that the Bureau establish a platform or system 
that applicants can use to report demographic data directly to the 
Bureau, thereby eliminating the need for institutions to implement a 
firewall, in line with its discussion of this issue in the section-by-
section analysis of Sec.  1002.107(a)(19), the Bureau does not

[[Page 35397]]

intend to create such a system at this time but is open to engaging 
further with stakeholders on alternative approaches for how financial 
institutions might collect and report protected demographic 
information.
    Final Sec.  1002.108(a) provides certain relevant definitions, 
including the definition of the phrase ``involved in making any 
determination concerning a covered application from a small business.'' 
Generally, the Bureau is finalizing the definition of the phrase 
``involved in making any determination concerning a covered 
application'' in Sec.  1002.108(a)(1) with revisions for clarity. The 
Bureau also is revising comment 108(a)-1 to provide additional clarity 
that the covered application must be from a small business and to 
provide clarity and examples regarding which employees and officers are 
subject to the prohibition set out in final Sec.  1002.108(b) and which 
employees and officers are not subject to the prohibition. In response 
to the comments, the Bureau has clarified that certain activities do 
not constitute being involved in making a determination concerning a 
covered application from a small business and that other activities do 
constitute being involved in making such determinations.
    While the Bureau recognizes that the ``involved in making any 
determination concerning an application for credit'' standard that 
Congress created in the statute is broad, the Bureau does not believe 
that the standard in final Sec.  1002.108(a)(1), as further explained 
in the commentary, is unduly vague or subjective, as asserted by some 
commenters.
    As explained in final comment 108(a)-1.i, an employee or officer is 
involved in making a determination concerning a covered application 
from a small business for purposes of final Sec.  1002.108 if the 
employee or officer makes, or otherwise participates in, a decision 
regarding the evaluation of a covered application or the 
creditworthiness of a small business applicant for a covered credit 
transaction. Final comment 108(a)-1.i also explains that the decision 
that an employee or officer makes or participates in must be about a 
specific covered application or about the creditworthiness of a 
specific applicant. Thus, activities undertaken prior to the submission 
of a covered application do not constitute being involved in making a 
determination about a covered application. Similarly, activities 
undertaken after a financial institution has taken final action on a 
covered application do not constitute making a determination regarding 
a covered application. Furthermore, an employee or officer is not 
involved in making a determination concerning a covered application if 
the employee or officer is only involved in making a decision that 
affects covered applications generally. Finally, the comment clarifies 
that an employee or officer may be participating in a determination 
even if the employee or officer is not the ultimate or sole decision 
maker and provides examples.
    Additionally, in response to comments requesting further 
clarification regarding the definition of the statutory phrase 
``involved in making any determination concerning an application for 
credit,'' the Bureau has added several examples to the list of the 
types of activities in final comment 108(a)-1.ii that do not constitute 
being involved in making a determination concerning a covered 
application from a small business for purposes of Sec.  1002.108. The 
Bureau has also added a list of examples in comment 108(a)-1.iii of the 
types of activities that do constitute being involved in making a 
determination concerning a covered application from a small business 
for purposes of Sec.  1002.108.
    Section 1002.108(c), which the Bureau is finalizing with updated 
cross-references to reflect other changes in the rule, explains the 
exception to the general prohibition set forth in final Sec.  
1002.108(b). Final Sec.  1002.108(c) establishes an exception to the 
prohibition in final Sec.  1002.108(b) and states that the prohibition 
does not apply to an employee or officer if the financial institution 
determines that it is not feasible to limit that employee's or 
officer's access to an applicant's responses to the financial 
institution's inquiries under final Sec.  1002.107(a)(18) or (19) and 
the financial institution provides the notice required under final 
Sec.  1002.108(d) to the applicant. It further provides that it is not 
feasible to limit access as required pursuant to final Sec.  
1002.108(b) if the financial institution determines that an employee or 
officer involved in making any determination concerning a covered 
application from a small business should have access to one or more 
applicants' responses to the financial institution's inquiries under 
final Sec.  1002.107(a)(18) or (19).
    However, in response to comments (including comments requesting 
clarification about how a financial institution should be permitted to 
determine feasibility pursuant to the final rule) and to provide 
additional clarity and guidance, the Bureau has divided proposed 
comment 108(c)-1 into two comments and revised and supplemented both 
comments. Specifically, the Bureau has added language in final comment 
108(c)-1 to clarify that a financial institution is not required to 
separately determine the feasibility of maintaining a firewall. A 
determination that an employee or officer should have access means that 
it is not feasible to maintain a firewall as to that particular 
employee or officer, and the exception applies to that employee or 
officer if the financial institution provides the notice required by 
final Sec.  1002.108(d).
    The comment also clarifies the nature of the exception (i.e., that 
it applies on an individual employee or officer basis, not an 
institution-wide basis). The comment states that the fact that a 
financial institution has made a determination that an employee or 
officer should have access does not mean that the financial institution 
can permit other employees and officers who are involved in making 
determinations concerning a covered application to have access to the 
information collected pursuant to final Sec.  1002.107(a)(18) and (19). 
A financial institution may only permit an employee or officer who is 
involved in making a determination concerning a covered application to 
have access to information collected pursuant to final Sec.  
1002.107(a)(18) and (19) if it has determined that employee or officer 
or a group of which the employee or officer is a member should have 
access to the information.
    The Bureau is not adopting one commenter's suggestion that the 
Bureau permit a financial institution to determine that a firewall is 
not feasible for a single employee and then allow all employees and 
officers to have access to protected demographic information. As 
explained above, the final rule clarifies that a financial institution 
can permit an employee or officer who is involved in making a 
determination concerning a covered applications from a small business 
to access that small business's protected demographic information only 
if the financial institution has determined that employee or officer 
should have access (i.e., either individually or as part of a group). 
This requirement is not intended to be a ``gotcha,'' as suggested by 
the commenter, but rather a reasonable means of allowing a financial 
institution to provide employees and officers to have access to 
protected demographic information when such access may be necessary to 
perform assigned job duties without allowing such information to be 
widely accessible to those employees and officers who make 
determinations concerning covered applications but do not need the 
information to perform

[[Page 35398]]

their jobs. The sample data collection form at appendix E includes 
sample language for the firewall notice, but the Bureau is not 
requiring use of that specific language for the firewall notice.
    Final comment 108(c)-2 addresses how a financial institution may 
apply the exception to a specific employee or officer or a group of 
similarly situated employees or officers. It clarifies that a financial 
institution may determine that several employees and officers, all of a 
group of similarly situated employees or officers, and multiple groups 
of similarly situated employees or officers should have access to 
information collected pursuant to Sec.  1002.107(a)(18) and (19). It 
also provides examples. Final Sec.  1002.108(a)(2) defines the phrase 
``should have access,'' which is used in Sec.  1002.108(c) and related 
commentary. This phrase means that an employee or officer may need to 
collect, see, consider, refer to, or otherwise use the information to 
perform that employee's or officer's assigned job duties. However, in 
response to comments, the Bureau has revised comment 108(a)-2 and added 
a comment 108(a)-2.iii. The Bureau has also revised comment 108(a)-2 to 
align with other changes finalized in the rule (i.e., the elimination 
of requirements to collect information via visual observation or 
surname and the inclusion of the LGBTQI+-business status in final Sec.  
1002.107(a)(18)). These comments clarify how a financial institution 
may determine who should have access.
    Final comment 108(a)-2.i explains that a financial institution may 
determine that an employee or officer who is involved in making a 
determination concerning a covered application should have access to 
protected demographic information if that employee or officer is 
assigned one or more job duties that may require the employee or 
officer to collect, see, consider, refer to, or use such information. 
The employee or officer does not have to be required to collect, see, 
consider, refer to, or use such information or to actually collect, 
see, consider, refer to or use such information in order for the 
financial institution to determine that the employee or officer should 
have access. It is sufficient if the employee or officer might need to 
do so to perform the employee's or officer's assigned job duties.
    Final comment 108(a)-2.ii explains that a financial institution may 
determine that all employees or officers with the same job description 
or assigned duties should have access for purposes of final Sec.  
1002.108. If a financial institution assigns one or more tasks that may 
require access to one or more applicants' protected demographic 
information to a particular job title, the financial institution may 
determine that all employees and officers who share that job title 
should have access for purposes of Sec.  1002.108.
    Although the final rule does not provide a safe harbor for a 
financial institution's determination to account for variations in 
determining feasibility (i.e., determining which employees and officers 
should have access) as two commenters requested, new comment 108(a)-
2.iii states that a financial institution is permitted to choose what 
lawful factors it will consider when determining whether an employee or 
officer should have access to protected demographic information. A 
financial institution's determination that an employee or officer 
should have access may take into account relevant operational factors 
and lawful business practices. For example, a financial institution may 
consider its size, the number of employees and officers within the 
relevant line of business or at a particular branch or office location, 
and/or the number of covered applications the financial institution has 
received or expects to receive. Additionally, a financial institution 
may consider its current or its reasonably anticipated staffing levels, 
operations, systems, processes, policies, and procedures. A financial 
institution is not required to hire additional staff, upgrade its 
systems, change its lending or operational processes, or revise its 
policies or procedures for the sole purpose of determining who should 
have access.
    The Bureau believes this new comment makes clear that different 
financial institutions may make different determinations regarding 
which employees and officers should have access and that those 
different determinations are permissible. Additionally, in response to 
commenters' suggestions that determinations of feasibility should 
satisfy the final rule if they are made in conformity with written 
procedures, the Bureau notes that a financial institution may choose to 
make its determinations regarding who should have access to protected 
demographic information pursuant to written procedures, but is not 
required to do so in order to have a determination satisfy the final 
rule. Furthermore, in light of the flexibility provided in Sec.  
1002.108, and because the firewall requirement was explicitly set forth 
by Congress in section 1071, the Bureau does not believe that providing 
further discretion in determining feasibility or adopting a safe 
harbor, as suggested by some commenters, would be appropriate.
    Final Sec.  1002.108(d) explains the requirement to provide a 
notice in order to qualify for the exception. The Bureau is finalizing 
Sec.  1002.108(d) and comments 108(d)-1 and -3 largely as proposed, and 
has revised comment 108(d)-2 regarding the content of the notice. Final 
Sec.  1002.108(d) has been revised to include LGBTQI+-owned business 
status, and cross-references have been updated to reflect changes 
elsewhere in the final rule. Specifically, final Sec.  1002.108(d) 
states that in order to satisfy the exception set forth in final Sec.  
1002.108(c), a financial institution shall provide a notice to each 
applicant whose responses to inquiries for protected demographic 
information will be accessed, informing the applicant that one or more 
employees or officers involved in making determinations concerning the 
covered application may have access to the applicant's responses to the 
financial institution's inquiries regarding whether the applicant is a 
minority-owned business, a women-owned business, or an LGBTQI+-owned 
business, and regarding the ethnicity, race, and sex of the applicant's 
principal owners. The financial institution shall provide the notice 
required by final Sec.  1002.108(d) when making the inquiries required 
under final Sec.  1002.107(a)(18) and (19) and together with the 
notices required pursuant to Sec.  1002.107(a)(18) and (19).
    Final comment 108(d)-1, which includes minor revisions for clarity, 
explains that if a financial institution determines that one or more 
employees or officers should have access pursuant to Sec.  1002.108(c), 
the financial institution must provide the required notice to, at a 
minimum, the applicant or applicants whose responses will be accessed 
by an employee or officer involved in making determinations concerning 
the applicant's or applicants' covered applications. Alternatively, a 
financial institution may also provide the required notice to 
applicants whose responses will not or might not be accessed. For 
example, a financial institution could provide the notice to all 
applicants for covered credit transactions or all applicants for a 
specific type of product.
    Final comment 108(d)-3, which includes minor revisions to align 
with changes made elsewhere in the final rule, explains the timing for 
providing the notice. Generally, the financial institution must provide 
the notice required by Sec.  1002.108(d) prior to asking the applicant 
if it is a minority-owned, women-owned, or LGBTQI+-owned business and 
prior to asking for a

[[Page 35399]]

principal owner's ethnicity, race, or sex. Additionally, the notice 
must be provided with the non-discrimination notices required pursuant 
to Sec.  1002.107(a)(18) and (19).
    While many commenters said that the Bureau should eliminate the 
notice requirement or should exempt certain covered financial 
institutions from the notice requirement, the Bureau does not believe 
it is appropriate to eliminate this statutory requirement or to except 
certain financial institutions from providing the notice if they are 
relying on the exception to the firewall requirement. Congress 
explicitly required that a financial institution provide a notice to an 
applicant if the financial institution does not limit certain 
employees' and officers' access to protected demographic information. 
Congress also required that applicants be permitted to refuse to 
provide the requested demographic information. Thus, an applicant 
should be told that certain employees and officers may have access to 
the protected demographic information so that the applicant can make an 
informed decision of whether to exercise the applicant's statutory 
right to refuse. The Bureau does not believe it would be appropriate to 
allow some or all financial institutions to forego providing applicants 
with the information they may need to determine whether to exercise 
this statutory right. Although some commenters said that the notice may 
undercut section 1071's purposes because the notice may cause 
applicants to refuse to provide the requested demographic information, 
the Bureau believes that Congress was aware of this potential result 
when it provided applicants with the right to receive a notice and the 
right to refuse to provide the requested information.
    Additionally, other commenters undercut or contradicted the 
reasoning put forth by commenters opposed to providing the notice. For 
example, while a group of commenters opposed providing the notice based 
on the belief that it would create competitive disadvantages or burdens 
only for smaller institutions, other commenters said that larger 
institutions would also likely provide the notice in lieu of 
establishing and maintaining a firewall.\786\ Other commenters 
supported allowing financial institutions to provide a notice in lieu 
of establishing and maintaining a firewall, and one commenter said that 
the notice was an important aspect of the proposed rule.
---------------------------------------------------------------------------

    \786\ Aside from being speculative, such a competitive effect, 
if it existed, would be a direct consequence of the statutory 
mandate regarding the firewall: if the financial institution 
determines that an employee or officer should have access to 
protected demographic information, the notice must be provided.
---------------------------------------------------------------------------

    Nonetheless, in order to address commenters' concerns about the 
specific content proposed for the notice, the Bureau has revised 
comment 108(d)-2. That comment reiterates that the notice must inform 
the applicant that one or more employees and officers involved in 
making determinations concerning the applicant's covered application 
may have access to the applicant's responses regarding the applicant's 
minority-owned business status, women-owned business status, LGBTQI+-
owned business status, and its principal owners' ethnicity, race, and 
sex. However, the comment no longer prescribes language to be used for 
the notice and, instead, directs financial institutions to the sample 
data collection form included in the final rule for sample language 
that a financial institution may opt to use when providing the 
notice.\787\ Alternatively, a financial institution may opt to use 
different language as long as the notice provides an applicant with the 
statutorily required information (i.e., that one or more employees and 
officers involved in making determinations regarding the applicant's 
covered application may have access to the applicant's responses 
regarding the applicant's minority-owned business status, women-owned 
business status, LGBTQI+-owned business status, and its principal 
owners' ethnicity, race, and sex). Final comment 108(d)-2 also notes, 
for clarity, that if a financial institution establishes and maintains 
a firewall and chooses to use the sample data collection form, it may 
delete the sample language for the firewall notice from the form 
because employees and officers involved in making determinations 
concerning applicants' covered applications will not have access to the 
applicants' responses to inquiries for protected demographic 
information.
---------------------------------------------------------------------------

    \787\ Regarding the comment that the Bureau should develop and 
provide the notice in Spanish as well as English when it publishes 
the final rule and add other translations over time, the Bureau 
notes that it will be translating the sample data collection form in 
appendix E (including the sample language for the notice on the 
form) into several languages. See also the discussion regarding 
compliance and technical assistance at the end of part I above.
---------------------------------------------------------------------------

Section 1002.109 Reporting of Data to the Bureau

    Final Sec.  1002.109 addresses several aspects of financial 
institutions' obligations to report small business lending data to the 
Bureau. First, Sec.  1002.109(a) requires data to be collected on a 
calendar year basis and reported to the Bureau by June 1 of the 
following year, and addresses several related issues. Second, Sec.  
1002.109(b) details the information that financial institutions must 
provide about themselves when reporting data to the Bureau. Finally, 
Sec.  1002.109(c) addresses technical instructions for submitting data 
to the Bureau.
    The Bureau is finalizing Sec.  1002.109 to implement ECOA section 
704B(f)(1) and pursuant to its authority under 704B(g)(1) to prescribe 
such rules and issue such guidance as may be necessary to carry out, 
enforce, and compile data pursuant to section 1071. The Bureau is also 
finalizing Sec.  1002.109(b) pursuant to 704B(e)(2)(H), which requires 
financial institutions to compile and maintain as part of their data 
any additional data that the Bureau determines would aid in fulfilling 
the purposes of section 1071.
    Details regarding each aspect of final Sec.  1002.109, including a 
discussion of what the Bureau proposed and comments received, are 
provided in the section-by-section analyses that follow.
109(a) Reporting to the Bureau
109(a)(1) Annual Reporting
Proposed Rule
    ECOA section 704B(f)(1) provides that ``[t]he data required to be 
compiled and maintained under [section 1071] by any financial 
institution shall be submitted annually to the Bureau.''
    Proposed Sec.  1002.109(a)(1)(i) would have required that by June 1 
following the calendar year for which data are collected and maintained 
as required by proposed Sec.  1002.107, a covered financial institution 
shall submit its small business lending application register in the 
format prescribed by the Bureau. This approach to reporting frequency 
and reporting period is consistent with the annual submission schedule 
specified in the statute. The Bureau sought comment on this aspect of 
the proposal, and how best to implement it in a manner that minimizes 
cost and burden to small financial institutions.
    Proposed Sec.  1002.109(a)(1)(ii) would have required that an 
authorized representative of the covered financial institution with 
knowledge of the data submitted certify to the accuracy and 
completeness of data submitted pursuant to proposed Sec.  1002.109(a). 
A similar provision exists in Regulation C (Sec.  1003.5(a)(i)), and 
the Bureau believed it appropriate to adopt a similar requirement here 
as well. Based on the Bureau's experience with HMDA and Regulation C, 
the Bureau believed that

[[Page 35400]]

having a specific person responsible for certifying to the accuracy and 
completeness of data is likely to lead to financial institutions 
providing better quality data.
    Proposed Sec.  1002.109(a)(1)(iii) would have clarified that when 
the last day for submission of data prescribed under proposed Sec.  
1002.109(a)(1) falls on a date that is not a business day, a submission 
is considered timely if it is submitted no later than the next business 
day.
    The Bureau sought comment on its proposed approach to the aspects 
of reporting addressed in proposed Sec.  1002.109(a), including that 
the reporting frequency be annual, that the reporting period be the 
calendar year, and that the submission date be June 1 of the next 
calendar year. In particular, the Bureau sought comment with respect to 
proposed Sec.  1002.109(a)(1)(i) on whether requiring the submission of 
small business lending application registers by June 1 might give rise 
to complications for any persons or entities relying on data from the 
registers for other purposes, such as Federal regulators scheduling 
examinations.
Comments Received
    In response to proposed Sec.  1002.109(a)(1)(i), the Bureau 
received comments from lenders, trade associations, community groups, 
and others. Commenters discussed the reporting deadline of June 1, the 
calendar year reporting period, and the annual reporting frequency. 
Several commenters supported the Bureau's reporting frequency and 
period, as well as the reporting deadline of June 1. One bank urged the 
Bureau to permit reporting as early as March 1 for institutions who 
wished to do so. A few community groups and a CDFI lender supported the 
reporting frequency and period, but only supported the proposed 
deadline of June 1 contingent upon the Bureau's timely publication of 
the data later on in the year.
    Some commenters supported the reporting frequency and period but 
did not support the reporting deadline. Of this group of commenters, 
one trade association urged the Bureau against aligning the section 
1071 reporting deadline with the HMDA reporting deadline of March 1, 
citing a strain on resources. A trade association and a bank supported 
annual reporting but requested a later deadline. Finally, two trade 
associations requested the Bureau to permit ongoing reporting alongside 
annual reporting. Both of these commenters suggested the Bureau create 
a portal or centralized system where banks could input data as it is 
received. Both commenters mentioned the burden that would come along 
with maintaining a database internally, as well as concerns about 
system maintenance, cost, and risk. One of those trade associations 
also described an alternative whereby the Bureau could provide a link 
where small business loan applicants could input their own data or opt 
out of sharing their data altogether.
    One bank did not support any aspect of proposed Sec.  
1002.109(a)(1)(i). This bank argued that adding another reporting 
regime, in addition to HMDA and CRA, would add significant burden to 
their staff, both at the loan origination stage and at the reporting 
stage. It also argued that having a mid-year reporting deadline would 
tie up critical compliance resources and would require them to spend 
one quarter of the year on reporting requirements.
    Two trade associations touched on quarterly reporting. The first 
commented that large banks (for CRA purposes) should be required to 
provide their data within 30 days of a request to do so. They argued 
that if the Bureau absolves lenders of the requirement to respond to 
individual requests, then data should be reported quarterly. The second 
commented that the frequency of reporting that financial and regulatory 
agencies expect to receive is quarterly (Call Reports). They also 
stated that non-regulated lenders, CDFIs and other similar providers 
should be required to report no less than semi-annually.
    Many commenters did not support the June 1 reporting deadline and 
the calendar year reporting period in particular. A lender and a 
business advocacy group urged the Bureau to adopt a reporting deadline 
of July 1 instead of June 1 to provide more time between HMDA reporting 
and section 1071 reporting. The business advocacy group stated that for 
institutions who report HMDA data quarterly, 60 days after quarter end, 
a deadline of June 1 would leave no separation between reporting 
requirements. A cross-sector group of lenders, community groups, and 
small business advocates urged the Bureau to adopt a May 1 to April 30 
reporting period with a reporting deadline in July, citing that 
staggering reporting periods would ease regulatory burden for lenders 
who also report HMDA data. A joint letter from community groups 
suggested a reporting period of July 1 to June 30, citing that covered 
lenders would benefit by having six months to prepare before data 
collection begins.
    Several banks requested the reporting deadline be no earlier than 
June 30 so that there would be more time to perform data integrity 
reviews for those lenders that are HMDA and/or CRA reporters. Several 
commenters requested, as a general matter, that reporting-related 
changes be effective January 1 rather than midyear.
    Finally, several lenders urged the Bureau to coordinate section 
1071 reporting with CDFI Fund reporting. They argued that CDFIs are 
required to report for a three-year period through the CDFI Fund's 
Transaction Level Reporting data points that are well beyond the scope 
of section 1071. They also suggested that the Bureau standardize data 
formats to match those used in CDFI Fund reporting, and to coordinate 
across agencies in order to streamline data collection and reporting 
requirements. This, they argue, would minimize the burden on CDFIs.
    The Bureau did not receive any comments in response to proposed 
Sec.  1002.109(a)(1)(ii) and (iii).
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.109(a)(1)(i) and (ii) as proposed, and finalizing Sec.  
1002.109(a)(1)(iii) with a revision for clarity. Specifically, under 
final Sec.  1002.109(a)(1)(i), on or before June 1 following the 
calendar year for which data are compiled and maintained as required by 
Sec.  1002.107, a covered financial institution shall submit its small 
business lending application register in the format prescribed by the 
Bureau. While several commenters advocated for more frequent reporting, 
the Bureau believes that its approach is consistent with the annual 
submission schedule specified in the statute. The Bureau is not 
permitting financial institutions to submit their data on a real-time 
basis or ongoing basis, as this approach could result in financial 
institutions treating the Bureau as their official recordkeeper for 
their data.\788\ Regarding the comments supporting a June 1 submission 
date, contingent on rapid publication of data soon after, the Bureau 
addresses such comments in the section-by-section analyses of Sec.  
1002.110(a) and (b), and the privacy section in part VIII. While some 
commenters requested that financial institutions have the ability to 
submit data as early as March 1, the Bureau intends to make it possible 
for financial institutions to report as early as possible before June 1 
each year once the small

[[Page 35401]]

business lending data reporting platform is established.
---------------------------------------------------------------------------

    \788\ With respect to comment that it should build an online 
platform to receive data from applicants on a real-time basis, the 
Bureau does not, at this time, intend to take this step, in line 
with its analysis of demographic data submission in the section-by-
section analysis of Sec.  1002.107(a)(19).
---------------------------------------------------------------------------

    While some commenters suggested alternate reporting periods, the 
Bureau believes there are advantages to having data collected and 
reported on a calendar year basis. Calendar year reporting may 
facilitate other aspects of the rule that depend on data that is 
typically recorded on a calendar year basis. For instance, other parts 
of the rule look to annual data, such as Sec.  1002.105(b), which would 
use a financial institution's loan volumes over the prior two calendar 
years to determine whether it is a covered financial institution. 
Further, the Bureau understands that financial institutions would 
generally prefer to have such data collections occur on a calendar year 
basis because such an approach would be generally consistent with their 
operations. An annual reporting period other than the calendar year--
such as July 1 to June 30--could result in additional challenges for 
financial institutions in complying with the rule, which could in turn 
increase the probability of errors in collecting and reporting data to 
the Bureau.\789\
---------------------------------------------------------------------------

    \789\ Regarding concerns that a January 1 collection date would 
be too soon after the publication of the rule, the Bureau addresses 
all concerns about the amount of time lenders have to comply with 
this rule in the section-by-section analysis of Sec.  1002.114(b).
---------------------------------------------------------------------------

    Regarding submission date, several commenters requested alternate 
deadlines such as March 1 or July 1. However, the Bureau believes that 
a June 1 submission deadline gives the compliance staff of financial 
institutions, especially smaller institutions, adequate time and 
resources to dedicate to preparing a small business lending application 
register, after meeting other reporting obligations earlier in the 
year, such as under HMDA or CRA. This remains true even though the 
final rule excludes all HMDA-reportable loans and even though the 
Federal prudential regulators have proposed amendments to the CRA rules 
that would use small business and small farm data from this rule. Many 
institutions will still have March deadlines for their HMDA and CRA 
reporting obligations unrelated to small business lending, and the 
Bureau believes a later deadline for reporting data collected under 
this final rule remains appropriate. Financial institutions with 
quarterly HMDA filing deadlines generally handle a high volume of 
mortgage loan originations and are more likely to have sufficient 
resources to cope with a June 1 deadline for this rule (and, indeed, 
any filing deadline set by the Bureau would be within 60 days of a 
quarterly HMDA filing deadline).
    Final Sec.  1002.109(a)(1)(ii) specifies that an authorized 
representative of the covered financial institution with knowledge of 
the data shall certify to the accuracy and completeness of the data 
reported pursuant to Sec.  1002.109(a)(1)(i). The Bureau has modified 
final Sec.  1002.109(a)(1)(iii) for clarity; it now provides that when 
June 1 falls on a Saturday or Sunday, a submission shall be considered 
timely if it is submitted on the next succeeding Monday.
109(a)(2) Reporting by Subsidiaries
Proposed Rule
    ECOA section 704B(f)(1) states that ``any'' financial institution 
obligated to report data to the Bureau must do so annually; the statute 
does not expressly address financial institutions that are themselves 
subsidiaries of other financial institutions.
    Proposed Sec.  1002.109(a)(2) would have stated that a covered 
financial institution that is a subsidiary of another covered financial 
institution shall complete a separate small business lending 
application register. The proposal would have provided that a 
subsidiary shall submit its small business lending application 
register, directly or through its parent, to the Bureau. Proposed 
comment 109(a)(2)-1 would have explained that a covered financial 
institution is considered a subsidiary of another covered financial 
institution for purposes of reporting data pursuant to proposed Sec.  
1002.109 if more than 50 percent of the ownership or control of the 
first covered financial institution is held by the second covered 
financial institution. This proposed provision would have mirrored one 
that exists for HMDA reporting under Regulation C in Sec.  
1003.5(a)(2). The Bureau believed that the proposed provision would 
facilitate compliance by permitting parent financial institutions to 
coordinate the reporting of all their subsidiaries' small business 
lending data together.
    The Bureau sought comment on this aspect of its proposal. 
Additionally, the Bureau sought comment on proposed Sec.  
1002.109(a)(2) in light of proposed Sec.  1002.105(b), which would have 
defined a covered financial institution as a financial institution that 
originated at least 25 covered credit transactions for small businesses 
in each of the two preceding calendar years. The Bureau sought comment 
on whether this provision may risk creating ambiguity with respect to 
compliance and whether additional safeguards may be required to 
dissuade financial institutions from creating subsidiaries for the sole 
purpose of avoiding the collection and reporting of 1071 data. The 
Bureau also sought comment on all other aspects of this proposal.
Comments Received
    The Bureau received comments from a bank, a trade association, and 
a community group on the proposed provision regarding reporting by 
subsidiaries. The community group had no objections to the Bureau's 
proposal. The bank recommended that the Bureau define subsidiary in 
subpart B, stating that the term was used extensively in this proposed 
provision and to dissuade financial institutions from creating 
subsidiaries in order to avoid reporting data. The community group 
recommended that the Bureau create safeguards against the possibility 
that a lender will develop an ownership structure that will evade 
reporting requirements, specifically that originations be counted at 
the parent or holding company level for the purposes of determining 
institutional coverage under Sec.  1002.105(b).
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.109(a)(2) and associated commentary as proposed. The Bureau 
believes that this provision will help facilitate compliance through 
consistency with an existing provision in a separate regulation 
(Regulation C) familiar to many financial institutions and by also 
permitting financial institutions to coordinate the reporting of all 
their subsidiaries' small business lending data. The final rule 
provides a definition of subsidiary in comment 109(a)(2)-1.
    The Bureau does not believe it is necessary to add to the rule a 
requirement to count originations at the parent or holding company 
level for the purposes of determining whether a financial institution 
has met the institutional coverage threshold. Final Sec.  1002.105(b) 
defines a covered financial institution as a financial institution that 
originated at least 100 covered credit transactions for small 
businesses in each of the two preceding calendar years. The Bureau 
believes that the process and costs of establishing a new charter to 
avoid reporting data, along with other associated obligations in 
forming a new legal entity, will generally dissuade lenders from 
creating subsidiaries through whom to make small business loans 
specifically for the purpose of avoiding coverage under this final 
rule.

[[Page 35402]]

109(a)(3) Reporting Obligations Where Multiple Financial Institutions 
Are Involved in a Covered Credit Transaction
Background
    Section 1071's requirement to collect and report data for any 
``application to a financial institution for credit'' could be read as 
applying to more than one financial institution when an intermediary 
provides an application to another institution that takes final action 
on the application. It might also apply in cases where one application 
is simultaneously sent to multiple financial institutions for review. 
This broad reading may serve a useful function, such as comprehensive 
reporting by all financial institutions involved in a small business 
lending transaction, but could also generate duplicative compliance 
costs for financial institutions and potentially detract from the 
quality of reported data, increasing the risk that certain applications 
are reported multiple times with potential inconsistencies.
    During the SBREFA process, several small entity representatives 
voiced support for aligning reporting requirements for financial 
institutions that are not the lender of record with the approach taken 
for HMDA reporting in the Bureau's Regulation C. Other small entity 
representatives expressed concern in adopting the Bureau's approach in 
Regulation C, noting the differences between small business and 
residential mortgage loan products, and advocated for simpler 
approaches.
    SBREFA feedback from other stakeholders included support for a 
HMDA-like approach when multiple lenders are involved in a transaction, 
praising the Bureau's consistent approach and interest in limiting 
duplicative information. However, several stakeholders advocated 
against the HMDA approach, generally by proffering other ideas rather 
than criticizing the rules or outcomes of the HMDA approach. 
Alternative suggestions varied, but included suggesting that data 
collection and reporting should be required only for the company most 
closely interacting with the loan applicant; if a financial institution 
receives a covered application, then the application should be subject 
to reporting, regardless of outcome; the financial institution that 
funded (or would have funded) the loan should be required to collect 
and report; and the financial institution that conducts the 
underwriting and determines whether the small business credit applicant 
qualifies for credit using its underwriting criteria should be required 
to report and collect.
Proposed Rule
    Proposed Sec.  1002.109(a)(3) would have provided that only one 
covered financial institution shall report each covered credit 
transaction as an origination, and that if more than one financial 
institution was involved in an origination, the financial institution 
that made the final credit decision approving the application shall 
report the loan as an origination, if the financial institution is a 
covered financial institution.
    Proposed Sec.  1002.109(a)(3) would have further provided that if 
there was no origination, then any covered financial institution that 
made a credit decision shall report the application. The Bureau 
explained that under certain lending models, financial institutions may 
not always be aware of whether another financial institution originated 
a credit transaction. The Bureau believed that information on whether 
there was an origination should generally be available, or that lending 
models can be adjusted to provide this information at low cost.
    Proposed comment 109(a)(3)-1 would have provided general guidance 
on how to report originations and applications involving more than one 
institution. In short, if more than one financial institution was 
involved in the origination of a covered credit transaction, the 
financial institution that made the final credit decision approving the 
application would report the covered credit transaction as an 
origination. Proposed comment 109(a)(3)-2 would have offered examples 
illustrating how a financial institution should report a particular 
application or originated covered credit transaction. Proposed comment 
109(a)(3)-3 would have explained that if a covered financial 
institution made a credit decision on a covered application through the 
actions of an agent, the financial institution reports the application, 
and provided an example. State law determines whether one party is the 
agent of another. While these proposed comments assumed that all of the 
parties are covered financial institutions, the same principles and 
examples would apply if any of the parties were not a covered financial 
institution.
    The Bureau sought comment on this aspect of its proposal. In 
particular, the Bureau sought comment with respect to proposed Sec.  
1002.109(a)(3) on whether, particularly in the case of applications 
that a financial institution is treating as withdrawn or denied, the 
financial institution can ascertain if a covered credit transaction was 
originated by another financial institution without logistical 
difficulty or significant compliance cost.
Comments Received
    The Bureau received comments on this aspect of the proposal from a 
range of stakeholders, including lenders, trade associations, and 
community groups.
    Several commenters, including trade associations and a community 
group, expressed general support for the Bureau's proposed approach, 
stating that it would help avoid duplicative reporting, the originating 
lender is best positioned to obtain the necessary information from the 
borrower, and the approach will increase the accuracy of the reported 
data, especially in an increasingly complex lending market. In 
addition, two credit union trade associations said that the proposal 
takes the correct approach for loan participation arrangements. Another 
trade association said that, to ensure simplicity, the Bureau should 
make the rule identical to Regulation C.
    Conversely, several other industry commenters asserted that the 
proposal may be too complex or not feasible. A bank requested that the 
Bureau consider different reporting rules in cases where coordination 
among financial institutions is not feasible. A trade association 
stated that financial institutions are not aware of credit extensions 
made by competitors and are prohibited from sharing nonpublic 
personally identifiable information, including the existence of an 
account, with other financial institutions. This commenter pointed out 
that in indirect financing, the loan might be offered to multiple 
parties, so several financial institutions might be in this position.
    Similarly, a joint letter from several insurance premium finance 
trade associations stated that insurance premium lenders generally do 
not know whether an application was originated by another financial 
institution, and it would be difficult, if not impossible to find out. 
These commenters suggested a new exception where insurance premium 
finance lenders are permitted to report data regarding any signed 
premium finance agreement they receive and take action upon (without 
requiring them to determine whether another lender originated the rare 
premium finance loan that is not approved and funded).
    A joint letter from community and business advocacy groups argued 
that the proposal does not address the complexity of modern online 
lending. These commenters stated that online

[[Page 35403]]

lenders often ``rent a charter'' to evade the limitations of State 
lending laws, the terms of these partnerships are often unknown, but 
under the proposal only one party would report the data without it 
being clear which one. They further noted that the final credit 
decision might be made by a digital algorithm but then approved by the 
depository institution. In addition, two credit union trade 
associations expressed uncertainty regarding who is responsible for 
errors or noncompliance--that is, credit union service organizations or 
the member credit union.
    A joint letter from two motor vehicle dealer trade associations 
requested clarification on the rule's application, stating their belief 
that for indirect auto lending, the responsible party would typically 
be the indirect lender that advances funds, not the motor vehicle 
dealer. They further asserted that the dealer typically is identified 
on the credit contract as the seller-creditor even though the indirect 
lender as assignee-creditor performs the underwriting, funding, and 
servicing functions and determines whether, and on what terms, it will 
agree to take assignment of the credit contract. They argued that when 
an origination occurs, the lender taking assignment of the credit 
contract should be the entity responsible for compliance with section 
1071, and that when an origination does not occur, then reporting 
responsibility should rest with the lender that conducted underwriting 
and determined that they would not take assignment of the credit 
contract.
    A financial services trade association characterized the 
transaction differently, explaining that indirect vehicle finance 
transactions involve two separate, but related transactions. The 
commenter stated that a customer purchases a car from a motor vehicle 
dealer and executes a retail installment sales contract that finances 
the purchase price and any other products the customer elects to 
purchase. The dealer is the original creditor and negotiates the 
financing terms with the customer. Separately, the dealer communicates 
with one or more other financial institutions to determine which one 
will purchase the completed contract and at what terms. As purchaser of 
the credit contract, the financial institution takes assignment of the 
contract and begins servicing the contract until it is paid in full.
    In addition, two trade associations pointed to Board regulations 
implementing ECOA and argued that the dealer would be prohibited under 
the law from asking the business owner for protected demographic 
information.
    Some commenters expressed uncertainty regarding the Bureau's use of 
the term ``final credit decision'' in the proposal. Two commenters 
asserted that it was unclear which lender makes the final credit 
decision in situations where two lenders are required to make a credit 
decision to approve an application. A number of certified development 
companies, their trade association, and other lenders provided the 
example of the SBA's 504 Development Company Loan Program, which 
requires loans to be financed by both a certified development company 
and a private lender, asking who reports in such cases.
    Several farm credit institutions and a trade association requested 
that the Bureau clarify that its rule does not apply to credit 
decisions made after loan approval. The commenters explained that farm 
credit institutions are required to make an independent judgment on the 
creditworthiness of the borrower, even in secondary market 
transactions, so it would be helpful to make clear that those judgments 
are not subject to data collection and reporting obligations. In 
addition, a group of trade associations requested that the rule text 
should more closely match the text in proposed comment 109(a)(3)-1.ii, 
saying that otherwise it could be misinterpreted to mean that as long 
as one institution reports its decision, then others need not do so.
    A law firm commented that the Bureau should clarify that third-
party review, even if for the purposes of telling the creditor that the 
third party will only purchase the post-origination loan under certain 
conditions, does not mean that the third party/potential purchaser made 
the final credit decision. The commenter explained that in these types 
of ``forward flow'' transactions, the third party does not originate 
the credit nor does it have any particular interest in whether the 
creditor approves and originates the transaction.
    A group of trade associations stated that in the case of withdrawn 
applications, it would be impractical and burdensome for a financial 
institution to determine whether an applicant received credit 
elsewhere.
    Commenters offered some alternative suggestions. Two industry 
commenters stated that if a loan is originated, only the creditor to 
whom the obligation is initially payable should be required to collect 
and report data. When there is no origination, only the institution 
that initially received the application should be required to collect 
and report data. These commenters asserted that this was a simpler 
approach, and the originating creditor is in the best position to 
collect and report all of the required data points.
    A joint letter from community and business advocacy groups stated 
that the Bureau should assign reporting responsibility to the financial 
institution that has the predominant economic interest in and bears the 
predominant risk of a loan (or that would have had such an interest had 
the loan been consummated). These groups further asserted that it is 
important in online lenders' ``rent a charter'' arrangements for the 
Bureau to collect data on both the identity of the online lender and 
the depository institution because they are both ECOA creditors, but at 
a minimum the Bureau should collect data on the party that bears the 
bulk of the risk.
    Another commenter stated that the Bureau should consider adding a 
non-unique (i.e., shared across institutions) loan identifier that 
would allow matching of loans reported by multiple institutions (e.g., 
a new data point). The commenter asserted that this would allow data 
users to match loans reported by multiple financial institutions and 
obviate the need to have such reporting rules.
    Comments addressing partial interests and participation loans are 
discussed in the section-by-section analysis of Sec.  1002.104(b). 
Moreover, several farm credit institutions urged the Bureau to clarify 
that in the syndicated loan context, the administrative agent is the 
sole lender with responsibility under the rule. Commenters explained 
that syndicated loans differ from participations in that multiple 
lenders enter into a contractual relationship with the borrower, but 
there is typically an administrative agent, which is primarily 
responsible for interacting with the applicant or borrower. A farm 
credit institution noted that the proposal's ambiguity with respect to 
syndicated loan reporting would create inaccuracies in reported 
information.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.109(a)(3) with modifications. Final Sec.  1002.109(a)(3) states 
the general rule that each covered financial institution shall report 
the action that it takes on a covered application. Where it is 
necessary for more than one financial institution to make a credit 
decision in order to approve the covered credit transaction, however, 
only the last covered financial institution with authority to set the 
material terms of the covered credit transaction shall report

[[Page 35404]]

the application. In addition, financial institutions report the actions 
of their agents.
    Final comment 109(a)(3)-1 provides general guidance on how to 
report applications involving more than one institution. Final comment 
109(a)(3)-2 provides a variety of examples to illustrate which 
financial institution reports a particular application when multiple 
financial institutions are involved in a covered credit transaction and 
how such applications are reported.
    The Bureau has revised language in proposed Sec.  1002.109(a)(3) 
that discussed outcomes ``if more than one financial institution was 
involved in an origination'' both for clarity, and to avoid complexity, 
logistical challenges, and potential data accuracy issues. Initially, 
final Sec.  1002.109(a)(3) provides that each covered financial 
institution shall report the action that it takes on a covered 
application. Final comment 109(a)(3)-1.ii sets forth the various 
actions that a financial institution may take on a covered application. 
Certain of the examples in final comment Sec.  1002.109(a)(3)-2 
illustrate credit transactions that involve a single financial 
institution with responsibility for making a credit decision on a 
covered application. Those examples make clear that where a financial 
institution is only passively involved in a covered credit transaction 
or is only involved after the time of origination (for example, to 
purchase the loan), it has not taken action on the covered application 
and so does not report. For example, the Bureau understands that a non-
originating financial institution may be ``involved'' with a covered 
credit transaction after closing (for example, if it purchases the 
covered credit transaction); however, such post-closing transactions 
(with the exception of applications for line increases) are generally 
not covered by the final rule. The Bureau further notes that whether an 
entity meets the definition of ``creditor'' under ECOA and Regulation B 
is not determinative of who reports under this rule.
    Despite the general rule that all financial institutions shall 
report action taken on a covered application, final Sec.  1002.9(a)(3) 
and final comment 109(a)(3)-1.i provide that where it is necessary for 
more than one financial institution to make a credit decision in order 
to approve the covered credit transaction, only the last financial 
institution with authority to set the material terms of the covered 
credit transaction is required to report. Setting the material terms of 
the covered credit transaction includes, for example, selecting among 
competing offers or modifying pricing information, amount approved or 
originated, or repayment duration. The fact that it is necessary for 
more than one financial institution to make a credit decision in order 
to approve the covered credit transaction does not mean that there was 
an actual approval or origination of the covered application. Rather, 
and in contrast to the passive conduit scenario described above, this 
provision applies when a financial institution would not originate a 
covered credit transaction unless it was approved by at least one other 
financial institution prior to closing.
    The changes to Sec.  1002.109(a)(3) are intended to address 
commenters' concerns that the NPRM approach was too complex or 
infeasible. Many of these commenters stated that it would be difficult 
for a financial institution to know if a loan was originated by another 
financial institution. Unlike the NPRM approach, final Sec.  
1002.109(a)(3) is not limited to requiring only one financial 
institution to report an origination. Final Sec.  1002.109(a)(3) states 
that where it is necessary for more than one financial institution to 
make a credit decision to approve the covered credit transaction, only 
the last covered financial institution with authority to set the 
material terms of the covered credit transaction is required to report 
the application (i.e., whether or not it was originated). In making 
this change, the Bureau seeks to avoid duplicative reporting in more 
than just cases of originated transactions; it seeks to clarify that 
only one financial institution is required to report on the 
application, no matter the action taken.
    While the Bureau recognizes there may be some benefit in having 
multiple financial institutions reporting the same application, there 
are logistical challenges and potential data accuracy issues that could 
result from reporting by multiple financial institutions. For example, 
the Bureau understands that in some typical indirect lending 
situations, one application may be transmitted to several financial 
institutions to determine interest in purchasing an originated 
transaction, and requiring reporting from each of these financial 
institutions (even if the small business applicant is not aware of 
their involvement or the action taken by these institutions) would 
significantly increase reporting volumes for these types of 
transactions. Moreover, in this example, while this approach means a 
lack of visibility into purchase offers and an inability to compare 
them to the resulting credit contract, the Bureau believes that 
reporting of such data could undermine data quality and would provide 
only limited additional benefits where the purchase decisions are later 
accepted, declined, or altered by a different financial institution 
that ultimately presents (or does not present) a credit offer to the 
applicant. Thus, the Bureau believes data quality, along with the 
purposes of section 1071, will be better served if the financial 
institution with the last authority for setting the material terms of 
the covered transaction is the reporter.\790\
---------------------------------------------------------------------------

    \790\ If the financial institution with last authority for 
setting the material terms of the covered credit transaction is not 
a covered financial institution, whether due to a statutory 
exemption (such as the one for motor vehicle dealers in section 
1029) or other reasons, then the application is not reported under 
this rule.
---------------------------------------------------------------------------

    Final comment 109(a)(3)-1.i emphasizes that the determinative 
factor is not which financial institution actually made the last-in-
time credit decision, but rather which financial institution had last 
authority for setting the material terms of the covered credit 
transaction, even if it did not actually exercise this authority in a 
particular case. For example, a financial institution that has the 
authority to modify the total loan amount prior to origination has the 
last authority for setting the terms of the covered credit transaction, 
even if it makes no changes to the total loan amount. The Bureau is 
adopting a categorical, rather than a case-by-case rule, to enable 
financial institutions to identify a reporting party at the outset of a 
transaction. The Bureau believes that this will help eliminate 
uncertainty and logistical challenges concerning which institution 
reports, and thus provide a more straightforward and administrable 
bright line.
    This approach will also address requests for clarification from 
commenters. For example, one commenter suggested that the Bureau 
clarify that third-party review, even if for the purposes of telling 
the creditor that the third party will only purchase the post-
origination loan under certain conditions, does not mean that third 
party/potential purchaser made the final credit decision. The Bureau 
believes that final comment 109(a)(3)-2.vii addresses this scenario, 
illustrating that where another financial institution has ultimate 
authority for setting the material terms of the covered credit 
transaction, the third party/potential purchaser does not report. In 
finalizing this approach, the Bureau is also removing the phrase 
``final credit decision'' from Sec.  1002.109(a)(3) because the phrase 
appears to have caused confusion and is not necessary to convey the 
Bureau's intentions regarding which financial institution is

[[Page 35405]]

required to report under various circumstances.
    In addition, final comment 109(a)(3)-1.iii clarifies reporting 
obligations in circumstances where it is necessary for more than one 
financial institution to make a credit decision in order to approve a 
single covered credit transaction and where more than one financial 
institution denies the application or otherwise does not approve the 
application. In this circumstance, the reporting financial institution 
(the last financial institution with authority to set the material 
terms of the covered credit transaction) shall have a consistent 
procedure for determining how it reports inconsistent or differing data 
points for purposes of subpart B, such as reporting the denial 
reason(s) from the first financial institution that denied the covered 
application.
    The Bureau believes that the revisions to Sec.  1002.109(a)(3) and 
associated commentary will help ensure clarity and consistency from the 
outset regarding which entity has reporting responsibility in a variety 
of fact patterns involving multiple financial institutions. In 
addition, the Bureau believes that this approach advances section 
1071's purposes by reducing logistical challenges and potential data 
accuracy issues resulting from reporting by multiple financial 
institutions on the same application.
    In response to commenters who urged consistency with HMDA, the 
Bureau notes that it initially sought alignment with Regulation C given 
its understanding of how well the approach has worked in the 
residential mortgage context and the similarities that exist with 
various indirect lending scenarios in the small business lending 
context. While the Bureau's approach in final Sec.  1002.109(a)(3) in 
many situations is consistent with Regulation C outcomes, it deviates 
in some ways because, unlike Regulation C, this final rule does not 
cover purchase transactions. In addition, the Bureau believes that 
commenters' concerns about alignment with HMDA are mitigated by the 
Bureau's decision to exclude reporting of all HMDA-reportable 
transactions, as set forth in final Sec.  1002.104(b)(2).
    Unlike section 1071, HMDA expressly contemplates data collection 
for loan purchases, and Regulation C thus requires financial 
institutions to report purchases of covered loans.\791\ Moreover, 
Regulation C commentary clarifies that if more than one institution 
approved an application prior to closing or account opening and one of 
those institutions purchased the loan after closing, the institution 
that purchased the loan after closing reports the loan as an 
origination.\792\ The preamble to the 2015 final HMDA rule explained 
that requiring that only one institution report the origination of a 
covered loan eliminates duplicative data.\793\ Identical language was 
included in proposed comment 109(a)(3)-1.i.
---------------------------------------------------------------------------

    \791\ See 12 U.S.C. 2803(a)(1) (stating that institutions 
``shall compile and make available . . . the number and total dollar 
amount of mortgage loans which were (A) originated (or for which the 
institution received completed applications), or (B) purchased by 
that institution''); Regulation C Sec.  1003.4(a) (stating that a 
financial institution ``shall collect data regarding . . . covered 
loans that it purchases for each calendar year'').
    \792\ Regulation C comment 4(a)-2.i.
    \793\ 80 FR 66128, 66173 (Oct. 28, 2015).
---------------------------------------------------------------------------

    Upon further consideration, the Bureau believes that Regulation C's 
approach involving a purchasing institution is incongruous with section 
1071 requirements and thus the final rule adopts a different approach. 
As described in the section-by-section analysis of Sec.  1002.104(b) 
above, purchases of covered credit transactions are not, in themselves, 
covered by the rule. Thus, the Bureau is removing language from 
proposed comment 109(a)(3)-1.i that would have required reporting by a 
purchasing financial institution that also approved an application 
prior to closing or account opening, and is instead placing the 
reporting obligation on the last covered financial institution with 
authority to set the material terms of the covered credit transaction. 
The Bureau believes that this approach is more broadly applicable to 
the small business financing context (particularly since the Bureau is 
excluding HMDA-reportable transactions) where there are some salient 
differences to the mortgage lending context.
    For example, while there may also be intermediaries in a mortgage 
loan transaction, an intermediary typically does not have the 
discretion and authority to materially deviate from the terms expected 
by a secondary-market purchaser. In some small business lending 
contexts, even where a subsequent bona fide purchaser and holder in due 
course of a covered credit transaction has been identified, an 
intermediary may have the authority to sort through different purchase 
offers, select one, and present it to the applicant. Such an 
intermediary may also have the authority to change material terms of 
the covered credit transaction prior to closing, such as modifying the 
pricing terms, loan amount, or repayment duration. As the only party to 
interact with the applicant prior to closing, the intermediary can be 
the party with the most fair lending risk. The Bureau believes, given 
section 1071's statutory purposes, this last financial institution with 
the authority to set the terms of the small business's credit 
obligation should be the one to report on an application.
    Indirect auto lending transactions are a common example of 
situations involving multiple financial institutions. It is common for 
motor vehicle dealers to assess specific credit information about the 
applicant, negotiate and set credit terms (such as the duration of the 
transaction), negotiate and charge for add-on products, and include 
loan pricing markups. Likewise, the dealer is typically the original 
creditor, executing and setting the terms of a retail installment sales 
contract with the customer, and then selling it to another financial 
institution. Even if the motor vehicle dealer interacts with several 
financial institutions to make a credit decision and originate a credit 
transaction, the dealer is typically the last entity with authority to 
set the material credit terms of the covered credit transaction. Final 
comments 109(a)(3)-2.vii and viii provide examples of such scenarios.
    In some cases, a financial institution's purchase of the retail 
installment sales contract may not even occur until well after the 
contract has been signed and the vehicle has been driven off the lot. 
The fact that a contract may be conditioned on a financial 
institution's purchase of the contract at a later time does not alter 
the analysis. In these situations, often known as ``spot delivery,'' 
the applicant has met the underwriting and creditworthiness conditions 
used by the motor vehicle dealer and has been approved. The fact that a 
motor vehicle dealer has imposed other conditions on the execution of 
the contract (i.e., a financial institution purchasing the contract) 
that are outside of the applicant's control does not change the 
conclusion. Once the contract has been signed and the terms of credit 
set, there is no credit decision on a covered application by a 
subsequent purchaser.
    The Bureau recognizes that its rules generally do not apply to 
motor vehicle dealers, as defined in section 1029(f)(2) of the Dodd-
Frank Act, that are predominantly engaged in the sale and servicing of 
motor vehicles, the leasing and servicing of motor vehicles, or 
both.\794\ This provision is codified in final Sec.  1002.101(a). The 
Dodd-Frank Act also specifies that in general, ``nothing

[[Page 35406]]

in this title . . . shall be construed as modifying, limiting, or 
superseding the operation of any provision of Federal law, or otherwise 
affecting the authority of the Board of Governors . . . with respect to 
a [motor vehicle dealer that is predominantly engaged in the sale and 
servicing of motor vehicles, the leasing and servicing of motor 
vehicles, or both].'' \795\ Thus, consistent with this provision, if 
the motor vehicle dealer is the last financial institution with 
authority to set the material credit terms of the covered credit 
transaction, that application will not be reported under subpart B.
---------------------------------------------------------------------------

    \794\ 12 U.S.C. 5519.
    \795\ 12 U.S.C. 5519(c).
---------------------------------------------------------------------------

    Relatedly, several commenters asserted that motor vehicle dealers 
are prohibited by the Board's Regulation B from asking for protected 
demographic information in order to furnish it to another financial 
institution for reporting under the Bureau's rule. As noted above, the 
Bureau believes that dealers are often the last entity with authority 
to set the material credit terms of the covered credit transaction, and 
so are generally unlikely to be collecting 1071 data on behalf of other 
reporting financial institutions. But even in situations where the 
dealer is acting as a mere conduit, and thus may be collecting 
information on behalf of another financial institution, comment 
5(a)(2)-3 to the Board's Regulation B states that persons such as loan 
brokers and correspondents do not violate ECOA or Regulation B if they 
collect information that they are otherwise prohibited from collecting, 
where the purpose of collecting the information is to provide it to a 
creditor that is subject to HMDA or another Federal or State statute or 
regulation requiring data collection.\796\
---------------------------------------------------------------------------

    \796\ This language aligns with comment 5(a)(2)-3 in the 
Bureau's Regulation B, to which the Bureau is adding a reference to 
subpart B for additional clarity.
---------------------------------------------------------------------------

    The Bureau appreciates the range of potential alternatives raised 
by commenters as to the entity that should be required to report data 
when a covered credit transaction involves multiple financial 
institutions, but is not implementing these alternative suggestions. 
For the reasons described above, the Bureau believes that the last 
financial institution with the authority to set the material terms of 
the covered credit transaction should be the one to report.
    The Bureau believes that the final rule is also consistent with 
arrangements where an online lender partners with a bank and provides 
further clarity regarding who reports when multiple financial 
institutions are involved.
    Commenters' concerns regarding reporting of insurance premium 
financing transactions are rendered moot by the Bureau's exclusion of 
such transactions from coverage under the rule. See the section-by-
section analysis of Sec.  1002.104(b)(3) for additional details.
    Regarding farm credit institutions' request that the Bureau clarify 
that the rule does not apply to credit decisions made after loan 
approval, the Bureau has made clear in final Sec.  1002.109(a)(3) and 
associated commentary that only the action taken on the application is 
reportable.
    Regarding partial purchase interests and participation loans, as 
explained in the section-by-section analysis of Sec.  1002.104(b), the 
Bureau has added commentary to clarify that a partial purchase of a 
loan does not, in itself, generate an obligation for a covered 
financial institution to report small business lending data. The Bureau 
believes that applications for covered credit transactions will 
generally be reported by one covered financial institution, i.e., the 
financial institution that sold portions of the loan to other 
participants. The examples provided in final comments 109(a)(3)-2.ix 
and .x speak to such scenarios.
    The Bureau further believes that the rule is consistent with loan 
syndication arrangements where multiple lenders come together to fund a 
large loan for a single borrower. Syndication is distinguishable from 
loan participations. In participations, the contractual relationship 
runs from the borrower to the lead bank and from the lead bank to the 
participants. In syndications, the borrower signs a loan agreement with 
multiple creditors, each of whom has a direct contractual relationship 
with the borrower. Usually, each creditor in a syndicated loan 
transaction receives its own promissory note from the borrower. In 
fact, the Farm Credit Administration legally distinguishes between the 
Farm Credit System's loan-making authority (which includes syndication 
transactions) and its participation authority.\797\ The Bureau believes 
that syndication is typically used for large commercial projects and a 
limited number of reportable applications are likely to involve 
syndicated loans. The Bureau also understands that typical syndication 
arrangements have a syndicate agent/lead bank. If the lead bank has the 
last authority to set the material terms of the covered credit 
transaction, it has the reporting obligation.
---------------------------------------------------------------------------

    \797\ See 69 FR 8407 (Feb. 24, 2004).
---------------------------------------------------------------------------

    The Bureau also believes that the rule is consistent with lending 
through Certified Development Companies (CDCs) for SBA loans. CDCs are 
nonprofit organizations that are certified by, but independent of, the 
SBA. SBA 504 loans involve two applications--one to a CDC and one to 
another participating SBA lender. Generally, the transaction begins 
with the applicant submitting an application to the CDC to obtain 
approval for up to 40 percent of a project's costs. Once the 
application is approved by the CDC, the applicant works with another 
lender--typically a bank--to apply for the other portion of the 
financing. The other lender's loan typically covers 50 percent of a 
project's cost and is secured by a first lien, while the CDC's loan 
covers up to 40 percent of the project's cost and is secured by a 
second lien. The CDC loan is backed by a 100 percent SBA-guaranteed 
debenture. The bank earns interest from the debenture, which it 
receives semi-annually. The borrower contributes equity of at least 10 
percent, sometimes up to 20 percent, of the project cost. The CDC and 
the other lender separately underwrite the loan, and the terms and 
conditions on the CDC and bank loans may differ. Because both the CDC 
and the other lender make their own credit decisions on separate 
covered applications, they are each responsible for reporting the 
application covering their portion of the financing.
109(b) Financial Institution Identifying Information
    As explained in the NPRM, beginning in 1989, Regulation C required 
financial institutions reporting HMDA data to use a discrete 
transmittal sheet to provide information on themselves separate from 
the loan/application registers used to submit HMDA data.\798\ The 2015 
HMDA final rule incorporated information previously submitted on the 
transmittal sheet into the regulatory reporting requirements.\799\ The 
FFIEC publishes information on financial institutions that report HMDA 
data in

[[Page 35407]]

the HMDA Reporter Panel, which includes the required submission 
information provided by financial institutions under Sec.  
1003.5(a)(3), as well as other data derived from this information.\800\
---------------------------------------------------------------------------

    \798\ See 54 FR 51356, 51361 (Dec. 15, 1989) (requiring 
financial institutions to use the transmittal sheet and loan/
application register in appendix A).
    \799\ 80 FR 66128, 66526 (Oct. 28, 2015) (deleting appendix A 
and relocating its substantive requirements to Sec.  1003.5(a)(3)). 
The information now required by Regulation C includes: (i) the 
financial institution's name; (ii) the calendar year the data 
submission covers; (iii) the name and contact information of a 
person who may be contacted with questions about the institution's 
submission; (iv) its appropriate Federal agency; (v) the total 
number of entries contained in the submission; (vi) its Federal 
taxpayer identification number; and (vii) its Legal Entity 
Identifier (LEI).
    \800\ See, e.g., Fed. Fin. Insts. Examination Council, HMDA 
Public Panel, https://ffiec.cfpb.gov/documentation/2017/panel-data-fields/ (last visited Mar. 20, 2023).
---------------------------------------------------------------------------

    The Bureau proposed to collect similar information regarding 
financial institutions that report small business lending data. 
Specifically, proposed Sec.  1002.109(b) would have required that a 
financial institution provide the following information about itself as 
part of its submission: (1) its name; (2) its headquarters address; (3) 
the name and business contact information of a person who may be 
contacted with questions about the financial institution's submission; 
(4) its Federal prudential regulator, if applicable; (5) its Federal 
taxpayer identification number; (6) its LEI; (7) its Research, 
Statistics, Supervision, and Discount identification (RSSD ID) number, 
if applicable; (8) its parent institution information, if applicable 
(including the name, LEI, and RSSD ID number of its immediate parent 
entity and top-holding parent entity, if applicable); (9) the type of 
financial institution, chosen from a list provided; and (10) whether 
the financial institution is voluntarily reporting data.
    The Bureau sought comment on its approach to collecting information 
on financial institutions, including each of the items listed in 
proposed Sec.  1002.109(b)(1) through (10) as well as whether the 
Bureau should require the reporting of any other information on 
financial institutions. The Bureau did not receive any comments on the 
requirement to provide financial institution identifying information 
generally, although comments received regarding each of the items 
listed in proposed Sec.  1002.109(b)(1) through (10), are discussed in 
turn below. The Bureau also received comments discussing the benefits 
and privacy risks of financial institution identifying information, 
which are discussed in part VIII below.
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.109(b) with modifications to move examples regarding when to 
report changed financial institution identifying information to new 
comment 109(b)-1 to streamline and ensure uniformity in the guidance, 
with revisions to Sec.  1002.109(b)(3) to clarify which contact 
person's information must be provided, and to adjust the list provided 
in comment 109(b)(9)-1 based on comments received.
    The Bureau believes it is appropriate to require each of these 
pieces of information regarding financial institutions reporting small 
business lending data. As a practical matter, the Bureau anticipates 
that this information will be provided by a financial institution when 
it initially sets up an account with the Bureau's small business 
lending data submission platform to allow it to file data as required 
by the rule. Thus, this information will exist in the Bureau's data 
submission system and will be updated by the financial institution as 
needed.
    The Bureau believes that collecting a financial institution's name 
(as well as all the other identifying information in proposed Sec.  
1002.109(b)) is necessary to carry out, enforce, and compile data under 
section 1071, and will aid in fulfilling the purposes of section 1071. 
For both of section 1071's statutory purposes, the identity of the 
financial institution taking covered applications and originating 
covered credit transactions is critical as it will (1) make fair 
lending enforcement possible, and (2) make analyzing business and 
community development needs of small businesses more effective.
    With the possible exception of the LEI (in final Sec.  
1002.109(b)(6) and (8)(ii) and (v)) in certain circumstances, the 
Bureau believes that financial institutions already have all the 
information that is required of them under final Sec.  1002.109(b), and 
that being required to provide this information to the Bureau should 
not pose any particular difficulties or costs on financial 
institutions.
Paragraph 109(b)(1)
    Proposed Sec.  1002.109(b)(1) would have required a financial 
institution to provide its name. Regulation C (Sec.  1003.5(a)(3)(i)) 
requires financial institutions to provide their names when filing HMDA 
data, and the Bureau believed that a similar requirement would have 
been appropriate here.
    The Bureau detailed several practical considerations for proposing 
to require a financial institution to provide its name, including 
identification for examination purposes and administration of the 
Bureau's website for data submissions. Additionally, the Bureau noted 
that it proposed in Sec.  1002.110(c) that financial institutions' 
statutory obligation to make data available to any member of the 
public, upon request, pursuant to ECOA section 704B(f)(2)(B) would have 
been satisfied by the institutions' directing the public to the 
Bureau's website for this information. Without the financial 
institution's name (and other relevant identifying information), 
proposed Sec.  1002.110(c) would not have satisfied this statutory 
requirement.
    The Bureau received two comments on this aspect of the proposal 
from community groups, both of which supported Sec.  1002.109(b)(1) as 
proposed. For the reasons set forth herein, the Bureau is finalizing 
Sec.  1002.109(b)(1) as proposed.
Paragraph 109(b)(2)
    Proposed Sec.  1002.109(b)(2) would have required a financial 
institution to provide the physical address of its headquarters 
location. The headquarters address of a financial institution would 
provide geographic information that would aid in fulfilling the 
statutory purposes of section 1071, including, for instance, analyses 
of the connection between a financial institution's location and the 
business and community development needs where it operated. It would 
also help identify and differentiate financial institutions, 
particularly nondepository financial institutions, that have similar 
names.
    Having received no comments on this aspect of the proposal and for 
the reasons set forth herein, the Bureau is finalizing Sec.  
1002.109(b)(2) as proposed.
Paragraph 109(b)(3)
    Proposed Sec.  1002.109(b)(3) would have required a financial 
institution to provide the name and business contact information of a 
person who may have been contacted with questions about the financial 
institution's data submission. The Bureau noted that Regulation C 
includes a similar requirement in Sec.  1003.5(a)(3)(iii), and the 
Bureau believed it would have been appropriate to require such 
information here. In general, the Bureau found, from its experience 
with HMDA and Regulation C, that requiring the name and business 
contact information of a person who may have been contacted with 
questions generally facilitated communication in the event that follow-
up on a submission is required.
    Having received no comments on this aspect of the proposal and for 
the reasons set forth herein, the Bureau is generally finalizing Sec.  
1002.109(b)(3) as proposed. However, the Bureau is revising final Sec.  
1002.109(b)(3) to make clear that the contact reported is a person 
responsible for responding to Bureau or other regulator inquiries about 
the submission, rather than inquiries from the general public.

[[Page 35408]]

Paragraph 109(b)(4)
    Proposed Sec.  1002.109(b)(4) would have required a financial 
institution that is a depository institution to provide the name of its 
Federal prudential regulator, if applicable. Proposed comment 
109(b)(4)-1 would have explained how to determine which Federal 
prudential regulator (i.e., the OCC, the FDIC, the Board, or the NCUA) 
a financial institution should report. Proposed comment 109(b)(4)-2 
would have provided guidance on when a financial institution would be 
required to report a new Federal prudential regulator, for instance, in 
the event of a merger or a change of charter.
    The Bureau noted that Regulation C includes a similar provision in 
Sec.  1003.5(a)(3)(iv), requiring financial institutions to identify 
the appropriate Federal agency. In the Regulation C context, the 
purpose of this requirement is to identify the agency to which a 
financial institution must report its HMDA data--often the financial 
institution's Federal prudential regulator for depository 
institutions.\801\ For small business lending data, the Bureau believed 
a requirement to report a financial institution's Federal prudential 
regulator would be appropriate for different reasons. The reporting of 
a financial institution's Federal prudential regulator would enable 
analysts to more easily identify other information about a financial 
institution that its Federal prudential regulator makes publicly 
available, such as Call Report data; further, such additional data may 
be used by regulators to perform analyses of the characteristics of 
financial institution's data. Nondepository institutions generally do 
not have Federal prudential regulators and would not have reported one 
under this requirement.\802\
---------------------------------------------------------------------------

    \801\ 12 U.S.C. 2803(h).
    \802\ Additionally, while some nondepository institutions have 
Federal regulators, those Federal regulators may not meet the 
definition of Federal prudential regulator provided in comment 
109(b)(4)-1 and this data point still may not be applicable. For 
example, while Farm Credit System institutions are regulated and 
supervised by the Farm Credit Administration, the Farm Credit 
Administration is not a Federal prudential regulator as defined in 
comment 109(b)(4)-1.
---------------------------------------------------------------------------

    Having received no comments on this aspect of the proposal and for 
the reasons set forth herein, the Bureau is finalizing Sec.  
1002.109(b)(4) as proposed, but has moved the example in proposed 
comment 109(b)(4)-2 to new comment 109(b)-1.
Paragraph 109(b)(5)
    Proposed Sec.  1002.109(b)(5) would have required a financial 
institution to provide its Federal taxpayer identification number 
(TIN). Proposed comment 109(b)(5)-1 would have explained when a 
financial institution should report a new Federal TIN in the event that 
it obtained a new Federal TIN (for instance, because the financial 
institution merged with another financial institution and adopted the 
Federal TIN of the other financial institution). The Bureau noted that 
Regulation C Sec.  1003.5(a)(3)(vi) requires financial institutions to 
report Federal TIN with their HMDA submissions, and the Bureau believed 
such a requirement would be appropriate here as well. A financial 
institution's Federal TIN may be used to identify other publicly 
available information on a financial institution, and combined with a 
financial institution's small business lending application register to 
enhance the types of analysis that can be conducted to further the two 
statutory purposes of section 1071.
    Having received no comments on this aspect of the proposal and for 
the reasons set forth herein, the Bureau is finalizing Sec.  
1002.109(b)(2) as proposed, but has moved the example in proposed 
comment 109(b)(5)-1 to new comment 109(b)-1.
Paragraph 109(b)(6)
    Proposed Sec.  1002.109(b)(6) would have required a financial 
institution to provide its LEI. Proposed comment 109(b)(6)-1 would have 
explained what an LEI is and would have made clear that financial 
institutions that do not currently have an LEI must obtain one, and 
that financial institutions would have an ongoing obligation to 
maintain an LEI in order to satisfy proposed Sec.  1002.109(b)(6).
    The Bureau explained that an LEI is a unique, 20-digit identifier 
issued by an entity endorsed or otherwise governed by the Global LEI 
Foundation. Regulation C requires financial institutions to obtain and 
use an LEI, which facilitates the analysis of HMDA data and aids in the 
recognition of patterns by more precisely identifying financial 
institutions and affiliated companies.\803\ The LEI also helps 
financial institutions that report HMDA data generate the universal 
loan identifier used to identify application or application-level 
records in Regulation C. Similarly, in the section 1071 context, a 
financial institution's LEI would also likely facilitate data 
analyses,\804\ by helping the Bureau and other stakeholders better 
understand a financial institution's corporate structure. Proposed 
Sec.  1002.107(a)(1) would have also required that financial 
institutions use their LEIs in creating unique identifiers for covered 
applications. The Bureau believed this, in turn, would result in more 
sophisticated and useful analyses of the financial institution's data.
---------------------------------------------------------------------------

    \803\ 80 FR 66128, 66248 (Oct. 28, 2015) (noting that, despite 
the cost, the Bureau believed that the benefit of all HMDA reporters 
using an LEI justified the associated costs by improving the ability 
to identify the financial institution reporting the data and link it 
to its corporate family).
    \804\ Id. (``By facilitating identification, this requirement 
will help data users achieve HMDA's objectives of identifying 
whether financial institutions are serving the housing needs of 
their communities, as well as identifying possible discriminatory 
lending patterns.'').
---------------------------------------------------------------------------

    The Bureau received a few comments on this aspect of the proposal. 
These commenters were supportive of proposed Sec.  1002.109(b)(6), 
agreeing with the Bureau's assertion that an LEI would help facilitate 
analyses. One commenter stated that the Bureau needed to ensure data 
users could identify parent and affiliate connections. The comments 
also supported requiring financial institutions to provide LEI 
information, stating that it would be consistent with HMDA, as 
discussed in the proposal.
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.109(b)(6) as proposed. Regarding the comment requesting the Bureau 
make identification of parent and affiliate connections easier, the 
Bureau notes that it is requiring LEI information in part for this 
reason, as discussed in the proposal. As explained in comment 
109(b)(6)-1, financial institutions are required to report the current 
LEI number, and if the financial institution does not currently possess 
one, to obtain one. Financial institutions also have an ongoing 
obligation to maintain their LEI number. As part of maintaining an LEI 
number, a financial institution must make sure the LEI number and 
associated information are current, including any relationship data. 
The Bureau believes that publication of a financial institution's LEI, 
as well as any parent and top parent LEIs, as applicable, will allow 
data users to identify these relationship connections.
Paragraph 109(b)(7)
    Proposed Sec.  1002.109(b)(7) would have required a financial 
institution to report its RSSD ID number, if applicable. The Bureau 
explained that an RSSD ID is a unique identifying number assigned to 
institutions, including main offices and branches, by the Federal 
Reserve System. All depository institutions know and regularly report 
their RSSD ID numbers on FFIEC regulatory forms. The Bureau believed 
that an RSSD ID would help data users link the data for

[[Page 35409]]

a particular financial institution to other regulatory data, including 
the connections between a particular financial institution with other 
financial institutions. The Bureau believed that this additional 
information would result in more sophisticated and useful analyses of 
the financial institution's small business lending data.
    Proposed comment 109(b)(7)-1 would have explained what an RSSD ID 
number is and how financial institutions that have one might find it. 
Financial institutions that do not have RSSD IDs, typically 
nondepository institutions, would not have been required to obtain 
them, and would report ``not applicable'' in that field.
    The Bureau received one comment from a community group supporting 
this aspect of the proposal. For the reasons set forth herein, the 
Bureau is finalizing Sec.  1002.109(b)(7) as proposed.
Paragraph 109(b)(8)
    Proposed Sec.  1002.109(b)(8) would have required a financial 
institution to provide certain information on its parent entities, if 
applicable. This information would have included the name, the LEI (if 
available), and the RSSD ID (if available) of the financial 
institution's immediate parent entity and the financial institution's 
top-holding parent entity.
    Proposed comments 109(b)(8)-1 and -2 would have provided guidance 
on how to identify a financial institution's immediate parent entity 
and a financial institution's top-holding parent entity. Proposed 
comment 109(b)(8)-3 would have explained that a financial institution 
would have reported its parent entities' LEIs if they have them, but 
that no parent entity would be required to obtain an LEI if it did not 
already have one. Proposed comment 109(b)(8)-4 would likewise have 
explained that a financial institution would report its parent 
entities' RSSD ID numbers if they had them.
    In the NPRM, the Bureau explained that it believed that the 
collection of information on a financial institution's structure would 
further both of the statutory purposes of section 1071. Data on a 
financial institution's organizational structure that is self-reported 
would be more accurate than would be the case if the Bureau attempted 
to generate such information from publicly available sources.\805\
---------------------------------------------------------------------------

    \805\ With respect to HMDA, the Bureau, on behalf of the FFIEC 
and HUD, does currently attempt to generate and publish information 
on filers, including parent company and top holder information 
obtained from the LEI provided. See Fed. Fin. Insts. Examination 
Council, Public Panel--Data Fields with Values and Definitions, 
https://ffiec.cfpb.gov/documentation/2021/panel-data-fields/ (last 
visited Mar. 20, 2023). But the Bureau has encountered difficulties 
in using the LEI to obtain parent company and top holder 
information, and thus proposed for this rulemaking to require that 
it be provided directly by financial institutions.
    From 1989 to 1998, Regulation C required financial institutions 
to report their parent entity information on transmittal sheets. 54 
FR 51356, 51361, 51368 (Dec. 15, 1989) (adding the transmittal sheet 
requirement, including parent institution information, to appendix A 
to Regulation C); 63 FR 52140, 52141 (Sept. 30, 1998) (stating that 
the Board believed that the availability of information from the 
FFIEC website makes the continuation of the requirement for parent 
company information on the transmittal sheet unnecessary). In 2002, 
Regulation C again required financial institutions to report parent 
information on transmittal sheets on the grounds that data users 
asserted the importance of having the parent institution information 
associated with the HMDA data itself, rather than in a separate 
database provided by the National Information Center. 67 FR 7221, 
7232 (Feb. 15, 2002).
    In the 2014 HMDA NPRM, the Bureau proposed to continue requiring 
that financial institutions identify their parent companies. The 
Bureau stated that because information about parent companies was 
not yet available through the LEI, the Bureau believed it was 
necessary to maintain this requirement to ensure that financial 
institutions' submissions can be linked with those of their 
corporate parents. 79 FR 51731, 51861 (Aug. 29, 2014). However, 
required reporting of parent company information stopped under the 
2015 HMDA final rule on the grounds that once the LEI is fully 
implemented, parent entity information was expected to become 
available. 80 FR 66128, 66248 (Oct. 28, 2015) (citing Fin. Stability 
Bd., LEI Implementation Grp., Fourth Progress Notes on the Global 
LEI Initiative, at 4 (Dec. 11, 2012), http://www.financialstabilityboard.org/wp-content/uploads/r_121211.pdf?page_moved=1) (noting that the LEI Implementation Group 
is developing proposals for additional reference data on the direct 
and ultimate parent(s) of legal entities and on relationship data 
more generally).
---------------------------------------------------------------------------

    The Bureau further explained that better structural information 
would, for instance, improve the accuracy of peer analyses, which would 
facilitate fair lending enforcement. The Bureau stated that analyzing 
trends over time would be useful for identifying institutions that may 
give rise to fair lending risk. Given structural changes to 
institutions over time, information that enables the identification of 
institutions consistently and accurately over time is important to this 
trend analysis.
    In addition, the Bureau believed that information on a financial 
institution's structure would advance the business and community 
development purpose of section 1071 by facilitating the analysis of 
whether and how corporate structure impacts how a financial institution 
provides access to credit to small businesses. In particular, this 
structural information could be used to understand how regulation in 
one part of a corporate structure impacts unregulated entities within 
the same corporate group.
    Proposed Sec.  1002.109(b)(8) would have resulted in more accurate 
and comprehensive corporate structure information by requiring 
financial institutions to provide not only the name of one parent 
entity, but the immediate parent entity of the financial institution as 
well as the top-holding parent of the financial institution (for some 
financial institutions, this would be a bank holding company). For the 
reasons set out above in the section-by-section analyses of Sec.  
1002.109(b)(6) and (7), the reporting of LEI and RSSD ID of parent 
entities would improve the ability of regulators and other stakeholders 
to map out more precisely and fully the often-complex networks of a 
financial institution's corporate structure. This more detailed and 
accurate structural data, in turn, might be used to perform more 
sophisticated and useful analyses of the financial institution's small 
business lending data. In addition, this information would have helped 
the Bureau confirm whether data were appropriately being reported by 
financial institutions on behalf of their subsidiaries pursuant to 
proposed Sec.  1002.109(a)(2).
    With respect to proposed Sec.  1002.109(b)(8), the Bureau sought 
comment on whether it should require any other parent entity 
information to be provided by financial institutions reporting data.
    The Bureau received comments on this aspect of the proposal from a 
community group and a trade association. These commenters were 
supportive of proposed Sec.  1002.109(b)(8). One commenter supported 
identifying the parent and top holder parent entities under proposed 
Sec.  1002.109(b)(8)(i) and (iv). Both commenters supported the 
inclusion of LEI information for both the parent and top holder parent 
entities under proposed Sec.  1002.109(b)(8)(ii) and (v). For the 
reasons set forth herein, the Bureau is finalizing Sec.  1002.109(b)(8) 
as proposed.
Paragraph 109(b)(9)
    Proposed Sec.  1002.109(b)(9) would have required a financial 
institution to report the type of financial institution it is, 
selecting the applicable type or types of institution from a list in 
proposed comment 109(b)(9)-1. The comment would also have explained 
that a financial institution would select all applicable types. The 
list provided in the proposed comment included: (i) bank or savings 
association, (ii) minority depository institution, (iii) credit union, 
(iv) nondepository institution, (v) CDFI, (vi) other nonprofit 
financial institution, (vii) Farm Credit System institution, (viii) 
government lender, (ix) commercial finance company, (x) equipment 
finance company, (xi)

[[Page 35410]]

industrial loan company, (xii) fintech, and (xiii) other. Proposed 
comment 109(b)(9)-2 would have explained that a financial institution 
reports the type of financial institution as ``other'' where none of 
the enumerated types of financial institution appropriately describe 
the applicable type of financial institution, and the institution 
reports the type of financial institution as free-form text.
    The Bureau believed that information regarding the type of 
financial institution reporting small business lending data would 
greatly assist in the analysis conducted by the Bureau and other data 
users. Information providing further details on types of financial 
institutions would help advance the statutory purposes of section 1071; 
fair lending analysts might use this information on the financial 
institution type (for instance, depository institutions compared to 
nondepository institutions) as a control variable for their analyses. 
The inclusion of this information may also assist in an assessment of 
the business and community development needs of an area as it may 
provide analysts a means of determining what types of financial 
institutions serve certain geographic areas.
    In addition, the Bureau believed that this information, combined 
with the parent entity information required by proposed Sec.  
1002.109(b)(8), would offer more accurate and granular data on 
nondepository institutions within the same corporate group as 
depository institutions. The Bureau noted that, at the time of the 
NPRM, the National Information Center database, which contains 
information on the structure of corporate groups that contain banks and 
other financial institutions, provided little information on 
nondepository institutions. In connection with proposed Sec.  
1002.109(b)(8), information on corporate structure that financial 
institutions self-report could fill in reporting gaps, including more 
specific information on financial institution types.
    With respect to proposed Sec.  1002.109(b)(9), the Bureau sought 
comment on whether it should consider removing, modifying, or adding 
any types of financial institutions to the list in proposed comment 
109(b)(9)-1, including in order to manage unique privacy interests 
(such as, for example, whether a category for captive finance companies 
that lend to applicants that share the same branding should be included 
on the list). The Bureau also sought comment on whether it should 
consider defining any of the types of financial institutions in the 
proposed list, in particular whether and how to define the term 
``fintech.''
    The Bureau received comments on this aspect of the proposal from 
several community groups and a software vendor. Generally, these 
commenters were supportive of proposed Sec.  1002.109(b)(9), though 
some requested certain modifications. Two commenters stated that the 
use of ``fintech'' in the list of financial institution types in 
proposed comment 109(b)(9)-1 was not a clear descriptor, and that 
``online lender'' would be a better term. One commenter also requested 
the Bureau make clear that selection of ``other'' as a type of 
financial institution does not qualify the financial institution for 
exemption from coverage of this rule. Additionally, the commenter 
requested the Bureau make clear that selection of multiple financial 
institution types from the list provided in proposed comment 109(b)(9)-
1 is permitted. Finally, a commenter requested the Bureau require 
financial institutions to identify the types of products they offer, in 
addition to the type of financial institution.
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.109(b)(9) with a revision in comment 109(b)(9)-1 to replace the 
financial institution type ``fintech'' with ``online lender'' and to 
add commentary about how the Bureau may add additional financial 
institution types in the future. The Bureau agrees with commenters that 
using ``online lender'' as a financial institution type will help 
better identify the type of financial institution that is being 
described rather than ``fintech.'' As commenters noted, ``fintech'' has 
a wide variety of uses over different industries. That variety may make 
it difficult to determine what ``fintech'' means as a financial 
institution type and under what circumstances a financial institution 
must report ``fintech'' as one of their types. Using ``online lender'' 
as the financial institution type helps make clear the financial 
institution's business model is to conduct business primarily online. 
For example, an online lender would include a platform or peer-to-peer 
lender that generally only receives applications and originates loans 
through a website and that does not have in-person encounters with 
small businesses, such as accepting applications or having meetings 
with loan officers, at a physical office. In such a case, the financial 
institution would select ``online lender'' as the type of financial 
institution (in addition to any other applicable financial institution 
types listed in final comment 109(b)(9)-1).
    For similar reasons as those discussed in the section-by-section 
analysis of Sec.  1002.107(a) regarding the addition of comment 107(a)-
4, the Bureau is also adding a comment in Sec.  1002.109(b)(9) to 
facilitate flexibility and account for the evolution of small business 
lending market, identifying how the Bureau may add additional financial 
institution types in the future. Comment 109(b)(9)-3 provides that the 
Bureau may add additional types of financial institutions via the 
Filing Instructions Guide and related materials. Comment 109(b)(9)-3 
refers financial institutions to the Filing Instructions Guide for any 
updates for each reporting year.
    Regarding commenters' requests for clarity regarding selection of 
multiple financial institution types, and that selecting ``other'' does 
not exempt an institution from coverage under the rule, final comment 
109(b)(9)-1 states a financial institution shall select all applicable 
types, confirming that multiple financial institution types should be 
selected if more than one type applies to the financial institution. 
Additionally, the Bureau notes that final Sec.  1002.105 addresses 
institutional coverage under this rule. Financial institution type is 
not a determinative factor for coverage; in fact, an exempt institution 
(unless voluntarily reporting data pursuant to Sec. Sec.  1002.107 
through 1002.109 as discussed in comment 105(b)-6) would not be 
submitting information pursuant to Sec.  1002.109 in the first 
instance. Final comment 109(b)(9)-2 explains the circumstances for 
which a financial institution is required, or permitted, to report 
``other.''
    Finally, the Bureau does not believe it is necessary to add a 
requirement for financial institutions to provide their product types 
as part of the financial institution identifying information, as 
suggested by one commenter. Section 1002.107(a)(5), as finalized, 
requires a financial institution to identify the credit type for each 
application or origination reported. This information, together with 
the other financial institution identifying information required 
pursuant to Sec.  1002.109(b), will allow data users to identify the 
product types offered by each financial institution in the dataset.
Paragraph 109(b)(10)
    Proposed Sec.  1002.109(b)(10) would have required a financial 
institution to indicate whether it was not a covered financial 
institution under proposed Sec.  1002.105(a) and was thus voluntarily 
reporting covered applications.
    The Bureau believed it was important to be able to specifically 
identify these

[[Page 35411]]

institutions' transactions in the dataset. If reporting were restricted 
to only financial institutions required to report, the data would 
accurately reflect the overall population of financial institutions 
subject to the final rule. However, institutions that do not meet the 
rule's loan-volume threshold in proposed Sec.  1002.105(b) could choose 
to voluntarily report small business lending data pursuant to proposed 
Sec.  1002.5(a)(4)(vii) through (ix). Those institutions that 
voluntarily reported data might not be representative of all potential 
voluntary reporters and might differ from required reporters. Without a 
specific designation, it might not be possible to distinguish an 
institution voluntarily reporting data after a single year of exceeding 
the loan-volume threshold from an institution reporting because it had 
already exceeded the loan-volume threshold in two consecutive years. 
The Bureau believed that data users would benefit from being able to 
use this information as a control variable, resulting in better fair 
lending as well as business and community development analyses, to 
account for certain differences that might exist as between required 
and voluntary reporters.
    The Bureau received one comment on this aspect of the proposal from 
a community group. The commenter supported inclusion of Sec.  
1002.109(b)(10), agreeing with the Bureau's assertion that data users 
will need to identify voluntary reporters. For the reasons set forth 
herein, the Bureau is finalizing Sec.  1002.109(b)(10) as proposed.
109(c) Procedures for the Submission of Data to the Bureau
Proposed Rule
    Proposed Sec.  1002.109(c) and comment 109(c)-1 would have directed 
financial institutions to a publicly available website containing the 
Bureau's Filing Instructions Guide, which would have set out technical 
instructions for the submission of data to the Bureau pursuant to 
proposed Sec.  1002.109. Regulation C Sec.  1003.5(a)(5) contains a 
comparable provision, which directs users to a Bureau website that sets 
out instructions for the submission of HMDA data, and the Bureau 
believed a similar approach would be appropriate here.
    The Bureau sought comment on this aspect of the proposal, including 
the provision of technical instructions for data submission via a 
Bureau website and how best to implement the provisions of this section 
in a manner that minimizes cost and burden particularly to small 
financial institutions while implementing all statutory obligations. 
The Bureau also sought comment on ways it could streamline reporting 
for small financial institutions.
Comments Received
    The Bureau received comments from two lenders, several trade 
associations, and a community group concerning the Bureau's publication 
of a Filing Instructions Guide to assist lenders in their submission of 
small business lending data to the Bureau. A CDFI lender and two trade 
associations supported the publication of technical instructions for 
data submission in the Filing Instructions Guide, stating that it would 
greatly aid in complying with the rule. One of these commenters 
requested that the Bureau dedicate staff to provide answers that can be 
relied on, such that community banks could not be criticized or 
penalized during subsequent examinations.
    A bank and several trade associations expressed concern about the 
possible timing for the Bureau's publication of its Filing Instructions 
Guide, noting the importance of receiving such instructions well in 
advance such that lenders could comply with the rule and provide 
accurate and reliable data. Two of these commenters requested that the 
Bureau release the Filing Instructions Guide at least six months before 
any required data collection begins.
    A trade association inquired whether the Filing Instructions Guide 
for this regulation would be similar to the one for HMDA and Regulation 
C, and whether the Bureau would make the Filing Instructions Guide 
available for comment. A joint letter from community and business 
advocacy groups suggested that certain data categories for race and 
ethnicity be contained in the Filing Instructions Guide, so they could 
be adjusted from time to time to align any changes in the OMB's Federal 
Data Standards on Race and Ethnicity, rather than being codified in the 
commentary to this regulation.
Final Rule
    The Bureau is finalizing Sec.  1002.109(c) as proposed. The Bureau 
is developing a system to receive, process, and publish the data 
collected pursuant to this final rule. In doing so, the Bureau has 
benefitted from what it learned in its multiyear effort in developing 
the HMDA Platform, through which entities file data as required under 
HMDA and Regulation C. As it did in developing the HMDA Platform, the 
Bureau's ongoing work in developing the small business lending data 
submission system focuses on satisfying all legal requirements, 
promoting data accuracy, and reducing burden. The Bureau is publishing, 
concurrently with this final rule, a Filing Instructions Guide and 
related materials for financial institutions.\806\ The Bureau does not 
believe proposed comment 109(c)-1 is necessary as it is duplicative of 
the regulatory text, and thus has removed it from the final rule.
---------------------------------------------------------------------------

    \806\ See https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/.
---------------------------------------------------------------------------

    ECOA section 704B(g)(1) authorizes the Bureau to prescribe rules 
and issue such guidance as may be necessary to carry out, enforce, and 
compile data pursuant to section 1071. Section 704B(g)(3) provides for 
the Bureau to issue guidance to facilitate compliance with the 
requirements of section 1071. Here, final Sec.  1002.109(c) is 
justified under both ECOA provisions because the issuance of the means 
of submitting data to the Bureau are both necessary to compile data 
pursuant to section 1071 and to facilitate compliance with section 
1071.
    The Bureau agrees with commenters that the Filing Instructions 
Guide will significantly facilitate compliance with section 1071. 
Regarding the request that the Bureau provide staff to answer questions 
about complying with the rule before the rule's compliance date, Bureau 
staff will be available after the publication of this final rule to 
provide guidance to lenders in complying with the rule. The Bureau will 
make other compliance and technical resources available as well, as 
described at the end of part I above.
    The Bureau notes, in response to the question of whether the Filing 
Instructions Guide would be similar to the one for HMDA, that many 
aspects of the Filing Instructions Guide for this regulation are based 
on the HMDA guide. The Bureau does not believe it is necessary to 
request public comment on the Filing Instructions Guide, as it is a 
technical document that reflects the regulatory requirements of Sec.  
1002.107 and Sec.  1002.109(b) such that data can be submitted to the 
Bureau's small business lending data submission platform. However, as 
with HMDA, various iterations of the Filing Instructions Guide will be 
published over time with changes based in part on feedback from 
financial institutions and third-party providers. Regarding the comment 
that certain data categories for race and ethnicity contained in the 
Filing Instructions Guide be adjusted from time to time to align any 
changes in the OMB's Federal Data Standards on

[[Page 35412]]

Race and Ethnicity, the Bureau recognizes that it may need to adjust 
some data categories over time, but that the statute may not permit 
exact alignment with all future developments by another agency that is 
not itself implementing section 1071.
Other Reporting Issues
    With respect to HMDA data, Regulation C Sec.  1003.5(a)(1)(i) 
provides that a financial institution shall submit its annual loan/
application register in electronic format to the appropriate Federal 
agency. Regulation C does not provide for the submission of HMDA data 
by unaffiliated third parties directly on behalf of financial 
institutions in the way that a parent institution may submit HMDA data 
on behalf of its subsidiary under Sec.  1003.5(a)(2) and comment 5(a)-
3. The Bureau understands from financial institutions that report HMDA 
data to the Bureau that most institutions use third-party software 
vendors in some way to help them prepare or submit their loan/
application registers to the Bureau. The Bureau sought comment on 
whether it should permit third parties (such as financial software 
vendors) to submit to the Bureau a small business lending application 
register on behalf of a financial institution, including whether 
financial institutions should be required to designate third parties 
authorized to submit registers on their behalf.
    Commenters did not directly address the topic of third-party 
submissions of small business lending application registers on behalf 
of financial institutions. One trade association, in the context of 
proposed Sec.  1002.109, noted that its members rely on third-party 
vendors for many important business processes, and the contributions of 
such vendors to support financial institution innovation is important. 
Industry commenters, including trade associations and lenders, widely 
noted their reliance on third-party vendors for many important business 
processes in commenting on other sections of the proposed rule, as is 
noted, for instance, in the section-by-section analysis of Sec.  
1002.114(b). The commenter asked that the Bureau encourage vendors to 
develop solutions to help financial institution clients comply with 
section 1071.
    The Bureau is finalizing Sec.  1002.109 as proposed. While there is 
no explicit provision addressing financial institution use of service 
providers in connection with submission of applicant registers, 
informed by its HMDA experience, the Bureau is open to such submission, 
so long as it complies with all applicable provisions of the final 
rule, including the restrictions on disclosure of protected demographic 
data contained in final Sec.  1002.110(e). In addition, the Bureau will 
continue to engage with vendors and industry to assess future demand 
for service provider use in this area. Regarding the comment asking the 
Bureau to encourage third-party solutions to help covered financial 
institutions comply with section 1071, the Bureau agrees and has 
engaged in outreach to third-party vendors, as discussed in part III 
above, since the issuance of the NPRM to facilitate their development 
of solutions to assist financial institutions in complying with this 
rule.

Section 1002.110 Publication of Data

    Final Sec.  1002.110 addresses several issues surrounding 
publication of small business lending data. First, final Sec.  
1002.110(a) addresses annual publication of application-level data on 
the Bureau's website, subject to modification and deletion decisions by 
the Bureau based on consideration of privacy interests. Second, final 
Sec.  1002.110(b) states that the Bureau may compile and aggregate data 
submitted by financial institutions and may publish such compilations 
or aggregations as the Bureau deems appropriate. Third, final Sec.  
1002.110(c) requires a covered financial institution to publish on its 
website a statement that its small business lending data, as modified 
by the CFPB, are or will be available on the CFPB's website. Finally, 
final Sec.  1002.110(d) provides when a covered financial institution 
shall make the notice required by final Sec.  1002.110(c) available to 
the public and how long it shall maintain the notice on its website.
    The Bureau is finalizing Sec.  1002.110 to implement ECOA section 
704B(f)(2)(B) and (C), which require the Bureau to adopt regulations 
addressing the form and manner that data are made available to the 
public, and pursuant to its authority under 704B(g)(1) to prescribe 
such rules and issue such guidance as may be necessary to carry out, 
enforce, and compile data pursuant to section 1071. The Bureau is also 
finalizing Sec.  1002.110(b) pursuant to 704B(f)(3), which permits the 
Bureau to compile and aggregate small business lending data, and to 
publish such aggregate data.
110(a) Publication of Small Business Lending Application Registers and 
Associated Financial Institution Information
    ECOA section 704B(f)(2)(C) requires the Bureau to annually make the 
small business lending data it receives from financial institutions 
available to the public in such form and in such manner as the Bureau 
determines by regulation.
Proposed Rule
    Proposed Sec.  1002.110(a) would have provided that the Bureau 
shall make available to the public generally the data reported to it by 
financial institutions pursuant to proposed Sec.  1002.109, subject to 
deletions or modifications made by the Bureau if the Bureau determines 
that, based on the proposed balancing test, the deletion or 
modification of the data would advance a privacy interest.\807\ The 
Bureau proposed to make such data available on an annual basis, by 
publishing it on the Bureau's website. The Bureau sought comment on its 
proposed approach to implementing ECOA section 704B(f)(2)(C).
---------------------------------------------------------------------------

    \807\ As discussed in part VIII below, the Bureau is not 
announcing how it will consider different factors when implementing 
its discretion to delete or modify application-level data before 
publication. The Bureau will continue to engage with stakeholders on 
publication and it intends to make final decisions only after that 
continued engagement and receipt of a full year of application data. 
Part VIII lays out the CFPB's preliminary views, in light of 
comments received on the balancing test articulated in the NPRM, on 
how to assess and protect privacy interests through modifications 
and deletion.
---------------------------------------------------------------------------

Comments Received
    In response to proposed Sec.  1002.110(a), the Bureau received 
comments from a range of lenders, trade associations, community groups, 
individual commenters, and others. Many commenters supported the 
Bureau's proposal to make data available on an annual basis by 
publishing it on the Bureau's website. Some noted that publication of 
disaggregated data is critical to achieving the statutory purposes of 
section 1071. Some commenters indicated the Bureau should make clear 
that the Bureau must publish data annually, citing their concern that 
any discretion in data publication could allow for inconsistent data 
publication in the future. A commenter further supported publication on 
the Bureau's website, stating that it preferred the Bureau as the 
singular source for published data because it would ensure the data was 
uniform and consistent in data and publication formats, which would 
help to prevent obfuscation efforts by bad actors. The commenter noted 
that, based on their historical experience with HMDA data, without 
publication on the website, the public would need to request data from 
each financial institution individually and the data

[[Page 35413]]

provided may not be in the same file format, may not be in an 
accessible file format, and the data may have variations in formatting, 
which could hide data anomalies or patterns of discrimination.
    Some commenters opposed publication of disaggregated data entirely, 
citing various privacy risks, or otherwise preferred the Bureau publish 
small business lending data only in aggregate form.\808\ Some 
commenters supported publication of disaggregated data publication, but 
also supported modifications in light of privacy risk.
---------------------------------------------------------------------------

    \808\ See also part VIII below.
---------------------------------------------------------------------------

    Commenters also discussed timing of data publication. Some 
supported annual publication, as proposed. Others requested publication 
as soon as possible but did not suggest a specific schedule. Two 
requested quarterly data publication, and one suggested publication 
every six months. A few commenters requested the Bureau also establish 
a deadline by which it would annually publish data; some did not 
suggest a specific deadline while others requested a fall publication 
deadline, shortly after data are submitted to the Bureau, in order to 
maximize the data's currency and usefulness.
    Many commenters requested the Bureau ensure that published data are 
accessible to the general public. These commenters noted that the data 
should be easily searchable or filterable so that anyone with an 
interest in fair lending can use and understand the data. Some of these 
commenters noted that data can sometimes be inaccessible if provided in 
a very technical manner, such that only those with expertise in data 
analysis can understand and use the data. One commenter suggested that 
this concern was of particular concern for ethnicity and race data. 
Additionally, a few commenters pointed to previous Bureau data releases 
as examples of publication that worked well, such as the consumer 
complaint database, and those that they would prefer the Bureau not 
follow, including the current data tool used to publish HMDA data.
    Some commenters requested the Bureau add disclaimers or 
explanations to data fields when the data is published to aid in user 
understanding about the data, such as data limits, caveats, or 
exceptions. For example, several commenters requested the Bureau add a 
disclaimer to data submitted by Farm Credit System lenders identifying 
their unique statutory coverage limitations and dividend structures. 
Other commenters requested a disclaimer that identifies when ethnicity, 
race, and sex data was collected on the basis of visual observation 
pursuant to proposed Sec.  1002.107(a)(20). One commenter requested a 
publication disclaimer for amount of credit applied for and amount of 
credit approved or originated, that would explain that applicant-
provided information can be arbitrary and may not match the amount of 
credit approved or originated. Another commenter requested that the 
Bureau include a disclaimer for private label credit because, they 
said, private label credit should not be compared to other small 
business credit products because it is based on the availability of the 
financial institution's retail partners and those partners' geographic 
locations. Conversely, one commenter requested the Bureau not add any 
disclaimers to pricing data points on the grounds that they would cause 
further misunderstanding of the data.
    Two commenters suggested the CFPB establish an advisory group to 
offer advice or it should seek public feedback on ways to improve 
publication and enhance data accuracy. One commenter asked that it 
establish an authorization program to certify as ``CFPB-approved'' 
particular data products and programs created from 1071 data. Another 
commenter stated that when publishing the data, the Bureau should 
ensure that the data are organized by institution and credit product 
type as a default setting, rather than only by institution, to ensure 
proper comparison by data users.
Final Rule
    For these reasons set forth herein, the Bureau is finalizing Sec.  
1002.110(a) largely as proposed. As finalized, subject to modification 
or deletion decisions made by the Bureau to advance privacy interests 
as discussed in part VIII below, the Bureau has committed itself in 
Sec.  1002.110(a) to making application-level data available to the 
public via annual publication. Because publication is subject to any 
modification or deletion decisions made by the Bureau pursuant to its 
privacy analysis, the Bureau concludes that Sec.  1002.110(a) itself 
adequately addresses commenter concerns about privacy risks. As 
discussed in part VIII, the CFPB is also of the view that application-
level data have significant disclosure benefits that will facilitate 
the fair lending and business and community development purposes of 
section 1071. This determination strongly supports disclosure of the 
data in a disaggregated format to the extent consistent with the 
privacy interests. As a result, the Bureau does not intend to publish 
only aggregate data compilations pursuant to Sec.  1002.110(b).
    Publication of application-level data on an annual basis is 
appropriate. While a few commenters proposed shorter cycles, the Bureau 
would not have new data to publish more frequently because, as 
discussed in the section-by-section analysis of Sec.  1002.109(a), the 
Bureau is requiring financial institutions to report annually. Further, 
the Bureau concludes that until it obtains a full year of reported data 
and performs a full privacy analysis, as discussed in part VIII below, 
it cannot know with certainty the amount of time it will take to 
analyze the privacy risks, and make modifications or deletions as 
needed, particularly for the first publication of application-level 
data. Accordingly, the final rule does not set a publication deadline.
    Because the Bureau is still creating its data publication platform, 
it takes under advisement commenter concerns about accessibility and 
ease of use, and will make efforts to be responsive to those comments 
as the platform and user tools are built. The Bureau is also taking 
under advisement suggestions on how to organize and display data.
    Similarly, the Bureau is taking under advisement requests to make 
data limitations, such as related to credit or financial institution 
type, clear to data users. But it does not intend to state that the 
amount of credit applied for and amount of credit approved or 
originated may have discrepancies because the applicant underestimated 
their credit limitations. As discussed in the section-by-section 
analyses of Sec.  1002.107(a)(7) and (8) above and in the NPRM, there 
are several other reasons for discrepancy between the amount an 
applicant applies for and the amount for which they are approved. A 
disclaimer asserting the discrepancy may be attributable to applicant 
overconfidence would minimize the serious risk of fair lending concerns 
that these data points may otherwise identify. For similar reasons, the 
Bureau does not intend to add disclaimers to pricing data.
    Finally, the Bureau notes that while it does not have an advisory 
group dedicated to small business lending data publication, there are 
several avenues through which it expects to receive feedback from the 
public on small business lending data in the future, including the 
Bureau's Advisory Committees, as well as any regulatory or technical 
assistance function created for data submitters. The Bureau also 
intends to pursue continued public engagement, including with respect 
to its intended privacy assessment and associated modification and 
deletion decisions, as discussed in part VIII below. Further, the 
Bureau will not

[[Page 35414]]

approve or endorse any particular entity's use of or republication of 
data, although entities may use and republish the data once it is made 
available in the public domain pursuant to this rule. Because the 
statutory purposes and noted benefits of data publication (as discussed 
herein) include providing information to the public to identify and 
address fair lending issues in the small business lending market, the 
Bureau encourages data users to analyze the data to address the 
statutory purposes. It also encourages technologists to develop tools 
to assist in this analysis.
110(b) Publication of Aggregate Data
    ECOA section 704B(f)(3) provides that the Bureau may ``compile and 
aggregate data collected under this section for its own use'' and 
``make public such compilations of aggregate data.''
    Proposed Sec.  1002.110(b) would have provided that the Bureau may 
compile and aggregate data submitted by financial institutions pursuant 
to proposed Sec.  1002.109, and make any compilations or aggregations 
of such data publicly available as the Bureau deems appropriate. The 
proposal explained that publication of certain such compilations and 
aggregations would provide useful data to the public to supplement the 
Bureau's publication of application-level data. In particular, the 
Bureau noted the importance of providing aggregations for the 
application-level data fields that may be modified or deleted before 
publication to protect privacy interests.
    The Bureau received comments on this aspect of the proposal from 
several community groups, business advocacy groups, and a software 
provider. These commenters were supportive of proposed Sec.  
1002.110(b), though some requested modifications. Several commenters 
requested the Bureau make specific aggregations available, based on 
their experience with HMDA or for specific user purposes. Additionally, 
two commenters requested that the Bureau commit to annual publication 
of aggregate data.
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.110(b) as proposed. It is unnecessary for the rule to commit to 
specific timing for publication of aggregate data or to identify the 
specific aggregations that it will make available. ECOA section 
704B(f)(3) provides the Bureau discretion to compile and aggregate data 
collected, and to make those aggregations publicly available. Any 
aggregations compiled using the data collected will be dependent on 
multiple factors, including privacy considerations, the volume of data, 
and the trends in the data received. For these reasons, the Bureau 
believes it is important to preserve flexibility as to both the content 
and timing of any aggregate data publications, although it anticipates 
publishing aggregate data before releasing application-level data.
110(c) Statement of Financial Institution's Small Business Lending Data 
Available on the Bureau's Website and 110(d) Availability of Statements
Proposed Rule
    ECOA section 704B(f)(2)(B) requires that the data compiled and 
maintained by financial institutions shall be ``made available to any 
member of the public, upon request, in the form required under 
regulations prescribed by the Bureau.''
    Proposed Sec.  1002.110(c) would have required that a covered 
financial institution make available to the public on its website, or 
otherwise upon request, a statement that the covered financial 
institution's small business lending application register, as modified 
by the Bureau pursuant to proposed Sec.  1002.110(a), is or will be 
available on the Bureau's website.
    Proposed Sec.  1002.110(c) would have also stated that a financial 
institution shall use language provided by the Bureau, or substantially 
similar language, to satisfy this requirement to provide a statement. 
Proposed comment 110(c)-1 would have provided model language that a 
financial institution could use to comply with proposed Sec.  
1002.110(c). Proposed comment 110(c)-2 would have provided guidance to 
financial institutions that do not have websites.
    Proposed Sec.  1002.110(d) would have provided that a covered 
financial institution shall make the notice required by proposed Sec.  
1002.110(c) available to the public on its website when submitting its 
small business lending application register to the Bureau pursuant to 
proposed Sec.  1002.109(a)(1), and shall maintain the notice for as 
long as it has an obligation to retain its small business lending 
application registers pursuant to proposed Sec.  1002.111(a).
    The Bureau sought comment on its proposed approach to implementing 
ECOA section 704B(f)(3), including how best to implement proposed Sec.  
1002.110(c) and (d) in a manner that minimizes cost and burden 
particularly on small financial institutions while implementing all 
statutory obligations.
Comments Received
    In response to proposed Sec.  1002.110(c) and (d), the Bureau 
received comments from a number of lenders, trade associations, and 
community groups, along with one individual commenter. A majority of 
those commenters supported the proposed approach to making financial 
institutions' data available to the general public on the Bureau's 
website, citing reasons including reduction of compliance burden, cost, 
and redundant data. However, a few commenters argued that covered 
financial institutions should be required to make their data available 
on their own websites. One such commenter asserted that financial 
institutions (particularly large banks) should be required to make 
their data available within 30 days of a request to do so, which they 
stated has worked well for HMDA.\809\ This commenter also stated that 
if the Bureau were to adopt proposed Sec.  1002.110(c), it should 
require quarterly public data reporting. An individual commenter 
suggested that without a requirement that financial institutions 
release their own data, the public would have no way to confirm the 
``legitimacy'' of data released by the Bureau.
---------------------------------------------------------------------------

    \809\ The Bureau's approach to Sec.  1002.110(c) aligns with 
Regulation C Sec.  1003.5(c)(1). However, prior to the 2015 HMDA 
Amendments, covered financial institutions were required to make 
their HMDA data available upon request.
---------------------------------------------------------------------------

Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.110(c) with a minor modification and Sec.  1002.110(d) as 
proposed, to implement ECOA section 704B(f)(2)(B). The Bureau's 
revision to Sec.  1002.110(c) removes the specific URL at which the 
Bureau will publish 1071 data on its website. The Bureau has made 
several small revisions to the notice language set forth in comment 
110(c)-1 for clarity. The Bureau is also adopting new comment 110(c)-3 
to explain that the Bureau may modify the location specified in the 
notice language provided in comment 110(c)-1, at which small business 
lending data are available, via the Filing Instructions Guide and 
related materials.
    The approach set forth in final Sec.  1002.110(c) and (d) will 
reduce potential burdens on financial institutions associated with 
publishing modified data. It will also reduce privacy risks resulting 
from errors by individual financial institutions implementing any 
modifications or deletions required by the Bureau, and would be more 
efficient overall. Regulation C (Sec.  1003.5(c)(1)) implements a 
similar statutory requirement regarding the form of data reporting and 
requires financial institutions to direct any public requests

[[Page 35415]]

for HMDA data they receive to the Bureau. A similar provision is 
appropriate here to maintain continuity across reporting regimes, and 
because this centralized approach will help ensure consistent 
implementation of any modifications or deletions made to protect 
privacy interests. Commenters' concerns regarding the timing of 
financial institutions making their own data available are thus 
rendered moot.
    The Bureau does not believe that financial institutions should be 
required to make their data available within 30 days of a request to do 
so. Such requests can be fulfilled as easily by accessing small 
business lending application registers on the Bureau's website, after 
modifications or deletions are made to protect privacy interests. Nor 
does the Bureau believe that quarterly public data reporting is 
appropriate, as discussed in the section-by-section analysis of Sec.  
1002.110(a) above. Further, the Bureau does not believe that a 
requirement that financial institutions release their own data is 
necessary to confirm the ``legitimacy'' of data released by the Bureau. 
The Bureau will conduct examinations of unredacted small business 
lending data, and will make application-level data (subject to privacy 
modifications and deletions) available for review and analysis by 
members of the public.
110(e) Further Disclosure Prohibited
    ECOA section 704B(e) and (f) require financial institutions to 
compile and maintain records of information provided by applicants and 
to submit such data annually to the Bureau. However, the statute does 
not expressly address what a financial institution may do with data 
collected pursuant to section 1071 for purposes other than reporting 
such data to the Bureau, nor did the proposal specify restrictions on a 
financial institution's use or disclosure of data collected pursuant to 
this rulemaking for purposes other than collecting, maintaining, and 
reporting such data to the Bureau.
    The Bureau received comments from individuals and industry that 
raised concerns about potential misuse of protected demographic data 
provided pursuant the small business lending rulemaking. For example, 
one commenter expressed concern that LGBTQ community members are at 
risk that their data may be used for unintended and harmful purposes 
outside of 1071 data collection. Commenters further noted that 
applicants may be hesitant to provide certain information if the data 
can be inappropriately used. The Bureau also received comments from 
industry commenters urging that protected demographic data be reported 
directly to the Bureau, stating, in part, that such a regime would 
likely increase response rates because applicants would not be 
concerned that financial institutions would improperly use the data.
    In order to safeguard protected demographic data against possible 
misuse and encourage applicant responses, and in response to comments, 
the Bureau is adding new Sec.  1002.110(e) pursuant to its authority 
under ECOA section 704B(g)(1) to prescribe such rules and issue such 
guidance as may be necessary to carry out, enforce, and compile data 
pursuant to section 1071. New Sec.  1002.110(e) prevents misuse of 
applicants' protected demographic information in two ways.
    First, Sec.  1002.110(e)(1) prohibits a financial institution from 
disclosing or providing to a third party the protected demographic 
information it collects under subpart B except in limited 
circumstances. First, a financial institution may disclose such 
information to a third party to further compliance with ECOA or 
Regulation B. This exception permits disclosure, for example, to a 
third-party service provider that is assisting the financial 
institution in auditing or submitting small business lending data to 
the Bureau. This exception also permits disclosure to a third party for 
uses consistent with how such protected demographic information may 
currently be used under ECOA and Regulation B, such as to conduct 
internal fair lending testing or to extend special purpose credit 
programs. Section 1002.110(e)(1) further states that a financial 
institution may disclose or provide protected demographic information 
collected pursuant to this rule as required by law.
    Second, Sec.  1002.110(e)(2) prohibits further redisclosure of 
protected demographic information by a third party that initially 
obtains such information for the purposes of furthering compliance with 
the ECOA and Regulation B. In such situations, the third party is 
prohibited from disclosing the protected demographic information except 
to further compliance with ECOA and Regulation B or as required by law.

Section 1002.111 Recordkeeping

    Final Sec.  1002.111 addresses several aspects of the recordkeeping 
requirements for small business lending data. First, final Sec.  
1002.111(a) requires a covered financial institution to retain evidence 
of its compliance with subpart B, which includes a copy of its small 
business lending application register, for at least three years after 
the register is required to be submitted to the Bureau pursuant to 
final Sec.  1002.109. Second, final Sec.  1002.111(b) requires a 
financial institution to maintain, separately from the rest of the 
application and accompanying information, an applicant's responses to 
the financial institution's inquiries regarding whether an applicant 
for a covered credit transaction is a minority-owned business, a women-
owned business, and/or an LGBTQI+-owned business under final Sec.  
1002.107(18) and regarding the ethnicity, race, and sex of the 
applicant's principal owners under final Sec.  1002.107(19). Finally, 
final Sec.  1002.111(c) requires that, in compiling, maintaining, and 
reporting data pursuant to final Sec.  1002.109 or Sec.  1002.111(a) or 
(b), a financial institution shall not include personally identifiable 
information concerning any individual who is, or is connected with, an 
applicant.
    The Bureau is finalizing Sec.  1002.111 to implement ECOA section 
704B(f)(2)(A), which requires financial institutions to compile and 
maintain data for at least three years; 704B(b)(2), which requires 
financial institutions to maintain a record of the responses to the 
inquiry required by 704B(b)(1), separate from the application and 
accompanying information; and 704B(e)(3), which provides that in 
compiling and maintaining data, a financial institution may not include 
personally identifiable information concerning an individual who is, or 
is connected with, an applicant. The Bureau is also finalizing Sec.  
1002.111 pursuant to its authority under 704B(g)(1) to prescribe such 
rules and issue such guidance as may be necessary to carry out, 
enforce, and compile data pursuant to section 1071.
111(a) Record Retention
Proposed Rule
    ECOA section 704B(f)(2)(A) requires that information compiled and 
maintained under section 1071 be retained for not less than three years 
after the date of preparation. Proposed Sec.  1002.111(a) would have 
required that a financial institution retain a copy of its small 
business lending application register for three years after the 
register is submitted to the Bureau pursuant to proposed Sec.  
1002.109. By way of comparison, under Regulation C, financial 
institutions must retain the loan/application registers that they 
submit to the Bureau for three years.\810\ This reflects the 
requirement in HMDA itself that a loan/application register be

[[Page 35416]]

retained for three years after it is made available.\811\
---------------------------------------------------------------------------

    \810\ Regulation C Sec.  1003.5(a)(1).
    \811\ 12 U.S.C. 2803(j)(6).
---------------------------------------------------------------------------

    Proposed comment 111(a)-1 would have provided examples of what 
evidence of compliance with the proposed provision is likely to 
include. Proposed comment 111(a)-2 would have required that a creditor 
that is voluntarily, under proposed Sec.  1002.5(a)(4)(vii) and (viii), 
collecting information pursuant to subpart B but is not required to 
report that data to the Bureau, complies with proposed Sec.  
1002.111(a) by retaining evidence of compliance with subpart B for at 
least three years after June 1 of the year following the year that data 
was collected.
    The Bureau sought comment on its proposed approach to implementing 
ECOA section 704B(f)(2)(A), including how best to implement proposed 
Sec.  1002.111(a) in a manner that minimizes cost and burden 
particularly on small financial institutions while implementing all 
statutory obligations.
Comments Received
    The Bureau received comments from several lenders, trade 
associations, and others on this aspect of its proposal. One trade 
association supported the proposed requirement that financial 
institutions retain their data for at least three years after 
submission to the Bureau, noting that this retention period is 
congruent with the five-year period that banks must maintain data under 
the Bank Secrecy Act. A CDFI lender agreed the proposal was reasonable 
and stated that it did not foresee issues with compiling and 
maintaining data for three years.
    A trade association, a business advocacy group and a software 
vendor recommended that the Bureau instead align the recordkeeping 
requirement with ECOA's 25-month retention period rather than HMDA's 
three-year retention period. The software vendor asserted that the 
proposed provision appeared to be in conflict with ECOA's 12-month 
record retention period for commercial loans under $1 million. The 
trade association recommended avoiding requirements that would 
necessitate the acquisition of costly record retention systems. Another 
industry commenter said that the proposed provision would unnecessarily 
burden community banks.
    A joint letter from two trade associations recommended that the 
Bureau expressly state that financial institutions without a reporting 
obligation under the rule, in particular motor vehicle dealers, are not 
required to comply with the other obligations in the rule, including 
the recordkeeping requirements of the rule.
Final Rule
    The Bureau is finalizing Sec.  1002.111(a) as proposed. The Bureau 
is also finalizing the associated commentary with an adjustment as 
discussed below. The Bureau is finalizing this provision to implement 
section 1071's recordkeeping requirement as set forth in ECOA section 
704B(f)(2)(A).
    Regarding commenters' requests that the Bureau should adopt either 
existing Regulation B's 25-month retention period for consumer credit 
or its 12-month retention period for business credit, rather than a 
three-year period, ECOA section 704B(f)(2)(A) mandates that the Bureau 
adopt a three-year recordkeeping requirement for applications for small 
business loans. In any case, the Bureau notes that, in contrast to 
these commenters, at least one lender suggested that Sec.  1002.111(a) 
was congruent with other recordkeeping requirements applicable to 
certain extensions of credit.\812\ The Bureau is finalizing comment 
111(a)-1 (regarding evidence of compliance) with an additional sentence 
to reiterate that final Sec.  1002.111(a)'s three-year record retention 
requirement applies to any records covered by Sec.  1002.111(a), 
notwithstanding the more general 12-month retention period for records 
related to business credit specified in existing Sec.  1002.12(b). The 
Bureau is finalizing comment 111(a)-2 (regarding record retention for 
creditors that voluntarily collect data under Sec.  1002.5(a)(4)(vii) 
and (viii)) as proposed.
---------------------------------------------------------------------------

    \812\ See, e.g., 31 CFR 1010.410(a) and 1010.430(d).
---------------------------------------------------------------------------

    The Bureau acknowledges commenters' concerns that this provision 
would necessitate the acquisition of costly record retention systems or 
about its impact on community banks, but does not believe that further 
adjustments would be appropriate. While financial institutions may 
incur added expenses in complying with final Sec.  1002.111(a), the 
provision does not itself suggest or mandate that lenders must acquire 
new record systems; the provision simply requires that financial 
institutions adjust their procedures if they do not already retain 
certain records for the period specified in Sec.  1002.111(a). In any 
case, as noted above, final Sec.  1002.111(a) implements the record 
retention period set forth in the statute.
    Regarding the comment concerning the obligations of financial 
institutions that are not required to report data under the rule, the 
Bureau agrees that a financial institution that is not covered by the 
rule is not subject to its provisions, including the recordkeeping 
provisions. However, a covered financial institution must keep records 
in accordance with Sec.  1002.111(a). In order to satisfy its own 
recordkeeping obligations, a covered financial institution must ensure 
that it has obtained the necessary records from third parties through 
which it receives applications or ensure that those third parties keep 
adequate records on its behalf.
111(b) Certain Information Kept Separate From the Rest of the 
Application
Proposed Rule
    ECOA section 704B(b)(2) requires financial institutions to maintain 
a record of the ``responses to [the] inquiry'' required by 704B(b)(1) 
separate from the application and accompanying information. Consistent 
with the approach the Bureau is finalizing as set forth in E.2 of the 
Overview to this part V, the Bureau proposed to interpret the term 
``responses to such inquiry'' in 704B(b)(2) to be the applicant's 
responses to inquiries regarding protected demographic information--
that is, whether the applicant was a minority-owned business or a 
women-owned business, and the ethnicity, race, and sex of the 
applicant's principal owners.
    Proposed Sec.  1002.111(b) would have stated that a financial 
institution shall maintain, separately from the rest of the application 
and accompanying information, an applicant's responses to the financial 
institution's inquiries to collect data pursuant to proposed subpart B 
regarding whether an applicant for a covered credit transaction is a 
minority-owned business under proposed Sec.  1002.107(a)(18) or a 
women-owned business under proposed Sec.  1002.107(a)(19), and 
regarding the ethnicity, race, and sex of the applicant's principal 
owners under proposed Sec.  1002.107(a)(20).
    Proposed comment 111(b)-1 would have explained that a financial 
institution may satisfy this requirement by keeping an applicant's 
responses to the financial institution's request pursuant to proposed 
Sec.  1002.107(a)(18) through (20) in a file or document that is 
discrete or distinct from the application and its accompanying 
information. For example, such information could be collected on a 
piece of paper that is separate from the rest of the application form. 
In order to satisfy the requirement in proposed

[[Page 35417]]

Sec.  1002.111(b), proposed comment 111(b)-1 would have clarified that 
an applicant's responses to the financial institution's request 
pursuant to proposed Sec.  1002.107(a)(18) through (20) need not be 
maintained in a separate electronic system, nor need they be removed 
from the physical files containing the application. However, the 
financial institution may nonetheless need to keep this information in 
a different electronic or physical file in order to satisfy the 
requirements of proposed Sec.  1002.108.
    The Bureau sought comment on its proposed approach to implementing 
ECOA section 704B(b)(2), including how best to implement proposed Sec.  
1002.111(b) in a manner that minimizes cost and burden, particularly on 
small financial institutions, while implementing all statutory 
obligations. The Bureau also sought comment on whether, for financial 
institutions that determine that underwriters or other persons should 
have access to applicants' demographic information pursuant to proposed 
Sec.  1002.108(b), it should likewise waive the requirement in proposed 
Sec.  1002.111(b) to keep that information separate from the 
application and accompanying information.
Comments Received
    A number of lenders and trade associations commented on the 
proposed requirement that protected demographic information be kept 
separate from application or loan files. A CDFI lender said the 
proposal was reasonable and did not foresee issues with maintaining 
demographic information separate from applications. A trade 
association, while claiming proposed Sec.  1002.111(b) would be 
difficult to comply with, acknowledged that the provision was mandated 
by section 1071. Another trade association agreed with the Bureau that 
ECOA section 704B(b)(2) should be interpreted as referring to 
applicants' responses to the inquiries regarding minority-owned and 
women-owned business status in proposed Sec.  1002.107(a)(18) and (19), 
as well as the ethnicity, race, and sex of applicant's principal owners 
in proposed Sec.  1002.107(a)(20). A joint letter from two trade 
associations supported the limitation on accessing protected 
demographic information but expressed concern about the effort and cost 
it would take to segregate and limit this information and ensure the 
accuracy of reports and files that must be maintained. These trade 
associations suggested that all regulations and guidance related to 
record retention be consistent with the FTC's newly amended Gramm-
Leach-Bliley Safeguards Rule and Privacy Rule.
    A trade association and a business advocacy group requested 
clarifications to improve feasibility and reduce technical challenges, 
expressing concern that compliance with proposed Sec.  1002.111(b) 
could require expensive technical solutions to separate protected 
demographic information from applications in different electronic or 
physical files. One sought clarity as to what proposed comment 111(b)-1 
meant, stating that, to satisfy Sec.  1002.108, some financial 
institutions may need to keep protected demographic information in a 
different electronic or physical file.
    Some industry commenters opposed the proposal on the grounds of 
cost, complexity and practicality. A few of these commenters argued 
that proposed Sec.  1002.111(b) would add unnecessary cost and 
complexity to compliance and would make audits of data more difficult. 
Others asserted the provision would be difficult to implement or 
unworkable. One commenter stated that this requirement would impact 
small lenders in particular and would increase ongoing costs.
    Several industry commenters requested that the Bureau exercise 
exemption authority to exempt all lenders from having to comply with 
this provision on the grounds that it would make examinations and 
audits more cumbersome and costly because demographic information would 
need to be retrieved from separate files. Commenters also requested 
that, to remain consistent with proposed Sec.  1002.108(b), the Bureau 
waive this requirement for financial institutions that determine that 
underwriters or other persons should have access to applicants' 
demographic information. They also stated that both provisions were 
operationally burdensome without any benefit, and that if a firewall 
was infeasible, so was the proposed recordkeeping provision.
    Several industry commenters requested that the Bureau not prohibit 
the collection of demographic information on the same form as the rest 
of the application, explaining that such a prohibition would disrupt 
SBA's 7(a) loan process, and because section 1071 itself does not 
prohibit including demographic questions on an application form; 
rather, it requires ``recording'' the information separately. A bank 
also that such a prohibition would disrupt loan processes and data 
integrity audits. Another bank requested that the Bureau not specify 
that protected demographic information be kept in a separate file, 
which it said would be costly and burdensome for financial 
institutions, but rather that the Bureau leave to lenders how to comply 
with this provision.
    A bank and a trade association asserted that proposed Sec.  
1002.111(b) was not feasible or necessary, and noted that Regulation C 
does not require lenders to keep demographic information separate from 
mortgage loan files. They also asserted that there was no evidence of 
violations of Regulation B because demographic information was not kept 
separate from loan files. Another bank requested that the Bureau align 
the requirements of HMDA and section 1071 by waiving Sec.  1002.111(b) 
for applications reportable under both regimes.
Final Rule
    The Bureau is finalizing Sec.  1002.111(b) with adjustments to 
reflect updated cross-references to other portions of the final rule 
and to refer to LGBTQI+-owned businesses along with women- and 
minority-owned businesses, as per final Sec.  1002.107(a)(18). The 
Bureau is also finalizing the comment 111(b)-1 with one adjustment as 
discussed below, and the Bureau is adding a new comment 111(b)-2.
    As discussed in detail above in part V.E.2, the Bureau believes the 
best reading of the statutory provisions that mention the inquiry made 
under ECOA section 704B(b)(1)--in 704B(b)(2) as well as in 704B(c) 
regarding the right to refuse and 704B(d) regarding the firewall--is 
that they refer to applicants' responses to the inquiries regarding 
protected demographic information: minority-owned, women-owned, and 
LGBTQI+-owned business statuses in final Sec.  1002.107(a)(18) and the 
ethnicity, race, and sex of applicants' principal owners in final Sec.  
1002.107(a)(19). Each of these data points require financial 
institutions to request demographic information that has no bearing on 
the creditworthiness of the applicant. Moreover, a financial 
institution generally could not inquire about this demographic 
information absent section 1071's mandate to collect and report the 
information, and ECOA prohibits a creditor from discriminating against 
an applicant on the basis of the information. The Bureau accordingly 
believes that the best effectuation of congressional intent is to apply 
section 1071's special-protection provisions to this demographic 
information, regardless of whether the statutory authority to collect 
it originates in 704B(b)(1) (women-owned business status and minority-
owned business status), 704B(e)(2)(G) (race, sex, and ethnicity of 
principal owners), or

[[Page 35418]]

704B(e)(2)(H) (LGBTQI+-owned business status, which is additional data 
that the Bureau has determined would aid in fulfilling the purposes of 
section 1071). The Bureau similarly believes that Congress did not 
intend these special protections to apply to any of the other 
applicant-provided data points in final Sec.  1002.107(a), which the 
financial institution is permitted to request whether or not it is 
covered under section 1071, which are not the subject of Federal 
antidiscrimination laws, and many of which financial institutions 
already collect and use for underwriting purposes.
    The Bureau does not believe it would be appropriate to modify the 
statutory requirements implemented in final Sec.  1002.111(b) (or 
elsewhere in Sec.  1002.111), as requested by some commenters, for 
consistency with the FTC's newly amended Gramm-Leach-Bliley Safeguards 
Rule \813\ and Privacy Rule.\814\ Commenters did not identify any 
inconsistency between Sec.  1002.111 and the requirements of the Gramm-
Leach-Bliley Act.\815\ The Bureau notes that the privacy and data 
security provisions of these rules apply to consumer information, and 
the Gramm-Leach-Bliley Act defines consumer to mean an individual who 
obtains, from a financial institution, financial products or services 
which are to be used primarily for personal, family, or household 
purposes. The Bureau is finalizing comment 111(b)-1 with updated cross-
references to other portions of the final rule and additional text 
explaining that while Sec.  1002.111(b) does not always require that a 
financial institution maintain certain information in separate physical 
or digital files, a financial institution may nonetheless as a 
practical matter need to keep this information in a different 
electronic or physical file in order to satisfy the requirements of 
Sec.  1002.108(b) to establish and maintain a firewall. Final comment 
111(b)-1, as revised, is intended to clarify, and facilitate compliance 
with, the statutory directive that financial institutions must keep 
certain information separate from the credit application. The Bureau is 
also adding comment 111(b)-2 to the final rule, which states that a 
financial institution is permitted to maintain information regarding 
the applicant's number of principal owners pursuant to final Sec.  
1002.107(a)(20) with an applicant's responses to the financial 
institution's request pursuant to Sec.  1002.107(a)(18) and (19). The 
Bureau believes that as a practical matter, the demographic information 
that financial institutions would have to maintain separately would 
inherently and necessarily include the applicant's number of principal 
owners. For example, if an applicant had three principal owners, the 
separately maintained demographic information would necessarily contain 
three sets of responses to questions about principal owners' race, sex 
and ethnicity, even if no part of the separately maintained information 
explicitly listed ``3'' as the information responsive to Sec.  
1002.107(a)(20).
---------------------------------------------------------------------------

    \813\ Fed. Trade Comm'n, Standards for Safeguarding Customer 
Information, Final Rule, 86 FR 70272 (Dec. 9, 2021).
    \814\ Fed. Trade Comm'n, Privacy of Consumer Financial 
Information Rule Under the Gramm-Leach-Bliley Act, 86 FR 70020 (Dec. 
9, 2021).
    \815\ 15 U.S.C. 6801 through 6809.
---------------------------------------------------------------------------

    Regarding comments seeking further clarification of Sec.  
1002.111(b) and comment 111(b)-1, the Bureau intended in these 
provisions to provide financial institutions with flexibility in 
complying with Sec.  1002.111(b), which some industry commenters 
favored. The Bureau believes that some commenters overstate the 
complexity of Sec.  1002.111(b); several appeared to interpret this 
provision as requiring financial institutions to create separate 
physical or digital files in all instances. This is contrary to 
proposed comment 111(b)-1, which explicitly states that the demographic 
information need not be maintained in a separate electronic system, nor 
removed from the physical files containing the application. The 
Bureau's intent was to acknowledge that different lenders may implement 
Sec.  1002.111(b) in varying ways, depending on how they choose to 
comply with the firewall requirement. For instance, a lender that 
complies with Sec.  1002.108(b) may determine that to keep demographic 
information from underwriters and other employees, it must maintain 
such information in a separate file from the application, rather than 
on a separate piece of paper in the same file as the application. 
However, for those financial institutions that, pursuant to Sec.  
1002.108(c), determine it is not feasible to limit access to an 
applicant's protected demographic information, the Bureau believes that 
compliance with ECOA section 704B(b)(2), as implemented in Sec.  
1002.111(b), does not necessitate maintaining such information in 
separate files.
    Regarding several commenters' request that the Bureau use its 
exemption authority generally to exempt all lenders from having to 
comply with Sec.  1002.111(b) and should, in any case, waive the 
requirement for lenders where the firewall under Sec.  1002.108(b) is 
infeasible, the Bureau does not believe it would be appropriate to do 
so. The request for a general exemption appears to be based on the 
premise that proposed Sec.  1002.111(b) would have required demographic 
information be stored in separate files. As explained above, final 
Sec.  1002.111(b) and final comment 111(b)-1 make clear that there is 
not a mandate for all financial institutions to maintain protected 
demographic information in separate files, and the commenters do not 
explain why financial institutions would choose to maintain separate 
files for protected demographic information when they have determined 
that one or more officers or employees should have access to that 
information.
    Regarding the various comments opposing Sec.  1002.111(b) on the 
grounds of cost, complexity, and feasibility of compliance, the Bureau 
acknowledges that the provision adds effort and expense to complying 
with this rule. However, the Bureau believes that comments overstate 
the magnitude of the costs, complexity, and purported infeasibility of 
complying with Sec.  1002.111(b). Comment 111(b)-1 provides for 
flexibility in complying with Sec.  1002.111(b) in retaining records 
containing demographic information required by section 1071. The 
commenters addressing the cost, complexity, and feasibility did not 
identify any less costly, complex, and more feasible methods of 
compliance, especially for those financial institutions that found it 
infeasible to maintain a firewall pursuant to Sec.  1002.108(b). In any 
case, several other commenters, including a lender, agreed with the 
Bureau that compliance with Sec.  1002.111(b) is feasible.
    The Bureau does not believe that Sec.  1002.111(b) would be 
counterproductive in the conduct of examinations or audits, as 
suggested by some commenters. As with the comments concerning cost, 
complexity and feasibility, these comments--assuming the necessity of 
separate electronic or physical files in all cases--overstate the 
complexity of Sec.  1002.111(b). As final comment 111(b)-1 establishes, 
in many instances, simpler means of separating protected demographic 
information from other information within an application file would 
suffice, and, the Bureau believes, would not impede audits or 
examinations. Further, the Bureau believes that for purposes of 
complying with ECOA and subpart A of Regulation B, many financial 
institutions already maintain certain documents in files separate from 
the application, such as copies of drivers' licenses, that may reveal 
protected demographic

[[Page 35419]]

information about business applicants' owners, such as race and sex.
    The Bureau likewise disagrees with the assertion that Sec.  
1002.111(b) is not necessary; this provision implements a statutory 
requirement in ECOA section 704B(b)(2). In addition, in its 
interpretation of 704B(b)(2), the Bureau has endeavored to minimize 
cost and complexity by reading the provision narrowly. Regarding the 
comment that Sec.  1002.111(b) would impact small lenders in particular 
and increase ongoing costs, the Bureau does not believe the cost and 
complexity of small lenders' compliance efforts will necessarily be 
greater than for other institutions, as discussed in part IX below.
    Regarding comments that the Bureau should not prohibit the 
collection of demographic information on the same form as the rest of 
the application, the Bureau disagrees. The Bureau interprets ECOA 
section 704B(b)(2), which Sec.  1002.111(b) implements, to suggest that 
collection of protected demographic information on separate forms may 
be a practical necessity. That is, it would be difficult, if not 
impossible, to determine whether a financial institution had complied 
with Sec.  1002.111(b), or the firewall provision, if demographic 
information is collected with the information from which it must be 
kept separate. This is also illustrated in final comment 107(a)(18)-5.
    The Bureau does not believe that Sec.  1002.111(b) would disrupt 
the SBA's 7(a) loan process, as a commenter suggested--neither Sec.  
1002.111(b) nor Sec.  1002.107(a)(18) and (19) affect how demographic 
information gathered for purposes other than compliance with this final 
rule are to be collected or retained.
    Regarding the request that the final rule mirror HMDA's approach to 
the collection of demographic information, the Bureau notes that HMDA 
does not include a requirement comparable to the one in ECOA section 
704B(b)(2) mandating the separation of certain information from the 
application; Regulation C thus permits demographic information required 
under HMDA to be retained as part of the application.\816\ Regarding 
the claim that no evidence exists of fair lending violations from a 
failure to separate demographic information separate mortgage files, 
the Bureau reiterates that Sec.  1002.111(b) implements a statutory 
requirement in ECOA. Regarding the request to exempt HMDA-reportable 
loans from complying with Sec.  1002.111(b), the request is mooted by 
the Bureau's adoption of new Sec.  1002.104(b)(2), which excludes HMDA-
reportable transactions from the requirements of this final rule.
---------------------------------------------------------------------------

    \816\ See 80 FR 66128, 66192-93 (Oct. 28, 2015).
---------------------------------------------------------------------------

111(c) Limitation on Personally Identifiable Information Retained in 
Certain Records Under This Section
Proposed Rule
    ECOA section 704B(e)(3) provides that in compiling and maintaining 
any record of information under section 1071, a financial institution 
may not include in such record the name, specific address (other than 
the census tract), telephone number, electronic mail address, or any 
other personally identifiable information (PII) concerning any 
individual who is, or is connected with, an applicant.
    The Bureau proposed in Sec.  1002.111(c) that in compiling and 
maintaining any records under proposed Sec.  1002.107 or Sec.  
1002.111(b), or reporting data pursuant to proposed Sec.  1002.109, a 
financial institution shall not include any name, specific address, 
telephone number, email address, or any PII concerning any individual 
who is, or is connected with, an applicant, other than as required 
pursuant to proposed Sec.  1002.107 or Sec.  1002.111(b). The 
prohibition on the inclusion of PII in ECOA section 704B(e)(3), which 
covers the ``compiling and maintaining [of] any record of 
information,'' implicates proposed Sec. Sec.  1002.107, 1002.109, and 
1002.111, which together would address the compilation, maintenance, 
and reporting of data by financial institutions.
    Proposed comment 111(c)-1 would have clarified that the prohibition 
in proposed Sec.  1002.111(c) applies to data compiled and maintained 
pursuant to Sec.  1002.107, data in the small business lending 
application register submitted by the financial institution to the 
Bureau under proposed Sec.  1002.109, the version of the register that 
the financial institution maintains under proposed Sec.  1002.111(a), 
and the separate record of certain information created pursuant to 
proposed Sec.  1002.111(b).
    Proposed comment 111(c)-2 would have addressed the types of 
information (including PII) that a financial institution is prohibited 
from including in the data it compiles and maintains pursuant to 
proposed Sec.  1002.107, in its records under proposed Sec.  
1002.111(b), or in data reported to the Bureau under proposed Sec.  
1002.109.
    Proposed comment 111(c)-3 would have clarified that the prohibition 
in proposed Sec.  1002.111(c) does not extend to the application or any 
other records that the financial institution maintains. This comment 
was intended to address the request by stakeholders in the SBREFA 
process that the Bureau clarify that this prohibition does not extend 
more broadly to a financial institution's application or loan-related 
files.
    Proposed comment 111(c)-4 would have clarified that the prohibition 
in proposed Sec.  1002.111(c) does not bar financial institutions from 
providing to the Bureau, pursuant to proposed Sec.  1002.109(b)(3), the 
name and business contact information of the person who may be 
contacted with questions about the financial institution's submission.
    The Bureau sought comment on its proposed approach to implementing 
ECOA section 704B(e)(3), including how best to implement this 
requirement in a manner that minimizes cost and burden, particularly on 
small financial institutions, while implementing all statutory 
obligations. Regarding comments by stakeholders in the SBREFA process 
that reporting small business lending data to the Bureau could give 
rise to a potential conflict with the data protection and privacy laws 
prohibiting the disclosure of nonpublic personal information to 
unaffiliated third parties, the Bureau noted that such laws typically 
provide an exemption for disclosures made pursuant to Federal and State 
law.\817\
---------------------------------------------------------------------------

    \817\ See, e.g., California Consumer Privacy Act, Cal. Civ. Code 
1798.145(a)(1) (noting that the obligations imposed on businesses by 
CCPA ``shall not restrict a business' ability to . . . comply with 
federal, state, or local laws''). Some other laws on this topic may 
apply only to consumers acting primarily for personal, family, or 
household purposes, but they also provide an exemption for 
disclosures made pursuant to Federal and State law. See Gramm-Leach-
Bliley Act section 502(e)(8), 15 U.S.C. 6802(e)(8), and Regulation P 
Sec.  1016.15(a)(7)(i) (stating that the limitations on disclosing 
nonpublic personal information to unaffiliated third parties do not 
apply if the information is disclosed to comply with Federal, State, 
or local laws, rules and other applicable legal requirements).
---------------------------------------------------------------------------

    The Bureau sought comment on whether the requirements in this 
proposed rule could conflict with other data privacy or data protection 
laws, and whether the Bureau might need to use its preemption authority 
under ECOA,\818\ Regulation B,\819\ and/or section 1041(a)(1) of the 
Dodd-Frank Act to ensure that financial institutions do not violate 
State law in reporting 1071 data to the Bureau. The Bureau also sought 
comment on whether it should include a provision to preempt any State 
data privacy or data protection laws that would prohibit the 
collection, maintenance, and reporting to the Bureau of 1071 data. In 
the SBREFA process before the publication of the proposed rule, some 
industry

[[Page 35420]]

stakeholders expressed concern regarding a different issue related to 
data privacy, specifically that reporting 1071 data to the Bureau may 
cause them to violate other data privacy laws, including State data 
privacy laws.
---------------------------------------------------------------------------

    \818\ 15 U.S.C. 1691d(f).
    \819\ Existing Sec.  1002.11.
---------------------------------------------------------------------------

Comments Received
    The Bureau received comments on this aspect of the proposal from 
several lenders and trade associations. A CDFI lender said the proposed 
provision was reasonable and that it did not foresee an issue with 
ensuring that the enumerated PII is not connected to the applicant. A 
trade association stated the Bureau, in proposing this provision, 
identified a consistent and correct approach to protecting PII. Another 
trade association said that the Bureau should issue a provision 
clarifying when PII must be excluded in the compiling and maintaining 
of any record of information at the different stages in the process.
    A bank opposed the proposal, observing that most small community 
banks correlate documents to a specific borrower and application using 
PII, and that if the rule prohibited the inclusion of such information 
on the collection form, there would be no way to tie demographic 
information to the specific application in order to aggregate and 
accurately report the data.
    A credit union trade association stated that the proposed visual 
observation and surname data collection requirement for principal 
owners' ethnicity and race (pursuant to proposed Sec.  1002.107(a)(20)) 
may expose covered financial institutions to compliance costs related 
to an evolving patchwork of State personal data privacy laws, including 
in California, which provides financial institutions only an 
information-level exemption from its data privacy law.\820\
---------------------------------------------------------------------------

    \820\ 4 Cal. Civ. Code 1798.145(c).
---------------------------------------------------------------------------

Final Rule
    The Bureau is finalizing Sec.  1002.111(c) and associated 
commentary with revisions for clarity. Final Sec.  1002.111(c), and the 
associated commentary, is intended to implement ECOA section 
704B(e)(3), which provides that in compiling and maintaining any record 
of information under section 1071, a financial institution may not 
include in such record the name, specific address (other than the 
census tract), telephone number, electronic mail address, or any other 
PII concerning any individual who is, or is connected with, an 
applicant. The Bureau further clarifies in final Sec.  1002.111(c) that 
it does not interpret ECOA section 704B(e)(3) as prohibiting a 
financial institution from including PII in its application or other 
files, but only the small business lending application register 
submitted by the financial institution to the Bureau, the copy of the 
submitted register that is retained for inspection, and the separately 
maintained record of protected demographic information kept pursuant to 
Sec.  1002.111(b).
    Final Sec.  1002.111(c), along with corresponding passages in the 
commentary, now states that in reporting a small business lending 
application register pursuant to Sec.  1002.109, maintaining the 
register pursuant to Sec.  1002.111(a), and maintaining a separate 
record of information pursuant to Sec.  1002.111(b), a financial 
institution shall not include any name, specific address, telephone 
number, email address, or any other PII concerning any individual who 
is, or is connected with, an applicant, other than as required pursuant 
to Sec.  1002.107 or Sec.  1002.111(b). Final Sec.  1002.111(c) and 
final comment 111(c)-2 now refer to ``any other personally identifiable 
information'' for the sake of clarity and to better conform with ECOA 
section 704B(e)(3). Final Sec.  1002.111(c) and associated commentary 
incorporate several revisions compared to the proposal. First, to 
address a potential misunderstanding regarding the first cross-
reference to Sec.  1002.107 in proposed Sec.  1002.111(c)--as some 
comments reflected--as to whether a financial institution is prohibited 
from maintaining PII with not only the small business lending 
application register but also any other records related to the 
collection and maintenance of data points specified in Sec.  1002.107, 
including an application for a covered credit transaction. The Bureau 
acknowledges the comment that, as drafted, the reference to ``compiling 
and maintaining any records under Sec.  1002.107'' in proposed Sec.  
1002.111(c) made it unclear exactly what documents, beyond the small 
business lending application register and the separately maintained 
demographic information of applicants, are subject to the prohibition 
on the inclusion of PII.
    The Bureau understands that the initial collection of records 
relevant to the data points specified in Sec.  1002.107 will commence 
in the normal course of business for financial institutions when they 
receive a covered application from a small business. At that phase, and 
during the underwriting of the application, it would be impractical to 
expect that financial institutions could keep the PII of the 
individuals associated with an application separate from all of the 
other information in the application from which the various data points 
in Sec.  1002.107(a) would be derived. The Bureau acknowledges comments 
suggesting that a prohibition on including PII on forms--such as the 
applicant's name--to tie an application for credit to the separately 
kept demographic information would likely impede the accurate compiling 
and reporting of data.
    As a result, the Bureau has revised Sec.  1002.111(c) to clarify 
that financial institutions are prohibited from maintaining certain 
types of PII in reporting data pursuant to Sec.  1002.109, the 
provision concerning the creation and maintenance of the small business 
lending application register. Likewise, final comments 111(c)-1 and 
111(c)-2 now refer to the reporting of data pursuant to Sec.  1002.109, 
rather than the compilation and maintenance of any records pursuant to 
Sec.  1002.107, to focus on PII associated with the small business 
lending application register, rather than any records, even those 
loosely associated with, the data points under Sec.  1002.107.
    Second, the Bureau is finalizing Sec.  1002.111(c) and comment 
111(c)-2 to refer explicitly to Sec.  1002.111(a) for clarity. Proposed 
comment 111(c)-1 referred to Sec.  1002.111(a) in prohibiting PII in 
the copy of the small business lending application register maintained 
by the financial institution, but proposed Sec.  1002.111(c) and 
proposed comment 111(c)-2 did not explicitly mention Sec.  1002.111(a). 
Final Sec.  1002.111(c) and final comment 111(c)-2 have been modified 
to remedy this omission. If financial institutions are prohibited from 
including PII not only in the small business lending application 
register they submit to the Bureau pursuant to Sec.  1002.109, 
logically they must also be prohibited from including PII in the copy 
of the register they retain pursuant to Sec.  1002.111(a). The Bureau 
clarifies in final Sec.  1002.111(c) that it is the Bureau's 
interpretation that ECOA section 704B(e)(3) should be read as 
prohibiting lenders from including PII in the small business lending 
application register submitted to the Bureau pursuant to Sec.  
1002.109, and, logically, as requiring lenders to also exclude PII from 
the copy of this register that a financial institution is required to 
retain pursuant to Sec.  1002.111(a).
    Third, the Bureau is finalizing Sec.  1002.111(c) and comment 
111(c)-2 to refer explicitly to Sec.  1002.111(b) earlier in both 
provisions. Section 1002.111(b) is mentioned towards the end of both 
proposed Sec.  1002.111(c) and proposed comment 111(c)-2; however, in 
neither provision is it abundantly clear that the

[[Page 35421]]

protected demographic information that lenders must maintain separately 
from the application pursuant to Sec.  1002.111(b) must itself be free 
of PII. This lack of clarity is remedied in final Sec.  1002.111(c) and 
final comment 111(c)-2.
    Fourth, the Bureau is finalizing Sec.  1002.111(c) and comment 
111(c)-2 to clarify that financial institutions are prohibited from 
including in the enumerated records certain enumerated types of PII 
specified in the statute, as well as any other PII. The proposed Sec.  
1002.111(c) referred simply to ``any'' PII (rather than ``any other''), 
which the Bureau believes could have been misinterpreted to suggest 
that the list of specific items preceding ``any'' (name, specific 
address, telephone number, email address) were not themselves forms of 
PII. As a result, to avoid any potential confusion, in both final Sec.  
1002.111(c) and final comment 111(c)-2, the Bureau refers to ``any 
other'' PII, which also better conforms with the text of ECOA section 
704B(e)(3).
    Finally, the Bureau is finalizing comment 111(c)-3 to specify that 
the prohibition in Sec.  1002.111(c) does not extend to an application 
for credit, or any other records that the financial institution 
maintains that are not specifically enumerated in final Sec.  
1002.111(c). Proposed comment 111(c)-3 simply noted that Sec.  
1002.111(c) did not apply to an application for credit or any other 
records that the financial institution maintains. The addition of the 
phrase ``that are not specifically enumerated in Sec.  1002.111(c)'' is 
intended to eliminate any uncertainty about the scope of application of 
Sec.  1002.111(c).
    Regarding the comment requesting clarification on whether the 
prohibition on PII includes different stages in the process of 
compiling and maintaining any record of information, the Bureau 
addresses these concerns in final Sec.  1002.111(c), and comments 
111(c)-1 and 111(c)-2, as revised, as well as comment 111(c)-3, which 
is finalized as proposed. Final comment 111(c)-1 specifies the 
categories of information that Sec.  1002.111(c) applies to, and final 
comment 111(c)-3 makes clear that the prohibition on PII does not 
extend to the application or other records that the financial 
institution maintains beyond the small business lending application 
register.
    Regarding the comment that a prohibition on the inclusion of PII on 
forms--such as the applicant's name--to tie an application for credit 
to the separately kept demographic information would impede the 
accurate aggregation and reporting of data, the Bureau believes that 
for this specific purpose, other identifiers not involving PII may be 
used. For instance, the unique identifier data point in Sec.  
1002.107(a)(1) is specific to a particular applicant and can be used to 
tie an application to the separately maintained demographic information 
for that applicant. By definition and according to comment 107(a)(1)-3, 
the unique loan identifier may not include PII prohibited by Sec.  
1002.111(c).
    The concern that the visual observation and surname provision of 
the proposal would expose covered lenders to compliance costs related 
to State personal data privacy laws, such as California's, is rendered 
moot by the Bureau's decision not to finalize its proposal for 
financial institutions to use visual observation and surname analysis 
to determine principal owners' ethnicity and race in certain 
circumstances.

Section 1002.112 Enforcement

    Final Sec.  1002.112 addresses several issues related to the 
enforcement of violations of the requirements of proposed subpart B. 
First, Sec.  1002.112(a) states that a violation of section 1071 or 
subpart B of Regulation B is subject to administrative sanctions and 
civil liability as provided in sections 704 and 706 of ECOA. Second, 
Sec.  1002.112(b) provides that a bona fide error in compiling, 
maintaining, or reporting data with respect to a covered application is 
an error that was unintentional and occurred despite the maintenance of 
procedures reasonably adapted to avoid such an error. This provision 
also addresses the maintenance of procedures reasonably adapted to 
avoid such errors. Third, Sec.  1002.112(c) identifies four safe 
harbors under which certain errors--namely, certain types of incorrect 
entries for the census tract, NAICS code, and application date data 
points, or incorrect determination of small business status, covered 
credit transaction, or covered application--do not constitute 
violations of ECOA or Regulation B.
    The Bureau is finalizing Sec.  1002.112 to implement sections 704 
and 706 of ECOA, pursuant to its authority under ECOA section 
704B(g)(1) to prescribe such rules and issue such guidance as may be 
necessary to carry out, enforce, and compile data pursuant to section 
1071 and pursuant to its authority under 704B(g)(2) to adopt exceptions 
to any requirement of section 1071 and to exempt any financial 
institution or class of financial institutions from the requirements of 
section 1071, as the Bureau deems necessary or appropriate to carry out 
the purposes of section 1071.
112(a) Administrative Enforcement and Civil Liability
Proposed Rule
    A violation of section 1071 is subject to the enforcement 
provisions of ECOA, of which section 1071 is a part. ECOA contains 
administrative enforcement provisions in section 704,\821\ and it 
provides for civil liability in section 706.\822\ The enforcement 
provisions in existing Regulation B (Sec.  1002.16(a)(1) and (2)) 
cross-reference and paraphrase these administrative enforcement and 
civil liability provisions of ECOA. Proposed Sec.  1002.112(a) would 
have provided that a violation of section 1071 or subpart B of 
Regulation B is subject to administrative sanctions and civil liability 
as provided in sections 704 and 706 of ECOA, where applicable. The 
Bureau sought comment on its proposed approach to administrative 
enforcement and civil liability.
---------------------------------------------------------------------------

    \821\ 15 U.S.C. 1691c.
    \822\ 15 U.S.C. 1691e.
---------------------------------------------------------------------------

Comments Received
    Several lenders and several trade associations commented on the 
proposed administrative and civil enforcement provisions of the rule. A 
CDFI lender and two trade associations supported the proposed provision 
as appropriate and in line with other regulations. Several commenters 
observed that, with respect to Farm Credit lenders, the Farm Credit 
Administration examines and enforces compliance with fair lending laws, 
including compliance with any rule implementing section 1071. A trade 
association observed that for banks with $10 billion or less in assets, 
this regulation will be enforced under section 8 of the Federal Deposit 
Insurance Act by the appropriate Federal banking agency.
    One community group asked that the final rule provide for the 
recording and enforcement of whistleblower complaints in the event that 
rural farm lenders retaliate against farmers for the good faith 
exercise of their rights under various Federal consumer protection 
laws, as protected by ECOA and subpart A of Regulation B. The community 
group had cited farm loan servicing in particular as an area where 
minority famers faced the most discriminatory terms and conditions.
    One bank opposed the proposed administrative enforcement and civil 
liability provisions in general. A trade association requested that the 
Bureau prohibit private causes of action based

[[Page 35422]]

on 1071 data, including discovery in private proceedings. The commenter 
claimed that the Bureau had overemphasized the use of these data by 
non-governmental entities such as researchers, economists, industry, 
and community groups, and that only governmental agencies should have 
the power to use such data for supervision and enforcement because only 
they were capable of providing appropriate governance to covered 
institutions. The same commenter opposed the Bureau's use of such data 
in its own enforcement and supervision actions because the right of 
applicants to refuse to provide demographic information would render 
the data incomplete, unreliable, and inherently inaccurate. The 
commenter also claimed that the Bureau had not explained how it would 
acquire data on the broader business credit market, without which 
accurate decisions on potential violations of fair lending or other 
laws could not be made.
    One trade association requested that the Bureau, and any regulators 
responsible for implementing section 1071, train examiners well and 
assign senior staff to examine CDFI banks. The commenter further 
observed that the small business lending market is mostly unregulated, 
and requested that the Bureau develop examination capacity to cover 
currently unregulated lenders such that it should delay implementation 
until it has the capacity to enforce compliance with section 1071 
across all covered lenders. A women's business advocacy group indicated 
support for auditing by the Bureau to ensure that financial 
institutions do not alter information to manipulate the data to their 
benefit. Another trade association asked what underwriting imbalance 
threshold would cause the Bureau to initiate investigation and 
enforcement, and how such a process would allow for the mitigation of 
data anomalies and errors. Finally, one trade association supported and 
deferred to the views of covered lenders, and other trade associations, 
and their opinions on the proposed administrative and civil enforcement 
provisions of the rule.
    A trade association said that because small business loans vary 
widely in design and purpose, use of the same analytical techniques and 
examination approaches applicable to HMDA's enforcement may yield 
erroneous results, and that the Bureau must coordinate with other FFIEC 
agencies, including NCUA, to develop model examination procedures in 
advance of a final rule. A bank asked that the Bureau limit the use of 
data by regulators to conduct fair lending exams only, and not to 
subject financial institutions to technical audit and compliance 
requirements, based on its experience with HMDA.
Final Rule
    The Bureau is finalizing Sec.  1002.112(a) as proposed. Final Sec.  
1002.112(a) is necessary to implement the administrative and civil 
enforcement provisions of ECOA. A violation of section 1071 is subject 
to the enforcement provisions of ECOA, of which section 1071 is a part. 
ECOA contains administrative enforcement provisions in section 704, and 
it provides for civil liability in section 706. The enforcement 
provisions in existing Regulation B (Sec.  1002.16(a)(1) and (2)) 
cross-reference and paraphrase these administrative enforcement and 
civil liability provisions of ECOA. The Bureau notes that several 
commenters, including trade associations to industry, agreed with the 
Bureau's proposed implementation of the administrative and civil 
enforcement provisions of ECOA. Regarding the comments noting the role 
of other statutory regimes in the enforcement of section 1071, the 
Bureau agrees and notes that the administrative enforcement provisions 
of ECOA cross-reference the enforcement authority of other Federal 
regulators, including the agencies mentioned by the commenters.
    Regarding the request to record and enforce whistleblower 
complaints against farm lenders, the Bureau notes that this would be 
outside of the scope of this regulation, although the commenter 
correctly notes that retaliation for the good faith exercise of rights 
under various Federal consumer protection laws could violate ECOA and 
subpart A of Regulation B.
    Regarding the comment opposing Sec.  1002.112(a) in its entirety, 
the Bureau notes that Sec.  1002.112(a) simply implements, by cross-
reference, the existing administrative enforcement and civil liability 
provisions of ECOA. Regarding a commenter's request that the Bureau 
prohibit private causes of action, including discovery proceedings, the 
Bureau is not making such a change as Sec.  1002.112(a) implements, by 
cross-reference, the existing administrative enforcement and civil 
liability provisions of ECOA, of which section 1071 is a part. Further, 
as specified in the preamble to the proposed rule, the Bureau expressed 
its belief in response to stakeholders' comments on the SBREFA Outline 
that the administrative enforcement mechanisms under ECOA would be 
appropriate to address most instances of non-compliance by financial 
institutions that report small business lending data to the Bureau, 
based on its experience with Regulation C and HMDA.\823\ Further, other 
provisions would serve to limit private liability, especially for 
unintentional errors, including the bona fide error provision of Sec.  
1002.112(b) and the various safe harbors in Sec.  1002.112(c).
---------------------------------------------------------------------------

    \823\ 86 FR 56356, 56503 (Oct. 8, 2021).
---------------------------------------------------------------------------

    The same commenter claimed that the proposal overemphasized the use 
of data by non-governmental entities such as researchers, economists, 
industry, and community groups, and that only government agencies 
should have access to these data. However, ECOA section 704B(a) 
explicitly states that one of the purposes of the statute is to enable 
communities and creditors to identify business and community needs and 
opportunities; researchers and economists work at community groups and 
within industry to assist their analyses in identifying business and 
community needs. Moreover, the Bureau does not believe the statute's 
other purpose--facilitating enforcement of fair lending laws--was 
intended to be limited to enforcement by only governmental entities. 
Regarding the commenter's claim that only governmental agencies should 
have the power to use such data for supervision and enforcement because 
only they are capable of providing appropriate governance to covered 
institutions, the commenter undercuts this claim by, in the same 
comment letter, also opposing the Bureau's use of small business 
lending data in its own enforcement and supervision actions on the 
grounds that applicants' right to refuse to answer demographic 
information would render the data incomplete, unreliable, and 
inherently inaccurate. The Bureau recognizes that the applicant's right 
to refuse pursuant to 704B(c) may result in a less complete dataset, 
but compared to the status quo, this rule will result in a vastly 
expanded dataset on the market for small business credit.
    Regarding the varied supervision-related requests for ensuring 
sufficient examiner training, assigning senior staff to CDFI banks, 
training for examiners to supervise currently unregulated lenders, and 
conducting audits to check for the manipulation of data, the Bureau 
notes that such requests are outside of the scope of this rulemaking; 
the Bureau establishes supervisory and examination procedures only 
after a regulation has been finalized, and such procedures will be 
consistent with the Bureau's existing policies regarding supervision 
and examinations. The Bureau does not believe it would be appropriate 
to state, at this time, what would cause the Bureau to initiate 
investigation and enforcement, and how it would allow

[[Page 35423]]

for the mitigation of data errors. The Bureau notes, however, that 
Sec.  1002.112(b) and appendix F establish thresholds for errors in the 
reporting of data.
    Regarding the comment concerning how the Bureau should conduct 
examinations, the Bureau observes that such comments are outside of the 
scope of this regulation. In any case, the Bureau agrees that the 
analytical techniques and examination approaches for HMDA may differ 
somewhat from the small business credit context, in part because small 
business credit products differ widely in design and purpose, and the 
Bureau's supervision and enforcement will reflect this. However, 
because HMDA as implemented by Regulation C is a data collection regime 
that shares similar structures and goals as section 1071 and this 
regulation, including the manner in which HMDA data facilitates fair 
lending enforcement, the Bureau believes that its experience with HMDA/
Regulation C is instructive for this rulemaking and will inform its 
enforcement and supervisory work. Regarding the comment that the Bureau 
must coordinate with other FFIEC agencies, including NCUA, to develop 
examination procedures in advance of a final rule, the Bureau notes 
that examination procedures normally follow after the publication of a 
new rule. Regarding the comment that the Bureau should only use the 
data it receives to conduct fair lending examinations, and not 
technical compliance examinations, the Bureau does not believe that 
such a limitation would be appropriate and notes that fair lending 
examinations are less effective if the underlying data are not 
accurate; technical compliance examinations help ensure the accuracy of 
data.
112(b) Bona Fide Errors
Background
    During the SBREFA process, small entity representatives and other 
industry stakeholders expressed concern about private litigants suing 
them for non-compliance with the rule.\824\ In addition, several small 
entity representatives requested that the Bureau not assess penalties 
for the first year of data collection and reporting, as it did 
following the 2015 HMDA final rule; prior to the compliance date for 
that rule, the Bureau issued a policy statement announcing it would not 
seek penalties for errors for the first calendar year (2018) of data 
collected under the amended Regulation C.\825\ Stakeholders asked the 
Bureau to emulate that approach for this rulemaking. Other stakeholders 
expressed concern about the potential consequences of committing what 
they viewed as technical or inadvertent errors in collecting or 
reporting data. One financial institution stakeholder suggested that 
the rule adopt or emulate the good faith error provisions set out in 
Regulation C, including Sec.  1003.6(b)(1), which provides that an 
error in compiling or recording data for a covered loan or application 
is not a violation of HMDA or Regulation C if the error was 
unintentional and occurred despite the maintenance of procedures 
reasonably adapted to avoid such an error. Stakeholders also referred 
to the existing error-related exemptions in ECOA and Regulation B.\826\ 
ECOA's civil liability provision states that creditors will not be 
liable for acts done or omitted in good faith in conformity with any 
official rule, regulation, or interpretation thereof by the 
Bureau.\827\
---------------------------------------------------------------------------

    \824\ The small entity representative feedback discussed in this 
section-by-section analysis can be found in the SBREFA Panel Report 
at 34-36.
    \825\ CFPB, CFPB Issues Public Statement On Home Mortgage 
Disclosure Act Compliance (Dec. 21, 2017), https://www.consumerfinance.gov/about-us/newsroom/cfpb-issues-public-statement-home-mortgage-disclosure-act-compliance/ (noting that the 
Bureau did not intend to require data resubmission unless data 
errors were material, or assess penalties with respect to errors for 
HMDA data collected in 2018 and reported in 2019).
    \826\ See, e.g., Sec.  1002.16(c).
    \827\ 15 U.S.C. 1691e(e).
---------------------------------------------------------------------------

Proposed Rule
    Proposed Sec.  1002.112(b) would have provided that a bona fide 
error in compiling, maintaining, or reporting data with respect to a 
covered application is an error that was unintentional and occurred 
despite the maintenance of procedures reasonably adapted to avoid such 
an error. A bona fide error is not a violation of ECOA or subpart B. A 
financial institution would be presumed to maintain procedures 
reasonably adapted to avoid errors with respect to a given data field 
if the number of errors found in a random sample of the financial 
institution's submission for the data field does not equal or exceed a 
threshold specified by the Bureau for this purpose in proposed appendix 
H. However, an error would not be a bona fide error if either there is 
a reasonable basis to believe the error was intentional or there is 
other evidence that the financial institution did not maintain 
procedures reasonably adapted to avoid such errors.
    The Bureau believed that a similar approach to Regulation C, 
modified and combined with the approach taken by Federal agencies in 
HMDA examinations, would be appropriate here. Regulation C Sec.  
1003.6(b)(1) provides that an error in compiling or recording data for 
a covered loan or application is not a violation of HMDA or Regulation 
C if the error was unintentional and occurred despite the maintenance 
of procedures reasonably adapted to avoid such an error. In an 
examination of a financial institution for compliance with Regulation 
C, a financial institution may make a certain number of unintentional 
errors in a testing sample of applications for a given data field in 
the institution's loan/application register, the HMDA analog to the 
small business lending application register, before it must resubmit 
its loan/application register. These tolerance thresholds are based on 
the number of loans or applications in a loan/application register as 
set out in the HMDA tolerances table in the FFIEC's Interagency HMDA 
examination procedures.\828\
---------------------------------------------------------------------------

    \828\ Fed. Fin. Insts. Examination Council, Interagency 
Examination Procedures: HMDA (Apr. 2019), https://files.consumerfinance.gov/f/documents/cfpb_supervision-and-examination-manual_hmda-exam-procedures_2019-04.pdf.
---------------------------------------------------------------------------

    The Bureau provided a table of thresholds in proposed appendix H 
and incorporated it in the bona fide error provision in proposed Sec.  
1002.112(b). Under this proposed provision and the table of thresholds 
in proposed appendix H, financial institutions that report a number of 
errors equal to or below the applicable thresholds would have been 
presumed to have in place procedures reasonably adapted to avoid 
errors; those that report a number of errors above the applicable 
thresholds would not be presumed to have in place procedures reasonably 
adapted to avoid errors.
    Proposed comment 112(b)-1 would have explained that a financial 
institution is presumed to maintain procedures reasonably adapted to 
avoid errors with respect to a given data field if the number of errors 
found in a random sample of the financial institution's submission for 
the data field does not equal or exceed a threshold specified by the 
Bureau for this purpose. Proposed comment 112(b)-1 would also have 
explained that the Bureau's thresholds appear in column C of the table 
in proposed appendix H, and that the size of the random sample shall 
depend on the size of the financial institution's small business 
lending application register, as shown in column A of the table in 
appendix H.
    Proposed comment 112(b)-2 would have provided that, for purposes of 
determining bona fide errors under Sec.  1002.112(b), the term ``data 
field''

[[Page 35424]]

generally refers to individual fields, but that, with respect to 
information on the ethnicity or race of an applicant or borrower, or 
co-applicant or co-borrower, a data field group may consist of more 
than one field. Proposed comment 112(b)-2 would have provided that if 
one or more of the fields within an ethnicity or race field group have 
errors, they count as one (and only one) error for that data field 
group.
    Proposed comment 112(b)-3 would have provided that an error that 
meets the criteria for one of the four safe harbor provisions in 
proposed Sec.  1002.112(c) would not be counted as an error for 
purposes of determining whether a financial institution has exceeded 
the error threshold for a given data field.
    The Bureau sought comment on its proposed approach to bona fide 
errors, including whether the tolerance levels in proposed appendix H 
were appropriate.
Comments Received
    The Bureau received comments on this aspect of the proposal from 
lenders, trade associations, a community group, a women's business 
advocacy group, and a third-party service provider. Several lenders and 
trade associations expressed support for the proposed provision on bona 
fide errors. One trade association also noted that the provision, with 
a table of thresholds, was broadly consistent with HMDA.
    A women's business advocacy group and a community group expressed 
some concerns about the provision. The trade association understood 
that the proposal would hold financial institutions harmless for bona 
fide errors, and encouraged a limit to the number of safe harbors. The 
community group expressed the concern that the tolerances must not be 
overly generous because if the rule was too lax, data quality would 
suffer and the statutory purposes of the rule would be imperiled.
    A community group asked the Bureau to clarify that certain types of 
errors might still prompt an examination or enforcement action even if 
the number of errors in a sample did not exceed the threshold, citing 
the example provided by the Bureau in proposed comment 112(b)-1 in 
which a lender coded withdrawn applications as denials to conceal a 
potential fair lending deficiency. The commenter asked that the Bureau 
further spell out these examples so as not to completely overrule the 
proposed table of tolerances, noting that perhaps extra scrutiny should 
apply mainly to the action taken categories, revenue size, and 
ethnicity, race, and sex data points and fields.
    A CDFI lender observed that, as a lender focused on women and 
minority[hyphen]owned small businesses, it had noticed discrepancies in 
self[hyphen]reporting ethnicity and race, where a minority self-
reported as non-minority, and vice versa. The commenter said that this 
could have serious consequences for non[hyphen]profit lenders focused 
on minorities, and that it used software and other relevant information 
to reconcile ethnicity and race information when possible. The 
commenter asked if the Bureau recognized this as an issue, and if the 
Bureau would have an issue with lenders correcting or overriding 
inaccurate self[hyphen]reported ethnicity and racial data.
    A group of trade associations asked that any errors associated with 
special lending programs, such as the SBA's Paycheck Protection 
Program, that would require financial institutions to quickly provide 
credit to their communities and that involved changing guidance, should 
not be counted toward the tolerances.
    A service provider requested clarification of the ``good faith'' 
compliance provision of ECOA, especially what would fall outside of the 
definition of ``good faith'' under ECOA's civil liability provision, 
which provides that ``creditors will not be liable for acts done or 
omitted in good faith in conformity with any official rule, regulation, 
or interpretation thereof by the CFPB.'' The commenter also suggested 
that clarity on this provision would reduce compliance friction, and 
lenders would feel secure in providing information to the Bureau if 
they had certainty that the data would not be used against them.
    A community group suggested that an example identified in proposed 
comment 112(b)-2 should constitute two errors, not one, for purposes of 
the thresholds. The commenter stated that the example involved the 
Bureau examining a lender's data finding an error in the ethnicity and 
race fields of the applicant and co-applicant in the same data record, 
and counting the two errors in the applicant and co-applicant field as 
only one error.
Final Rule
    The Bureau is finalizing Sec.  1002.112(b), associated commentary, 
as well as appendix F (renumbered from appendix H in the proposal), 
with minor revisions. The Bureau has revised comment 112(b)-2 slightly 
by changing references from ``data field groups'' to ``data fields,'' 
because the Bureau will not use data field groups as it does in the 
HMDA data collection. The Bureau has also revised an example in comment 
112(b)-2 to clarify that, regarding the example provided in the 
comment, one error rather than two would be reported for purposes of 
the tolerance thresholds.
    The Bureau believes that a similar approach to Regulation C, 
modified and combined with the approach taken by Federal agencies in 
HMDA examinations, is appropriate here. These tolerance thresholds are 
based on the number of applications in a register. as set out in the 
HMDA tolerances table.\829\ Accordingly, the Bureau believes that the 
approach set out in Sec.  1002.112(b), including the accompanying 
comments and appendix F, is broadly consistent with the approach it has 
taken for HMDA.\830\ The Bureau also believes that this approach 
addresses the concerns first expressed by stakeholders in the SBREFA 
process regarding liability for some data reporting errors, especially 
in the earlier years of reporting, as processes are first being 
implemented. Moreover, the Bureau believes that this provision will 
help to ensure the accuracy of the data submitted by requiring the 
maintenance of appropriate procedures; at the same time, this provision 
will prevent financial institutions from being subjected to liability 
for some difficult-to-avoid errors that could drive those institutions 
from the small-business lending market. Therefore, the Bureau believes 
this provision is necessary to carry out, enforce, and compile data 
pursuant to section 1071, as well as necessary or appropriate to 
carrying out section 1071's purposes.
---------------------------------------------------------------------------

    \829\ For HMDA, similar error tolerance thresholds are set forth 
in the FFIEC's Interagency HMDA examination procedures, rather than 
in Regulation C itself. Fed. Fin. Insts. Examination Council, 
Interagency Examination Procedures: HMDA (Apr. 2019), https://files.consumerfinance.gov/f/documents/cfpb_supervision-and-examination-manual_hmda-exam-procedures_201904.pdf.
    \830\ Home Mortgage Disclosure (Regulation C), 80 FR 66128, 
66269 (Oct. 28, 2015).
---------------------------------------------------------------------------

    The Bureau notes that while a handful of commenters expressed 
concern about this provision, the vast majority approved of the 
inclusion of the bona fide error provision, even if most criticized the 
tolerance thresholds, as further described in the section-by-section 
analysis of appendix F. The Bureau agrees with the comment that 
expressed its strong support on the grounds that the bona fide error 
approach was consistent with HMDA.
    Regarding the concern that the bona fide error provision might make 
it harder to hold lenders accountable for data errors, the Bureau 
acknowledges the potential trade-offs between

[[Page 35425]]

maximizing data quality and practicability of implementation for 
lenders, and believes that the tolerances in appendix F strike a 
reasonable balance between these factors based on the experience of the 
tolerance thresholds in HMDA. Regarding the request to clarify the 
types of errors that might prompt regulatory action even if the number 
of errors in a sample did not exceed the tolerance threshold, the 
Bureau notes that the example of denials coded as withdrawals in 
comment 112(b)-1 was merely illustrative; the bona fide error provision 
is a general standard. Regarding the concerns of erroneous self-
reporting of ethnicity or race, the Bureau notes that for purposes of 
reporting data under this regulation, as specified in Sec.  1002.112(b) 
and comment 107(a)(19)-1, a financial institution relies on an 
applicant's self-reporting of ethnicity and race.
    The final rule does not include a provision that errors associated 
with applications and loans associated with emergency or special 
lending programs such as the Paycheck Protection Program not be counted 
towards the tolerances, as requested by some commenters. The Bureau 
appreciates the logistical difficulties that might have been 
encountered by financial institutions in compiling accurate data 
associated with the Paycheck Protection Program and the Economic Impact 
Disaster Loan Program, but believes it is more appropriate to consider 
guidance in the future tailored to emergency programs as they arise.
    Regarding the request to clarify ``good faith'' in the ECOA 
provision absolving creditors of liability for ``acts done or omitted 
in good faith in conformity with any official rule, regulation, or 
interpretation thereof by the CFPB,'' the Bureau notes that the 
provision speaks for itself and applies generally to any ECOA 
violation, not only violations of this regulation. The Bureau does not 
believe it would be appropriate to state that data collected under this 
rule would not be used in supervisory or enforcement actions against 
covered financial institutions, given that one of the statutory 
purposes of this regulation is the facilitation of fair lending 
enforcement.
    Regarding the comment stating that the example in comment 112(b)-2 
should have constituted two errors, not one, for purposes of the 
thresholds, the commenter referenced the ethnicity and race fields of 
the applicant and co-applicant in the same data record, but the example 
did not mention these. In any case, the example in comment 112(b)-2 
expresses how the Bureau intends to treat certain types of errors 
within data fields.
112(c) Safe Harbors
Proposed Rule
    Proposed Sec.  1002.112(c) would have established four safe harbor 
provisions, providing that certain types of errors would not constitute 
violations of ECOA or Regulation B. Proposed Sec.  1002.112(c)(1) would 
have provided a safe harbor for an incorrect entry for census tract 
obtained by correct use of a geocoding tool provided by the FFIEC or 
the Bureau. Proposed Sec.  1002.112(c)(2) would have provided a safe 
harbor for an incorrect NAICS code determined by a financial 
institution under certain circumstances. Proposed Sec.  1002.112(c)(3) 
would have provide a safe harbor for the collection of applicants' 
protected demographic information pursuant to proposed Sec.  
1002.107(a)(18) through (20) after an initially erroneous determination 
that an applicant is a small business. Proposed Sec.  1002.112(c)(4) 
would have provided a safe harbor for the reporting of an application 
date that is within three calendar days of the actual application date.
Comments Received
    The Bureau received a number of comments from banks, trade 
associations, banks concerning the safe harbor provision generally or 
not addressing the specific safe harbors in (c)(1) to (c)(4). A women's 
business advocacy group encouraged the Bureau to generally limit the 
number of safe harbors. Two banks encouraged the general expansion of 
safe harbors.
    Several banks and trade associations requested a general safe 
harbor from liability applying to data if the financial institution 
reports what the applicant submitted in the application process, even 
if that data are incorrect or inaccurate. One bank further asserted 
that it is burdensome for a financial institution to review each data 
point for accuracy, and the ability to rely on applicant provided data 
would limit the corrections needed. A trade association pointed out 
that under the proposal, lenders may rely on some but not all data 
provided by applicants, and recommended that the Bureau permit lenders 
to rely on all data, without verification, in all circumstances.
    Two industry commenters suggested that the Bureau adopt a general 
safe harbor for any data that is reasonably documented, and the 
financial institution can demonstrate that it has policies and 
procedures in place to capture the data. Another commenter recommended 
a safe harbor setting a reasonableness standard for data collection 
and/or relying on self-reporting, where lenders are not held liable for 
the accuracy of the applicant's responses because they are in jeopardy 
of violating other laws.
    A number of commenters suggested more specific safe harbors. Two 
suggested that the Bureau provide an express safe harbor for applicant-
provided data on the applicant's number of workers, Sec.  
1002.107(a)(16), and the applicant's time in business, Sec.  
1002.107(a)(17). Another suggested that the Bureau provide an express 
safe harbor for gross annual revenue, Sec.  1002.107(a)(14), asserting 
that ensuring precision in the data is difficult, often requiring 
manual review, that the precision of the data does not affect 
interpretation of data. The bank stated that, for instance, an 
applicant might report an initial estimate (e.g., $900,000), but that 
during underwriting, preliminary financials may show a different amount 
(e.g., $915,000), and audited financials yet another (e.g., $912,000), 
making it likely that the final number may not be the one reported to 
the Bureau. To penalize such errors, which the commenter described as 
immaterial, would, according to the commenter, burden lenders and 
regulators as well. The bank suggested that the Bureau should institute 
a 10 percent tolerance for errors made in reporting gross annual 
revenue. A trade association suggested a safe harbor for when an 
applicant misidentifies itself as a women- or minority-owned business, 
which would then cause the lender to ask questions about ethnicity, 
race, and sex that may be in violation of ECOA. Another trade 
association asked the Bureau to consider adding a safe harbor related 
to the feasibility of the firewall, allowing for variations in 
determining feasibility.
Final Rule
    As described in further detail below, the Bureau is finalizing four 
safe harbors established in final Sec.  1002.112(c) with modifications. 
In addition, the Bureau has renumbered the four subsections to be more 
aligned with the order in the data points these safe harbors address.
    The Bureau is finalizing these safe harbors pursuant to its 
authority under ECOA and as amended by section 1071. ECOA section 703 
provides the Bureau the authority to prescribe regulations to carry out 
the purposes of ECOA, including such adjustments and exceptions for any 
class of transactions that in the judgment of the Bureau are necessary 
or proper to effectuate the purposes of ECOA, to prevent

[[Page 35426]]

circumvention or evasion thereof, or to facilitate or substantiate 
compliance therewith. Section 704B(g)(1) provides that the Bureau shall 
prescribe such rules as may be necessary to carry out, enforce, and 
compile data pursuant to section 1071. Section 704B(g)(2) authorizes 
the Bureau to adopt exceptions to any requirement of section 1071 and 
to exempt any financial institution or class of financial institutions 
from the requirements of section 1071, as the Bureau deems necessary or 
appropriate to carry out the purposes of section 1071.
    The Bureau is not further modifying the safe harbor provisions in 
response to commenters' requests that the Bureau either generally limit 
or expand the number of safe harbors. Regarding the request for a safe 
harbor from liability when a financial institution submits applicant-
provided data, the Bureau does not believe a safe harbor is necessary 
because pursuant to Sec.  1002.107(b) and comment 107(b)-1, financial 
institutions are already permitted to rely upon applicant-provided data 
in accord with those provisions. Regarding the comment that it is 
burdensome for financial institutions to review each data point for 
accuracy, the Bureau again notes that financial institutions may rely 
upon applicant-provided data and need not verify such data, subject to 
the requirements of Sec.  1002.107(b) and comment 107(b)-1. Regarding 
the comment that the Bureau should permit lenders to report and rely 
solely on applicant-provided data even when they have verified some of 
that data for their own business purposes, the Bureau believes that 
such a safe harbor would result in a reduction of data quality. The 
Bureau believes that final Sec.  1002.107(b) and comment 107(b)-1 
strikes a reasonable balance between data quality and cost and effort 
incurred by lenders.
    Regarding the comment that the Bureau adopt a general safe harbor 
for any data that is reasonably documented by financial institutions 
with policies and procedures in place, the Bureau does not believe such 
a safe harbor would be consistent with the statutory purposes of 
section 1071. Such a safe harbor would appear to shield a lender from 
liability even if the data submitted to the Bureau were not accurate, 
i.e., did not reflect the underlying documentation. Regarding the 
comment requesting that the Bureau adopt a safe harbor establishing a 
general reasonableness standard for errors in data reporting, the 
Bureau does not believe it consistent with the statutory purposes of 
section 1071 to adopt such an apparently open-ended safe harbor without 
further consideration of what the limits to this provision would be. 
The Bureau believes the bona fide error provision in this final rule 
will serve the function requested by the commenter's suggested safe 
harbor in a manner consistent with the statutory purposes of section 
1071, for the reasons set out in the section-by-section analysis of 
Sec.  1002.112(b).
    The Bureau does not believe any of the more specific safe harbors 
suggested by commenters are needed. The Bureau believes that a safe 
harbor for the number of workers data point is not necessary because 
final Sec.  1002.107(a)(16) does not require the reporting of a precise 
numbers of workers, but rather permits the selection of ranges of 
numbers. Similarly, the Bureau believes that a safe harbor for the time 
in business data point is not necessary because final Sec.  
1002.107(a)(17) does not require the reporting of exact years in 
business for this data point unless the financial institution already 
obtains that information for its own purposes.
    The Bureau also does not believe that a safe harbor for gross 
annual revenue is needed, as Sec.  1002.107(a)(14), and comments 
107(a)(14)-1 and -2, permit financial institutions to report gross 
annual revenue in the manner they collect it. The Bureau disagrees, 
however, with the comment that the precision of the data would not 
materially affect data analysis. The commenter offered a specific 
example of discrepancies between different estimates of gross annual 
revenue that were minor and might not be material; the commenter did 
not suggest that in practice that the differences between self-reported 
and verified measures of revenue would consistently be as small as in 
the example presented. In any case, the commenter did not address 
whether the time between when an application was submitted and when the 
financial institution would have to submit the data related to the 
application to the Bureau was insufficient to arrive at a final gross 
annual revenue number. Neither does the Bureau agree with the comment 
offering examples of errors in reporting gross annual revenue would not 
really impact the overall integrity of the data; based on its 
experience with other data reporting regimes such as HMDA, the 10 
percent error range suggested by the commenter in the reporting of 
gross annual revenue could be material and impact the integrity of the 
data the Bureau received.
    A safe harbor for when an applicant misidentifies itself as a 
women-owned or minority-owned business is likewise not necessary, as 
financial institutions are required to report business statuses as 
provided by the applicant, without verification, pursuant to final 
Sec.  1002.107(a)(18) and comment 107(a)(18)-8. Regarding the request 
to add a safe harbor related to the feasibility of the firewall, 
allowing for variations in determining feasibility, the Bureau notes 
that its implementation of the statutory firewall provision, in Sec.  
1002.108, provides financial institutions substantial leeway; as 
specified in comment 108(c)-1, a financial institution is not required 
to perform a separate analysis of the feasibility of maintaining a 
firewall beyond determining whether an employee or officer should have 
access to an applicant's protected demographic information.
112(c)(1) Incorrect Entry for Application Date
    Final Sec.  1002.107(a)(2) requires financial institutions to 
report application date. In the NPRM, the Bureau proposed Sec.  
1002.112(c)(4), which would have provided that a financial institution 
does not violate proposed subpart B if it reports on its small business 
lending application register an application date that is within three 
calendar days of the actual application date pursuant to proposed Sec.  
1002.107(a)(2). The Bureau sought comment on its proposed approach to 
this safe harbor.
    The Bureau received comments on proposed application date safe 
harbor from a handful of lenders and trade associations. Most of these 
commenters generally supported the safe harbor, with one commenter 
stating that it would reduce the compliance burden of pinpointing an 
exact application date. A trade association supporting the safe harbor 
further stated that the application process is fluid and that it should 
be sufficient for the financial institution to reasonably document the 
data point and have policies and procedures in place to capture the 
data. Another trade association stated that the proposed safe harbor is 
appropriate, but questioned its utility. The commenter noted that it 
was unclear who or how the ``actual'' application date would be 
determined and the proposed definition of a covered application was 
already flexible and subjective.
    Two banks urged the Bureau to change ``calendar'' days to 
``business'' days in the safe harbor. These commenters stated that they 
often operate their business seven days a week or may approve requests 
for credit on non-business days. They argued that business days would 
allow for

[[Page 35427]]

consistent application of the safe harbor regardless of the date a 
business applied for credit, retaining only calendar days would mean 
financial institutions would lose the flexibility afforded by a safe 
harbor when it is most needed, and that failure to make the change 
could preempt the ability of financial institutions to provide ``off-
hour'' services. Finally, a couple commenters urged the Bureau to 
provide additional clarifications, such as examples of how to calculate 
the safe harbor date range or illustrations in the commentary on how 
the safe harbor would operate.
    The Bureau is finalizing Sec.  1002.112(c)(1) (proposed as Sec.  
1002.112(c)(4)) with modifications to provide that a financial 
institution does not violate ECOA or subpart B if it reports on its 
small business lending application register an application date that is 
within three business days of the actual application date pursuant to 
final Sec.  1002.107(a)(2). The Bureau believes this provision will 
both ensure the level of accuracy needed for the resulting data to be 
useful in carrying out section 1071's purposes and minimize the risk 
that financial institutions will be held liable for difficult-to-avoid 
errors, which might otherwise affect their participation in the small 
business lending market. The Bureau therefore believes final Sec.  
1002.112(c)(1) is necessary or appropriate to carry out section 1071's 
purposes pursuant to ECOA section 704B(g)(1) and (2).
    In response to commenters' concerns that ``calendar'' days would 
disadvantage a financial institution that receives applications on non-
traditional business days, the Bureau is revising ``calendar'' days to 
``business'' days. A business day means any day the financial 
institution is open for business.\831\ The Bureau agrees with 
commenters that the safe harbor should apply equally regardless of 
which day of the week an application is received. In response to 
commenters' request for illustrations as to how the safe harbor would 
work, the Bureau believes the text of final Sec.  1002.112(c)(1) 
provides sufficient guidance on how to calculate whether a reported 
date falls within the safe harbor. For example, in accordance with 
final Sec.  1002.112(c)(1), if a covered application is received by a 
financial institution on Saturday, January 5, and the financial 
institution is closed for business on Sunday, January 6, the safe 
harbor would apply so long as the financial institution reports an 
application date that falls between Wednesday, January 2 (three 
business days preceding the actual date of a covered application) and 
Wednesday, January 9 (three business days following the actual date of 
a covered application). Sunday, January 6 does not count as one of the 
three business days because it was not a business day for the financial 
institution.
---------------------------------------------------------------------------

    \831\ If a financial institution accepts covered applications 
online at any time, but under its procedures does not actually 
receive or review the application until the next business day, the 
mere willingness to accept applications online does not mean the 
financial institution is open for business seven days a week.
---------------------------------------------------------------------------

112(c)(2) Incorrect Entry for Census Tract
Proposed Rule
    Proposed Sec.  1002.112(c)(1) would have provided that an incorrect 
entry for census tract is not a violation of ECOA or this subpart if 
the financial institution obtained the census tract by correctly using 
a geocoding tool provided by the FFIEC or the Bureau. Regulation C 
Sec.  1003.6(b)(2) contains a similar provision, and the Bureau 
believed a similar approach would be appropriate here.
    Proposed comment 112(c)(1)-1 would have explained that the safe 
harbor provision under proposed Sec.  1002.112(c)(1) would not extend 
to a financial institution's failure to provide the correct census 
tract number for a covered application on its small business lending 
application register, as would have been required by proposed Sec.  
1002.107(a)(13), because the FFIEC or Bureau geocoding tool did not 
return a census tract for the address provided by the financial 
institution. In addition, proposed comment 112(c)(1)-1 would have 
explained that this safe harbor provision would not extend to a census 
tract error that results from a financial institution entering an 
inaccurate address into the FFIEC or Bureau geocoding tool.
    The Bureau sought comment on its proposed approach to this safe 
harbor.
Comments Received
    Several lenders and trade associations commented on the proposed 
safe harbor for incorrect census tract. Some commenters supported the 
safe harbor as proposed; several further requested that the safe harbor 
also protect the use of reasonable processes to identify and report 
census tract data where the FFIEC and Bureau tools did not return a 
census tract. Two commenters requested that the Bureau create an 
exclusion from census tract reporting when the applicant only provides 
a P.O. Box or other mailbox that is not connected to a physical 
address. Another requested, because the Bureau census tract tool is not 
yet available and because the FFIEC tool does not permit batch 
geocoding, that the Bureau extend the safe harbor to include 
commercially available batch geocoders often found within HMDA and CRA 
reporting software. One commenter supported the safe harbor but 
asserted that the safe harbor's usefulness was limited because of the 
difficulty in proving that a geocoding tool was used correctly. Two 
commenters requested additional latitude if a census tract is reported 
for a business where the business has a physical location, even if it 
is not the business's main address or where loan funds are spent.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.112(c)(2) (proposed as Sec.  1002.112(c)(1)) and comment 
112(c)(2)-1 (proposed as 112(c)(1)-1) as proposed. As noted above, 
Regulation C Sec.  1003.6(b)(2) contains a similar provision, and the 
Bureau believes a similar approach is appropriate here. Given the 
number of years that financial institutions have been relying on the 
FFIEC geocoding tool in the HMDA context, the Bureau believes it is 
reasonable to similarly permit financial institutions to rely on 
information provided by a geocoding tool offered by the FFIEC or the 
Bureau, subject to the caveats in comment 112(c)(2)-1. Additionally, 
the Bureau believes that this safe harbor will ultimately improve the 
accuracy of the data submitted by encouraging the use of reliable FFIEC 
geocoding tools, and preventing financial institutions from being 
subject to liability for difficult-to-avoid errors that some commenters 
said could drive those institutions to eschew these useful tools. The 
Bureau thus believes this provision is necessary to carry out, enforce, 
or compile data pursuant to section 1071, and necessary or appropriate 
to carry out section 1071's purposes pursuant to ECOA section 
704B(g)(1) and (2).
    Regarding commenters' request that the safe harbor be adjusted to 
protect the use of reasonable processes to identify and report census 
tract data where the FFIEC and Bureau geocoding tools did not return a 
census tract, or that the Bureau expand the safe harbor to include 
commercially available batch geocoding tools, the Bureau does not 
believe that such changes are warranted. Both Regulation C Sec.  
1003.6(b)(2) and final Sec.  1002.112(c)(2) permit financial 
institutions to rely on the accuracy of tools provided by the Federal 
government when they are able to return a census tract. Where such 
tools return no census tract at all, financial institutions must rely 
on other tools,

[[Page 35428]]

such as geocoding tools provided by third parties, or must use other 
means to determine census tract. The Federal government does not 
review, and therefore cannot verify or take responsibility for, the 
accuracy of commercially available geocoders.
    Similarly, the Bureau is not adopting an exception for situations 
in which the applicant only provides a P.O. Box or other mailbox that 
is not connected to a physical address. The ``waterfall'' reporting 
method for the census tract data point implements the statutory term 
``principal place of business.'' Pursuant to final Sec.  1002.107(c), a 
financial institution is required to maintain procedures reasonably 
designed to collect applicant-provided data, which includes an address 
or location for purposes of determining census tract. Because a P.O. or 
other mailbox address is generally unrelated to the location of the 
principal place of business or another location associated with the 
business, the Bureau expects that in most instances (for its own 
purposes or as needed to comply with other regulations) a financial 
institution will attempt to collect an address more suitable for 
determining the census tract. If the financial institution is unable to 
do so, it may use a P.O. or other mailbox address for reporting census 
tract.
    Despite the assertion that this safe harbor is limited because of 
the difficulty in proving that a geocoding tool was used correctly, the 
Bureau does not believe that changes to the safe harbor would be 
appropriate. The safe harbor, which the Bureau notes is broader than 
the one in Regulation C (this safe harbor extends to the Bureau 
geocoding tool; the one in Regulation C does not), is intended to be 
narrowly applicable to government-provided geocoding tools. Financial 
institutions have relied for years on existing geocoding tools, 
including the FFIEC tool in the HMDA context. The use of the FFIEC 
tool, and the manner that the Bureau has dealt with any errors derived 
from the use of the tool, are well established. Thus, the Bureau does 
not anticipate difficulties identifying whether an error is caused by 
user error (which would not be protected by the safe harbor) or by the 
geocoding tool itself (which would be protected). The Bureau does not 
believe that, as requested by the same commenter, any further latitude 
is required in the reporting of census tract (i.e., if the census tract 
is reported for a physical location, even if it is not the business's 
main address or where the proceeds of the credit applied for or 
originated will be or would have been principally applied) for the 
reasons set out here and in the section-by-section analysis of Sec.  
1002.107(a)(13) above.
112(c)(3) Incorrect Entry for NAICS Code
Proposed Rule
    The Bureau proposed to require financial institutions to collect 
and report an applicant's 6-digit NAICS code in proposed Sec.  
1002.107(a)(15). A financial institution would have been permitted to 
rely on statements of or information provided by the applicant in 
collecting and reporting the NAICS code as described in proposed 
comments 107(a)(15)-3 and -4. The Bureau also proposed a safe harbor, 
in Sec.  1002.112(c)(2), to address situations where a financial 
institution does not rely on such information, but instead identifies 
the NAICS code for an applicant itself and the identified NAICS code is 
incorrect. Specifically, proposed Sec.  1002.112(c)(2) would have 
provided that the incorrect entry for that institution-identified NAICS 
code is not a violation of ECOA or subpart B, provided that the first 
two digits of the NAICS code are correct and the financial institution 
maintains procedures reasonably adapted to correctly identify the 
subsequent four digits.
    The Bureau sought comment on its proposed approach to this safe 
harbor. The Bureau also sought comment on whether requiring a 3-digit 
NAICS code with no safe harbor would be a better alternative.
Comments Received
    The Bureau received a number of comments on its proposal to require 
collection and reporting of a 6-digit NAICS code, as discussed in the 
section-by-section analysis of Sec.  1002.107(a)(15) above. The Bureau 
received comments from some lenders and trade associations specifically 
regarding the related safe harbor in proposed Sec.  1002.112(c)(2). 
Several industry commenters reiterated their general opposition to the 
proposed NAICS code data point but asserted that they supported the 
safe harbor if the Bureau were to require financial institutions to 
collect and report NAICS code. A trade association stated that as long 
as the data point reported is reasonably documented and the financial 
institution can demonstrate it has policies and procedures in place to 
capture the data, the Bureau should recognize that it is sufficient. A 
bank and a trade association for online lenders stated that where an 
institution in good faith reports a NAICS code, believed to be accurate 
based on the attestation and information provided by the applicant, but 
was provided with inaccurate information, a reporting financial 
institution should not be deemed to be in noncompliance with the 
regulation. A few commenters asserted that if the Bureau requires NAICS 
code to be collected, then the Bureau should permit lenders to rely 
upon applicant statements or codes obtained through the use of business 
information products as proposed in comments 107(a)(15)-3 and -4.
    A few trade associations and a business advocacy group expressed 
the belief that the safe harbor was insufficient and should be broader. 
In particular, these commenters asserted that the safe harbor would not 
apply when the institution relied on the applicant's statement for the 
NAICS code. A group of trade associations concluded that financial 
institutions that want to use the safe harbor would be required to try 
to determine the NAICS code themselves and said that this process would 
be burdensome and fraught with the risk of inaccuracies.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing Sec.  
1002.112(c)(3) (proposed as Sec.  1002.112(c)(2)) with certain 
adjustments. As discussed in the section-by-section analysis of Sec.  
1002.107(a)(15) above, the Bureau is requiring that financial 
institutions collect and report a 3-digit NAICS code for the applicant. 
The Bureau is revising the safe harbor to account for this modification 
for the required number of digits and to clarify what information the 
financial institution may rely on in reporting NAICS codes. In 
addition, while the bona fide error provision in final Sec.  
1002.112(b) continues to apply (provided its requirements are met), the 
Bureau is deleting that language from comment 112(c)-2 for consistency 
across the safe harbor provisions and because comment 112(b)-3 
addresses the issue.
    Specifically, final Sec.  1002.112(c)(3) makes clear that an 
incorrect entry for a 3-digit NAICS code is not a violation of ECOA or 
subpart B, provided that the financial institution obtained the 3-digit 
NAICS code by: (i) Relying on an applicant's representations or on an 
appropriate third-party source, in accordance with Sec.  1002.107(b), 
regarding the NAICS code; or (ii) identifying the NAICS code itself, 
provided that the financial institution maintains procedures reasonably 
adapted to correctly identify a 3-digit NAICS code.

[[Page 35429]]

    As discussed above, some commenters believed that the proposed safe 
harbor would not apply when the institution relied on the applicant's 
statement for the NAICS code, and as a result financial institutions 
could be penalized for reporting erroneous NAICS codes provided by 
applicants and thus may have to re-check such NAICS codes themselves in 
order to qualify for the safe harbor. Given the provisions in proposed 
Sec.  1002.107(a)(15) and (b) (finalized in Sec.  1002.107(b) with 
additional detail) that expressly permitted a financial institution to 
rely on applicant-provided information in reporting NAICS code, the 
Bureau did not believe that such a safe harbor was necessary. However, 
to address commenters' concerns, the Bureau is expressly including 
NAICS codes provided by applicants or obtained from an appropriate 
third-party source, in accordance with Sec.  1002.107(b), within the 
scope of final Sec.  1002.112(c)(3).
    The Bureau is adopting this safe harbor pursuant to its statutory 
authority under section 704B(g)(1) and (2). The Bureau believes that 
this safe harbor, as revised, is responsive to commenters' concerns 
about the difficulties in correctly classifying an applicant's NAICS 
code (whether because the business may change over time, codes may have 
overlapping definitions, small businesses may not know their NAICS 
code, or because classifications may otherwise be prone to human 
error). The Bureau also believes that the safe harbor will help to 
ensure the accuracy of the data submitted by requiring the maintenance 
of appropriate procedures when the financial institution is determining 
an applicant's NAICS code itself; at the same time, the safe harbor 
prevents financial institutions from being subjected to liability for 
some difficult-to-avoid errors. Therefore, the Bureau believes final 
Sec.  1002.112(c)(3) is necessary or appropriate to carry out section 
1071 purposes pursuant to ECOA section 704B(g)(1) and (2).
112(c)(4) Incorrect Determination of Small Business Status, Covered 
Credit Transaction, or Covered Application
Proposed Rule
    Proposed Sec.  1002.112(c)(3) would have provided that a financial 
institution that initially determines that an applicant for a covered 
credit transaction is a small business, as defined in proposed Sec.  
1002.106(b), but later concludes the applicant is not a small business, 
does not violate ECOA or Regulation B if it collected information 
pursuant to subpart B regarding whether an applicant for a covered 
credit transaction is a minority-owned business or a women-owned 
business, and the ethnicity, race, and sex of the applicant's principal 
owners. Proposed Sec.  1002.112(c)(3) would further have provided that 
a financial institution seeking to avail itself of this safe harbor 
would have to comply with the requirements of subpart B as otherwise 
required pursuant to proposed Sec. Sec.  1002.107, 1002.108, and 
1002.111 with respect to the collected information.
    The Bureau proposed this safe harbor to address situations where a 
financial institution may otherwise be uncertain about whether it ``may 
obtain information required by a regulation'' under existing Sec.  
1002.5(a)(2), which could deter financial institutions from complying 
with the rule implementing section 1071. The Bureau believed that this 
safe harbor would facilitate compliance with ECOA by eliminating a 
situation in which a financial institution might be deterred from 
appropriately collecting applicants' protected demographic information 
due to the possibility that their understanding of an applicant's small 
business status might change during the course of the application 
process.
    Proposed Sec.  1002.112(c)(3) would have made it clear that a 
financial institution seeking to avail itself of this safe harbor must 
comply with the requirements of subpart B as otherwise required 
pursuant to proposed Sec. Sec.  1002.107, 1002.108, and 1002.111 with 
respect to the collected information. Relatedly, proposed comment 
106(b)-1 would have clarified that, in such a situation, the financial 
institution does not report the application on its small business 
lending application register pursuant to Sec.  1002.109.
    The Bureau sought comment on its proposed approach to this safe 
harbor.
Comments Received
    As set out above in the section-by-section analysis of Sec.  
1002.112(c), the Bureau received comments generally supporting all four 
of the proposed safe harbors, including proposed Sec.  1002.112(c)(3), 
as well as comments suggesting that the proposed safe harbors were too 
narrow. With respect to proposed Sec.  1002.112(c)(3) specifically, a 
CDFI lender and two trade associations supported this safe harbor 
generally. The trade association further urged the Bureau to allow 
banks to rely on applicant-provided revenue data in determining whether 
to collect data pursuant to this regulation. Several other industry 
commenters, apparently unaware of proposed Sec.  1002.112(c)(3), 
requested that the Bureau adopt a safe harbor, in substance, identical 
to proposed Sec.  1002.112(c)(3). A bank and a business advocacy group 
suggested that the Bureau adopt a new safe harbor applying to an 
application for a covered credit transaction where the applicant 
ultimately accepts a product that is not reportable; the trade 
association suggested that the collection of data for such applications 
would not advance the statutory purposes of section 1071.
Final Rule
    For the reasons set forth herein, the Bureau is finalizing this 
safe harbor, renumbered as Sec.  1002.112(c)(4), with revisions. The 
Bureau has expanded the safe harbor for the reasonable, yet erroneous, 
collection of demographic data beyond an initial determination that an 
applicant is a small business, to also cover an initial determination 
that the application is for a covered credit transaction and that there 
is a covered application.
    Specifically, final Sec.  1002.112(c)(4) provides that a financial 
institution that initially collects protected demographic data--
regarding whether an applicant for a covered credit transaction is a 
minority-owned business, a women-owned business, or a LGBTQI+-owned 
business, and the ethnicity, race, and sex of the applicant's principal 
owners pursuant to final Sec.  1002.107(a)(18) and (19)--but later 
concludes that it should not have collected such data does not violate 
ECOA or Regulation B if the financial institution, at the time it 
collected these data, had a reasonable basis for believing that the 
application was a covered application from a small business for a 
covered credit transaction pursuant to Sec. Sec.  1002.103, 1002.104 
and 1002.106. Consistent with the proposal, final Sec.  1002.112(c)(4) 
further states that a financial institution seeking to avail itself of 
this safe harbor shall comply with the requirements of subpart B as 
otherwise required pursuant to Sec. Sec.  1002.107, 1002.108, and 
1002.111 with respect to the collected data. The Bureau is also 
adopting new comment 112(c)-3 to provide an example of the kinds of 
errors covered by the safe harbor in final Sec.  1002.112(c)(4).
    The Bureau is adopting this safe harbor pursuant to its authority 
under ECOA sections 703(a), 704B(g)(1), and 704B(g)(2). The Bureau has 
determined it is appropriate to expand the safe harbor to address other 
situations which could pose the same challenges to financial 
institutions as the one addressed by proposed Sec.  1002.112(c)(3). 
Specifically, the safe harbor as revised addresses several 
determinations a

[[Page 35430]]

financial institution must make as a threshold matter in order to 
collect applicants' protected demographic data pursuant to the rule: 
whether an application is reportable pursuant to Sec.  1002.103, for a 
covered credit transaction under Sec.  1002.104, and from a small 
business applicant pursuant to Sec.  1002.106.
    Comments the Bureau received on the safe harbor in proposed Sec.  
1002.112(c)(3), and on the underlying substantive provisions including 
proposed Sec. Sec.  1002.103, 1002.104 and 1002.106, suggested that 
financial institutions need additional leeway in making threshold 
determinations, particularly when those determinations are based on 
applicant-provided data that may later change or otherwise turn out to 
be incorrect. Under existing Sec.  1002.5(a)(2), a creditor may only 
obtain otherwise protected information if ``required by a regulation,'' 
or some other express exception applies. Absent this expanded safe 
harbor, financial institutions may be deterred from appropriately 
collecting applicants' protected demographic information for fear of 
running afoul of existing Sec.  1002.5(b) due to the possibility that 
their understanding of an application--whether the application is for a 
covered credit transaction, and is from a small business applicant--may 
change during the course of the application process and so collection 
of demographic data will no longer be ``required by a regulation.'' The 
Bureau thus believes that the safe harbor in Sec.  1002.112(c)(3), as 
revised from the proposal, will facilitate compliance with ECOA and the 
rule.
    The Bureau agrees, as suggested by several commenters, that the 
safe harbor in proposed Sec.  1002.112(c)(3) may have been too narrow, 
focused as it was on errors in determining the small business status of 
an applicant. For the reasons explained herein, the Bureau believes it 
is appropriate to extend the safe harbor to other threshold 
determinations: whether an application is reportable at all under Sec.  
1002.103 and whether the application in question is for a covered 
credit transaction under Sec.  1002.104.
    Regarding a commenter's request that banks should be allowed to 
rely on applicant-provided revenue information in deciding to collect 
demographic data, the Bureau notes that, pursuant to final Sec.  
1002.107(b), financial institutions may rely on unverified applicant-
provided gross annual revenue (although if the financial institution 
verifies that information, it must use the verified information 
instead).
    Regarding the same commenter's request to expand the safe harbor to 
include any application for a covered credit transaction where the 
applicant accepts an offer for a financing product that is not 
reportable, the Bureau does not believe any further expansion of final 
Sec.  1002.112(c)(4) is warranted. Final Sec.  1002.112(c)(4) addresses 
the collection of demographic data from a small business that initially 
applies for a covered credit transaction but, before final action is 
taken, instead seeks a non-covered transaction, such as a lease.\832\ 
The safe harbor suggested by the commenter, on the other hand, would be 
unnecessarily broad, reaching a covered application from a small 
business that accepted a non-covered product after final action has 
been taken on the covered application for a covered credit product. In 
such circumstances, the initial decision of the financial institution 
to collect demographic data on such applications for covered credit 
transactions was not erroneous and would not have violated ECOA or 
Regulation B, and thus a safe harbor is not necessary. Further, the 
commenter did not explain why a safe harbor covering the situations it 
described would be consistent with the statutory purposes of section 
1071, which requires the collection of ``any application to a financial 
institution for credit'' (emphasis added).
---------------------------------------------------------------------------

    \832\ See also comment 103(a)-9, which discusses reporting where 
there is a change in whether there is a covered credit transaction.
---------------------------------------------------------------------------

Section 1002.113 Severability

    Proposed Sec.  1002.113 would have provided that the provisions of 
subpart B are separate and severable from one another, and that if any 
provision is stayed or determined to be invalid, the remaining 
provisions shall continue in effect.
    One trade association said that it had no comments on proposed 
Sec.  1002.113.
    The Bureau is finalizing Sec.  1002.113 with revisions to clarify 
that applications of provisions are also severable. This is a standard 
severability clause of the kind that is included in many regulations to 
clearly express agency intent about the course that is preferred if 
such events were to occur.

Section 1002.114 Effective Date, Compliance Date, and Special 
Transitional Rules

    Final Sec.  1002.114 addresses when the final rule becomes 
effective and when financial institutions will be required to comply 
with the rule, as well as how financial institutions can choose to 
comply with the rule during this transitional period. Final Sec.  
1002.114(a) states that this small business lending data collection 
rule will become effective 90 days after the final rule is published in 
the Federal Register. Final Sec.  1002.114(b) provides a tiered 
approach to compliance dates. Specifically, the dates by which covered 
financial institutions are initially required to comply with the 
requirements of this rule are specified in four provisions based on the 
number of covered originations. Compliance with the rule beginning 
October 1, 2024 is required for financial institutions that originate 
the most covered credit transactions for small businesses. However, 
institutions with a moderate transaction volume have until April 1, 
2025 to begin complying with the rule, and those with the lowest volume 
have until January 1, 2026.
    Final Sec.  1002.114(c)(1) permits covered financial institutions 
to begin collecting information pursuant to final Sec.  1002.107(a)(18) 
through (19) beginning 12 months prior to the compliance date. Final 
Sec.  1002.114(c)(2) permits a financial institutions that do not have 
ready access to sufficient information to determine their compliance 
tier (or whether they are covered by the rule at all) to use reasonable 
methods to estimate their volume of originations to small businesses 
for this purpose.
114(a) Effective Date and 114(b) Compliance Date
Background
    Section 1071 does not specify an implementation period, though 
pursuant to ECOA section 704B(f)(1) financial institutions must report 
data to the Bureau on an annual basis. In the SBREFA Outline, the 
Bureau noted that it sought to ensure that financial institutions have 
sufficient time to implement the rule, and stated that it was 
considering proposing that financial institutions have approximately 
two calendar years for implementation.\833\
---------------------------------------------------------------------------

    \833\ SBREFA Outline at 42.
---------------------------------------------------------------------------

    Small entity representative and stakeholder feedback regarding the 
two-year period for implementation under consideration during the 
SBREFA process was mixed.\834\ Some found the two-year period to be 
adequate, some requested more time, and a few urged for less. Some 
provided related feedback about adopting a grace period for data errors 
in the first year(s) after the rule becomes effective. A fuller 
discussion of the feedback from small entity representatives and 
stakeholders on implementation period is included in

[[Page 35431]]

the NPRM and in the SBREFA Panel Report.
---------------------------------------------------------------------------

    \834\ The small entity representative feedback discussed in this 
section-by-section analysis can be found in the SBREFA Panel Report 
at 36-37.
---------------------------------------------------------------------------

Proposed Rule
    The Bureau proposed in Sec.  1002.114(a) that its small business 
lending data collection rule become effective 90 days after the final 
rule is published in the Federal Register. At that time, the rule would 
become part of the Code of Federal Regulations; this would permit 
financial institutions to avail themselves of the special transitional 
rule in proposed Sec.  1002.114(c)(2), discussed below. However, 
pursuant to proposed Sec.  1002.114(b), compliance with the final rule 
would not have been required until approximately 18 months after the 
final rule is published in the Federal Register.
    The Bureau's proposed approach was a compromise between the two-
year implementation period under consideration at SBREFA that a slight 
majority of stakeholders found acceptable and the shorter one-year 
implementation period requested by certain stakeholders. The Bureau 
believed that the statutory purposes of section 1071 are better served 
by an earlier compliance date that would, in turn, result in earlier 
publication of data by the Bureau. The Bureau acknowledged the 
preference of various small entity representatives and other 
stakeholders for a compliance period of two or more years to comply. 
The Bureau noted, however, that some small entity representatives and 
other industry stakeholders said that they could be ready in less than 
two years. The Bureau agreed with the stakeholders that asserted that a 
shorter implementation period is preferable given the length of time 
that has elapsed since the passage of section 1071 of the Dodd-Frank 
Act.
    The Bureau believed that permitting or requiring a partial year 
collection in the initial year of compliance would further the purposes 
of section 1071 by expediting the collection and, potentially, the 
publication of data to be used to further the fair lending and 
community development purposes of the statute.
    The Bureau sought comment on its proposed effective date of 90 days 
following publication of an eventual final rule and its proposed 
compliance date of approximately 18 months after the publication of its 
final rule to implement section 1071. In particular, the Bureau sought 
comment on which aspects of the Bureau's proposed rule might require 
more or less time to implement, and ways in which the Bureau could 
facilitate implementation for small financial institutions, especially 
those that have had no experience with other Federal data reporting 
regimes. The Bureau further sought comment on two alternatives: (a) 
whether the Bureau should adopt a compliance date of two years after 
the publication of the final rule; and (b) whether the Bureau should 
adopt different compliance dates based on the size of a financial 
institution (e.g., one year for large financial institutions, two years 
for smaller institutions).
Comments Received
    The Bureau received several comments in response to proposed Sec.  
1002.114(a). A CDFI lender approved of the proposed effective date of 
90 days after Federal Register publication of this rule. A joint letter 
from several trade associations did not object to the 90-day effective 
date. A business advocacy group requested a that there be no 
retroactive application of the rule prior to the effective date. They 
noted that the proposed rule would require numerous complex compliance 
burdens based on the collection of new data, the establishment of new 
internal processes, and the development of new systems, and urged the 
Bureau to clearly explain that the final rule does not apply 
retroactively, including as to draws made after the effective date on 
loans made before the effective date.
    The Bureau received a large number of comments in response to 
proposed Sec.  1002.114(b). Several comments supported an 18-month 
compliance period or requested a shorter period, but the vast majority 
of comments suggested a longer compliance period, for varied reasons.
    Support. One community group preferred a 1-year implementation but 
was satisfied that the Bureau did not provide for a 2-year period as 
requested by lenders. A trade association offered appreciation that the 
proposed compliance period reflected consideration by the Bureau for 
the lenders but still requested a longer compliance period than 
proposed.
    Requests to publish data quickly and frequently. A number of 
commenters urged the Bureau to finalize the rule quickly to collect and 
publish data as soon as possible. A range of commenters emphasized the 
urgency of the Bureau implementing this rule carefully and quickly. Two 
commenters stated that the ongoing failure to collect and publish data 
harms women-owned and minority-owned small businesses and communities 
because discriminatory practices are permitted to continue. One also 
said that the absence of 1071 data would compromise the goals of 
mission-driven lenders. A joint letter from community groups and 
community oriented lenders said that swift implementation was critical 
for consumers, regulators, and advocates to assess markets given the 
limited data currently available.
    A number of commenters asserted that the Bureau should move quickly 
to implement the rule, collect and publish data given that more than 10 
years have passed since the Dodd-Frank Act required the promulgation of 
this rule. A minority business advocacy group requested that initial 
data findings be published as soon as possible, and every six months so 
that stakeholders can monitor progress and utilize data.
    Less than 18 months. Several commenters asserted that an 18-month 
compliance period was too long. Some commenters, including a joint 
letter community groups, community oriented lenders, and business 
advocacy groups, requested that the compliance date for this rule be 
January 1, 2024. Another commenter argued that a one-year period better 
served the statutory purposes of the rule. Several CDFI lenders stated 
that mission-based lenders ready to report within 18 months should be 
permitted to opt-in to report data. A community group suggested that 
section 1071's statutory purposes are better served by shorter 
compliance period considering Congress enacted section 1071 in the 
Dodd-Frank Act in 2010.
    More than 18 months. A large number of commenters, including 
lenders, trade associations, and a community group, opposed the 
proposed compliance date. Many of these commenters asked for a longer 
compliance period without specifying how much time lenders needed. One 
commenter stated that even if the final rule were shorter than the 
NPRM, lenders would need more than 18 months.
    Resources. Two industry commenters asserted that lenders needed 
more resources for new data collection and reporting systems to comply. 
A bank noted that it already faced thin margins and already had to 
comply with the Financial Accounting Standards Board's Current Expected 
Credit Losses rule.\835\
---------------------------------------------------------------------------

    \835\ Off. of the Comptroller of the Currency, Treasury; Bd. of 
Governors of the Fed. Rsrv. Sys.; and Fed. Deposit Ins. Corp., 
Regulatory Capital Rule: Revised Transition of the Current Expected 
Credit Losses Methodology for Allowances, Final Rule, 85 FR 61577 
(Sept. 30, 2020) (delaying for two years the requirement that 
banking organizations implement the estimated impact on regulatory 
capital stemming from the implementation of Accounting Standards 
Update No. 2016-13, Financial Instruments--Credit Losses, Topic 326, 
Measurement of Credit Losses on Financial Instruments).

---------------------------------------------------------------------------

[[Page 35432]]

    Scope and complexity. Two trade associations claimed that lenders 
needed more time to understand the scope of the final rule and to apply 
new processes to various lines of business. One commenter noted that 
the much of the data to be collected would be novel for lenders.
    Previous experience. Two lenders requested additional time because 
of their lack of experience with Federal data collections, such as HMDA 
or CRA.
    Policies and procedures. A number of commenters requested more time 
to develop and/or update policies and procedures for application intake 
and data collection. Several small lenders asserted that they would 
have to implement new application processes and adopt new forms. One 
bank noted that it would have to create formal applications and 
associated procedures for agricultural or business loans.
    Technology. A number of commenters identified the need to purchase 
or upgrade compliance software in support of extending the compliance 
period. Some banks said they needed time--for some, years--to rewrite 
core processors to add data points for this rule. Several banks said 
they needed to automate their small business lending processes, a 
difficult task with many systems to choose from, review, develop and 
implement. Several banks asked for more time to buy software from 
vendors, including time to conduct due diligence, allow vendors to 
develop systems, test integration with existing systems, and manage 
vendors. One lender stated that 10 percent of agricultural loans are 
made using a scoring system called AgScore, which must be re-engineered 
to support this rule, a costly and time-consuming task.
    Training. A number of banks said they needed more time to hire new 
staff and/or train existing employees.
    Other regulations. Commenters asserted that other comparably 
complex data collection regulations provided for longer compliance 
periods. A number of banks and two credit union trade associations 
noted that the 2015 HMDA rule had a two-year compliance period, and by 
contrast that this rule is a major regulation covering many different 
products, requiring even more time for vendors to adapt. Several 
commenters cited their experience with the TILA/RESPA integrated 
disclosure rule, which gave two years to comply with updated 
requirements, as proof that 18 months was not sufficient to comply with 
this new rule.
    Specific industries. Different types of lenders requested longer 
compliance periods for their industries. One commenter stated that 18 
months was insufficient because most mission-based lenders were small, 
and that compliance would take time and resources. They also suggested 
that CDFIs unable to meet the 18-month deadline should get more time to 
comply. Two trade associations claimed that 18 months was insufficient 
even for larger credit unions, and that most credit unions had to wait 
for vendors to create compliance products. One commenter requested more 
time because equipment finance companies are not accustomed to Federal 
regulators. A commenter requested more time for community banks because 
they would have to rely on software and vendors, not internal staff.
    Other comments. One bank claimed that a short deadline would cause 
unintended errors, leading to actions against the bank. Another bank 
claimed that compliance costs will increase cost of small business and 
agricultural lending, affecting customer profitability. A different 
bank claimed that it needed more time because many borrowers may not 
have or want to provide this data, and that small business owners 
require education to be willing to provide data for this rule. Another 
said rushed implementation would lead to unintended consequences.
    Two years. Many banks, credit unions, and trade associations 
requested a two-year compliance period. A joint letter from several 
trade associations suggested a compliance period starting the January 
1, two full years after the calendar year of the effective date. A bank 
asserted that an 18-month period would make the rule an undue 
regulatory burden, costly, and not commensurate to any reporting 
benefit.
    Scope and complexity. Several industry commenters asserted that 
lenders needed two years to understand the full scope and complexity of 
the rule. One argued that two years was warranted because the scope of 
rule expanded after the SBREFA process, adding additional data points 
pursuant to ECOA section 704B(e)(2)(H) and a visual observation and 
surname requirement. The commenter also argued that car dealers face 
open scope and coverage issues, specifically the involvement of dealers 
exempt from Bureau rulemaking. One lender asked for more time because 
the rule is a new regulatory paradigm, applying to multiple credit 
products and loan systems even within one bank. Another lender 
justified two years because small businesses need more time to 
understand the requirements of the final rule.
    Policies and procedures. Several industry commenters requested two 
years to permit lenders to develop and test new policies and 
procedures.
    Technology. Some industry commenters requested at least two years 
to comply to have enough time to deal with all of the steps related to 
purchasing or upgrading compliance software, including finding and 
onboarding vendors, conducting due diligence on vendors (some lenders 
said they were required to vet third parties), integrating compliance 
software with existing software, testing software, and reconfiguring 
platforms, all before the compliance deadline. Some noted that no 
vendors, at the time comments were submitted, offered compliance 
software for this rule. One bank asked for more time to ensure that 
their software differentiated between data reported under different 
overlapping regulations, including CRA, HMDA, and FinCEN's beneficial 
owner rule. Two industry commenters noted that lenders needed more time 
to accommodate core providers to adjust and update their software. One 
bank observed that, by way of example, its core provider only finished 
software six weeks before the end of the two-year compliance period for 
the beneficial owner rule.
    Staff and training. Several lenders said they needed at least two 
years to adjust staffing and train staff. A number of banks stated that 
they would need to hire new staff. Some industry commenters stated that 
lenders would need to train staff on compliance policies as well as new 
software.
    Two industry commenters argued that small financial institutions in 
particular needed more time. One trade association said that early 
stage online lenders would be burdened by the rule while seeking to 
expand access to credit for small businesses. A bank asserted that 
small banks needed two years because, unlike large banks, vendors and 
not internal staff would develop compliance systems.
    Other regulations. Several industry commenters justified a two-year 
period based on the compliance periods for comparable data collection 
regulations, including HMDA. One bank said that this rule was no less 
complex than HMDA and that no less time should be given to comply. 
Another bank observed that the 2015 HMDA rule justified a two-year 
period in part on the new time-consuming and complex requirement to 
collect open-end mortgage data; the bank argued that this rule was also 
new and complex. Two commenters noted that lenders' experience with 
HMDA showed how much time was needed to implement new systems, 
policies, procedures, data privacy, data security, staff training and 
compliance programs.

[[Page 35433]]

One trade association noted that this rule would be harder for 
financial institutions with no experience with data reporting regimes 
such as HMDA.
    Other comments. A trade association argued that the proposed 18-
month period was inconsistent with the two-year period in the SBREFA 
Outline of proposals under consideration.
    30 months. Some industry commenters requested at least 30 months to 
comply with the final rule, for several reasons.
    Scope and complexity. Several banks asserted that the scope and 
complexity of the rule warranted a 30-month compliance period. One bank 
stated that each product had a unique application process and record 
system, and different personnel. Another bank stated that the rule 
would result in far-reaching, expensive changes across the bank's many 
branches, including front and back-end staff. Several banks requested 
more time because of the strain on dedicated resources. One bank said 
it needed more time to ensure compliance as to all its products.
    Processes. Several industry commenters requested 30 months to 
comply to create or change processes and procedures in response to the 
rule, including new collection and reporting processes.
    Software. Some industry commenters requested 30 months to have time 
to purchase or upgrade software. Several noted that software to comply 
with this rule does not yet exist. Commenters also noted that vendor 
management requires time, including conducting third-party due 
diligence, integrating compliance software with existing software, and 
training staff on new software. One bank said that 30 months would give 
vendors time to develop and test solutions, and banks time to evaluate 
these solutions. One software vendor asserted that vendors needed 30 to 
36 months to work with business partners, such as form vendors, to 
coordinate, make changes, and distribute work to lenders. The commenter 
noted that it needed lead time to analyze, plan, design, develop, test, 
document and distribute software changes to its financial institution 
clients before the compliance date. A bank stated that the collection 
of new data points would require extensive changes to software for 
applications, loan processing, core processing, data collection and 
fair lending, and that each update required testing and training.
    Commenters offered specific concerns regarding small lenders and 
software. One trade association noted that core providers that small 
banks rely on do not now offer tools to comply with this rule. One 
bank, not a HMDA filer, expressed that it was at the mercy of its core 
provider regarding timing and expense. Another bank said it needed more 
time because it did not have ready access to its vendors because it was 
small compared to other lenders.
    Several industry commenters requested 30 months to have time to 
hire new staff and/or train existing staff to comply with this rule. 
One bank noted that such training would involve staff from different 
areas of the bank, including commercial lending, compliance, 
underwriting, applications support, and business systems support. A 
community bank said that it would not have a dedicated team for this 
rule, but rather existing staff, including a loan operations manager, 
loan audit clerk, and compliance officer, with competing concerns, 
would meet monthly to work slowly through the rule. One bank noted the 
particular importance of training its lending staff.
    A trade association requested a 30-month period on the grounds that 
a shorter period would result in flawed data the first few years, which 
could negatively impact analysis. Another commenter noted that small 
business lending is varied, involves more negotiation than consumer 
lending, and is therefore more difficult to capture consistent data 
for.
    Some commenters justified a 30-month period on compliance periods 
for other complex regulations. Several lenders cited their experience 
with HMDA to justify a 30-month period. One noted that many HMDA 
software kits barely met deadlines, and significant updates were still 
needed after the deadline. Another bank, based on its experience with 
the TILA/RESPA integrated disclosure rule, stated that it would take 
longer than 18 months to comply with this rule.
    Several lenders commented that they needed 30 months to comply 
because they had no experience with other data collection regulations 
such as HMDA or CRA.
    Two banks expressed a concern that an 18-month period would hamper 
their ability to serve customers. One also said it would be challenging 
to comply with the new rule while still serving customers and 
maintaining day-to-day bank operations. Another said that to ensure 
data consistency, the adoption of new processes may produce less access 
to credit.
    Some commenters supported a 30-month period for specific small 
business lenders. Some stated that 18 months was not sufficient for 
small and community banks to review, develop and implement collection 
systems. A number of smaller lenders and a trade association stated 
that while large lenders have dedicated compliance staff, smaller banks 
need more time because they rely on vendors and software. One bank 
stated that regulations should target large and not small banks, that 
rules often apply to lenders regardless of size, and that the Bureau 
should set a longer period for all lenders for the sake of small ones. 
A bank emphasized that a 30-month period would give smaller community 
banks time to prepare processes that work for both the bank and its 
customers.
    A number of mission-based lenders stated that small CDFIs had 
limited capacity and needed more time to develop compliance systems. 
Several commenters stated that mission-based lenders should be able to 
opt-in to comply in 18 months if they were ready to do so.
    A trade association expressed concern that banks it represented 
would have difficulties with the proposed 18-month period, especially 
for rural lenders with no HMDA experience, which would have to create 
new processes.
    A software provider identified a sequence of factors justifying a 
30-month period. First, this rule would require new data collection 
fields to collect, store, and report data. Such changes could only 
begin when this rule is finalized. After software changes are 
distributed, lenders must test software, implement procedural changes, 
and train employees on system updates prior to compliance date. 
Further, some clients may operate on different releases of software so 
multiple versions will have to be supported, requiring changes for 
multiple versions. The commenter requested more time to address these 
steps in an orderly fashion.
    Several other comments supported a 30-month period. One bank noted 
that the time is needed to resolve unanticipated implementation issues. 
Another bank supported a 30-month period to match compliance 
examination cycles. A third bank argued that a 30-month to three-year 
period was not much more time than the proposed 18-month period, given 
that the Bureau justified its proposal on the 10 years that elapsed 
since the passage of the Dodd-Frank Act.
    Three years. A plurality of commenters requesting a longer 
compliance period than proposed suggested three years to comply, 
including a wide variety of trade associations, as well as midsized and 
smaller banks, credit unions, and agricultural lenders.

[[Page 35434]]

    General comments. Several commenters stated that a three-year 
period would permit lenders to make changes to achieve the statutory 
purposes of section 1071. One lender suggested a compliance date of 
January 1, 2026. A trade association asserted that the compliance 
period should be three years and should start on January 1 on the 
grounds that a partial year of data would not provide meaningful 
benefits and would be ignored because data users would want to make 
year-over-year comparisons.
    Several industry commenters favoring a three-year period argued 
that it was inappropriate for the Bureau to use its 10-year delay in 
issuing this rule pursuant to the Dodd-Frank Act as grounds to burden 
lenders with a short compliance period. Two bank trade associations 
asserted that it was arbitrary and unreasonable for the Bureau to 
propose an 18-month period to comply with the broader requirements of 
the NPRM compared to the SBREFA outline of proposals under 
consideration, which contemplated a two-year compliance period.
    Sequential changes. Two trade associations noted that compliance 
steps in sequence, each step dependent on the completion of prior one--
vendors create new data collection and reporting systems, lenders 
develop and test procedures for these systems, staff are trained on the 
systems and procedures, then further testing may identify issues that 
require revisions and iterating again before the deadline. One 
commenter stated that, ideally, at least six months before the 
compliance date, lenders would receive software that can be tested and 
validated.
    Scope and complexity. Some industry commenters based a three-year 
period in part on the need for time to understand and interpret this 
rule. Several commenters noted that this new rule involves the 
collection of new data and would be a ``sea change'' for small business 
lenders, especially those with no experience with HMDA or data 
reporting. A trade association stated it did not know how much more 
time to request without knowing the content of the final rule. Another 
trade association stated that a three-year period would give the Bureau 
time to educate and support lenders as they implement this rule, based 
on the experience with the Paycheck Protection Program.
    Many banks and several trade associations cited the scope and 
complexity of the rule to justify a three-year period, specifically, 
that the rule would cover many different products with different 
processes. Two commenters requested a three-year period because 
compliance involves changes across many business units, systems, and 
small business lending channels. A group of trade associations asserted 
that the rule would require the collection of 21 data points, the 
separate maintenance of demographic information, and the firewall. Two 
trade associations stated that compliance with this rule would be 
significant and time-consuming. One bank noted that small business 
lending involved a wider variety of solutions than consumer lending. 
One bank noted that the rule as proposed would have required the 
reporting of 6,500 loans, 44 percent more than its 4,500 CRA-reportable 
small business loans.\836\
---------------------------------------------------------------------------

    \836\ This comment highlights the extent to which this final 
rule will greatly improve the comprehensiveness of application-level 
small business lending data available for analysis, compared to the 
data available under the status quo, such as current CRA 
regulations. The CFPB has worked closely with the OCC, FDIC, and 
Federal Reserve Board to harmonize this rule with those agencies' 
proposed CRA amendments; more comprehensive small business lending 
data from this final rule can lead to better analysis of business 
and community development needs in the context of the amended CRA 
regulations. See, e.g., Bd. of Governors of the Fed. Rsrv. Sys.; 
Fed. Deposit Ins. Corp.; and Off. of the Comptroller of the 
Currency, Treasury, Community Reinvestment Act, Joint Proposed Rule, 
87 FR 33884, 33941 (June 3, 2022) (``[T]he agencies propose using 
section 1071 data, once available, to develop market benchmarks.''); 
id. at 33998 (``In the longer term, the CRA's data collection and 
reporting requirements for small business loans and small farm loans 
would be eliminated and replaced by the CFPB's section 1071 data 
collection and reporting requirements.'').
---------------------------------------------------------------------------

    A number of industry commenters and a business advocacy group 
justified a three-year period to create, update, and test non-software 
processes and policies. Some commenters stated that lenders would need 
new procedures or workflows for applications and data collection. One 
bank stated that existing workflows would change to align with 
firewall. Several commenters stated that lenders would need to overhaul 
or obtain new forms and applications after the final rule. Other 
commenters claimed not to use written applications for small business 
and farm loans. One bank stated that it needed to develop a high-touch 
data collection system because of its variety of small business lending 
products. One trade association noted that lenders must wait for the 
final rule to change their policies and procedures, and that 
clarifications and questions regarding the rule would take months to 
address, especially new proposed provisions not discussed at SBREFA. 
One bank said it needed to establish controls and processes to train 
staff. A trade association stated lenders needed time to assign 
responsibility across departments, including compliance. Another bank 
observed that it would take time to receive direction from compliance 
vendors.
    Software. Many comments supported a three-year compliance period 
based in part on technological issues. Some industry commenters 
justified a three-year period on the need to automate processes and 
update small business lending applications. One bank stated that it 
needed to build data collection procedures for its manual lending 
processes, and that small business lending is not automated to same 
extent as consumer lending. One bank stated that many lenders report 
HMDA and CRA data via a manual process, and this will need to be 
automated to collect the significantly expanded data under section 
1071.
    A number of industry commenters stated that lenders would need time 
to choose, onboard and integrate new software. Several banks said no 
existing software complies with this rule, and one bank stated that 
many providers were waiting for this rule to be finalized and would 
still take time to make a proven and accurate solution available. Some 
lenders and trade associations noted that many lenders need to find and 
vet vendors before buying a software system. Some industry commenters 
stated that lenders do not have technology in place to collect data for 
the rule. One bank offered a contrary view, reporting that its software 
vendor was already working on software to comply with this rule. A 
large bank stated that it would need additional time to build 
compliance software itself.
    One bank said that it had no relationship with vendors and no data 
collection programs. A trade association stated that this rule would 
require significant infrastructure investments for credit unions. 
Another bank that it needed addition time to implement software before 
updating its processes. A trade association stated that lenders needed 
software before training staff. A group of trade associations stated 
that the integration of compliance systems would be an iterative 
process of testing, finding and fixing problems, and testing again, all 
across multiple lines of small business lending products. Another 
commenter identified a sequential process to purchasing software, 
including selection, installation, training and testing.
    Several commenters offered other details on why their technology 
requirements justified three years to comply. One bank stated that it 
needed at least 24 months to implement new software, and 12 months more 
to have accurate reporting. Another bank stated that 18 months suffice 
for vendors to

[[Page 35435]]

develop and install a data collection and reporting system but would 
not suffice for lenders to implement the software and train staff. A 
different bank stated that it searched for 1071 software for over two 
years and would need 18 months to integrate the software with other 
systems. Another bank said it needed more than two years to develop, 
test, and implement systems of this scope. One bank stated that its 
vendor would take six months to upgrade software after the final rule 
is released. Yet another bank needed 18 months for software to become 
available, vetted and installed, and 18 months more to train staff. A 
trade association claimed that lenders needed more time because they 
decide what technology to build one to two years in advance, and more 
time was needed to take into account ``blackout'' periods, during which 
technology builds stop eight weeks before calendar year end, which the 
commenter believed could add up to four months to timeline to comply 
with this rule.
    A number of industry commenters stated that lenders needed time to 
wait for vendors to prepare new software or update existing software, 
and time to test it. Several industry commenters and a business 
advocacy group also stated that lenders needed more time to onboard and 
test software.
    A number of lenders, particularly small and mid-sized banks, 
requested more time to comply because they lacked control over the 
speed and preparation of third-party software vendors. A trade 
association for community banks stated that small banks depend more on 
vendors to develop new systems. Several commenters stated that core 
providers, particularly relied upon by community banks, need more time 
to adjust to collect new data points. That is, community banks must 
wait for core providers to update their systems, test updates and 
resolve problems, after which compliance vendors can develop systems to 
integrate with the core system. The same commenter stated that 
community banks that use a platform, not a core provider, to originate 
loans must ensure that, once their core provider has built the fields 
for all of the data points, each is mapped individually to the small 
business lending platform, requiring the creation of multiple APIs, 
which would result in more costs and delays.
    Smaller lenders described complications they would face in 
obtaining software for this rule. One bank stated that lenders needed 
time to conduct due diligence on these vendors. Another bank stated 
that many financial institutions may make demands on the same vendors 
at the same time, slowing implementation. A third bank stated that 
covered financial institutions would compete for software 
implementation dates to comply with this rule, and that the smallest 
lenders will be at the greatest disadvantage for getting software in 
time to comply with this rule. Another commenter stated that community 
banks face higher costs to buy compliance software.
    Two trade associations asserted that three years would suffice for 
credit unions to work with vendors to revise systems for this rule. 
Another trade association stated that credit unions required more time 
than 18 months because they are at the mercy of vendors and must train 
staff and update forms and processes.
    A business advocacy group stated that the rule would result in 
significant, time-consuming changes to reprogram software because 
online lenders do not currently collect demographic information so as 
to avoid accessing data that would make intentional discrimination 
possible.
    Staffing. A number of commenters, including a number of lenders and 
trade associations, justified a three-year compliance period on the 
time lenders needed to hire and/or train existing staff to collect, 
verify, and report data for this rule.
    Some industry commenters stated that lenders would have to hire new 
staff for data collection, verification, and reporting. One bank stated 
that time would be needed to determine staffing needs. Two smaller 
banks stated that they would need an additional employee to collect and 
verify data for this rule. A State bankers association said that 
lenders needed more time because they and their small business 
customers were struggling with the lasting effects of the pandemic and 
labor market shortages.
    Many commenters, including a number of lenders and trade 
associations, justified a three-year compliance period in part on the 
need to train staff, both new and existing employees, to comply with 
the rule. Several banks stated that they could not start to train staff 
until software and processes exists for compliance with this rule; one 
bank said that 18 months was not sufficient to do this well.
    Several commenters said that lenders would need to train a variety 
of staff on compliance and software for this rule, including loan 
officers and customer-facing staff as well as compliance, risk, legal, 
and technology employees. Further, several banks and a business 
advocacy group observed that lenders needed to train staff on what to 
collect, including data points for this rule. A group of trade 
associations noted that some lenders are not accustomed to collecting 
data to the accuracy standards of the Bureau, and that staff familiar 
with HMDA and CRA would require more training not to be confused with 
overlaps with this rule.
    Several industry commenters noted that the rule would require 
greater staffing resources. One bank said it would increase staff hours 
to collect and review data, which would impact operations. Another bank 
stated that the biggest hurdle to compliance would be allocating 
employee resources. Yet another bank noted that staff training is time 
consuming. One bank noted that it needed several months to train its 
3,000 employees. A credit union trade association stated that a tight 
labor market, global pandemic, and economic crisis make updating 
services harder.
    Some commenters stated that they needed three years to comply to 
communicate changes caused by the rule to consumer to minimize 
disruption. Several commenters noted the need to accustom small 
business applicants to the collection of ethnicity, race, and sex 
information. One bank stated that borrowers may resist this type of 
inquiry. Another bank said that customer education for this rule was 
important, that many customers already believe that lenders ask for too 
much information, and that customers may be driven from traditional 
banking to less safe products as a result.
    Access to credit. Several commenters supported a longer compliance 
period on the grounds that financial institutions might need to pause 
or stop their small business lending until they were in compliance with 
this rule, hurting vulnerable small businesses that section 1071 was 
intended to benefit.
    Data accuracy. A number of commenters stated that hasty 
implementation of the rule would result in data errors, bad data 
quality and bad analysis based on that data. A group of State banking 
regulators asked the Bureau to consider a longer compliance period so 
that financial institutions can better prepare to compile and 
accurately report data. Several banks and trade associations asserted 
that rushed implementation generally would make data in the first few 
years after the compliance date flawed, incomplete, or unusable, 
limiting the usefulness of the data for fair lending and business and 
community development purposes.
    Some commenters asserted that more time to comply would make data 
more accurate, or otherwise justified a three-year compliance period on 
the grounds

[[Page 35436]]

of data accuracy. Several commenters stated that rushed compliance 
would result in errors which, in turn, would lead to Bureau actions 
against lenders as well as unnecessary public scrutiny, ultimately 
harming small businesses that section 1071 was intended to help. One 
bank stated that the implementation of policies and procedures, 
acquisition of software, and training of employees would take more than 
18 months to implement, but that three years would suffice to ensure 
the collection of reliable data. Another bank stated that data will be 
error[hyphen]laden in early years of collection until systems can be 
refined. A different bank stated that the proposed 18-month period will 
likely lead to flawed initial data reporting and flawed analyses. A 
trade association asserted that a three-year period more closely 
adhered to the expectation in the statute. Another trade association 
stated that a compliance period of fewer than three years would risk 
the viability of CDFI lending programs.
    Many industry commenters requested a longer compliance period 
because many lenders lacked experience with data reporting regulations, 
such as HMDA or CRA. Specifically, a number of lenders and trade 
associations stated that lenders not subject to HMDA reporting needed 
three years to comply because they will start from scratch without 
existing vendors, processes or procedures to adapt to small business 
lending or train staff. A group of trade associations stated that banks 
that do not report HMDA/CRA data will meet vendors for first time and 
will not have experience with testing process. One bank stated that for 
lenders with limited staffing resources and no existing reporting 
mechanisms, 18 months to comply is unreasonable. Another bank stated 
that many lenders have not had to collect this amount of data.
    Other regulations. A number of commenters compared the proposed 
compliance date with those of other regulations. One said that the 
proposed 18-month period was short compared to those of other complex 
rules. A bank said, based on past regulatory reporting rollouts, it 
would take three years to comply with this rule. Another commenter 
stated that historically, short implementation periods for complex 
rules are not feasible.
    Some commenters compared the proposed 18-month period to comply 
with a new, complex rule with the more than two years that lenders had 
to comply with the 2015 HMDA rule, which only modified existing 
requirements. Commenters pointed out that, unlike the 2015 HMDA rule, 
this rule requires the construction of new systems for a new data 
collection regime rather than building on systems already in place. One 
commenter encouraged the Bureau to consider a period of three years or 
longer, especially to ensure that smaller lenders would have time to 
comply. A large bank pointed out that, unlike HMDA, this rule covers 
numerous credit products offered by lenders to small businesses, 
including loans, lines of credit, and credit cards, each of which uses 
a unique application process and system of record, and different 
personnel.
    Other lenders and trade associations expressed concern about the 
proposed compliance period based on their experience with HMDA, noting 
that vendors were not ready before the initial deadlines established by 
the Bureau, which then had to provide leniency related to data accuracy 
for HMDA data, as well as issue multiple corrections and clarifications 
to HMDA rule since 2015. Several commenters noted that the 2015 HMDA 
rule took several years and resulted in Congress amending HMDA in 2018. 
One bank noted that, as with HMDA, lenders will spend many hours 
reviewing data to avoid errors and resubmission.
    Commenters also compared the proposed Sec.  1002.114(b) with 
compliance periods of other Federal rulemakings. One bank said that, 
based on its experience with the CRA, this rule would require more than 
18 months. Several commenters stated that the experience with the TILA/
RESPA integrated disclosure rule shows that 18 months were insufficient 
for major changes. One commenter requested three years to comply based 
on its experience with that same rule, noting that vendors sought 
clarity on that rule to make and deploy solutions, and the Bureau 
answered questions until the effective date, making implementation 
challenging. A trade association observed that industry had two years 
to comply with the FinCEN's customer due diligence rule,\837\ which it 
said was a simpler regulation.
---------------------------------------------------------------------------

    \837\ FinCEN's customer due diligence rule requires financial 
institutions to have procedures for each of its legal entity 
customer to identify each 25 percent natural person who owns more 
than 25 percent of the legal entity as well as one natural person 
executive of the legal entity. Fin. Crimes Enf't Network, Customer 
Due Diligence Requirements for Financial Institutions, Final Rules, 
81 FR 29397 (May 11, 2016).
---------------------------------------------------------------------------

    Two industry commenters took the opposite view, noting that lender 
experiences with past regulations are irrelevant. A bank said that a 
successful rollout would take more than 18 months even if a lender was 
experienced with data collection regulations. A trade association 
stated that even current HMDA reporters would find compliance with this 
rule challenging because of the differences between small business and 
agricultural lending and mortgage lending, specifically because small 
business lending involves different loan platforms, small business 
lending units do not offer a ``menu'' of standardized credit products, 
and clear application procedures do not exist because small business 
customers are unique.
    Industry-specific rationales. A number of industry commenters 
suggested rationales specific to their industries to justify a three-
year compliance period. An agricultural lender stated that many FCS 
lenders, community banks, and small credit unions would incur great 
expense if required to obtain new technology and train new employees 
within 18 months. A trade association noted that a compliance period of 
less than three years would burden CDFIs.
    Some commenters, including a trade association and a number of 
banks, stated that small and community banks needed three years to 
comply rather than 18 months. One commenter emphasized that 
stakeholders it consulted stated that an 18-month period was 
inadequate, and that small lenders may take three years to comply. A 
bank emphasized that while larger banks have more resources for 
compliance, small banks will struggle without more time to comply and 
will be disadvantaged. A trade association noted that smaller banks 
that are not HMDA reporters would find a new data collection regime 
challenging. A group of State banking regulators stated that small 
lenders would face particular challenges early on in implementation. A 
trade association and a bank noted that small banks depend on vendors 
to develop systems. A bank stated that small and mid-sized lenders are 
a lower priority for vendors, which would erode their participation in 
small business lending. Two banks noted that small and community banks 
would struggle because of shortfalls in staffing and technology.
    A trade association stated that mid-sized banks were unlikely to 
stand up systems in 18 months despite best efforts, based on the 
experience of lenders with other data reporting regimes.
    A business advocacy group stated that innovative start-ups, small 
banks, and credit unions would struggle to implement the rule given the 
resources at their disposal.
    A group of State banking regulators requested a longer compliance 
period,

[[Page 35437]]

in part, so that the Bureau could ``demonstrate'' its ability to 
collect data from nondepository institutions subject to the rule.
    A joint comment from two auto dealer trade associations requested a 
three-year period because they said the proposed 18-month period is 
untenable for dealerships in general and small dealerships in 
particular, which must coordinate compliance efforts with credit 
application system providers, vendors, and finance sources, after which 
systems must be updated and tested, and staff must be trained.
    More than three years. One commenter said that the compliance 
period should be three to five years because the bank would have to 
make hard decisions on staffing and its lending capacity due to the 
additional reporting measures, and may exit the market. The commenter 
expressed concern that a short implementation period would force the 
bank to exit the small business lending market and hurt its current 
customers.
    Tiered compliance. Some commenters supported some kind of phased or 
tiered compliance under which larger lenders would have earlier 
compliance dates and smaller lenders would have later compliance dates. 
Many industry commenters requested tiered compliance dates in addition 
to, or as an alternative to, a longer single compliance period for all 
lenders. Two commenters suggested tiered compliance starting not less 
than three years after the final rule is issued because the process of 
implementation would raise issues that require time and deliberate 
action to frame and solve.
    Industry commenters justified tiered compliance on a number of 
grounds, including the scope and complexity of the rule, as well as the 
need for smaller lenders to implement and test automated collecting and 
reporting. One trade association observed that some lenders needed time 
to test systems to ensure accurate collection and reporting, and 
asserted that with an 18-month period, a bank would have just six 
months to collect data to do a trial run with one year of data before 
the compliance date.
    Many commenters, including lenders and trade associations for State 
banks and credit unions, argued for tiered compliance because of the 
need to purchase or develop new software to comply with the rule. 
Industry commenters also pointed to other factors requiring a longer 
compliance period, include the time to find vendors, time to develop 
software, time for vendors to plan and execute network changes, and 
time to train and hire staff to integrate systems with software for 
this rule.
    Two industry commenters emphasized the dependence of smaller 
lenders on third-party vendors to justify tiered compliance--that small 
lenders would need time to evaluate lenders and complete due diligence, 
that vendors would need time to develop new compliance software, and 
that lenders would need time to integrate and test software with 
existing systems.
    Several trade associations emphasized that many lenders needed the 
additional time that tiered compliance would provide to permit them to 
hire and/or train compliance staff, and train existing lending staff, 
to comply with the rule.
    Two trade associations suggested that tiered compliance dates were 
necessary for credit unions to educate their members and allow for the 
development of member notifications.
    A number of commenters justified tiered compliance based on 
industry experience with complying with other regulations. Several 
commenters noted lenders had more than two years to comply with the 
2015 HMDA rule, which amended existing regulations, while this rule is 
new and complicated. Several trade associations pointed to industry 
experience with Financial Accounting Standards Board's Current Expected 
Credit Loss rule as an example of rushed implementation; after 
initially setting a single compliance date, regulators later staggered 
implementation, requiring smaller institutions to comply later, 
recognizing high one-time costs and advantages large institutions had 
in negotiating with vendors.
    A bank justified tiered implementation on the grounds that hasty 
implementation would lead to inaccurate data in the first few years of 
the rule.
    Two trade associations stated that phased compliance is important 
for lenders not experienced with data collection rules to give them 
time to build infrastructure. One commenter noted that lenders that are 
not federally insured depositories in particular need more time to 
start training programs from scratch, and that it would be hard for 
such lenders to find and hire enough staff with coding expertise 
without regulatory data systems in place. Another commenter said that 
banks that do not comply with HMDA would need more time to comply with 
this rule than money-center banks that have HMDA experience.
    Smaller lenders and trade associations justified longer compliance 
dates for smaller lenders on various grounds. One bank stated that 
smaller lenders could learn from the earlier compliance rollouts of 
large banks. Others said that tiered compliance would give smaller 
lenders more time to resolve unanticipated issues.
    Several commenters suggested several compliance dates, tiered by 
lender type. A trade association suggested that smaller lenders should 
have a later compliance date to learn from largest banks, and to have 
time to resolve unanticipated issues. In particular, the commenter said 
that rural and underserved communities need more time than money-center 
banks.
    Amongst commenters that supported tiered compliance dates, there 
was a variety of comments on how to determine which financial 
institutions should report later. Two commenters requested tiered or 
staggered compliance in any manner, whether by transaction type, lender 
type, or lender size. A community bank asked that the Bureau tier 
compliance dates based on asset-size or some other factor to provide a 
longer compliance period for community banks. One CDFI lender requested 
that the Bureau extend the compliance date to at least 30 months for 
mission-based lenders.
    Two trade associations and a large credit union supported tiering 
based on loan volume. One of the trade associations asked for tiered 
compliance with the earliest date starting three years after the final 
rule is issued, on the grounds that credit unions often have little 
bargaining power with vendors and are often the last to receive system 
upgrades.
    Several lenders suggested two compliance dates, with tiers set by 
asset size. One lender suggested two tiers, giving more time to lenders 
with less than $2 billion in assets because smaller institutions have 
smaller compliance and information technology staffs. The lender did 
not place much weight to the $2 billion threshold it proposed other 
than it would match ``small lender'' definitions in other areas of 
consumer financial law.
    Several industry commenters suggested two compliance date tiers. 
One bank suggested giving smaller lenders 24 to 36 months more than 
large banks. Two banks suggested giving smaller lenders one year more 
than larger banks, which they argued could reduce competition for 
software installation, implementation help, and training, which in turn 
could reduce costs and resource issues for small lenders. These 
commenters believed that smaller lenders could learn best practices 
from larger banks. A trade association said that large lenders ($10 
billion or more in assets), should have

[[Page 35438]]

two years to comply, while smaller lenders should have three years. The 
commenter stated this manner of tiering compliance dates would allow 
the Bureau to collect a large amount of data earlier, and would also 
give vendors more time to develop and integrate compliance products.
    Several commenters suggested three compliance date tiers by asset 
size. A trade association suggested that the Bureau adopt three 
compliance tranches, giving large lenders one year to comply, medium-
sized lenders two years, and small lenders three years. The commenter 
suggested the third tier should include the smallest lenders, community 
banks, and lenders to small businesses that the Bureau trusts and knows 
to be successful. Another bank proposed giving lenders with $5 billion 
or more in assets 18 months to comply, lenders with $1 billion or more 
24 months to comply, and banks with $1 billion or less 30 months to 
comply. One bank suggested three tiers by size, without defining size, 
and proposing that the largest lenders comply in the first year, mid-
sized lenders comply in second year, and small lenders comply in the 
third year. The commenter justified the earliest compliance date for 
large lenders because of the greater staff expertise, capacity and 
resources that these institutions had to comply with the rule.
    Several commenters opposed tiered compliance dates. The industry 
commenters asserted that this rule represents a major change for small 
and large lenders alike, from a ban on collecting protected demographic 
information data to requiring collection of it for small business 
loans. These commenters claimed that no vendors have a compliance 
software ready for this rule, that all lenders need sufficient time to 
understand the content of this rule, change processes, build and test 
systems, train employees, and implement procedures and controls. These 
commenters warned that a failure to give financial institutions of all 
sizes adequate implementation time will limit access to small business 
credit, which negatively impact the economy. A community group opposed 
tiered compliance dates on the grounds that the proposed 18-month 
period was sufficient for all institutions, and that lenders had from 
the release of the NPRM in September 2021 to begin preliminary planning 
to comply with this rule.
Final Rule
    The Bureau is finalizing Sec.  1002.114(a) as proposed. The small 
business lending data collection rule will become effective 90 days 
after it is published in the Federal Register. The Bureau confirms, as 
requested by a commenter, that this final rule does not apply 
retroactively, including for funds drawn after the effective date where 
the loan was originated before the effective date. See also final 
comment 114(c)-2, which makes clear that covered applications received 
prior to a financial institution's compliance date, but final action is 
taken on or after that date, are not required to be reported.
    The Bureau is not finalizing Sec.  1002.114(b) as proposed, which 
would have required compliance with the final rule approximately 18 
months after publication of the final rule in the Federal Register. 
Instead, the Bureau is finalizing a tiered approach to compliance 
dates. Specifically, the dates by which covered financial institutions 
are initially required to comply with the requirements of this rule are 
specified in four provisions:
    First, under Sec.  1002.114(b)(1), a covered financial institution 
that originated at least 2,500 covered credit transactions for small 
businesses in each of calendar years 2022 and 2023 shall comply with 
the requirements of this subpart beginning October 1, 2024. This 
compliance date is 18 months after the Bureau's issuance of this final 
rule.
    Second, under Sec.  1002.114(b)(2), a covered financial institution 
that is not subject to Sec.  1002.114(b)(1) and that originated at 
least 500 covered credit transactions for small businesses in each of 
calendar years 2022 and 2023 shall comply with the requirements of this 
subpart beginning April 1, 2025. This compliance date is 24 months 
after the Bureau's issuance of this final rule.
    Third, under Sec.  1002.114(b)(3), a covered financial institution 
that is not subject to Sec.  1002.114(b)(1) or (2) and that originated 
at least 100 covered credit transactions for small businesses in each 
of calendar years 2022 and 2023 shall comply with the requirements of 
this subpart beginning January 1, 2026. This compliance date is 33 
months after the Bureau's issuance of this final rule.\838\
---------------------------------------------------------------------------

    \838\ The Bureau considered giving Tier 3 financial institutions 
36 months to comply with the rule, as requested by many commenters. 
This would have resulted in a Tier 3 compliance date of April 1, 
2026. However, the Bureau believes that there is no material 
difference between the 3 years (36 months) requested by certain 
commenters and the 33 months provided to covered financial 
institutions subject to Tier 3.
---------------------------------------------------------------------------

    Finally, under Sec.  1002.114(b)(4), a financial institution that 
did not originate at least 100 covered credit transactions for small 
businesses in each of calendar years 2022 and 2023 but subsequently 
originates at least 100 such transactions in two consecutive calendar 
years shall comply with the requirements of this subpart in accordance 
with Sec.  1002.105(b), but in any case no earlier than January 1, 
2026. This compliance date is 33 months after the Bureau's issuance of 
this final rule.
    In addition, the Bureau has added a number of provisions to the 
commentary accompanying Sec.  1002.114. New comment 114(b)-1 explains 
that the applicable compliance date in Sec.  1002.114(b) is the date by 
which a covered financial institution must begin to compile data as 
specified in Sec.  1002.107, comply with the firewall requirement of 
Sec.  1002.108, and begin to maintain records as specified in Sec.  
1002.111. In addition, the covered financial institution must comply 
with Sec.  1002.110(c) and (d) no later than June 1 of the year after 
the applicable compliance date. New comment 114(b)-2 provides that when 
the compliance date of October 1, 2024 specified in Sec.  
1002.114(b)(1) applies to a covered financial institution, the 
financial institution is required to collect data for covered 
applications during the period from October 1 to December 31, 2024. The 
financial institution must compile data for this period pursuant to 
Sec.  1002.107, comply with the firewall requirement of Sec.  1002.108, 
and maintain records as specified in Sec.  1002.111. In addition, for 
data collected during this period, the covered financial institution 
must comply with Sec. Sec.  1002.109 and 1002.110(c) and (d) by June 1, 
2025. New comment 114(b)-3 addresses informal names for compliance date 
provisions, providing for informal, simplified names to facilitate 
discussion of the compliance dates specified in Sec.  1002.114(b)(1), 
(2), and (3). Under this new comment 114(b)-3, Tier 1 refers to the 
cohort of covered financial institutions that have a compliance date of 
October 1, 2024 pursuant to Sec.  1002.114(b)(1), Tier 2 refers to the 
cohort with a compliance date of April 1, 2025 pursuant to Sec.  
1002.114(b)(2), and Tier 3 refers to the cohort with a compliance date 
of January 1, 2026 pursuant to Sec.  1002.114(b)(3). New comments 
114(b)-4(i) through (vii) provide examples of various scenarios that 
illustrate how to determine which compliance date specified in Sec.  
1002.114(b) applies to financial institutions.
    The Bureau is adopting Sec.  1002.114(b) pursuant to its authority 
under ECOA section 704B(g)(1) to prescribe such rules and issue such 
guidance as may be necessary to carry out, enforce, and compile data 
pursuant to section 1071.

[[Page 35439]]

    The Bureau is adopting a tiered approach to compliance for a number 
of reasons. The Bureau believes, all else equal, that the statutory 
purposes of section 1071 are better served by an earlier compliance 
date because it will result in the earlier publication of data by the 
Bureau and use by the public.
    Most industry commenters that addressed the issue of the compliance 
date opposed Sec.  1002.114(b) as proposed, and requested more than 18 
months to comply with the rule. Views varied widely on how much more 
time was necessary. While commenters suggested compliance periods of 24 
months, 30 months, three years, and in one case 3.5 years or more, a 
plurality of industry commenters supported a single compliance date of 
three years for all lenders. A sizable number of commenters also 
supported tiered compliance dates based on the size of the lender, as 
an alternative to single, compliance period longer than 18 months.
    The Bureau gives credence to a set of three major factors 
commenters cited in requesting additional time, beyond 18 months, to 
comply with the rule (whether from 24 months to 3.5 years): the need to 
purchase or upgrade compliance software (including time to find and 
perform due diligence on vendors, purchase software, integrate 
compliance software with other systems, and test all of these); the 
need to create or adjust policies and procedures to comply with the 
rule; the need to train and, in some cases, hire staff to use the new 
software and implement the policies and procedures to collect data. 
Commenters did not clearly tie these factors to precise periods of 
time.
    Many commenters identified the sequential and iterative nature of 
these major factors. Generally, a lender must purchase and integrate 
new software before developing new policies and procedures concerning 
the use of the software, and the lender must have new policies in place 
before hiring and training staff to implement the software and follow 
the new processes. These processes are also iterative in that, in 
testing software, procedures and staff training, lenders may identify 
errors in software, processes, or training, and need to make 
adjustments that may then require additional changes in other aspects 
of the overall compliance program or system.
    The Bureau believes from comments received, and consistent with 
feedback received in SBREFA, that smaller financial institutions may 
face particular difficulties that justify providing them additional 
time to comply with the rule. Several industry commenters expressed 
their concern that they were at the mercy of their software vendors and 
other third-party providers and could not start compliance steps, such 
as establishing new policies and training employees, in the absence of 
such software. By contrast, one large bank requested more time to 
comply to develop in-house compliance software.
    Other commenters noted that with a shorter compliance period, 
vendors may be overloaded with requests from a market of financial 
institutions attempting to comply at the same time with this rule. 
Several commenters cited their experience in attempting to obtain the 
services of third-party vendors to comply with other rules such as the 
TILA/RESPA integrated disclosure rule and the HMDA 2015 updates, and 
observed that vendors tended to service larger lenders first, leaving 
smaller lenders with little time to integrate software, update policies 
and procedures, train and hire employees, and test all of these 
systems.
    Compounding these issues, many commenters--generally smaller 
lenders, some of which were rural or community financial institutions--
stated that they did not have previous experience with data collection 
rules, such as HMDA or CRA. The Bureau is aware that this rule may be 
the first contact that many covered non-depository institutions have 
with a Federal data collection regime. Further, a substantial number of 
commenters noted that they used manual or analog systems and claimed 
that they would have to automate their operations to comply with the 
rule. The Bureau believes that the increased originations threshold 
under in final Sec.  1002.105(b) may preclude many financial 
institutions that expressed concern that they would have to automate 
their processes from having to report data at all.
    All of these factors suggest that smaller financial institutions 
would face particular difficulties in complying with this rule within 
18 months. The comments suggested a variety of potential consequences 
stemming from insufficient time to comply. Some suggested that 
financial institutions would exit the market, that they would face 
greater costs to comply more quickly (for instance, a financial 
institution that might be able to use existing staff over the course of 
three years may need instead to hire additional staff to comply with 
the rule in 18 months), and/or that they may submit inaccurate or data 
of lesser quality to the Bureau than they would have if given more time 
to the comply.
    The Bureau does not believe that financial institutions would exit 
the small business lending market because of the compliance date, but 
rather believes that many smaller institutions may simply find it 
challenging to comply within the 18-month compliance period. The Bureau 
gives some credence to the concern that a shorter compliance period may 
result in somewhat higher, though not significant, costs that in turn 
may be passed on to customers. The Bureau believes that smaller 
financial institutions, especially those unaccustomed to data 
collection rules, may stay in the market but may be unable to comply 
within 18 months for reasons at least partly out of their control. The 
Bureau believes, based on comments received, that generally smaller 
financial institutions are more likely to be at the mercy of vendors 
that may prioritize larger customers.
    While a plurality of commenters requested a single, three-year 
compliance period for all lenders, the Bureau does not believe that 
such a change is justified. The Bureau received comparatively few 
comments from large banks regarding the sufficiency of an 18-month 
compliance period. One large bank stated that it would require 
additional time to develop its own compliance software. A trade 
association requested three years to comply with the rule on the 
grounds that larger lenders have more complex compliance systems to 
establish and operate because such lenders often had different 
divisions dedicated to different small business lending products. The 
Bureau does not believe, given the dearth of comments on this point, 
that the quality of data from large financial institutions is 
compromised by an 18-month compliance period. The Bureau thus believes 
that it would not be consistent with the statutory purposes of this 
rule to provide large financial institutions a longer compliance 
period.
    As a result, the Bureau believes that tiered compliance dates 
balance several factors at once; that the statutory purposes of section 
1071 are best advanced by, in aggregate collecting as much data as 
possible, as accurately as possible, as soon as possible; and that a 
system of tiered compliance dates accomplishes this better than a 
single 18-month compliance period.
    In part, the Bureau believes that is accomplished by maintaining 
the existing 18-month compliance period for the largest-volume 
financial institutions that are likely to report the bulk of the 
application-level data, and are likely to do so accurately. These 
financial institutions are more likely

[[Page 35440]]

than smaller and even mid-sized institutions to have the resources and 
experience to, with relative celerity, upgrade or purchase compliance 
software, create pertinent policies and procedures, and train or hire 
existing staff. The Bureau believes that the experience that many of 
these larger-volume financial institutions have with other Federal data 
collection regimes, such as HMDA or CRA, gives them the ability to 
adapt to this rule within the time given to collect and submit data.
    Further, by maintaining the 18-month compliance period for larger-
volume financial institutions in Tier 1, collection and reporting of 
most small business lending data will begin quickly. That is, covered 
financial institutions will report to the Bureau the vast majority of 
small business lending applications--approximately 90 percent of the 
applications covered by this rule, as detailed in part IX.D.2 Table 4--
on the timeline proposed in the NPRM.
    The Bureau also believes that the statutory purposes of section 
1071 are best advanced in aggregate by permitting small and mid-sized 
financial institutions, by volume of originations, to have more than 18 
months to comply with this rule. As discussed above, the Bureau 
believes, based on the large volume of comments and the rationale 
provided by them, that an 18-month compliance period increases the 
likelihood that small and mid-sized financial institutions, for a 
variety for reasons that are unique to them, will have difficulty 
collecting and reporting data, and that the data reported would be more 
likely to be inaccurate or unreliable. Further, the Bureau believes 
based on the comments it has received, feedback received in SBREFA, and 
its own observations about the small business lending market that the 
smallest financial institutions, especially those that do not already 
report data to Federal agencies, have more manual processes and 
relatively few employees, which increases the likelihood that they 
submit unreliable and inaccurate data to the Bureau.
    The Bureau believes that tiered compliance dates will improve the 
accuracy of data from smaller and mid-sized financial institutions. 
Later compliance dates for smaller and mid-sized financial institutions 
will mean they do not have to compete with larger financial 
institutions for the time and attention of software and compliance 
vendors. The Bureau understands that while the largest lenders are more 
likely to rely on in-house capacity to comply with the final rule, many 
other financial institutions with loan volumes likely to place them in 
Tier 1 may still rely on software vendors and may compete with smaller-
volume financial institutions for the time and attention of software 
vendors. With a longer timeframe to comply, smaller and mid-sized 
financial institutions might also be able to avoid expedited and more 
costly overtime and overflow work, and would have time to learn lessons 
from the compliance experience of larger institutions.
    Regarding the criteria for tiering, most commenters who addressed 
the issue suggested asset size as the criteria to determine which 
financial institutions should comply later. The primary virtue of that 
approach is its simplicity--most depositories know their total assets. 
However, many financial institutions that will be covered by this rule 
are nondepository institutions that may originate a large volume of 
loans but may have relatively few assets compared to depository 
institutions. Conversely, some depositories with a large volume of 
assets may have a low volume of small business loans. A tiering 
approach based on assets may require early reporting by large 
depositories with little interest in small business lending and exclude 
large-volume small business lenders with comparatively few assets. The 
Bureau does not believe that this approach would be as consistent with 
the statutory purposes of section 1071 as a criterion for tiering 
directly tied to a financial institution's relative activity in the 
small business lending market. As a result, the Bureau believes that 
the number of annual originations of covered credit transactions for 
small businesses should be the basis for tiering compliance dates
    On the number of tiers, commenters tended to favor two tiers rather 
than three. The Bureau believes that the statutory purposes of the rule 
are better served by three tiers. The Bureau determined from reviewing 
all of the comments that there were meaningful differences in the 
compliance challenges faced by smaller volume, middle-volume, and 
large-volume financial institutions. The Bureau believes that three 
compliance dates will help vendors better manage their capacity to 
serve their customers. The Bureau also believes that three compliance 
dates may also help the Bureau be more responsive to industry during 
the transition period. By extending the implementation period, the 
Bureau will be better able to provide more tailored attention to 
smaller and mid-sized financial institutions.
    General responses to comments received. The Bureau observes that 
the vast majority of comments it received identified specific factors 
or concerns regarding compliance with this rule that justified a longer 
compliance period. Nearly all of these comments also identified 
multiple factors or steps in the process of complying with this rule 
that justified a compliance period longer than the one proposed in the 
NPRM. As noted above, the Bureau observes that these comments, with 
very few exceptions, did not quantify specific amounts of additional 
time attributable to each specific factor or step in the compliance 
process that were identified. For instance, a frequent industry comment 
might have requested a three-year, rather than 18-month, compliance 
period, citing the need to purchase and implement software, create 
processes, and train staff, without attempting to attribute the 
additional 18 months to each of these three steps in the compliance 
process.
    Requests to publish data quickly and frequently. Regarding requests 
to collect and publish small business lending data as soon as possible, 
the Bureau agrees that the absence of these data will continue to 
hinder vital capital flow to small businesses, as small business and 
community development needs cannot be effectively identified without 
this data. However, the Bureau must conduct its privacy analysis, so 
the publication of data will not immediately follow its collection. 
Regarding the request to publish data as soon as possible, and to 
publish data every six months so that stakeholders can monitor progress 
and utilize data, the Bureau is not adopting a 6-month reporting 
requirement because requiring financial institutions to provide 
multiple data submissions a year may be administratively challenging 
for both financial institutions to comply with and for the Bureau to 
process. However, the Bureau may consider publishing aggregate data 
more often than once a year in the future if administratively feasible.
    Less than 18 months. The Bureau has considered comments asserting 
that 18 months is too long a compliance period. While some financial 
institutions could comply with this rule in less than 18 months, the 
Bureau believes that most financial institutions appear unable to, 
given the volume and intensity of comments requesting more time. The 
Bureau believes a one-year compliance period would be inconsistent with 
the statutory purposes of the rule because it appears that such a short 
period could be costly for financial institutions and result in 
inaccurate data. The Bureau agrees that mission-based lenders (or any 
other lenders) ready to report within 18 months should be permitted

[[Page 35441]]

to do so, and the rule permits them to do so.
    More than 18 months. Regarding the comments requesting a compliance 
period of more than 18 months, the Bureau agrees in part. As discussed 
above, the Bureau believes that many lower-volume financial 
institutions, with either lower assets or a low volume of small 
business lending and thus potentially fewer resources dedicated to that 
line of business, may need additional time to comply with the rule for 
the reasons provided above.
    Regarding comments concerning resources, the Bureau agrees in part. 
The Bureau does not believe that more time is justified solely because 
the rule may cause a financial institution to expend resources to 
comply with the rule. However, the Bureau agrees that smaller financial 
institutions may need more time to marshal the necessary resources, as 
discussed above.
    The Bureau has considered comments stating that financial 
institutions needed more time to understand the final rule and its 
scope. While the application of this rule would be new to some lines of 
business, and while some data would be novel the Bureau believes that 
financial institutions have had enough time to understand the concepts 
in the rule, especially for those financial institutions that have had 
experience with other Federal data collection rules, such as HMDA, CRA, 
or CDFI Fund. The concepts in the rule implement 2010 statutory 
language, and the rule's implementation of those statutory concepts 
relies on well-known concepts from existing rules, particularly the 
HMDA and the CRA regulatory requirements. Nonetheless, the Bureau 
acknowledges that preparing for compliance may be somewhat more 
difficult for financial institutions, particularly smaller 
institutions, with no previous experience with Federal data 
collections. The Bureau believes that final Sec.  1002.114(b) provides 
sufficient additional time for such financial institutions to come into 
compliance with the final rule.
    Regarding comments that financial institutions need more time to 
establish policies and procedures, the Bureau does not believe this is 
necessary for larger-volume lenders. The Bureau's proposed 18-month 
compliance period was intended to accommodate the need of financial 
institutions to develop or update policies and procedures to comply 
with the rule. The Bureau believes, however, that more time may be 
warranted for smaller financial institutions that do not have existing 
written policies or procedures and do not currently use written 
applications for small business or agricultural lending applications. 
The Bureau does not have reason to believe that there are larger-volume 
lenders that do not currently use forms or formal written applications.
    Regarding comments requesting more time to comply because of 
technological issues, the Bureau acknowledges the various steps that 
may be involved in obtaining software needed to imply with this rule, 
including updating core processors, automating analog systems, 
conducting due diligence, choosing vendors, and testing and integrating 
systems.
    The Bureau agrees with commenters that smaller-volume lenders may 
need more time than proposed to prepare software before the rule's 
compliance date. In particular, the Bureau understands that smaller 
financial institutions may need time to transition from informal 
applications to automated systems. Regarding the reengineering of 
agricultural credit scoring systems, the Bureau understood this issue 
to apply to smaller FCS lenders and believes that the additional time 
provided by the final compliance period provision would suffice for 
changes to be made to AgScore and for them to adjust accordingly.
    Regarding the comments that banks needed more time to hire new 
staff and/or train existing employees, the Bureau notes that not enough 
detail was provided by commenters that explained why this factor on its 
own justified more than 18 months to comply with this rule.
    Regarding the comments that the compliance periods for other 
similar regulations provided more time, the Bureau acknowledges that 
this rule, unlike HMDA and the TILA/RESPA integrated disclosure rule, 
covers a variety of different product types, that this rule is a new 
rulemaking rather than an amendment to existing regulations. The Bureau 
notes from its experience that smaller financial institutions in 
particular appeared to face challenges complying within the timeframe 
given for the 2015 HMDA rule amending Regulation C and the TILA/RESPA 
integrated disclosure rule. The Bureau agrees, from the experience of 
past rulemakings, that smaller financial institutions may wait longer 
than larger institutions for vendors to prioritize them.
    Regarding various industry-specific rationales given for extending 
the compliance period, the Bureau observes that many of the comments 
advocated for types of financial institutions that tended to be 
smaller, such as CDFIs, credit unions, and community banks. The Bureau 
believes that final Sec.  1002.114(b) will provide most of the smaller 
volume lenders the additional time they need to comply.
    Regarding comments that even larger credit unions would have to 
wait for vendors to create compliance products, the Bureau agrees only 
in part. The Bureau believes that vendors are more likely to focus on 
larger financial institutions--including larger credit unions--earlier, 
but that smaller financial institutions, including credit unions, are 
more likely to have to wait longer.
    Regarding the comment that equipment finance companies may be less 
accustomed to Federal regulators, the Bureau agrees but does not 
believe that this justifies a longer compliance period specifically for 
this type of lender. The Bureau believes that equipment finance 
companies with larger volumes of originations are likely to have 
sufficient experience and resources to prepare to come into compliance 
more quickly.
    Regarding the comment that a short compliance period would promote 
unintentional errors, the Bureau agrees in part. The Bureau believes 
that faced with limited time and resources, smaller financial 
institutions are more likely to submit inaccurate data, and that this 
is one of the rationales for providing lower-volume institutions 
additional time to comply with the rule. Regarding the concern that 
compliance costs will directly increase lending costs, the Bureau 
acknowledges in its impacts analysis in part IX below that this may 
take place, but that the per-loan impact of this rule will be 
relatively low.
    Regarding the comments that many borrowers do not possess or are 
unwilling to provide data pursuant to this rule, the Bureau agrees that 
educating small business applicants would improve their responses to 
requests for data under this rule. Regarding the comment that rushed 
implementation would lead to unintended consequences, the Bureau 
observes that the notice and comment processes has identified 
potentially unintended consequences of an 18-month compliance period, 
and that the final tiered compliance provision is intended to address 
these concerns.
    Two years. Regarding the comments favoring a two-year compliance 
period for financial institutions, the Bureau agrees in part. Based on 
a consideration of a variety of factors, including the comments it has 
received, the Bureau has determined that a two-year compliance period 
is appropriate for mid-sized financial institutions. The Bureau does 
not believe that two years

[[Page 35442]]

is an appropriate compliance period for all institutions. The Bureau 
believes that two years more time than is needed by the largest volume 
financial institutions, which have the ability to comply earlier, and 
too little time for the smallest volume financial institutions, which 
need closer to three years to comply with this rule.
    The Bureau has considered the comment asserting that the proposed 
compliance period would make the rule an undue regulatory burden, 
costly, and not be commensurate to any potential reporting benefit. As 
set out above, the Bureau believes that a shorter compliance period 
would be challenging for many smaller and mid-sized financial 
institutions, and the Bureau believes that it is more likely to obtain 
more accurate data if it provides smaller volume financial institutions 
more time to comply with this rule.
    Scope and complexity. The Bureau has considered comments stating 
that financial institutions needed a two-year compliance period to 
understand the full scope and complexity of the new rule. While the 
proposed rule included provisions not considered during SBREFA, such as 
additional data points pursuant to ECOA section 704B9(e)(2)(H), the 
Bureau does not believe that the increased complexity of the rule alone 
justifies additional time. Most of the new provisions in the NPRM are 
well-known outside of the context of this rule. In addition, the Bureau 
has in some ways limited the scope of this rule further by, for 
instance, not finalizing certain more complex provisions, such as the 
proposed visual observation and surname analysis requirement. Regarding 
scope and coverage issues faced by motor vehicle dealers, the Bureau 
does not believe that there are open issues requiring resolution as 
suggested by some commenters. The issues raised concerning the 
application of Bureau regulations to indirect motor vehicle lenders are 
well-established and not unique to this rulemaking. The Bureau likewise 
does not believe that this rule represents an entirely new regulatory 
paradigm; the many comments the Bureau received concerning the overlap 
between this rule and HMDA, CRA, and CDFI Fund data collections suggest 
that the concepts in this rule are already well understood by many 
financial institutions and not necessarily novel or paradigm-shifting. 
While the Bureau agrees that this rule is the first to attempt to 
collect application-level data comprehensively from the entire small 
business lending market, the Bureau does not believe that this alone is 
a reason to extend the compliance period of the rule.
    Policies and procedures. The Bureau has considered comments stating 
that financial institutions needed two years to develop and test new 
policies and procedures. However, the comments did not provide enough 
detail to support extending the compliance period based on this factor 
alone.
    Technology. Regarding comments requesting two years to comply 
because of the need to purchase or upgrade compliance software, the 
Bureau agrees in part. The Bureau acknowledges the various steps 
related to implementing or updating compliance software, including 
finding and vetting vendors, integrating compliance software with other 
systems. The Bureau acknowledges the concerns of some commenters that 
vendors may not be ready with compliance software before the proposed 
compliance date. The Bureau, as noted in part II above, has worked 
proactively with vendors and technology departments of financial 
institutions since the release of the NPRM to help them speed their 
work The Bureau believes that the tiered compliance schedule will 
ensure that financial institutions in need of time to buy or upgrade 
software will have that time.
    Staff and training. Regarding comments requesting a two-year 
compliance period in order to have additional time to hire new staff 
and train existing staff, the Bureau took those factors into account 
when proposing an 18-month compliance date. However, the Bureau agrees 
that small financial institutions may require additional time to comply 
because they may not have the staff to develop compliance systems that 
larger financial institutions may have. The Bureau believes that 
smaller institutions may be particularly reliant upon vendors and 
third-party software and, as mentioned before, may not be prioritized 
by these providers.
    Other regulations. Regarding the comments that a two-year period 
based was justified based on the compliance periods for other similar 
data collection regulations, the Bureau agrees in part for the reasons 
specified above. The Bureau acknowledges that industry's experience 
with the 2015 HMDA rule suggests that more time is required for smaller 
financial institutions in particular, and especially those with no past 
experience with a data collection regime like HMDA.
    Other comments. Regarding concerns that the proposed compliance 
period was inconsistent with the two-year period that the Bureau 
previously considered in the SBREFA process, the Bureau now believes 
that the two-year period is appropriate for financial institutions with 
a moderate volume of originations.
    30 months. The Bureau has considered comments requesting a single 
30-month compliance period but does not believe this approach would be 
appropriate, for the reasons provided below.
    Scope and complexity. Regarding the comments that the scope and 
complexity of the rule warrants a 30-month compliance period, the 
Bureau acknowledges the breadth and complexity of this rule but does 
not believe that the time needed to understand the rule in itself 
justifies one additional year to comply with the rule.
    Processes. The Bureau acknowledges that compliance with the rule 
may itself entail complex changes to the various processes pertaining 
to small business lending, including front and back-end operations, and 
operations across different branches. The Bureau notes that while 
industry commenters explained the complexity of changing processes and 
procedures with some clarity, the Bureau anticipated these types of 
changes in proposing an 18-month compliance period. In any case, these 
commenters identified various changes they would have to make in 
response to the rule without explaining why these changes justified 
extending the proposed compliance period by 12 months.
    Software. Regarding the comments requesting 30 months to comply 
with the rule because of the need to purchase new software or upgrade 
existing software, the Bureau agrees in part. The Bureau acknowledges 
the various steps and complexities in the process to upgrade or 
purchase software that commenters have identified, but the Bureau does 
not believe that all financial institutions need more time to purchase 
or upgrade software. The Bureau also acknowledges concerns that 
compliance software for this rule did not exist when comments were 
submitted in response to the NPRM. The Bureau understands from its 
outreach that software providers have been developing compliance 
products since the release of the NPRM, and while such products cannot 
be finalized until after the final rule, the Bureau believes that such 
software will be available for timely implementation by financial 
institutions, especially because the Bureau is committed to providing 
assistance to technology departments from financial institutions and 
software providers to develop compliance solutions in time to meet the 
final tiered

[[Page 35443]]

compliance dates. Regarding the comment that software providers need 30 
to 36 months to work with their business partners, the Bureau believes 
based on its outreach and comments received from some banks that this 
work had already begun with the release of the NPRM, and that the 
compliance dates provided in final Sec.  1002.114(b) should be 
sufficient for software providers to work with their business partners 
and financial institutions.
    The Bureau acknowledges commenters' concerns about small financial 
institutions and their ability to implement software before the 
proposed compliance date. The Bureau believes that lower volume 
lenders, especially those without previous experience with data 
collection rules, are likely to be at the mercy of compliance software 
providers and core providers, and are not as likely to have priority 
access to new software or provider assistance in implementing it. The 
Bureau does not, however, agree that these concerns justify a single 
30-month compliance period. Instead, the Bureau believes that these 
concerns justify tiered compliance based on the financial institution's 
transaction volume.
    Staffing and training. Regarding comments that a single, 30-month 
compliance period is needed to accommodate the hiring of new staff and/
or training of existing staff, the Bureau agrees in part. The Bureau 
acknowledges that this rule may require the hiring or training of staff 
in variety of different areas and roles across financial institutions. 
The Bureau emphasizes, however, the comment specific to smaller volume 
lenders that a community bank would not have a dedicated implementation 
team for this rule, but rather would assign responsibility for rule 
implementation to existing employees across the bank in addition to 
their existing tasks.
    Data accuracy. The Bureau acknowledges the comments that the 
proposed compliance period may result in data inaccuracies, but does 
not believe that a single, 30-month compliance period would be the most 
appropriate way to address these concerns. The Bureau, for the reasons 
provided already, believes that smaller and even moderate volume 
lenders, if subject to an 18-month compliance period data, may be at 
particular greater risk of collecting and submitting inaccurate data to 
the Bureau. The Bureau acknowledges the comment that small business 
lending is varied, involves more negotiation than consumer lending, and 
therefore makes it more difficult to capture consistent data for, but 
the Bureau does not believe that this factor alone justifies extending 
the compliance period. The Bureau observes that the existing 
regulations that collect data on small business and small farm lending 
already take into account the varied and more individually negotiated 
nature of such transactions.
    Other regulations. The Bureau acknowledges the comments concerns 
that other comparably complex regulations identified by commenters, 
such as the 2015 HMDA rule amendments and the TILA/RESPA integrated 
disclosure rule, provided for compliance periods longer than the 18 
months proposed by this rule. The Bureau acknowledges the comment 
observing that in response to the 2015 HMDA amendments, many software 
providers barely met the compliance date for that rule, and that 
significant updates were still required after the deadline. The Bureau 
agrees that smaller lenders may need more time to comply because of 
their lack of experience with data collection regulations such as those 
under HMDA or CRA. However, the Bureau does not believe that a uniform, 
30-month compliance period would be the appropriate way to address all 
these concerns. The Bureau believes that the specific comments it 
received advocating for a 30-month compliance period for smaller volume 
lenders or for those inexperienced with data collection rules support 
the tiered compliance dates set forth in the final rule.
    Customer relationships. Regarding the concerns that a short 
compliance period would hamper the ability of their ability to serve 
commercial lending customers, the Bureau agrees in part. The Bureau 
believes that smaller lenders and, to a lesser extent, moderate volume 
lenders may find it challenging to comply with the new rule while still 
serving customers and maintaining day-to-day bank operations. The 
Bureau acknowledges the concern that some commenters may adopt new 
processes to ensure data quality but provide less access to credit for 
applicants. The Bureau does not believe that a uniform, 30-month 
compliance period would be the appropriate way to address these 
concerns in a manner consistent with the statutory purposes of the 
rule. Rather, the Bureau believes that the customer relationships of 
smaller volume lenders are likelier to be affected by a shorter 
compliance period than the customer relationships of larger lenders.
    Sector specific. Regarding the comments that 18 months was not 
sufficient for smaller lenders, the Bureau agrees. The Bureau believes 
the differences between the compliance challenges faced by smaller and 
larger lenders suffice to justify a longer compliance period for 
smaller-volume lenders. The Bureau agrees with the multiple comments 
stating that smaller institutions, such as community banks, CDFIs, and 
rural lenders, are more limited in their capacity to expend the 
additional time and resources needed to comply with this rule within 18 
months, and with comments that larger lenders do not have such 
limitations and often have staff dedicated to regulatory compliance. 
Regarding the comment that regulations should apply only to large 
banks, not smaller banks, the Bureau notes that while the Dodd-Frank 
Act contains provisions specific to larger institutions, it does not 
apply exclusively to larger lenders. The Bureau, however, agrees that 
the compliance date provision of this rule should not apply to all 
financial institutions regardless of size, given the differences in the 
relative capacity to comply quickly, as the final tiered compliance 
date provision recognizes.
    Regarding the comments of a software provider concerning the 
various steps in the process to implementing compliance software, the 
Bureau appreciates the complexity of the process and the back-and-forth 
between software vendors and lenders. The Bureau, however, believes 
that the tiered compliance provision provides for more time for a 
majority of smaller and moderate volume lenders to work through the 
software implementation process. The Bureau is providing resources, 
such as the Filing Instructions Guide, concurrent with the release of 
this final rule to aid software vendors' and financial institutions' 
development of software expeditiously.
    Other comments. Regarding the comment requesting for 30 months to 
address unanticipated implementation issues, the Bureau believes that 
the final compliance date provision provides enough time and leeway for 
lenders to address any such issues. Regarding the comment that a 30-
month compliance period would match the normal compliance examination 
cycle, the Bureau disagrees as not every financial institution subject 
to this rule has examinations on this schedule. Regarding the comment 
that an 18-month compliance period is not justified by the length of 
time that has elapsed since the passage of the Dodd-Frank Act, the 
Bureau notes that in part, it agrees, providing an additional six to 18 
months to most lenders.
    Three years. The Bureau is not adopting a single compliance period 
of three years for all covered financial

[[Page 35444]]

institutions, for the reasons below. The Bureau acknowledges that much 
of the reasoning provided in support of a single, three-year compliance 
period justifies the compliance period for Tier 3 financial 
institutions. As noted above, the Bureau believes that there is no 
material difference between 33 months and three years for purposes of 
this rule and the compliance of Tier 3 institutions.
    General comments. Regarding the comments that a single, three-year 
period would achieve the statutory purposes of the rule, the Bureau 
believes that having larger- and moderate-volume lenders begin 
collecting data in 18 or 24 months, respectively, rather than 33 
months, while waiting to obtain more accurate data from smallest-volume 
financial institutions, is most likely to maximize the speed with which 
the Bureau receives the largest possible volume of accurate data. 
Because of this, the Bureau believes that the final tiered compliance 
provision better accomplishes the statutory purposes of the rule. 
Regarding the comment that such a three-year compliance period should 
start on January 1, the Bureau believes that earlier collection of data 
is consistent with the purposes of section 1071, even if it results in 
the collection of a partial year of data. While less useful in a year-
over-year comparison, a partial year of data would not be ignored 
entirely. Given the new data points that would be collected under the 
final rule, a partial year of collection will give data users valuable 
information they could not access from other sources, for the purposes 
of facilitating fair lending enforcement and identifying business and 
community development needs.
    The Bureau has considered comments asserting that by proposing an 
18-month compliance period, the Bureau has shifted the burden of 
rapidly complying with the rule onto lenders. The proposed compliance 
date reflected an attempt to balance competing concerns, and the final 
compliance date reflects a reconsideration of how best to balance the 
need to collect data quickly, and the need to collect it accurately.
    Regarding the comments that it was arbitrary and unreasonable for 
the Bureau to propose a broader rule with an 18-month compliance period 
in the NPRM, compared to a rule of lesser scope and a two-year 
compliance period in the SBREFA process, the Bureau is not finalizing a 
blanket 18-month compliance period in this final rule, as explained 
above. And even if the Bureau were finalizing an 18-month compliance 
period as proposed, the Bureau would disagree with the commenters for a 
number of reasons.
    First, the Bureau does not believe that the scope of data 
collection and reporting under the NPRM expanded greatly compared to 
the SBREFA outline of proposals under consideration. While several data 
points were proposed pursuant to ECOA section 704B9(e)(2)(H), most of 
these data points (such as pricing, application method, application 
recipient, reasons for denial) are data in possession of financial 
institutions, as items that are part of the underwriting or lending 
process. Some of the other items, such as time in business and NAICS 
Code, are captured by some lenders in any case. Similarly, the NPRM 
(but not the SBREFA Outline) included several provisions giving leeway 
to financial institutions attempting to comply in good faith, such as 
the bona fide error and safe harbor provisions.
    Second, even assuming that the scope of data collection and 
reporting under the NPRM were greatly expanded as compared to the 
SBREFA Outline, the final rule includes a variety of provisions 
intended to streamline compliance as compared to the NPRM. For 
instance, the Bureau has simplified the approach to pricing, time in 
business, and NAICS code (requiring the collection of just 3 digits 
rather than 6), and the Bureau is no longer requiring the use of visual 
observation and surname analysis. The Bureau is also providing a grace 
period during which it does not intend to assess penalties, so long as 
financial institutions attempts to comply with this rule in good faith 
(see part VII below). The Bureau also believes that the materials it 
has prepared for concurrent release with the final rule, including the 
initial version of the Filing Instructions Guide, will have the effect 
of facilitating compliance with the rule.
    Regarding the comment that the Bureau was shifting the burden of 
its delay in issuing the rule to industry, the Bureau disagrees. The 
Bureau's intention in proposing an 18-month compliance period was 
balancing two factors--providing sufficient time to comply while 
obtaining data as soon as possible. The Bureau believes that the final 
tiered compliance provision better strikes that balance by 
differentiating between lenders more likely to be able to comply 
earlier with accurate data, and lenders that are likely to need more 
time to report accurate data.
    Sequential changes. The Bureau acknowledges the comments that the 
implementation of compliance systems involves numerous steps in a 
specific order. However, the Bureau does not believe that this 
justifies a single, three-year compliance period for all financial 
institutions. The Bureau believes that it is generally correct that 
compliance must proceed in a specific order, and it also believes that 
larger lenders are more likely to have the capacity and resources to 
work on different steps of compliance implementation in parallel rather 
than purely sequentially, and thus comply in a shorter amount of time 
than smaller-volume lenders with less capacity and resources.
    Scope and complexity. Regarding the comments that a three-year 
period is needed to carefully understand and interpret the new rule, 
the Bureau agrees that this rule will be entirely new to many lenders 
with no experience with other data collection rules. However, the 
Bureau believes that such lenders are likelier to be smaller, lower-
volume lenders, and that the final tiered compliance regime give them 
the additional time they need to understand this rule. Regarding the 
comment that lenders could only understand the content of the 
regulations after the issuance of the final rule, the Bureau observes 
that it has endeavored to simplify this final rule compared to the 
content of the NPRM. Regarding comments that a single three-year period 
would give the Bureau time to educate and support lenders as they 
implemented this rule, the Bureau believes that the finalized system of 
tiered compliance dates provides sufficient time to educate and support 
smaller, lower-volume lenders more likely to need this help.
    The Bureau acknowledges that this rule would cover many different 
financial products and services, often with different processes, 
involving many changes across business units and systems, but the 
Bureau does not believe that a single three-year compliance period for 
all financial institutions is warranted on these grounds. The Bureau 
acknowledges that this rule is more comprehensive than existing 
collections of small business lending data, both in terms of how many 
financial institutions will be required to report under the rule, and 
in terms of the scope of what is required of any given financial 
institutions. However, the Bureau observes that many larger volume 
lenders have already complied with similar data reporting requirements 
for small business lending, including CRA and the Paycheck Protection 
Program, which also involved many data points and, for larger volume 
lenders, compliance across different business units and systems. The 
scope of this rule is somewhat more expansive than past data 
collections, but, as many

[[Page 35445]]

other commenters have pointed out, the significant overlap between this 
rule and the data required by other rules means that the content of 
this rule is likely to be well understood by many financial 
institutions.
    Regarding the comments that the rule requires the collection of 21 
data points, the separation of demographic information, and 
consideration of the feasibility of a firewall, the Bureau notes that 
these comments summarized the provisions of the rule without explaining 
how compliance with these provisions would require three years rather 
than 18 months. Regarding the comment that the regulatory burden of the 
rule would be significant and time-consuming, the Bureau refers to the 
impacts analysis in part IX. In short, such comments do not explain how 
the Bureau's specific attempts to quantify costs were erroneous, and do 
not address specific amounts of time that tasks would take.
    Policies and processes. Regarding comments that lenders need three 
years to create, update, and test non-software processes and policies, 
the Bureau acknowledges that some lenders do not currently use written 
applications for small business and farm loans, and would need to start 
using them. The Bureau believes that these lenders are more likely to 
be smaller lenders with lower volumes of originations. The Bureau also 
acknowledges that lenders would not be able to change procedures, 
forms, policies, and systems until the final rule is issued, and that 
clarifications and questions may take some time to address. The Bureau 
does not believe this justifies a single three-year compliance period 
for all lenders.
    Further, while stating that 18 months was insufficient, commenters 
did not specify the additional amount of time needed to create new 
procedures or workflows for applications, change existing workflows to 
align with the firewall requirement, overhaul their forms and 
applications, or to obtain new ones. The Bureau believes that the 
proposed compliance date would have provided sufficient time for these 
processes. The Bureau believes, however, that smaller lenders with 
lower volumes of originations may need more time than other lenders to 
adjust their processes and procedures to comply with the rule for the 
reasons provided.
    Technology. The Bureau acknowledges the many comments that it 
received requesting a longer compliance period to implement software 
solutions, and the various steps in that process, including 
identifying, vetting, and choosing vendors, and integrating and testing 
software. The Bureau acknowledges that the implementation process for 
software can be iterative and sequential. The Bureau understands that 
many lenders, especially smaller and community banks, that will need to 
automate currently manual lending processes to collect data for this 
rule. In particular, primarily lower-volume lenders, such as community 
banks and rural institutions, will need additional time to automate 
their processes with software to accurately collect data, including 
some lenders that collect HMDA and CRA data by manual processes. The 
Bureau also understands that many lenders not experienced with data 
collection rules have no relationships with vendors.
    While some lenders said that they could not begin to implement 
software until vendors create it, the Bureau notes that one commenter 
had identified a vendor already at work on compliance software for this 
rule as of early 2022. Regarding the comment from a larger lender 
stating that it would need additional time to build compliance software 
itself, the Bureau notes that it received relatively few comments from 
larger lenders.
    The Bureau notes that of the comments citing software changes to 
justify a three-year compliance period, only several provided any 
estimates of the time needed to implement software. The few estimates 
there were ranged from as few as six months from the issuance of the 
final rule to upgrade software to 18 months to two years to implement 
software, and further time still to train staff and test software. The 
Bureau believes that these comments may overestimate the time vendors 
will take to prepare compliance software. Some estimates assumed that 
vendors would not start their work until after the release of the final 
rule, but the Bureau understands from comments and other feedback that 
some software vendors started work on compliance software for this rule 
not long after the release of the NPRM. The Bureau also believes, based 
on other comments received, that the longer periods suggested by 
commenters are most likely to apply to smaller and mid-sized lenders, 
for the reasons discussed before--that vendors are likely to prioritize 
larger lenders in implementing new or upgraded software.
    Regarding the comment that lenders should have software six months 
before the compliance date for testing, the Bureau believes that the 
tiered compliance provision would provide most lenders this extra time. 
In any case, the Bureau believes that the grace period discussed in 
part VII may permit lenders to continue testing after their compliance 
dates, if needed. Regarding the comment that lenders need more than 18 
months to comply because they make build technology decisions one to 
two years in advance, the Bureau believes that the release of the NPRM 
gave lenders time to plan and budget for compliance technology well in 
advance of this final rule. Regarding the comment that some lenders 
adopt blackout periods of eight weeks at the end of the year, which 
could add four months to the time needed by lenders, the Bureau does 
not believe additional changes are needed to final Sec.  1002.114(b). 
The commenter did not suggest how common such blackouts were amongst 
lenders, nor how an eight-week blackout period would necessitate a 
four-month compliance date delay.
    The Bureau acknowledges commenters' concerns that small and mid-
sized banks will likely need more time to comply because of their 
greater dependence on the timing of third-party software vendors 
because these comments were based on industry experience with software 
vendors in the context of past rulemakings. The Bureau believes 
comments that vendors may become time or resource-constrained and have 
difficulties serving many lenders at once, and, given a single 
compliance date, are less likely to prioritize smaller lenders. The 
Bureau gives credence to comments that small lenders struggled to 
implement compliance systems for the TILA/RESPA integrated disclosure 
and HMDA rulemakings before their respective compliance dates because 
small lenders competed with larger lenders for the limited time and 
attention of vendors in advance of regulatory deadlines.
    Staffing. The Bureau acknowledges the many comments that lenders 
need more time to hire new staff and train existing staff to collect, 
verify, and report data for this rule; that training may apply to staff 
across different departments and business units within financial 
institutions; and that training can be time-consuming. The Bureau 
observes that comments requesting a three-year period based in part on 
staffing concerns did not estimate how much of the additional time 
requested was attributable to staffing issues. One exception was a 
comment from a lender that said it would need several months to train 
its staff of 3,000 employees; the Bureau believes that this comment 
tends to support an 18-month compliance period for larger lenders.
    The Bureau understands that certain staff training--on compliance 
software for this rule--may occur only after software is implemented. 
However, the

[[Page 35446]]

Bureau believes that other training may be conducted in parallel with 
the development of software, such as the training on the content of 
this rule. The Bureau agrees that lender staff with no familiarity with 
data collection rules may need more time to be trained in complying 
with this rule. The Bureau notes that the concern that staff already 
familiar with the HMDA and CRA rules would need training to avoid 
confusion with this rule is mooted by the Bureau's decision to exclude 
HMDA-reportable loans from reporting under this rule, and the proposed 
amendments to the CRA rules that would eliminate the existing CRA 
reporting regime.
    Regarding other comments, the Bureau agrees that part of the 
compliance process will involve communicating operational changes 
resulting from this rule to customers to minimize disruption and 
increase the likelihood that they will answer inquiries related to 
protected demographic information. The Bureau acknowledges that some 
customers may believe that lenders already request too much data but 
believes that it is speculative to say that customers may be driven to 
less safe financial products to avoid providing data for this rule.
    Access to credit. Regarding comments requesting a longer compliance 
period because lenders might need to pause or stop their small business 
lending until they were in compliance with this rule, hurting the small 
businesses that section 1071 was intended to benefit, the Bureau does 
not believe that a reduction in access to credit is likely for the 
reasons set out in part IX.
    Data accuracy. The Bureau, for the reasons stated above, agrees 
that smaller and mid-sized lenders are more likely to need more time to 
comply with this rule to ensure the accuracy of the data that they will 
submit. The Bureau agrees with the group of State banking regulators 
that the implementation timeframe should be increased for many 
financial institutions to better equip them to accurately report data.
    The Bureau makes particular note of comments from smaller lenders 
and their representatives that lenders lacking experience with data 
reporting regulations, such as HMDA or CRA, require more time to report 
accurate data. Inexperienced lenders must create processes from 
scratch, develop vendor relationships, and become accustomed to new 
procedures, such as testing software and other systems, to ensure the 
accuracy of data. The Bureau also agrees that the proposed 18-month 
period is not sufficient for lenders with lower-volume small business 
lending operations that may face limited staffing resources and that 
have never before collected the amount of data required by this rule.
    The Bureau agrees in principle that rushed implementation generally 
would make data in the first few years after the compliance date 
flawed, incomplete, or unusable, limiting the usefulness of the data 
for section 1071's fair lending and business and community development 
purposes. The Bureau believes that the tiered compliance date approach 
it is taking in this final rule will not result in rushed 
implementation. Rather, its final compliance provisions will provide 
sufficient time for especially smaller and mid-sized lenders to 
implement compliance systems and prepare to collect and report accurate 
data.
    Regarding the comments that data will be error[hyphen]laden in the 
first few years of collection until systems, policies, and procedures 
can be refined, the Bureau has accounted for this in its final rule, 
with its bona fide error provision and additional safe harbors for 
certain data points. As discussed in part VII, the Bureau is also 
providing a grace period for lenders during which it does not intend to 
assess penalties for errors, so long as lenders engaged in good faith 
compliance efforts.
    Regarding the assertion that a three-year compliance period more 
closely adhered to the expectation in the statute, the Bureau notes 
that text of the statute does not identify a specific compliance 
period, much less one as specific as three years. The Bureau interprets 
section 1071 as requiring a compliance period that best advances the 
statutory purposes of the rule. For the reasons specified above, the 
Bureau believes that its tiered compliance provision does this. In any 
case, the Bureau believes that the majority of covered financial 
institutions will report data with Tier 3, and thus will have 33 months 
to comply with the rule from its issuance.
    Other regulations. Regarding the comments that other comparably 
complex regulations--such as the 2015 HMDA rule, CRA, the TILA/RESPA 
integrated disclosure rule, and FinCEN's customer due diligence rule--
provided for more time to comply that the proposed 18-month compliance 
period, the Bureau agrees that these other rules may be instructive as 
to how much time smaller and mid-sized lenders might need to prepare to 
comply with this rule. However, the Bureau does not believe that this 
necessitates a single compliance period of three years.
    The Bureau acknowledges the comment that, unlike the 2015 HMDA 
rule, this rule does not involve building on an existing system but 
rather making a new data collection system, and that smaller-volume 
lenders in particular should therefore have closer to three years to 
comply. The Bureau also acknowledges that this rule, unlike HMDA, 
encompasses different credit products for small businesses which may 
use or require different processes, systems, and personnel.
    The Bureau agrees that smaller-volume lenders should have more time 
because they are more likely to have to build new systems and face 
challenges. The Bureau believes that larger lenders are less likely to 
have to start from scratch in complying with this rule, that they are 
more likely to be familiar with concepts from this rule borrowed or 
analogous to provisions in other existing data collection regulations, 
such as HMDA and CRA. This remains true even if larger lenders are more 
likely than smaller lenders to offer different credit products for 
small businesses which use different processes, systems, and personnel.
    The Bureau acknowledges commenters' concerns that based on industry 
experience with the 2015 HMDA rule, vendors were not likely to be ready 
in time for lenders to comply with this rule. The Bureau believes that 
the tiered compliance provision will give vendors time to work with 
covered financial institutions on a timely basis by spreading out 
software needs across three compliance dates. Vendors will be able to 
focus on smaller-volume lenders in Tiers 2 and 3, avoiding the hasty 
implementation or inattentive or delayed service commenters mentioned 
experiencing in complying with the 2015 HMDA rule and the TILA/RESPA 
integrated disclosure rule.
    The Bureau acknowledges comments that the Bureau to provide 
leniency regarding data accuracy for initial submissions after the 2015 
HMDA rule, and that lenders spent hours reviewing data to avoid errors 
and resubmissions under HMDA. The Bureau notes that the final rule 
contains provisions--including the bona fide error provision and the 
various safe harbors for several data points--that relieve lenders of 
the need to provide perfectly accurate data, especially in early 
submissions of data. As discussed in part VII below, the Bureau is also 
providing a grace period for lenders during which it does not intend to 
assess penalties for errors.
    The Bureau appreciates the concerns that vendors may need time to 
make inquiries to obtain clarity on the provisions of this final rule 
after its release to deploy solutions, as they did with the TILA/RESPA 
integrated disclosure rule. The Bureau intends to

[[Page 35447]]

work with vendors to answer inquiries about this rule as early as 
possible. The Bureau is releasing certain compliance aids and guides 
concurrently with the final rule to assist vendors in advance of the 
compliance dates; with previous rules; in the past, such materials were 
only made available months after the release of final rules. The Bureau 
believes that the leeway the Bureau is providing, in the form of the 
grace periods for all three compliance tiers, also may give vendors 
more time to test, adjust and improve their systems.
    Regarding the comments that experiences with past regulations are 
irrelevant, the Bureau disagrees that experience with past rules will 
not help lenders comply more quickly with this rule. The Bureau 
believes that experienced lenders, especially larger ones, have 
developed institutional knowledge and infrastructure in complying with 
regulations that will enable them to adapt to more quickly to new rules 
than lenders without such experience. The Bureau believes that the 
experience with data collection regulations, such as HMDA and CRA, is 
particularly relevant to compliance with this rule.
    Industry-specific rationales. The Bureau finds compelling the 
comments arguing that smaller-volume lenders--including FCS lenders, 
community banks, small credit unions, CDFIs, and start-up lenders--
would face greater challenges and costs in complying with the rule 
within the proposed 18-month period. The Bureau gives particular weight 
to concerns of other regulators that small financial institutions may 
need closer to three years to comply with the rule because they face 
particular challenges in implementation.
    In short, the Bureau finds the specific explanations compelling and 
reasonable--larger banks, as commenters pointed out, have more 
resources for compliance efforts, while smaller and even midsized banks 
may have less resources to, for instance, pay for staff for overtime or 
other short-term capacity to comply within 18 months. The Bureau also 
believes that small and mid-sized financial institutions will be a 
lower priority for vendors, based on the Bureau's outreach and comments 
by smaller lenders that experienced this in complying with past Bureau 
rulemakings. All of this suggests that smaller and, to a lesser extent, 
mid-sized financial institutions may face a tradeoff between speedy 
compliance and expending resources that larger lenders do not face.
    The Bureau acknowledges the comment that mid-sized banks may face 
challenges standing up systems in 18 months despite their best efforts. 
The Bureau believes, however, that relative to the lenders with the 
smallest volume of small business loans, middle-volume lenders tend to 
have more resources and are more capable of complying somewhat more 
quickly with this rule. The Bureau believes that while a 33-month 
compliance period may be appropriate for smaller-volume lenders, a two-
year compliance period is appropriate for middle-volume lenders.
    Regarding the comment that the Bureau should consider a longer 
compliance period based on its capacity to collect data from non-
depository institutions subject to the rule, the Bureau believes the 
challenge may be ensuring compliance by non-depositories that have not 
previously been subject to Federal data collection regimes. 
Nonetheless, the Bureau believes that larger non-depository lenders are 
likelier to be able to prepare to comply with this rule more readily 
while smaller volume lenders have additional time to prepare to comply.
    Regarding the comments that the Bureau should provide three years 
to comply because the proposed 18-month period is not tenable for motor 
vehicle dealers in general and small dealerships in particular, the 
Bureau observes that motor vehicle dealers are not covered financial 
institutions under this rule. Moreover, as described in the section-by-
section analysis of Sec.  1002.109(a)(3), the Bureau believes that 
motor vehicle dealers are often the last entity with authority to set 
the material credit terms of the covered credit transaction, and so are 
generally unlikely to be collecting small business lending data on 
behalf of other reporting financial institutions.
    More than three years. Regarding the comment that the Bureau should 
adopt a compliance period of three to five years because community 
banks would have to make hard decisions on staffing and lending 
capacity, resulting in potential market exit, the Bureau does not 
believe that such a lengthy compliance period is necessary for all 
financial institutions. The Bureau is providing Tier 3 lenders--which 
the Bureau believes will include many smaller community banks--33 
months, or nearly three years, to prepare to comply with the final 
rule. The commenter did not provide any details that would justify an 
even lengthier compliance period.
    Tiered compliance. Regarding the large number of comments received 
from industry commenters that requested tiered compliance--often as an 
alternative to a single compliance date longer than 18 months--the 
Bureau agrees for the reasons set out above.
    The Bureau appreciates industry comments in support of tiered 
compliance periods on the grounds that such a system would give smaller 
lenders would have more time to comply with the rule, including that 
the scope and complexity of the rule and the need to test systems to 
ensure accurate reporting would be particularly challenging to smaller 
lenders.
    The Bureau observes that many commenters that requested tiered 
compliance periods on the grounds that smaller banks and credit unions, 
especially those serving rural and underserved communities, needed more 
time to comply to have time to implement new compliance software. The 
Bureau acknowledges the comments identifying discrete steps in the 
process of implementing software, including finding vendors, giving 
vendors time to develop software, planning and executing network 
changes, and training staff but notes that these steps are not unique 
to smaller or mid-sized lenders. The Bureau observes that smaller-
volume lenders may find these steps more challenging for a number of 
reasons already articulated above. The Bureau acknowledges that smaller 
lenders may have little bargaining power with vendors and are often the 
last to receive system upgrades. The Bureau believes that tiered 
compliance dates are justified because hasty implementation by smaller 
banks facing difficulties implementing this rule may result in 
inaccurate data.
    The Bureau acknowledges certain factors identified by commenters, 
such as the need for lenders to hire and/or train additional compliance 
staff, train existing lending staff, educate customers on the content 
of the rule, are not unique to smaller lenders. However, the Bureau 
believes that smaller-volume lenders, especially those without previous 
experience complying with data collection rules, may face more 
challenges with all of these factors than larger lenders.
    The Bureau agrees with the comments that smaller financial 
institutions--including CDFIs, credit unions, and lenders servicing 
rural and underserved communities--should have a later compliance date 
to learn from money-center banks. The Bureau agrees that tiered 
compliance is important for lenders inexperienced with data collection 
rules to give them time to build compliance infrastructure. The Bureau 
agrees that such lenders may face more challenges than depository 
institutions in complying quickly with

[[Page 35448]]

this rule, needing to create compliance training programs from scratch, 
and that they may have a harder time obtaining expertise to implement 
compliance software and procedures. The Bureau agrees with the comment 
that banks with no HMDA compliance experience may need more time to 
comply with this rule than larger banks with such experience. The 
Bureau believes that the experience of larger banks with HMDA will 
enable them to more quickly comprehend this rule and implement 
compliance systems for this rule. This experience will also enable such 
banks to train their staffs more quickly. The Bureau further agrees 
that, under a tiered compliance system, smaller-volume lenders may 
learn from the earlier implement of large banks, and that tiered 
compliance would give smaller lenders more time to resolve 
unanticipated issues.
    The Bureau believes that industry experience with the staggered 
effective dates in the Financial Accounting Standards Board's Current 
Expected Credit Loss rule somewhat informs the final tiered compliance 
provision. The Bureau believes that the approach taken by the Financial 
Accounting Standards Board and other Federal regulators regarding the 
Current Expected Credit Loss rule support the Bureau's approach here.
    Regarding the number of compliance date tiers, the Bureau believes 
that the three tiers included in this final rule are more appropriate 
than two as suggested by some commenters, for the reasons already 
articulated. However, commenters distinguished not just between smaller 
and larger lenders; comments also identified mid-volume lenders as 
facing unique issues in complying with the rule, occupying a space 
between large and small lenders. Mid-volume lenders face certain 
challenges complying with the rule compared to larger lenders, but have 
greater resources and, often, more experience with Federal regulations 
and data collections than small lenders.
    Regarding the comments supporting the adoptions of three compliance 
tiers, the Bureau agrees. Regarding the comment that the Bureau should 
adopt three compliance tiers, giving the largest lenders one year to 
comply, medium-sized lenders two years, and small lenders three years, 
the Bureau agrees in part. The Bureau agrees that earlier compliance 
dates are justified for large lenders because they have greater staff 
expertise, as well as capacity and resources, to comply with data 
collection regulations. However, the Bureau believes that a one-year 
compliance period may be insufficient for many larger financial 
institutions to comply with this rule.
    Regarding the comment that the third compliance tier should include 
trusted small business lenders, the CFPB intends to propose, in a 
follow-on notice of proposed rulemaking, that lenders with strong 
records under the CRA or other relevant frameworks be permitted 
additional time to come into compliance with the rule. That approach is 
consistent with the statutory purposes of the rule.
    Regarding the request for tiered compliance starting not less than 
three years after the final rule, the Bureau does not believe such an 
approach would be appropriate, for the reasons specified above 
concerning the request for a single three-year compliance period. The 
Bureau believes that a three-year period for the earliest tier is 
inconsistent with the statutory purposes of the rule because larger 
volume financial institutions are capable of adequate compliance with 
this rule within 18 months. Further delay for these lenders would 
result in a longer period during which data are unavailable to 
facilitate the enforcement of fair lending laws or to identify business 
and community development needs and opportunities.
    Regarding the requests that the Bureau use asset size to determine 
compliance date tiers, the Bureau acknowledges that asset size can 
sometimes be a proxy for determining the resources and capacity a 
lender has to prepare to come into compliance with the rule. It is also 
a simple metric to implement, given that there are recognized standards 
for reporting assets. The Bureau agrees that institutions with less 
assets often have smaller compliance and information technology staffs.
    However, the Bureau notes that this rule applies to non-depository 
institutions as well. Some such lenders may have high volumes of 
originations but relatively low assets. As a result, the Bureau 
observes that asset size may not be as reliable a proxy for the 
capacity and resources a non-depository institution has to comply 
quickly with the rule. The Bureau believes that volume of originations 
is, in the context of small business lending, a better proxy than asset 
size for determining the capacity of a lender to comply with this rule. 
The Bureau also believes that tiering based on volume of originations 
is proportional to the interest a lender would have in complying with 
this rule, regardless of asset size.
    Regarding the comments opposing tiered compliance dates, the Bureau 
appreciates that this rule represents a great change for small and 
large financial institutions that may proceed through similar steps to 
implement the rule, including understanding the rule, changing 
processes, building and testing systems, training staff, and adding 
procedures and controls. The Bureau does not believe, however, that the 
magnitude of challenges lenders face is the same regardless of the size 
or capacity of the institution. The Bureau believes that the largest 
volume lenders that will be in Tier 1 have the capacity to comply with 
this rule within 18 months, especially given the leeway provided by 
this rule--in the form of the bona fide error thresholds and safe 
harbors--and by the grace period to report data that is sufficiently 
accurate. The Bureau agrees with the comment that limiting access to 
small business credit could have a negative impact on the economy, but 
does not believe the final tiered compliance date provision would 
``inevitably'' result in any diminishing of access to credit for small 
businesses, as discussed in more detail in part IX below.
    Regarding the comment opposing tiered compliance dates on the 
grounds that 18 months was sufficient for all institutions, the Bureau 
disagrees for the reasons specified above. While many smaller-volume 
lenders may be able to comply within 18 months, the Bureau believes 
that many such lenders may find it challenging to comply within 18 
months. Regarding the comment that financial institutions have had 
since the release of the NPRM in September 2021 to begin preliminary 
planning to comply with this rule, the Bureau agrees in part. While the 
final rule differs from the NPRM in several aspects, many provisions 
are based on statutory requirements--such as the mandatory data points, 
the firewall provision, the recordkeeping requirements, and the privacy 
analysis--and would have been finalized in some manner, permitting some 
planning for financial institutions concerned with preparing for 
implementation well in advance of the eventual compliance date. The 
Bureau does not believe, however, that the September 2021 release of 
the NPRM gives smaller volume lenders the ability to comply with this 
rule within 18 months of its issuance.
    Regarding the comment that the proposed compliance period of 18 
months would give banks just six months to collect data to do a trial 
run with one year of data before compliance date, the Bureau observes 
that smaller volume lenders in Tiers 2 or 3 would have more time to 
test their collection systems. The Bureau also notes that pursuant to 
final Sec.  1002.114(c)(1), all

[[Page 35449]]

financial institutions may start collecting data one year before their 
respective compliance dates, giving especially smaller-volume lenders 
more time to test their systems.
114(c) Special Transitional Rules
    The Bureau is adopting two transitional rules in Sec.  1002.114(c) 
to facilitate the initial compliance of financial institutions with 
subpart B. Final Sec.  1002.114(c)(1) permits, but does not require, 
financial institutions as described by Sec.  1002.114(b)(1) through (3) 
to collect information regarding applicants' minority-owned business 
status, women-owned business status, LGBTQI+-owned business status, and 
the ethnicity, race, and sex of applicants' principal owners under 
final Sec.  1002.107(a)(18) and (19) beginning 12 months prior to the 
financial institution's applicable compliance date as set forth in 
Sec.  1002.114(b)(1) through (3). A financial institution collecting 
such information pursuant to Sec.  1002.114(c)(1) must do so in 
accordance with the requirements set out in Sec. Sec.  1002.107(a)(18) 
and (19), 1002.108, and 1002.111(b) and (c). In addition, comment 
114(c)-2 clarifies that a financial institution that receives an 
application prior to its compliance date under Sec.  1002.114(b), but 
takes final action on the application after the compliance date, is not 
required to collect data regarding that application under Sec.  
1002.107 and not required to report the application pursuant to Sec.  
1002.109.
    Final Sec.  1002.114(c)(2) permits a financial institution that is 
unable to determine the number of originations of covered credit 
transactions for small businesses for calendar years 2022 and 2023, 
because for some or all of this period it does not have readily 
accessible the information needed to determine whether its covered 
credit transactions were originated for small businesses as defined in 
Sec.  1002.106(b), to use a reasonable method to estimate its 
originations to small businesses for either or both of the calendar 
years 2022 and 2023.
    The Bureau believes that these transitional rules pursuant to its 
authority under ECOA section 704B(g)(1), are necessary to carry out, 
enforce, and compile data pursuant to section 1071.
114(c)(1) Collection of Certain Information Prior to a Financial 
Institution's Compliance Date
Proposed Rule
    Proposed Sec.  1002.114(c)(1) would have provided that a financial 
institution that will be a covered financial institution as of the 
compliance date in proposed Sec.  1002.114(b) is permitted, but not 
required, to collect information regarding whether an applicant for a 
covered credit transaction is a minority-owned business under proposed 
Sec.  1002.107(a)(18), a women-owned business under proposed Sec.  
1002.107(a)(19), and the ethnicity, race, and sex of the applicant's 
principal owners under proposed Sec.  1002.107(a)(20) beginning 12 
months prior to the compliance date. A financial institution collecting 
such information pursuant to proposed Sec.  1002.114(c)(1) would have 
been required to do so in accordance with the requirements set out in 
proposed Sec. Sec.  1002.107(18) through (20) and 1002.108.
    The Bureau sought comment on the approach in this proposal.
Comments Received
    A joint letter from several trade associations supported the 
proposed provision permitting early collection of data. A community 
group agreed with the reasoning and approach to allowing voluntary 
reporting by financial institutions, inquired whether the Bureau was 
permitting voluntary reporting of date only for demographic 
information, and suggested that to permit the reporting of only 
demographic information would be of limited use. A business advocacy 
group commended the Bureau for encouraging the reporting of data before 
the start of the compliance period, and encouraged the Bureau to offer 
incentives to enable collection of data as early as possible to help 
enable the analysis of fair lending. Several CDFI lenders suggested 
that mission-oriented lenders ready to report data in 18 months should 
be able to opt in. Two banks recommended that the 12-month period of 
voluntary collection in advance of the compliance date should be 
extended further, noting that such a transitional period would be a 
critical period for lenders to implement, test, and if necessary, 
modify data collection and maintenance processes and systems before the 
compliance date. One trade association requested that the Bureau 
clarify that applications submitted before the compliance date, but 
approved after the compliance date, not be considered covered 
applications for purposes of determining coverage.
Final Rule
    The Bureau is finalizing Sec.  1002.114(c)(1), maintaining the 
provision in principle but making several changes. First, final Sec.  
1002.114(c)(1) permits, but does not require, a financial institution 
that will be a covered financial institution by the compliance dates 
set out in Sec.  1002.114(b)(1) through (3) to collect protected 
demographic information pursuant to Sec.  1002.107(a)(18) and (19) 
beginning 12 months prior to the compliance date applicable to that 
financial institution. This regulatory text has been adjusted to 
account for the change from a single compliance date in proposed Sec.  
1002.114(b) to the three different compliance dates in final Sec.  
1002.114(b)(1) through (3). Second, final Sec.  1002.114(c)(1) 
clarifies that any protected demographic information collected under 
this provision must comply with the requirements of Sec.  
1002.107(a)(18) and (19), and Sec.  1002.108, as proposed, and adds a 
new requirement that any demographic information collected must comply 
with the requirements of Sec.  1002.111(b) and (c). Third, final Sec.  
1002.114(c)(1) clarifies that a financial institution that receives an 
application prior to its compliance date specified in Sec.  
1002.114(b), but takes financial action on or after that compliance 
date, is not required to collect data regarding that application 
pursuant to Sec.  1002.107 nor to report the application pursuant to 
Sec.  1002.109.
    The Bureau is also finalizing new comments 114(b)-1 through 4. 
Comment 114(b)-1 specifies the provisions of this rule that a covered 
financial institution must comply with by the compliance date that 
applies to it under Sec.  1002.114(b). Comment 114(b)-2 specifies the 
provisions of this rule that covered financial institutions that must 
comply with the initial partial year collection pursuant to Sec.  
1002.114(b)(1), from October 1, 2024 through December 31, 2024. Comment 
114(b)-3 establishes informal names for compliance date provisions 
(Tier 1, Tier 2 and Tier 3) to facilitate discussion of the compliance 
dates specified in Sec.  1002.114(b)(1), (2), and (3). Comment 114(b)-4 
illustrates the application of Sec.  1002.114(b) to determine the 
compliance dates of a variety of financial institutions, based on a 
variety of volumes of originations of covered credit transactions to 
small businesses.
    The Bureau believes that this provision will give financial 
institutions time to test their procedures and systems for compiling 
and maintaining this information in advance of actually being required 
to collect and subsequently report it to the Bureau. Under this 
provision, financial institutions will have time to adjust any 
procedures or systems that may result in the inaccurate compilation or 
maintenance of applicants' protected demographic information, the 
collection of which is required by section 1071 but

[[Page 35450]]

otherwise generally prohibited under ECOA and Regulation B. (Financial 
institutions could of course collect the other information that would 
be required by this proposed rule at any time, without needing express 
permission in Regulation B to do so.) The Bureau believes that this 
provision will facilitate compliance and improve the quality and 
accuracy of the data reported to the Bureau and therefore is necessary 
to carry out, enforce, and compile data pursuant to section 1071, and 
will carry out the purposes of ECOA, and is necessary or proper to 
effectuate the purposes of ECOA and facilitate or substantiate 
compliance therewith.
    Regarding the question as to whether the proposed provision permits 
voluntary reporting only of protected demographic information, the 
Bureau observes that the provision actually only permits the 
collection, not reporting, of demographic information. The provision is 
necessary because, in its absence, ECOA and Sec.  1002.5(b) of 
Regulation B would otherwise prohibit creditors from collecting such 
demographic information, while creditors are not prohibited by ECOA and 
Regulation B from collecting the other data points required by this 
rule. Regarding the comments encouraging the Bureau to offer incentives 
to collect data as early as possible to help enable the analysis of 
fair lending, the Bureau notes that the provision exists only to help 
financial institutions better prepare to comply with the rule. The 
Bureau is not adopting any additional incentives, as suggested by 
commenters, and indeed it is unclear what incentives it might offer to 
further encourage early reporting.
    Regarding the comment that mission-oriented lenders ready to report 
data in 18 months should be able to opt in, the Bureau agrees. 
Regarding the request to extend the transitional period further such 
that financial institutions could collect protected demographic 
information without being required to report it for a period longer 
than 12 months, the Bureau acknowledges these concerns but does not 
believe such a change would be appropriate. The Bureau's decision to 
provide most smaller-volume financial institutions additional time by 
way of tiered compliance dates, as well as a grace period during which 
it does not intend to exercise its supervisory or enforcement 
authorities, all give financial institutions additional time and leeway 
to establish their compliance systems. Further, institutions seeking 
longer periods to collect demographic information would not necessarily 
have even one year of information upon which to base a determination 
that they may have to begin preparing to comply with the rule, 
potentially resulting in the collection (but not reporting) of 
protected demographic data in a way that completely overrides the 
general prohibition in existing Sec.  1002.5(b).
    Regarding the request to clarify that applications submitted before 
the compliance date, but approved after, not be considered covered 
applications, the Bureau agrees that such clarity is useful and thus 
final Sec.  1002.114(c)(1) addresses and implements this request.
114(c)(2) Determining Which Compliance Date Applies to a Financial 
Institution That Does Not Collect Information Sufficient To Determine 
Small Business Status
Proposed Rule
    Proposed Sec.  1002.114(c)(2) would have provided that for purposes 
of determining whether a financial institution is a covered financial 
institution under proposed Sec.  1002.105(b) as of the compliance date 
specified in proposed Sec.  1002.114(b), a financial institution would 
be permitted, but not required, to use its originations of covered 
credit transactions for small businesses in the second and third 
preceding calendar years (rather than its originations in the two 
immediately preceding calendar years).
    The Bureau sought comment on the approach in this proposal.
Comments Received
    A joint letter from trade associations representing the commercial 
real estate industry supported the proposed provision and suggested an 
edit to the regulatory text of proposed Sec.  1002.114(c)(2) specifying 
that a financial institution is permitted, but not required, to use its 
originations in the first two full calendar years after the effective 
date of the rule, rather than its originations in the two immediately 
preceding calendar years.
    A joint letter from trade associations, in commenting on the 
proposed compliance date, claimed that 18 months was not enough time to 
determine covered financial institution status pursuant to Sec.  
1002.105(b) because lenders would be required to collect gross annual 
revenue data to determine the small business status of their 
originations for purposes of originations thresholds, but they could 
not collect such data until after the publication of the final rule. 
The commenter noted that many lenders do not collect gross annual 
revenue for their commercial loans (e.g., investment property loans are 
underwritten based on net operating income), and that some lenders that 
collected gross revenue data did not have it readily accessible. The 
commenter requested a longer compliance period to give lenders time to 
understand the content of the final rule before the start of a calendar 
year to track originations for small businesses to avoid retroactive 
application of the final rule. The commenter suggested, instead, a two-
calendar-year period to collect gross annual revenue data, followed by 
the compliance date starting the third calendar year for those 
financial institutions that determine they are covered. The commenter 
noted that its proposed schedule was a minimum, and was predicated on 
having a gap between publication of the final rule and the start of the 
first calendar year during which lenders would track the small business 
status of originations, and that the Bureau published technical 
specifications sufficiently in advance of the third calendar year. A 
trade association, also commenting on the compliance period, claimed 
that two years would allow for implementation by lenders, would provide 
time to track originations of covered transactions and, therefore, the 
small business status of applicants, and would allow lenders to make 
changes necessary to achieve the statutory purposes of the rule.
Final Rule
    The Bureau is not finalizing Sec.  1002.114(c)(2) as proposed. The 
Bureau is instead implementing a different provision stating that a 
financial institution that is unable to determine the number of covered 
credit transactions it originated for small businesses for calendar 
years 2022 and 2023 for purposes of determining its compliance date 
pursuant to Sec.  1002.114(b), because for some or all of this period 
it does not have readily accessible the information needed to determine 
whether its covered credit transactions were originated for small 
businesses as defined in Sec.  1002.106, is permitted to use any 
reasonable method to estimate its originations to small businesses for 
either or both of the calendar years 2022 and 2023. The Bureau is also 
implementing new comments 114(c)-3 through -6. Comment 114(c)-3 
specifies circumstances under which a financial institution has readily 
accessible the information needed to determine the small business 
status of its covered credit transactions for purposes of determining 
its compliance date. Final

[[Page 35451]]

comment 114(c)-4 specifies certain circumstances under which a 
financial institution does not have readily accessible the information 
needed to determine small business status of its covered credit 
transactions for purposes of determining its compliance date. Final 
comment 114(c)-5 identifies three reasonable methods that may be used 
by financial institutions to estimate the number of covered credit 
transactions for small businesses for purposes of determining its 
compliance date. Final comment 114(c)-6 provides examples of financial 
institutions applying each of the three reasonable methods identified 
in comment 114(c)-5 by financial institutions, as well as financial 
institutions applying reasonable methods not specified in comment 
114(c)-5, to estimate the number of covered credit transactions for 
purposes of determining its compliance date.
    The Bureau believes that, in the context of the proposed single 
compliance date, proposed Sec.  1002.114(c)(2) would have provided 
greater clarity and certainty to financial institutions as to whether 
or not they would be covered financial institutions. This may have been 
particularly important for those financial institutions that originated 
a volume of covered credit transactions close to the threshold under 
proposed Sec.  1002.105(b) and a single compliance date. The Bureau 
believed this provision would have been necessary to carry out, 
enforce, and compile data pursuant to section 1071.
    However, because of the changes to the compliance date provision in 
final Sec.  1002.114(b), from a single compliance date to several tiers 
of compliance dates, the Bureau believes that Sec.  1002.114(c)(2) as 
originally proposed may no longer effectively serve the purposes for 
which it was originally intended. The Bureau believes that because the 
final rule provides for several compliance dates, the optionality 
provided by proposed Sec.  1002.114(c)(2) is no longer necessary and 
may even make compliance more confusing. The transition to several 
compliance dates in the final rule, from a single compliance date in 
the proposal, means that many lower-volume financial institutions will 
have one to two years in advance of their compliance date to determine 
whether they are covered financial institutions that must report data 
at all. For instance, an institution with a compliance date of January 
1, 2026, based on its annual originations in 2022 and 2023, may not be 
a covered financial institution at all by its compliance date if it has 
less than 100 annual originations in 2024 or 2025.
    The Bureau received one comment directly addressing proposed Sec.  
1002.114(c)(2). By contrast, the Bureau received multiple comments on 
the difficulty that some financial institutions may face in determining 
their coverage under this rule, and therefore their compliance date, 
because they do not collect information on the gross annual revenue of 
their applicants for business credit. Some industry commenters, as set 
out in the section-by-section analysis of Sec.  1002.107(a)(14), noted 
either that they did not collecting data on gross annual revenue of 
some small business applicants, or that there would be difficulties in 
collecting such data.
    In response to these comments, the Bureau has revised Sec.  
1002.114(c)(2) to provide greater flexibility for those financial 
institutions that do not have ready access to data on gross annual 
revenue to determine what compliance date will apply to them for 
purposes of Sec.  1002.114(b). Because of the changes to this rule 
after the proposal, the Bureau believes that this provision, as 
finalized, will provide greater clarity and certainty to those 
financial institutions that do not currently collect gross annual 
revenue data as to which compliance date will apply to them. This will 
be particularly important for those financial institutions that 
originated a volume of potentially covered credit transactions close to 
the threshold under Sec.  1002.105(b), and those financial institutions 
that originated a volume of potentially covered credit transactions 
close to the thresholds in Sec.  1002.114(b). The Bureau believes this 
provision is necessary to carry out, enforce, and compile data pursuant 
to section 1071.

Appendix E to Part 1002--Sample Form for Collecting Certain Applicant-
Provided Data Under Subpart B

Proposed Rule
    The Bureau proposed a sample data collection form that financial 
institutions could choose to use to collect minority-owned business 
status, women-owned business status, and principal owners' ethnicity, 
race, and sex. The proposed sample data collection form would have been 
similar to the HMDA data collection form and would have included a 
notice of the applicant's right to refuse to provide the information as 
well as an explanation of why the financial institution is requesting 
the information. The sample data collection form would have also 
included the definitions of minority individual, minority-owned 
business, principal owner, and women-owned business as they would have 
been defined in proposed Sec.  1002.102(l), (m), (o), and (s), 
respectively.
    Additionally, to aid financial institutions with the collection of 
the information in proposed Sec.  1002.107(a)(21), the sample data 
collection form would have included a question about the applicant's 
number of principal owners. The sample data collection form would have 
also included language that a financial institution would have been 
able to use to satisfy the notice requirement under ECOA section 
704B(d)(2) if it determined that one or more employees or officers 
should have access to the applicant's protected demographic information 
pursuant to proposed Sec.  1002.108(b)(2).
    The Bureau requested comment on the proposed sample data collection 
form, including the proposed language for the notice under ECOA section 
704B(d)(2). The Bureau also generally requested comment on whether to 
provide additional clarification regarding any aspect of the sample 
data collection form or the related notice provided pursuant to ECOA 
section 704B(d)(2). In addition, the Bureau sought comment on whether 
the sample data collection form should identify the Bureau to 
applicants as a potential resource in connection with their applicable 
legal rights or for additional information about the data collection, 
including concerns regarding non-compliance. It also sought comment on 
whether financial institutions need additional information on how to 
adapt this form for use in digital modes of data collection, and, if 
so, what specific information would be most useful. The Bureau further 
requested comment on whether a sample data collection form in Spanish 
or other languages would be useful to financial institutions.
Comments Received
    Commenters were generally supportive of the Bureau's inclusion of a 
sample data collection form in the final rule, stating that the sample 
data collection form would help financial institutions meet the 
demographic data collection requirements.
    Several commenters had suggestions for language to add to the 
proposed sample data collection form. One trade association suggested 
that the data collection form disclose, as the beginning, that the 
applicant is not required to respond to the questions, and second 
inquire as to whether the applicant is a small business based on its 
gross annual revenue and establish that the form is not required if the 
applicant is not a small business. One bank commented that the form 
should

[[Page 35452]]

include language, in bold, to the applicant stating that the 
information provided will not be used against them and is not 
derogatory.
    A bank urged providing an option on the proposed form for an 
applicant to indicate if the applicant's principal owner was present 
when the form was completed or if the responses were provided by the 
principal owner, to lessen confusion and discomfort during the 
application process. The bank stated such an option would also improve 
data quality where a financial institution does not meet with a 
principal owner in person and thus cannot make ethnicity and race 
determinations on the basis of visual observation and/or surname 
analysis. A trade association suggested including options to indicate 
on the form if the applicant declined to answer and that the applicant 
was not available, which could be used if an applicant representative 
was uncertain of an absent principal owner's ethnicity, race, and/or 
sex or was unsure if the principal owner wished to provide such 
information.
    A community group commenter recommended that the sample data 
collection form include a notice that the Americans with Disabilities 
Act prohibits discrimination in lending practices on the basis of an 
applicant's disability.
    An individual commenter suggested that applications include an 
explanation of why the Bureau is collecting protected demographic 
information after a demographic information collection section, which 
would allow an applicant to make an informed decision in providing 
information and know who to contact in the event of discrimination.
    A bank and a trade association stated that the proposed sample data 
collection form is misleading because it would have indicated that the 
demographic information is required and would not have stated that the 
borrower has the right to refuse to provide the requested information. 
In contrast, however, a CDFI lender supported the statement on the 
proposed form that applicants are not required to provide the 
information requested but are encouraged to do so. This commenter also 
supported the notice on the sample form that while provided information 
could not be used to discriminate against the applicant, some employees 
may have access to the information.
    Some lenders and trade associations expressed concerns about the 
text on the proposed sample form that would have disclosed that, if an 
applicant does not provide ethnicity, race, or sex information for at 
least one principal owner and the financial institution meets with a 
principal owner in person or via electronic media with an enabled video 
component, the financial institution is required by Federal law to 
report at least one principal owner's ethnicity and race based on 
visual observation and/or surname. Some of these commenters, who also 
opposed the proposed visual observation and surname data collection 
requirement this language would have referenced, stated that the 
proposed disclosure language may discourage an applicant from seeking 
an in-person meeting with the financial institution or pressure 
applicants to provide the information to avoid inaccurate guesses by 
bank employees or officers. Other commenters requested that the 
disclosure about the proposed visual observation and surname data 
collection requirement be removed from the form, because it would 
inform an applicant that the financial institution will be collecting 
information about their principal owners' ethnicity and race regardless 
of their choice to not provide the information. A joint letter from 
several trade associations representing the commercial real estate 
industry opposing the proposed visual observation and surname data 
collection requirement stated that the related disclosure language on 
the proposed form should be removed if the data collection requirement 
is not adopted for the final rule.
    Some community groups, a CDFI lender, and a joint trade association 
letter recommended that the Bureau provide non-English translations of 
any sample forms, including in Spanish. Two community groups suggested 
that the data collection form be provided in English, Spanish, and 
Mandarin Chinese. They stated that providing the forms in multiple 
languages would help reduce confusion and help lenders. Other community 
groups and a lender suggested that the proposed form be provided in at 
least the top ten spoken languages in the United States, as determined 
by the Census, so applicants can understand the data being collected 
and its context. They stated that the translations are necessary to 
honor the statutory intent, and that immigrants are more likely to 
start businesses than non-immigrants, and research shows that many 
immigrants and immigrant entrepreneurs have limited English 
proficiency, which leads to difficulties in navigating the financial 
marketplace.
    A trade association and a bank requested flexibility to solicit 
responses to the questions on the proposed sample collection form 
across different circumstances, and specifically asked for 
clarification that financial institutions could list the response ``I 
do not wish to provide this information,'' as the first response option 
and not the last, as it is listed for all the proposed questions on the 
form. The commenters also asked for flexibility, when using an 
electronic data collection form, to collapse subcategories of 
questions, so that they appear only when an applicant clicks on a 
question to facilitate readability. The commenters also asked for 
clarification for applications taken orally, as to whether all 
categories of responses must be read to the applicant, even if the 
applicant has responded to an earlier response option. These commenters 
also requested a safe harbor from liability for not using the language 
of the sample data collection form when taking a covered application 
orally, stating that some words on the form are long, complex, and may 
be difficult for employees to pronounce. These commenters also stated 
that the sample data collection form should disclose which data points 
will be published to allow applicants to make informed decisions, 
address privacy concerns, and improve data quality.
    Some commenters had suggestions for additional forms or materials 
the Bureau should issue. A trade association stated that the Bureau 
should create a business-specific form to request information, which 
the commenter stated should be optional for financial institutions to 
use. Several commenters, including banks, community groups, and a 
minority business advocacy group, asked the Bureau to create a uniform 
or model data collection or application form. The commenters generally 
stated that such a form would facilitate accurate data collection. One 
bank asserted that the likelihood of a respondent providing information 
would be higher, citing Paycheck Protection Program data that the 
majority of applicants chose not to provide demographic information. 
The bank stated that absent a uniform CFPB-issued form, collection and 
the resulting data will be flawed. Two commenters cited the HMDA model 
application forms as an example of such a uniform application, which 
one said effectively explains to borrowers why data are being collected 
and encourages completion of the data while also giving the borrower 
some assurance that they will not be discriminated against for either 
furnishing (or not) the data. A trade association and a bank urged the 
Bureau to create a specific data collection form for loans covered by 
HMDA and by section 1071, if HMDA-reportable loans are included in the

[[Page 35453]]

final rule, to facilitate consistent reporting. A trade association and 
a business advocacy group encouraged the Bureau to evaluate the sample 
data collection form and instructions on an ongoing basis for any 
necessary changes.
Final Rule
    Pursuant to its authority under ECOA section 704B(g)(1), the Bureau 
is finalizing appendix E to help financial institutions comply with 
requirements to collect applicants' protected demographic information 
and to keep an applicant's responses to inquiries for such information 
separately from the credit application and accompanying information. 
The introductory language in the sample form includes right to refuse, 
firewall, and non-discrimination notices. When lenders choose to use 
the form, this language serves to facilitate compliance with ECOA 
section 704B(c) and, when applicable, 704B(d)(2), as well as with 
comment 107(a)(19)-4, which requires that applicants be informed that 
Federal law requires it to ask for the principal owners' ethnicity, 
race, and sex/gender to help ensure that all small business applicants 
for credit are treated fairly and that communities' small business 
credit needs are being fulfilled. Though the sample form reflects a 
number of legal requirements applicable to collection, the rule does 
not require use of the form itself. Rather, the sample form is intended 
as a compliance resource for lenders who choose to use it.
    The Bureau agrees generally with commenters that the sample data 
collection form at final appendix E will help facilitate financial 
institutions' efforts to comply with the data collection requirements 
of the final rule, meet their statutory obligations, and that it will 
streamline the data collection process. To further these goals, the 
sample data collection form at final appendix E reflects edits made by 
the Bureau in response to comments received and further Bureau 
consideration. The final version of the form also considers feedback 
from user testing, conducted to learn about small business owners' 
likely experience in filling out the form and to explore design and 
language options to make the form effective.\839\
---------------------------------------------------------------------------

    \839\ CFPB, User testing for sample data collection form for the 
small business lending final rule (Mar. 2023), https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------

    The Bureau received comments suggesting that the Bureau provide 
more guidance or specific text on the form about the purpose of the 
data collected through the form. The Bureau agrees with commenters that 
it is important to provide applicants with a general explanation of the 
rule and its purpose. As discussed in the section-by-section analysis 
of Sec.  1002.107(a)(19), in response to similar comments and in 
consideration of feedback from the user testing, comments 107(a)(18)-4 
and 107(a)(19)-4 provide that a financial institution must inform an 
applicant that Federal law requires it to ask for the applicant's 
principal owners' ethnicity, race, and sex to help ensure that all 
small business applicants for credit are treated fairly and that 
communities' small business credit needs are being fulfilled. The 
Bureau has also included sample language for the statement on the 
sample form at appendix E. In the Bureau's user testing, participants 
also generally reflected a preference for upfront placement of language 
establishing that Federal law requires the collection of the requested 
information and emphasizing the purpose of collecting the information, 
to ensure that small business owners are treated fairly. As revised, 
the introduction on the first page of the final sample data collection 
form starts with this statement and also reiterates the purpose of the 
data collection in the last sentence. As discussed in the section-by-
section analysis of Sec.  1002.108, the Bureau has also revised the 
firewall notice in the introduction. The Bureau has moved its placement 
to the second paragraph of the introduction. In line with a suggestion 
by a commenter, the Bureau has also generally revised the language of 
the non-discrimination notice to emphasize that the financial 
institution may not discriminate against the applicant on the basis of 
its answers, by bolding and capitalizing the phrase, ``Federal law 
prohibits discrimination'' in that disclosure, along with other 
edits.\840\
---------------------------------------------------------------------------

    \840\ Id. at app. A.
---------------------------------------------------------------------------

    To accommodate the changes described above, the right to refuse 
notice is now included later in the introduction. The Bureau received 
comments that the proposed sample data collection form does not state 
that applicants have the right to refuse to provide the information 
requested--which the Bureau notes is incorrect--and a suggestion that 
the form emphasize that right at the very beginning. In the user 
testing, some participants also recommended greater emphasis on the 
right to refuse.\841\ After consideration of all the received feedback, 
the Bureau believes that the introduction of the sample data collection 
form appropriately addresses an applicant's right to refuse to provide 
the information requested. In particular, the preceding introductory 
material in the sample data collection form, as described above, will 
inform applicants about what they are refusing when exercising that 
right.
---------------------------------------------------------------------------

    \841\ Id.
---------------------------------------------------------------------------

    The first page of the final sample form also includes a question 
about the applicant's business status under final Sec.  
1002.107(a)(18). Whereas the proposed sample form originally had 
separate inquiries for an applicant's minority-owned business status 
and women-owned business status, the final sample data collection form 
combines those questions, along with the inquiry about whether the 
applicant is an LGBTQI+-owned business, into one question to streamline 
the questions on the data collection form.\842\ The Bureau also 
received feedback during its user testing of the forms that the term 
``business status'' was confusing for applicants. In consideration of 
that feedback and comments received generally urging the Bureau to make 
the sample data collection form clearer for applicants, the Bureau has 
revised the sample question heading to read ``Business ownership 
status.''
---------------------------------------------------------------------------

    \842\ Two versions of a combined question were tested in the 
Bureau's user testing. The version in final appendix E is the 
version the Bureau believes is conceptually simpler for applicants 
to understand.
---------------------------------------------------------------------------

    As discussed in the section-by-section analysis of Sec.  
1002.102(m), the Bureau is not adopting its proposed definition for 
minority individual in the final rule, because it is incorporating the 
substance of the minority individual definition in the ``minority-owned 
business'' definition at final Sec.  1002.102(m). To facilitate the 
readability of the combined business ownership status question on the 
final sample data collection form, the Bureau is including a separate 
explanation for what is meant by a minority individual, which is 
similar to the approach to the minority-owned business question on the 
proposed sample data collection form. A financial institution is 
permitted to use the language on the sample form to satisfy the rule's 
requirement to provide certain definitions when requesting an 
applicant's business status.
    The first page of the final sample data collection form also 
includes a question about the number of the applicant's principal 
owners, as did the first page of the Bureau's proposed form. The Bureau 
has revised the question to include check boxes for potential responses 
instead of a write-in text field as proposed, to reduce the likelihood 
of

[[Page 35454]]

error by applicants in responding to the question.
    Final comments 102(o)-3 and 107(a)(20)-1 clarify that a financial 
institution must provide the definition of principal owner set forth in 
Sec.  1002.102(o) when requesting information about the number of an 
applicant's principal owners. As discussed further in the section-by-
section analyses of Sec. Sec.  1002.102(o) and 1002.107(a)(20), in 
consideration of overall feedback from commenters to improve applicant 
understanding of the data collection and positive feedback received in 
the course of the user testing, the Bureau has revised the number of 
principal owners inquiry on the final sample data collection form to 
use the term ``individual'' instead of the term ``natural person'' when 
providing the definition of a principal owner.
    As explained in the section-by-section analysis of Sec.  
1002.107(a)(19), the Bureau has elected to not adopt the proposed 
requirement that a financial institution collect at least one principal 
owner's ethnicity and race information through visual observation and/
or surname analysis under certain circumstances. As a result, the 
Bureau has removed the proposed disclosure regarding this requirement 
from the second page of the final sample data collection form, 
rendering commenters' objections to the disclosure moot.
    In the Bureau's user testing, some participants expressed confusion 
about differences between the ethnicity and race questions on the 
sample data collection form. Some users also stated it was not obvious 
how many separate questions they had to answer. To ensure that the 
sample data collection form is clear and easily understood, on the 
second page of the form the Bureau has numbered the sample questions 
about a principal owner's ethnicity, sex (as ``sex/gender''), and race 
(from one to three, in that order) to make more apparent that the 
questions are separate inquiries. The Bureau has also changed the 
inquiries on that page to appear as questions (e.g., for ethnicity, to 
ask ``Are you Hispanic or Latino?'') to make the substance of each 
inquiry clearer. The Bureau has also made edits to rearrange the 
questions and to the format of the ethnicity and race aggregate 
categories and disaggregated subcategories on the final form, to make 
clearer for the reader that the disaggregated subcategories are 
associated with the aggregate categories. The Bureau has further 
updated the instruction associated with each of the response options 
with a write-in text field to direct the applicant to ``specify'' a 
response and not ``print'' a response as proposed, to facilitate the 
use of the instruction for paper, electronic, and oral applications.
    The Bureau carefully considered the comment suggesting that the 
sample form first note applicants' right to refuse and, second, 
establish that if the applicant is not a small business it does not 
need to fill out the form, by including an inquiry about the 
applicant's gross annual revenue. However, in the Bureau's user 
testing, participants preferred having information explaining that the 
data collection was required under Federal law at the beginning of the 
form and emphasized the importance of explaining the purpose of the 
data collection.\843\ And, for the reasons explained above, the Bureau 
believes the placement of the right to refuse in the introductory text 
is appropriate.
---------------------------------------------------------------------------

    \843\ CFPB, User testing for sample data collection form for the 
small business lending final rule at app. A, at 6, 11-12, 14 (Mar. 
2023), https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------

    The Bureau also does not believe that it is necessary for the 
sample form to include an inquiry establishing the applicant's small 
business status. Financial institutions will be required to maintain 
reasonably designed procedures to collect applicant-provided data, 
pursuant to Sec.  1002.107(c). The Bureau has also included a safe 
harbor under Sec.  1002.112(c) for a financial institution that 
initially collects data under Sec.  1002.107(a)(18) and (19) regarding 
whether an applicant for a covered credit transaction is a minority-
owned, a women-owned, and/or an LGBTQI+-owned business, and the 
ethnicity, race, and sex of the applicant's principal owners, but later 
concludes that it should not have collected this data, if certain 
conditions are met. The Bureau believes these other regulatory 
provisions will mitigate the possibility that data will be incorrectly 
collected and protect financial institutions from inadvertent 
collection. As a result, the Bureau does not believe that it is 
necessary for the sample form to include a question to establish the 
applicant's small business status.
    The Bureau considered the commenter's suggestion to include a 
disclosure about the American with Disabilities Act on the final sample 
data collection form. The sample form has been developed by the Bureau 
to address a financial institution's disclosure and data collection 
obligations under section 1071 and the Bureau believes it would be 
confusing for the sample form to include text as to the applicability 
of other laws.
    The Bureau is not adopting commenters' suggestions that the sample 
data collection form include options for indicating whether an 
applicant's principal owners or the applicant are not present or 
available, that the data was not provided by principal owner, or that 
the applicant declines to fill out the form. As discussed above, the 
proposed form would have included a notice about the applicant's right 
to refuse to provide the information requested. This right to refuse 
notice also appears, with some edits, on the final sample data 
collection form. The Bureau believes it is reasonable to assume that if 
the person filling out the data collection form on behalf of an 
applicant does not feel comfortable providing the information for any 
reason, including because they are not the principal owner at issue or 
do not believe they can provide accurate responses, that they will 
exercise the right to refuse to provide the requested information. 
Further, an applicant can also choose to not fill out the entirety of 
the form, to not provide responses to a specific question, or to select 
the ``I do not wish to provide this information'' or similar response 
option available for each of the demographic questions on the sample 
data collection form. As a result, the Bureau does not believe it is 
necessary to include the suggested options on the sample data 
collection form to address any discomfort by persons that may be 
completing the data collection form, who are not principal owners, as 
suggested by some commenters. Further, as explained in the section-by-
section analysis of Sec.  1002.107(a)(19), the Bureau is not finalizing 
its proposal to require a financial institution to collect at least one 
principal owner's ethnicity and race on the basis of visual observation 
and/or surname analysis under certain circumstances. All financial 
institutions will be required to report only applicant-provided 
responses to the demographic questions on the final sample data 
collection form. As a result, the Bureau does not believe the suggested 
options are necessary to address data quality concerns relating to the 
proposed visual observation and surname data collection requirement, as 
suggested by one commenter.
    The Bureau has considered comments suggesting that the sample data 
collection form disclose what information will be published. As 
discussed in greater detail in part VIII below, after receiving a full 
year of reported data, the Bureau will assess privacy risks associated 
with the data and make modification and deletion

[[Page 35455]]

decisions to the public, application-level dataset. As a result, the 
Bureau does not have definitive information about the public, 
application-level dataset available to put on the sample data 
collection form. The Bureau takes the privacy of such information 
seriously and, as noted, will be making appropriate modifications and 
deletions to any data before making it public. However, the Bureau 
intends to continue engage with the public about how to mitigate 
privacy risk.
    The Bureau also considered the suggestion to translate the sample 
data collection form into other languages. Generally, Bureau 
stakeholders have underscored the importance of language access as a 
way of ensuring fair and competitive access to financial services and 
products. Persons with limited English proficiency in the United States 
make up a significant portion of the population. According to a report, 
more than one in five immigrant entrepreneurs, or nearly 773,000 
people, in the United States in 2018 had limited English 
proficiency.\844\ More than 67 million people, or close to 22 percent 
of the U.S. population over the age of five, speak a language other 
than English at home.\845\ In 2021, over five million households 
reported that all their members were of limited English speaking 
ability.\846\
---------------------------------------------------------------------------

    \844\ New Am. Econ. Rsch. Fund, Assessing Language Barriers for 
Immigrant Entrepreneurs (Aug. 13, 2020), https://research.newamericaneconomy.org/report/covid19-immigrant-entrepreneurs-languages/ (analyzing 2018 data from the Census 
Bureau's American Community Survey).
    \845\ U.S. Census Bureau, American Community Survey, 2021 
American Community Survey 1-Year Estimates, Table S1601: Language 
Spoken at Home, https://data.census.gov/cedsci/table?q=language%20spoken%20at%20home&tid=ACSST1Y2021.S1601 (last 
visited Mar. 20, 2023).
    \846\ U.S. Census Bureau, American Community Survey, 2021 
American Community Survey 1-Year Estimates, Table S1602: Limited 
English Speaking Households, https://data.census.gov/cedsci/table?q=language%20spoken%20at%20home&tid=ACSST1Y2021.S1602 (last 
visited Mar. 20, 2023). The U.S. Census defines a ``limited English 
speaking household'' as one in which no member 14 years old and over 
(1) speaks only English or (2) speaks a non-English language and 
speaks English ``very well.'' See U.S. Census Bureau, Frequently 
Asked Questions (FAQs) About Language Use, https://www.census.gov/
topics/population/language-use/about/
faqs.html#:~:text=What%20is%20a%20Limited%20English,least%20some%20di
fficulty%20with%20English (last visited Mar. 20, 2023).
---------------------------------------------------------------------------

    The Bureau believes that competitive, transparent, and fair markets 
are supported by providing translations of key material in the 
customer's preferred language, along with the corresponding English-
language material. Accordingly, the Bureau will make available 
translations of the sample data collection form, for financial 
institutions that wish to use them. Use of these translations, like use 
of the form itself, is not required under rule, but the Bureau is 
providing them as an implementation resource for lenders.
    Some commenters asked for flexibility as to the presentation of the 
information, inquiries, and response options on the sample data 
collection form at final appendix E. Generally, the Bureau believes 
that applicants should have substantially similar experiences, 
regardless of a financial institution's method of collection, when 
being provided with required notices under the final rule (e.g., the 
firewall notice, the non-discrimination notice, and the right to refuse 
notice) and when asked for protected demographic information. The 
Bureau has designed the sample data collection form at final appendix E 
to assist financial institutions with their compliance obligations and 
to maximize the likelihood that an applicant will provide demographic 
information, after review of the comments received, user testing 
feedback, and other considerations. However, the Bureau notes that the 
use of the sample data collection form at final appendix E to collect 
information required under the final rule is not mandatory, and 
financial institutions are thus not prohibited from modifying the form, 
so long as the resulting collection method complies with applicable 
rule requirements.
    With regard to a couple of commenters' request for clarification as 
to whether a financial institution must read all of the categories of 
responses if collecting over the phone or orally even if an applicant 
has responded to an earlier response option, the Bureau is uncertain 
whether the commenters' request is referring to the collection of a 
principal owner's ethnicity and race information, which provides 
aggregate categories and disaggregated subcategories as response 
options. If so, the Bureau notes that it has revised the associated 
commentary for Sec.  1002.107(a)(19) to provide financial institutions 
with certain flexibility when inquiring about a principal owner's 
ethnicity and race information. Generally, comment 107(a)(19)-16 
provides that for applications taken orally through means other than by 
a paper or electronic form (e.g., telephone applications), the 
financial institution will not be required to read aloud every 
disaggregated ethnicity and race subcategory, in the manner described 
in the comment. Further, because an applicant using a paper version of 
the sample data collection form will reference all available answer 
options to a question at once and may review the answer options in any 
order, the Bureau does not believe that the answer options for a 
specified question need to be provided in a specific order for an 
application taken over the phone, as long as all the answer options are 
presented. However, for the requirement to collect ethnicity and race 
information specifically, comment 107(a)(19)-16 clarifies that the 
financial institution may not present the applicant with the option to 
decline to provide the information requested without also presenting 
specified aggregate categories and disaggregated subcategories for 
ethnicity and race. This would apply even if the applicant informs the 
financial institution, before the financial institution has asked for a 
principal owner's ethnicity and race information, that it does not wish 
to provide such information.
    The Bureau is not including other sample, uniform, or model 
applications or data collection forms in the final rule, as suggested 
by some commenters. There are a variety of products that are covered 
transactions under the final rule, and the Bureau understands that 
covered financial institutions may need to ask for the information 
(except for the protected demographic information) they are required to 
report to the Bureau in different ways. The Bureau does not believe 
that a sample, uniform, or model application or data collection form 
would be able to account for such potential variations. Thus, any 
additional forms may have limited utility and could incorrectly suggest 
that financial institutions are limited in the manner in which they 
collect non-demographic data under this final rule. As a result, the 
Bureau is not providing such a form at this time. The Bureau may 
consider issuing other guidance, tools, and compliance aids if it later 
determines doing so is necessary.
    The Bureau notes that there is no need for a specific data 
collection form for loans that are reportable under both HMDA and 
section 1071, as the Bureau has decided to exclude HMDA-reportable 
loans from the data requirements of the final rule as discussed in the 
section-by-section analysis of Sec.  1002.104(b)(2).
    Some commenters urged the Bureau to continue to review the sample 
data collection form and its instructions after these final rules are 
issued. The Bureau anticipates receiving and feedback as the final 
rules are implemented and, as with all the regulations it administers, 
will issue guidance as necessary and consider if changes to any aspect 
of the final rules are required, whether through rulemaking or 
otherwise.

[[Page 35456]]

Appendix F to Part 1002--Tolerances for Bona Fide Errors in Data 
Reported Under Subpart B

Proposed Rule
    The Bureau proposed appendix H, which would have set out a 
Threshold Table, as referred to in proposed Sec.  1002.112(b) and 
proposed comment 112(b)-1. As these provisions would have explained, a 
financial institution is presumed to maintain procedures reasonably 
adapted to avoid errors with respect to a given data field if the 
number of errors found in a random sample of a financial institution's 
data submission for a given data field do not equal or exceed the 
threshold in column C of the Threshold Table.
    Under the Threshold Table in proposed appendix H, column A listed 
the size of the financial institution's small business lending 
application register in ranges of application register counts (e.g., 25 
to 50, 51-100, 101-130, etc.). The applicable register count range 
would have then determined both the size of the random sample, under 
column B, and the applicable error threshold, under column C. The error 
threshold of column C, as proposed comment 112(b)-1 would have 
explained, identifies the maximum number of errors that a particular 
data field in a financial institution's small business lending 
application register may contain such that the financial institution is 
presumed to maintain procedures reasonably adapted to avoid errors with 
respect to a given data field. Column D would have been illustrative, 
showing the error threshold as a percentage of the random sample size.
    Proposed appendix H would also have included examples of how 
financial institutions would use the Threshold Table.
    The Bureau sought comment on proposed appendix H. In particular, 
the Bureau sought comment on whether the register count ranges in 
column A, the random sample sizes in column B, and the error thresholds 
in column C were appropriate. The Bureau further sought comment on 
whether a covered financial institution should be required to correct 
and resubmit data for a particular data field, if the institution has 
met or exceeded the thresholds provided in appendix H.
Comments Received
    A number of commenters, including banks, trade associations, and a 
community group addressed the proposed appendix H and its tolerance 
thresholds. The community group supported the structure of the 
tolerances as sensible, noting that larger lenders should face more 
stringent tolerances, expressed as lower percentages, and that the 
proposed thresholds were time-tested, and balanced reasonableness and 
data integrity, because they were consistent with Regulation C 
(implementing HMDA).
    Many banks and trade associations stated that the tolerances set 
out in proposed appendix H were too low and should be raised. One 
commenter said that limited error tolerances would create undue 
hardships for banks, and that it was imperative to work through 
processes to create valid data, and that invalid data are likely to 
raise false red flags that are burdensome for banks to defend. Another 
commenter stated that the tolerances were too low and needed to be 
raised because of the great amount of time needed to verify and re-
verify data points. A trade association advocated for higher tolerance 
thresholds in recognition of the substantial implementation efforts 
which will need to occur, and to provide banks a more meaningful 
opportunity to effectively implement the rule.
    A number of industry commenters noted that the thresholds in 
proposed appendix H were based on the tolerance thresholds for 
resubmitting data under Regulation C and HMDA, and asserted that these 
thresholds were too low for this rule, citing the number of data points 
required and the complexity of the data reporting requirements. Several 
of these commenters asked that the error threshold be increased to a 
``more reasonable level'' without specifying exact threshold 
percentages. One commenter requesting higher tolerances noted that HMDA 
reporting requirements had been in place for decades and that HMDA 
reporters thus have had decades to fine tune their processes and 
procedures.
    A bank said that the proposed thresholds left a margin of error 
that is statistically 0 percent, and claimed that by adopting error 
thresholds similar to the HMDA requirements, financial institutions 
would have to conduct a 100 percent audit to ensure accurate data 
collection/reporting, which they said would burden lenders. Another 
bank suggested that because data entry errors are inevitable the 
tolerance levels should be changed to a ``reasonable'' rate, and that a 
95 percent confidence level would be sufficient. A trade association 
stated that the tolerance thresholds were unrealistically low, given 
that small business loan data collection is entirely unprecedented and 
would require new systems and processes. The commenter stated that 90 
to 97.5 percent data accuracy was out of reach for most of the trade 
association's lenders, particularly in the first year. The commenter 
also noted that stringent data accuracy requirements under HMDA were 
already costly.
    A group of trade associations similarly requested that the 
tolerance thresholds be increased, in recognition of the substantial 
implementation efforts that financial institutions will undertake for a 
new data collection and reporting regime, requiring new processes and 
procedures, noting that despite all of these efforts that bona fide 
errors are likely to occur, especially given the substantial number of 
data points the Bureau is mandating.
    A bank suggested that the tolerance thresholds did not 
appropriately scale, noting that while there were seven tiers there 
were only two threshold levels. The bank asked that the Bureau 
implement more threshold levels and increase the thresholds, especially 
for low and intermediate volume lenders. Another bank said that the 
Bureau should increases the tolerance thresholds for lenders that had 
between 191 to 500 applications, to at least 4 percent but preferably 5 
percent. A third bank suggested expanding the threshold categories, to 
include different groupings, by number of applications: 501 to 1,000; 
1,001 to 10,000; 10,001 to 100,000; and more than 100,000. The bank 
also suggested incremental increases in the threshold number of bona 
fide errors.
Final Rule
    The Bureau is finalizing appendix H, renumbered as appendix F, with 
revisions that include the deletion of the first two rows of Table 1 to 
appendix F. These rows, covering small business lending application 
register counts of 25 to 50 applications and 51-100 applications, are 
omitted to correspond with the change in the originations threshold to 
determine if a financial institution is a covered financial institution 
under final Sec.  1002.105(b), from 25 originations to 100 
originations. While each provision looks to different metrics--
originations for Sec.  1002.105(b) and applications for appendix F--it 
is not possible for a lender to have originated more than 100 covered 
credit transactions for small businesses in a given year without also 
having received more than 100 applications for covered credit 
transactions. The Bureau believes that rows containing register counts 
of less than 100 are superfluous. Table 1 of appendix F is adjusted 
accordingly.
    For the reasons set out in the section-by-section analysis of Sec.  
1002.112(b), the Bureau is finalizing appendix F pursuant to its 
authority under ECOA

[[Page 35457]]

section 704B(g)(1) to prescribe such rules and issue such guidance as 
may be necessary to carry out, enforce, and compile data pursuant to 
section 1071, and its authority under 704B(g)(2) to adopt exceptions to 
any requirement of section 1071 and to exempt any financial institution 
or class of financial institutions from the requirements section 1071 
as the Bureau deems necessary or appropriate to carry out the purposes 
of section 1071.
    Regarding the various comments on the tolerance thresholds in 
proposed appendix H, the Bureau agrees with the comment that the 
structure of the tolerance thresholds was sensible, that larger lenders 
should face more stringent tolerances, and that the proposed thresholds 
were time-tested because of their use in examinations under Regulation 
C. The Bureau has considered the various comments asserting that the 
tolerances, based on the HMDA examination thresholds, are too low. The 
error thresholds were, as one commenter mentioned, tested in the HMDA 
context and reasonably balance the competing concerns of data quality 
and practicability of implementation. Further, commenters claiming that 
the thresholds were too low did not acknowledge one major difference 
with the HMDA thresholds; while the HMDA thresholds determine when 
lenders must resubmit their HMDA data to the Bureau, Sec.  1002.112(b), 
with the thresholds in appendix F, serve to eliminate financial 
institution liability under ECOA and this rule for bona fide errors 
under the thresholds. The Bureau does not believe that limited 
tolerances will create undue hardships, given the need to validate and 
re-validate data, nor that they will raise false red flags that will be 
burdensome for banks to defend. The revised compliance date provision 
in Sec.  1002.114(b) will provide the majority of covered financial 
institutions more time to validate their data in advance of the first 
submission to the Bureau under this rule. In addition, the Bureau is 
providing a grace period of one year, during which it does not intend 
to assess penalties for errors in data submitted by financial 
institutions that make good faith efforts to comply with rule (see part 
VII below).
    Regarding the comment that higher tolerance thresholds are needed 
in recognition of the substantial implementation efforts which will 
need to occur, the Bureau observes that it is recognizing these efforts 
in other ways, including the added time to comply under revised Sec.  
1002.114(b), and the grace period offered to all institutions in their 
first 12 months of collecting data.
    Regarding the comment that HMDA reporting requirements had been in 
place for decades, and that HMDA reporters had decades to fine tune 
their processes and procedures, and that the Bureau should increase the 
tolerances in proposed appendix H, the Bureau acknowledges that many 
HMDA reporters have had time to fine tune their processes, but also 
notes that the tolerances apply nonetheless to new HMDA reporters as 
well. In any case, the comment appears to support the point that the 
HMDA tolerances have been time-tested and are reasonable to implement.
    Regarding the comments that the proposed thresholds leave a margin 
of error of 0 percent, that they would require lenders to conduct a 100 
percent audit to ensure accurate data collection, and that a 95 percent 
confidence level would be sufficient, the Bureau refers the commenter 
to appendix F, which specifies the actual error thresholds based on the 
number of transactions, ranging from 10 percent for the reporters with 
the lowest volumes to 2.5 percent for those with the highest. Regarding 
the comment that 90 to 97.5 percent data accuracy would be out of reach 
for most of the trade association's lenders, particularly in the first 
year, the Bureau notes that in addition to the error thresholds, 
lenders will have the benefit of several other safe harbors, a grace 
period, and additional time to comply for most lenders as specified in 
Sec.  1002.114(b).
    Regarding the comment that the tolerance thresholds do not scale 
and that there were only two threshold levels, the Bureau notes that 
proposed appendix H, finalized as appendix F, specified more than two 
thresholds (five) and that final appendix F specifies four--6.4 
percent, 5.4 percent, 5.1 percent, and 2.5 percent. The Bureau is not 
implementing more threshold levels or to increasing the thresholds, as 
requested by some commenters, as these thresholds are already 
relatively high for low and intermediate volume lenders. Regarding the 
comment requesting that the Bureau increases the tolerance thresholds 
for the lenders that had between 191 to 500 applications to at least 4 
percent but preferably 5 percent, the Bureau notes that the error 
threshold for lenders in this range is already 5.1 percent. Regarding 
the suggested expansion of threshold categories, to include more 
groupings between 500 and 100,000, the Bureau notes that no explanation 
was given about what such additional ranges would accomplish, or what 
specific thresholds should be applied to these new ranges, other than 
that they should increase incrementally. The Bureau is also not 
adopting incremental increases in the error thresholds. Appendix F 
reflects the experience of HMDA examinations, and financial 
institutions with more applications are expected to have a lower 
percentage of errors than those that receive fewer applications.

VI. Effective Date and Compliance Dates

    The Bureau is adopting an effective date of 90 days after the 
publication of this final rule in the Federal Register consistent with 
section 553(d) of the Administrative Procedure Act \847\ and with 
section 801(a)(3) of the Congressional Review Act.\848\
---------------------------------------------------------------------------

    \847\ 5 U.S.C. 553(d).
    \848\ 5 U.S.C. 801(a)(3).
---------------------------------------------------------------------------

    This final rule includes the addition of a new subpart B to 
Regulation B comprised of final Sec. Sec.  1002.101 through 1002.114 
and related commentary, appendices E and F. This final rule also amends 
certain sections of existing Regulation B, renumbered as subpart A, 
specifically Sec.  1002.5(a)(4) and commentary related to Sec.  
1002.5(a)(2) and (4). It also makes conforming changes in several other 
provisions in existing Regulation B.
    Further, for the reasons specified in the section-by-section 
analysis of Sec.  1002.114(b), the Bureau is finalizing three different 
compliance dates, based on the number of originations of covered credit 
transactions for small businesses, rather than the single compliance 
date in the NPRM, which proposed a compliance period of 18 months after 
the publication of the final rule in the Federal Register. As specified 
in Sec.  1002.114(b)(1), covered financial institutions in Tier 1, 
which had at least 2,500 originations of covered credit transactions 
for small businesses in each of calendar years 2022 and 2023, will have 
a compliance date of October 1, 2024. As specified in Sec.  
1002.114(b)(2), covered financial institutions in Tier 2, which had at 
least 500 originations of covered credit transactions for small 
businesses in each of calendar years 2022 and 2023, will have a 
compliance date of April 1, 2025. As specified in Sec.  1002.114(b)(3), 
covered financial institutions in Tier 3, which had at least 100 
originations of covered credit transactions for small businesses in 
each of calendar years 2022 and 2023, will have a compliance date of 
January 1, 2026. As specified in Sec.  1002.114(b)(4), covered 
financial institutions which did not have at least 100 originations of 
covered credit transactions for small businesses in each of calendar 
years 2022 and 2023, but subsequently

[[Page 35458]]

originates at least 100 such transactions in two consecutive calendar 
years, will have a compliance date of no earlier than January 1, 2026.

VII. Grace Period Policy Statement

    During the SBREFA process and in response to the NPRM, the Bureau 
received numerous comments requesting a grace period in the early 
period after financial institutions are required to comply with the 
Bureau's final rule implementing section 1071. The Bureau agrees that 
it is appropriate to provide a grace period during which it does not 
intend to exercise its enforcement and supervisory authorities, 
assuming good faith compliance efforts by financial institutions; for 
instance, attempts to discourage applicants from providing data would 
not be in good faith. This Grace Period Policy Statement explains how 
the Bureau intends to implement such a grace period.

Comments Received

    In the context of responding to the proposal presented during 
SBREFA for a two-year implementation period, some small entity 
representatives and other stakeholders suggested that the Bureau adopt 
a grace period for data errors in the first year(s) after the rule goes 
into effect. These comments suggested that the Bureau adopt a grace 
period of some kind during which financial institutions would not be 
penalized for errors when trying to comply with the Bureau's rule 
implementing section 1071. This grace period would be akin to the first 
year in which the 2015 revisions to Regulation C were effective, when 
examinations were used to troubleshoot and perfect data reporting 
rather than penalize reporters.\849\
---------------------------------------------------------------------------

    \849\ CPFB, CFPB Issues Public Statement On Home Mortgage 
Disclosure Act Compliance (Dec. 21, 2017), https://www.consumerfinance.gov/about-us/newsroom/cfpb-issues-public-statement-home-mortgage-disclosure-act-compliance/.
---------------------------------------------------------------------------

    In response to both the proposed enforcement and the compliance 
date provisions in the NPRM, the Bureau received a number of comments 
requesting a grace period during which the Bureau would either not 
examine financial institutions for compliance with this rule, or would 
not assess penalties for violations of the rule. Several lenders 
supported a grace period without specifying how long the grace period 
should be. One of these commenters asked that the Bureau provide a 
grace period for at least one exam cycle.
    Many industry commenters requested a grace period of one year or 
more from Bureau enforcement and examinations for data errors. 
Commenters offered various reasons in support of this grace period. 
Many lenders and trade associations stated that a one-year grace period 
would be consistent with the Bureau's approach to the 2015 HMDA rule. 
Some commenters with HMDA experience observed that the one-year grace 
period in that context was helpful for compliance efforts. Several 
other industry commenters stated that the experience with the 2015 HMDA 
rule demonstrated that a grace period would improve data accuracy, as 
it would allow financial institutions time to identity errors and 
implement corrective action without penalty.
    Several banks stated that a grace period would be critical to give 
lenders an opportunity to ensure systems are working properly. One said 
that a one-year grace period would foster cooperation and frank 
discussions between covered financial institutions and the Bureau, and 
that lenders would be more open and proactive in working with the 
Bureau to ensure their compliance. Other commenters requested a grace 
period on the grounds that compliance with the rule was a significant 
change involving the revamping of systems, and that the grace period 
would protect lenders from scrutiny for unintentional and bona fide 
errors. Several stated that a grace period was necessary to provide 
banks an opportunity to implement the rule effectively, perform 
testing, and ensure that loan operation systems, software, and other 
technologies are functioning correctly. A trade association requested 
that the Bureau work with other regulators to provide a grace period so 
that lenders are not penalized immediately for errors. A bank stated 
that the numerous data points and the various reportable sub-parts to 
those data points would inevitably lead to errors. Another industry 
commenter requested a one-year grace period to permit lenders to avoid 
penalties for data errors in spite of their best efforts. Two trade 
associations requested a one-year grace period as necessary protections 
given the need to implement substantial changes under the rule. A trade 
association and a bank asserted that a one-year grace period should be 
provided because honest errors are only discovered in the process of 
implementation, and a grace period would permit not only the lenders 
that committed these errors to learn from them, but also the industry 
as a whole. Similarly, a bank stated that the grace period would help 
ensure that all lenders were on the same page regarding all the 
different circumstances presented by the rule. Another bank stated that 
compliance with the rule would be new to all financial institutions. A 
different bank stated that the grace period would ensure that the rule 
would not cause undue compliance hardships on banks and would help 
banks create valid data. A trade association urged that the Bureau use 
enforcement actions sparingly in the 12 months following the rule's 
compliance date.
    A smaller number of industry commenters requested a two-year grace 
period. One bank justified a two-year period because of the burden of 
compiling, maintaining, and reporting data under the rule. Another bank 
cited the magnitude of the rule's requirements and the tremendous 
effort to implement software, create policies and procedures, and train 
staff appropriately, and noted that such a grace period would allow for 
data quality testing in a real-life environment and lead to 
improvements in data accuracy. Several industry commenters requested 
that the Bureau avoid enforcement actions related to technical 
deficiencies for two years. Commenters also stated, in support of a 
two-year grace period, that absent such a grace period small business 
credit may be limited and the economy may be hurt; that compliance with 
the rule is spread across different business units, systems, and 
channels for larger lenders, and that current compliance systems are 
built to avoid collecting key data required by the rule (such as 
demographic information).
    Some industry commenters stated that the experience with the 2015 
HMDA rule showed that the Bureau should provide a two-year grace 
period. Two of these commenters noted that the Bureau should follow its 
approach in the 2015 HMDA rule, in which the Bureau imposed no 
penalties for two years after the new HMDA data collections took 
effect.\850\ These commenters also stated that with such a grace 
period, lenders could self-correct issues with data accuracy without 
threat of enforcement actions for the inevitable tech and other 
challenges that will arise initially.
---------------------------------------------------------------------------

    \850\ CFPB, Statement with respect to HMDA implementation (Dec. 
21, 2017), https://files.consumerfinance.gov/f/documents/cfpb_statement-with-respect-to-hmda-implementation_122017.pdf.
---------------------------------------------------------------------------

Policy Statement

    The Bureau agrees that a grace period is appropriate. The following 
discussion explains how the Bureau intends to exercise its supervisory 
and enforcement discretion following a

[[Page 35459]]

covered financial institution's initial compliance date.
    With respect to institutions subject to the Bureau's supervisory or 
enforcement jurisdiction, the Bureau intends to provide a 12-month 
grace period for the initial data submission from covered financial 
institutions that have compliance dates specified in Sec.  
1002.114(b)(2), and (3) (i.e., Tier 2 and Tier 3 institutions), covered 
financial institutions subject to Sec.  1002.114(b)(4) that must start 
collecting data on January 1, 2026, and any financial institutions that 
make a voluntarily submission for the first time for data collected in 
2025 or 2026.
    With respect to covered financial institutions subject to the 
Bureau's supervisory or enforcement jurisdiction that make good faith 
efforts to the comply with the rule that have a compliance date 
specified in Sec.  1002.114(b)(1) (i.e., Tier 1 institution), as well 
as any financial institutions that make a voluntarily submission for 
the first time for data collected in 2024, the Bureau intends to 
provide a grace period covering the 3 months of data collected in 2024 
(from October 1, 2024 through December 31, 2024) as well as the first 9 
months of data collected in 2025 (from January 1, 2025 through 
September 30, 2025).
    With respect to covered financial institutions subject to the 
Bureau's supervisory or enforcement jurisdiction that make good faith 
efforts to the comply with the rule that have a compliance date 
specified in Sec.  1002.114(b)(2) (i.e., Tier 2 institution), as well 
as any financial institutions that make a voluntarily submission for 
the first time for data collected in 2025, the Bureau intends to 
provide a 12-month grace period covering the 9 months of data collected 
in 2025 (from April 1, 2025 through December 31, 2025) as well as the 
data collected in the first three months of 2026 (from January 1, 2026 
through March 31, 2026).
    With respect to covered financial institutions subject to the 
Bureau's supervisory or enforcement jurisdiction that make good faith 
efforts to the comply with the rule that have a compliance date 
specified in Sec.  1002.114(b)(3) (i.e., Tier 3 institution), as well 
as any financial institutions that make a voluntarily submission for 
the first time for data collected in 2026, the Bureau intends to 
provide a grace period covering the 12 months of data collected in 
calendar year 2026 (from January 1, 2026 through December 31, 2026).
    The Bureau believes that a 12-month grace period will give 
institutions further time to diagnose and address unintentional errors 
without the prospect of penalties for inadvertent compliance issues, 
and may ultimately assist other covered financial institutions, 
especially those in later compliance tiers, in identifying best 
practices. While the Bureau believes that financial institutions in 
each reporting tier are capable of fully preparing to comply with the 
rule by their respective compliance dates, the Bureau believes that the 
use of its discretion providing a grace period that covers 12 months 
for each tier may result in more deliberate and thoughtful compliance 
with the rule, while still providing important data regarding small 
business lending as soon as feasibly possible.
    During the grace period, if the Bureau identifies errors in a 
financial institution's initial data submissions, the Bureau does not 
intend to require data resubmission unless data errors are material. 
Further, the Bureau does not intend to assess penalties with respect to 
errors in the initial data submissions. Any examinations of these 
initial data submissions will consider the good faith efforts of the 
financial institutions to comply with the data collection and reporting 
requirements. The examinations will be diagnostic and will help to 
identify compliance weaknesses. However, errors that are not the result 
of good faith compliance efforts by financial institutions, especially 
attempts to discourage the reporting of data, will remain subject to 
the Bureau's full supervisory and enforcement authority, including the 
assessment of penalties.
    The Bureau believes that these initial data submissions will 
provide financial institutions an opportunity to identify any gaps in 
their implementation of this rule and make improvements in their 
compliance management systems for future years.
    The Bureau agrees with commenters who said that a grace period will 
promote openness and frankness, and will permit the Bureau to help 
financial institutions identify errors and, thereby, self-correct to 
avoid such errors in the future. The Bureau can also use data collected 
during the grace period to alert financial institutions of common 
errors and potential best practices in data collection and submissions 
under this rule.
    The Bureau believes that a grace period covering institutions' 
first 12 months of data submission is sufficient, especially given the 
other accommodations the Bureau is making to ensure that financial 
institutions are not unduly penalized for good faith errors, such as 
the bona fide error provision and the various safe harbors the Bureau 
has finalized in this rule, and the other provisions that the Bureau 
believes are likely to lead to more accurate data, such as the tiered 
compliance date structure, for the reasons specified in the section-by-
section analysis of Sec.  1002.114(b). The Bureau does not believe that 
a two-year grace period is necessary to avoid impacting small 
businesses' access to credit; as the impacts analysis in part X below 
suggests, the Bureau does not believe that this rule will materially 
impact the access small businesses have to credit.
    Regarding the comment that the Bureau work with other regulators to 
provide a grace period so that lenders are not penalized immediately 
for errors, the Bureau notes that, unlike with HMDA, the Bureau is the 
sole agency that will be in a position to examine financial 
institutions' submissions for data errors in the first instance.
    This is a general statement of policy under the Administrative 
Procedure Act.\851\ It articulates considerations relevant to the 
Bureau's exercise of its authorities. It does not impose any legal 
requirements, nor does it confer rights of any kind. It also does not 
impose any new or revise any existing recordkeeping, reporting, or 
disclosure requirements on covered entities or members of the public 
that would be collections of information requiring approval by the 
Office of Management and Budget under the Paperwork Reduction Act.\852\
---------------------------------------------------------------------------

    \851\ 5 U.S.C. 553(b).
    \852\ 44 U.S.C. 3501 through 3521.
---------------------------------------------------------------------------

VIII. Public Disclosure of Data

A. Background

    Section 1071 of the Dodd-Frank Act amended ECOA to require 
financial institutions to collect and report to the Bureau data about 
applications for credit for women-owned, minority-owned, and small 
businesses, and for those data to be subsequently disclosed to the 
public.\853\ Section 1071 further states that the Bureau may ``at its 
discretion, delete or modify data collected under [section 1071] which 
is or will be available to the public, if the Bureau determines that 
the deletion or modification of the data would advance a privacy 
interest.'' \854\ Under the final rule, financial institutions may not 
compile, maintain, or submit any name, specific address, telephone 
number, email address or any personally identifiable information 
concerning any

[[Page 35460]]

individual who is, or is connected with, an applicant, other than as 
would be required pursuant to final Sec.  1002.107. Nonetheless, as the 
statute recognizes, publication of the data fields set forth in Sec.  
1002.107(a) in an unedited, application-level format could potentially 
affect privacy interests--for example, through the re-identification 
of, and risk of harm to, small businesses and related natural persons.
---------------------------------------------------------------------------

    \853\ See ECOA section 704B(e)(1) and (f)(2).
    \854\ ECOA section 704B(e)(4).
---------------------------------------------------------------------------

    The CFPB is not determining its final approach to protecting such 
interests via pre-publication deletion and modification because it 
lacks the reported data it needs to finalize its approach and it does 
not see comparable datasets to use for this purpose. In light of 
comments received on the NPRM's privacy analysis, this part VIII offers 
a preliminary assessment of how it might appropriately assess and 
advance privacy interests by means of selective deletion or 
modification. The CFPB is not at this point identifying the specific 
procedural vehicle for effecting its privacy assessment. With respect 
to both substance and process, it will continue to engage with external 
stakeholders; and it intends to invite further input on how it plans to 
appropriately protect privacy in connection with publishing 
application-level data.

B. Preliminary Privacy Assessment

1. Overview
    Under ECOA section 704B(e)(4), Congress provided the CFPB with 
broad discretion to modify or delete data prior to public disclosure to 
advance privacy interests.\855\ The NPRM proposed the use a balancing 
test for the exercise of this discretion. Specifically, it stated that 
it would modify or, as appropriate, delete data fields from collected 
application-level data where release of the unmodified data would pose 
risks to the privacy interests of applicants, related natural persons, 
or financial institutions that would not be justified by the benefits 
of such release to the public in light of the statutory purposes of 
section 1071. The Bureau explained that disclosure of an unmodified 
individual data field may create a risk to privacy interests if such 
disclosure either would substantially facilitate the re-identification 
of an applicant or related natural person, or would disclose 
information about applicants or related natural persons, or an 
identified financial institution, that is not otherwise public and that 
may be harmful or sensitive.
---------------------------------------------------------------------------

    \855\ Id.
---------------------------------------------------------------------------

    This balancing test would have required that the Bureau consider 
the benefits of disclosure in light of section 1071's purposes and, 
where these benefits did not justify the privacy risks the disclosure 
would create, modify the public application-level dataset to 
appropriately balance privacy risks and disclosure benefits. The Bureau 
would have deleted a data field prior to publishing the application-
level dataset if other modifications would not appropriately balance 
the privacy risks and disclosure benefits. An individual data field 
would have been a candidate for modification or deletion under the 
balancing test if its disclosure in unmodified form would create a risk 
of re-identification or a risk of harm or sensitivity.
    Section 1071 requires financial institutions to compile and 
maintain data and provides that such information be made available to 
the public upon request.\856\ Accordingly, section 1071 contemplates 
that the public know what published application-level data are 
associated with particular financial institutions. As a result, the re-
identification risk element of the balancing test analysis would not 
have applied to financial institutions, although the Bureau would have 
considered the risk to a financial institution that the release of 1071 
data in unmodified form would inappropriately disclose commercially 
sensitive information.
---------------------------------------------------------------------------

    \856\ See ECOA section 704B(e), (f)(2)(B).
---------------------------------------------------------------------------

    The Bureau sought comment on the design of the balancing test. It 
also sought comment on whether the balancing test should apply to the 
privacy interests of natural persons generally or only of those related 
to applicants.
Comments Received
    A wide range of commenters provided feedback on the proposed 
balancing test. Many community groups, as well as a several members of 
Congress, generally supported the NPRM approach. Others, including 
industry and several community groups, saw it as too subjective. These 
community groups stated that future Bureau leadership could choose to 
restrict publication by releasing truncated or aggregated data, but not 
application-level data. A lender and a trade association were concerned 
that the balancing test would not sufficiently protect privacy 
interests. Another commenter stated that the approach would be 
ineffective if a third party had personal knowledge of an applicant or 
related natural person because modifications to prevent re-
identification risk in this scenario would critically reduce data 
utility. A joint letter from community and business advocacy groups 
asked the Bureau to confirm that the balancing test would evolve. They 
asked the Bureau to assess market developments and how well the final 
rule achieved statutory purposes, and to use this information to modify 
its publication approach. Industry commenters asked the CFPB to limit 
or wholly abandon release of application-level data.\857\ For example, 
one commenter said that the agency should use exception authority under 
ECOA section 704B(g)(2) to not publish application-level data to avoid 
risks and burdens to the commercial and reputational interests of 
financial institutions.
---------------------------------------------------------------------------

    \857\ Commenters also provided feedback on potential 
modification and deletions for each of the Bureau's proposed data 
points; those comments are addressed in detail for each data point 
in part VIII.B.6 below.
---------------------------------------------------------------------------

    Several commenters provided feedback about what benefits and risks 
the balancing test should consider. A joint letter from community 
groups, community-oriented lenders, and business advocacy groups, along 
with a joint letter from several members of Congress, supported the 
Bureau's stated intent to consider the benefits of public disclosure 
and the statutory purposes of section 1071. In contrast, an industry 
commenter said that the balancing test should not consider fair lending 
enforcement as a relevant benefit. According to this commenter, using 
the data for fair lending enforcement would subject financial 
institutions to unjustified scrutiny by regulators and hinder the 
development of innovative underwriting techniques.
    Several commenters specifically stressed the importance of the 
Bureau considering the personal privacy interests of small business 
owners. More generally, a number of industry commenters, as well as 
several members of Congress, supported the Bureau's considering the 
privacy interests of applicants, related natural persons, and financial 
institutions. Numerous commenters said that public application-level 
data could pose significant privacy risks to these entities. Some noted 
that publication carries risks of re-identification and the disclosure 
of sensitive commercial and financial information. Industry commenters 
also reported that small business customers express privacy concerns 
whenever the government mandates disclosure of their business 
information. Commenters cited negative reactions to Paycheck Protection 
Program reporting requirements.

[[Page 35461]]

    Some community groups saw the privacy risks associated with 
publication as low. Several asserted that HMDA data, which contains 
similar data fields, has not resulted in an increase of fraud or 
identify theft against mortgage applicants. Some commenters also noted 
that the interval between reporting and publication would reduce the 
likelihood of misuse, as would the public availability of some of the 
date from existing sources. Several community groups and a CDFI lender 
urged the Bureau not to give weight to the privacy interests of 
financial institutions. According to these commenters, publication 
should not consider the commercial, proprietary, litigation, and 
reputational interests of financial institutions. A joint letter from 
community and business advocacy groups stated that because section 1071 
contemplates the disclosure of financial institution identity, the 
Bureau should not consider any of their privacy interests. Conversely, 
some commenters raised concerns about financial institution privacy 
interests. A trade association said that failing to consider such 
interests would result in the disclosure of trade secrets and other 
confidential information.
    Some commenters suggested that the balancing test include various 
presumptions for or against the publication of 1071 data. Community 
groups and a CDFI lender generally agreed that the balancing test 
should include a strong presumption in favor of disclosure. For 
example, some commenters stated that the Bureau should only modify or 
delete application-level data where its unmodified publication would 
pose privacy risks that meet a particular significance threshold--for 
example, where data fields would be ``highly sensitive'' or ``clear'' 
re-identification risk exists). Several industry commenters, on the 
other hand, suggested that the balancing test incorporate a presumption 
in favor of protecting privacy interests. For instance, a few 
commenters suggested that the Bureau give special consideration to the 
privacy interests of small financial institutions. These commenters 
warned that small business customers may gravitate to larger lenders 
because they believe it would be harder to identify individual 
applicants or related natural persons in data reported by large 
lenders.
Current Approach
    In light of the comments received on the balancing test, the Bureau 
is now of the preliminary view that re-identification risk to small 
businesses and their owners is the core risk from which the 
preponderance of cognizable privacy risks flow. In this respect, the 
Bureau is focused particularly on risks to personal privacy 
interests.\858\ The Bureau's preliminary assessment is that it will 
consider modification and deletion techniques to reduce those risks, 
while also considering the non-personal commercial privacy risks of 
small businesses. Lender privacy interests would be considered only 
where publication would create a compelling risk to those interests.
---------------------------------------------------------------------------

    \858\ The Bureau is considering whether the risks to sole 
proprietors, where the business and owner are indistinguishable for 
tax or legal purposes, may also qualify as personal risks. This may 
be the case where information reflects the sole proprietor's 
personal information, such as creditworthiness.
---------------------------------------------------------------------------

    Although some comments urged that it not publish any application-
level data, the Bureau does not intend to withhold all such data from 
the public because that would critically undermine the stated purposes 
of section 1071 and run contrary to the express disclosure provisions 
in the statute. This drastic step is also unnecessary to adequately 
mitigate relevant privacy risks.
    In response to comments positing harms that could arise from a 
third party having personal knowledge of an applicant or its owners, 
the Bureau agrees that this scenario heightens privacy risks. The 
Bureau will observe market developments to assess the likelihood and 
nature of this risk as it considers the appropriate approach to 
publication.
    The Bureau does not intend to separately assess disclosure benefits 
when making modification and deletion decisions about individual data 
points. After considering commenters' feedback about the value of the 
data fields, the Bureau is preliminarily of the view that all of the 
data fields have significant disclosure benefits that will facilitate 
fair lending enforcement as well as business and community development.
    Most comments on privacy risk generally supported the Bureau's 
intention to consider the privacy interests of small businesses, 
related individuals, and financial institutions. While the Bureau 
cannot conduct the statistical analysis necessary for a full re-
identification analysis until it receives reported data from financial 
institutions, the Bureau's preliminary privacy assessment accepts that 
some such data likely could re-identify applicants and their owners, 
potentially disclosing sensitive information. The personal privacy 
interests of small business owners, in particular, implicate compelling 
risks of harms or sensitivities. As acknowledged in the NPRM, some 
privacy risks are mitigated by the interval between collection and 
publication, and some 1071 data are already available from other 
sources. But publication of some data fields potentially poses 
significant risks of harm or sensitivities to both the personal privacy 
interests and non-personal commercial privacy interests of applicants 
and related individuals. While public HMDA data do not result in 
substantial privacy harms for mortgage applicants, that is in part 
because the Bureau makes modifications and deletions before 
publication, informed by a privacy risk assessment.\859\
---------------------------------------------------------------------------

    \859\ See generally 82 FR 44586 (Sept. 25, 2017).
---------------------------------------------------------------------------

    The Bureau does not intend to ignore the privacy interests of 
financial institutions. As discussed further below, however, the 
privacy risks to financial institutions raised by commenters are less 
significant than those to small businesses and related individuals. 
Accordingly, while the Bureau does not intend to exclude consideration 
of financial institution privacy risks, it anticipates modifying or 
deleting data to protect a financial institution's privacy interests 
only when publication poses a compelling privacy risk. At this time, 
commenters have not identified compelling privacy risks to financial 
institutions.
    In response to comments, the CFPB does not believe that a 
presumption or threshold would provide the Bureau with a more 
administrable standard. However, partly in response to comments on 
these issues, the Bureau's preliminary privacy assessment is more 
directly focused on the most significant privacy risks--particularly 
re-identification risk--than the balancing test described in the NPRM.
2. Implementation Process
Proposed Approach
    The NPRM did not include a full application of the balancing test 
to most of the proposed data points. It stated that the Bureau would 
analyze the re-identification risk element, in part, using a 
statistical analysis. However, the absence of an existing dataset or an 
alternative set of sufficiently similar data significantly impeded the 
Bureau's ability to discern whether a proposed data field, individually 
or in combination with other data, would substantially facilitate re-
identification of small businesses and related persons, and how 
specifically to modify data to reduce that risk. Underestimating the 
degree to which a 1071 data field, individually or in combination with

[[Page 35462]]

other data, facilitates re-identification risk could unnecessarily 
increase privacy risks to an applicant or a related individual, while 
overestimating re-identification risk could unnecessarily reduce data 
utility. Accordingly, the Bureau believed that a re-identification 
analysis of data other than actual reported 1071 data would not provide 
an accurate basis on which the Bureau could apply the balancing test to 
modify or delete data.
    In light of these limitations, the Bureau considered deferring even 
initial analysis until after it had obtained a full year of reported 
1071 data. Doing so, however, would have reduced opportunities for 
public feedback on privacy issues and their relationship to the 
proposed rule. The Bureau saw substantial value in setting forth its 
partial analysis under other aspects of the balancing test. 
Specifically, the Bureau set forth an initial analysis of the benefits 
and harms or sensitivities associated with the proposed data fields, 
the capacity and motives of third parties to match proposed 1071 data 
fields to other identifiable datasets, and potential modification 
techniques it might consider to address privacy risks. The Bureau 
responds to public feedback from commenters and updates this initial 
analysis below.
    In the NPRM, the Bureau indicated that a policy statement, rather 
than a notice-and-comment rulemaking, would be an appropriate vehicle 
for announcing its intentions with respect to data modifications and 
deletions. The Bureau offered several reasons for this approach. Under 
section 1071, the Bureau may delete or modify data at its discretion, 
in contrast to other provisions in the statute that require legislative 
rulemaking.\860\ Further, the Bureau's suggested approach with respect 
to modifications and deletions would not impose compliance obligations 
on financial institutions.\861\ In addition, the Bureau stated that 
preserving the ability to exercise its discretion to modify or delete 
data through policy statements would allow the Bureau to manage the 
relationship between privacy risks and benefits of disclosure more 
actively. The Bureau believed this flexibility may be especially 
important in the event that the Bureau becomes aware of developments 
that might contribute to privacy risks. The Bureau stated that 
potential uses of the application-level data in furtherance of the 
statute's purposes may also evolve, such that the benefits associated 
with the disclosure of certain data may increase to an extent that 
justifies providing more information to the public in less modified 
form.
---------------------------------------------------------------------------

    \860\ Compare ECOA section 704B(e)(4), with ECOA section 
704B(f)(2).
    \861\ Section 1071 requires financial institutions to compile 
and maintain data and provides that such data be publicly available 
upon request. See ECOA section 704B(e), (f)(2)(B). As discussed in 
the section-by-section analysis of Sec.  1002.110, the Bureau is 
finalizing its proposal to publish data on behalf of financial 
institutions.
---------------------------------------------------------------------------

    As a result, the Bureau suggested that after the first full year of 
data are reported, but before it releases data to the public, it would 
publish a policy statement setting forth its intentions with respect to 
modifications and deletions to the public application-level data. 
Before publishing that policy statement, the Bureau intended to conduct 
a balancing test analysis based on feedback to the NPRM as well as a 
quantitative analysis of re-identification risk using reported 1071 
data. The Bureau stated that in the interests of making data available 
in a timely manner, it did not intend to put its ultimate balancing 
test analysis out for public comment prior to issuing the policy 
statement. The Bureau sought comment on this approach.
Comments Received
    A wide range of commenters provided feedback on the Bureau's 
general approach to implementing the balancing test. Several community 
group and industry commenters supported the Bureau's intention to defer 
modification and deletion decisions until it had obtained a full year 
of 1071 data. While not explicitly opposed, other community groups and 
a minority business advocacy group asked the Bureau to publish data as 
fast as possible to help realize the statute's purposes. Some noted 
that the data remain unavailable despite Congress amending ECOA on this 
point more than a decade ago. Commenters also provided feedback about 
when the Bureau should begin publishing application-level data. Several 
commenters stated that the Bureau should commit in the final rule to 
releasing data by a date certain; some suggested January 1, 2024 as a 
target.
    Several industry commenters opposed deferring modification and 
deletion decisions until the Bureau received a full year of 1071 data. 
Some stated that if the Bureau published modification and deletion 
decisions before lenders started to collect data, small business 
applicants would better understand how to protect their privacy 
interests. Another said that publishing a full privacy analysis before 
the rule is effective is necessary for financial institutions to 
evaluate privacy risks. Other commenters asserted that deferring re-
identification analysis until after data are reported is unnecessary 
because it is already apparent that some proposed data fields, such as 
NAICS code and census tract, create a unique set of records that can be 
matched to public datasets. Several commenters offered alternative 
timing for modification and deletion decisions. Some suggested that the 
Bureau publish such decisions in this final rule. Another suggested 
that the Bureau publish interim decisions in this final rule, which 
could then be adjusted through notice-and-comment rulemaking after the 
Bureau receives the first full year of data. Others asked the Bureau to 
publish a full privacy analysis before the rule becomes effective. One 
lender suggested that data not be published for at least a year after 
the final rule is implemented to enable the Bureau to assess the 
effectiveness of its privacy analysis.
    The Bureau received a significant amount of feedback about its 
intention of announcing modification and deletion decisions in a policy 
statement without seeking additional comment. One industry commenter 
supported this approach, but most industry commenters on this issue 
asked the Bureau to seek additional comment on its privacy analysis and 
on its modification and deletion decisions, regardless of whether the 
Bureau announced publication decisions in a policy statement or through 
a legislative rulemaking. Commenters stated that the opportunity to 
comment would promote public confidence in the data collection process 
and contribute to a more accurate dataset. A number of commenters 
argued that the opportunity to comment on the full balancing test and 
on modification and deletion decisions would be necessary for 
stakeholders to provide meaningful feedback on privacy risk. According 
to some commenters, this would be particularly important for smaller 
financial institutions that were unable to provide adequate comment on 
what they considered to be complex privacy issues raised in the NPRM. 
Two lenders urged the Bureau to hold public meetings or hearings in 
compliance with the Regulatory Flexibility Act to seek feedback from 
smaller financial institutions and small businesses to, among other 
things, specifically address the privacy risks associated with 
reporting and publishing application-level data. A few industry 
commenters stated that the opportunity to comment on the full privacy 
analysis would be consistent with the Bureau's approach

[[Page 35463]]

adopted in the 2015 HMDA final rule. One commenter stated that the 
Bureau's analysis of the first full year of reported data would likely 
generate additional privacy issues that would warrant public input. Two 
others suggested that the Bureau seek comment about how it would 
release unmodified data to outside parties for research or other 
purposes.
    Several industry commenters, as well as a joint letter from several 
members of Congress, specifically requested that the Bureau implement 
its privacy assessment, and make associated modifications and 
deletions, via legislative rule. Some of these commenters asserted that 
this was required under administrative law. A group of trade 
associations contended that section 1071 does not permit the Bureau to 
use its discretion to make modification and deletion decisions outside 
an Administrative Procedure Act rulemaking process. According to this 
commenter, two provisions in section 1071 provide the Bureau 
``discretion'': ECOA section 704B(e)(4) provides the Bureau discretion 
to delete or modify public application-level data and ECOA section 
704B(f)(3) provides the Bureau discretion to compile and publish 
aggregate 1071 data. Noting that the Bureau proposed Sec.  1002.110(b) 
to implement the latter provision in this rule, the commenter asserted 
that the Bureau did not adequately explain how it was appropriate to 
implement the former provision outside a rule. The commenter said that 
these provisions should be implemented in a formal rulemaking. In 
addition, some industry commenters stated that increasing transparency 
about forthcoming publication, including potentially through a notice-
and-comment rulemaking, would protect the Bureau from litigation under 
FOIA. In this respect, commenters cited litigation involving the SBA's 
publication of Paycheck Protection Program data.\862\
---------------------------------------------------------------------------

    \862\ See, e.g., WP Co. LLC v. U.S. Small Bus. Admin., 502 F. 
Supp. 3d 1 (D.D.C. Nov. 5, 2020).
---------------------------------------------------------------------------

    Citing the benefits of transparency and to facilitate information 
about credit access and fair lending information, a joint letter from 
community groups, community-oriented lenders, and business advocacy 
groups stated that the Bureau should produce and release aggregate 
analyses of 1071 data in addition to releasing application-level data.
Current Approach
    For reasons discussed below, the Bureau intends to conduct a full 
privacy analysis and issue modification and deletion decisions with 
respect to the publication of application-level data after it obtains a 
full year of reported 1071 data. However, the Bureau is not committing 
at this time to issue modification and deletion decisions through a 
policy statement. Instead, the Bureau will continue to consider the 
specific timing and vehicle choice for issuing modification and 
deletion decisions, as it remains engaged with stakeholders on privacy 
and publication issues.
    Publication of application-level data will substantially advance 
the fair lending enforcement and business and community development 
purposes of section 1071. The Bureau thus intends to conduct a full 
privacy analysis and issue modification and deletion decisions as soon 
as practicable. It will also continue to consider feedback obtained to 
date and to engage with the public on how best to mitigate re-
identification risk and other risks to privacy interests. While the 
Bureau is not determining the vehicle with which it will announce 
modification and deletion decisions with respect to application-level 
data, or the precise timing of such decisions, it anticipates that 
those decisions will continue to be informed by public engagement.
    The Bureau intends to announce modification and deletion decisions 
only after obtaining a full year of application-level data. The Bureau 
lacks the data needed to perform an accurate re-identification analysis 
and commenters were not able to identify an alternative dataset that 
could be used for this purpose. Without data for an accurate re-
identification analysis, the Bureau cannot conduct a full privacy 
analysis to inform modification and deletion decisions.\863\ As 
discussed further below, there are certain data fields that the Bureau 
anticipates may present comparatively high risk to privacy interests, 
including the combination of NAICS code and census tract. However, the 
Bureau lacks data to confirm whether these data fields in fact create 
unique records that can be matched to public datasets.
---------------------------------------------------------------------------

    \863\ As discussed below, the Bureau is announcing more 
conclusive intentions with respect to modifications or deletions for 
individual contact information, unique identifier, and the use of 
free-form text in responses for certain data fields.
---------------------------------------------------------------------------

    The Bureau is not committing to a specific timeline for publishing 
application-level data. However, a target date of January 1, 2024 for 
publication, as suggested by some commenters, is not feasible because 
covered financial institutions are not required to begin collecting 
data under this rule until October 1, 2024 at the earliest. The Bureau 
intends to treat data under this rule as confidential in accordance 
with 12 CFR part 1070 until such time as it has completed its privacy 
analysis and published the data, and it will work expeditiously to 
those ends.
    Robust feedback, including in response to the NPRM, SBREFA, and 
other outreach, about the risks and benefits of 1071 data publication, 
has informed the Bureau's thinking to date.\864\ The Bureau intends to 
continue to seek further public engagement with respect to these 
issues. It does not believe, however, that such further engagement must 
be by formal comment either to ensure robust engagement or for the sake 
of procedural consistency with the Bureau's approach in HMDA.\865\
---------------------------------------------------------------------------

    \864\ See part III above for additional information.
    \865\ Unlike for HMDA, no data yet exists that the Bureau could 
use to conduct a full privacy analysis and make modification and 
deletion decisions.
---------------------------------------------------------------------------

    The Bureau is not establishing a separate program by which 
industry, community researchers, or academics will have access to 
unmodified data; the published data, subject to the modifications and 
deletions made by the Bureau, will be available to all users. However, 
it intends the Bureau plans to exercise its discretion to provide 
access to State or Federal regulators to the extent such disclosure is 
relevant to the exercise of the agency's authorities, and subject to 
appropriate restrictions. The Bureau plans to provide such access to 
Federal regulators that enforce ECOA.\866\
---------------------------------------------------------------------------

    \866\ Other regulators with authority to enforce ECOA include 
the OCC, the Board, the FDIC, the NCUA, the Surface Transportation 
Board, the Civil Aeronautics Board, the Secretary of Agriculture, 
the Farm Credit Administration, the SEC, the SBA, the Secretary of 
Transportation, and the FTC. See 15 U.S.C. 1691c; Regulation B Sec.  
1002.16(a).
---------------------------------------------------------------------------

    The Administrative Procedure Act and other laws do not require the 
Bureau to seek comment on the full privacy analysis or to issue 
modification and deletion decisions through a legislative rule with 
formal notice and comment. Section 1071 states that the Bureau may ``at 
its discretion, delete or modify data collected under [section 1071] 
which is or will be available to the public, if the Bureau determines 
that the deletion or modification of the data would advance a privacy 
interest.'' \867\ Statutorily, this provides the Bureau with 
flexibility to decide how it will make modification and deletion 
decisions, including the flexibility to do so without a legislative 
rulemaking. Other provisions of section 1071 plainly require the Bureau 
to engage in formal rulemaking, indicating that Congress did not intend 
such a requirement

[[Page 35464]]

here.\868\ The Bureau does not agree that it is implementing ECOA 
section 704B(e)(4) and (f)(3) inconsistently. It is codifying and 
implementing these provisions in final Sec.  1002.110(a) and (b) to 
preserve its discretion to make publication decisions without 
legislative rulemaking. Further, the circumstances of this rulemaking 
are distinguishable from the relevant facts in the PPP litigation that 
commenters cited.
---------------------------------------------------------------------------

    \867\ ECOA section 704B(e)(4).
    \868\ See, e.g., ECOA section 704B(g).
---------------------------------------------------------------------------

    At the same time, the Bureau is also not committing at this time to 
issuing modification and deletion decisions through a policy statement. 
As the Bureau has not yet obtained a full year of reported data to use 
in completing its privacy risk assessment, it is prudent to continue 
considering specific timing and vehicle choice for issuing modification 
and deletion decisions. Following further public engagement, including 
further opportunities for input, the Bureau will announce these 
decisions at a later date. Finally, the Bureau agrees with commenters 
that it should produce and release aggregate analyses of 1071 data in 
addition to releasing application-level data. The Bureau anticipates 
releasing select aggregated data before it publishes application-level 
data.
3. Publication Benefits
Proposed Approach
    In the NPRM, the Bureau sought comment on its understanding of the 
benefits of public disclosure of the 1071 dataset as a whole as well as 
the disclosure benefits for individual proposed data fields. The Bureau 
expected that users of the data would rely on this information to help 
achieve the statutory purposes of facilitating the enforcement of fair 
lending laws, and enabling communities, governmental entities, and 
creditors to identify business and community development needs and 
opportunities of women-owned, minority-owned, and small 
businesses.\869\
---------------------------------------------------------------------------

    \869\ See ECOA section 704B(a).
---------------------------------------------------------------------------

Comments Received
    The Bureau received robust feedback on the general benefits of 
public disclosure of application-level data from lenders, trade 
associations, community groups, several members of Congress, individual 
commenters, and others. It received comparatively few substantive 
comments on the potential disclosure benefits associated with 
particular individual data fields.
    Many commenters supported the publication of application-level data 
and agreed that the data will facilitate enforcement of fair lending 
laws. Some community groups stated that the transparency afforded by 
the publication of 1071 data generally would discourage predatory and 
discriminatory practices in the small business lending market. One of 
these commenters noted that action taken data, particularly categorical 
information such as denials, incompletes, or approved but not accepted 
by the applicant, were integral to promoting the fair lending purpose 
of section 1071. Other commenters said that transparency would protect 
responsible lenders from unfair scrutiny. Many community groups, along 
with some lenders, individual commenters, and others also stated that 
1071 data would allow governmental entities and community groups to 
monitor individual lenders' lending practices, identify lending 
disparities on a granular level, and enforce ECOA to the benefit of 
women and minority business owners. Community groups, a business 
advocacy group, and a CDFI lender further stated that HMDA data 
reporting has demonstrated that loan-level data enables community 
organizations, economists, and governmental entities to identify 
disparities between populations, which facilitates enforcement of fair 
lending laws. Other commenters expressed particular support for the 
publication of agricultural lending data, noting that the inclusion of 
data from agricultural creditors would help address discrimination in 
farm credit lending. These commenters cited a long history of 
discrimination targeting socially disadvantaged farmers and producers, 
including women-owned and minority-owned farms, in the farm credit 
market. Other stated that the 1071 dataset would help reveal where 
responsible lenders are serving small businesses fairly, aiding in the 
remediation of deficiencies, or removing barriers to equitable lending. 
A joint letter from community groups, community-oriented lenders, and 
business advocacy groups stated that the data would reveal disparities 
in access to credit in immigrant communities. Other community group 
commenters, along with two minority business advocacy groups, stated 
that application-level data would improve the understanding of 
demographic disparities in small business lending and support efforts 
to identify, address, and eliminate practices that create lending gaps 
for women-owned and minority-owned small businesses.
    Commenters also asserted that the publication of application-level 
data would promote the business and community development purpose of 
section 1071, stating that the data would provide greater understanding 
of small business credit trends, such as lending dynamics or credit 
request cycles for different industries, and would improve 
understanding of the small business lending market more broadly. Some 
commenters, including a minority business advocacy group, stated that 
disclosure would help facilitate development of targeted programs to 
help address inequities and foster efficiency in the small business 
credit marketplace. For example, commenters said disclosure would allow 
community groups and lenders to compare how lenders are meeting 
community credit needs, develop score cards on local lending, identify 
gaps in lending, and advocate for low-income and microbusinesses. A 
CDFI lender stated that pricing information data would allow 
stakeholders to assess loan affordability in underserved communities. 
Citing the benefits of increased transparency, a commenter noted that 
publishing small business credit transaction data would support price 
discovery by allowing the comparison of credit costs between 
institutions, credit types, and business types, which is critical for 
market efficiency. Commenters also said that disclosure would help 
community groups educate small businesses, facilitate the development 
of tools to effectively identify barriers small businesses face, and 
empower owners to access credit on fair terms.
    In contrast, several industry commenters saw little benefit from 
publication because the data would not include all factors that lenders 
rely on to make credit decisions. Some said that every small business 
loan is unique and without contextual information the data would not 
meaningfully increase understanding about the small business lending 
market. Others asserted that the data would be insufficient to conduct 
fair lending analyses, suggesting that data collection and publication 
are less effective mechanisms for identifying discrimination than 
examinations or disparate impact analyses. According to these 
commenters, HMDA data do not effectively reveal discrimination in the 
mortgage industry. One of these commenters also stated that publication 
would be ineffective because, as proposed, the data would not enable 
identification of additional types of discrimination, such as 
discouragement of particular groups of applicants. Two

[[Page 35465]]

lenders suggested that the dataset duplicate data already required 
under HMDA and the CRA. A trade association suggested that data from 
credit unions would not be comparable to data from other lenders 
because of community-based member restrictions. A joint trade 
association letter disagreed with the Bureau's proposed analysis of the 
disclosure benefits of application-level data, suggesting that the 
Bureau's analysis was vaguely defined and not clearly linked to the 
statutory purposes of section 1071.
Current Approach
    The Bureau has considered the comments above, and also relied on 
the NPRM's discussion of--and requests for comment on--the potential 
benefits of disclosing particular data fields. Given the comparative 
lack of comments on such benefits, the Bureau concludes that the NPRM's 
initial assessments of the utility of individual data fields were 
generally correct.
    As Congress recognized, market transparency through publication of 
application-level data will serve to realize their intended purposes in 
section 1071. Publishing such data will help to identify and discourage 
potential fair lending violations in small business lending, while 
protecting responsible lenders from unfair scrutiny. The Bureau agrees 
with commenters that published data will help address discrimination in 
agricultural lending. Publication of this data will also improve 
understanding of small business credit needs and will provide insights 
into the small business lending market, promoting the business and 
community development purposes of section 1071. Increased transparency 
can make it easier for small businesses to access credit efficiently, 
and easier for lenders and potential lenders to identify opportunities 
in the market, thereby increasing access to credit. Moreover, data 
users, such as community groups, researchers, and public officials, 
will be able to use the data to help determine whether certain types of 
credit are disproportionately available to different communities. 
Insights gained from publication will enable lenders, advocates, 
investors, and the public sector to better meet the needs of small 
businesses.
    These benefits are material even as the dataset may not include all 
factors that lenders may rely on in making credit decisions. The Bureau 
notes the feedback of SBREFA commenters discussed in the NPRM and the 
numerous comments from lenders, trade associations, individual 
commenters, and community groups discussed above who expressed general 
agreement that public data will facilitate the observation of small 
business lending practices in ways that are currently not possible. For 
example, data points such as pricing information and census tract will 
facilitate comparison of pricing data across discrete geographic 
locations allowing data users to efficiently compare credit costs 
offered by financial institutions. The relative lack of substantive 
comments disagreeing with the NPRM's initial assessment of the benefits 
of disclosing particular data fields also speaks to the utility of the 
data fields in relation to the stated statutory purposes.
    Commenters did not offer substantive evidence to back claims that 
data collection and publication do not help facilitate fair lending 
enforcement. In addition, whether other approaches to fair lending 
enforcement are more or less effective misses the point that analysis 
of data collected under this rule--as is true for data collected under 
HMDA--will contribute to robust and effective fair lending analysis. 
Further, publication of application-level data collected under the 
final rule will not inappropriately duplicate efforts under HMDA or 
CRA. Final Sec.  1002.104(b)(3) excludes HMDA-reportable transactions 
from coverage. Data collected under the final rule will cover more 
types of transactions from more institutions than existing CRA data, 
and it will include applications as well as originations. As discussed 
in part II.F.2.i and elsewhere, Federal prudential regulators have 
proposed to use data collected under the CFPB's final rule, once it 
becomes available, for purposes of CRA small business and small farm 
lending assessments, rather than drawing data from FFIEC Call 
Reports.\870\
---------------------------------------------------------------------------

    \870\ 87 FR 33884, 33930 (June 3, 2022).
---------------------------------------------------------------------------

    The benefits from publishing application-level data are so 
substantial that the Bureau is now of the view that each data field 
warrants inclusion in public data, subject to completion of the 
Bureau's full privacy analysis. Accordingly, the Bureau intends to 
publish application-level data except to the extent that it modifies or 
deletes data consistent with its privacy analysis.
4. Privacy Risk
    The NPRM considered the risks to privacy that might result from 
publication of application-level data reported to the Bureau. Based on 
its analysis at that time, the Bureau recognized that publication of 
the complete data set, without any form of modification, could pose 
risks to privacy interests. As discussed in more detail below, this was 
because certain data fields could create re-identification risk and 
disclosure of some fields would create a risk of harm or sensitivity. 
Accordingly, the Bureau intended to consider whether pre-publication 
modifications or deletions would reduce these risks to privacy and 
appropriately balance them with the benefits of disclosure.
    The Bureau sought comment on the range of privacy concerns 
discussed in the NPRM, including potential re-identification of small 
businesses and financial institutions, as well as the types of harms 
and sensitivities that unmodified release of data could have caused to 
financial institutions and small business applicants, which are 
described further below. As discussed above, informed by the comments 
on the NPRM, the Bureau's preliminary assessment is that it should 
adjust the balancing test articulated in the NPRM to assess, primarily, 
whether data, individually or in combination with other data, create 
significant re-identification risk for small businesses and their 
owners. Though this approach focuses primarily on re-identification 
risk, the privacy harms or sensitivities discussed below clarify the 
consequences of re-identification and underscore the importance of 
managing re-identification risk. Because re-identification is a 
prerequisite to any potential harms or sensitivities that may result 
from publishing data, the Bureau also concludes that actions taken to 
prevent re-identification will mitigate those harms or sensitivities 
for small business applications and their owners. In addition, the 
Bureau's preliminary view is that its privacy assessment should not 
consider financial institution privacy interests except where the 
Bureau identifies a compelling risk to such interests.
i. Re-Identification Risk
Proposed Approach
    The NPRM explained that, while information that directly identifies 
natural persons, such as name, address, date of birth, or Social 
Security number would not be collected, publication of application-
level data in an unmodified format potentially could be used to re-
identify small business applicants and related natural persons and 
potentially harm their privacy interests. The Bureau identified two re-
identification scenarios. First, a third party may use common data 
fields to match a data record to a record in another dataset that 
contains the identity of the applicant or related natural person. 
Second, a third party may rely on pre-existing personal

[[Page 35466]]

knowledge to recognize an applicant's record in the unmodified data. 
The Bureau used the term ``adversary'' to refer to either type of third 
party.\871\
---------------------------------------------------------------------------

    \871\ The term does not mean that the adversary's motives are 
necessarily malicious or adverse to the interests of others. See, 
e.g., Nat'l Inst. of Standards & Tech., De-Identification of 
Personal Information (2015), http://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf (using the term ``adversary'').
---------------------------------------------------------------------------

    Re-identification based on matching. Under the first scenario, the 
Bureau explained that it might be possible to match a data record to an 
identified dataset, either directly or through a combination of 
intermediate datasets.\872\ However, successfully re-identifying a data 
record would require several steps and could present a significant 
challenge. An adversary generally would have to isolate a record that 
is unique or rare within the data. A record is unique or rare when the 
values of the data fields associated with it are shared by zero or few 
other records. The Bureau stated that it believed actual data would be 
needed to perform an accurate re-identification analysis. Thus, it did 
not intend to apply the balancing test until after it had analyzed re-
identification risk with a full year of reported data.
---------------------------------------------------------------------------

    \872\ For these purposes, an ``identified'' dataset is one that 
directly identifies a natural or non-natural person.
---------------------------------------------------------------------------

    The Bureau explained that a data record having unique combinations 
of values would not automatically result in re-identification; an 
adversary would also have to find a record corresponding to the 
applicant or related natural person in another dataset by matching 
similar combinations of data fields. Once a data record had been 
matched, an adversary would possess any additional fields found in the 
corresponding record but not found in the data record--including, 
potentially, the applicant's identity. However, even after 
accomplishing such a match, an adversary might not have accurately re-
identified the true applicant to whom the data record relates. For 
example, if the corresponding record was not the only record in the 
other dataset to share certain data fields with the unique data record, 
an adversary would have to make a probabilistic determination as to 
which corresponding record belongs to the applicant.
    The Bureau expected that census tract and NAICS code, if published 
as proposed and without modification, could significantly contribute to 
re-identification risk. Geographic and industry information are 
publicly available in a variety of sources and in a form that directly 
identifies businesses or in a way that could be derived with reasonable 
accuracy. This information is also likely to produce unique instances 
in the data, both when used separately, but particularly when combined. 
Other proposed data fields could have resulted in unique combinations 
(particularly when combined with census tract), but the Bureau stated 
it would need actual data to analyze their contribution to uniqueness.
    In this context, the Bureau indicated that particularly relevant 
sources of identified data for matching purposes were UCC filings, 
property records, and titles. Such filings could pose a serious re-
identification risk because of the availability of information about 
the lender, the applicant, and the date of transaction. For example, an 
adversary might be able to use the date and financial institution 
listed in UCC filings to identify the applicants of originated loans in 
the public application-level data. UCC filings also typically have the 
address of the borrower. With this information, combinations of 
financial institution identity, action taken date, and census tract 
data might result in unique combinations that an adversary could 
connect to a publicly available source of information to re-identify 
the applicant.
    With respect to covered loans secured by residential and commercial 
property, publicly available real estate transaction records and 
property tax records would be particularly relevant sources of 
identified data, as the Bureau described in its proposed policy 
guidance on the disclosure of loan-level HMDA data.\873\ Because some 
of the data fields in such public records are also present in 
application-level data, publication without any modifications would 
have created a risk that these public records could be directly matched 
to a data record. UCC filings also frequently include the name of the 
lender, the name of the business, and the date that the filing was 
submitted. Though the availability differs by State, UCC filings are 
often searchable in State databases, and are frequently mined by data 
brokers. UCC statements are often filed against specific collateral and 
business assets generally. The NPRM accordingly indicated that such 
filings could pose a serious re-identification risk.
---------------------------------------------------------------------------

    \873\ See 82 FR 44586, 44593 (Sept. 25, 2017).
---------------------------------------------------------------------------

    The NPRM also explained that public records in loan-level datasets 
for programs like the SBA's 7(a), 8(a), 504, and Paycheck Protection 
Program, as well as State-level registries of women-owned and minority-
owned businesses for contracting purposes, could contribute to re-
identification risk. These datasets include information such as loan 
program guarantee information, industry information or NAICS code, 
demographic information about the business owners, time in business, 
and number of employees. As a result, the time in business and number 
of workers data fields might significantly contribute to 
reidentification risk, especially in combination with other data fields 
like census tract and NAICS code. Similarly, loan-level performance 
datasets made available by the Government-Sponsored Enterprises include 
information such as borrower demographic information, loan program 
guarantee information, pricing data, loan term, loan purpose, and the 
year of action taken. Asset-backed securities datasets for securitized 
mortgage and auto loans are made available by the Securities and 
Exchange Commission through the Electronic Data Gathering, Analysis, 
and Retrieval system. These datasets, which include information about 
the lender, the date of action taken, pricing data, loan term, loan 
amount applied for and approved, are available online with limited 
restrictions on access. But these datasets do not include the name of 
the borrower; as described above, this means that an adversary who is 
able to match a record in one of these datasets to a record in the data 
would need to make an additional match to an identified dataset to re-
identify an applicant. And some of these datasets contain restrictions 
on use, such as a prohibition on attempting to re-identify borrowers. 
Finally, the Bureau noted the existence of private datasets that might 
be matched to the data. For example, data brokers collect information 
about small businesses from a wide range of sources and sell it for a 
variety of purposes, including marketing, identity verification, and 
fraud detection.\874\ These datasets typically include data collected 
from commercial, government, and other publicly available sources and 
could contain data such as NAICS code, location, and estimates of gross 
annual income, number of workers, and information about related natural 
persons, including the ethnicity and race of principal owners.
---------------------------------------------------------------------------

    \874\ See generally Fed. Trade Comm'n, Data Brokers: A Call for 
Transparency and Accountability (May 2014), https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf (describing the types of products offered 
and the data sources used by data brokers).
---------------------------------------------------------------------------

    In addition to considering the steps an adversary would need to 
take to re-identify applicants and the various data sources that may be 
required to accomplish re-identification, including

[[Page 35467]]

their limitations, the Bureau considered the capacity, incentives, and 
characteristics of potential adversaries, including those that might 
attempt re-identification for harm. In particular, a competitor or 
potential competitor might seek information about a business's 
expansion strategy or financial condition, including whether it was 
able to obtain credit approval. As the Bureau explained, some 
adversaries could possess the resources to use private datasets in 
addition to publicly available records. However, the Bureau noted the 
extent to which much of the commercial benefit to be obtained by re-
identifying the data would be more readily available from private 
datasets to which these potential adversaries already have access 
without the need for recourse to the data. In many cases, information 
from other datasets could be timelier than that found in the data. 
Furthermore, some of these potential adversaries might refrain from re-
identifying the small business applicant for reputational reasons or 
because they have agreed to restrictions on using data for these 
purposes.
    Additionally, the Bureau stated that some academics, researchers, 
and journalists may be interested in re-identifying published data for 
research purposes. As noted above, however, some private datasets have 
contractual terms prohibiting their use for re-identification purposes 
and therefore these persons might be restricted from actually using the 
data to re-identify applicants. Further, some academics or journalists 
may be affiliated with organizations that have reputational or 
institutional interests adverse to re-identification efforts.
    The Bureau considered whether parties intending to commit identity 
theft or financial fraud may have the incentive and capacity to re-
identify applicants, but it assessed that the data would be of minimal 
use for these purposes. In addition, such adversaries are not law 
abiding and may have easier, albeit illegal, ways to secure data for 
these purposes than attempting to re-identify application-level data.
    Re-identification based on personal knowledge. The NPRM also noted 
the potential for re-identification based on personal knowledge. 
Location, as well as demographic and industry information, might well 
be known to an adversary familiar with an applicant, meaning that they 
might be able to re-identify an applicant without matching a record to 
another dataset. The Bureau explained that the personal knowledge 
possessed by such an adversary would be limited to information about a 
subset of applicants and related natural persons. Thus, any such re-
identification would impact a more limited number of applicants or 
natural persons than might be re-identified by adversaries possessing 
sophisticated matching techniques. The Bureau explained that 
uncertainty over the extent of relevant personal knowledge posed 
challenges for evaluating how much individual data fields contribute to 
this re-identification risk. For these reasons, the NPRM generally 
focused on matching-based risk. However, the Bureau sought comment on 
how to assess re-identification risk arising from personal knowledge.
    Applications that do not result in originations. In its final 
policy guidance on the disclosure of loan-level HMDA data, the Bureau 
explained that the risk of re-identification to applicants is 
significantly lower for applications that do not result in originated 
loans.\875\ A lack of public information about applications 
significantly reduces the likelihood that an adversary could match the 
record of a HMDA loan application that was not originated to an 
identified record in another dataset. In the NPRM, the Bureau stated 
that it had not identified any publicly available information about 
applications for business loans. However, unmodified data might still 
contain data fields that facilitate the re-identification of 
applicants. For example, census tract and NAICS code data could result 
in unique combinations that an adversary could use to match to an 
identified public record, such as a business directory.
---------------------------------------------------------------------------

    \875\ See 84 FR 649, 658 (Jan. 31, 2019); see also 82 FR 44586, 
44593 n.55 (Sept. 25, 2017).
---------------------------------------------------------------------------

    Overlap between HMDA and 1071 data generally. The Bureau proposed 
that some covered applications would also be reported under HMDA.\876\ 
The public loan-level HMDA dataset contains data fields in addition to, 
or that overlap with, the proposed data fields, and the proposed data 
would have included data fields not included in the public loan-level 
HMDA dataset. The Bureau recognized that, in cases of overlap, some 
data fields may have required additional analysis with respect to risks 
of harm or sensitivity and re-identification posed by such overlap. The 
Bureau sought comment on this issue and the implications of potential 
re-identification risk and potential risk of harm or sensitivity for 
applications reported under both section 1071 and HMDA.
---------------------------------------------------------------------------

    \876\ See the section-by-section analysis of Sec.  1002.104 for 
additional details.
---------------------------------------------------------------------------

Comments Received
    The Bureau received comments from lenders, trade associations, 
community groups, a business advocacy group, a software vendor, and 
several individuals on re-identification risk posed by the publication 
of unmodified, application-level data. Nearly all of these commenters 
agreed that re-identification risk, either through matching or via 
personal knowledge, should be considered by the Bureau when determining 
whether to modify or delete data for publication.
    Many industry commenters and a business advocacy group saw a high 
risk of data being used to re-identify applicants and related natural 
persons and that this would disclose harmful or sensitive private 
information. Some industry and individual commenters agreed that re-
identification risk will be higher as a result of data point 
combinations; several pointed to the combination of NAICS and census 
tract. One commenter stated that because re-identification risk depends 
on the distinctness of the data being published and on the ability to 
match that data to other datasets, the Bureau should consider privacy 
risk for the overall dataset rather than for each data point. Another 
stated that unpredictable changes in re-identification technologies may 
make data that are currently impossible to re-identify susceptible to 
re-identification in the future. Commenters also stated that businesses 
in rural areas face particular re-identification risk because of the 
likelihood that those areas have low populations and a low number of 
small businesses. Several commenters also saw re-identification risk in 
rural areas as more relevant to certain products, such as agricultural 
lending, that are concentrated in such areas. A group of trade 
associations said that CRA data are not published at the application-
level, in part because geography can contribute to the increased risk 
of re-identification.
    In contrast, some commenters, primarily consisting of community 
groups, asserted that re-identification risk, either through matching 
or because of personal knowledge, is low. Two commenters stated that 
the risk is low because much of the information that would be included 
in the 1071 dataset is already publicly available, either in commercial 
data sources or as a result of data breaches. Some commenters also 
stated that there have been no reported incidents of HMDA data, which 
is similar to 1071 data, being used to re-identify individuals. One 
said that the effectiveness of modifications and

[[Page 35468]]

deletion techniques for HMDA data suggest that similar modifications 
and deletions will nullify the re-identification risk for 1071 data. 
The Bureau did not receive comments about its assumption that data on 
applications that do not result in originations pose lower re-
identification risk than data on originated applications.
Current Approach
    In the Bureau's preliminary assessment, re-identification risk of 
small business applicants and their owners is the core privacy risk 
associated with data publication. While the primary focus of the 
Bureau's intended privacy analysis is the impact of re-identification 
risk on personal privacy interests, controlling reidentification risk 
will naturally mitigate other privacy risks and harms, including 
commercial privacy risks for small businesses. The prevailing view of 
commenters was that unmodified application-level data poses re-
identification risks that the Bureau should consider when making 
modification and deletion decisions. The Bureau also agrees with 
commenters that data point combinations, particularly the combination 
of NAICS and census tract, pose particular re-identification risks, and 
it intends to take this into account in making modifications and 
deletions.
    The Bureau agrees that small businesses in small or rural areas may 
face heightened re-identification risk. However, overall re-
identification risk depends on multiple factors. For example, while the 
overall transaction volume in a rural area may be lower than in an 
urban area, concentration of certain credit products in rural areas may 
change how much of an impact low transaction volume has on re-
identification risk. Thus, the Bureau does not intend to rely on a 
categorical determination that geographical area types or particular 
census tracts will contribute to the risk of re-identification in every 
circumstance. The Bureau intends to determine whether targeted 
modification of individual data fields sufficiently mitigates privacy 
risks from geographical identifiers, rather than relying on wholesale 
deletion of data from rural areas.
    The Bureau agrees that it is difficult to predict how technology 
will evolve in the future and impact re-identification risk. This is 
one reason it intends to track developments in the small business 
lending market, continue to engage with stakeholders, and reassess its 
privacy approach as necessary. The Bureau intends to preserve 
flexibility so that its privacy analysis can evolve with changes to 
privacy risks.
    The Bureau assesses that modification and deletion techniques can 
effectively limit re-identification risk and therefore concludes that 
completely withholding data--which would be contrary to section 1071's 
statutory purposes and express disclosure provisions--is not necessary 
to manage re-identification risk. As noted by commenters, modification 
and deletion techniques have effectively reduced re-identification risk 
from HMDA data, and the Bureau anticipates the same result with this 
data. The existence of some data that matches with existing data sets 
is not grounds to forego the full privacy analysis of collected data 
that will allow it to make targeted modification and deletion decisions 
to protect privacy interests.
    For the reasons given above and as discussed in part VIII.B.4.ii 
below, the Bureau preliminarily views re-identification risk as the 
most significant privacy risk associated with publishing application-
level data--and thus the most important privacy risk to consider in 
making modification and deletion decisions. Re-identification is a 
prerequisite to any potential harms or sensitivities that small 
business applicants or related natural persons may experience from 
publishing such data. As the risk of re-identification is reduced, the 
risk of harm caused by disclosing harmful or sensitive information also 
will be reduced. Further, as discussed below, because almost all the 
harms and sensitivities to financial institutions result from concerns 
about small business applicant or related natural person re-
identification, preventing such re-identification will also prevent the 
most serious harms and sensitivities for financial institutions.
ii. Risk of Harm or Sensitivity
Proposed Approach
    The NPRM considered whether a re-identified application-level 
record would disclose information about an applicant, related natural 
person, or financial institution that is not otherwise public and may 
be harmful or sensitive. Specifically, the Bureau evaluated whether 
such data could be used for harmful purposes such as fraud or identity 
theft or the targeted marketing of products and services that may pose 
other risks. The NPRM evaluated whether the data could cause 
competitive harm to small business applicants or to financial 
institutions. It also evaluated whether certain data fields might be 
viewed as sensitive if associated with a particular applicant, related 
natural person, or financial institution. In evaluating the potential 
sensitivity of a data field, the Bureau considered whether disclosure 
of the data field could cause dignitary or reputational harm to small 
business applicants, related natural persons, and financial 
institutions.
    The NPRM explained that some identifiable information about small 
business lending is already publicly available. Such information is 
both in public records and in private datasets with varying barriers to 
access and restrictions on use. The Bureau's analysis accordingly 
considered the degree to which disclosure would increase this risk 
relative to the risk that already exists. In general, where a data 
field was already publicly available, the NPRM saw a reduced risk of 
harm or sensitivity from its further disclosure.\877\
---------------------------------------------------------------------------

    \877\ However, where a data field was already publicly 
available, disclosing that data field in the data may have enabled 
the matching of data to other datasets that may not have been 
controlled by the Bureau, which could have substantially facilitated 
re-identification or the disclosure of harmful or sensitive 
information.
---------------------------------------------------------------------------

    The Bureau considered whether the data could be used for harmful 
purposes such as fraud or identity theft or the targeted marketing of 
products and services that may pose other risks. The Bureau's initial 
view was that unmodified application-level data would be of minimal use 
for perpetrating identity theft or financial fraud against applicants 
or related natural persons. As proposed, application-level data would 
not include information typically required to open new accounts in the 
name of a small business's principal owner, such as Social Security 
number, date of birth, place of birth, passport number, or driver's 
license number. Additionally, the data would not include information 
useful to perpetrate existing account fraud, such as account numbers or 
passwords. The Bureau acknowledged, however, that almost any 
information relating to a small business could, in theory, be used for 
these purposes. For example, unmodified data could potentially be used 
in a phishing attack against an applicant, or for knowledge-based 
authentication. Some such data, however, may already be available from 
public and private sources. The Bureau also noted, on the basis of its 
expertise and analysis, that the publication of HMDA data--which 
contain many data fields that are similar to data fields that would be 
disclosed under the proposal--has not resulted in any measurable 
increase in fraud or identity theft against mortgage applicants.

[[Page 35469]]

    The Bureau also considered potential impacts on targeted marketing 
of products and services. The Bureau explained that although the data 
could be used to market products and services that would have been 
beneficial for small businesses--perhaps increasing competition among 
creditors that could help small businesses receive better terms--they 
could also be used to target potentially vulnerable small businesses 
with marketing for products and services that may have posed risks that 
were not apparent. For example, users might perceive certain data to 
reveal negative information about an applicant's financial condition or 
vulnerability to scams relating to debt relief or credit repair. 
Information about a loan might also be used for a practice known as 
``stacking,'' in which creditors may obtain lead lists based on 
publicly available information and offer follow-on loans or advances 
that add to the debt burden carried by small businesses. Some creditors 
might also use the data for deceptive marketing practices. However, the 
Bureau noted that the utility of the data for predatory marketing 
practices may be limited by delay between action taken on a loan and 
data publication.
    The Bureau considered whether unmodified data would result in 
competitive harm to small business applicants or related natural 
persons by disclosing general information about a small business's use 
of credit that was not currently available to the general public. The 
Bureau acknowledged that certain data points in unmodified form could 
reflect negatively on the financial condition of a business or its 
owners. The Bureau also considered the potential for competitive harm 
to financial institutions. As discussed below with respect to the 
financial institution identifying information that would be reported 
pursuant to proposed Sec.  1002.109(b), the Bureau proposed to identify 
the financial institution in the public application-level data. 
Therefore, the data could reveal general information about a financial 
institution's lending practices that is not widely available to the 
general public. As the Bureau explained, data fields such as census 
tract, NAICS code, credit type, and pricing could disclose information 
about where a financial institution is doing business, what industries 
it is doing business with, what kinds of products it is offering, and 
what kinds of prices it is charging, respectively. Additionally, if a 
small business applicant were re-identified, a financial institution's 
competitors could identify the small businesses to which the financial 
institution is offering or providing credit. A financial institution 
could then potentially offer credit to a particular small business at a 
lower price than they currently received. However, the Bureau did not 
assess that unmodified application-level data would include key inputs 
for, or be detailed enough, to substantially facilitate reverse-
engineering of proprietary lending models. For example, it would not 
have included information about an applicant's credit history. The NPRM 
also noted stakeholder concern that data could harm financial 
institutions by increasing the amount of litigation against them. The 
Bureau sought comment on this risk.
    With respect to feedback that disclosing information about 
applicants in rural areas could lead them to seek financing elsewhere, 
the Bureau noted that would not necessarily reduce the risk that 
someone in the small business's community may ultimately re-identify 
them because the data would be reported with respect to the location of 
the business, as discussed in the section-by-section analysis of Sec.  
1002.107(a)(13).
    In addition to considering whether the disclosure of a data field 
could lead to financial or other more tangible harms, the Bureau also 
considered whether the data might be viewed as sensitive. In assessing 
whether a data field creates a risk of sensitivity, the Bureau 
evaluated whether its disclosure could lead to dignitary or 
reputational harm to small business applicants or related natural 
persons. For example, if re-identified, the data could reveal 
information that casts a negative light on a small business's financial 
condition, such as the fact that a loan was denied due to a business's 
credit characteristics or cashflow.
    The Bureau also evaluated whether the disclosure of a data field 
could cause reputational harm to financial institutions. The Bureau 
discussed stakeholder concerns that the data could lead users to draw 
unfounded inferences about discrimination. The Bureau noted that 
several of the data fields, if disclosed in unmodified form, would help 
address this concern by serving as control variables. For example, many 
financial institutions consider a small business's revenue when 
assessing the risk of extending credit. As a result, disclosing gross 
annual revenue data would help ensure that data users who are 
evaluating potential disparities in underwriting or pricing can compare 
small businesses with similar revenues, thereby controlling for a 
factor that might provide a reason for some disparities. The Bureau 
also noted that it does not expect that data alone could generally be 
used to determine whether a lender is complying with fair lending laws. 
The Bureau expected that, when regulators conduct fair lending 
examinations, they would analyze additional information before reaching 
compliance determinations.
    The Bureau also considered general expectations with respect to 
what information is available to the general public. For example, the 
Bureau explained that disclosing gross annual revenue in unmodified 
form could disclose sensitive information because it could reflect the 
financial condition of a small business or, where a small business is a 
sole proprietorship, a particular individual. This type of information 
is typically not available to the general public. The Bureau also 
acknowledged concerns that some small businesses and their owners would 
consider seeking credit sensitive, or would consider the disclosure of 
a banking relationship sensitive because others may draw adverse 
inferences about the small business's financial condition. These are 
concerns about sensitivity that would result from the re-identification 
of the applicant, rather than from the disclosure of particular data 
fields. The Bureau sought to address these concerns by mitigating the 
risk of re-identification.
Comments Received
    The Bureau received comments in this area from a range of 
commenters including lenders, trade associations, business advocacy 
groups, and community groups.
    Risk of identity theft or fraud. Some industry and academic 
commenters stated that the data points may subject small business 
applicants and related natural persons to an increased risk of fraud or 
identity theft. Commenters also stated that publication may expose 
financial institution employees, such as the financial institution 
contact reported under Sec.  1002.109(b)(3), to fraud or identity theft 
actions, such as phishing attacks. Another commenter stated that rural 
applicants will be easily identifiable in data and, as a result, at 
greater risk of fraud.
    Risk of targeted marketing harms. A group of bank trade 
associations and a business advocacy group asserted that public data 
could be collected and sold to interested third parties, potentially 
for targeted marketing purposes. No commenters asserted financial 
institutions would experience such harms.

[[Page 35470]]

    Risk of competitive harms. Several industry commenters and a 
business advocacy group expressed concern that the disclosure of 
application-level data would pose risks of competitive harm to small 
business applicants or related natural persons. Some commenters stated 
that if an applicant is re-identified, competitors will gain non-public 
insights into financial information directly bearing on that small 
business's long term financial health and competitive goals. Some 
commenters noted that larger competitors may be more likely to gain 
information about the financial health and long-term business goals of 
small businesses. For example, a lender asserted that larger companies 
may use the data to outbid smaller competitors. Other commenters stated 
that data may reveal non-public information about a small business's 
use of credit, such as financing terms, that competitors may use to 
their competitive advantage.
    Some industry commenters and a business advocacy group stated that 
small business applicants may experience reduced availability or 
increased cost if other financial institutions learn of their small 
business loans or loan terms, which would reduce their ability to 
obtain liquidity or increase their operating costs as compared to their 
competitors. These commenters asserted that publication may impose 
increased compliance costs and litigation risks on financial 
institutions that are passed on to small business applicants or that 
cause financial institutions to limit credit to borrowers with higher 
risk profiles to prevent losses.
    Many industry commenters stated that publication will present 
significant risk of competitive harms to financial institutions. 
Commenters asserted that application-level data may be used to identify 
or reverse-engineer proprietary lending information, such as 
underwriting requirements or pricing models. One commenter asserted 
that if the pricing information and action taken data points could be 
used to determine a lender's limits for other credit terms that are not 
collected under the rule, such as the APR limit, the lender's 
competitors would be able to undercut or otherwise compete with those 
terms, for example by offering lower rates. This commenter stated that 
while lower APRs are generally beneficial for consumers, this may come 
at the cost of lower quality service. A lender suggested that data 
points such as gross annual revenue and the time in business may be 
used to reverse-engineer a financial institution's proprietary lending 
strategy. Another commenter asserted that data points for private label 
credit, such as the pricing information or census tracts, are 
particularly commercially sensitive to financial institutions and there 
is risk that disclosure of this information will cause competitive 
harm.
    Other industry commenters indicated that competitive harm 
experienced by financial institutions may have broader impacts on the 
small business lending market. Some commenters suggested that if public 
data reveals proprietary commercial lender information, financial 
institutions may be compelled to engage in anti-competitive behavior, 
such as price-fixing, that restricts credit or offers less favorable 
terms, because it will effectively homogenize the market and limit 
their ability to compete with one another. One asserted that compliance 
concerns due to publication could result in reduced product 
availability by financial institutions, as they asserted was seen after 
publication of HMDA and CRA data.
    Some industry and academic commenters stated that competitive harm 
may particularly impact smaller or rural financial institutions. They 
asserted that because these lenders have fewer small business customers 
than larger financial institutions, their customers are at a higher 
risk of re-identification. As such, it may be easier for the larger 
competitors of smaller or rural financial institutions to approach 
their small business applicants to underprice the loans and offer 
better terms. These commenters stated that smaller and rural financial 
institutions may have less flexibility to respond to resulting 
competitive harms because of their size and lower applicant volume.
    Risk of reputational harms. An industry commenter and a business 
advocacy group stated that small business applicants and related 
natural persons will be subject to reputational risks as a result of 
publication. For example, one noted that if applicants are re-
identified, small business owners may experience harm, discrimination, 
or stigmatization from disclosure of certain data points, such as race, 
sex, and ethnicity. Other industry commenters stated that financial 
institutions may also experience reputational harms. Many commenters 
stated that risks of reputational harm and frivolous litigation will 
result from incorrect conclusions about the data drawn by the public or 
regulators. These commenters asserted that incorrect data conclusions 
could result from the unique characteristics of small business lending 
generally, particular credit scenarios common within small business 
lending, and the fact that the data will not reflect all factors that 
went into underwriting decisions. For example, some commenters asserted 
that there is particular risk of misunderstanding with Farm Credit 
System credit based on how dividends are provided and the legal 
limitations for such loans. These commenters explained that because 
statutory provisions for Farm Credit System credit have specific 
coverage criteria, data may disclose a justified, but 
disproportionately high, rate of application denial. Additionally, 
commenters explained that Farm Credit System institutions may appear to 
charge a higher interest rate to certain borrowers but that the 
interest rates are offset by dividends based on the borrower's 
patronage.
    A few industry commenters cited potential discrepancies between 
data points and those that appear in other sources, which could 
increase the risk of reputational harm and litigation for financial 
institutions. These commenters said that because data requirements for 
these other sources are not the same as proposed requirements, but are 
labeled with the same identifier, the resulting variations could 
unfairly increase scrutiny or lead to inaccurate conclusions. These 
commenters were especially concerned about this risk for loans subject 
to HMDA or CRA. Additionally, some industry commenters stated that 
financial institutions' reputations for protecting applicants' privacy 
may be impacted by data publication. Commenters noted that applicants 
may have concerns about providing information and may feel that 
conversations with a financial institution are less confidential 
because certain information is being disclosed to the government. One 
commenter mentioned that if a financial institution or the Bureau 
experiences a data breach, the financial institution may not be viewed 
as trustworthy by applicants.
    In contrast, other commenters stated that published data will 
decrease reputational and litigation risks for financial institutions. 
According to one commenter, the data will provide evidence of 
responsible lenders' fair lending practices, which will give them a 
competitive advantage over less scrupulous financial institutions. 
Additionally, a few commenters stated that reputational and litigation 
harm risks from publication can be mitigated by disclaimers, as well as 
by data modifications and deletions. For example, these commenters 
stated that any data publication should include a statement for 
agricultural lending credit types that Farm Credit System entities

[[Page 35471]]

can only lend to applicants that are eligible under the Farm Credit 
Act.
    Other harms or sensitivities. Commenters identified three 
additional harms that were not discussed in the NPRM: physical harms, 
data security, and harm to applicants' relationship with, or trust in, 
financial institutions.
    A software vendor and several individual commenters stated the 
Bureau should consider physical harm or personal security threats that 
could result from publication. For example, a few commenters stated 
that if an applicant's LGBTQI+ status was revealed, the applicant may 
face threats to their personal security due to discrimination.
    One industry commenter stated small business applicants or related 
natural persons may be exposed to data breaches because financial 
institutions will store and transmit data online. Some industry and 
business advocacy group commenters asserted that a data breach could 
cause privacy risks for financial institutions, including reputational 
harm related to litigation. The commenters said this would be true even 
if the Bureau were the breached entity, and that the Bureau must take 
action to protect reported data from potential breaches. Some also 
requested that the Bureau detail the steps it will take to protect data 
from breach or to indemnify financial institutions impacted by data 
breaches arising from a breach to the Bureau. One commenter stated that 
the Bureau should seek comment on its data security safeguards.
    Some commenters, mainly from industry, identified potential impacts 
that privacy risks may have on the relationships between small business 
applicants and financial institutions. Some commenters stated that the 
publication may create friction in the lending process due to negative 
public sentiment. These commenters asserted that, because small 
business applicants may view the data collection methods as invasive or 
because financial institutions may feel obligated to reduce tailored 
credit underwriting to prevent misconceptions about lending practices, 
financial institutions may not be able to provide customer service at 
the level currently obtained. Other commenters noted that applicants 
who are concerned about the privacy or security of this data may be 
hesitant to seek credit or they might seek credit from more expensive 
unregulated sources.
Current Approach
    As discussed below, the Bureau's preliminary view is that the risk 
of harm or sensitivity to small businesses and related natural persons 
is significant and should be considered in its privacy assessment. The 
Bureau's current intent is to address these risks primarily by 
controlling for re-identification risk. The Bureau is particularly 
focused on risks to personal privacy interests. Such interests may 
involve protected demographic information or information about personal 
finances that could have reputational impact if disclosed; for example, 
this might include the reputational impact of a credit denial arising 
from a personal credit score.\878\ The Bureau also intends to consider 
certain commercial risks of harms and sensitivities to small businesses 
when modifying or deleting data. The Bureau does not currently intend 
to consider financial institution privacy interests in its analysis 
unless there is a compelling privacy risk.
---------------------------------------------------------------------------

    \878\ For example, Sec.  1002.107(a)(11) requires a covered 
financial institution to report the principal reason or reasons the 
financial institution denied a covered application. Comment 
107(a)(11)-1.ii states that a covered financial institution reports 
the denial reason as ``credit characteristics of the principal 
owner(s) or guarantor(s)'' if it denies the application based on an 
assessment of the principal owner(s) or guarantor(s)'s ability to 
meet its current or future credit obligations. Examples include 
principal owner(s) or guarantor(s)'s credit score, history of charge 
offs, bankruptcy or delinquency, low net worth, limited or 
insufficient credit history, or history of excessive overdraft. 
Thus, data about a denial reason may provide personal information 
about a principal owner's personal financial health that may not 
otherwise be known to the public.
---------------------------------------------------------------------------

    Risk of identity theft or fraud. Based on comments received, the 
Bureau views any risk of identity theft or fraud for small business 
applicants or related natural persons resulting from the publication of 
data to be predicated on the small business applicant or related 
natural person being re-identified. As to comments that publication of 
financial institution contact information will subject financial 
institution employees to identity theft or fraud, such as phishing 
attempts, consistent with the NPRM, the Bureau plans to exclude from 
publication the name and business contact information of a person who 
may be contacted with questions about the financial institution's 
submission from the public application-level data.
    Risk of targeted marketing harms. Targeted marketing harms likewise 
presuppose that a small business applicant or related natural person is 
re-identified.
    Risk of competitive harms. Potential competitive harms, including 
information about a small business's long term financial health and 
competitive goals, are also predicated on re-identification. For 
example, commenters stating that an applicant's competitors may gain 
insights into its financial health, competitive strategy, and goals all 
assumed that the small business applicant is first re-identified.
    The Bureau does not view data publication as increasing a financial 
institution's compliance costs and litigation risks, such that 
increased costs and risks would result in increased fees, reduction in 
credit program availability, or reduce credit availability for 
applicants with weak credit profiles. Historical evidence from HMDA 
suggests that such impacts will be minimal. Notwithstanding similar 
contentions prior to the 2015 HMDA Final Rule, the Bureau recently 
reported that, based on 2021 HMDA data, trends in mortgage origination 
continued to increase since the HMDA rule became effective in 
2018.\879\ Based on this experience with HMDA, the Bureau does not 
anticipate that this final rule will significantly increase the cost of 
credit products, reduce credit product availability, or result in 
otherwise unnecessary tightening of underwriting criteria.\880\
---------------------------------------------------------------------------

    \879\ The 2015 HMDA Final Rule noted that SBREFA SERs and NPRM 
commenters stated that compliance costs meant that financial 
institutions would increase price, reduce availability, or exit 
markets. See 80 FR 66127, 66296 (Oct. 28, 2015). But the Bureau's 
2021 HMDA Data Point notes that mortgage origination trends have 
continued to increase since that rule became effective in 2018. 
Mortgage origination volume has increased from 4.14 million in 2018 
to 5.13 million in 2021. Similar increases were seen in application 
volume. See CFPB, Data Point: 2021 Mortgage Market Activity and 
Trends (Sept. 19, 2022), https://files.consumerfinance.gov/f/documents/cfpb_data-point-mortgage-market-activity-trends_report_2022-09.pdf.
    \880\ See part IX.F.4's analysis of small business costs for 
more information about the magnitude of these effects.
---------------------------------------------------------------------------

    The Bureau also disagrees that publication will reveal proprietary 
lending information, thereby resulting in competitive harm to financial 
institutions. Unmodified application-level data will not include key 
inputs for, or be detailed enough, to substantially facilitate the 
reverse-engineering of proprietary lending models. For example, it will 
not include applicants' credit score data. Other comments expressing 
concern that the data collected would provide only an incomplete 
picture of the financial institution's lending practices confirmed that 
other key information about underwriting will not be collected. These 
omissions should prevent competitors from reverse-engineering 
proprietary lending models and make it unlikely that financial 
institutions could use the data to engage in anti-competitive behavior 
like price-fixing.
    By the same token, there is no basis for small or rural financial 
institutions

[[Page 35472]]

to be at more significant risk of this type of harm. The Bureau 
acknowledges that the risk of re-identification of small business 
applicants and related natural persons may be greater in smaller or 
rural areas, but that does not increase the risk of proprietary lending 
models being disclosed.
    Risk of reputational harms. Reputational harm to small business 
applicants and related natural persons is also predicated on re-
identification.
    The Bureau does not agree that publication will increase a 
responsible financial institution's reputational risk. While the Bureau 
recognizes that financial institutions may need to defend against some 
increased litigation about their small business lending practices, it 
agrees with commenters that publication will help responsible financial 
institutions defend against such litigation, accordingly making it less 
likely to occur in the first place. The Bureau similarly agrees with 
commenters that responsible financial institutions will be able to use 
the data as evidence of their fair lending compliance, as well as to 
prevent or counter erroneous claims that the institution is engaging in 
discriminatory practices. The Bureau has not seen any significant 
detrimental impact on mortgage applicants' trust in financial 
institutions, and HMDA-covered mortgage originations have increased 
since the Bureau's amendments to Regulation C went into effect in 
2018.\881\ As in the mortgage market, requesting and publishing data 
from applicants does not have enough reputational impact on financial 
institutions to impair origination activity.
---------------------------------------------------------------------------

    \881\ Mortgage origination trends since the HMDA rule became 
effective in 2018 suggest that any distrust resulting from financial 
institutions seeking HMDA data has not deterred applicants from 
continuing to seek credit. See CFPB, Data Point: 2021 Mortgage 
Market Activity and Trends (Sept. 19, 2022), https://files.consumerfinance.gov/f/documents/cfpb_data-point-mortgage-market-activity-trends_report_2022-09.pdf.
---------------------------------------------------------------------------

    With respect to reputational risk arising from overlapping 
databases, the Bureau is finalizing a coverage exception for 
transactions covered by the Bureau's HMDA rule.\882\ In addition, many 
datasets contain data types that already overlap with HMDA and CRA 
data. There is accordingly no compelling reason to expect that 
publishing application-level data will significantly increase whatever 
risk already exists from HMDA coverage.
---------------------------------------------------------------------------

    \882\ See Sec.  1002.104(b)(2).
---------------------------------------------------------------------------

    As to comments that assert that Farm Credit System products may be 
incomparable to other credit product types, thereby creating the risk 
of reputational harm or frivolous litigation, the data will provide 
sufficient opportunity for Farm Credit System entities to prevent and 
refute any erroneous conclusions. The Bureau agrees with commenters 
that this harm can be averted by distinguishing Farm Credit System 
loans in the dataset. The Farm Credit System is one of the identified 
types of financial institutions for the data required under Sec.  
1002.109(b)(9).\883\ As a result, users can filter the data 
accordingly. Farm Credit System financial institutions can also filter 
to defend against any conclusions they believe are inaccurate because 
of comparisons outside the Farm Credit System.
---------------------------------------------------------------------------

    \883\ See comment 109(b)(9)-1.vii.
---------------------------------------------------------------------------

    Other harms or sensitivities. The Bureau agrees that the privacy 
assessment should take account of risks of physical harm and personal 
security threats to applicants or related natural persons, as well as 
the potential for data, once available, to be used by third parties to 
single out or target certain applicants or related natural persons for 
discriminatory treatment. Re-identification in some circumstances could 
result in significant risks, including threats of physical or personal 
harm and discrimination. The risks raised by commenters are supported, 
for example, by Hate Crime Statistics reported by the Federal Bureau of 
Investigation (FBI) through its Uniform Crime Reporting Program,\884\ 
and by Equal Employment Opportunity Commission data.\885\ The Bureau 
believes that the risk to personal privacy interests arising from 
physical harm, personal security threats, and discrimination resulting 
from information about protected characteristics warrant significant 
consideration when the Bureau considers modifications or deletions to 
data.
---------------------------------------------------------------------------

    \884\ For 2019, the FBI's Uniform Crime Reporting Program 
reported that in single-bias incidents, 1,492 victims were targeted 
because of their sexual orientation and 227 victims because of their 
gender identity. See Fed. Bureau of Investigation, 2019 Hate Crimes 
Statistics, https://ucr.fbi.gov/hate-crime/2019/topic-pages/tables/table-1.xls (last visited Mar. 20, 2023).
    \885\ The Equal Employment Opportunity Commission reports that 
from FY 2014 through FY 2021, approximately $43.5 million dollars of 
monetary benefits were paid on LGBTQ+-based sex discrimination 
charges. The amount has increased from $2.2 million to $9.2 million 
over this period. It also reports that it received 13,546 LGBTQ+-
based sex discrimination charges in the same time period, with 
annual charges increasing from 1,100 in FY 2014 to 1,968 in FY 2021. 
https://www.eeoc.gov/data/lgbtq-based-sex-discrimination-charges 
(last visited Mar. 20, 2023). See also Off. of Mgmt. & Budget, Off. 
of the Chief Statistician of the U.S., Recommendations on the Best 
Practices for the Collection of Sexual Orientation and Gender 
Identity Data on Federal Statistical Surveys 8-9.
---------------------------------------------------------------------------

    However, historical evidence indicates that data publication will 
have little long-term impact to relationships between applicants and 
financial institutions. The Bureau reported in 2021 that mortgage 
originations subject to HMDA continued to increase despite the HMDA 
rule becoming effective in 2018.\886\ Based on this and earlier 
experience with HMDA, the Bureau does not agree that publication will 
drive small business applicants to seek alternative financing options 
to avoid disclosure. The HMDA evidence also suggests that any potential 
increase in costs after this rule becomes effective will not be 
prohibitive for applicants seeking financing from a regulated financial 
institution and that market volume will not be substantially impacted.
---------------------------------------------------------------------------

    \886\ Compare 80 FR 66127, 66296 (Oct. 28, 2015), with CFPB, 
Data Point: 2021 Mortgage Market Activity and Trends (Sept. 19, 
2022), https://www.consumerfinance.gov/data-research/research-reports/data-point-2021-mortgage-market-activity-trends/.
---------------------------------------------------------------------------

    Finally, the Bureau takes strong measures to mitigate and address 
any risks to the security of sensitive data it receives, consistent 
with the guidance and standards set for Federal information security 
programs. The agency is accordingly committed to protecting the privacy 
and information security of the data it receives from financial 
institutions under this rule. In addition, the Bureau does not agree 
that a financial institution could be held legally liable for the 
exposure of data due to a breach at a government agency or for 
reporting data to the Bureau if the institution was legally required to 
provide the data and did so in accordance with other applicable law.
    Based on the record to date, the Bureau intends to consider the 
risk of harms to small business applicants and related natural persons 
discussed above in its privacy risk assessment. However, the risks of 
harms or sensitivities to small businesses and related natural persons 
discussed by commenters logically assume re-identification already 
occurred. The harms and sensitivities recognized above clarify the 
consequences of re-identification and underscore the importance of 
managing re-identification risk. Additionally, the Bureau's preliminary 
view is that privacy risks to financial institutions are less 
significant compared to both personal privacy interests and non-
personal commercial privacy risks to small business applicants and 
related natural persons. Many of the harms attributable to financial 
institutions

[[Page 35473]]

noted by commenters are only likely if small business applicants are 
re-identified, are not likely to occur based on the history of HMDA 
data publication, or exist independent of the data and therefore do not 
result from publication. As a result, measures that the Bureau takes to 
reduce re-identification risk will also reduce the risk of harms to 
financial institutions. Thus, the Bureau intends to consider modifying 
or deleting data to protect a financial institution privacy interest 
where data publication creates a compelling privacy risk.
5. Privacy-Informed Modification and Deletion
Proposed Approach
    Generally. The NPRM stated that where disclosure of an individual 
data field, alone or in combination with other fields, would pose risks 
to privacy that were not justified by the benefits of disclosure to 
1071's purposes, the Bureau would consider whether it could 
appropriately balance the privacy risks and disclosure benefits through 
modification techniques or whether the field should be deleted from the 
public dataset. The Bureau stated that it also would evaluate the risks 
and benefits of disclosing a data field in light of modifications or 
deletions considered for other data fields. Where the Bureau determines 
that modification of a data field is appropriate, the Bureau stated 
that its consideration of the available forms of modification for the 
1071 data would also be informed by the operational challenges 
associated with various forms of modification and the need to make 
application-level data available to the public in a timely manner.
    In general, the Bureau stated that deleting or modifying data 
because the data would disclose general information about a financial 
institution's lending practices--compared with information that could 
substantially facilitate, for example, the reverse-engineering of a 
financial institution's proprietary lending models--would be 
inconsistent with section 1071, which directly contemplates disclosure 
of financial institution identity in connection with the public 
application-level dataset.\887\ Each of the data fields prescribed by 
the statute--with the exception of the application number--could 
provide some insight into a financial institution's lending practices. 
If the Bureau were to exclude data on this basis, therefore, it would 
exclude virtually all of the statutorily required 1071 data points from 
the public data, frustrating both of the statutory purposes of section 
1071.\888\ While the Bureau acknowledged financial institutions' 
concern about the litigation and reputational risks involving 1071 
data, the Bureau did not believe that this concern would justify the 
exclusion of data from public disclosure. One of the statutory purposes 
of section 1071 is to facilitate enforcement of fair lending laws, 
which authorize enforcement by parties other than the Bureau.\889\ 
Additionally, section 1071 contemplates that financial institutions 
would make their own application-level data available to the public, 
which necessarily entails their identification.\890\
---------------------------------------------------------------------------

    \887\ See ECOA section 704B(f)(2)(B).
    \888\ See ECOA section 704B(a).
    \889\ See, e.g., ECOA section 706 (providing for civil 
liability).
    \890\ See ECOA section 704B(f)(2).
---------------------------------------------------------------------------

    In light of the statutory purposes, the Bureau intended to modify 
or delete data only as needed under the balancing test prior to public 
disclosure. The NPRM discussed associated modification techniques with 
respect to specific data points. Where no specific modification 
technique was described with respect to a particular data point, the 
Bureau stated that it had not identified an obvious modification 
technique other than swapping, suppression, or deletion.
    While certain information that directly identifies applicants or 
related natural persons generally would not be collected under the 
proposed rule, the Bureau did not accept that this would eliminate 
privacy risks that would arise from publishing the data in unmodified 
form. The Bureau also rejected the idea that privacy risks could be 
adequately resolved through rule coverage. While some re-identification 
risk could be reduced by increasing the number of applications reported 
to the Bureau, the Bureau did not believe the effects of doing so are 
necessarily predictable because re-identification risk depends on the 
characteristics of the data. Further, the Bureau did not believe that 
increasing the number of applications would have addressed risks of 
harm or sensitivity to re-identified applicants or natural persons.
    Aggregate data. In the NPRM, the Bureau stated that it did not 
intend to address privacy risks arising from application-level data by 
disclosing aggregated data in its place. As required by section 1071, 
the Bureau proposed in Sec.  1002.110(a) to make available to the 
public the information submitted to it by financial institutions 
pursuant to proposed Sec.  1002.109, subject to deletions or 
modifications made by the Bureau. The Bureau stated that, as authorized 
by the statute, proposed Sec.  1002.110(b) would have stated that the 
Bureau may, at its discretion, compile and aggregate information 
submitted by financial institutions pursuant to proposed Sec.  
1002.109, and make any compilations or aggregations of such data 
publicly available as the Bureau deems appropriate. The Bureau 
initially anticipated making the data collected under section 1071 
available at the application level--with appropriate potential 
modifications and deletions--rather than providing aggregate data with 
counts and averages for each data field. The Bureau stated that it may 
consider releasing aggregated data in the future, after it determined 
whether narrower modifications or deletions could address privacy 
risks. The Bureau had received some suggestions to consider 
``differential privacy'' techniques,\891\ which are typically used in 
connection with aggregate statistics to reduce the identifiability of 
more granular data. The Bureau sought comment on whether differential 
privacy techniques might be appropriate for application-level data.
---------------------------------------------------------------------------

    \891\ Differential privacy is a statistical method designed to 
protect individuals from reidentification risk. A dataset is said to 
be differentially private if, by looking at the dataset, one cannot 
tell whether any individual's data was included in the dataset.
---------------------------------------------------------------------------

    Recoding. The NPRM identified the Bureau's intention to consider 
various methods to ``recode'' the proposed data fields as necessary. 
The Bureau explained that recoding techniques decrease the number of 
distinct categories for a data field. In this context, recoding would 
involve providing the value of a data field in a higher-level category 
that increases the number of records within a given combination. Some 
data fields like census tract and NAICS code have structures that 
permit recoding without developing new 1071-specific recoding 
categories. For instance, if the Bureau were to determine that the re-
identification risk presented by the census tract data field does not 
justify the benefits of unmodified disclosure, the Bureau could instead 
provide geography at the county level because census tracts are 
designed to be non-overlapping subdivisions of a county.
    The Bureau also stated that it intended to consider recoding via 
bins or intervals of values for data fields that, in unmodified form, 
would have continuous values. The Bureau stated that unmodified 
continuous data fields can be highly identifying, but binning can 
significantly reduce this risk. It also

[[Page 35474]]

noted the possibility of top- or bottom-coding a data field to prevent 
extreme--and potentially very re-identifiable--values from being 
released.
    Other techniques. The Bureau stated that it might also consider 
``targeted suppression,'' which makes certain values of data points 
unavailable when a certain combination of values is held by too few 
records. The Bureau stated that it might consider treating certain 
values of data points as ``not available'' if the application is the 
only small business application from a particular census tract. The 
Bureau explained that targeted suppression can be applied in several 
ways. One way would be to remove the value of a field that makes the 
record identifiable. For example, if census tract and NAICS code 
identify a record, the microdata could delete the value of the NAICS 
code for any applications that are in cells deemed sensitive. A second 
approach could leave the census tract and NAICS code but suppress the 
values of other data points. This method would reduce the potential 
harm if the record were re-identified. A third approach could be to 
remove the record from the dataset entirely. The Bureau stated that, in 
general, suppression is a more common approach for aggregate data than 
for application-level data.
    The Bureau noted that one drawback to targeted suppression is that 
it complicates data analysis for end users. A data user would be 
presented with millions of rows, but in certain rows and for certain 
data points, values would be missing.\892\ Another identified drawback 
is that suppression would need to be done so that the remaining 
unmodified data do not provide a user with the ability to back out the 
modified field, sometimes involving complementary suppression or 
deleting values of other applications to ensure that the missing value 
cannot be reengineered. The Bureau sought comment on whether targeted 
suppression techniques could preserve the benefits of publishing 
application-level data, and, if so, what the Bureau should consider as 
the minimum cell size to implement targeted suppression.
---------------------------------------------------------------------------

    \892\ Data users would need to understand the method behind the 
modifications and plan analyses to account for the fact that the 
suppressed data would necessarily not reflect all small business 
loans in a given year.
---------------------------------------------------------------------------

    The Bureau sought comment on other modification techniques, such as 
``data swapping'' (sometimes called ``switching''). Data swapping 
involves finding two records that are similar on several dimensions and 
swapping the values for other data fields between the two records. In 
effect, data swapping would require that the Bureau preserve certain 
data fields while swapping others. The Bureau stated that another set 
of techniques for addressing privacy risks for continuous data would 
involve adding ``random noise'' to the reported values. For example, 
under ``additive noise techniques,'' a random value is added to the 
existing value of the data field. Under ``multiplicative noise 
techniques,'' the true value is multiplied by a random value. The 
Bureau sought comment on whether such techniques would preserve the 
benefits of publication. The Bureau explained that a drawback to these 
approaches is that data would be released with values that do not match 
the true values of the underlying data.\893\ Data users would need to 
take such modifications into account when performing any analyses.
---------------------------------------------------------------------------

    \893\ For example, with respect to the amount applied for data 
field, a recoding technique would release the values of the data 
field in broad categories, for instance ``$100,000-$150,000.'' In 
such case, the broader category provides less information but 
reflects the true value of the underlying data. Noise addition, by 
contrast, would involve the Bureau manipulating (in a standardized 
and documented way) the actual values of loan amount. An 
application's loan amount may be released as $85,000 in the public 
dataset when the true value was $78,000.
---------------------------------------------------------------------------

Comments Received
    Generally. With regard to how the Bureau stated its intention to 
assess privacy risks that would inform modification and deletion 
decisions, several community group commenters, a minority business 
advocacy group, and several members of Congress urged the Bureau to 
apply the NPRM's balancing test in favor of public disclosure and to 
make available a robust dataset. According to some commenters, the fair 
lending and business and community development purposes of section 1071 
militate in favor of data transparency. A number of community and 
business advocacy group commenters stated that if published application 
level data are not robust, or if specific data points are not 
disclosed, the dataset will not adequately reveal whether these 
statutory purposes of section 1071 are being met. Several commenters 
asserted that society's interest in tackling discrimination and closing 
the racial wealth gap supported robust disclosure. A business advocacy 
group stated that robust 1071 data would promote financial stability in 
the economy, and cited insufficiently granular HMDA data as 
contributing to the 2008 subprime financial crisis.
    Some community group commenters and a software vendor urged the 
Bureau not to delete or modify public application-level data because it 
would undermine the statutory purposes of section 1071. The software 
vendor stated that modifications or deletions may reduce the utility of 
the data for no privacy benefit. Several commenters asserted that the 
Bureau should only modify public 1071 data to protect the privacy 
interests of small business applicants. A joint letter from community 
and business advocacy groups agreed with the Bureau's statement that 
litigation and reputational risks faced by financial institutions do 
not justify excluding data from public disclosure.
    On the other hand, several industry commenters urged the Bureau to 
make modification and deletion decisions to protect the privacy of 
financial institutions, applicants, and related natural persons. They 
stated that protecting these privacy interests was consistent with the 
statutory purposes of section 1071 because limiting disclosure would 
increase credit access and lower credit costs to minority-owned and 
women-owned small businesses.
    Several industry, community group, and academic commenters 
supported modification and deletion of application-level data, stating 
that it could adequately address privacy risks posed by publication. A 
trade association asserted that publishing certain data points in an 
unedited, application-level format would increase the risk of applicant 
re-identification. Another trade association supported the liberal use 
of modification and deletion techniques to protect privacy interests of 
lenders, small business applicants, and related natural persons. Some 
commenters stated that the lack of reported incidents in which an 
individual has been re-identified in HMDA data suggests that 
modifications or deletions can reduce re-identification risks here 
also.
    Some commenters offered views about what data points would be 
modified or deleted. Several suggested that data modifications or 
deletions should be consistent with HMDA. According to these 
commenters, the Bureau should ensure that any data deleted in the HMDA 
dataset is also deleted in the 1071 dataset, including the unique 
identifier, the application date, and the action taken date. A software 
vendor stated that the Bureau should modify data points that reflect 
gender identity or sexual orientation information, which could result 
in persons being subject to physical harm. Several individual 
commenters likewise suggested that LGBTQI+ persons face particular 
privacy risks. A joint letter from community and business advocacy

[[Page 35475]]

groups stated that if the Bureau modifies 1071 data, it should do so on 
a loan-by-loan basis because the modification of a particular data 
field may not be necessary for all records in the dataset.
    Aggregate data. The Bureau received no comments about how 
differential privacy techniques may be applied to application-level 
data. However, the Bureau did receive comments about aggregating 1071 
data. Several industry commenters suggested that the Bureau publish 
aggregate data, instead of an application-level dataset, to mitigate 
privacy risks. One stated that aggregate data are sufficient to analyze 
the business needs and credit access of applicants, including minority-
owned and women-owned small businesses. Another said that disclosing 
aggregate data, as opposed to application-level data, would be 
consistent with the practices of other agencies. Other industry 
commenters stated that, while some 1071 data could be disclosed at the 
application level, the Bureau should aggregate any data points that 
present re-identification risk.
    Recoding. Several community group commenters stated that if the 
disclosure of 1071 data fields present significant privacy risks, the 
Bureau should consider binning data or disclosing intervals of values. 
For example, these commenters stated that when disclosing gross annual 
revenue data, the Bureau could consider publishing data in $10,000 
increments. One stated that binning would be appropriate as long as the 
modified public 1071 dataset could satisfy the fair lending and 
business and community development statutory purposes of section 1071.
    Other commenters stated that the use of binning should be limited. 
A community group and a software vendor stated that if the Bureau bins 
data, it should ensure that the public 1071 dataset remains 
sufficiently detailed to allow meaningful analysis. To demonstrate this 
point, the community group asserted that the current CRA system of 
combining all loans for businesses with revenue under $1 million does 
not allow for analysis of small businesses within that range. The 
software vendor cautioned that binning may not always be effective.
    Other techniques. With respect to other modification techniques 
discussed in the NPRM, a community group stated that data swapping and 
targeted suppression would be appropriate as long as the modified 
public 1071 dataset could satisfy the fair lending and business and 
community development statutory purposes of section 1071. The Bureau 
received no comments about other potential modification techniques.
Current Approach
    The Bureau intends to consider modification and deletion techniques 
as necessary to reduce cognizable privacy risks. The Bureau agrees with 
comments that a robust public dataset will serve the statutory 
objectives of section 1071.\894\ By extension, a public application-
level dataset with less detailed data or that omits certain data points 
entirely would confer relatively less public benefit. These benefits 
notwithstanding, in some cases modification and deletion decisions may 
be appropriate to protect privacy interests. The statute empowers the 
Bureau to modify or delete data, and the Bureau believes that 
modifications or deletions may be appropriate in some circumstances to 
reduce the cognizable privacy risks set forth above.
---------------------------------------------------------------------------

    \894\ The Bureau lacks evidence to assess the comment that 
published data would promote financial stability. If true, this 
result would align with the Bureau's authorizing statute whose 
purpose, in part, is to ``promote the financial stability of the 
United States by improving accountability and transparency in the 
financial system.'' Dodd-Frank Wall Street Reform and Consumer 
Protection Act, Public Law 111-203, 124 Stat. 1376 (2010).
---------------------------------------------------------------------------

    Modifications or deletions will not necessarily undermine the 
utility of the published data or will not be futile because they will 
not mitigate risks. With respect to the effectiveness of modifications 
and deletion techniques, the Bureau points to the lack of reported 
incidents in which an individual has been re-identified in public HMDA 
data, which the Bureau modifies to reduce re-identification risk. The 
Bureau concludes that targeted modification and deletion decisions can 
adequately reduce privacy risks while preserving the utility of 1071 
data, as is the case with HMDA data. Modifications and deletions may be 
necessary, for example, in cases where unmodified application-level 
data will likely lead to re-identification of small business applicants 
or related natural persons. The Bureau will also consider modifications 
and deletions to the public 1071 dataset when data fields, individually 
or in combination with other data, pose cognizable privacy risks, as 
discussed above.
    After obtaining a full year of reported data and conducting a full 
privacy analysis, the Bureau intends to make modification and deletion 
decisions tailored for individual data points where appropriate. The 
Bureau will not delete or modify data solely to align with HMDA 
practice. Small business lending and mortgage lending are distinct 
markets which face their own unique privacy risks, and re-
identification risk depends on the characteristics of particular data. 
With respect to comments about modifying or deleting data that may 
convey the gender identity or sexual orientation of applicants' 
principal owners or other individuals that own or control applicants, 
the Bureau views this as sensitive information that implicates 
important personal privacy interests. While the Bureau is not making 
modification and deletion decisions about this information prior to 
conducting the full privacy analysis, it does intend to give 
significant consideration to personal privacy interests. However, it 
would not be feasible to make modification and deletion decisions on a 
loan-by-loan basis, as one comment suggested.
    Regarding feedback on specific modification techniques, the Bureau 
does not intend to publish aggregate data instead of application-level 
data. Aggregate datasets do not permit the detailed, application-level 
analyses that best facilitate the fair lending enforcement and business 
and community development purposes of section 1071. In addition, the 
Bureau can adequately mitigate privacy risks through targeted 
modification and deletions of individual data fields--it is not 
necessary to avoid publication of all application-level data. While the 
Bureau does not intend to publish aggregate data in place of an 
application-level dataset, it anticipates releasing select aggregated 
data before it publishes application-level data.
    The Bureau sees recoding, including binning data or disclosing 
intervals, as an appropriate modification technique to address privacy 
risks that may be posed by public release of unmodified data. While the 
Bureau is not making specific modification decisions at this time, it 
intends to consider recoding data in a targeted manner that preserves 
the utility of the public dataset. The Bureau also views other 
modification techniques, including data swapping and targeted 
suppression, as appropriate tools to address privacy risks. Finalizing 
the exact tool set, however, will depend on securing a full year of 
data and will be informed by continued engagement with stakeholders.
    When exercising its discretion to modify or delete 1071 data, the 
Bureau anticipates publishing data in a manner that reduces privacy 
risks, in particular re-identification risk. If the Bureau determines 
that it is necessary to modify an individual data point to address a 
privacy risk, the Bureau intends to consider a range of modification 
techniques, including, but not limited to, recoding, data swapping, and

[[Page 35476]]

targeted suppression. The Bureau intends to engage with stakeholders in 
the future about these issues, including providing opportunities for 
additional input as the Bureau considers its privacy analysis further.
6. Preliminary Privacy Assessment of Particular Data Fields
    In the NPRM, the Bureau identified certain data fields that it 
believed would need modification or deletion to appropriately protect 
privacy interests, while taking account of disclosure benefits: 
individual contact information at reporting financial institutions; 
free-form text data, which occurs in a number of data fields; and the 
unique identifier for each application. Beyond these specific fields, 
the NPRM explained that the Bureau lacked data under section 1071 or 
comparable proxies that it could use for its privacy risk assessment. 
Accordingly, it did not suggest specific modifications and deletions 
with respect to any other data.
    In order to benefit from stakeholder engagement, however, the 
Bureau did set forth some initial analysis on how it would apply the 
NPRM's balancing test to the proposed data fields. With respect to each 
such data field, whether individually or in combination with others, 
the Bureau sought comments on: (1) whether there are additional 
benefits of unmodified public disclosure in light of the purposes of 
the statute; (2) whether disclosure in unmodified form would reveal 
additional information that might be considered harmful or sensitive by 
an applicant, related natural person, or financial institution; and (3) 
whether disclosure in unmodified form would significantly contribute to 
the risk that an applicant or related natural person might be re-
identified. The Bureau also sought comment on modification techniques 
it could use, and whether deletion would be appropriate. Where no 
specific technique was described with respect to particular data 
points, the Bureau did not identify any obvious technique besides 
potentially swapping, suppression, or deletion.
    The Bureau received feedback on this initial analysis from a range 
of commenters, including industry and community group commenters. The 
Bureau has taken this feedback into consideration to refine its 
analysis of the qualitative risks associated with disclosing particular 
data fields in unmodified form, although, consistent with the above 
analysis, the Bureau's assessment remains preliminary.\895\
---------------------------------------------------------------------------

    \895\ The Bureau sought and received feedback about several data 
points that it did not propose. As it is not adopting those data 
points, it does not address privacy risks or modification techniques 
associated with reporting them.
---------------------------------------------------------------------------

    Overall, with the exceptions noted with respect to unique 
identifier, free-form text, and individual contact information, for all 
other finalized data points, the Bureau intends to further consider 
whether modification techniques may be appropriate when it analyzes 
reported data and conducts its full privacy analysis. In doing so, the 
Bureau intends to take into account existing feedback, as well as 
conducting ongoing engagement, about potential modifications as it 
examines what modifications or deletions may be appropriate for these 
fields. In addition, the Bureau is mindful of the statutory purposes of 
section 1071 and will only modify or delete data to advance a privacy 
interest.
i. Unique Identifier
    Proposed Sec.  1002.107(a)(1) would have required financial 
institutions to collect and report an alphanumeric identifier, starting 
with the legal entity identifier of the financial institution, unique 
within the financial institution to the specific covered application, 
and which can be used to identify and retrieve the specific file or 
files corresponding to the application for or extension of credit. As 
discussed in the section-by-section analysis of Sec.  1002.107(a)(1), 
the Bureau is finalizing this data point substantially as proposed.
    In the NPRM, the Bureau stated that disclosing the unique 
identifier in the 1071 data in unmodified form by itself would likely 
disclose minimal, if any, information about an applicant or related 
natural person that may be harmful or sensitive if such person were re-
identified, or that may be harmful or sensitive to an identified 
financial institution. Section 1071 prohibits financial institutions 
from including in 1071 records certain personally identifiable 
information that directly identifies a natural person applicant or 
someone connected with the applicant.\896\ In addition, the Bureau 
proposed to prohibit financial institutions from reporting information 
that would directly identify a small business. For these reasons, the 
Bureau did not expect that the unique identifier would be considered 
harmful or sensitive.
---------------------------------------------------------------------------

    \896\ ECOA section 704B(e)(3).
---------------------------------------------------------------------------

    With respect to re-identification risk, the NPRM noted that 
although publicly available datasets do not presently include the 
unique identifier data field, financial institution legal entity 
identifiers are publicly available, and the Bureau was aware of rare 
instances in which a loan number was included in UCC filings. In 
addition, the Bureau noted that many jurisdictions publicly disclose 
real estate transaction records in an identified form, and the Bureau 
stated that many financial institutions may include loan numbers on 
these publicly recorded documents.\897\
---------------------------------------------------------------------------

    \897\ See 82 FR 44586, 44599 (Sept. 25, 2017); see also 84 FR 
649, 660 (Jan. 31, 2019).
---------------------------------------------------------------------------

    The Bureau stated that inclusion of the proposed unique identifier, 
rather than application or loan numbers, would limit the possibility of 
using an application or loan number to match 1071 data to those 
publicly recorded documents, thus reducing risk of re-identification. 
However, the Bureau acknowledged that there is a risk that, after 
financial institutions begin to report data under section 1071, they 
may replace the loan numbers currently assigned to small business loans 
with the unique identifier and, if they do, the unique identifier could 
be included on publicly recorded documents. Considering the uniqueness 
of the identifiers, the Bureau reasoned that this data field on a 
publicly recorded document could be used to match a 1071 record to an 
identified public record directly and reliably.
    In light of these potential re-identification risks, the Bureau 
stated that it did not intend to publish the unique identifier data 
field in unmodified form. The Bureau sought comment on whether there 
are modifications to the unique identifier data field that would 
appropriately balance identified privacy risks and disclosure benefits. 
The Bureau stated that it was considering the feasibility of disclosing 
a separate unique identifier that the Bureau could create. The Bureau 
also considered deleting the data field from the public application-
level data, but sought comment on whether such deletion would create 
challenges for users of the data and, if so, how the Bureau could 
address those challenges other than by creating a separate unique 
identifier. The Bureau sought comment on this analysis as well as its 
intent not to publish the unique identifier in unmodified form.
    An academic research and policy organization agreed with the 
Bureau's initial analysis, noting that public HMDA data do not include 
a unique identifier. Several industry commenters stated that, because 
lenders are allowed to use their own internal account numbers and 
therefore the unique identifier may include a loan number or account 
number, the data point in combination with the financial

[[Page 35477]]

institution's name provides substantial opportunity for fraud. Because 
of the privacy risks discussed above, most of these commenters 
supported the Bureau's suggestion not to publish the unmodified unique 
identifier field. A CDFI lender stated that the Bureau should consider 
publishing a modified identifier or a separate one created by the 
Bureau.
    After considering these comments, the Bureau intends not to publish 
the unique identifier data field in an unmodified form. Although it has 
not yet conducted a full re-identification analysis for the 1071 data, 
the Bureau agrees with the re-identification risks raised by 
commenters. The universal loan identifier for HMDA data, which is 
similar to the unique identifier, is not published because of the re-
identification risk that it poses.\898\ While HMDA publication 
practices are not dispositive here, the Bureau draws upon its 
experience implementing HMDA and Regulation C where appropriate, and it 
does so here.
---------------------------------------------------------------------------

    \898\ See 84 FR 649, 660 (Jan. 31, 2019).
---------------------------------------------------------------------------

    At this time, the Bureau has not decided whether to publish public 
application-level data without any unique identifier information, 
disclose instead a separate unique identifier created by the Bureau for 
this purpose, or employ some other modification. The Bureau will 
consider what modification or deletion techniques may be appropriate 
when it analyzes application-level data and conducts its full privacy 
analysis.
ii. Application Date
    Proposed Sec.  1002.107(a)(2) would have required financial 
institutions to collect and report the date the covered application was 
received by the financial institution or the date shown on a paper or 
electronic application form. As discussed in the section-by-section 
analysis of Sec.  1002.107(a)(2), the Bureau is finalizing this data 
point with modifications such that financial institutions must collect 
and report the date the covered application was received or shown on a 
paper or electronic application form.
    The NPRM stated that, by itself, disclosing application date in 
unmodified form would likely disclose minimal, if any, information 
about an applicant or related natural person that may be harmful or 
sensitive if such person were re-identified, or that may be harmful or 
sensitive to an identified financial institution. The Bureau noted that 
an adversary such as a competitor may conceivably find it helpful to 
understand when a business is seeking credit. In addition, marketers 
and creditors could use this information to target products to entities 
recently in the market for credit, either to deploy new funds or to 
refinance out of a current loan. However, the Bureau did not believe 
that disclosing the application date would otherwise disclose sensitive 
information about a small business or its owner. The Bureau also 
reasoned that any utility of this data field for such purposes would be 
curtailed by the time to publication.
    The Bureau was not able to identify publicly available datasets 
that include data fields an adversary could directly match to the 
application date field. However, the Bureau acknowledged that an 
adversary may be able to infer a likely origination date based on 
typical time lags between application, credit decision, and 
origination, potentially enabling matching to other datasets that 
record these later dates. The Bureau stated that, if it determined that 
application date should be modified, it may consider disclosing the 
application date at a higher level; for example, disclosing the month 
and year but not the specific date. In light of the potential re-
identification risk arising from this data field, the Bureau sought 
comment on whether there are other specific modifications it should 
consider, and whether it should consider deletion outright.
    Several commenters provided feedback on the Bureau's analysis. In 
supporting disclosure of the application date field, a community group 
stated that it would promote understanding of small business lending. 
However, an academic research and policy organization asserted that 
disclosure of application date would pose re-identification risk to 
applicants and noted that HMDA does not disclose application date. This 
commenter, along with a group of trade associations, urged the Bureau 
not to publish the application date field to ensure consistency between 
1071 and HMDA.
    As discussed in part VIII.B.3 above, the Bureau views the 
disclosure of application date as having significant benefits. This 
preliminary assessment is consistent with feedback that publication of 
application date would promote understanding about small business 
lending. The Bureau's preliminary assessment is that the application 
date field does not pose re-identification risks such that the Bureau 
should modify or delete it before publication. Commenters supporting 
such modification or deletion did not provide additional evidence of 
re-identification risk that would alter the partial privacy analysis 
described above. The Bureau also preliminarily assesses that this 
unmodified data field would present limited privacy risk if re-
identification occurred.
iii. Application Method and Application Recipient
    Proposed Sec.  1002.107(a)(3) would have required financial 
institutions to collect and report the means by which the applicant 
submitted the covered application directly or indirectly to the 
financial institution. A financial institution would have reported 
whether the applicant submitted the application in person, by 
telephone, by mail, or online. Proposed Sec.  1002.107(a)(4) would have 
required financial institutions to collect and report whether the 
applicant submitted the covered application directly to the financial 
institution or its affiliate, or whether the applicant submitted the 
covered application directly or indirectly to the financial 
institution. As discussed in the section-by-section analyses of Sec.  
1002.107(a)(3) and (4), the Bureau is finalizing these data points as 
proposed, with certain modifications to related commentary.
    In the NPRM, the Bureau stated that disclosing application method 
and whether the application was submitted directly or indirectly, in 
unmodified form, would likely disclose minimal, if any, information 
about an applicant or related natural person that may be harmful or 
sensitive if such person were re-identified. The Bureau reasoned that 
the application method is likely to be of relatively limited utility to 
an adversary because it conveys little information about a natural 
person or a business's financial condition. While adversaries 
interested in targeted marketing could direct future marketing efforts 
to a business using the same application channel, the Bureau noted that 
marketing firms already possess strategic information about methods for 
establishing contact. Unmodified disclosure of application method and 
whether the application was submitted indirectly may reveal information 
that financial institutions regard as harmful or sensitive, but the 
Bureau did not believe that disclosure would permit the reverse-
engineering of a financial institution's proprietary lending models.
    The Bureau was not able to identify publicly available datasets 
that include data fields an adversary could directly match to the 
application method or application recipient data fields. While the 
Bureau's HMDA data and the Government-Sponsored Enterprises loan-level 
datasets include acquisition channel information in loan-level data, 
the Bureau stated that these datasets do

[[Page 35478]]

not identify applicants or related natural persons. However, the Bureau 
sought comment on whether there are other identifiable application/
loan-level datasets that include this information or whether HMDA data 
or the Government-Sponsored Enterprises loan-level datasets could be 
matched to other identifiable datasets.
    The Bureau received two comments from trade associations on this 
analysis. These questioned whether publishing the application method 
and application recipient fields would provide disclosure benefits 
related to section 1071's statutory purposes. One stated that lenders' 
methods for receiving applications are strategic business decisions and 
disclosing this information will cause financial institutions to suffer 
commercial harm.
    As discussed above in part VIII.B.3, the Bureau views these data 
fields as having significant disclosure benefits. The Bureau does not 
see disclosure causing significant commercial harm to financial 
institutions. Disclosure of application method and application 
recipient data would not permit the reverse-engineering of proprietary 
lending models. Accordingly, the Bureau preliminarily assesses that 
disclosing these data fields in unmodified form would present limited 
privacy risk if re-identification occurred.
iv. Credit Type
    Proposed Sec.  1002.107(a)(5) would have required financial 
institutions to collect and report to the Bureau certain information 
about the type of credit applied for or originated. The proposal would 
have required financial institutions to report three categories of 
information that together constitute the type of credit. First, the 
proposal would have required financial institutions to report the type 
of credit product. Second, the proposal would have required financial 
institutions to report the type or types of guarantees that were 
obtained for an extension of credit, or that would have been obtained 
if the covered credit transaction had been originated. Third, the 
proposal would have required financial institutions to report the 
length of the loan term, in months, if applicable. As discussed in the 
section-by-section analysis of Sec.  1002.107(a)(5), the Bureau is 
finalizing this data point as proposed, with revisions to the related 
commentary.
    The NPRM stated that data on type of credit product, type of 
guarantee, and loan term could disclose information that may be harmful 
or sensitive to applicants or related natural persons. It also stated 
that a business's competitors could use these data fields--in 
conjunction with the loan amount and pricing data fields--to draw 
inferences about the business's financial condition based on whether 
the business obtained credit on favorable or unfavorable terms. Type of 
guarantee data could indicate heightened credit risk for the 
applicant.\899\ Credit type data also could be used for targeted 
marketing of products and services that may pose risks.
---------------------------------------------------------------------------

    \899\ For example, the ``SBA guarantee--7(a) program'' data 
field is intended for businesses that have been unsuccessfully 
applying for credit or have had some other difficulty in accessing 
credit.
---------------------------------------------------------------------------

    The Bureau further stated that disclosure of these data fields in 
unmodified form may reveal information that financial institutions 
regard as harmful or sensitive, such as the types of products they 
offer or the government programs in which they participate. However, 
the Bureau did not expect disclosure of these data fields to permit the 
reverse-engineering of proprietary lending models. Furthermore, the 
Bureau stated that general information about the types of credit a 
financial institution is offering is already widely available.
    The Bureau was aware that certain identified datasets include 
application-level information on the type of credit product, type of 
guarantee, or loan term. Government lending programs, such as the SBA's 
7(a) and 504 programs, publish loan-level data that indicate the term 
of the loan and whether the loan is a term loan or a line of credit. In 
some States, UCC filings may include some information related to the 
type of collateral. In the NPRM, the Bureau stated that the existing 
public availability of this information decreased the potential harm or 
sensitivity of disclosing information about the type of credit product, 
type of guarantee, and loan term in the 1071 data. By the same token, 
however, the Bureau recognized that an adversary could use these other 
datasets, combined with other fields, to match a section 1071 record to 
an identified publicly available record.
    If it determined that modifications were ultimately needed, the 
Bureau identified a number of possible approaches. The Bureau could 
disclose ``Federal guarantee'' instead of disclosing the specific 
program. Similarly, the Bureau could recode loan term data into bins--
for example, using intervals of two or five years.
    The Bureau received feedback from two community group commenters. 
One stated that publication of credit type data would promote 
understanding of small business lending. The other stated that 
combining loans from different Federal government guarantee programs 
into a single category for publication would not reduce the utility of 
1071 data. The commenter also stated that if the Bureau recodes length 
of the loan term data into bins, the Bureau should test those bins to 
ensure that the recoded data are useful to users.
    Based on its earlier analysis and from the comments received, the 
Bureau assesses that disclosing credit type data in unmodified form may 
present significant privacy risks if re-identification occurred. For 
example, the Bureau believes that these data could result in non-
personal commercial privacy risks to small businesses, including 
revealing sensitive financial information or facilitating problematic 
targeted marketing. However, the Bureau does not identify any 
compelling privacy risks to financial institutions.
v. Credit Purpose
    Proposed Sec.  1002.107(a)(6) would have required financial 
institutions to collect and report the purpose or purposes of the 
credit applied for or originated. As discussed in the section-by-
section analysis of Sec.  1002.107(a)(6), the Bureau is finalizing this 
data point with modifications.
    The NPRM stated that disclosing credit purpose in unmodified form 
by itself would likely disclose minimal, if any, information about an 
applicant or related natural person that may be harmful or sensitive if 
such person were re-identified, or that may be harmful or sensitive to 
an identified financial institution. It noted that information about 
credit purpose could be useful to adversaries such as a small 
business's competitors, potential acquirers, or new market entrants, 
since it contains information about a business's strategy and 
performance, such as whether a business is expanding. Even so, this 
information would generally not be detailed enough to cause competitive 
harm, and its competitive value would likely be mitigated by time to 
publication.
    The Bureau did not identify publicly available datasets that 
include data fields an adversary could directly match to the credit 
purpose data fields in unmodified form in the public application-level 
data with respect to an applicant or related natural person. The Bureau 
stated that identified public datasets pertaining to small business 
loans generally do not contain information about the purpose of the 
credit. Therefore, the Bureau reasoned that an adversary would have 
difficulty

[[Page 35479]]

using the credit purpose data fields to match a section 1071 record to 
an identified publicly available record accurately.
    The Bureau stated that disclosure of credit purpose in unmodified 
form may also reveal information that financial institutions regard as 
harmful or sensitive, such as information that a financial institution 
offers credit that is used for certain purposes. However, the Bureau 
did not identify reasons that disclosure would permit reverse-
engineering of proprietary lending models.
    Several lenders and one trade association provided feedback. These 
commenters generally stated that credit purpose data created privacy 
risks for small business applicants. For example, one commenter stated 
that if re-identification occurred, credit purpose data could reveal 
confidential commercial information, such as plans for business 
acquisitions or expansions. As discussed in the NPRM, the Bureau 
acknowledges that credit purpose data contains information about a 
business's strategy and performance. However, the Bureau does not view 
this information as posing a significant risk of harm because of its 
relative lack of detail and the delay between the date of action taken 
on a loan and the publication of 1071 data. Commenters did not offer 
evidence to the contrary. Commenters also did not offer evidence that 
indicates that this data point presents significant re-identification 
risks.
    Accordingly, the Bureau preliminarily assesses that disclosing 
credit purpose data in unmodified form would present limited privacy 
risk.
vi. Amount Applied For
    Proposed Sec.  1002.107(a)(7) would have required financial 
institutions to collect and report to the Bureau the initial amount of 
credit or the initial credit limit requested by the applicant. As 
discussed in the section-by-section analysis of Sec.  1002.107(a)(7), 
the Bureau is finalizing the amount applied for data point as proposed.
    The NPRM stated that disclosing this data field in unmodified form 
would likely disclose information about an applicant or related natural 
person that may be harmful or sensitive if such person were re-
identified. Business owners might view details about the amount applied 
for as sensitive, particularly where they are concerned about the risk 
of being re-identified as an applicant for credit. The Bureau also 
noted that were re-identification to occur, the amount applied for 
could lead to targeted marketing of products or services that pose 
risks because it could help lenders target small businesses that 
received less credit than they requested with offers for loans at 
higher rates or fees. The Bureau stated that the amount applied for is 
generally not included in other publicly available data, so it would 
likely not be useful to adversaries seeking to match 1071 data with 
other publicly available data. However, the Bureau believed that amount 
applied for would be useful to an adversary in other ways. For example, 
a significant shortfall between the amount applied for and the amount 
approved could be used either by an applicant's competitor or by a 
consumer to infer that the business has a relatively weak financial 
position. With information on whether or not a business is granted a 
loan, an adversary might gain insight into the scale of a business's 
objectives based on the amount applied for or approved. The Bureau also 
noted that the relative scarcity of this information at present would 
also increase its value to adversaries. As an additional consideration, 
the Bureau saw no reason that disclosure would permit the reverse-
engineering of proprietary lending models.
    The Bureau received comments from several industry commenters and a 
community group. A group of trade associations stated that if a small 
business applicant is re-identified, disclosing the amount applied for 
could reveal information about the financial status of that small 
business that could harm its prospects for credit. Several industry 
commenters expressed concern that data about the amount applied for 
would create privacy risks for small business applicants by revealing 
confidential information, such as plans for business acquisitions or 
expansions. Another commenter stated that disclosing the amount applied 
for can create privacy risks for financial institutions. This commenter 
noted that the amounts applicants apply for can be arbitrary and, 
therefore, comparing these amounts to any amounts approved could be 
misleading and not a reliable metric for whether credit demand is met.
    The Bureau stated that if it determined that the amount applied for 
should be modified, it may consider recoding the data into bins. For 
example, the Bureau could recode the amount applied for into bins of 
$25,000. In response, a community group stated that the Bureau could 
recode the amount applied for into bins that use the mid-point of 
$10,000 intervals. As noted by the commenter, HMDA utilizes this 
technique, and, according to the commenter, it would be sufficient for 
privacy purposes while producing more accurate data.
    After reviewing these comments, the Bureau assesses that disclosing 
this data field may create some privacy risk where small business 
applicants and related natural persons face re-identification risk that 
could reveal non-public commercial information, such as an application 
for credit or business acquisition or expansion plans. Further, to the 
extent that this data point, combined with the amount approved or 
originated data point, indicates business difficulties, this could 
impact the reputational interests of small businesses and their owners. 
The Bureau also assesses that in some circumstances disclosing amount 
applied for could disclose personal information about an applicant or 
related natural person that would be harmful or sensitive if such 
person were re-identified. Comments asserting privacy risks for 
financial institutions, however, provided no compelling evidence of 
privacy risk to alter the NPRM analysis on point.
vii. Amount Approved or Originated
    Proposed Sec.  1002.107(a)(8) would have required financial 
institutions to collect and report to the Bureau: (i) for an 
application for a closed-end credit transaction that is approved but 
not accepted, the amount approved by the financial institution; or (ii) 
for a closed-end credit transaction that is originated, the amount of 
credit originated; or (iii) for an application for an open-end credit 
transaction that is originated or approved but not accepted, the amount 
of the credit limit approved. As discussed in the section-by-section 
analysis of Sec.  1002.107(8), the Bureau is finalizing the amount 
approved or originated data point as proposed.
    The NPRM stated that disclosing this data in unmodified form would 
likely disclose information about an applicant or related natural 
person that might be harmful or sensitive if such person were re-
identified, or that might be harmful or sensitive to an identified 
financial institution. The Bureau stated that information about the 
amount approved or originated could be useful to potential adversaries. 
For example, these data fields would provide creditors some insight 
into competitors' lending practices, particularly when combined with 
other data points such as gross annual revenue, number of workers, time 
in business, and pricing. Likewise, these data might allow creditors to 
make general inferences about the relative risk appetites of their 
competitors. However, the Bureau did not see any reason that disclosure

[[Page 35480]]

would permit the reverse-engineering of proprietary lending models.
    The Bureau stated that it had identified publicly available 
datasets that include data fields an adversary could directly match to 
the amount approved or originated data fields in unmodified form. 
Credit amount approved or originated is often widely available in 
public datasets, such as loan-level data for the SBA 7(a) and 504 
programs, as well as property records and UCC filings. The Bureau 
accordingly stated that adversaries would be able to match the amount 
of credit approved or originated to an existing public record. The 
Bureau further stated that if it determined that the amount approved or 
originated should be modified, it may consider recoding.
    The Bureau received comments from several industry and community 
group commenters. The community groups generally supported publishing 
these data fields. Several industry commenters disagreed. Two such 
commenters stated that if re-identification occurred, the amount 
approved or originated could harm small business applicants by 
disclosing information about business expansions or acquisitions. A 
community group stated that the Bureau could recode the amount applied 
for into bins that use the mid-point of $10,000 intervals. As the 
commenter noted, HMDA utilizes this technique and, according to the 
commenter, it would be sufficient for privacy purposes while producing 
more accurate data.
    After reviewing these comments, the Bureau preliminarily assesses 
that disclosing amount approved or originated data in unmodified form 
may present significant privacy risk if re-identification occurred. In 
some circumstances disclosing amount approved or originated could 
disclose personal information about an applicant or related natural 
person that would be harmful or sensitive if such person were re-
identified. For example, because amount approved or originated was 
found in publicly available datasets, in combination with information 
about the amount applied for, this data could facilitate targeted 
marketing of higher interest or predatory credit products. This 
combination of data could also have reputational impacts on small 
business applicants and related natural persons. The Bureau does not 
see any reason, however, that this data field will create compelling 
privacy risks for financial institutions.
viii. Type of Action Taken and Denial Reasons
    Proposed Sec.  1002.107(a)(9) and (11) would have required 
financial institutions to collect and report to the Bureau the action 
taken by the financial institution on the covered application, and for 
denied applications, the principal reason or reasons the financial 
institution denied the covered application. As discussed in the 
section-by-section analysis of Sec.  1002.107(a)(9) and (11), the 
Bureau is finalizing these data points as proposed.
    The NPRM stated that reasons for denial data could be harmful or 
sensitive for applicants or related natural persons. However, the 
Bureau did not believe disclosing the fact that credit was sought, in 
and of itself, likely would be harmful or sensitive to small businesses 
because credit is so widely used by small businesses. Further, the harm 
or sensitivity of disclosing information that credit was originated is 
mitigated by the publication of originated loan details in other 
databases such as UCC filings. Additionally, the Bureau did not assess 
that disclosure of action taken would permit the reverse-engineering of 
proprietary lending models.
    The Bureau had not identified publicly available datasets that 
include data fields an adversary could directly match to these data 
fields in unmodified form. At a category level, however, the Bureau 
noted that these data fields could tell adversaries which records it 
may be possible to match against databases that include originated 
loans. The Bureau stated that most of these data fields included in 
this data point are not found in publicly available records that 
contain the identity of an applicant; the only data field that would be 
consistently available would be for originated loans. Without such an 
identified publicly available record to match with, attempting to re-
identify an applicant by matching a 1071 record using these data fields 
likely would be difficult. However, the Bureau stated that adversaries 
may be able to use other data fields, such as census tract, NAICS code, 
and identified public information, such as business directories, to 
determine the identity of an applicant or related natural person. Thus, 
if applicants and related natural persons could be re-identified, an 
adversary could learn information about application denials for these 
businesses and use this information for a variety of purposes.
    The Bureau sought comment on this analysis, specifically in light 
of potential harm and sensitivity arising from the disclosure of 
application denials and the reasons for denial, whether there are 
specific modification techniques that should be considered, and whether 
modifying these data fields by grouping or deleting these data fields 
would appropriately balance the privacy risks and benefits of 
disclosure, in light of the purposes of section 1071.
    Community group commenters stated that the Bureau should publish 
data about action taken, including whether the loan was approved or 
denied or whether it was withdrawn or left incomplete. One stated their 
opposition to deleting action taken categories such as ``denied,'' 
``incomplete,'' or ``approved but not accepted,'' stating that such 
data are fundamental to the fair lending purpose of the statute. 
Several stated that publishing data on denial reasons would promote 
fair lending and business and community development objectives by 
helping lenders and policymakers assess whether creditors are denied 
credit for legitimate reasons. An industry commenter said that action 
taken data may also be misleading in the context of agricultural loans 
because not all creditworthy applicants are eligible for loans through 
the Farm Credit System.
    Other trade associations and a lender commented that disclosure of 
action taken could cause commercial or competitive harms to applicants 
and related natural persons. These commenters specifically noted that 
data about the action taken could reveal information about a business's 
financial status, or acquisition or expansion plans. Other commenters 
stated that including denial reasons in 1071 data, without including 
contextual information surrounding individual credit decisions, would 
result in unjustified reputational or litigation harm to smaller 
financial institutions, which originate a lower loan volume--possibly 
resulting in more pronounced statistical aberrations that could be 
erroneously interpreted as discrimination.
    In response to the Bureau's request for comment about whether these 
data should be modified or deleted from the public dataset, a community 
group stated that the Bureau should not modify or delete these fields 
because they are fundamental to the fair lending purposes of the 
statute. The commenter further noted that for decades, and without 
adverse consequences, HMDA has included information on whether an 
application for credit was originated, approved but not accepted, 
denied, withdrawn by the applicant, or incomplete. This commenter 
stated that if the Bureau found it necessary to

[[Page 35481]]

modify this data field, a higher level of disclosure that included 
reasons of denial by category of business and for groupings of census 
tracts could achieve important fair lending and community development 
objectives.
    As discussed above in part VIII.B.3, the Bureau views these data 
fields as having significant disclosure benefits. Commenters did not 
offer compelling evidence that disclosure of action taken, in and of 
itself, would reveal information about a small business applicant's 
financial status or strategic plans also lacked evidentiary 
support.\900\ If re-identification were to occur, however, information 
about an application for credit being denied could have detrimental 
impacts to applicants or related natural persons when personal credit 
qualifications are used in making credit decisions, including personal 
embarrassment. Likewise, re-identification could cause non-personal 
commercial harm to small businesses. Accordingly, the Bureau 
preliminarily assesses that disclosing these data fields in unmodified 
form may present significant privacy risk if re-identification 
occurred.
---------------------------------------------------------------------------

    \900\ When the Bureau previously assessed whether to include 
action taken and denial reasons in HMDA loan-level public data, it 
concluded that modification was unnecessary 84 FR 649, 658 (Jan. 31, 
2019). The Bureau articulated its decision that ``action taken and 
reasons for denial'' would be disclosed without modification.
---------------------------------------------------------------------------

ix. Action Taken Date
    Proposed Sec.  1002.107(a)(10) would have required financial 
institutions to collect and report the date of the action taken by the 
financial institution. As discussed in the section-by-section analysis 
of Sec.  1002.107(10), the Bureau is finalizing this data point as 
proposed.
    The Bureau stated that disclosing action taken date in the 1071 
data in unmodified form would likely disclose minimal, if any, 
information about an applicant or related natural person that may be 
harmful or sensitive if such person were re-identified, or that may be 
harmful or sensitive to an identified financial institution. The NPRM 
noted that publicly available datasets include data fields an adversary 
could directly match to the action taken date data field in unmodified 
form in the public application-level data with respect to an applicant 
or related natural person. Public availability of this data depends on 
the type of action taken. The approval date of originated loans is 
widely available in SBA 7(a), 504, and other program loan-level records 
that identify borrowers, and the date of executed agreements, which 
could be closely related to the action taken date, is often available 
for property records and UCC filings. For originated loans, therefore, 
the action taken date would substantially facilitate matching with 
publicly available datasets that identify borrowers. The Bureau also 
stated that action taken date may be less useful in re-identifying 
applicants of loans that were not originated because the action taken 
date for such loans is rarely publicly available.
    The Bureau stated that if it ultimately determined that the action 
taken date should be modified for publication, it may consider 
disclosing at a higher level, such as month instead of a specific date. 
The Bureau sought comment on this analysis, including about whether 
there are specific modifications it should consider, and whether 
deletion would better balance the risks and benefits of disclosure.
    In response, a group of trade associations stated that the Bureau 
should not disclose the action taken date, noting that this information 
is not published in HMDA data. This commenter expressed a concern that 
publishing the action taken date when the same data point is deleted or 
modified in HMDA public data would constitute inconsistent treatment 
without adequate explanation. The Bureau disagrees that it should omit 
action taken date from the public 1071 data simply to ensure 
consistency between this final rule and HMDA. Commenters did not 
provide additional evidence related to re-identification risk.
    Commenters did not provide additional evidence related to re-
identification risk that would alter the initial assessment provided in 
the NPRM. In addition, the Bureau preliminarily assesses that the 
action taken date would present limited privacy risk if re-
identification occurred. This data field presents minimal, if any, 
personal information about an applicant or related natural person that 
would be harmful or sensitive if such person were re-identified. The 
Bureau also does not believe publication of these data would result in 
non-personal commercial privacy risks to small businesses being 
disclosed. The Bureau also identifies no compelling privacy risks to 
financial institutions.
x. Pricing Information
    Proposed Sec.  1002.107(a)(12) would have required financial 
institutions to collect and report to the Bureau the following 
information, where applicable, regarding the pricing of a covered 
credit transaction that is originated, or approved but not accepted: 
(i) the interest rate; (ii) total origination charges; (iii) broker 
fees; (iv) initial annual charges; (v) additional costs for merchant 
cash advances or other sales-based financing; and (vi) prepayment 
penalties. As discussed in the section-by-section analysis of Sec.  
1002.107(a)(12), the Bureau is finalizing the pricing information data 
point largely as proposed.
    The NPRM stated that information about the interest rates and fees 
charged in connection with credit represents basic information about 
the features of a product generally and would present low risk of harm 
or sensitivity. It further noted that disclosure of pricing data in 
unmodified form may reveal information that some applicants or related 
natural persons may regard as harmful or sensitive, such as a 
reflection of their perceived credit risk. However, the Bureau also 
reported that it had received feedback during the SBREFA process that 
multiple factors contribute to pricing for small business credit. While 
the Bureau further stated that disclosure of pricing data in unmodified 
form may also reveal information that financial institutions regard as 
harmful or sensitive, the NPRM did not identify evidence that 
disclosure of pricing information would permit the reverse-engineering 
of proprietary lending models.
    The NPRM also noted that publicly available datasets include data 
fields an adversary could directly match to the pricing data fields in 
unmodified form. Identified data about the interest rate and fees 
charged for a given loan are available from a limited number of 
publicly available datasets, such as data for the SBA 7(a) and 504 
programs. The Bureau further stated that, if it were to determine that 
pricing data should be modified, it may consider recoding the pricing 
information data fields into bins, such as interest rates bins of 0.25 
percentage points or origination fee bins of $500; and it also noted 
that it could consider top-coding pricing data.
    The Bureau received feedback from a range of commenters. Community 
groups and some others generally agreed that publishing pricing 
information would serve the objectives of section 1071. These 
commenters saw pricing information as necessary to monitor loan 
affordability and assess lending in underserved communities. A software 
vendor stated that publishing pricing information will improve 
competition and pricing efficiency by allowing applicants to compare 
credit costs offered by financial institutions. However, industry 
commenters stated that pricing information would have limited benefits. 
Two lenders stated that

[[Page 35482]]

pricing information is not meaningful because it is based on a complex 
set of factors that is unique to each transaction. A trade association 
stated that pricing information in small business lending would have 
little benefit compared to loan pricing data in HMDA because, unlike 
consumer mortgage data reported in HMDA, commercial data that would be 
reported in the 1071 dataset is not standardized or uniform. Others 
said that pricing information has a high risk of being misinterpreted.
    Several lenders also stated that small businesses would have 
privacy concerns if pricing information on their loans was made public. 
Two industry commenters stated that pricing information would create 
re-identification risk, particularly in smaller and rural areas. 
Another stated that farm loans present risks because such credit may be 
extended in small markets with few customers which could increase the 
possibility of re-identification of small business applicants or 
related natural persons. Several other industry commenters said that if 
re-identification were to occur, the publication of pricing data 
information would create competitive risks for small businesses. One 
said that this risk is particularly high in smaller communities where 
it is possible to use published information to reveal pricing 
information about individuals. Others stated that privacy risks are 
especially potent for sole proprietorships because those entities' 
pricing may be largely based on owners' individual credit performance 
and personal information. A group of trade associations commented that 
pricing information was the most sensitive data point and it could 
reveal sensitive competitive information that would place businesses at 
a substantial competitive disadvantage. Regarding non-personal 
commercial harms to small business applicants, some industry commenters 
aid that disclosing pricing information in 1071 data would cause some 
financial institutions to limit their lending to reduce reputational or 
litigation risk.
    Other commenters addressed the risk of harm or sensitivity to 
financial institutions. Some industry commenters stated that publishing 
pricing data will create competitive risks for financial institutions 
by revealing pricing models for small business loans, potentially 
allowing competitors to undercut pricing. Two agricultural lenders 
commented that rural financial institutions in markets with few 
customers face unique risks and that they may lose customers to larger 
financial institutions or online lenders that have larger customer 
bases and thus lower re-identification risk. Several other industry 
commenters stated that publishing pricing information would carry 
reputational and competitive risks for financial institutions. Some 
commenters were concerned that pricing information would not capture 
the full context of credit decisions, risking misconceptions about the 
underlying rationale for pricing and creating illusory disparities in 
credit terms. A bank trade association stated that comparing pricing 
information between different types of financial institutions can be 
misleading and may result in reputational harm because certain lenders 
like credit unions and farm credit system lenders receive tax or 
funding advantages to offer lower interest rates. Other commenters 
noted the risk of reputational harm from patronage dividends in 
agricultural lending not being accounted for in disclosed pricing. 
Other commenters asserted that disclosure of pricing information in 
1071 data could create litigation risk for financial institutions. 
Several commenters said that if regulators utilize pricing information 
to analyze for fair lending without taking into account all variables 
that went into underwriting, incorrect analyses could result in 
unwarranted allegations of discrimination. A bank said that litigation 
risk based on these misconceptions may be particularly high for smaller 
banks that originate fewer loans because the lower volume could result 
in greater variation in pricing information.
    The Bureau also sought comment on whether pricing information, if 
published, should be modified, and if so, what modification or deletion 
techniques would preserve the benefits of the public application-level 
data. A number of lenders and trade associations stated that pricing 
information should not be published at all because of privacy risks. 
Other commenters suggested modifications. A trade association stated 
that published pricing information should be limited to interest rates 
and origination fees. This commenter also supported disclosing pricing 
information in bins to protect privacy without harming data utility. In 
contrast, a community group opposed recoding interest rates or 
origination fees because that might mask lending disparities, thereby 
hindering fair lending enforcement.
    As discussed in part VIII.B.3, the Bureau views pricing information 
as having significant disclosure benefits. In light of the re-
identification risks discussed above, the Bureau appreciates 
commenters' concerns that if re-identification were to occur, the 
disclosure of pricing information in the public application-level data 
could pose significant risk to sole proprietors for whom underwriting 
could be based on personal credit performance. The Bureau also 
recognizes that re-identification, if it occurred, could exacerbate 
privacy risks, including personal privacy risks, presented by other 
data fields in the dataset. Additionally, re-identification could 
create a risk of non-personal commercial harms for applicants, 
particularly in small or rural communities when combined with other 
data fields like census tract or NAICS code. The Bureau acknowledges 
commenters' concerns about potential risk of harm or sensitivity to 
financial institutions, including reputation and litigation risks 
resulting from possible misinterpretations of published pricing 
information. However, the Bureau does not view privacy risks to 
financial institutions as compelling enough to justify exclusion of the 
data field. As discussed in part VIII.B.4, by mitigating re-
identification risk, other potential risks and harms, including those 
faced by financial institutions, will also be mitigated.
    The Bureau preliminarily assesses that some modification techniques 
may be appropriate when publishing pricing information. Potential 
modifications that the Bureau could consider include binning data or 
top-coding pricing data fields. However, the Bureau is mindful that 
modifying pricing information too much could mask discriminatory 
pricing practices, thus hindering fair lending analyses. Similarly, 
such modifications could hinder identification of community development 
needs and opportunities.
xi. Census Tract
    Proposed Sec.  1002.107(a)(13) would have required financial 
institutions to collect and report the census tract containing the 
address or location where the proceeds of the credit applied for or 
originated will be or would have been principally applied; or if this 
information is unknown, the tract containing the address or location of 
the main office or headquarters of the applicant; or if this 
information is also unknown, the tract containing another address or 
location associated with the applicant. In addition to reporting the 
census tract, the financial institution would have been required to 
indicate which one of these three types of addresses or locations the 
census tract is based on. As discussed above in the section-by-section 
analysis of

[[Page 35483]]

Sec.  1002.107(a)(13), the Bureau is finalizing this data point as 
proposed.
    The NPRM observed that the census tract itself would likely 
disclose minimal, if any, information about an applicant or related 
natural person that may be harmful or sensitive if such person were re-
identified, or that may be harmful or sensitive to an identified 
financial institution. The Bureau acknowledged that for sole 
proprietors, the main office is often a home address, but it noted that 
the applicant's actual street address would not be reported to the 
Bureau. The Bureau also noted that small businesses commonly make their 
locations available in the normal course of business--for example, to 
reach prospective customers.
    The Bureau stated that if the address reflects where the proceeds 
of the credit will be or would have been principally applied, 
disclosing the census tract may reveal some information about an 
applicant's business strategy, particularly if paired with the loan 
purpose data field. For example, the Bureau stated that the data could 
indicate that a small business is pursuing or was pursuing an expansion 
to a particular location. However, the Bureau believed the value of 
this information to a small business's competitors is likely mitigated 
by the time to publication. The Bureau stated that disclosure of the 
census tract in unmodified form may also reveal information that 
financial institutions regard as harmful or sensitive, such as a 
financial institution's trade area. However, the Bureau did not 
conclude that disclosure would permit the reverse-engineering of a 
financial institution's proprietary lending models.
    The Bureau identified publicly available datasets that include data 
fields an adversary could directly match to the census tract data field 
in unmodified form in the public application-level data with respect to 
an applicant or related natural person. The Bureau expected that, in 
most cases, the census tract that financial institutions would report 
to the Bureau would be based on the address or location of the main 
office or headquarters of the applicant, either because that is where 
the proceeds of the credit will be applied, or because the financial 
institution does not know the location or address where the proceeds of 
the credit will be applied but does know the applicant's main office or 
headquarters address. The Bureau also observed that, for many small 
businesses, this address or location is likely to be publicly available 
from sources such as the business's website and review websites. 
Information about a business's location is also likely available from 
loan-level data for public loan programs as well as from private 
datasets, such as from data brokers. Therefore, in many cases, the 
Bureau expected that an adversary could use the census tract data 
fields, combined with other fields, to match a section 1071 record to 
an identified publicly available record. The Bureau also sought comment 
on whether disclosing county, State, or some other geographic 
identifier--rather than the census tract--would affect the benefits of 
disclosure, the potential for harm or sensitivity, and the potential 
for re-identification of applicants or related natural persons.
    A range of commenters provided feedback on the Bureau's analysis. 
Community group commenters saw the publication of this data as 
important to both the fair lending and business and community 
development purposes of section 1071. Some said that because there are 
currently no comprehensive data on the capital access problems faced by 
marginalized communities, census tract data would provide insight into 
small business credit challenges at the intersection of race, sex, 
ethnicity, and geography. Other community groups and a business 
advocacy group expressed support for publishing census tract data, 
stating that including demographic and geographic data could positively 
impact the reduction of economic inequality and generally would 
encourage lending to underserved markets via specific policy making.
    A number of lenders, along with a trade association and a community 
group, expressed concern that publication of census tract data would 
pose significant re-identification risk for applicants, especially in 
smaller or rural communities with low levels of lending. Other industry 
commenters said that the unmodified publication of census tract data 
combined with other data points, in particular NAICS code data, would 
pose significant re-identification risk.
    While some community groups expressly supported the unmodified 
disclosure of census tract data, others suggested specific modification 
techniques. One commenter suggested that the Bureau consider switching 
records for similarly situated applicants between nearby census tracts 
to protect the privacy of applicants in smaller geographic areas while 
preserving data utility. With respect to the Bureau's suggestion to 
consider disclosing a broader location category, at least one trade 
association expressed support for disclosing data at the State level. 
Meanwhile, a community group generally opposed disclosure limited to 
the county- or State-level, arguing that it would frustrate the 
purposes of section 1071. But this commenter did suggest that the 
Bureau consider combining and aggregating adjacent census tracts in 
rural areas with low levels of lending.
    As discussed above in part VIII.B.3, the Bureau views the 
disclosure of census tract as having significant benefits. Further, 
disclosing census tract data on its own would present limited privacy 
risk. Application-level census tract by itself would likely disclose 
minimal, if any, information about an applicant or related natural 
person that would be harmful or sensitive if such person were re-
identified. In addition, the Bureau does not discern evidence of 
compelling privacy risks for financial institutions. However, the 
Bureau appreciates the potential re-identification risks to applicants 
or related natural persons posed by the combination of census tract 
data and other data fields, such as NAICS code. With respect to privacy 
risks raised by commenters, as discussed above, the Bureau has 
identified publicly available datasets that include data fields an 
adversary could directly match to certain census tract data. 
Accordingly, the Bureau assesses that census tract data, combined with 
other data fields such as NAICS code, could be used to match to an 
identified publicly available record, particularly in rural areas, 
thereby potentially re-identifying a small business applicant or its 
ownership. Re-identification could in turn exacerbate privacy risks, 
including harm or sensitivity risks, presented by other data fields in 
the dataset.
    Considering this privacy risk, the Bureau's preliminary assessment 
is that some modification techniques may be appropriate. Application-
level census tract would likely disclose minimal, if any, information 
about an applicant or related natural person that would be harmful or 
sensitive if such person were re-identified. In addition, the Bureau 
does not discern evidence of a compelling privacy risks for financial 
institutions. However, the Bureau appreciates the potential re-
identification risks to applicants or related natural persons posed by 
the combination of census tract data and other data fields such as 
NAICS code, and recognizes that there may be significant geographic 
variation in the likelihood of re-identification risk from census tract 
alone. The Bureau is mindful that modifying census tract data, like 
disclosing a broader location category such as county or State, while 
reducing re-identification risk to applicants and related natural 
persons,

[[Page 35484]]

could also reduce the utility of the 1071 dataset.
xii. Gross Annual Revenue
    Proposed Sec.  1002.107(a)(14) would have required financial 
institutions to collect and report to the Bureau the gross annual 
revenue of the applicant for the preceding full fiscal year prior to 
when the information is collected. As discussed in the section-by-
section analysis of Sec.  1002.107(a)(14), the Bureau is finalizing 
this data point substantively as proposed.
    The NPRM stated that disclosing gross annual revenue in unmodified 
form would likely disclose information about an applicant or related 
natural person that may be harmful or sensitive if such person were re-
identified. The data field could reflect the financial condition of a 
small business or its ownership. The Bureau stated that competitors of 
the small business, other commercial entities, creditors, researchers, 
or persons with criminal intent all may have an interest in using these 
data to monitor the size or performance of an applicant that may be a 
rival, partner, or target of inquiry, investigation, or illegal 
activity. With respect to the risk of harm or sensitivity to financial 
institutions, the NPRM acknowledged that other creditors might use 
gross annual revenue data to learn more about the types of small 
businesses with which their competitors do business. However, the 
Bureau did not identify evidence that disclosure would permit reverse-
engineering of proprietary lending models.
    The Bureau also noted that publicly available datasets include data 
fields an adversary could directly match to this data field in 
unmodified form. This availability is not widespread. Gross annual 
revenue data are available from private databases. They are also 
available for New York State's women- and minority-owned business 
certification program, but those data are recoded into bins. The Bureau 
stated that if it determined that gross annual revenue data should be 
modified, it may consider recoding this data into bins, for example in 
ranges of $25,000, or top-coding the data to mask particularly high 
values, thereby reducing the identifiability of application data from 
small businesses with especially high gross annual revenue.
    Commenters did not provide additional evidence related to re-
identification risk. However, community groups and trade associations 
commented on modifying this field prior to publication. Several 
community groups and a CDFI lender generally favored the Bureau 
publishing unmodified gross annual revenue data to maintain its 
utility. One such commenter opposed modification here, stating that 
aggregation of data by revenue size would limit the usefulness of the 
data to all stakeholders, including technical assistance providers who 
can help small businesses apply for loans, as well as parties seeking 
to identify and respond to discriminatory lending patterns. Other 
community groups and a trade association expressed support for 
publishing gross annual revenue data in bins to mitigate privacy risks 
for applicants. These community groups stated that modified data must 
still be detailed enough to permit meaningful analysis, and they 
criticized the current CRA system of identifying all loans to 
businesses with revenue under $1 million as not allowing for such 
analysis. One commenter suggested that if the Bureau decided to modify 
the gross annual revenue data field it should select the mid-point and 
recode the data in bins of $10,000 increments. They also expressed 
support for top-coding provided that it did not mask any significant 
differences in data for larger small businesses, and suggested that the 
Bureau conduct testing within the first year of data to assess whether 
the modification was appropriate.
    As discussed above in part VIII.B.3, the Bureau views disclosure of 
gross annual revenue data as having significant disclosure benefits. 
After reviewing comments, the Bureau preliminarily assesses that if re-
identification were to occur, disclosing gross annual revenue data in 
unmodified form may present significant privacy risk to small business 
applicants and related natural persons. The Bureau also preliminarily 
assesses that modifications to this field can be made while preserving 
the utility of the data for statutory purposes. The Bureau will 
continue to consider feedback about potential modification techniques, 
such as binning at smaller intervals and conducting testing before top-
coding.
xiii. NAICS Code
    Proposed Sec.  1002.107(a)(15) would have required financial 
institutions to collect and report to the Bureau a 6-digit NAICS code. 
As discussed above in the section-by-section analysis of Sec.  
1002.107(a)(15), the Bureau is modifying how NAICS code is reported. 
Under the final rule, financial institutions must collect and report a 
3-digit NAICS subsector code. Using only 3-digit NAICS subsector codes 
will decrease the risk of re-identification to applicants and owners 
while adhering to the purposes of section 1071.
    The NPRM stated that publishing 6-digit NAICS codes in unmodified 
form by itself would likely disclose minimal, if any, information about 
an applicant or related natural person that may be harmful or sensitive 
if such person were re-identified, or that may be harmful or sensitive 
to an identified financial institution. Information about a small 
business's industry is likely apparent to anyone interacting with it. 
The Bureau noted that disclosure of 6-digit codes in unmodified form 
may reveal information that financial institutions regard as harmful or 
sensitive, such as the industries with which the financial institution 
does business, but it did not discern that such disclosure would permit 
reverse-engineering of proprietary lending models.
    The Bureau acknowledged that 6-digit codes were likely to produce 
unique instances in the data, especially if combined with unmodified 
census tract data. It noted the existence of 73,057 census tracts and 
1,057 6-digit NAICS codes.\901\ With over 77 million resulting 
combinations, there would likely be many instances of this data forming 
unique combinations. The NPRM stated that if the Bureau modified 6-
digit codes for publication, it would consider disclosing 2-, 3-, or 4-
digit codes to reduce re-identification risk while maintaining data 
utility.
---------------------------------------------------------------------------

    \901\ See 2010 Census Tallies; Off. of Mgmt. & Budget, North 
American Industry Classification System (NAICS) Updates for 2022, 86 
FR 35350, 35352 (July 2, 2021).
---------------------------------------------------------------------------

    Community group commenters supported disclosing 6-digit NAICS codes 
to support the fair lending purpose of the statute. Many industry 
commenters expressed concern that such codes, particularly in small or 
rural communities where only a limited number of businesses share 
certain NAICS codes, would create significant re-identification risks.
    Several commenters expressed support for modifying the 6-digit 
NAICS code in the public application-level data. One commenter stated 
that the NAICS code should be truncated to general categories. Several 
industry commenters expressed specific support for disclosing a 2-digit 
NAICS code, and another supported a 4-digit modification, stating it 
would provide sufficient information while mitigating re-identification 
risk.
    As discussed above in part VIII.B.3, the Bureau views disclosure of 
a NAICS code as having significant disclosure benefits. In addition, 
the Bureau's shift to requiring collection and reporting of a 3-digit 
code will significantly reduce re-identification risk while preserving

[[Page 35485]]

the utility of the dataset. This shift acknowledges privacy concerns 
raised by some commenters, reducing the risk of cognizable privacy 
harms.
    Overall, the Bureau preliminarily assesses that published 3-digit 
codes by themselves present limited privacy risk. It is unlikely that 
publication of these data would disclose personal information about an 
applicant or related natural person that would be harmful or sensitive 
if such person were re-identified. The Bureau also does not see 
evidence of non-personal commercial privacy risks to small businesses, 
or of any compelling privacy risk to financial institutions. However, 
the Bureau appreciates that there is a heightened risk of re-
identification when a NAICS code is combined with other data fields, 
such as census tract.
xiv. Number of Workers
    Proposed Sec.  1002.107(a)(16) would have required financial 
institutions to collect and report to the Bureau the number of non-
owners working for the applicant. In the final rule, however, a 
financial institution complies with Sec.  1002.107(a)(16) by reporting 
in ranges. The Bureau is adopting this change in response to concerns 
expressed by commenters about the complexity of providing an exact 
number.
    The NPRM stated that disclosing number of workers in unmodified 
form would likely disclose minimal, if any, information about an 
applicant or related natural person that would be harmful or sensitive 
if such person were re-identified. Additionally, the Bureau did not see 
disclosure being harmful or sensitive to financial institutions. 
Financial institutions may use such data to learn more about the types 
of small businesses with which their competitors do business, but the 
Bureau did not see evidence that disclosure would permit reverse-
engineering of proprietary lending models.
    The Bureau noted that information about the number of workers is 
likely to be publicly available for many businesses. For example, State 
registries of businesses may include information about a business's 
number of workers, and private databases also commonly include this 
information. This decreases any potential sensitivity or harm of 
disclosing this data point in the application-level data, and also the 
direct utility of the data to potential adversaries. However, these 
data sources also mean that in some cases an adversary could use number 
of workers, combined with other fields, to match an identified publicly 
available record. Data on a business's number of workers could easily 
produce unique combinations when combined with other data fields, 
particularly for businesses with higher numbers of workers. The NPRM 
further stated that the Bureau would consider modification options, 
including recoding and top-coding.
    Several community group commenters and a group of State banking 
regulators supported unmodified disclosure of this data as important to 
the fair lending purposes of section 1071. However, an industry 
commenter stated that the data point was not useful for achieving any 
of the statutory purposes, particularly given the difficulties in 
counting seasonal and part-time employees. Several industry commenters 
stated that publishing the number of workers without modification could 
create privacy risks. These commenters generally asserted that the data 
point should not be published because the exact number of workers could 
be used to re-identify applicants and would reveal sensitive commercial 
information about the applicant's competitive strategy or business 
plan. Some of these commenters also expressed concern that these data 
are susceptible to misinterpretation and inaccuracy, particularly for 
seasonal or cyclical businesses that experience routine variations in 
employee volume over the course of a calendar year. Several commenters 
expressed support for modifying the public number of workers data field 
by recoding the data into bins. One commenter stated that the bins 
would need to be developed such that they do not obscure differences in 
smaller businesses.
    As discussed above in part VIII.B.3, the Bureau views disclosure of 
the number of workers to have significant disclosure benefits. In 
addition, the Bureau's decision to have financial institutions report 
this data in ranges will reduce the risk of re-identification for 
applicants or related natural persons. In turn, that lowers the risk 
that applicants or related natural persons are subject to competitive 
harms, such as the disclosure of their proprietary business 
information. Further, although the Bureau has identified publicly 
available datasets that include number of workers, these data vary over 
time and are difficult to align across multiple datasets. Reporting in 
ranges will also help address concerns about data inaccuracy and 
variance.
    The Bureau preliminarily assesses that disclosing unmodified 
application-level number of workers data in ranges would present 
limited privacy risk if re-identification occurred. It is unlikely that 
publication of this data would disclose personal information about an 
applicant or related natural person that would be harmful or sensitive 
if such person were re-identified; it is also unlikely that publication 
would result in non-personal commercial privacy risks to small 
businesses or compelling privacy risks to financial institutions.
xv. Time in Business
    Proposed Sec.  1002.107(a)(17) would have required financial 
institutions to collect and report to the Bureau the time the applicant 
has been in business, described in whole years, as relied on or 
collected by the financial institution. As discussed in the section-by-
section analysis of Sec.  1002.107(a)(17), however, the final rule 
requires a financial institution to report this data in whole years 
only if it collects or otherwise obtains that information as part of 
its procedures for evaluating credit applications. Otherwise, the 
financial institution reports whether the applicant has been in 
existence for less or more than two years. This change responds to 
commenter concerns about complexity in collecting this data.
    The NPRM explained that disclosing time in business in unmodified 
form would likely disclose minimal, if any, information about an 
applicant or related natural person that may be harmful or sensitive if 
such person were re-identified, or that may be harmful or sensitive to 
an identified financial institution. The Bureau did not see evidence 
that disclosure would permit the reverse-engineering of proprietary 
lending models. In addition, information about time in business was 
likely to be publicly available for many businesses in public 
registration filings and other sources, decreasing any potential harm 
or sensitivity from publishing this data. The Bureau noted that these 
same data sources could enable an adversary to directly match the time 
in business data field in unmodified form, particularly when combined 
with other fields.
    The Bureau stated that if it were to modify the time in business 
data field, it may consider recoding time in business into bins--for 
example, using two- or five-year intervals. It would also consider top-
coding time in business at a value such as 25 years, given that larger 
values are more likely to be unique. The Bureau specifically sought 
comment on what intervals the Bureau should use if it were to recode 
time in business into bins and what value the Bureau should use if it 
were to top-code this data field.
    Several community group commenters and a group of State banking 
regulators supported

[[Page 35486]]

unmodified disclosure of time in business in the dataset to facilitate 
the fair lending purpose of the statute. A few industry commenters 
expressed concern that publication of time in business data could 
create re-identification risks for small business applicants and 
reputational harm for financial institutions. In particular, one 
commenter agreed that time in business data could be combined with 
other data points to re-identify small business applicants. With 
respect to potential modification options, a trade association and a 
community group expressed support for either binning or top-coding. The 
community group noted, however, that a bin that ranged from two to five 
years may be too long. The commenter also stated that a top-code of 25 
years may be reasonable but urged the Bureau to conduct further 
analysis after it received the first year's data.
    As discussed in part VIII.B.3, the Bureau views disclosure of time 
in business as having significant benefits. The Bureau also preliminary 
assesses that the availability of this data in existing datasets 
decreases potential harm or sensitivity of disclosure if re-
identification occurs, but also increases the risk of re-identification 
risk. The Bureau will consider whether binning, top-coding, or other 
modification techniques may be appropriate when it analyzes 
application-level data and conducts its full privacy analysis. 
Commenters did not explain how the disclosure of the applicant's time 
in business could lead to reputational harms to financial institutions.
xvi. Business Ownership Status
    Proposed Sec.  1002.107(a)(18) and (19) would have required 
financial institutions to collect and report to the Bureau whether the 
applicant is a minority-owned business or a women-owned business and 
whether minority-owned business status or women-owned business status 
is being reported based on previously collected data pursuant to 
proposed Sec.  1002.107(c)(2). As discussed in the section-by-section 
analysis of Sec.  1002.107(a)(18), the Bureau is finalizing these data 
points with modifications. Specifically, it is finalizing proposed 
Sec.  1002.107(a)(18) and (19) as final Sec.  1002.107(a)(18). In 
addition to the minority-owned and women-owned business statuses, the 
final rule requires financial institutions to collect and report 
LGBTQI+-owned business status.
    The NPRM stated that publishing demographic ownership status in 
unmodified form would have likely disclosed minimal, if any, 
information about an applicant or related natural person that may be 
harmful or sensitive if such person were re-identified, or that may be 
harmful or sensitive to an identified financial institution. While some 
applicants or related natural persons may regard this information as 
harmful or sensitive, the Bureau believed this information generally 
would present low risk of harm or sensitivity. The Bureau also believed 
that this information already may be available to the general public 
and would have relatively limited utility for adversaries if an 
applicant or related natural person were re-identified.
    However, the Bureau noted that in many cases an adversary could 
have used women-owned or minority-owned business status, in combination 
with other data, to match a section 1071 record to an identified 
publicly available record. The Bureau identified several sources that 
could have been used for such matching. Women- and minority-ownership 
is likely to be publicly available for many businesses that publicly 
register or certify with the SBA or State or local authorities as 
women- or minority-owned. Businesses' websites may also provide this 
information, and private commercial databases also include or estimate 
this information.
    The Bureau did not receive any comments on this aspect of its 
privacy analysis. This lack of engagement suggests that the NPRM 
generally correctly assessed the privacy impacts that disclosing women-
owned and minority-owned business statuses in the data in unmodified 
form would have for an applicant or related natural person if such 
person were re-identified. It also suggests the Bureau generally 
correctly surmised there would be minimal, if any, harms or 
sensitivities to financial institutions.
    However, the Bureau received comments from several industry and 
individual commenters on the Bureau's request for comment in proposed 
Sec.  1002.107(a)(20) about whether the Bureau should require financial 
institutions to ask separate questions regarding the sex, sexual 
orientation, and gender identity, of principal owners. As discussed 
below in part VIII.B.6.xvii, a few commenters urged the Bureau to not 
collect or publish data on sexual orientation and gender identity of 
principal owners. The commenters noted the significant risk of harm to 
small business applicants and related natural persons, due to the 
particularly sensitive nature of this information if re-identification 
occurred.
    The Bureau acknowledges that an individual's LGBTQI+ status likely 
is sensitive personal information that could pose personal privacy 
risks as well as non-personal commercial privacy risks. If re-
identification occurred, its disclosure could pose risks to privacy 
interests of small business owners. Accordingly, while the Bureau views 
disclosure of business ownership status as having significant 
disclosure benefits, the Bureau preliminarily assesses that disclosing 
this data may present significant privacy risks if re-identification 
occurred. That is particularly so as to LGBTQI+-owned business status; 
in contrast, women-owned and minority-owned business status information 
would present relatively limited privacy risk. The Bureau does not see 
evidence that LGBTQI+-owned status poses compelling privacy risks to 
financial institutions.
xvii. Number and Demographic Status of Principal Owners
    Proposed Sec.  1002.107(a)(20) would have required a financial 
institution to collect and report to the Bureau the ethnicity, race, 
and sex of the applicant's principal owners; whether ethnicity and race 
were being collected by the financial institution on the basis of 
visual observation and/or surname analysis; and whether ethnicity, 
race, or sex were being reported based on previously collected data 
pursuant to proposed Sec.  1002.107(c)(2). Proposed Sec.  
1002.107(a)(21) would have required that financial institutions collect 
and report to the Bureau the number of an applicant's principal owners. 
As discussed in the section-by-section analyses of Sec.  
1002.107(a)(19) and (20), the Bureau is finalizing the ethnicity, race, 
and sex of principal owners and number of principal owners data points 
with several modifications, including renumbering the sections, 
changing how financial institutions are required to inquire about the 
principal owners sex, and removing the requirement that a financial 
institution report whether the ethnicity and race of an applicant's 
principal owners was collected on the basis of visual observation and/
or surname analysis.
    The NPRM stated that, in general, disclosing the ethnicity, race, 
and sex of an applicant's principal owners in unmodified form would 
likely have disclosed minimal, if any, information about an applicant 
or related individual that may be harmful or sensitive if such person 
were re-identified, or that may be harmful or sensitive to an 
identified financial institution. As noted similarly above for the data 
fields on women-owned and minority-owned business statuses, while some 
applicants or

[[Page 35487]]

related natural persons may regard this information as harmful or 
sensitive, this information generally would present low risk of harm or 
sensitivity. The Bureau also noted that this information may be already 
available to the general public, and that this information would have 
relatively limited utility for adversaries if an applicant or related 
natural person were re-identified.
    The Bureau identified publicly available datasets that include data 
fields an adversary could directly match to the ethnicity, race, and 
sex of the applicant's principal owner(s) data fields in unmodified 
form. For example, certain State business registries, including those 
required to access women-owned and minority-owned business programs, 
provide this information. Other public record databases, such as the 
SBA's 8(a) program and the Paycheck Protection Program, also include 
ethnicity, race, and sex data alongside the borrower's name. In many 
cases, therefore, the Bureau stated that an adversary could use the 
ethnicity, race, and sex of the applicant's principal owners, combined 
with other fields, to directly or indirectly match a section 1071 
record to an identified publicly available record.
    As discussed in the section-by-section analysis of Sec.  
1002.107(a)(19), the Bureau proposed that financial institutions would 
report sex as described in proposed comment 107(a)(20)-8, which would 
have permitted an applicant to self-describe a principal owner's sex by 
selecting the ``I prefer to self-describe'' response option on a paper 
or electronic form or by providing additional information for an oral 
application, with the financial institution reporting the response 
using free-form text. In the NPRM, the Bureau stated intention to 
exclude free-form text from public application-level data. However, the 
Bureau sought comment on whether there were additional specific 
modifications it should consider with regard to applicants who choose 
to self-describe their principal owners' sex. The Bureau also sought 
comment on whether, if finalized, disclosure of sex, sexual 
orientation, or gender identity could cause heightened sensitivity or 
risk of harm and any specific modifications the Bureau should consider 
if such data points were included in the final rule.
    Many community group and minority business advocacy group 
commenters supported disaggregated disclosure of ethnicity, race, and 
sex of principal owners, and underscored its significance in achieving 
the fair lending purpose of section 1071. Some of these commenters 
stated that publication of disaggregated data would facilitate 
development of policy solutions for issues of financial inequality as 
it relates to ethnicity, race, and sex. A few trade associations 
expressed concerns about publishing information collected on the basis 
of visual observation or surname.
    Some industry commenters expressed concerns that ethnicity, race, 
and sex data would create significant privacy risks for small business 
applicants, particularly in smaller or rural communities. Other 
industry and individual commenters cautioned the Bureau against 
collecting and publishing the sexual orientation and gender identity of 
principal owners. Specifically, these commenters noted the significant 
risk of harm to small business applicants, due to the particularly 
sensitive personal nature of this information if re-identification 
occurred.
    Some trade associations noted concerns that publishing ethnicity, 
race, and sex information, particularly where collected based on visual 
observation or surname, will present the risk of harm to financial 
institutions. Two such commenters asserted that financial institutions 
faced the potential for reputational or litigation risks if the 
ethnicity, race, or sex data are published because of potential 
conflicts with State or Federal privacy laws. One commenter stated that 
asking for this information without proper privacy precautions may 
expose the financial institution to legal risk under certain State 
privacy laws, such as the California Consumer Protection Act, that 
protect against disclosure of ethnicity and race information. Two 
others noted that State privacy laws may conflict with the requirement 
to obtain ethnicity and race data based on visual observation. These 
commenters also stated that the perceived intrusiveness from the 
acquisition of these data and the knowledge that it would become public 
could cause competitive and reputational harm to financial institutions 
as institutions that do not protect their customers' privacy. For 
example, one commenter asserted that visual observation collection may 
reduce trust in the financial institution and increase the applicant's 
apprehension regarding their privacy. As to whether the Bureau should 
publish the unmodified, applicant-level data on the number of principal 
owners, several industry commenters opposed the publication of these 
data, should it be finalized. The commenters stated that publication of 
the number of principal owners could facilitate re-identification, 
particularly in small or rural areas.
    As discussed above in part VIII.B.3, the Bureau views disclosure of 
these data to have significant benefits. Commenters did not provide 
additional evidence related to re-identification risk that would alter 
the NPRM's partial privacy analysis. The current availability of these 
data in existing databases likely limits the risk of harm or 
sensitivity, although it may amplify re-identification risk. Comments 
that the disclosure of ethnicity, race, and sex data present a risk of 
reputational or litigation harm to financial institutions because it 
may be based on visual observation or surname are moot because no 
visual observation requirement is in the final rule. Commenters did not 
explain with sufficient detail how the final rule will increase a 
financial institution's litigation risks due to conflicts with State or 
Federal privacy laws. To the extent that asking for an applicant's 
principal owners' ethnicity, race, or sex must be done with proper 
privacy protocols in place, it seems likely that a financial 
institution could comply with both this final rule and other privacy 
requirements.
    Accordingly, the Bureau preliminarily assesses that disclosure in 
unmodified form may increase re-identification risk and presents 
significant risk of harm or sensitivity if re-identification occurred. 
The possibility of significant privacy risk primarily results from the 
fact that sex data will be reported as free-form text, which as 
discussed in part VIII.B.6.xix below, the Bureau preliminarily assesses 
it will include, in some form, in the public data. The disclosure of 
information about the ethnicity and race of principal owners generally 
will present lesser risk. The Bureau does not discern evidence of 
compelling privacy risks to financial institutions.
xviii. Financial Institution Identifying Information
    Proposed Sec.  1002.109(b) would have required a financial 
institution to provide the Bureau with certain information with its 
submission of its small business lending application register: (1) its 
name; (2) its headquarters address; (3) the name and business contact 
information of a person who may be contacted with questions about the 
financial institution's submission; (4) its Federal prudential 
regulator, if applicable; (5) its Federal Taxpayer Identification 
Number; (6) its LEI; (7) its RSSD ID, if applicable; (8) parent and 
top-parent entity information, if applicable; (9) the type of

[[Page 35488]]

financial institution that it is, indicated by selecting the 
appropriate type or types of institution from the list provided or 
entering free-form text; \902\ and (10) whether the financial 
institution is voluntarily reporting covered applications for covered 
credit transactions. As discussed above in the section-by-section 
analysis of Sec.  1002.109(b), the Bureau is generally finalizing this 
data point as proposed, with certain modifications.
---------------------------------------------------------------------------

    \902\ Part VIII.B.6.xix further discusses the disclosure of 
free-form text field information.
---------------------------------------------------------------------------

    Regulation C requires financial institutions to report similar 
information when submitting their loan-level HMDA data. Regulation C 
also requires financial institutions to report the calendar year of 
submission and the total number of entries in their loan-level HMDA 
data. Regulation C does not require financial institutions to submit 
their headquarters address, RSSD ID, or financial institution type or 
indicate whether they are reporting data voluntarily. With the 
exception of contact information for a person who can be reached about 
the financial institution's submission, the information financial 
institutions are required to submit with their HMDA submissions under 
Sec.  1003.5(a)(3) is publicly available through the FFIEC website.
    Financial institution identifying information other than individual 
contact information. In the NPRM, the Bureau stated its intention to 
disclose the financial institution identifying information data fields 
in unmodified form, other than the name and business contact 
information of a person who may be contacted with questions about the 
submission. The Bureau stated that disclosing financial institution 
identifying information in the 1071 data in unmodified form would 
likely disclose minimal, if any, information about an applicant or 
related natural person that may be harmful or sensitive if such person 
were re-identified. While some businesses might view their 
identification as an applicant as harmful or sensitive, revealing the 
name of the financial institution would not significantly increase such 
risks. In addition, the Bureau reasoned that this information is 
already largely available from other identified public records, such as 
UCC filings. For the same reason, revealing the name of the financial 
institution would not significantly increase risk of fraud or identity 
theft. The Bureau stated that disclosing financial institution 
identifying information in the data in unmodified form would not, by 
itself, reveal information that is harmful or sensitive, given 
financial institutions' commercial interests. Additionally, other 
public records, such as public HMDA data, tax records, and commercial 
databases disclose Federal Taxpayer Identification number, RSSD ID, and 
LEI.\903\ Disclosing financial institution identifying information in 
unmodified form may reveal information that financial institutions 
regard as harmful or sensitive, but the Bureau did not discern evidence 
that it would permit reverse-engineering of proprietary lending models. 
The Bureau acknowledged, however, that this information could, in some 
circumstances, lead to reputational risks and increased costs for 
financial institutions, which might be passed on to their customers in 
the form of increased costs or decreased access to credit.
---------------------------------------------------------------------------

    \903\ The FFIEC publishes transmittal sheet information, 
including LEI and Federal Taxpayer Identification number, on its 
website. Fed. Fin. Insts. Examination Council, Public Transmittal 
Sheet--Schema, https://ffiec.cfpb.gov/documentation/2020/public-ts-schema/ (last visited Mar. 20, 2023).
---------------------------------------------------------------------------

    The NPRM noted that the Bureau had received feedback that 
publishing financial institution identifying information could increase 
re-identification risk of applicants and related natural persons. This 
included feedback that customers of captive wholesale finance companies 
with applicant bases limited to franchises or licensees of a particular 
distributor or manufacturer would face unique re-identification risks 
because, in many instances, these applicants may be the financial 
institution's only customer in a particular State, or one of only a 
very small number of customers in the State, heightening the privacy 
concerns for publication of data tied to these financial institutions. 
The NPRM also noted that the Bureau had identified publicly available 
datasets that include data fields an adversary could directly match to 
financial institution identifying information data fields in unmodified 
form. Therefore, in many cases, the Bureau reasoned that an adversary 
could use identifying financial institution data fields, combined with 
other section 1071 data fields, to match a section 1071 record to an 
identified public record.
    With respect to concerns about wholesale finance companies, the 
Bureau acknowledged that financial institution identifying information 
in unmodified form in the public application-level data could, in 
combination with other data fields like census tract, NAICS codes, and 
credit type or purpose, facilitate re-identification of applicants that 
have a common name, without requiring that adversaries match 1071 
records to other identified datasets. Under proposed Sec.  1002.104(b), 
which the Bureau has finalized, trade credit and other transactions 
would be excluded from the scope of covered credit transactions. The 
Bureau indicated that this might eliminate some transactions involving 
such lenders. The Bureau sought comment on the circumstances under 
which a transaction involving a captive wholesale finance company would 
be covered by the proposal notwithstanding the exemption. To the extent 
there are such transactions, the Bureau also sought comment on the 
instances in which captive wholesale finance companies lend exclusively 
to businesses that are publicly branded in a way that can be easily 
matched to the identity of the financial institution. The Bureau sought 
comment on whether a final rule could include certain categories of 
financial institution types that would allow the Bureau to easily 
identify such financial institutions in the unmodified 1071 dataset 
without an application-level analysis. Finally, the Bureau sought 
comment on whether there are particular modification techniques that 
would reduce re-identification risks and risks of harm or sensitivity 
for applicants and related natural persons who might be re-identified 
in the public application-level data.
    In the NPRM, the Bureau stated its intention to publish financial 
institution identifying information, other than individual contact 
information, as reported and without modification. The Bureau stated 
that risks to privacy interests from the disclosure of this data in 
unmodified form would be justified by the benefits of disclosure for 
section 1071's purposes. While the Bureau did not conduct a uniqueness 
analysis, it stated that disclosure of financial institution 
identifying information would very likely substantially facilitate the 
re-identification of applicants or related natural persons. If such 
persons were re-identified, the Bureau stated that disclosure of other 
data fields would likely create a risk of harm or sensitivity. In 
addition, the Bureau stated that the disclosure of other proposed data 
fields in combination with a financial institution name likely would 
reveal information that may be harmful or sensitive to financial 
institutions. The Bureau nonetheless stated that these risks to privacy 
would be justified by the benefits of disclosure in light of section 
1071's purposes.

[[Page 35489]]

    The Bureau sought comment on this analysis and its stated intention 
to disclose these fields without modification in the public 
application-level data. The Bureau received feedback on this proposed 
analysis from trade association and community group commenters. Two 
community group commenters generally supported the Bureau's proposal to 
disclose unmodified financial institution identifying information, 
other than individual contact information. A trade association opposed 
the proposal. This commenter urged the Bureau to withhold all financial 
institution identifying information data fields because, whether or not 
it is available elsewhere, this information would create privacy risks 
for financial institutions, including risks involving identity theft 
and data security. With respect to the Bureau's request for comment 
about whether these proposed data fields would pose risks to captive 
wholesale companies and their customers, this commenter urged the 
Bureau to provide additional protections for this market segment to 
mitigate re-identification risk.
    The Bureau acknowledges that publication of financial institution 
identifying information may reveal information that may be harmful or 
sensitive to financial institutions, leading to reputational risks and 
increased costs. However, feedback received by the Bureau does not 
explain how these data would pose previously unconsidered identity 
theft or data security risks. Separately, the Bureau acknowledges 
feedback that the proposed data fields may pose special risks to 
captive wholesale companies and their customers. It intends to consider 
what additional modifications or deletions may be appropriate to 
protect the privacy interests of these entities.
    As explained in the NPRM, this data point could potentially 
increase re-identification risk and commenters did not provide 
additional evidence related to re-identification risk that would alter 
the partial privacy analysis described above. However, the Bureau 
preliminarily assesses that disclosing the financial institution 
identifying information data fields in unmodified form, other than data 
fields containing the information for the financial institution's point 
of contact, would present limited risk of harm or sensitivity if re-
identification occurred. The Bureau believes that it is unlikely that 
publication of this data would disclose personal information about an 
applicant or related natural person that would be harmful or sensitive 
if such person were re-identified. The Bureau does not believe this 
data will result in significant non-personal commercial risks to small 
businesses. The disclosure of this data field does not pose compelling 
privacy risks to financial institutions. The Bureau will continue to 
give consideration to the scenario involving captive wholesale 
companies and their customers as it conducts its full privacy analysis.
    Individual contact information. Proposed Sec.  1002.109(b)(1)(iii) 
would have required financial institutions to report the name and 
business contact information of a person who may be contacted with 
questions about the financial institution's submission. As discussed 
above in the section-by-section analysis of Sec.  1002.109(b)(1)(iii), 
the Bureau is finalizing this data point largely as proposed, but with 
certain modifications. In contrast to the other financial institution 
identifying information described above, in the NPRM the Bureau stated 
its intention to delete this data field from the publicly available 
data.
    The Bureau stated that disclosing individual contact information in 
the data in unmodified form would likely not disclose any information 
about an applicant or related natural person if such person were re-
identified. However, the Bureau stated that disclosing the name and 
contact information of natural persons designated by the financial 
institution would disclose information that may be harmful or sensitive 
to the identified financial institutions and their employees. Financial 
institutions have a legitimate interest in protecting the identities of 
their employees from the public, consistent with their job functions, 
and persons identified for purposes of questions about the financial 
institution's submission to the Bureau might not necessarily be 
responsible for engaging with the general public.
    The Bureau considered whether modification other than by excluding 
individual contact information would appropriately balance identified 
privacy risks and disclosure benefits. Because disclosure of this data 
field in unmodified form would not promote the purposes of section 1071 
and would likely reveal information that would be harmful or sensitive 
to a financial institution and its employees, the Bureau did not 
identify any such alternative. Accordingly, the Bureau stated that 
deleting individual contact information would appropriately balance the 
privacy risks and disclosure benefits of this data field.
    The Bureau received feedback from one trade association commenter, 
which supported the Bureau's analysis. The Bureau accordingly 
determines that the publication of the name and business contact 
information of a person who may be contacted by the Bureau or other 
regulators with questions about the financial institution's submission 
has minimal, if any, disclosure benefits. Moreover, the Bureau 
concludes that the publication of this information presents significant 
privacy risks because it may be harmful or sensitive to identified 
financial institutions and their employees. Accordingly, the Bureau is 
announcing its intention not to publish the name and business contact 
information of a person who may be contacted by the Bureau or other 
regulators with questions about the financial institution's submission.
xix. Free-Form Text
    The Bureau proposed to require financial institutions to use free-
form text to report certain data where they are reporting information 
that is not included in a list provided for the data fields. Under 
proposed Sec.  1002.107(a)(5), (6), (11), (12), and (20), free-form 
text could be used in reporting credit type (product and guarantee 
information); credit purpose; denial reasons; pricing (the interest 
rate index used); and principal owners' ethnicity, race, and sex.\904\ 
Financial institutions also would have had flexibility in describing 
certain identifying information provided under proposed Sec.  
1002.109(b). Free-form text used to report principal owners' ethnicity, 
race, and sex would have been completed based on information provided 
by applicants; all other free-form text would have been completed by 
the financial institution. As discussed above in the section-by-section 
analyses for particular data points within Sec.  1002.107(a), the 
Bureau is finalizing these data points with certain modifications. The 
free-form text aspect of Sec.  1002.109(b) is being finalized as 
proposed.
---------------------------------------------------------------------------

    \904\ Proposed Sec.  1002.107(a)(20) is being finalized as Sec.  
1002.107(a)(19).
---------------------------------------------------------------------------

    The Bureau explained that use of free-form text would allow the 
reporting of any information, including information that may be harmful 
or sensitive to applicants, related natural persons, and possibly the 
interests of financial institutions. The Bureau stated that such 
information might also create a significant risk of re-identification 
for applicants or related natural persons. Given the amount of data 
expected to be reported each year, the Bureau stated that it would not 
be feasible for it to

[[Page 35490]]

review free-form text before publishing the application-level data. 
Under the balancing test described in the NPRM, therefore, the Bureau 
initially assessed that deleting free-form text from the public 
application-level data (other than with respect to the financial 
institution identifying information described in part VIII.B.6.xviii 
above) would appropriately balance the benefits of disclosure with the 
risks to the privacy interests of applicants, related natural persons, 
and financial institutions.
    Several industry commenters generally supported deleting free-form 
text from the public application-level data. A bank noted that public 
the HMDA data do not include free-form text fields. A group of trade 
associations stated that deleting this information would appropriately 
balance privacy risks and disclosure benefits. In contrast, a CDFI 
lender urged the Bureau to publish free-form text fields arguing that 
such fields would include important information. This commenter 
suggested that the Bureau could adequately mitigate the risk that the 
free-form text would contain sensitive or harmful information by 
including a disclaimer on the data collection form that free-form text 
may be published.
    The Bureau reiterates that HMDA publication practices do not 
dictate decisions in this rule and that consistency between public 
section 1071 data and public HMDA data may not be appropriate in every 
instance. As an additional matter, the Bureau believes that a general 
disclaimer that free-form text may be published would not adequately 
mitigate those privacy risks. Among other considerations, because 
financial institutions will supply the content of most free-form text 
fields, applicants and related natural persons have no direct control 
over what information appears in those fields. Therefore, a disclaimer 
would provide applicants or related natural persons limited ability to 
mitigate their privacy risks.
    The Bureau agrees that certain free-form text fields may contain 
information that has some disclosure benefits. In particular, free-form 
text for the ethnicity, race, and sex data may contain information that 
is important to the statutory purposes of section 1071. As discussed in 
the section-by-section analysis of Sec.  1002.107(a)(19), the Bureau is 
finalizing a requirement whereby applicants will indicate principal 
owners' sex via a write-in option. While the Bureau cannot feasibly 
review for privacy risks all free-form text fields supplied by all 
financial institutions reporting data, the Bureau expects to review the 
free-form text provided by applicants regarding principal owners' sex. 
The Bureau anticipates that this free-form text will permit 
identification of certain response categories appropriate for 
publication, based on the Bureau's assessment of privacy risks. 
Similarly, the Bureau may be able to review ethnicity and race free-
form text, where it is provided, to discern response categories that 
may be appropriate for publication.
    The Bureau recognizes, however, that free-form text fields may 
present significant privacy risks if re-identification occurred. Such 
privacy risks would not be mitigated in the absence of pre-publication 
review. Accordingly, the Bureau is announcing its intention to delete 
free-form text from the public application-level data, other than with 
respect to ethnicity, race, and sex of principal owners described in 
part VIII.B.6.xvii and the financial institution identifying 
information described in part VIII.B.6.xviii. The Bureau will continue 
to consider whether modification techniques may be appropriate for the 
data fields for ethnicity, race, and sex of principal owners and 
certain financial institution identifying information.

IX. Dodd-Frank Act Section 1022(b)(2) Analysis

    The Bureau has considered the potential benefits, costs, and 
impacts of the final rule. The Bureau requested comment on the 
preliminary discussion presented below, as well as submissions of 
additional data that could inform the Bureau's consideration of the 
benefits, costs, and impacts of the proposed rule. In developing the 
rule, the Bureau has consulted or offered to consult with the 
prudential regulators (the Board of Governors of the Federal Reserve 
System, the Federal Deposit Insurance Corporation, the National Credit 
Union Administration, and the Office of the Comptroller of the 
Currency), the Department of Agriculture, the Department of Housing and 
Urban Development, the Department of Justice, the Department of the 
Treasury, the Economic Development Administration, the Farm Credit 
Administration, the Federal Trade Commission, the Financial Crimes 
Enforcement Network, and the Small Business Administration regarding, 
among other things, consistency with any prudential, market, or 
systemic objectives administered by such agencies.
    In the Dodd-Frank Act, which was enacted ``[t]o promote the 
financial stability of the United States by improving accountability 
and transparency in the financial system,'' Congress directed the 
Bureau to adopt regulations governing the collection of small business 
lending data. Under section 1071 of that Act, covered financial 
institutions must compile, maintain, and submit certain specified data 
points regarding applications for credit for women-owned, minority-
owned, and small businesses, along with ``any additional data that the 
Bureau determines would aid in fulfilling the purposes of [section 
1071].'' Under the final rule, covered financial institutions are 
required to collect and report the following data points: (1) a unique 
identifier, (2) application date, (3) application method, (4) 
application recipient, (5) credit type, (6) credit purpose, (7) amount 
applied for, (8) amount approved or originated, (9) action taken, (10) 
action taken date, (11) denial reasons, (12) pricing information, (13) 
census tract, (14) gross annual revenue, (15) NAICS code, (16) number 
of workers, (17) time in business, (18) minority-owned business status, 
women-owned business status, and LGBTQI+-owned business status, (19) 
ethnicity, race, and sex of principal owners, and (20) the number of 
principal owners.
    Under the final rule, financial institutions will be required to 
report data on small business credit applications under section 1071 if 
they originated at least 100 covered credit transactions in each of the 
two preceding calendar years. The Bureau is defining an application as 
an oral or written request for a covered credit transaction that is 
made in accordance with the procedures used by a financial institution 
for the type of credit requested, with some exceptions. Loans, lines of 
credit, credit cards, and merchant cash advances (including such credit 
transactions for agricultural purposes) all fall within the 
transactional scope of this final rule. The Bureau is excluding trade 
credit, transactions that are reportable under the Home Mortgage 
Disclosure Act of 1975 (HMDA),\905\ insurance premium financing, public 
utilities credit, securities credit, and incidental credit. Factoring, 
leases, and consumer-designated credit that is used for business or 
agricultural purposes are also not covered credit transactions. In 
addition, the Bureau has made clear that purchases of originated 
covered credit transactions are not reportable. For purposes of the 
final rule, a business is a small business if its gross annual revenue 
for its preceding fiscal year is $5 million or less.
---------------------------------------------------------------------------

    \905\ 12 U.S.C. 2801 et seq.

---------------------------------------------------------------------------

[[Page 35491]]

A. Statement of Need

    Congress directed the Bureau to adopt regulations governing the 
collection of small business lending data. Specifically, section 1071 
of the Dodd-Frank Act amended ECOA to require financial institutions to 
compile, maintain, and submit to the Bureau certain data on 
applications for credit for women-owned, minority-owned, and small 
businesses. Congress enacted section 1071 for the purpose of 
facilitating enforcement of fair lending laws and enabling communities, 
governmental entities, and creditors to identify business and community 
development needs and opportunities of women-owned, minority-owned, and 
small businesses. The Bureau is issuing this final rule to implement 
the section 1071 mandate.
    Small businesses play a key role in fostering community development 
and fueling economic growth both nationally and in their local 
communities.\906\ However, comprehensive data on loans to small 
businesses currently are limited. The largest sources of information on 
lending by depository institutions (i.e., banks, savings associations, 
and credit unions) are the FFIEC and NCUA Call Reports and reporting 
under the CRA. Under the FFIEC Call Report and CRA reporting 
requirements, small loans to businesses of any size are used in whole 
or in part as a proxy for loans to small businesses. The FFIEC Call 
Report captures banks' and savings associations' total outstanding 
number and amount of small loans to businesses (that is, loans 
originated under $1 million to businesses of any size; small loans to 
farms are those originated under $500,000) by institution.\907\ The CRA 
currently requires banks and savings associations with assets over a 
specified threshold ($1.384 billion as of 2022) \908\ to report data on 
loans to businesses with origination amounts of $1 million or less; 
reporters are asked to indicate whether the borrower's gross annual 
revenue is $1 million or less, if they have that information.\909\ 
Under the CRA, banks and savings associations currently report 
aggregate numbers and values of originations at an institution level 
and at various geographic levels. The NCUA Call Report captures credit 
unions' total originations, but not applications, on all loans over 
$50,000 to members for commercial purposes, regardless of any indicator 
about the business's size.\910\ Some federally-funded loan programs, 
such as the SBA's 7(a) or 504 programs and the CDFI Fund require 
reporting of loan-level data, but only for loans that received support 
under those programs. Nondepository institutions do not report small 
business lending applications under any of these reporting regimes. 
There are no similar sources of information about lending to small 
businesses by nondepository institutions.
---------------------------------------------------------------------------

    \906\ See generally White Paper.
    \907\ See FFIEC Call Report at Schedule RC-C Part II.
    \908\ See Fed. Fin. Insts. Examination Council, Explanation of 
the Community Reinvestment Act Asset-Size Threshold Change (2022), 
https://www.ffiec.gov/cra/pdf/2022_Asset_Size_Threshold.pdf.
    \909\ See 2015 FFIEC CRA Guide at 11, 13. Small business loans 
are defined for CRA purposes as loans whose original amounts are $1 
million or less and that were reported on the institution's Call 
Report or Thrift Financial Report (TFR) as either ``Loans secured by 
nonfarm or nonresidential real estate'' or ``Commercial and 
industrial loans.'' Small farm loans are defined for CRA purposes as 
loans whose origination amounts are $500,000 or less and were 
reported as either ``Loans to finance agricultural production and 
other loans to farmers'' or ``Loans secured by farmland.''
    \910\ See Nat'l Credit Union Admin., Call Report Form 5300 (June 
2020), https://www.ncua.gov/files/publications/regulations/form-5300-june-2020.pdf.
---------------------------------------------------------------------------

    There are also a variety of non-governmental data sources, issued 
by both private and nonprofit entities, that cover small businesses 
and/or the small business financing market. These include datasets and 
surveys published by commercial data and analytics firms, credit 
reporting agencies, trade associations, community groups, and academic 
institutions. See part II.B for additional information on these 
sources. While these non-public sources of data on small businesses may 
provide a useful supplement to existing Federal sources of small 
business lending data, these private and nonprofit sources often do not 
have lending information, may rely on unverified research based on 
public internet sources, and/or narrowly limit use cases for parties 
accessing data. Further, commercial datasets are generally not free to 
public users and can be costly, raising equity issues for stakeholders 
who cannot afford access.
    Under the final rule, covered financial institutions are required 
to compile, maintain, and submit data regarding the ethnicity, race, 
and sex of the principal owners of the business and whether the 
business is women-owned, minority-owned, or LGBTQI+-owned. No other 
source of data comprehensively collects this type of protected 
demographic information on small business loan applications.
    Section 1071 requires financial institutions to report detailed 
application-level data to the Bureau, and for the Bureau to generally 
make it available to the public on an annual basis (subject to any 
deletions or modifications that the Bureau determines would advance a 
privacy interest). Such information will constitute a public good that 
illuminates the lending activities of financial institutions and the 
small business lending market in general. In particular, the public 
provision of application-level data, subject to any deletions or 
modifications that the Bureau determines would appropriately protect 
privacy interests, will: (1) provide communities, governmental 
entities, and financial institutions additional information to help 
identify business and community development needs and opportunities of 
small businesses and (2) allow members of the public, public officials, 
and other stakeholders to better assess compliance with 
antidiscrimination statutes.
    First, the data made public pursuant to the final rule and the 
Bureau's subsequent privacy analysis will provide information that 
could help to improve credit outcomes in the small business lending 
market, furthering the community development purpose of the rule. As 
discussed above, market-wide data on small business credit transactions 
are currently limited. Neither the public nor private sectors provide 
extensive data on credit products or terms. Small business owners have 
access to very little information on typical rates or products offered 
by different lenders. As a result of the data that will be made public 
pursuant to the final rule and subject to modification and deletion 
decisions by the Bureau, community development groups and commercial 
services will be able to provide better information to small 
businesses. For example, a commercial provider could provide small 
businesses with information on what products lenders typically offer 
and at what rates. These data will allow small business owners to more 
easily compare credit terms and evaluate credit alternatives; without 
these data, small business owners are limited in their ability to shop 
for the credit product that best suits their needs at the best price. 
By engaging in more informed shopping, small business owners may 
achieve better credit outcomes.
    Furthermore, communities will use data to identify gaps in access 
to credit and capital for small businesses. Financial institutions can 
analyze data to understand small business lending market conditions and 
determine how best to provide credit to borrowers. Currently, financial 
institutions are not able to conduct very granular or

[[Page 35492]]

comprehensive analyses because the data on small business lending are 
limited. The data made public pursuant to the final rule and subsequent 
privacy analysis will allow financial institutions to better understand 
the demand for small business credit products and the conditions under 
which they are being supplied by other covered financial institutions. 
The data will help enable institutions to identify potentially 
profitable opportunities to extend credit. They will additionally allow 
governmental entities to better develop targeted lending programs, loan 
funds, small business incubators, and other community-driven 
initiatives. Small business owners, as a result, could benefit from 
increased credit availability.
    Second, while data made public pursuant to the final rule and 
subsequent privacy analysis may not constitute conclusive evidence of 
credit discrimination on its own, the data will enable members of the 
public, regulators, and other stakeholders to better identify lending 
patterns consistent with noncompliance with antidiscrimination 
statutes. As described above, there are currently no application-level 
data comprehensive enough or that contain the demographic information 
required by the final rule to enable the public to conduct these kinds 
of analyses. The data made public pursuant to the final rule and 
subsequent privacy analysis will be comprehensive and contain the 
necessary data fields for such analysis. Users will be able to examine 
whether, for example, a lender denies applications from women-owned, 
minority-owned, or LGBTQI+-owned businesses at higher rates than those 
that are not or whether these businesses are charged higher prices. 
This kind of transparency can place appropriate pressure on covered 
financial institutions to ensure that their credit lending practices 
comply with relevant laws. Additionally, data collected under the final 
rule will contain the data fields that allow users to conduct more 
accurate fair lending analyses by comparing applications for credit 
products with similar characteristics.

B. Baseline for the Consideration of Costs and Benefits

    In evaluating the benefits, costs, and impacts of the final rule, 
the Bureau takes as a baseline the current legal framework governing 
financial markets, i.e., the current state of the world before the 
Bureau's rule implementing section 1071. Under this baseline, the 
Bureau assumes that institutions are complying with regulations that 
they are currently subject to, including reporting data under HMDA, 
CRA, and any State commercial financing disclosure laws.\911\ The 
Bureau believes that such a baseline will also provide the public with 
better information about the benefits and costs of this rule.
---------------------------------------------------------------------------

    \911\ See, e.g., N.Y. S.898 (signed Jan. 6, 2021) (amending 
S.5470-B), https://legislation.nysenate.gov/pdf/bills/2021/s898; 
Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; Virginia H. 1027 
(enacted Apr. 11, 2022), https://lis.virginia.gov/cgi-bin/legp604.exe?221+ful+CHAP0516; Utah S.B. 183 (enacted Mar. 24, 2022), 
https://le.utah.gov/~2022/bills/static/SB0183.html.
---------------------------------------------------------------------------

    The Bureau received no comments regarding its choice of baseline 
for its section 1022(b)(2) analysis.

C. Basic Approach of the Bureau's Consideration of Benefits and Costs 
and Data Limitations

    Pursuant to section 1022(b)(2)(A) of the Dodd-Frank Act,\912\ in 
prescribing a rule under the Federal consumer financial laws (which 
include ECOA and title X of the Dodd-Frank Act), the Bureau is required 
to consider the potential benefits and costs to ``consumers'' and 
``covered persons,'' including the potential reduction of access by 
consumers to consumer financial products or services resulting from 
such rule, and the impact of final rules on covered persons as 
described under section 1026 of the Dodd-Frank Act \913\ (i.e., 
depository institutions and credit unions with $10 billion or less in 
total assets), and the impact on consumers in rural areas.
---------------------------------------------------------------------------

    \912\ 12 U.S.C. 5512(b)(2)(A).
    \913\ 12 U.S.C. 5516.
---------------------------------------------------------------------------

    The Dodd-Frank Act defines the term ``consumer'' as an individual 
or someone acting on behalf of an individual, while a ``covered 
person'' is one who engages in offering or providing a ``consumer 
financial product or service,'' which means a financial product or 
service that is provided to consumers primarily for ``personal, family, 
or household purposes.'' \914\ In the rulemaking implementing section 
1071, however, the only parties directly affected by the rule are small 
businesses (rather than individual consumers) and the financial 
institutions from whom they seek credit (rather than covered persons). 
Accordingly, a section 1022(b)(2)(A) analysis that considers only the 
costs and benefits to individual consumers and to covered persons would 
not meaningfully capture the costs and benefits of the rule.
---------------------------------------------------------------------------

    \914\ 12 U.S.C. 5481(4) through (6).
---------------------------------------------------------------------------

    Below, the Bureau conducts the statutorily required analysis with 
respect to the rule's effects on consumers and covered persons. 
Additionally, the Bureau is electing to conduct this same analysis with 
respect to small businesses and the financial institutions required to 
compile, maintain, and submit data under the final rule. This 
discussion relies on data that the Bureau has obtained from industry, 
other regulatory agencies, and publicly available sources. However, as 
discussed further below, the data limit the Bureau's ability to 
quantify the potential costs, benefits, and impacts of the final rule.
1. Analysis With Respect to Consumers and Covered Persons
    The final rule implements a data collection regime in which certain 
covered financial institutions must compile, maintain, and submit data 
with respect to applications for credit for small businesses. The rule 
will not directly impact consumers or consumers in rural areas, as 
those terms are defined by the Dodd-Frank Act. However, some consumers 
will be directly impacted in their separate capacity as sole owners of 
small businesses covered by the rule. Some covered persons, including 
some that are depository institutions or credit unions with $10 billion 
or less in total assets, will be directly affected by the rule not in 
their capacity as covered persons (i.e., as offerors or providers of 
consumer financial products or services) but in their separate capacity 
as financial institutions that offer small business credit covered by 
the rule. The costs, benefits, and impact of the rule on those entities 
are discussed below.
2. Costs to Covered Financial Institutions
    The final rule establishes which financial institutions, 
applicants, transactions, and data points are covered by its 
requirements. In order to precisely quantify the costs to covered 
financial institutions, the Bureau would need representative data on 
the operational costs that financial institutions would incur to gather 
and report 1071 data, one-time costs for financial institutions to 
update or create reporting infrastructure to implement the final rule, 
and information on the level of complexity of financial institutions' 
business models and compliance systems. Currently, the Bureau does not 
believe that data on section 1071 reporting costs with this level of 
granularity are systematically available from any source. The Bureau 
has made reasonable efforts to gather data on section 1071 reporting 
costs.

[[Page 35493]]

Through outreach efforts with industry, community groups, and other 
regulatory agencies, the Bureau has obtained some information about 
potential ongoing operational and one-time compliance costs, and the 
discussion below uses this information to quantify certain costs of the 
final rule. Throughout the section 1022 discussion in the NPRM, the 
Bureau also solicited feedback about data or methodologies that would 
enable it to more precisely estimate the benefits, costs, and impacts 
of the proposed rule. The Bureau has reviewed these comments and 
considered the information provided by the commenters. The Bureau 
believes that the discussion herein constitutes the most comprehensive 
assessment to date of the costs of section 1071 reporting by financial 
institutions, as well as the most accurate estimates of costs given 
available information. However, the Bureau recognizes that these 
estimations may not fully quantify the costs to each covered financial 
institution, especially given the wide variation of section 1071 
reporting costs among financial institutions.
    The Bureau categorizes costs required to comply with the final rule 
into ``one-time'' and ``ongoing'' costs. ``One-time'' costs refer to 
expenses that the financial institution will incur initially and only 
once to implement changes required in order to comply with the 
requirements of this rule. ``Ongoing'' costs are expenses incurred as a 
result of the ongoing reporting requirements of the rule, accrued on an 
annual basis. In considering the costs and impacts of the rule, the 
Bureau has engaged in a series of efforts to estimate the cost of 
compliance by covered entities. The Bureau conducted a One-Time Cost 
Survey, discussed in more detail in part IX.E.1 below, to learn about 
the one-time implementation costs associated with implementing section 
1071 and adapted ongoing cost calculations from previous rulemaking 
efforts. The Bureau evaluated the one-time costs of implementing the 
procedures necessary and the ongoing costs of annually reporting under 
the rule in part IX.F.3 below. The discussion below provides details on 
the Bureau's approach in performing these institution-level analyses. 
The Bureau realizes that costs vary by institution due to many factors, 
such as size, operational structure, and product complexity, and that 
this variance exists on a continuum that is impossible to fully 
represent. In order to conduct a cost consideration that is both 
practical and meaningful in light of these challenges, the Bureau has 
chosen an approach that focuses on three representative types of 
financial institutions. For each type, the Bureau has produced 
reasonable estimates of the costs of compliance given the limitations 
of the available data. Part IX.F.3 below provides additional details on 
this approach.
3. Costs to Small Businesses
    The Bureau has elected to estimate the costs to small businesses in 
addition to those for covered financial institutions. The Bureau 
expects the direct costs of the final rule to small businesses will be 
negligible. Therefore, the Bureau focuses its analysis on whether and 
how the Bureau expects financial institutions to pass on the costs of 
compliance with the final rule to small businesses and any possible 
effects on the availability or terms of small business credit. The 
Bureau relies on economic theory to understand the potential for costs 
to financial institutions to be passed on to small businesses. Further, 
the Bureau describes feedback received through the One-Time Cost Survey 
process, the SBREFA process, and comments from the NPRM process on how 
creditors might react to increased compliance costs due to the final 
rule.
4. Benefits to Small Businesses and Covered Financial Institutions
    Quantifying benefits to small businesses presents substantial 
challenges. As discussed above, Congress enacted section 1071 for the 
purpose of facilitating enforcement of fair lending laws and enabling 
communities, governmental entities, and creditors to identify business 
and community development needs and opportunities of women-owned, 
minority-owned, and small businesses. The Bureau is unable to readily 
quantify any of these benefits with precision, both because the Bureau 
does not have the data to quantify all benefits and because the Bureau 
is not able to assess completely how effective the implementation of 
section 1071 will be in achieving those benefits. The Bureau believes 
that its final rule appropriately implements the statutory mandate of 
section 1071 to effectuate the section's stated purposes. As discussed 
further below, as a data reporting rule, most provisions of the final 
rule will benefit small businesses in indirect ways, rather than 
directly. Nevertheless, the Bureau believes that the impact of enhanced 
transparency will substantially benefit small businesses. For example, 
the final rule will facilitate the detection (and thus remediation) of 
discrimination; promote public and private investment in certain 
underserved markets; and promote competitive markets. Quantifying and 
monetizing these benefits would require identifying all possible uses 
of data collected under this rule, establishing causal links to the 
resulting public benefits, and then quantifying the magnitude of these 
benefits.
    Similar issues arise in attempting to quantify the benefits to 
covered financial institutions. Certain benefits to covered financial 
institutions are difficult to quantify. For example, the Bureau 
believes that the data collected under this rule will reduce the 
compliance burden of fair lending reviews for lower risk financial 
institutions by reducing the ``false positive'' rates during fair 
lending prioritization by regulators. That is, by providing more 
comprehensive application-level data about a covered institution's 
lending to small businesses, regulators will be able to better identify 
fair lending risks and, as such, more efficiently prioritize their fair 
lending examinations and enforcement activities. The Bureau also 
believes that data made public pursuant to the final rule will allow 
financial institutions to better understand the demand for small 
business credit products and the conditions under which they are being 
supplied by other covered financial institutions and to identify 
potentially profitable opportunities to extend credit. The Bureau 
believes that such benefits to financial institutions could be 
substantial. However, quantifying them would require data that are 
currently unavailable.
    In light of these data limitations, the discussion below generally 
provides a qualitative consideration of the benefits and impacts of the 
final rule. General economic principles, together with the limited data 
available, provide insight into these benefits and impacts. Where 
possible, the Bureau makes quantitative estimates based on these 
principles and the data that are available. Quantifying these benefits 
is difficult because the size of each effect cannot be known in 
advance. Given the number of small business credit transactions and the 
size of the small business credit market, however, small changes in 
behavior can have substantial aggregate effects.
5. General Comments on the Impact Analyses in the Proposed Rulemaking
    Throughout the Dodd-Frank Act section 1022 discussion in the 
NPRM,\915\ the Bureau solicited feedback that would enable it to 
estimate the benefits, costs, and impacts of the

[[Page 35494]]

proposed regulation more precisely. The Bureau, for example, solicited 
comments on its methodology for estimating one-time and ongoing costs, 
the estimates of the specific costs themselves, and any information 
that would help it better quantify the benefits and potential impacts 
on small businesses and covered financial institutions. Many commenters 
made general statements, while several provided comments specific to 
certain methodologies or estimates. In this section, the Bureau 
describes the comments more generally, while in subsequent sections, it 
discusses comments specific to those sections.
---------------------------------------------------------------------------

    \915\ See 86 FR 56356, 56540-64 (Oct. 8, 2021).
---------------------------------------------------------------------------

    Commenters offered general remarks on the quality of the Bureau's 
one-time and ongoing cost estimates. Several community groups described 
the Bureau's estimates as ``well-considered'' or described the costs of 
the proposed rule as being outweighed by the benefits. In contrast, 
some industry commenters and an office of a Federal agency generally 
asserted that the Bureau's cost estimates were too low. The Bureau has 
reviewed its estimates and considered the information provided by the 
commenters. In the sections below, the Bureau describes specific 
comments related to each section of benefits, costs, and the potential 
impact on small entities. The methodology described in the sections 
below for the final rule is the same methodology that the Bureau used 
in the NPRM unless otherwise noted.

D. Coverage of the Final Rule

1. Coverage in General
    The final rule provides that financial institutions (both 
depository and nondepository) that meet all the other criteria for a 
``financial institution'' in Sec.  1002.105(a) would only be required 
to collect and report section 1071 data if they originated at least 100 
covered credit transactions in each of the two preceding calendar 
years. See final Sec.  1002.105(b).
    As discussed above, market-wide data on small business lending are 
currently limited. The Bureau is unaware of any comprehensive data 
available on small business originations for all financial 
institutions, which are needed in order to precisely identify all 
institutions covered by the rule. To estimate coverage of the final 
rule, the Bureau uses publicly available data for financial 
institutions divided into two groups: depository (i.e., banks, savings 
associations, and credit unions) and nondepository institutions.
    To estimate coverage of depository institutions, the Bureau relies 
on NCUA Call Reports to estimate coverage for credit unions, including 
for those that are not federally insured, and FFIEC Call Reports and 
the CRA data to estimate coverage for banks and savings associations. 
For the purposes of the analysis in this section of part IX, the Bureau 
estimates the number of depository institutions that would have been 
required to report small business lending data in 2019, based on the 
estimated number of originations of covered products for each 
institution in 2017 and 2018.\916\ The Bureau accounts for mergers and 
acquisitions between 2017 and 2019 by assuming that any depository 
institutions that merged in those years report as one institution.
---------------------------------------------------------------------------

    \916\ The Bureau uses 2019 instead of 2020 or 2021 in order to 
estimate coverage during, or based on, a year unaffected by COVID-19 
pandemic conditions.
---------------------------------------------------------------------------

    As discussed above, the NCUA Call Report captures the number and 
dollar value of originations on all loans over $50,000 to members for 
commercial purposes, regardless of any indicator about the business's 
size. For the purposes of estimating the impacts of the final rule, the 
Bureau uses the annual number of originated commercial loans to members 
reported by credit unions as a proxy for the annual number of 
originated covered credit transactions under the rule.\917\ These are 
the best data available for estimating the number of credit unions that 
may be covered by the final rule. However, the Bureau acknowledges that 
the true number of covered credit unions may be different than what is 
presented here. For example, this proxy would overestimate the number 
of credit unions that will be covered if some commercial loans to 
members are not covered because the member is taking out a loan for a 
business considered large under the definition of a small business in 
the final rule. Alternatively, this proxy would underestimate the 
number of credit unions covered by the final rule if credit unions 
originate a substantial number of covered credit transactions with 
origination values under $50,000.
---------------------------------------------------------------------------

    \917\ For this analysis, the Bureau includes all types of 
commercial loans to members except construction and development 
loans and loans secured by multifamily residential property. This 
includes loans secured by farmland; loans secured by owner-occupied, 
non-farm, non-residential property; loans secured by non-owner 
occupied, non-farm, non-residential property; loans to finance 
agricultural production and other loans to farmers; commercial and 
industrial loans; unsecured commercial loans; and unsecured 
revolving lines of credit for commercial purposes.
---------------------------------------------------------------------------

    The FFIEC Call Report captures banks' and savings associations' 
outstanding number and amount of small loans to businesses (i.e., loans 
originated under $1 million to businesses of any size; small loans to 
farms are those originated under $500,000). The CRA requires banks and 
savings associations with assets over a specified threshold ($1.384 
billion as of 2022) \918\ to report loans to businesses in original 
amounts of $1 million or less. For the purposes of estimating the 
impacts of the final rule, the Bureau follows the convention of using 
small loans to businesses as a proxy for loans to small businesses and 
small loans to farms as a proxy for loans to small farms. These are the 
best data available for estimating the number of banks and savings 
associations that may be covered by the final rule. However, the Bureau 
acknowledges that the true number of covered banks and savings 
associations may be different than what is presented here. For example, 
this proxy would overestimate the number of banks and savings 
associations covered by the rule if a significant number of small loans 
to businesses and farms are to businesses or farms that are considered 
large under the definition of a small business in the final rule. 
Alternatively, this proxy would underestimate the number of banks and 
savings associations covered by the rule if a significant number of 
businesses and farms that are small under the final rule take out loans 
that are larger than $1 million for businesses or $500,000 for farms.
---------------------------------------------------------------------------

    \918\ See Fed. Fin. Insts. Examination Council, Explanation of 
the Community Reinvestment Act Asset-Size Threshold Change (2022), 
https://www.ffiec.gov/cra/pdf/2022_Asset_Size_Threshold.pdf.
---------------------------------------------------------------------------

    Although banks and savings associations reporting under the CRA are 
required to report the number of originations of small loans to 
businesses and farms, the Bureau is not aware of any comprehensive 
dataset that contains originations made by banks and savings 
associations below the CRA reporting threshold. To fill this gap, the 
Bureau simulated plausible values for the annual number and dollar 
value of originations for each bank and savings association that falls 
below the CRA reporting threshold for 2017, 2018, and 2019.\919\ The 
Bureau generated simulated originations in order to account for the 
uncertainty around the exact number and value of originations

[[Page 35495]]

for these banks and savings associations. To simulate these values, the 
Bureau assumes that these banks have the same relationship between 
outstanding and originated small loans to businesses and farms as banks 
and savings associations above the CRA reporting threshold. First, the 
Bureau estimated the relationship between originated and outstanding 
numbers and balances of small loans to businesses and farms for CRA 
reporters. Then the Bureau used this estimate, together with the 
outstanding numbers and balances of small loans to businesses and farms 
of non-CRA reporters, to simulate these plausible values of 
originations. The Bureau has documented this methodology in more detail 
in its Supplemental estimation methodology for institutional coverage 
and market-level cost estimates in the small business lending rule 
released concurrently with this final rule.\920\
---------------------------------------------------------------------------

    \919\ Based on FFIEC Call Report data as of December 2019, of 
the 5,177 banks and savings associations that existed in 2019, only 
about 11 percent were required to report under CRA. That is, only 
about 11 percent of banks and savings associations had assets below 
$1.284 billion, the CRA reporting threshold in 2019. See Fed. Fin. 
Insts. Examination Council, 2019 Reporting Criteria, https://www.ffiec.gov/cra/reporter19.htm (last visited Mar. 20, 2023).
    \920\ This document is available at https://www.consumerfinance.gov/data-research/research-reports/supplemental-estimation-methodology-institutional-coverage-market-level-cost-estimates-small-business-lending-rulemaking/.
---------------------------------------------------------------------------

    Based on 2019 data from FFIEC and NCUA Call Reports and the CRA 
data, using the methodology described above, the Bureau estimates that 
the number of depository institutions that will be required to report 
under the final rule is between approximately 1,800 and 2,000, as shown 
in Table 3 below. The Bureau estimates that between 1,700 and 1,900 
banks and savings associations and about 100 credit unions will be 
required to report under the final rule. These ranges represent 95 
percent confidence intervals over the number of credit unions, banks 
and savings associations that will be covered under the final rule. The 
Bureau presents this range to reflect the uncertainty associated with 
the estimates and notes that the uncertainty is driven by the lack of 
data on originations by banks and savings associations below the CRA 
reporting threshold.

           Table 3--Estimated Depository Institution Coverage
                              [As of 2019]
------------------------------------------------------------------------
            Coverage category                   Estimated coverage
------------------------------------------------------------------------
Institutions Subject to 1071 Reporting..  1,800-2,000 depository
                                           institutions (17%-19% of all
                                           depository institutions).
Banks and Savings Associations (SAs)      1,700-1,900 banks and SAs (33%-
 Subject to Reporting.                     36% of all banks and SAs).
Credit Unions Subject to Reporting......  100 credit unions (2% of all
                                           credit unions).
Share of Total Small Business Credit by   94.2%-95.1%.
 Depository Institutions (Number of
 Loans Originated) Captured.
Share of Total Small Business Credit by   81.0%-83.0%.
 Depository Institutions (Dollar Value
 of Loans Originated) Captured.
------------------------------------------------------------------------

    For nondepositories, the Bureau estimates that about 620 
nondepository institutions will be covered by the final rule: about 140 
nondepository CDFIs; about 70 merchant cash advance providers; about 30 
online lenders; about 240 commercial finance companies; about 70 
governmental lending entities; and 71 Farm Credit System members.\921\ 
See part II.D above for more detail on how the Bureau arrived at these 
estimates.
---------------------------------------------------------------------------

    \921\ The Bureau provides estimates for the majority of 
nondepository institutions but knows an exact number of members of 
the Farm Credit System. To estimate the number of Farm Credit System 
members, the Bureau considers the Young, Beginning, and Small 
Farmers Reports for all Farm Credit System members as of December 
31, 2019. The reports can be found at https://reports.fca.gov/CRS/ 
(last visited Mar. 20, 2023). A Farm Credit System is covered if it 
reported more than 100 total number of loans on its Young, 
Beginning, and Small Farmers Report in 2019.
---------------------------------------------------------------------------

    Comments on the estimates of coverage of the proposed rule. In the 
NPRM, the Bureau sought comment on whether there are additional data 
sources that could provide better estimates of coverage and on the 
methods used to estimate coverage. Two trade associations commented 
that the Bureau substantially underestimates the coverage of credit 
unions because it does not account for small business loans under 
$50,000. The Bureau acknowledges this limitation of the estimation 
methodology, as discussed above, but did not receive any information 
upon which to base better coverage estimates for credit unions for 
purposes of the final rule.
2. Coverage Based on Tiered Compliance Dates
    The final rule provides that the initial compliance date for 
covered financial institutions will occur in three tiers; a covered 
financial institution will determine its compliance date tier based on 
the number of covered credit transactions that it originated in each of 
the calendar years 2022 and 2023.\922\ In this section, the Bureau 
presents estimates of the share of covered financial institutions that 
will report in each tier.
---------------------------------------------------------------------------

    \922\ A covered financial institution is in Tier 1, as specified 
by final Sec.  1002.114(b)(1), if it has at least 2,500 originations 
of covered credit transactions in each of 2022 and 2023, with a 
compliance date of October 1, 2024. A covered financial institution 
is in Tier 2, as specified by final Sec.  1002.114(b)(2), if it has 
at least 500 originations in each of 2022 and 2023 (but isn't in 
Tier 1) with a compliance date of April 1, 2025. A covered financial 
institution is in Tier 3, as specified by final Sec.  1002.114(b)(3) 
and (4), if it has at least 100 originations in each of 2022 and 
2023 (but isn't in Tiers 1 or 2), with a compliance date of January 
1, 2026. Financial institutions that do not fall into any of the 
compliance tiers based on 2022 and 2023 originations, but that 
originate 100 more covered credit transactions in subsequent years, 
would comply beginning January 1, 2026 at the earliest.
---------------------------------------------------------------------------

    The Bureau uses the estimates of originations of covered products 
by depository institutions in 2017 and 2018, discussed above, to 
estimate how many covered depository institutions will report in each 
tier. A covered depository institution is expected to report in Tier 1 
if it originated at least 2,500 covered credit transactions in each of 
2017 and 2018. A covered depository institution is expected to report 
in Tier 2 if it originated at least 500 covered credit transactions in 
each of 2017 and 2018 and was not required to report in Tier 1. A 
covered depository institution is expected to report in Tier 3 if it 
originated at least 100 covered credit transactions in each of 2017 and 
2018 and was not required to report in Tier 1 or Tier 2. The Bureau 
also estimates the percent of covered applications from 2019 that are 
received by depository institutions in each tier.
    Table 4, below, presents estimates of percentages of covered banks 
and credit unions that will report in each tier. The Bureau estimates 
that most covered banks, savings associations, and credit unions will 
not be required to report until Tier 3, as seen in the first two rows

[[Page 35496]]

of the table. However, the next two rows show that most applications to 
banks and savings associations (and overall) for covered products in 
the first reporting year will be received by the 5 percent to 6 percent 
of covered banks and savings associations that are expected to report 
in Tier 1.

                   Table 4--Estimated Depository Institution Coverage by Compliance Tier \923\
----------------------------------------------------------------------------------------------------------------
          Coverage category                     Tier 1                   Tier 2                   Tier 3
----------------------------------------------------------------------------------------------------------------
Percent Covered Banks and SAs          5%-6% of covered banks   17%-19% of covered       75%-77% of covered
 Reporting in Tier.                     and SAs.                 banks and SAs.           banks and SAs.
Percent Covered Credit Unions          0% of covered credit     13% of covered credit    87% of covered credit
 Reporting in Tier.                     unions.                  unions.                  unions.
Percent of Covered Small Business      90%-92% of covered bank  4%-5% of covered bank    4%-5% of covered bank
 Credit Applications by Banks and SAs   and SA applications.     and SA applications.     and SA applications.
 Captured in Tier.
Percent of Covered Small Business      0% of covered credit     55% of covered credit    46% of covered credit
 Credit Applications by Credit Unions   union applications.      union applications.      union applications.
 Captured in Tier.
----------------------------------------------------------------------------------------------------------------

    As discussed above, the Bureau is unaware of any institution-level 
data of originations for nondepository institutions that would allow 
for precise estimates of when these institutions are expected to 
report. Consistent with assumptions made below to generate market-level 
estimates, the Bureau assumes that online lenders and merchant cash 
advance providers each originate 2,000 covered credit transactions per 
year and all other nondepository institutions originate 200 loans per 
year. These assumptions imply that all online lenders and merchant cash 
advance providers would be required to report in Tier 2 and all other 
nondepository institutions would be required to report in Tier 3.
---------------------------------------------------------------------------

    \923\ To estimate applications, the Bureau assumes that 
depository institutions with that originate 1,000 or more covered 
credit transactions per year receive 3 applications per origination 
and depository institutions that originate fewer than 1,000 covered 
credit transactions per year receive 2 applications per origination.
---------------------------------------------------------------------------

E. Methodology for Generating Cost Estimates

    The Bureau used its 2015 HMDA final rule estimates as the basis for 
its review of 1071 data collection and reporting tasks that would 
impose one-time and ongoing costs. In developing its ongoing cost 
methodology to estimate the impacts of its 2015 HMDA final rule, the 
Bureau used interviews with financial institutions to understand the 
processes of complying with a regulation that requires collecting and 
reporting credit application data and to generate estimates of how 
changes to the reporting requirements would impact the ongoing costs of 
collecting and reporting mortgage application data.\924\ To analyze the 
potential impacts of this final rule, the Bureau adapted its 
methodology from its 2015 HMDA rulemaking activities to the small 
business lending market. The methodology described below to estimate 
costs of the final rule is the same as the methodology used in the NPRM 
unless otherwise noted.
---------------------------------------------------------------------------

    \924\ Home Mortgage Disclosure (Regulation C), 80 FR 66128, 
66269 (Oct. 28, 2015).
---------------------------------------------------------------------------

    The Bureau expects that the tasks required for data collection, 
checking for accuracy, and reporting under the final rule will be 
similar to those under the 2015 HMDA final rule. The similarities in 
data collection and reporting tasks allowed the Bureau to leverage its 
previous rulemaking experience in its analysis of the impacts of this 
final rule. Outreach to industry, as well as feedback during the SBREFA 
process and in NPRM comments, validated this approach in general. The 
Bureau received no comments objecting to its use of the 2015 HMDA final 
rule impacts estimates as the basis for its methodology for the final 
rule implementing section 1071.
    However, there are significant differences between the home 
mortgage and small business lending markets. For example, small 
business lending is generally less automated, and has a wider variety 
of products, smaller volumes, and smaller credit amounts. The Bureau 
used the SBREFA process, NPRM comments, research using publicly 
available information, and the Bureau's general expertise regarding the 
small business lending market to determine how these differences would 
change the tasks required for data collection, checking for accuracy, 
and reporting under the final rule.
    During the 2015 HMDA rulemaking process, the Bureau identified 
seven key aspects or dimensions of compliance costs with a data 
collection and reporting rule: (1) the reporting system used; (2) the 
degree of system integration; (3) the degree of system automation; (4) 
the tools for geocoding; (5) the tools for performing completeness 
checks; (6) the tools for performing edits; and (7) the compliance 
program. The Bureau assumes that financial institutions will set up 
their section 1071 reporting in a manner similar to how HMDA reporting 
was implemented.\925\ As discussed in more detail below, this approach 
was generally supported by the SBREFA process and NPRM commenters.
---------------------------------------------------------------------------

    \925\ For example, the Bureau assumes that financial 
institutions will integrate their small business data management 
system with their other data systems the same way that similar 
institutions integrated their HMDA management system.
---------------------------------------------------------------------------

    The Bureau found during the HMDA rulemaking process that, 
generally, the complexity of a financial institution's approach across 
key aspects or dimensions was consistent--that is, a financial 
institution generally would not use less complex approaches on some 
dimensions and more complex approaches on others.\926\ This allowed the 
Bureau to classify financial institutions, including depository 
institutions and nondepository institutions, into three broad types 
according to the overall level of complexity of their compliance 
operations. Using very similar assumptions to those used in the 2015 
HMDA rulemaking, the Bureau's estimation of the costs of this final 
rule also assumes that complexity across key aspects or dimensions of a 
financial institution's small business lending data collection and 
reporting system is consistent.
---------------------------------------------------------------------------

    \926\ 80 FR 66128, 66269 (Oct. 28, 2015).
---------------------------------------------------------------------------

    Table 5, below, summarizes the typical approach to those seven key 
aspects or dimensions of compliance costs across three representative 
types of financial institutions based on level of complexity in 
compliance operations. Financial institutions that are Type A have the 
lowest level of complexity in

[[Page 35497]]

compliance operations, while Type B and Type C have the middle and 
highest levels of complexity, respectively.

  Table 5--Typical Approach to Certain Aspects/Dimensions of Compliance Costs Based on Level of Complexity for
                                         Types of Financial Institutions
----------------------------------------------------------------------------------------------------------------
                                       Typical approach by low    Typical approach by      Typical approach by
                                         complexity financial      medium complexity         high complexity
 Aspect/dimension of compliance costs    institutions (Type A    financial institutions   financial institutions
                                                 FIs)                 (Type B FIs)             (Type C FIs)
----------------------------------------------------------------------------------------------------------------
Data storage system used.............  Store data in Excel....  Use LOS and SBL DMS....  Use multiple LOS, FI's
                                                                                          central SoR, SBL DMS.
Degree of system integration.........  (None).................  Have forward             Have backward and
                                                                 integration (LOS to      forward integration.
                                                                 SBL DMS).
Degree of system automation..........  Highly manual process    Use manual edit checks.  Have high automation
                                        for entering and                                  (only verifying edits
                                        checking data.                                    manually).
Tools for geocoding..................  Use FFIEC tool (manual)  Use batch processing...  Use batch processing
                                                                                          with multiple sources.
Tools for completeness checks........  Conduct manual checks    Use LOS, which includes  Use multiple stages of
                                        and rely on CFPB         completeness checks.     checks.
                                        quality/validity
                                        checks.
Tools for edits......................  Use CFPB edits only....  Use CFPB and customized  Use CFPB and customized
                                                                 edits.                   edits run multiple
                                                                                          times.
Compliance program...................  Have a joint compliance  Have basic internal and  Have in-depth accuracy
                                        and audit office.        external accuracy        and fair lending
                                                                 audit.                   audit.
----------------------------------------------------------------------------------------------------------------
Note: LOS is ``Loan Origination System''; SoR is ``System of Record''; SBL DMS is ``Small Business Lending Data
  Management System.'' \927\

    During the rulemaking process for the 2015 HMDA final rule, the 
Bureau found that the number of loan applications received was largely 
correlated with overall complexity of financial institutions' 
compliance operations.\928\ The Bureau used this observation of 
financial institution practices under the previous HMDA rulemaking 
work, in addition to early outreach to financial institutions and data 
from Call Reports and publicly available data from the CDFI Fund, to 
generate assumptions about the annual number of small business lending 
applications for covered credit transactions processed by each type of 
financial institution. These assumptions adapt the volume assumptions 
from the mortgage lending context to address the fact that financial 
institutions typically process fewer small business credit applications 
than mortgage applications. The Bureau assumes that Type A FIs receive 
fewer than 300 applications per year, Type B FIs receive between 300 
and 2,000 applications per year, and Type C FIs receive more than 2,000 
applications per year. The Bureau assumes that, for Type A and B FIs, 
one out of two small business applications will result in an 
origination. Thus, the Bureau assumes that Type A FIs originate fewer 
than 150 covered credit transactions per year and Type B FIs originate 
between 150 and 999 covered credit transactions per year. The Bureau 
assumes that Type C FIs originate one out of three small business 
applications and at least 1,000 covered credit transactions per 
year.\929\ As described in the comment review below, these methodology 
assumptions were generally supported by the SBREFA process and comments 
on the NPRM.
---------------------------------------------------------------------------

    \927\ The Bureau expects the development of a market for small 
business data management systems, similar to HMDA management 
systems, that financial institutions will license or purchase from 
third parties.
    \928\ 80 FR 66128, 66270 (Oct. 28, 2015).
    \929\ The Bureau chose the 1:2 and 1:3 application to 
origination ratios based on two sources of information. First see 
Biz2Credit, Small Business Loan Approval Rates Rebounded in May 
2020: Biz2Credit Small Business Lending Index (May 2020), https://cdn.biz2credit.com/appfiles/biz2credit/pdf/report-may-2020.pdf, 
which shows that, in December of 2019, large banks approved small 
business loans at a rate of 27.5 percent, while small banks and 
credit unions had approval rates of 49.9 percent and 40.1 percent. 
Additionally, the Bureau's supervisory data supports a 33 percent 
approval rate as a conservative measure among these estimates for 
complex financial institutions (Type C FIs).
---------------------------------------------------------------------------

    The Bureau understands that costs vary by financial institution due 
to many factors, such as size, operational structure, and product 
complexity, and that this variance exists on a continuum that is 
impossible to fully represent. Due to data limitations, the Bureau is 
unable to capture many of the ways in which costs vary by institution, 
and therefore uses these representative financial institutions with the 
above assumptions for its analysis. In order to aggregate costs to a 
market level, the Bureau must map financial institutions onto its types 
using discrete volume categories.
    For the hiring costs discussion in part IX.F.3.i and ongoing costs 
discussion in part IX.F.3.ii below, the Bureau discusses costs in the 
context of representative institutions for ease of exposition. The 
Bureau assumes that a representative Type A FI receives 100 small 
business credit applications per year, a representative Type B FI 
receives 400 small business credit applications per year, and a 
representative Type C FI receives 6,000 small business credit 
applications per year. The Bureau further assumes that a representative 
Type A FI originates 50 covered credit transactions per year,\930\ a 
representative Type B FI originates 200 covered credit transactions per 
year, and a representative Type C FI originates 2,000 covered credit 
transactions per year.
---------------------------------------------------------------------------

    \930\ The Bureau discusses a representative Type A FI that will 
not be covered by the final rule to make the final estimates easier 
to compare with those in the NPRM and to highlight what the costs of 
the rule would have been for a financial institution that is not 
covered by the final rule.
---------------------------------------------------------------------------

1. Methodology for Estimating One-Time Costs of Implementation of the 
Final Rule
    The one-time cost estimation methodology for the final rule 
described in this section is the same methodology that the Bureau used 
in the NPRM unless otherwise noted. The primary differences are the 
addition of hiring costs, in response to comments, and changes in the 
wages to reflect the most recent data.
    The Bureau has identified the following nine categories of one-time 
costs that will likely be incurred by financial institutions to develop 
the infrastructure to collect and report data under the final rule:

1. Preparation/planning
2. Updating computer systems
3. Testing/validating systems
4. Developing forms/applications

[[Page 35498]]

5. Training staff and third parties (such as brokers)
6. Developing policies/procedures
7. Legal/compliance review
8. Post-implementation review of compliance policies and procedures
9. Hiring costs \931\
---------------------------------------------------------------------------

    \931\ The Bureau added this category after the NPRM and did not 
ask about it in the survey.

    Pre-NPRM outreach with financial institutions has informed the 
Bureau's understanding of one-time costs. Financial institutions will 
likely have to spend time and resources understanding the final rule, 
developing the required policies and procedures for their employees to 
follow, and engaging a legal team to review their draft policies and 
procedures. Additionally, financial institutions may require new 
equipment, such as new computer systems that can store and check the 
required data points; new or revised application forms or related 
materials to collect any data required under the final rule that they 
do not currently collect, including minority-owned, women-owned, and 
LGBTQI+-owned business statuses and the ethnicity, race, and sex of 
applicants' principal owners, and to provide any related disclosures 
required by the rule. Some financial institutions mentioned that they 
may store, check, and report data using third-party providers such as 
Fiserv, Jack Henry, LaserPro, or Fidelity Information Systems, while 
others may use more manual methods of data storage, checking, and 
reporting using software applications such as Microsoft Excel. 
Financial institutions will also engage in a one-time training of all 
small business lending staff to ensure that employees understand the 
new policies and procedures. After all new policies and procedures have 
been implemented and systems/equipment deployed, financial institutions 
will likely undertake a final internal review to ensure that all the 
requirements of the final rule have been satisfied.
    The Bureau presented one-time cost categories 1 through 8 in the 
SBREFA Outline and during the SBREFA process in 2020.\932\ The small 
entity representatives generally confirmed that these eight categories 
listed above accurately capture the components of one-time costs. Small 
entity representatives did not mention hiring costs during the SBREFA 
process. The Bureau added the hiring costs category after receiving 
comments in response to the NPRM.
---------------------------------------------------------------------------

    \932\ SBREFA Outline at 49-52.
---------------------------------------------------------------------------

    The Bureau also conducted a survey in 2020 regarding one-time 
implementation costs for section 1071 compliance targeted at financial 
institutions who extend small business credit.\933\ The Bureau 
developed the survey instrument based on guidance from industry on the 
potential types of one-time costs institutions might incur if required 
to report under a rule implementing section 1071 and tested the survey 
instrument on a small set of financial institutions, incorporating 
their feedback prior to implementation. The Bureau worked with several 
major industry trade associations to recruit their members to respond 
to the survey. A total of 105 financial institutions responded to the 
survey.
---------------------------------------------------------------------------

    \933\ The One-Time Cost Survey was released on July 22, 2020; 
the response period closed on October 16, 2020. The OMB control 
number for this collection is 3170-0032.
---------------------------------------------------------------------------

    Estimates from survey respondents form the basis of the Bureau's 
estimates for one-time costs in assessing the impact of this final 
rule. The survey was broadly designed to ask about the one-time costs 
of reporting data under a regime that only included mandatory data 
points, used a reporting structure similar to HMDA, used the Regulation 
B definition of an ``application,'' and used the respondent's own 
internal small business definition. The survey was divided into three 
sections: Respondent Information, One-Time Costs, and the Cost of 
Credit to Small Entities.
    In the Respondent Information section, the Bureau obtained basic 
information about the respondent, including information on the type of 
institution, its size, and its volume of small business lending. (The 
Bureau did not, however, obtain the actual name or other directly 
identifying information about respondents.) The One-Time Costs section 
of the survey measured the total hours, staff costs, and non-salary 
expenses associated with the different tasks comprising one-time costs. 
Using the reported costs of each task, the Bureau estimated the total 
one-time cost for each respondent. The Cost of Credit to Small Entities 
section dealt with the respondent's anticipated response to the 
increased compliance costs of being covered by a rule implementing 
section 1071 in order to understand the potential impacts of the rule 
on its small business lending activity, including any anticipated 
potential changes to underwriting standards, volume, prices, product 
mix, or market participation.
    To estimate one-time costs, the Bureau needs information on a 
financial institution's one-time costs by category and number of 
originations. Of the 105 total respondents, 49 answered these 
questions. The Bureau refers to these respondents as the ``cost 
estimation sample.'' Of these respondents, 42 (86 percent) self-
reported that they were a depository institution (bank, saving 
association, or credit union). The remaining seven (14 percent) were 
nondepository institutions. Table 6 presents the self-reported asset 
size of the 42 depository institution respondents in the cost 
estimation sample.\934\
---------------------------------------------------------------------------

    \934\ Nondepository institutions also reported assets. The 
Bureau separately reports asset category for depository institutions 
because asset sizes are not as comparable between depositories and 
nondepositories. The Bureau does not report asset sizes for 
nondepository respondents because there were too few respondents to 
report separately without risking re-identification of respondents.

    Table 6--Asset Sizes of Depository Institutions in One-Time Cost
                            Estimation Sample
------------------------------------------------------------------------
           Asset category                  Count       Percent of sample
------------------------------------------------------------------------
Less than $250 million..............               9               21.43
$250 million to $500 million........               9               21.43
$500 million to $1 billion..........               7               16.67
$1 billion to $10 billion...........               8               19.05
$10 billion to $500 billion.........               9               21.43
------------------------------------------------------------------------

    For the purposes of estimating one-time costs, the Bureau 
distinguishes between depository institutions and nondepository 
institutions. The majority of nondepository institutions are not 
currently subject to any similar data reporting requirements, with the 
notable exception of nondepository CDFIs. The Bureau anticipates that 
covered financial institutions that are not currently subject to data 
reporting requirements will need to make more changes to their existing 
business operations in order to comply with the requirements of the 
final rule. This

[[Page 35499]]

expectation is confirmed by the higher estimated one-time costs for 
nondepository institutions relative to depository institutions from the 
survey and discussed in part IX.F.3.i.
    The Bureau categorizes depository institution respondents in the 
cost estimation sample into four groups according to the respondents' 
self-reported total originations. The first group contains the two 
depository institutions that reported fewer than 25 originations; the 
Bureau assumes these institutions would not report under the final 
rule. The second group contains ten depository institutions that 
reported between 25 and 149 originations.\935\ The Bureau categorizes 
these as Type A DIs (that is, a DI that is a Type A FI as defined 
above.) The third group contains the 19 depository institutions that 
reported between 150 and 999 originations. The Bureau categorizes these 
as Type B DIs. The final group contains the 11 depository institutions 
that reported 1,000 or more originations. The Bureau categorizes these 
as Type C DIs.
---------------------------------------------------------------------------

    \935\ The Bureau acknowledges that it uses information collected 
from institutions that will not be covered by the final rule to 
estimate the costs of implementing the rule. The Bureau uses these 
observations to maintain a large enough sample size.
---------------------------------------------------------------------------

    There are not enough nondepository institutions in the cost 
estimation sample to separate nondepository institutions into Types A, 
B, and C and obtain meaningful estimates. Instead, the Bureau is 
relying on the assumption that nondepository institutions (referred to 
as Non-DIs for purposes of this analysis) will incur the same one-time 
costs regardless of the complexity of existing business operations, 
CDFI status, or coverage by State commercial financing laws.
    The Bureau estimated the one-time costs for each of the four 
categories of financial institutions (Type A DI, Type B DI, Type C DI, 
and Non-DI) using the following methodology.
    For each of the first eight categories of one-time costs, the 
Bureau asked financial institutions to estimate and report the total 
number of hours that junior, mid-level, and senior staff would spend on 
each task, along with any additional non-salary expenses. If a 
respondent did not provide estimates for any component (i.e., staff 
hours or non-salary expenses) of any category, it is not counted as 
part of the cost estimation sample. If a respondent provided estimates 
for some components but did not provide an estimate for a particular 
component (e.g., non-salary expenses for preparation/planning) then the 
Bureau assumed that the respondent estimated zero for that component.
    The Bureau asked survey respondents to report the average hourly 
wage for junior, mid-level, and senior/executive staff involved in the 
one-time cost categories. However, for the purposes of estimating one-
time costs, the Bureau assumes a constant wage across financial 
institutions for each level of staff. The Bureau has updated the wages 
for the final rule from the wages used in the NPRM. For junior staff, 
the Bureau uses $15.64, the 10th percentile hourly wage estimate for 
``loan officers'' according to the 2021 Occupational Employment 
Statistics compiled by the Bureau of Labor Statistics.\936\ For mid-
level staff, the Bureau uses $38.74, the estimated mean hourly wage 
estimate for ``loan officers.'' For senior staff, the Bureau used 
$66.50, the 90th percentile hourly wage estimate for ``loan officers.'' 
To account for non-monetary compensation, the Bureau also scaled these 
hourly wages up by 43 percent.\937\ The Bureau assumes a total hourly 
compensation of $22.37 for junior staff, as compared to $28.76, the 
mean of the junior wages reported by respondents to the survey. The 
Bureau assumes a total hourly compensation of $55.40 for mid-level 
staff, as compared to $48.94, the mean of the mid-level wages reported 
by respondents. The Bureau assumes a total hourly compensation of 
$95.10, as compared to $90.19, the mean of the senior/executive wages 
reported by respondents.
---------------------------------------------------------------------------

    \936\ See U.S. Bureau of Labor Stat., U.S. Dep't of Labor, 
Occupational Employment and Wage Statistics (May 2021), https://www.bls.gov/oes/current/oes132072.htm.
    \937\ The June 2022 Employer Costs for Employee Compensation 
from the Bureau of Labor Statistics documents that wages and 
salaries are, on average, about 70 percent of employee compensation 
for private industry workers. The Bureau inflates the hourly wage to 
account for 100 percent of employee compensation ((100/70)-1) * 100 
= 43 percent). See U.S. Bureau of Labor Stat., U.S. Dep't of Labor, 
Employer Costs for Employee Compensation (June 2022), https://www.bls.gov/news.release/archives/eci_07292022.pdf.
---------------------------------------------------------------------------

    For each respondent in the cost estimation sample, the Bureau 
calculates the cost of each one-time cost category as the sum of the 
junior wage multiplied by the reported junior hours, the mid-level wage 
multiplied by the reported mid-level hours, and the senior wage 
multiplied by the reported senior-level hours and the reported non-
salary expenses. The total cost of the first eight categories that the 
Bureau calculates for each respondent is the sum of the costs across 
all eight categories.
    After calculating the total costs of the first eight categories for 
each respondent, the Bureau identifies outliers within the four groups 
of financial institutions (Type A DI, Type B DI, Type C DI, and Non-DI) 
using the interquartile range method, a standard outlier identification 
method. For each group of financial institutions, an observation is 
considered an outlier if the estimated total cost is greater than 1.5 
*(P75 - P25) + P75 or less than 
P25-1.5 *(P75 - P25) where 
P75 and P25 are the 75th and 25th percentiles, 
respectively, of total costs within that group. Using this method, the 
Bureau identified one outlier in each Type A DI, Type B DI, and Type C 
DI group and no outliers in the Non-DI group.
    In addition to the total estimated one-time costs, the Bureau is 
interested in the hours, non-salary expenses, and total costs 
associated with each of the different one-time cost categories. For 
each group, the Bureau estimates each component of one-time costs by 
taking the mean of the estimated component within the group, after 
excluding outliers. For example, the estimated number of junior hours 
required by Type A DIs to update computer systems is the mean number of 
junior hours reported by the nine Type A DIs that were in the cost 
estimation sample, excluding one outlier. The Bureau estimated the cost 
associated with each category as the sum of the junior wage multiplied 
by the estimated junior hours, the mid-level wage multiplied by the 
estimated mid-level hours, and the senior-level wage multiplied by the 
estimated senior hours, and the estimated non-salary expenses.
    The Bureau did not include one-time hiring costs in the estimates 
for the NPRM. In response to comments, the Bureau estimates hiring 
costs for the final rule estimates. To estimate hiring costs, the 
Bureau assumes that, prior to implementing the final rule, current 
staff at a covered financial institution will not have extra capacity 
to take on new tasks. This assumption implies that each institution 
will need to hire at least one new employee. The Bureau anticipates 
that institutions will rearrange tasks across new and existing 
employees so that the new employees alone will not conduct all work 
associated with the final rule.
    The Bureau assumes that a covered financial institution will need 
to hire enough full-time equivalent workers (FTEs) to cover the 
estimated number of staff hours necessary to comply with the final rule 
on an annual, ongoing basis. In part IX.E.2 below, the Bureau describes 
how it estimates the ongoing costs to comply with the rule, including 
the number of hours of staff time an institution needs per application. 
The Bureau assumes that an FTE will work

[[Page 35500]]

about 2,080 hours each year (40 hours per week x 52 weeks = 2,080). The 
Bureau calculates that the total number of FTEs that a covered 
financial institution will need to hire as the number of hours per 
application multiplied by the estimated number of applications received 
per year divided by 2,080, rounded up to the next full FTE. For 
example, if an institution receives 500 applications per year and 
spends one hour on each application, it will need to hire one FTE ((1 * 
500)/2080 = 0.24, which is round up to the next full FTE, i.e., 1). In 
part IX.F.3.i, the Bureau also confirms that the estimated additional 
staff can cover the estimated staff hours required for implementing 
other one-time changes.
    The Bureau calculates the hiring costs using the estimated cost-
per-hire of $4,425, estimated by the Society for Human Resource 
Management.\938\ This estimated cost includes advertising fees, 
recruiter pay and benefits, and employee referrals, among other 
categories. For each covered financial institution, the estimated 
hiring cost is $4,425 multiplied by the estimated new FTEs. The 
estimated total one-time costs are the sum of the estimated hiring 
costs and the other one-time costs for that institution discussed 
above.
---------------------------------------------------------------------------

    \938\ See Soc'y for Hum. Res. Mgmt., SHRM Customized Talent 
Acquisition Benchmarking Report, at 11 (2017), https://www.shrm.org/ResourcesAndTools/business-solutions/Documents/Talent-Acquisition-Report-All-Industries-All-FTEs.pdf.
---------------------------------------------------------------------------

    Comments on the one-time cost methodology of the proposed 
rulemaking. In the NPRM, the Bureau sought comment on the methods used 
for estimating one-time costs of implementation. Many industry 
commenters provided information on the categories of costs that they 
expect to incur to develop the infrastructure to collect and report 
data under the proposed rule. In general, the costs these commenters 
discussed fall in the original eight one-time cost categories listed. 
Many of these commenters responded to the NPRM that they would incur 
costs associated with hiring new staff. The Bureau's one-time and 
ongoing cost methodologies account for the costs associated with paying 
staff to implement the final rule. The Bureau agrees, however, that the 
one-time cost methodology outlined in the NPRM could have more 
fulsomely accounted for the initial cost of hiring new staff to perform 
these tasks. As described above, the Bureau added hiring costs to one-
time cost estimates in response to these comments. Except for hiring 
costs, commenters did not provide any additional one-time cost 
categories.
    Two trade associations asserted that the Bureau's estimates of one-
time costs are too low because the estimates are based on insufficient 
data for nondepository lenders and, in particular, merchant cash 
advance providers. The Bureau acknowledges that the scarcity of data 
for nondepositories pose a challenge when estimating the costs, 
benefits, and impacts of the final rule. This is particularly true for 
nondepositories that are not currently subject to a data reporting 
regime. Through outreach efforts with nondepository institutions and 
trade associations, the SBREFA process, and the one-time cost survey, 
the Bureau obtained information about the costs for nondepositories of 
complying with the final rule. Throughout the section 1022 discussion 
in the proposed rule, the Bureau also solicited feedback about data and 
methodologies that would enable it to more precisely estimate the costs 
of the proposed. The Bureau has reviewed these comments, considered the 
information provided by the commenters, and adjusted the methodology as 
described above.
2. Methodology for Estimating Ongoing Costs of Implementation of the 
Final Rule
    The Bureau identified 15 specific data collection and reporting 
activities that would impose ongoing costs. Table 7 presents the full 
list of 15 activities. Activities 1 through 3 can broadly be described 
as data collection activities: these tasks are required to intake data 
and transfer it to the financial institution's small business data 
entry system. Activities 4 through 10 are related to reporting and 
resubmission: these tasks are required to collect required data, 
conduct internal checks, and report data consistent with the final 
rule. Activities 11 through 13 are related to compliance and internal 
audits: employee training, and internal and external auditing 
procedures required to ensure data consistency and reporting in 
compliance with the rule. Finally, activities 14 and 15 are related to 
small business lending examinations by regulators: these tasks will be 
undertaken to prepare for and assist during regulatory compliance 
examinations. For the sake of this analysis, the Bureau assumes that 
all covered financial institutions will be subject to regulatory 
compliance examinations and thus incur costs related to activities 14 
and 15.

 Table 7--1071 Data Collection and Reporting Activities Imposing Ongoing
                                  Costs
------------------------------------------------------------------------
           Number                              Activity
------------------------------------------------------------------------
1..........................  Transcribing data.
2..........................  Resolving reportability questions.
3..........................  Transferring to Data Entry System, Loan
                              Origination System, or other data storage
                              system.
4..........................  Geocoding data.
5..........................  Standard annual edit and internal checks.
6..........................  Researching questions.
7..........................  Resolving question responses.
8..........................  Checking post-submission edits.
9..........................  Filing post-submission documents.
10.........................  Small business data reporting/geocoding
                              software.
11.........................  Training.
12.........................  Internal audit.
13.........................  External audit.
14.........................  Exam preparation.
15.........................  Exam assistance.
------------------------------------------------------------------------

    Table 8 provides an example of how the Bureau calculates ongoing 
compliance costs associated with each compliance task. The table shows 
the calculation for each activity and notes whether the task would be a 
``variable

[[Page 35501]]

cost,'' which would depend on the number of applications the 
institution receives, or a ``fixed cost'' that does not depend on the 
number of applications. Table 8 shows these calculations for a Type A 
FI, or the institution with the least amount of complexity. Table 9 
below summarizes the activities whose calculation differs by 
institution complexity and shows the calculations for Type B FIs and 
Type C FIs (where they differ from those for a Type A FI).

      Table 8--Ongoing Compliance Cost Calculations for a Type A FI
------------------------------------------------------------------------
   Number         Activity            Calculation          Type \939\
------------------------------------------------------------------------
1..........  Transcribing data  Hourly compensation x   Variable.
                                 hours per app. x
                                 applications.
2..........  Resolving          Hourly compensation x   Variable.
              reportability      hours per app. with
              questions.         question x
                                 applications with
                                 questions.
3..........  Transfer to Data   Hourly compensation x   Variable.
              Entry System.      hours per app. x
                                 applications.
4..........  Complete           Hourly compensation x   Variable.
              geocoding data.    hours per app. x
                                 applications.
5..........  Standard annual    Hourly compensation x   Fixed.
              edit and           hours spent on edits
              internal checks.   and checks.
6..........  Researching        Hourly compensation x   Variable.
              questions.         hours per app. with
                                 question x
                                 applications with
                                 questions.
7..........  Resolving          Hourly compensation x   Variable.
              question           hours per app. with
              responses.         question x
                                 applications with
                                 questions.
8..........  Checking post-     Hourly compensation x   Variable.
              submission edits.  hours checking post-
                                 submission edits per
                                 application.
9..........  Filing post-       Hourly compensation x   Fixed.
              submission         hours filing post-
              documents.         submission docs.
10.........  Small business     Uses free geocoding     Fixed.
              data reporting/    software.
              geocoding
              software.
11.........  Training.........  Hourly compensation x   Fixed.
                                 hours of training per
                                 year x number of loan
                                 officers.
12.........  Internal audit...  No internal audit       Fixed.
                                 conducted by
                                 financial institution
                                 staff.
13.........  External audit...  One external audit per  Fixed.
                                 year.
14.........  Exam preparation.  Hourly compensation x   Fixed.
                                 hours spent on
                                 examination
                                 preparation.
15.........  Exam assistance..  Hourly compensation x   Fixed.
                                 hours spent on
                                 examination
                                 assistance.
------------------------------------------------------------------------

    Many of the activities in Table 8 require time spent by loan 
officers and other financial institution employees. To account for time 
costs, the calculation uses the hourly compensation of a loan officer 
multiplied by the amount of time required for the activity. The Bureau 
uses a mean hourly wage of $38.74 for loan officers, based on data from 
the Bureau of Labor Statistics.\940\ To account for non-monetary 
compensation, the Bureau scales this hourly wage by 43 percent to 
arrive at a total hourly compensation of $55.40 for use in these 
calculations.\941\ The Bureau uses assumptions from its 2015 HMDA final 
rule analysis, updated to reflect differences between mortgage lending 
and small business lending, to estimate time spent on ``ongoing 
tasks.'' \942\ As an example of a time calculation, the Bureau 
estimates that transcribing the required data points would require 
approximately 11 minutes per application for a Type A FI. The 
calculation multiplied the number of minutes by the number of 
applications and the hourly compensation to arrive at the total cost, 
on an annual basis, of transcribing data. As another example, the 
Bureau estimates that ongoing training for loan officers to comply with 
a financial institution's 1071 policies and procedures would take about 
two hours per loan officer per year. The cost calculation multiplies 
the number of hours by the number of loan officers and by the hourly 
compensation.
---------------------------------------------------------------------------

    \939\ In this table, the term ``variable'' means the compliance 
cost depends on the number of applications. The term ``fixed'' means 
the compliance cost does not depend on the number of applications 
(even if there are other factors upon which it may vary).
    \940\ These data reflect the mean hourly wage for ``loan 
officers'' according to the 2021 Occupational Employment Statistics 
compiled by the Bureau of Labor Statistics. See U.S. Bureau of Labor 
Stat., U.S. Dep't of Labor, Occupational Employment and Wages (May 
2021), https://www.bls.gov/oes/current/oes132072.htm.
    \941\ The June 2022 Employer Costs for Employee Compensation 
from the Bureau of Labor Statistics documents that wages and 
salaries are, on average, about 70 percent of employee compensation 
for private industry workers. The Bureau inflates the hourly wage to 
account for 100 percent of employee compensation ((100/70)-1) * 100 
= 43 percent). U.S. Bureau of Labor Stat., U.S. Dep't of Labor, 
Employer Costs for Employee Compensation (June 2022), https://www.bls.gov/news.release/archives/eci_07292022.pdf.
    \942\ Home Mortgage Disclosure (Regulation C), 80 FR 66128 (Oct. 
28, 2015). Some differences, for example, are reflected in the 
number of applications, the number of data points per application, 
and the number of loan officers for the representative institutions.
---------------------------------------------------------------------------

    To arrive at the amount of time required per application for each 
of the 15 tasks covered financial institutions would conduct to 
collect, check, and report 1071 data, the Bureau begins with the 
assumptions made for each task for the 35 data points under the 2015 
HMDA final rule and then adjusts these required times relative to the 
number of data points required under the final rule. The final rule 
requires covered financial institutions to collect 20 data points for 
each covered application. Several of these data points have multiple 
components. For example, the credit type data point has three 
subcomponents: the product type, the type of guarantee, and the term. 
The data points for pricing information and the ethnicity, race, and 
sex of principal owners also have multiple subcomponents.
    Some activity costs in Table 8 depend on the number of 
applications. It is important to differentiate between these variable 
costs and fixed costs because the type of cost impacts whether and to 
what extent covered institutions might be expected to pass on their 
costs to small business loan applicants in the form of higher interest 
rates or fees (discussed in more detail in part IX.F.4 below). Data 
collection, reporting, and submission activities such as geocoding 
data, standard annual edits and internal checks, researching questions, 
and resolving question responses are variable costs. All other 
activities are fixed cost because they do not depend on the overall 
number of applications being processed. An example of a fixed cost 
calculation is exam preparation, where the hourly compensation is 
multiplied by the number of total hours required by loan officers to 
prepare for 1071-related compliance examinations.
    Table 9 shows where and how the Bureau assumes Type B FIs and Type 
C FIs differ from Type A FIs in its ongoing cost methodology. Type B 
FIs and Type C FIs use more automated procedures, which result in 
different cost calculations. For example, for Type B FIs and Type C 
FIs, transferring data to the data entry system and geocoding 
applications are done automatically by business application data 
management software licensed annually by the financial institution. The 
relevant address is submitted for geocoding via batch processing, 
rather than done manually for each application. The additional ongoing 
geocoding costs reflect the time spent by loan officers on ``problem'' 
applications--that is, a percentage of overall applications that the 
geocoding software misses--rather than time spent on all applications. 
However, Type B FIs and Type C FIs have the additional ongoing cost of 
a

[[Page 35502]]

subscription to a geocoding software or service as well as a data 
management software that represents an annual fixed cost of reporting 
1071 data. This is an additional ongoing cost that less complex Type A 
FIs (that are covered financial institutions) will not incur. The 
Bureau expects that Type A FIs will use free geocoding software 
available from the FFIEC or the Bureau, which may include a new batch 
function that could be developed by either the FFIEC or the Bureau.
    Additionally, audit procedures differ between the three 
representative institution types. The Bureau expects a Type A FI would 
not conduct an internal audit but would pay for an annual external 
audit. A Type B FI would be expected to conduct a simple internal audit 
for data checks and also pay for an external audit on an annual basis. 
Type C FIs would have a sophisticated internal audit process in lieu of 
an external audit.

  Table 9--Differences in Ongoing Cost Calculations for Type B FIs and
                      Type C FIs Versus Type A FIs
------------------------------------------------------------------------
                                   Difference for a    Difference for a
   Number          Activity            Type B FI           Type C FI
------------------------------------------------------------------------
3...........  Transfer to Data    No employee time    No employee time
               Entry System.       cost.               cost.
                                   Automatically       Automatically
                                   transferred by      transferred by
                                   data management     data management
                                   software            software
                                   purchased/          purchased/
                                   licensed.           licensed.
4...........  Complete geocoding  Cost of time per    Few applications
               data.               application         that require
                                   unable to be        manual attention.
                                   geocoded by         Completed by
                                   software.           third-party
                                                       software vendor.
10..........  Small business      Uses geocoding      Uses geocoding
               data reporting/     software and/or     software and/or
               geocoding           data management     data management
               software.           software that       software that
                                   requires annual     requires annual
                                   subscription.       subscription.
12..........  Internal Audit....  Hourly              Hourly
                                   compensation x      compensation x
                                   hours spent on      hours spent on
                                   internal audit.     internal audit.
13..........  External Audit....  Yearly fixed        Only an extensive
                                   expense on          internal audit
                                   external audit.     and no expenses
                                                       on external
                                                       audits.
------------------------------------------------------------------------

    Table 10 below shows major assumptions that the Bureau makes for 
each activity for each type of financial institution. Table 10 provides 
the total number of hours the Bureau assumes are required for each task 
that requires labor.\943\ For example, the Bureau assumes that 
transcribing data for 100 applications will require 19 hours of labor. 
The table also shows the assumed fixed cost of software and audits, as 
well as areas where the Bureau assumes there will be cost savings due 
to technology. In several cases, the activity does not apply to 
financial institutions of a certain type, and are therefore not 
displayed.
---------------------------------------------------------------------------

    \943\ Compared to the assumptions in the Bureau's proposal, this 
table includes additional time assumptions due to the collection of 
the business's LGBTQI+-owned status.
    \944\ The representative Type A, Type B, and Type C FIs are 
assumed to receive, respectively, 100, 400 and 6,000 applications.

         Table 10--Major Assumptions for the Representative Type A FIs, Type B FIs, and Type C FIs \944\
----------------------------------------------------------------------------------------------------------------
     Number              Activity                Type A FI               Type B FI               Type C FI
----------------------------------------------------------------------------------------------------------------
1...............  Transcribing data.....  19 hours total........  38 hours total........  571 hours total.
2...............  Resolving               11 hours total........  23 hours total........  34 hours total.
                   reportability
                   questions.
3...............  Transfer to 1071 data   19 hours total........  N/A...................  N/A.
                   management software.
4...............  Complete geocoding      7 hours total;          10 hours total (0.5     N/A.
                   data.                   reduction in time       hours per ``problem''
                                           cost relative to HMDA   loan x 5% of loans
                                           for software with       that are ``problem'').
                                           batch processing.
5...............  Standard annual edit    18 hours total;         357 hours total;        741 hours total;
                   and internal checks.    reduction for online    reduction for online    reduction for online
                                           submission platform.    submission platform.    submission platform.
6...............  Researching questions.  6 hours total.........  11 hours total........  17 hours total.
7...............  Resolving question      1 hour total..........  1 hour total..........  1 hour total.
                   responses.
8...............  Checking post-          1 hour total..........  5 hours total.........  18 hours total.
                   submission edits.
9...............  Filing post-submission  <1 hour total.........  <1 hour total.........  <1 hour total.
                   documents.
10..............  1071 data management    N/A...................  $8,000................  $13,271.
                   system/geocoding
                   software.
11..............  Training..............  24 hours total........  120 hours total.......  800 hours total.
12..............  Internal audit........  N/A...................  8 hours total.........  2,304 hours total.
13..............  External audit........  $3,500................  $5,000................  N/A.
14..............  Exam preparation......  <1 hour total.........  80 hours total........  480 hours total.
15..............  Exam assistance.......  2 hours total.........  12 hours total........  80 hours total.
----------------------------------------------------------------------------------------------------------------

    Comments on the ongoing cost methodology of the proposed 
rulemaking. In the NPRM, the Bureau sought comment on the Bureau's 
proposed methods to estimate the ongoing costs of the small business 
lending rule. Many industry commenters described categories of ongoing 
costs that fell within the categories of ongoing cost activities set 
forth in the NPRM. Commenters, for example, described needing to 
transcribe data from the application, train employees, conduct external 
audits, or prepare for exams. Given the volume of comments affirming 
these existing categories, the Bureau has retained those existing 
categories of ongoing cost activities.
    Some commenters suggested other categories of ongoing costs not 
considered by the Bureau in the NPRM. A credit union and a trade 
association suggested that more time was needed per application to 
explain to customers the new collection requirements; a bank said more 
time was needed to explain the requirements to collect ethnicity, race, 
and sex information. The Bureau believes that its one-time costs 
categories of ``developing forms and applications'' and ``developing 
policies and procedures'' already account for these types of costs and 
any remaining ongoing cost of explaining collection requirements will 
be minimal. The commenters also did not provide specific estimates for 
these categories of ongoing costs.
    A joint trade association letter described how the rule has the 
potential to create a new ongoing cost of retaining

[[Page 35503]]

the records. These comments focused on the information technology 
infrastructure associated with the retention of records. The Bureau 
believes that these costs are best described as one-time costs and are 
captured in the ``updating computer systems'' category of its one-time 
costs estimation. The Bureau thus has not included these as additional 
categories of ongoing costs.
    Comments on one-time and ongoing cost estimates based on levels of 
financial institution complexity. The Bureau received several comments 
related to its approach to defining complexity and using complexity 
categories in its one-time and ongoing cost estimation. Several smaller 
banks and credit unions explained that many of their processes related 
to collecting, checking, and reporting data to the Bureau under the 
proposed rule would largely be manual. The Bureau believes that its 
Type A institution category already takes into account the various 
manual processes described by these commenters and decided against 
adding additional categories of complexity.
3. Methodology for Generating Market-Level Estimates of One-Time and 
Ongoing Costs
    To generate market-level cost estimates, the Bureau relies on the 
estimates of the volume of small business lending originations 
described in part IX.D above. As with institutional coverage, the 
Bureau separates market-level cost estimates into estimates for 
depository institutions and for nondepository institutions. The 
methodology described below for the final rule is the same methodology 
that the Bureau used in the NPRM.
    For depository institutions, the Bureau estimates which 
institutions of those that existed at the end of 2019 would likely be 
covered or not covered by the final rule. For this analysis, the Bureau 
uses 2019 to represent the first year of coverage. An institution would 
be required to report data on applications received in 2019 if it 
originated at least 100 covered originations in each of the preceding 
two years (i.e., 2017 and 2018). If two depository institutions merged 
between the end of 2017 and the end of 2019, the Bureau assumes that 
those institutions would report as one entity. The Bureau then 
categorizes each institution as a Type A DI, Type B DI, or Type C DI 
based on its originations in 2019. Depository institutions with 0 to 
149 covered originations in 2019 are categorized as Type A. Depository 
institutions with 150 to 999 covered originations are categorized as 
Type B. Depository institutions with 1,000 or more covered originations 
are categorized as Type C. For each depository institution, the Bureau 
assigns the appropriate estimated one-time cost (including hiring cost 
as a function of estimated applications), ongoing fixed cost, ongoing 
variable cost per application, and applications per origination 
estimates associated with its institution type. The estimated number of 
annual applications for each institution is the estimated number of 
originations multiplied by the assumed number of applications per 
origination for that institution type. The annual ongoing cost for each 
institution is the ongoing fixed cost plus the ongoing variable cost 
per application multiplied by the estimated number of applications. The 
one-time hiring cost for each institution is the estimated number of 
applications multiplied by the annual staff hours per application 
divided by 2,080, rounded up to the next full FTE, multiplied by the 
cost-per-hire.
    To generate market-level estimates, the Bureau first calculates the 
estimated one-time costs, including hiring costs, and annual ongoing 
costs for each depository institution covered by the rule based on the 
estimated number of originations for that institution in 2019. The 
Bureau then sums these costs over the covered depository institutions 
to find market-level statistics of total costs. As with coverage 
estimates, the Bureau presents a range for market-level estimates. The 
range reflects the uncertainty associated with the estimate of costs 
for banks and savings associations below the CRA reporting threshold. 
The Bureau has documented how it calculates these ranges in its 
Supplemental estimation methodology for institutional coverage and 
market-level cost estimates in the small business lending 
rulemaking.\945\
---------------------------------------------------------------------------

    \945\ See https://www.consumerfinance.gov/data-research/research-reports/supplemental-estimation-methodology-institutional-coverage-market-level-cost-estimates-small-business-lending-rulemaking/.
---------------------------------------------------------------------------

    The Bureau is unaware of institution-level data on originations by 
nondepository institutions that are comprehensive enough to estimate 
costs using the same method as that for depository institutions. 
Therefore, to generate market-level estimates for nondepository 
institutions, the Bureau relies on the estimates discussed above and 
several key assumptions. The Bureau assumes that online lenders and 
merchant cash advance providers are Type C FIs because they generally 
have more automated systems and originate more loans. The Bureau 
assumes that the remaining nondepository institutions are Type B FIs. 
The Bureau assumes that each nondepository receives the same number of 
applications as the representative institution for each type, as 
described above. Hence, the Bureau assumes that online lenders and 
merchant cash advance providers each receive 6,000 applications per 
year and all other nondepository institutions receive 400 applications 
per year. As explained above, the Bureau also assumes that all 
nondepository institutions have the same one-time costs.

F. Potential Benefits and Costs to Covered Financial Institutions and 
Small Businesses

    The benefits of the final rule to covered financial institutions 
and small businesses described in this section are largely the same as 
the benefits discussed in the NPRM. The discussions have been updated 
to reflect policy differences between the NPRM and final rule.
1. Benefits to Small Businesses
    The final rule will benefit small businesses by collecting data 
that further the two statutory purposes of section 1071. Those purposes 
are to facilitate the enforcement of fair lending laws and enable 
communities, governmental entities, and creditors to identify business 
and community development needs and opportunities of women-owned, 
minority-owned, and small businesses. Some of the benefits to small 
businesses discussed below stem from the public release of the data 
collected under the rule. As discussed in more detail in part VIII.B.1, 
the Bureau intends to exercise its discretion under ECOA section 
704B(e)(4) to delete or modify data collected under section 1071 which 
are or will be available to the public where it determines that such 
deletion or modification appropriately protects privacy interests. The 
discussion below considers the benefits of releasing unmodified data, 
but the Bureau acknowledges that the benefits derived from public 
disclosure may be lower if modifications or deletions are made.
    Data collected and reported under the final rule will be the 
largest and most comprehensive dataset in the United States on credit 
availability for small businesses. These data will provide important 
insight into lending patterns in the small business lending market. 
Visibility into those patterns should provide important benefits for 
facilitating fair lending enforcement and enabling identification of 
community development needs and opportunities.

[[Page 35504]]

    The data could lead to a more efficient use of government resources 
in enforcing fair lending laws through more efficient prioritization of 
fair lending examinations and investigations. The public nature of the 
dataset will allow for members of the public to review the dataset 
(subject to modification and deletion decisions by the Bureau) for 
possible violations of antidiscrimination statutes. The increased 
transparency will benefit women-owned, minority-owned, and LGBTQI+-
owned small businesses directly, in the form of remediation in the 
event that lenders ultimately are found to have violated fair lending 
laws, and indirectly, with increased access to credit resulting from 
the increased transparency as to the lending practices of financial 
institutions.
    Important to the fair lending benefit of the small business lending 
dataset is the action taken data point. Existing datasets that collect 
transaction-level data only contain data on originated small business 
loans. Application-level data, including the action taken data point, 
will allow users to construct approval or denial rates, for example, 
for particular financial institutions. Such analyses could indicate 
whether, for example, women-owned, minority-owned, or LGBTQI+-owned 
small businesses are being discouraged or denied credit at higher rates 
than other small businesses, which would warrant further exploration.
    Also important are several data fields on the pricing of covered 
credit transactions that are originated or approved but not accepted. 
Data users will be able to examine, for example, whether women-owned, 
minority-owned, or LGBTQI+-owned small businesses are charged higher 
interest rates, or face higher origination charges or initial annual 
charges than similarly situated businesses that are not women-owned, 
minority-owned, or LGBTQI+-owned. The final rule also requires 
information on prepayment penalties, which can be an important aspect 
of the total costs of credit for small business owners.\946\ Users will 
be able to examine whether women-owned, minority-owned, or LGBTQI+-
owned small businesses are more likely to face prepayment penalties on 
extended credit.
---------------------------------------------------------------------------

    \946\ California, for example, to include prepayment policies as 
a required component of pricing disclosures in commercial financing 
(see Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235).
---------------------------------------------------------------------------

    Several data points included in the final rule will contribute to 
more accurate fair lending analyses by allowing users to compare credit 
products with similar characteristics. For example, differences in the 
risk of extending credit likely lead to differences in approval rates 
and prices for covered credit transactions based on credit amount 
applied for and approved, all three aspects of credit type (type of 
credit product, types of guarantees, and loan term), and credit 
purpose. Many creditors also consider characteristics about the small 
business, such as industry, gross annual revenue, or time in business, 
during their underwriting or pricing processes. Supply and demand for 
small business credit also varies over time and by location, so the 
inclusion of census tract, application date, and action taken date 
could lead to more accurate analyses. More accurate screening for fair 
lending risk will, for example, reduce the false positive rate observed 
during fair lending prioritization and increase the efficiency of fair 
lending reviews.
    Communities may use these data to identify gaps in access to credit 
for small businesses. Identifying those gaps can fuel community 
development, in partnership with creditors and governmental entities 
through the development of targeted lending programs, loan funds, small 
business incubators, and other community-driven initiatives to support 
small businesses.
    Creditors will likely use the data to understand small business 
lending market conditions more effectively and at a more granular level 
than is possible with existing data sources, such as Call Reports, data 
from public lending programs, or privately purchased data. Data 
collected under the final rule, combined with the institution's 
existing information on the small business lending market, can help 
creditors identify potentially profitable opportunities to extend 
credit. For example, creditors will be able to use census tract 
information to find areas of high credit demand into which they could 
consider expanding and other business opportunities for the creditor.
    Governmental entities will likely use the data to develop solutions 
that achieve policy objectives. For example, loan guarantees provided 
by the SBA's 7(a) and 504 programs are designed to increase the 
availability of business credit for businesses that otherwise have 
difficulty accessing credit. Governmental entities will be able to use 
the comprehensive data on applications for covered credit transactions 
collected under the final rule to identify additional opportunities to 
create new--or tailor existing--programs to advance their small 
business lending policy objectives. Additionally, the data could help 
facilitate emergency governmental interventions such as disaster 
relief.
    The data collected under the final rule will be the most extensive 
data on credit access for women-owned, minority-owned, and LGBTQI+-
owned small businesses, and such information will help various data 
users in understanding the needs and opportunities of such businesses. 
For example, governmental entities often create programs, such as those 
that reserve government contracts or those that provide grants, that 
specifically target women-owned and minority-owned businesses. 
Governmental entities could use data collected under the final rule to 
alter existing programs or create new ones to meet the needs of these 
business owners. Private lenders could also use the data to find 
untapped markets of credit demand from women-owned, minority-owned, and 
LGBTQI+-owned small businesses.
    As one of the premier data sources on the small business credit 
market, data collected under the final rule will also facilitate 
rigorous research by academics and advocates. HMDA data, which are 
similar in many ways to the data that will be collected under the final 
rule, have been analyzed in many scholarly publications. The data 
collected under section 1071 will provide public- and private-sector 
academics and other researchers a clearer window into potential 
discrimination in the small business credit market, as well as a better 
understanding of small business credit market trends and dynamics. As 
in the case of HMDA, data collected under the final rule will be more 
broadly used to understand how business owners make borrowing 
decisions, respond to higher prices, and respond to risk.\947\
---------------------------------------------------------------------------

    \947\ For examples of how HMDA data has facilitated research on 
the mortgage market, see, e.g., CFPB, Data Point: Asian American and 
Pacific Islanders in the Mortgage Market (July 2021), https://files.consumerfinance.gov/f/documents/cfpb_aapi-mortgage-market_report_2021-07.pdf; CFPB, Manufactured Housing Finance: New 
Insights from the Home Mortgage Disclosure Act Data (May 2021), 
https://files.consumerfinance.gov/f/documents/cfpb_manufactured-housing-finance-new-insights-hmda_report_2021-05.pdf; Neil Bhutta & 
Benjamin J. Keys, Moral Hazard during the Housing Boom: Evidence 
from Private Mortgage Insurance, 35(2) Review of Fin. Studies 
(2021), https://academic.oup.com/rfs/advance-article/doi/10.1093/rfs/hhab060/6279755; Sumit Agarwal et al., The Effectiveness of 
Mandatory Mortgage Counseling: Can One Dissuade Borrowers from 
Choosing Risky Mortgages? (Nat'l Bureau of Econ. Research, Working 
Paper No. 19920, 2014), https://www.nber.org/system/files/working_papers/w19920/w19920.pdf; Alexei Alexandrov & Sergei 
Koulayev, No Shopping in the U.S. Mortgage Market: Direct and 
Strategic Effects of Providing Information (CFPB, Off. of Research 
Working Paper No. 2017-01, 2018), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2948491.

---------------------------------------------------------------------------

[[Page 35505]]

    The final rule's data points will provide the above benefits in 
several ways. For example, the action taken and pricing information 
data points will allow various entities to monitor the tightness of the 
small business credit market and identify areas where there are high 
denial rates for small business credit or where it is provided only at 
high cost, especially to women-owned, minority-owned, or LGBTQI+-owned 
small businesses. Conversely, the data may also be used to identify 
areas of business opportunity for creditors or help assess the 
characteristics of successful business lending. Data on census tract, 
NAICS code, gross annual revenue, and number of workers will provide 
insight into the availability of small business credit by geography, 
industry, and business size. Credit type and credit purpose will 
provide more information on how women-owned, minority-owned, and 
LGBTQI+-owned small businesses use credit and whether their use differs 
from that of other small businesses. Time in business information will 
allow data users to understand the credit needs of young small 
businesses, and specifically young women-owned, minority-owned, and 
LGBTQI+-owned small businesses. Recent research has shown that women-
owned and minority-owned businesses face different financing challenges 
early in the business lifecycle than other firms, primarily driven by 
less access to external financing.\948\
---------------------------------------------------------------------------

    \948\ See, e.g., JPMorgan Chase & Co. Inst., Small business 
ownership and liquid wealth (Mar. 2021), https://www.jpmorganchase.com/institute/research/small-business/small-business-ownership-and-liquid-wealth-report.
---------------------------------------------------------------------------

    As creditors, communities, and governmental entities use these data 
to identify business opportunities, gaps in existing supports and 
capital access for small businesses, and more targeted policy 
interventions to support small businesses, small businesses will 
benefit from increased access to credit. Small businesses will also 
benefit from credit offerings more closely tailored to their needs as 
the data are used by creditors and others to develop more targeted 
credit products.
    As described above, the Bureau believes that setting a threshold 
for coverage at 100 originated loans in each of the preceding two 
calendar years provides substantial coverage of the small business 
credit market. While the Bureau could theoretically have collected even 
more data pursuant to the final rule if it retained the 25-loan 
threshold proposed in the NPRM, the Bureau is not adopting this 
threshold in order to ensure that financial institutions with the 
lowest volume of small business lending experience no pressure to 
reduce their small business lending activity in order to avoid the 
fixed costs of coming into compliance with this final rule. While some 
commenters expressed concern that institutions with a low volume of 
small business lending might reduce their lending in order to stay 
under the threshold, the Bureau cannot quantify this risk, particularly 
given the paucity of data on small business lending.
    Comments on the Bureau's estimation of the benefits to small 
businesses. The Bureau sought comment on its analysis of potential 
benefits to small businesses as set forth in the NPRM. Many community 
groups and several business owners agreed that the rule would support 
fair lending. A small business, a CDFI lender, and some community 
groups said collecting data will improve visibility and understanding 
of small businesses, particularly those that are minority- and women-
owned. The CDFI lender and a joint letter from community groups, 
community oriented lenders, and business advocacy groups stated that 
the data from this rule could be used to identify which products and 
business models best meet the needs of underserved entrepreneurs. One 
commenter pointed to agricultural products as a particular sector that 
would benefit from increased transparency afforded by the rule, 
particularly regarding the status of minority- and women-owned small 
businesses. Two community groups and a business advocacy group pointed 
to how data collected on ethnicity and race under HMDA preceded an 
increase in lending to minority borrowers, suggesting that a similar 
pattern may emerge in the small business lending market after the rule 
goes into effect. Similarly, a few commenters pointed to how data from 
the Paycheck Protection Program and studies and surveys surrounding the 
program allowed researchers, regulators, financial institutions, and 
others to identify disparate lending patterns on the basis of ethnicity 
and race.
    An individual commenter said collecting the data will help improve 
the collective understanding of small business lending and its 
interaction with regulations, and noted that other countries, such as 
Norway, already collect small business lending data on a Federal level. 
An individual commenter and two community groups suggested that the 
data could reveal patterns of disparities that are already well-known 
through lived experiences within their respective communities, 
particularly Black communities and farming and agricultural 
communities. A joint letter from community and business advocacy groups 
pointed to how disaggregation of those identified as Asian has revealed 
wide variances in income and lending patterns within these diverse 
communities in the mortgage lending market, suggesting similar 
disaggregation of race data in the final rule would improve the 
understanding of these diverse communities in the small business 
lending market.
    A few commenters noted potential positive spillover effects of the 
rule. One community group noted positive interaction effects between 
fair lending to small businesses and fair housing, as more people might 
purchase housing close to where local businesses flourish. An 
individual and a joint letter from community and business advocacy 
groups noted that investing in small businesses, particularly in 
historically underfunded neighborhoods, could provide pathways to 
economic opportunities for members of marginalized groups and even 
alleviate wealth gaps based on ethnicity and race. Another commenter 
similarly noted that the growth of small businesses could reduce 
unemployment, housing insecurity, and poverty in the surrounding 
community.
    Finally, a few minority small business owners predicted that they 
would benefit if the rule improved fair lending. These commenters 
identified the disadvantages minority-owned small businesses face when 
fair lending is not enforced, including business closure. One of these 
commenters, along with some community groups, pointed to studies that 
suggested fair access to credit, such as loan modifications, during the 
pandemic could have prevented the closure of minority-owned firms, 
added millions in revenue to the U.S. economy, and created millions of 
jobs.
    A number of commenters described ways in which the final rule would 
provide benefits consistent with the statutory purposes of section 
1071, including the establishment of a comprehensive dataset of small 
business lending, and the collection of detailed data points that will 
allow for more accurate analyses of underwriting and pricing patterns. 
These data, in turn, will permit for better understanding of the supply 
and demand of credit, and financial institutions' treatment of small 
business applicants and borrowers, including those that are owned by 
women and minorities. Commenters corroborated other benefits identified 
by the Bureau, such as positive spillover effects to fair housing and 
the local

[[Page 35506]]

economy surrounding small businesses. Data from the final rule will 
help researchers (including, but not limited to, those in the 
government, private sector, and academia) observe and quantify these 
benefits, just as researchers have used data from HMDA and the Paycheck 
Protection Program to identify areas of potential fair lending risk.
    On the other hand, many financial institutions and trade 
associations disagreed with the Bureau's assessment of potential 
benefits to small businesses. First, several commenters asserted there 
would be minimal or even no benefit. One bank said there would be no 
benefit at all. Two banks said there will be ``minimal'' benefit to 
their clients, to their communities, and to themselves.
    Second, other commenters asserted the Bureau overestimated 
benefits. One bank said the usefulness of standardized data is undercut 
by the fact that small business lending by small lenders is highly 
specialized. Two trade associations specified this could be problematic 
because standardized data ``could result in small business borrowers 
appearing to be similarly situated, when, in fact, the unique 
attributes of each borrower would result in different loan pricing by 
the bank.''
    Third, several commenters asserted any benefits would be outweighed 
by costs, i.e., that there would be little benefit relative to costs. 
Other comments asserted the Bureau failed to adequately consider the 
potential benefits and costs to ``consumers'' and ``covered persons'' 
as required by section 1022(b)(2)(A) of the Dodd-Frank Act. While some 
of these arguments are discussed in detail in following sections 
regarding costs, we present some of the arguments here as well. Two 
community banks and a trade association said costs would outweigh 
benefits for community banks and small lenders in particular. Another 
trade association stated data points adopted pursuant to ECOA section 
704B(e)(2)(H) in particular will only provide ``minimal'' benefits 
compared to the cost of collecting the data. Along a similar line of 
reasoning, three trade associations said the rule would harm the 
institutions that the rule is designed to benefit. Of these, two 
asserted that the small, women-owned, and minority-owned businesses the 
rule is designed to benefit in particular would be harmed.
    As detailed above, the Bureau believes that the final rule will 
have benefits consistent with its two statutory purposes. The data 
collected under the final rule will be the most extensive data on 
credit access for women-owned, minority-owned, and LGBTQI+-owned small 
businesses, and such information will facilitate the enforcement of 
fair lending laws and help identify business and community development 
needs.
    With respect to comments that asserted the Bureau overestimated the 
benefits of the rule, the Bureau acknowledges in part IX.C the 
difficulty of precisely estimating the benefits of the data collection 
but also details how it estimates the benefits to small businesses 
using the best information available. With respect to commenters who 
described how data collected under the final rule would not have all 
relevant information about a credit application, the Bureau 
acknowledges this limitation in part IX.C above, but also describes, in 
part IX.F, how the data will provide significant benefits consistent 
with the statutory purposes of the rule despite these limitations.
    With respect to comments that the costs would outweigh any benefits 
or that the Bureau did not adequately fulfill the requirements of 
section 1022(b)(2)(A) of the Dodd-Frank Act, in part IX.E, the Bureau 
details its methodology for estimating benefits and costs and, in part 
IX.F, details its estimates of benefits and costs, incorporating 
feedback from comments on the proposed rule. In doing so the Bureau 
fulfills its requirement to consider the potential benefits and costs 
to ``consumers'' and ``covered persons'' as required by section 
1022(b)(2)(A) of the Dodd-Frank Act.
2. Benefits to Covered Financial Institutions
    The final rule will provide some benefits to some covered financial 
institutions--i.e., the financial institutions that will be required to 
collect and report 1071 data on small business applications for credit. 
The first is some reduction of the compliance burden of fair lending 
reviews for lower risk financial institutions, by reducing the ``false 
positive'' rates during fair lending review prioritization by 
regulators. Currently, financial institutions are subject to fair 
lending reviews by regulators to ensure that they are complying with 
ECOA in their small business lending. Data reported under the rule will 
allow regulators to prioritize fair lending reviews of financial 
institutions with higher risk of fair lending violations, which reduces 
the burden on institutions with lower fair lending risk. Covered 
financial institutions will also be able to use the data to monitor, 
identify, and address their own fair lending risks and thereby reduce 
the potential liability from enforcement actions and adverse exam 
findings requiring remedial action.
    The rule's data collection will also provide an unprecedented 
window into the small business lending market, and such transparency 
may benefit financial institutions. Comprehensive information on small 
business credit applications and originations are currently 
unavailable. The data made public pursuant to this rule will allow 
financial institutions to better understand the demand for small 
business credit products and the conditions under which they are being 
supplied by other covered financial institutions.
    Comments on the Bureau's estimation of the benefits to covered 
financial institutions. The Bureau sought comment on its analysis of 
potential benefits to covered financial institutions as set forth in 
the NPRM. A broad range of commenters, including lenders, community 
groups, small business owners, business advocacy groups, and others, 
asserted that the final rule will provide an unprecedented window into 
the small business lending market and thereby facilitate fair lending 
enforcement.
    However, several industry commenters suggested that the Bureau 
overstated the benefits of the data collection to financial 
institutions. To reiterate some of the comments in the previous 
section, a trade association stated that they do not believe the 
Bureau's rule to implement section 1071 would provide ``any significant 
benefit'' to financial institutions. Two banks said there will be 
``minimal'' benefit to their clients, to their communities, and to 
themselves. Another trade association noted that lenders are likely 
already highly aware of the market in which they lend, especially 
considering that small business loans often require a relatively high 
degree of customization. Several industry commenters said the 
usefulness of standardized data is undercut by the fact that small 
business lending by small lenders is highly specialized to accommodate 
the highly individualized nature of each business.
    The Bureau describes in detail above the potential benefits to 
financial institutions. The Bureau acknowledges that many lenders may 
have a high awareness of the local markets in which they lend but 
believes that the data will still shed light on additional information 
about areas where lenders do not currently operate and may also shed 
light on currently underserved markets within the areas lenders 
currently operate. Comprehensive, application-level data on small 
business lending will provide financial

[[Page 35507]]

institutions better understand their local markets as well as 
information about markets which they do not currently serve.
3. Costs to Covered Financial Institutions
i. One-Time Costs to Covered Financial Institutions
    Using the methodology described in part IX.E.1 above, Table 11 
shows the estimated total expected one-time costs of the final rule for 
the first eight cost categories for financial institutions covered by 
the final rule as well as a breakdown by the eight component categories 
that comprise the one-time costs for Type A DIs, Type B DIs, Type C 
DIs, and Non-DIs.\949\ The final cost category, hiring costs, is 
discussed later in this section. The Bureau notes that the estimated 
costs presented in Table 11 differ slightly from the estimated costs 
presented in the NPRM. This difference comes only from the update in 
wages between the two calculations due to a release of new data.
---------------------------------------------------------------------------

    \949\ The estimated one-time costs by cost category for each FI 
type is the sum of the wages multiplied by the estimated staff hours 
plus the non-salary expenses. For example, the Bureau expects that 
for preparation and planning for the final rule, on average, a Type 
A DI will pay senior staff $95.10 x 38 hours (= $3,613.80), mid-
level staff $55.40 x 43 hours (= $2,382.20), and junior staff $22.37 
x 21 hours (= $469.77). The total estimated cost is $6,465.77, 
rounded to $6,500, because Type A DI is not expected to pay non-
salary expenses for preparation and planning.
---------------------------------------------------------------------------

    Table 12 shows the estimated number of junior, mid-level, and 
senior staff hours and non-salary expenses for each component activity 
for Type A DIs. Tables 13 through 15 show the same estimates for Type B 
DIs, Type C DIs and Non-DIs respectively. As discussed above, the 
Bureau estimates all one-time costs to covered financial institutions 
using the One-Time Cost Survey results.

                         Table 11--Estimated One-Time Costs by Cost Category and FI Type
----------------------------------------------------------------------------------------------------------------
                    Category                         Type A DI       Type B DI       Type C DI        Non-DI
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................          $6,500          $7,400         $20,500         $13,900
Updating computer systems.......................          17,000          17,400           6,900          57,300
Testing/validating systems......................          11,100           3,200          11,400           7,600
Developing forms/applications...................           4,300           3,200           4,600           4,400
Training staff and third parties................           3,500           3,900           5,300           3,100
Developing policies/procedures..................           4,200           2,500           3,600           4,300
Legal/compliance review.........................           7,700           3,000           7,300           3,900
Post-implementation review......................           5,000           4,300          18,000           1,700
                                                 ---------------------------------------------------------------
    Total.......................................          59,400          44,800          77,800          96,400
----------------------------------------------------------------------------------------------------------------


             Table 12--Estimated Staff Hours and Non-Salary Expenses by Cost Category for Type A DIs
----------------------------------------------------------------------------------------------------------------
                                                                     Mid-level                      Non-salary
                    Category                       Senior hours        hours       Junior hours      expenses
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................              38              43              21               0
Updating computer systems.......................              34              52              41         $10,000
Testing/validating systems......................              18              52              41           5,600
Developing forms/applications...................              14              34              51               0
Training staff and third parties................              18              26              16               0
Developing policies/procedures..................              24              30              11               0
Legal/compliance review.........................              28              26              15           3,300
Post-implementation review......................              26              38              19               0
                                                 ---------------------------------------------------------------
    Total.......................................             200             301             215          18,900
----------------------------------------------------------------------------------------------------------------


             Table 13--Estimated Staff Hours and Non-Salary Expenses by Cost Category for Type B DIs
----------------------------------------------------------------------------------------------------------------
                                                                     Mid-level                      Non-salary
                    Category                       Senior hours        hours       Junior hours      expenses
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................              50              35              21            $200
Updating computer systems.......................              25              20              12          13,600
Testing/validating systems......................              18              19              12             100
Developing forms/applications...................              21              14               7             200
Training staff and third parties................              23              29              20             400
Developing policies/procedures..................              16              13               7             100
Legal/compliance review.........................              14              16               5             700
Post-implementation review......................              15              22              27           1,100
                                                 ---------------------------------------------------------------
    Total.......................................             182             168             111          16,400
----------------------------------------------------------------------------------------------------------------


             Table 14--Estimated Staff Hours and Non-Salary Expenses by Cost Category for Type C DIs
----------------------------------------------------------------------------------------------------------------
                                                                     Mid-level                      Non-salary
                    Category                       Senior hours        hours       Junior hours      expenses
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................              92             190              37            $500
Updating computer systems.......................               6              46              35           3,000

[[Page 35508]]

 
Testing/validating systems......................              34             110              50           1,000
Developing forms/applications...................              13              46              34             100
Training staff and third parties................              11              61              36             100
Developing policies/procedures..................              14              30              14             300
Legal/compliance review.........................               9              56              44           2,300
Post-implementation review......................               3             246             103           1,800
                                                 ---------------------------------------------------------------
    Total.......................................             182             785             353           9,100
----------------------------------------------------------------------------------------------------------------


              Table 15--Estimated Staff Hours and Non-Salary Expenses by Cost Category for Non-DIs
----------------------------------------------------------------------------------------------------------------
                                                                     Mid-level                      Non-salary
                    Category                       Senior hours        hours       Junior hours      expenses
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................              38              47              29          $7,100
Updating computer systems.......................              27             147              39          45,700
Testing/validating systems......................              26              24              39           2,900
Developing forms/applications...................              30              15              19             300
Training staff and third parties................              14              18              17             400
Developing policies/procedures..................              32              15              14             200
Legal/compliance review.........................              26              18              11             200
Post-implementation review......................              16               2               1             100
                                                 ---------------------------------------------------------------
    Total.......................................             209             286             169          56,900
----------------------------------------------------------------------------------------------------------------

    The Bureau estimates that updating computer systems will be the 
biggest driver of one-time costs for Type A DIs, Type B DIs, and Non-
DIs. Type A DIs and Type B DIs are expected to spend similar amounts on 
updating computer systems, but Type A DIs would rely somewhat more on 
staff.
    The Bureau expects that Non-DIs will have the highest one-time 
costs and the highest costs to update computer systems. To update 
computer systems, Non-DIs will rely on mid-level staff and third-party 
vendors. Non-DIs will also spend relatively more on preparation and 
planning than Type A DIs or Type B DIs. These estimates are consistent 
with the expectation that Non-DIs will incur higher costs because they 
are less likely to already report data to regulators.
    The Bureau estimates that the biggest drivers of one-time costs for 
Type C DIs will be preparation and planning and post-implementation 
review. These depository institutions will generally rely on mid-level 
staff to implement the required one-time changes and, in particular, 
will rely on mid-level staff for these two key activities. The Bureau 
estimates that Type C DIs will spend the most of all financial 
institution types on staff hours to implement one-time changes and the 
least on non-salary expenses.
    The Bureau estimates that one-time costs will be higher for Type A 
DIs than for Type B DIs. These two types of depository institutions 
have similar estimated costs for most activities, but Type A DIs are 
expected to spend more on testing/validating systems and legal/
compliance review.
    In addition to these one-time costs, the Bureau estimates the one-
time hiring costs for the additional FTEs a financial institution 
expects to hire based on the number of applications the institution 
expects to receive each year. In the ongoing cost discussion in part 
IX.F.3.ii below, the Bureau explains how it estimates the number of 
staff hours per application required to comply with the final rule on 
an ongoing basis. The Bureau estimates that a Type A FI requires 1.1 
hours per application, a Type B FI requires 1.6 hours per application, 
and a Type C FI requires 0.83 hours per application.
    For the purposes of exposition, the Bureau presents the estimated 
number of FTEs for representative financial institutions. For the 
market-level estimates, the Bureau estimates the number of staff hours 
required based on the estimated number of applications each depository 
institution receives.
    The representative Type A FI receives 100 applications annually, 
requiring 110 hours to comply with the final rule.\950\ Under the 
assumptions described in part IX.E.1 above, the representative Type A 
FI will need to hire one additional FTE at a one-time cost of $4,425 to 
cover the expected annual staff hours required to comply with the rule 
on an ongoing basis. This additional staff will also be able to cover 
the staff hours required to implement one-time changes because, on 
average, a Type A DI will require 716 staff hours for one-time changes 
(see Table 12). The Bureau estimates that the representative Type A DI 
will incur total one-time costs of $63,825 to implement the final rule.
---------------------------------------------------------------------------

    \950\ The Bureau discusses a representative Type A FI that will 
not be covered by the final rule to make the final estimates easier 
to compare with those in the NPRM and to highlight what the costs of 
the rule would have been for a financial institution that is not 
covered by the final rule.
---------------------------------------------------------------------------

    The representative Type B FI receives 400 applications annually, 
requiring 654 hours to comply with the final rule. This FI will need to 
hire one additional FTE at a one-time cost of $4,425. This additional 
staff will also be able to cover the 461 staff hours, on average, 
required to implement one-time changes for a Type B DI. The Bureau 
estimates that the representative Type B DI will incur total one-time 
costs of $49,225 to implement the final rule.
    The representative Type C FI receives 6,000 applications annually, 
requiring 5,009 hours to comply with the final rule. This FI will need 
to hire 3 additional FTE at a one-time cost of $13,275. This additional 
staff will also be able to cover the 1,320 staff hours, on average, 
required to implement one-time changes for a Type C DI. The Bureau 
estimates that the representative Type C DI will incur total one-time 
costs of $91,075 to implement the final rule.

[[Page 35509]]

    The Bureau assumes that most nondepository institutions are 
primarily Type B and Type C FIs, so the estimated staff hours to cover 
ongoing tasks discussed above apply here. For one-time tasks, the 
Bureau estimates that a nondepository institution will require about 
664 staff hours, on average, to implement one-time changes. One 
additional FTE would be sufficient to cover these hours if the 
institution reallocates some tasks across staff. The Bureau estimates 
that the representative Non-DI will incur total one-time costs of 
$100,825 to implement the final rule.
    As mentioned above, the Bureau realizes that one-time costs vary by 
institution due to many factors, and that this variance exists on a 
continuum that is impossible to fully represent. The Bureau focuses on 
representative types of financial institutions in order to generate 
practical and meaningful estimates of costs. As a result, the Bureau 
expects that individual financial institutions will have slightly 
different one-time costs than the average estimates presented here.
    The One-Time Cost Survey instructed respondents to assume that 
covered institutions would be required to report data at the 
application level on small business financing that constitutes 
``credit'' for purposes of ECOA for the 13 statutorily mandated data 
points one time per year, and be responsible for validating the 
accuracy of all data. Respondents were further instructed to use their 
own institution's internal definition of small business, assume the 
Regulation B definition of an application, and assume a reporting 
structure similar to that under HMDA. Finally, respondents were 
instructed to not include any costs associated with creating a firewall 
(that is, shielding applicants' protected demographic information from 
certain employees). As such, respondents estimated one-time costs 
assuming that the final rule would be different in some ways from what 
the Bureau described as the requirements in the survey. One small 
entity representative provided feedback during the SBREFA Panel that it 
was hard to estimate one-time costs in the survey without knowing all 
the details of the rule. The Bureau sought comment on the one-time 
costs associated with the additional data points it proposed but did 
not receive any information on which to base estimates. The Bureau 
expects that accounting for the additional data points would only 
increase the one-time cost estimates by a small amount because most of 
the one-time costs come from a financial institution moving from not 
reporting 1071 data to being required to report such data.
    The Bureau estimates that the overall market impact of one-time 
costs for depository institutions will be between $147,000,000 and 
$159,000,000.\951\ These estimates include between $47,700,000 and 
$49,700,000 that depository institutions are estimated to spend on 
hiring additional staff.\952\ Using a 7 percent discount rate and a 
five-year amortization window, the annualized one-time costs for 
depository institutions will be $35,700,000 to $38,600,000. The Bureau 
estimates that the overall market impact of one-time costs for 
nondepository institutions will be $59,800,000. This estimate includes 
the $3,630,000 that nondepository institutions are estimated to spend 
on hiring additional staff. Using a 7 percent discount rate and a five-
year amortization window, the annualized one-time costs for 
nondepository institutions will be $15,500,000. As a frame of reference 
for these market-level one-time cost estimates, the estimated total 
non-interest expenses from the FFIEC and NCUA Call Reports for 
depository institutions that the Bureau estimates would be covered 
under the proposed rule was between $407 billion and $410 billion in 
2019.\953\ The upper bound estimate of total one-time costs is 
approximately 0.04 percent of the total annual non-interest expenses.
---------------------------------------------------------------------------

    \951\ The Bureau notes that the variation in this range comes 
primarily from the uncertainty in the number of originations made by 
small banks and savings associations. The range does not fully 
account for the uncertainty associated with estimates of the one-
time costs for each type of institution.
    \952\ The Bureau notes that the estimated hiring costs for the 
largest depository institutions may be an upper bound on the 
eventual realized costs and may be inflating the total hiring costs 
for depository institutions. The Bureau's methodology for estimating 
hiring costs implies that financial institutions with the most 
applications will need to hire several hundred employees to comply 
with the final rule. However, the Bureau anticipates that the 
largest institutions will likely save on these costs by automating 
some processes instead of hiring staff.
    \953\ The Bureau estimates this number by summing non-interest 
expenses over DIs that it estimates will be covered by the final 
rule.
---------------------------------------------------------------------------

    The Bureau estimated that the overall market impact of one-time 
costs from the NPRM would have been between $218,000,000 and 
$229,000,000 for depository institutions and $94,400,000 for 
nondepository institutions. The estimated market impacts for the final 
rule are lower than the estimated impacts from the NPRM because, based 
on changes made to the thresholds for the coverage of financial 
institutions in the final rule, the Bureau estimates that fewer 
financial institutions will be covered by the final rule. The estimates 
are also different because in the estimates for the final rule, the 
Bureau updated wages and included hiring costs.
    Comments on the one-time cost estimates of the proposed rulemaking. 
In the NPRM, the Bureau sought comment on its analysis of one-time 
costs. A few industry commenters expressed the difficulty in estimating 
these costs. Several other industry comments provided an overall 
estimate of what they believed the overall one-time costs would be for 
their institution. These estimates ranged from slightly less than to 
considerably higher than the Bureau's estimates from the NPRM. For 
example, a bank with about 300 small business originations per year (a 
Type B DI in the Bureau's framework) estimated that the one-time 
implementation costs would be about $36,000. Another bank commenter 
estimated that it would cost well over $100,000 to implement changes.
    A few industry commenters provided estimates of the costs 
associated with the individual cost categories used by the Bureau to 
estimate one-time costs. A few commenters provided estimates of the 
costs associated with updating computer systems in terms of staff hours 
or software (non-salary) expenses. For example, a State bankers 
association conveyed an estimate by a member of $5,000 for 1071 data 
submission software. A credit union commented that it anticipates 
initial costs of up to $100,000 to reconfigure or replace current 
reporting systems. A few other commenters provided estimates for other 
categories. For example, one credit union that originates about 150 
small business loans per year estimated that staff would require 200 
hours of training to prepare for the rule. A bank commented that it 
would require 30 to 80 hours to develop policies and procedures.
    The Bureau has reviewed these estimates and considered the 
information reported by the commenters, together with the existing 
evidence provided in the one-time cost survey. The Bureau reiterates 
that the costs of implementing the rule are all institution-specific. 
As discussed above, the one-time cost estimates should be considered 
the average expected costs for an institution based on the complexity 
of the institution's operations. In addition, the Bureau expects that 
financial institutions will use a variety of methods to prepare for the 
rule. Some institutions will update systems using staff, while other 
institutions will purchase updates from third-party vendors. For 
example, one institution might use 50 staff hours to

[[Page 35510]]

update computer systems and another institution might pay $10,000 for 
an updated system. In this case, the Bureau would estimate that, on 
average, an institution would use 25 staff hours and $5,000 to update 
computer systems. For another example, a group of trade associations 
estimated, based on a survey of their members, that it would cost about 
$40,000 on average for small institutions to update commercial loan 
software. However, they also estimate that only a third of small 
institutions would need to update the software. This implies that the 
average cost associated with updating computer systems, including 
financial institutions that spend $0, is about $13,000, much closer to 
the Bureau's non-salary costs of updating computer systems for Type A 
DIs of $10,000. Overall, the trade association presented estimates only 
moderately higher than the Bureau's, after accounting for DIs that do 
not need to update computer systems. The Bureau considers most 
estimates provided by commenters as broadly consistent with the 
Bureau's one-time cost estimates.
    A few industry commenters asserted that the firewall would be very 
costly to implement. However, the Bureau believes that, based on 
comments made on the firewall provision, it would not be feasible for 
many financial institutions to implement the firewall. In that case, 
the financial institution would be permitted to determine that one or 
more employees or officers should have access to protected demographic 
information and provide a notice to applicants informing them that 
employees and officers involved in making determinations regarding 
their applications may have access to protected demographic 
information. As a result, the Bureau has not changed its one-time cost 
estimates based on the cost of implementing the firewall.
    Many industry commenters specifically stated that the Bureau 
underestimated one-time costs. Most of these commenters considered the 
training costs as too low and a few others thought that the technology 
costs were too low. Some commenters stated that staff would require 
multiple follow up training sessions to prepare for implementing the 
rule. However, none of the commenters provided specific information on 
how much training or technology would cost. The Bureau has not changed 
the training or technology cost estimates, preferring to rely on the 
evidence provided through the One-Time Cost Survey.
    Many industry commenters expressed concern about being unable to 
implement the necessary one-time changes in the proposed 18-month 
implementation time. Several commenters noted the trial and error 
nature of implementing a new regulation and that this process could 
take a long time. Several other industry commenters said that third-
party software providers would require significant time to develop new 
technology to comply with the proposed rule and financial institutions 
would still need to test the technology, conduct due diligence, and 
develop policies and procedures. A few others commented that small 
financial institutions, and particularly those unfamiliar with Federal 
reporting regimes like HMDA, would find it more difficult to implement 
one-time changes in time to comply with the proposed 18-month timeline. 
On the one-time costs survey, the Bureau did not ask about the time to 
make changes to prepare to comply with the eventual rule, nor did it 
specify an assumed time-frame. The Bureau interprets the survey 
responses as realistic estimates conditional on having enough time to 
implement changes. The comments received suggest that most financial 
institutions, particularly those that receive relatively fewer small 
business credit applications, would not have had enough time to 
implement changes in the proposed 18 months. The Bureau expects that 
the adoption of tiered compliance dates in the final rule, giving most 
lenders 24 or 33 months to comply with the rule, will give most 
financial institutions enough time to implement one-time changes in a 
manner consistent with the Bureau's estimates.
    Several industry commenters asserted that the cost of complying 
with the proposed rule for small entities would be relatively higher 
than for larger entities. For example, a trade association commented 
that smaller banks will not be able to exploit the economies of scale 
necessary to mitigate costs. The Bureau has tried to account for some 
of these differences by estimating the costs for the different 
representative types of institutions. The Bureau in its final rule 
increased the reporting activity threshold from the proposed 25 covered 
originations in each of the two preceding calendar years to 100 covered 
originations in each of the two preceding calendar years. The Bureau 
estimates that many small financial institutions will no longer be 
required to report 1071 data because of this change in the coverage of 
financial institutions in the final rule.
ii. Ongoing Costs to Covered Financial Institutions
    Using the methodology described in part IX.E.2 above, Table 16 
shows the total expected annual ongoing costs of the final rule as well 
as a breakdown by the component 15 activities that comprise the ongoing 
costs for Type A FIs, Type B FIs, and Type C FIs. The bottom of the 
table shows the total estimated annual section 1071 ongoing compliance 
cost for each type of institution, along with the total cost per 
application the financial institution processes. To produce the 
estimates in Table 16, the Bureau used the calculations described in 
Tables 8 and 9 above and the assumptions for each activity in Table 10. 
In the following analysis, the Bureau provides examples of these cost 
calculations for the largest drivers of ongoing costs.
    Compared to the NPRM, these estimated ongoing costs account for 
several changes. The first is a change in the assumed compensation for 
an hour of employee time, which was discussed in IX.E.2. The second is 
the inclusion of an additional data point, the LGBTQI+-owned indicator. 
Lastly, the new estimates account for an increased estimate of ongoing 
training costs in response to comments received, which is discussed in 
more detail in the comment review below. Besides these changes, the 
methodology for estimating ongoing costs remains the same as with 
respect to the proposed rule, unless explicitly stated otherwise.

                        Table 16--Estimated Ongoing Costs per Compliance Task and FI Type
----------------------------------------------------------------------------------------------------------------
              Number                          Activity               Type A FI       Type B FI       Type C FI
----------------------------------------------------------------------------------------------------------------
1.................................  Transcribing data...........           1,108           2,110          31,657
2.................................  Resolving reportability                  222             443             665
                                     questions.
3.................................  Transfer to 1071 data                  1,108               0               0
                                     management software.
4.................................  Complete geocoding data.....             139             554             300
5.................................  Standard annual edit and                 510          11,126          27,972
                                     internal checks.
6.................................  Researching questions.......             275             551             826

[[Page 35511]]

 
7.................................  Resolving question responses               0               0               0
8.................................  Checking post-submission                   7              26             105
                                     edits.
9.................................  Filing post-submission                    14              14              14
                                     documents.
10................................  1071 data management                       0           8,000          13,650
                                     software/geocoding software.
11................................  Training....................           1,336           6,681          44,542
12................................  Internal audit..............               0             443         127,642
13................................  External audit..............           3,500           5,000               0
14................................  Exam preparation............              14           4,432          26,592
15................................  Exam assistance.............             116             698           4,654
                                                                 -----------------------------------------------
                                       Total....................          $8,349         $40,079        $278,618
                                       Per application..........             $83            $100             $46
----------------------------------------------------------------------------------------------------------------

    The Bureau estimates that a representative low complexity 
institution (i.e., a Type A FI) would incur around $8,349 in total 
annual ongoing costs, or about $83 in total cost per application 
processed (assuming a representative 100 applications per year). For 
financial institutions of this type, the largest driver of ongoing 
costs is the fixed cost of the external audit, $3,500. Besides the 
audit cost, the largest drivers of the ongoing costs are activities 
that require employee time to complete. Activities like transcribing 
data, transferring data to the data management software, standard edits 
and internal checks, and training all require loan officer time. The 
Bureau expects training (activity number 11) to cost approximately 
$1,336 annually for six representative loan officers and an equivalent 
number of other staff to engage in two hours of training. The Bureau 
expects other time-dependent activities to cost around $1,000 each. For 
example, the Bureau assumes that Type A FIs will spend around 19 hours 
transferring data to 1071 data management software (activity number 3) 
based on estimates of the required time to transfer data to HMDA data 
management software. At the assumed hourly compensation, our estimate 
is around $1,108 for the Type A FI institutions to transfer data. An 
assumption of around 18 total hours to conduct standard annual editing 
checks (activity number 5) with some savings assumed due to an online 
submission platform that automatically checks for errors, results in an 
estimated annual ongoing cost of $510.
    The Bureau estimates that a representative middle complexity 
institution (i.e., a Type B FI), which is somewhat automated, would 
incur approximately $40,079 in additional ongoing costs per year, or 
around $100 per application (assuming a representative 400 applications 
per year). The largest components of this ongoing cost are the expenses 
of the small business application management software and geocoding 
software (activity number 10) in the form of an annual software 
subscription fee, and the external audit of the data (activity number 
13). Using interviews of financial institutions conducted to determine 
compliance costs with HMDA, the Bureau found mid-range HMDA data 
management systems to be approximately $8,000 in annual costs; the 
Bureau believes that cost would be comparable in the small business 
lending context and thus applies that estimate here. This analysis 
assumes that the subscription purchase would be separate from HMDA 
management systems, but the development of a software to jointly manage 
HMDA and small business lending-related data would likely result in 
cost savings for both products. The Bureau also estimates that a Type B 
FI would spend around $5,000 on external audits of their small business 
loan application data. The Type B FI incurs employee time-related fixed 
costs conducting internal checks ($11,126), training ($6,681), and 
prepping for examinations ($4,432) but saves time and expense on data 
entry and geocoding by using data management software. As an example, 
the Bureau expects Type B FIs to have two full-time employees spend 40 
hours each to prepare for an examination (activity number 14) resulting 
in a cost of $4,432, and have employees spend around 12 hours assisting 
with an examination (activity number 15) costing $698 annually.
    The Bureau estimates a representative high complexity institution 
(i.e., a Type C FI), would incur $278,618 of annual ongoing costs, or 
$46 per application (assuming a representative 6,000 applications per 
year). The largest driver of costs for a Type C FI is the employee time 
required to conduct an internal audit. The assumed 2,304 hours of 
employee time results in nearly $127,642 of ongoing costs annually. 
Exam preparation, training, and standard annual and internal checks 
would be expected to cost $26,592, $44,542, and $26,592 each year, 
respectively. The Bureau also assumes that a Type C institution would 
need a subscription to a small business data management software near 
the upper bound of the range found in interviews with financial 
institutions during the 2015 HMDA rulemaking, of $13,650.
    The Bureau estimates that the total annual ongoing costs for 
depository institutions will be between about $297,000,000 and 
$313,000,000 per year, about $190,000,000 to $199,000,000 of which will 
be annual variable costs. The Bureau estimates that the total annual 
ongoing costs for nondepository institutions would be about 
$48,700,000, about $9,900,000 of which would be annual variable costs.
    The Bureau estimated that the total annual ongoing costs from the 
NPRM would have been between $310,000,000 and $330,000,000 for 
depository institutions and $62,300,000 for nondepository institutions. 
The estimated total ongoing costs decreased between the proposal and 
the final rule because the Bureau raised the financial institution 
coverage threshold from 25 to 100 covered originations in each of the 
two preceding calendar years. However, the cost estimates per 
institution increased because the Bureau, taking into account comments 
received on the proposed rule, raised the ongoing costs per application 
by changing training costs. These changes almost offset each other 
because, while the final rule covers about 2,200 fewer institutions 
relative to the proposal due to the change in the financial institution 
coverage threshold, these institutions that are no longer covered had 
the fewest number of applications, and ongoing costs are commensurate 
with the number of applications.
    To understand the impacts of these cost estimates on the profits of

[[Page 35512]]

depository institutions, the Bureau estimates the average total net 
income across all products per small business origination for all DIs 
by type.\954\ There is no comprehensive published source of data on 
profits earned on small business credit transactions. The Bureau 
presents estimates of total net income per origination as an indication 
of a financial institution's ability to cover the additional expenses 
associated with the final rule. The Bureau relies on its estimates of 
originations for each depository institution, described in part IX.D. 
and its Supplemental estimation methodology for institutional coverage 
and market-level cost estimates in the small business lending 
rulemaking. The Bureau estimates that banks and savings associations of 
Type A that will be covered by the final rule have an average net 
income per origination between $134,000 and $167,000. Credit unions of 
Type A that will be covered by the final rule have an average net 
income per origination of $144,000. Assuming two applications per 
origination, a covered bank or savings association of Type A has a net 
income per application of approximately $67,000 to $83,000 and a 
covered credit union of the same type has a net income per application 
of about $72,000. The Bureau estimates that covered banks and savings 
associations of Type B have an average net income per origination 
between $65,000 and $75,000 or a net income per application between 
$33,000 and $38,000. The Bureau estimates that covered credit unions of 
Type B have an average net income per origination of $229,000 or an 
average net income per application of $115,000. The Bureau estimates 
that covered banks and savings associations of Type C have a net income 
per origination between $252,000 and $278,000, or, assuming three 
applications per origination, a net income per application between 
$84,000 and $93,000. The Bureau estimates that covered credit unions of 
Type C have an average net income per origination of $8,000, and 
average net income per application of about $4,000. The Bureau notes 
that these estimates are slightly higher than reported in the proposal 
due to the higher financial institution coverage threshold in the final 
rule.
---------------------------------------------------------------------------

    \954\ There are no broadly available data on profit per 
application for nondepository institutions. The Bureau uses the 
FFIEC Bank and NCUA Credit Union Call Report data from December 31, 
2019, accessed on June 25, 2021. The Bureau uses the same internal 
estimates of small business loan originations as discussed in part 
VI.B above and total net income across all products. For estimates 
of net income per origination and per application, the Bureau uses 
only net income per origination for depository institutions with 
over 25 originations in 2019.
---------------------------------------------------------------------------

    With the publicly disclosed data, users would be able to assess 
fair lending risks at the institution and market level, furthering 
section 1071's fair lending purpose. Several commenters to the Bureau's 
2017 request for information expressed concerns, however, about costs 
related to these analyses.\955\ During the SBREFA process, some small 
entity representatives were concerned that published 1071 data could be 
used against financial institutions in class action litigation or to 
harm their public reputations.\956\ Depending on the extent of publicly 
disclosed data, the Bureau expects that some financial institutions 
could incur ongoing costs responding to reports of disparities in their 
small business lending practices. Some financial institutions could 
also experience reputational risks associated with high profile reports 
of existing disparities where more complete analysis of its business 
practices would conclude that the disparities do not support a finding 
of discrimination on a prohibited basis. In anticipation of needing to 
respond to outside analysis and potential reputational risks, it is 
possible that some financial institutions may choose to change their 
product offerings available to small businesses, underwriting or 
pricing practices, or overall participation in the small business 
lending market. Several commenters expressed similar concerns that fair 
lending analyses on incomplete data could lead to false positives 
(i.e., determinations of fair lending violations where none have 
occurred), that false positives could lead to reputational risk, and 
that lenders could change their lending behavior to avoid the potential 
for false positives. These costs associated with reputational risks are 
difficult to quantify, and commenters on the proposed rule did not 
provide any specific estimates of these costs.
---------------------------------------------------------------------------

    \955\ 82 FR 22318 (May 15, 2017).
    \956\ For example, one small entity representative was concerned 
that published 1071 data could lead to increased litigation and thus 
a higher cost of credit for small businesses. Another expressed 
concern that pricing information could be misinterpreted by users of 
1071 data (for example, according to the small entity 
representative, higher pricing for one race might be used to infer 
discrimination when the pricing was in fact unrelated to the race of 
the applicant). Such a misinterpretation may cause reputational 
damage and consequently decrease applications.
---------------------------------------------------------------------------

    The Bureau also received feedback that financial institutions could 
face potential costs with the publication of a public dataset under the 
final rule either because potential clients would be concerned about 
their data being collected or because of the additional competitive 
pressure brought by a publicly available dataset. The costs associated 
with customer privacy, reputational risk to financial institutions, and 
additional competitive pressure for financial institutions are 
difficult to quantify, and commenters on the proposed rule did not 
provide any specific estimates of these costs.
    Comments on the ongoing cost estimates of the proposed rulemaking. 
Several industry commenters provided estimates of what they believed 
the overall ongoing costs would be for their institution. These 
estimates ranged from estimates that were quite similar to the Bureau's 
estimate for institutions of similar small business credit volume to 
estimates that were considerably higher than the Bureau's estimates. 
For example, a group of trade associations estimated that institutions 
under $500 million in assets, that on average originate 276 small 
business loans annually, would incur $145 per origination in ongoing 
cost. The Bureau's estimate in the proposal, for institutions of a 
similar size was $178 per origination ($89 per application). At the 
high end, a lender suggested over $1,000 per origination. The Bureau 
has reviewed these estimates and considered the information provided by 
the commenters.
    The most voluminous category of comments was with respect to future 
staffing needs in response to the proposed rule. While not specific to 
any individual category of ongoing cost activity, a number of banks, 
credit unions, and Farm Credit System lenders, and several trade 
associations, described the need to hire additional staff to perform 
several of the ongoing cost activities that require staff time. Many 
provided estimates of the additional FTEs that the institution would 
have to hire to comply with the proposed rule. These estimates ranged 
from one additional FTE to up to 10 additional FTEs. A survey of 
community banks by a national trade association found that 88 percent 
of respondents would need to hire an additional FTE and, on average, 
institutions would have to hire 2-3 FTEs. Several commenters asserted 
that the hiring of additional staff alone showed that the Bureau's 
ongoing cost estimates in the proposal were inadequate.
    In the ongoing cost estimates of the Bureau's proposal, the Bureau 
calculated the number of hours required to be spent on section 1071-
related tasks, without distinguishing between existing or newly-hired 
staff. The Bureau assumes that the time spent on

[[Page 35513]]

section 1071-related tasks necessarily takes time away from otherwise 
profitable activity to which the hours would be put in the rule's 
absence. Since the Bureau is accounting for time spent in this way, the 
Bureau believes that its estimates account for the additional staff 
activity required to be spent to collect, check, and report data under 
the final rule. For this reason, the Bureau did not change any staffing 
time estimates, with the below exceptions.
    However, hiring additional FTEs would lead some institutions to 
incur one-time costs of hiring, including search and administrative 
burden, that they would not have incurred in the absence of the final 
rule. The Bureau categorizes this type of cost as a one-time cost, 
where the institution staffs up to be able to comply with the final 
rule. The Bureau is therefore incorporating the fixed cost of hiring 
new staff in the manner described in part IX.E.1.
    Several commenters also suggested that the specific ongoing costs 
for training staff were too low in the proposal. As described in the 
proposal, the Bureau received similar comments during the SBREFA 
process, but wished to learn additional information through comments on 
the proposed rule to better estimate the cost of training. Several 
institutions provided specific annual costs of training employees or 
estimates of the overall employee time. Others more generally described 
the need to train more staff than just loan officers, but also 
administrative and other staff.
    The Bureau's ongoing costs estimates only reflected the assumed 
training time required to train loan officers that directly handle the 
underwriting process. Based on the comments, the estimates in this 
final rule reflect a doubling of the number of assumed training hours 
required on an annual basis in order to account for the additional 
staff that would have to be trained on an annual basis besides simply 
the loan officers.
    Lastly, the Bureau received several comments specifically about the 
ongoing cost of 1071 data management software. In addition to 
confirming this as an appropriate category of ongoing cost activity, 
several commenters provided specific estimates of the ongoing costs. 
One commenter's estimate was similar to the estimates the Bureau 
provided in its proposal, while others provided significantly larger 
estimates. A survey by a national trade organization found ongoing 
software cost estimates that were quite similar to the estimates the 
Bureau provided in its proposal for institutions of Types B and C. As 
an example, the survey average for institutions similar to Type B 
institutions in the Bureau's proposal was around $7,000 per year, while 
the Bureau's estimate in the proposal was $8,000. Taking this 
information into account, the Bureau has not adjusted its ongoing cost 
estimates of the annual cost of 1071 data management or geocoding 
software.
4. Costs to Small Businesses
    The Bureau expects that any direct costs of the final rule on small 
businesses will stem from additional fields that the applicant may have 
to complete on credit applications due to the final rule compared to a 
financial institution's existing application process. This could 
include information such as the race, ethnicity, and sex of the 
principal owners or number of workers were not previously required on 
business credit applications. However, the Bureau expects the cost of 
completing the new section 1071 fields on applications to be 
negligible. Therefore, the Bureau focuses the rest of the discussion on 
the costs of small businesses to whether and how the Bureau expects 
financial institutions to pass on the costs of compliance with the 
final rule to small businesses and any possible effects on the 
availability of small business credit.
    Three types of costs (one-time, fixed ongoing, and variable 
ongoing) have the potential to influence the price and availability of 
credit to small businesses. In a competitive marketplace, standard 
microeconomics suggests that lenders will extend loans up to the point 
at which the revenue from granting an additional loan is equal to the 
additional cost associated with the financial institution providing the 
loan. One-time costs and fixed ongoing costs affect the overall 
profitability of a lender's loan portfolio but do not affect the added 
profit from extending an additional loan. Variable ongoing costs, 
however, affect the profitability of each additional loan and will 
influence the number of loans a lender provides. Based on the Bureau's 
available evidence, it expects that the variable ongoing costs will be 
passed on in full to small business credit applicants in the form of 
higher prices or fees and does not expect there to be a significant 
reduction in small businesses' ability to access credit.
    One-time and fixed ongoing costs affect the overall profitability 
of the loan portfolio and will be considered in the lender's decision 
to continue supplying small business credit at their current levels. 
The Bureau believes that a financial institution would find it 
worthwhile to incur the one-time costs associated with complying with 
the final rule if it expects to generate enough profit over multiple 
years to cover those costs. Each year, a financial institution would 
find it worthwhile to continue extending credit if the total expected 
revenue from its chosen quantity of loans is greater than the sum of 
its ongoing fixed and variable costs. As such, the Bureau believes a 
financial institution would find it worthwhile to reduce their supply 
of small business credit, even if it had already incurred the one-time 
costs, if the total expected revenue from that year were less than the 
total expected ongoing costs.\957\ As discussed in detail below, the 
Bureau believes that a significant disruption in small business credit 
supply is unlikely.
---------------------------------------------------------------------------

    \957\ SBREFA Outline at 50-52. The small entity representative 
feedback discussed herein can be found in the SBREFA Panel Report at 
40.
---------------------------------------------------------------------------

    In the One-Time Cost Survey, the Bureau asked respondents to rank a 
list of potential actions they may take in response to the compliance 
costs of implementing section 1071. Respondents ranked the following 
list: ``Raise rates or fees on small business products''; ``Raise 
rates/fees on other credit products''; ``Accept lower profits''; ``Exit 
some geographic markets''; ``Tighten underwriting standards''; ``Offer 
fewer or less complex products''; ``No longer offer small business 
credit products''; or ``Other'' with two write-in options. Respondents 
ranked these options from ``1'' to ``9'' indicating their most to least 
likely responses, where ``1'' was the most likely.
    In order to analyze these responses, the Bureau pooled data only 
from respondents that answered both the ranking question and the number 
of originations question. The Bureau implemented these restrictions to 
the pool to eliminate responses from institutions that would not be 
required to report under the final rule. Of the 105 total respondents 
to the One-Time Cost Survey, 44 ranked every option and reported more 
than 25 originations in the last year.\958\ The Bureau will henceforth 
refer to these respondents as the ``impacts of implementation'' sample.
---------------------------------------------------------------------------

    \958\ The Bureau discusses a representative Type A FI that will 
not be covered by the final rule to make the final estimates easier 
to compare with those in the NPRM and to highlight what the costs of 
the rule would have been for a financial institution that is not 
covered by the final rule. The Bureau includes survey respondents 
with originations below the origination threshold to ensure a large 
enough sample size for analysis.
---------------------------------------------------------------------------

    Table 17 presents the potential responses to implementing section 
1071 and the average ranking assigned by respondents in the impacts of 
implementation sample. The responses

[[Page 35514]]

are listed in order of most to least likely on average, where a lower 
average ranking number means that respondents ranked that response most 
likely. These ranked responses shed light on potential disruptions to 
small business credit supply as a result of the final rule's 
implementation. Notably, respondents were least likely to report that 
they would reduce their small business lending activity, with 
respondents on average indicating that they would be more likely to 
accept lower profits than to reduce their small business lending 
activity.

  Table 17--One-Time Cost Survey Responses to Impacts of Implementation
------------------------------------------------------------------------
                       Response                         Average ranking
------------------------------------------------------------------------
Raise rates or fees on small business products.......               1.77
Raise rates/fees on other credit products............               2.93
Tighten underwriting standards.......................               3.73
Accept lower profits.................................               3.82
Offer fewer or less complex products.................               4.59
Exit some geographic markets.........................               5.75
No longer offer small business credit products.......               6.57
------------------------------------------------------------------------

    Consistent with economic theory, respondents reported that they 
would be most likely to raise rates or fees on small business products 
and other credit products. The Bureau expects that the variable ongoing 
costs would be passed on in full to small business credit applicants in 
the form of higher prices or fees. Per application, the variable costs 
are approximately $32, $26, and $7.5 for Type A FIs, Type B FIs, and 
Type C FIs, respectively. Even if the variable costs were passed on in 
full to small business applicants in the form of higher interest rates 
or fees associated with a loan or line of credit, the Bureau expects 
that this would comprise a small portion of the total cost of the 
average loan to the small business applicant. Therefore, the Bureau 
expects this increase in cost to have limited impact on the 
availability or affordability of small business credit. The Bureau 
estimates that the total market impact of these costs for small 
businesses will be between $200,000,000 and $208,000,000.
    The relative ranking of other survey response options provides 
additional insight into the potential for small business credit supply 
disruptions. In Table 17, financial institutions ranked ``tighten[ing] 
credit standards,'' on average, in the middle of their potential 
responses. The lowest three responses were ``offer fewer or less 
complex products,'' ``exit some geographic markets,'' and ``no longer 
offer small business credit products.'' For these reasons, the Bureau 
believes the survey responses indicate limited likelihood of 
significant small business credit supply disruptions.
    The Bureau's total estimated one-time and ongoing costs are non-
negligible and could potentially affect the supply of small business 
credit by financial institutions that do not regularly originate many 
covered credit transactions. The Bureau's final institutional coverage 
threshold of 100 covered credit transactions in two consecutive years 
could prevent some low-volume financial institutions from reducing 
small business lending activity in response to the compliance costs of 
the final rule. For example, the Bureau estimates that a Type A DI 
would incur one-time costs of $63,825 and fixed ongoing costs of 
$5,195. A depository institution that originates very few covered 
transactions every year may reduce its small business lending activity 
if it does not expect that profits, even over several years, would 
cover that one-time cost or if it does not expect annual revenues to 
exceed the annual ongoing costs. However, based on the net income per 
application estimates discussed above, and the responses to the One-
Time Cost Survey, the Bureau believes that institutions that are 
covered under the final rule are unlikely to find either the one-time 
costs of implementation or the ongoing costs of compliance a meaningful 
influence in their business decision regarding small business lending 
activity. It is possible that some lenders just above the coverage 
threshold might reduce their small business lending to below the 
threshold to avoid reporting but, even if this does occur, the Bureau 
does not anticipate that this will significantly decrease aggregate 
credit supply. Furthermore, the Bureau's findings from the respondents 
to the One-Time Cost Survey (discussed above) additionally support the 
Bureau's conclusion that the increase in compliance costs will likely 
be passed through to customers in the form of higher prices or fees, 
rather than a significant reduction in financial institutions' 
willingness to supply small business credit.\959\
---------------------------------------------------------------------------

    \959\ As stated in the SBREFA Panel Report at 40, ``[g]enerally, 
[small entity representatives] did not suggest that they would leave 
the small business lending market in response to increased costs 
under the eventual 1071 rule.''
---------------------------------------------------------------------------

    If the Bureau were to release the data in unmodified form, the 
Bureau acknowledges there would be an ongoing risk of re-
identification, which may bring with it reputational risk for covered 
financial institutions and more significant privacy risks for small 
business applicants and related natural persons. Examples of such 
scenarios and their potential risks are detailed in part VIII.B.4.ii. 
See part VIII generally for more about how the Bureau's modification 
and deletion decisions will mitigate these risks.
    Comments on the Bureau's estimation of the costs to small 
businesses. The Bureau sought comment on other potential costs to small 
businesses not discussed above, and on its analysis of costs to small 
businesses as described herein. Several trade associations conducted 
their own surveys, which largely provided support for the Bureau's 
estimations, specifically that price increases would be the most likely 
response, and showed limited support for significant market exit.
    A number of commenters, mainly lenders and trade associations, 
described how they expected costs would be passed on to borrowers, 
namely through higher interest rates or fees, though one lender said 
they would not raise fees or restrict access to credit. Two trade 
associations asserted the price of motor vehicles could increase 
because of the rule's effect on automobile financing. Several industry 
commenters who cited potential price increases also noted they might 
have to reduce their overall volume of small business lending. Others 
who cited potential price increases noted they might reduce the number 
of product offerings, such as small dollar lending products or 
insurance premium financing transactions.
    Consistent with results from the Bureau's One-Time Cost Survey, 
comments also provided little evidence to indicate that lenders would 
exit the

[[Page 35515]]

small business credit market. While some lenders and trade associations 
cited business exit as a potential consequence, only one lender stated 
they themselves might consider exiting. A group of trade associations 
noted that in the survey it administered to its own members, there 
seemed to be little evidence that any of its own members would exit. A 
few lenders and trade associations asserted that some smaller lenders 
could exit the market due to increased regulatory burdens and costs. A 
group of trade associations asserted lenders could even close 
altogether or merge with other institutions.
    One bank estimated how much of its portfolio would be affected by 
compliance costs; if it were to stop offering loans of less than 
$50,000 because it decided they were no longer profitable, it would 
lose up to 59 percent of its agricultural and commercial customers, or 
13 percent of its total lending volume. If the bank were to stop 
offering loans of less than $10,000, it would lose 20 percent of its 
agricultural and commercial loans, or 1 percent of its total lending 
volume. The bank observed that because the percentage of customers 
affected would be greater than the percentage of lending volume 
affected, these estimates show that borrowers of small loan amounts 
would be negatively impacted by the rule.
    A few lenders noted that, other than price increases, decreased 
competition from market exit could impact small businesses, namely a 
lower degree of customization in loan processing and underwriting. 
Several industry commenters claimed that processing times will increase 
because of the collection of data fields required by the rule but not 
otherwise collected in the normal course of business.
    The Bureau believes that the comments generally supported the 
Bureau's expectation that the most likely response to the compliance 
costs of the final rule will be an increase in interest rates or fees 
to pass on financial institutions' ongoing variable costs to small 
business credit applicants. While the Bureau acknowledges the potential 
for other effects, such as changes in product offerings, changes in 
loan sizes, increased processing time, tightening of credit standards, 
or a reduction in market participation by financial institutions, the 
Bureau does not expect these effects to be large enough to 
significantly impact the availability of small business credit. 
Additionally, the Bureau expects that its increased coverage threshold 
of one hundred loans for each of the two preceding years should reduce 
the likelihood of reduced small business credit supply by financial 
institutions who originate few loans per year.
5. Alternatives Considered
    This section discusses two categories of alternatives considered: 
other methods for defining a covered financial institution and limiting 
the data points to those mandated by section 1071. The Bureau uses the 
methodologies discussed in parts IX.D and IX.E to estimate the impacts 
of these alternatives.
    First, the Bureau considered multiple reporting thresholds for 
purposes of defining a covered financial institution. In particular, 
the Bureau considered whether to exempt financial institutions with 
fewer than 25, 50, 200, or 500 originations in each of the two 
preceding calendar years instead of 100 originations, as finalized in 
the rule. The Bureau also considered whether to exempt depository 
institutions with assets under $100 million or $200 million from 
section 1071's data collection and reporting requirements.
    Under a 25-origination threshold, which was proposed in the NPRM, 
the Bureau estimates that about 4,000 to 4,200 depository institutions 
would report, which is approximately 2,200 more depository institutions 
relative to the final threshold of 100 originations. The Bureau 
estimates that about 3,600 to 3,800 banks and savings associations and 
about 400 credit unions would be covered under a 25-origination 
threshold. The Bureau estimates that about 98 percent of small business 
loans originated by depository institutions would be covered under a 
25-origination threshold, an increase of about 4 percentage points 
relative to the final rule. The Bureau does not have sufficient 
information to precisely estimate how many more nondepository 
institutions would report under this alternative threshold. The Bureau 
estimates that the total one-time costs across all financial 
institutions associated with a 25-origination threshold would be about 
$338,000,000 to $350,000,000, an increase of about $132,000,000 
relative to the 100-origination threshold. The Bureau estimates that 
the total annual ongoing costs associated with the 25-origination 
threshold would be about $392,000,000 to $413,000,000, an increase of 
between $47,000,000 and $52,000,000 per year relative to the 100-
origination threshold.
    Under a 50-origination threshold, the Bureau estimates that about 
2,900 to 3,100 depository institutions would report, which is 
approximately 1,100 more depository institutions relative to the final 
threshold of 100 originations. The Bureau estimates that about 2,700 to 
2,900 banks and savings associations and about 200 credit unions would 
be covered under a 50-origination threshold. The Bureau estimates that 
about 97 percent of small business loans originated by depository 
institutions would be covered under a 50-origination threshold, an 
increase of about 3 percentage points relative to the final rule. The 
Bureau estimates that the total one-time costs across all financial 
institutions associated with a 50-origination threshold would be about 
$272,000,000 to $285,000,000, an increase of about $66,000,000 relative 
to the 100-origination threshold. The Bureau estimates that the total 
annual ongoing costs associated with this threshold would be about 
$373,000,000 to $393,000,000, an increase of about $28,000,000 to 
$32,000,000 per year relative to the 100-origination threshold. Again, 
the Bureau does not have sufficient information to precisely estimate 
how many more nondepository institutions would be required to report 
under this alternative.
    Under a 200-origination threshold, the Bureau estimates that about 
1,000 to 1,100 depository institutions would report, which is 
approximately 800 fewer depository institutions relative to the final 
threshold of 100 originations. The Bureau estimates that about 900 to 
1,100 banks and savings associations and fewer than 100 credit unions 
would be covered under a 200-origination threshold. The Bureau 
estimates that about 91 percent of small business loans originated by 
depository institutions would be covered under a 200-origination 
threshold, a decrease of about 3 to 4 percentage points relative to the 
final rule. The Bureau estimates that the total one-time costs across 
all financial institutions associated with a 200-origination threshold 
would be about $159,000,000 to $167,000,000, a decrease of about 
$47,000,000 to $51,000,000 relative to the 100-origination threshold. 
The Bureau estimates that the total annual ongoing costs associated 
with this threshold would be about $314,000,000 to $328,000,000, a 
decrease of about $31,000,000 to $33,000,000 per year relative to the 
100-origination threshold. The Bureau does not have sufficient 
information to precisely estimate how many more nondepository 
institutions would be required to report under this alternative.
    Under a 500-origination threshold, the Bureau estimates that about 
400 to 500 depository institutions would report, which is approximately 
1,500 fewer depository institutions relative to the final threshold of 
100 originations. The

[[Page 35516]]

Bureau estimates that about 400 to 500 banks and savings associations 
and fewer than 20 credit unions would be covered under a 500-
origination threshold. The Bureau estimates that about 88 percent of 
small business loans originated by depository institutions would be 
covered under a 500-origination threshold, a decrease of about 3 to 6 
percentage points relative to the final rule. The Bureau estimates that 
the total one-time costs across all financial institutions associated 
with a 500-origination threshold would be about $128,000,000 to 
$131,000,000, a decrease of about $78,000,000 to $87,000,000 relative 
to the 100-origination threshold. The Bureau estimates that the total 
annual ongoing costs associated with this threshold would be about 
$281,000,000 to $290,000,000, a decrease of about $64,000,000 to 
$71,000,000 per year relative to the 100-origination threshold. The 
Bureau does not have sufficient information to precisely estimate how 
many more nondepository institutions would be required to report under 
this alternative.
    The Bureau's NPRM discussed the possibility of exempting depository 
institutions with assets under $100 million or $200 million assets from 
the final rule. For the purposes of considering these alternatives, the 
Bureau estimates how institutional coverage and costs would be 
different if the Bureau required a 25-origination threshold in addition 
to an asset-based threshold for depository institutions. The Bureau 
assumes that the alternative proposal would have been that a depository 
institution would be required to report its small business lending 
activity for 2019 if it had more than 25 originations in 2017 and 2018 
and had assets over the asset-based threshold on December 31, 2018. The 
Bureau further assumes that if two institutions merged in 2019 then the 
resulting institution would be required to report if the sum of the 
separate institutions' assets on December 31, 2018, exceeded the asset-
based threshold.
    Under a $100 million asset-based and 25-origination threshold, the 
Bureau estimates that between 3,500 and 3,600 depository institutions 
would report, approximately 1,600 to 1,700 more depository institutions 
relative to a 100-origination threshold with no asset-based threshold. 
The Bureau estimates that about 3,100 to 3,300 banks and savings 
associations and about 300 credit unions would be covered under a 25-
origination and $100 million asset-based threshold. The Bureau 
estimates that about 98 percent of small business loans originated by 
depository institutions would be covered under a 25-origination and 
$100 million asset-based threshold, an increase of about 4 percentage 
points relative to the final rule. The Bureau estimates that the total 
one-time costs across all financial institutions associated with the 
addition of a $100 million asset-based threshold would be about 
$307,000,000 to $314,000,000, an increase of between $101,000,000 and 
$104,000,000 relative to the final rule. The Bureau estimates that the 
total annual ongoing costs associated with this threshold would be 
about $383,000,000 to $403,000,000, an increase of about $38,000,000 to 
$42,000,000 per year relative to the 100-origination threshold with no 
asset-based threshold.
    Under a $200 million asset-based and 25-origination threshold, the 
Bureau estimates that about 2,700 depository institutions would report, 
approximately between 700 and 900 fewer depository institutions 
relative to a 100-origination threshold with no asset-based threshold. 
The Bureau estimates that about 2,400 banks and savings associations 
and about 300 credit unions would be covered under a 25-origination and 
$200 million asset-based threshold. The Bureau estimates that about 96 
percent of small business loans originated by depository institutions 
would be covered under a 25-origination and $100 million asset-based 
threshold, an increase of about 2 percentage points relative to the 
final rule. The Bureau estimates that the total one-time costs across 
all financial institutions associated with the addition of a $200 
million asset-based threshold would be about $259,000,000 to 
$264,000,000, an increase of between $46,000,000 and $53,000,000 
relative to the final rule. The Bureau estimates that the total annual 
ongoing costs associated with this threshold would be about 
$364,000,000 to $380,000,000, an increase of about $19,000,000 per year 
relative to the 100-origination threshold with no asset-based 
threshold.
    Second, the Bureau considered the costs and benefits for limiting 
its data collection to the data points specifically enumerated in ECOA 
section 704B(e)(2)(A) through (G). In addition to those data points, 
the statute also requires financial institutions to collect and report 
any additional data that the Bureau determines would aid in fulfilling 
the purposes of section 1071. The final rule includes several 
additional data points that rely solely on that latter authority in 
section 704B(e)(2)(H). Specifically, the final rule requires that 
financial institutions collect and report data on application method, 
application recipient, denial reasons (for denied applications only), 
pricing information (for applications that are originated or approved 
but not accepted), NAICS code, number of workers, time in business, and 
number of principal owners, all of which are adopted based on the 
Bureau's authority pursuant to section 704B(e)(2)(H). The Bureau has 
considered the impact of instead finalizing only the collection of 
those data points enumerated in section 704B(e)(2)(A) through (G).
    Requiring the collection and reporting of only the data points 
enumerated in ECOA section 704B(e)(2)(A) through (G) would result in a 
reduction in the fair lending benefit of the data compared to the final 
rule. For example, not collecting pricing information would obscure 
possible fair lending risk by covered financial institutions. Potential 
discriminatory behavior is not limited to the action taken on an 
application, but rather includes the terms and conditions under which 
applicants can access credit. If the Bureau did not collect pricing 
information, it would not be able to evaluate potential discriminatory 
lending practices. As mentioned in part IX.F.1 above, several of the 
data points the Bureau is finalizing under its ECOA section 
704B(e)(2)(H) authority are critical to conducting more accurate and 
complete fair lending analyses. A reduction in the rule's ability to 
facilitate the enforcement of fair lending laws would negatively impact 
small businesses and small business owners and thus run counter to that 
statutory purpose of section 1071.
    Limiting the rule's data collection to only the data points 
required under the statute would also reduce the ability of the rule to 
support the business and community development needs and opportunities 
of small businesses, which is the other statutory purpose of section 
1071. For example, not including pricing information would 
significantly reduce the ability of communities, governmental entities, 
and creditors to understand credit conditions available to small 
businesses. Not including NAICS code or time in business would also 
reduce the ability of governmental entities to tailor programs that can 
specifically benefit young businesses or businesses in certain 
industries.
    Only requiring the collection and reporting of the data points 
enumerated in ECOA section 704B(e)(2)(A) through (G) would have reduced 
the annual ongoing cost of complying with the final rule. Under this 
alternative, the estimated total annual ongoing costs for Type A FIs, 
Type B FIs, and Type C FIs would be $7,644; $38,296 and $265,809,

[[Page 35517]]

respectively. Per application, the estimated ongoing cost would be $76, 
$96, and $44 for Type A FIs, Type B FIs, and Type C FIs, respectively. 
Under this alternative, the estimated total ongoing costs for Type A 
FIs would be $705 less per year and $7 less per application than the 
final rule; the estimated total ongoing costs for Type B FIs would be 
$1,783 less per year and $4 less per application than the final rule; 
and the estimated total ongoing costs for Type C FIs would be $12,809 
per year and $2 per application than the final rule. The estimated 
total annual market-level ongoing cost of reporting would be between 
$326,000,000 and $340,000,000, or between about $19,000,000 to 
$21,000,000 per year less than under the final rule. As discussed 
above, respondents to the One-Time Cost Survey were instructed to 
assume that they would only report the statutorily mandated data 
fields. Hence, the Bureau can only estimate how ongoing costs would be 
different under this alternative.

G. Potential Impact on Depository Institutions and Credit Unions With 
$10 Billion or Less in Total Assets

    As discussed above, the final rule will exclude financial 
institutions with fewer than 100 originated covered credit transactions 
in both of the two preceding calendar years. The Bureau believes that 
the benefits of the final rule to banks, savings associations, and 
credit unions with $10 billion or less in total assets will be similar 
to the benefits to covered financial institutions as a whole, discussed 
above. Regarding costs, other than as noted here, the Bureau also 
believes that the impact of the final rule on banks, savings 
associations, and credit unions with $10 billion or less in total 
assets will be similar to the impact for covered financial institutions 
as a whole. The primary difference in the impact on these institutions 
is likely to come from differences in the level of complexity of 
operations, compliance systems, and software, as well as number of 
product offerings and volume of originations of these institutions, all 
of which the Bureau has incorporated into the cost estimates using the 
three representative financial institution types.
    Based on FFIEC and NCUA Call Report data for December 2019, 10,375 
of 10,525 banks, savings associations, and credit unions had $10 
billion or less in total assets. The Bureau estimates that between 
1,700 and 1,900 of such institutions would be subject to the final 
rule. The Bureau estimates that the market-level impact of the final 
rule on annual ongoing costs for banks, savings associations, and 
credit unions with $10 billion or less in assets would be between 
$124,000,000 and $140,000,000. Regarding one-time costs, the Bureau 
estimates that the market-level impact of the final rule for banks, 
savings associations, and credit unions with $10 billion or less in 
assets would be between $102,000,000 and $114,000,000. Using a 7 
percent discount rate and a five-year amortization window, the 
estimated annualized one-time costs would be between $25,000,000 and 
$28,000,000.

H. Potential Impact on Small Businesses in Rural Areas

    The Bureau expects that small businesses in rural areas will 
directly experience many of the benefits of the rule described above in 
IX.F.1. Small businesses in rural areas will directly benefit from 
facilitating the enforcement of fair lending laws and the enabling of 
communities, governmental entities, and creditors to identify business 
and community development needs and opportunities of women-owned, 
minority-owned, and small businesses. As with all small businesses, 
small businesses in rural areas may bear some indirect costs of the 
rule. This would occur if financial institutions serving rural areas 
are covered by the final rule and if those institutions pass on some or 
all of their cost of complying with the final rule to small businesses.
    The source data from CRA submissions that the Bureau uses to 
estimate institutional coverage and market estimates provide 
information on the county in which small business borrowers are 
located. However, approximately 89 percent of all banks did not report 
CRA data in 2019, and as a result the Bureau does not believe the 
reported data are robust enough to estimate the locations of the small 
business borrowers for the banks that do not report CRA data. The NCUA 
Call Report data do not provide any information on the location of 
credit union borrowers. Nonetheless, the Bureau is able to provide some 
geographical estimates of institutional coverage based on depository 
institution branch locations.
    The Bureau used the FDIC's Summary of Deposits to identify the 
location of all brick and mortar bank and savings association branches 
and the NCUA Credit Union Branch Information to identify the location 
of all credit union branch and corporate offices.\960\ A bank, savings 
association, or credit union branch was defined as rural if it is in a 
rural county, as specified by the USDA's Urban Influence Codes.\961\ A 
branch is considered covered by the final rule if it belongs to a bank, 
savings association, or credit union that the Bureau estimated would be 
included if they exceed 100 originations in 2017 and 2018. Using the 
estimation methodology discussed in part IX.D above, the Bureau 
estimates that about 65 to 70 percent of rural bank and savings 
association branches and about 95 percent of non-rural bank and savings 
association branches would be covered under the final rule. The Bureau 
estimates that about 14 percent of rural credit union branches and 
about 11 percent of non-rural credit union branches would be covered 
under the final rule.\962\
---------------------------------------------------------------------------

    \960\ See Fed. Deposit Ins. Corp., Summary of Deposits (SOD)--
Annual Survey of Branch Office Deposits (last updated June 1, 2022), 
https://www.fdic.gov/regulations/resources/call/sod.html. The NCUA 
provides data on credit union branches in the quarterly Call Report 
Data files. See Nat'l Credit Union Admin., Call Report Quarterly 
Data, https://www.ncua.gov/analysis/credit-union-corporate-call-report-data/quarterly-data (last visited Mar. 20, 2023).
    \961\ This is a similar methodology as used in the Bureau's 
rural counties list. See CFPB, Rural and underserved counties list, 
https://www.consumerfinance.gov/compliance/compliance-resources/mortgage-resources/rural-and-underserved-counties-list/ (last 
visited Mar. 20, 2023).
    \962\ The Bureau notes that most credit union branches do not 
belong to covered credit unions because most credit unions did not 
report any small business loans in the NCUA Call Report data. Of the 
5,437 credit unions that existed in December 2019, 4,359 (or 81.5 
percent) reported no small business originations in 2017 or 2018.
---------------------------------------------------------------------------

    In a competitive framework in which financial institutions are 
profit maximizers, financial institutions would pass on variable costs 
to future small business applicants, but absorb one-time costs and 
increased fixed costs in the short run.\963\ Based on previous HMDA 
rulemaking efforts, the following seven operational steps affect 
variable costs: transcribing data, resolving reportability questions, 
transferring data to a data entry system, geocoding, researching 
questions, resolving question responses, and checking post-submission 
edits. Overall, the Bureau estimates that the impact of the final rule 
on variable costs per application is $32 for Type A FIs, $26 for Type B 
FIs, and $7.50 for Type C FIs. The Bureau believes that the covered 
financial institutions that serve rural areas will attempt to pass 
these variable costs on to future small business applicants.

[[Page 35518]]

Amortized over the life of the loan, this expense would represent a 
negligible increase in the overall cost of a covered credit 
transaction.
---------------------------------------------------------------------------

    \963\ If markets are not perfectly competitive or financial 
institutions are not profit maximizers, then what financial 
institutions pass on may differ. For example, they may attempt to 
pass on one-time costs and increases in fixed costs, or they may not 
be able to pass on variable costs. Furthermore, some financial 
institutions may exit the market in the long run. However, other 
financial institutions may also enter the market in the long run.
---------------------------------------------------------------------------

    The One-Time Cost Survey can shed light on how financial 
institutions that serve rural communities will respond to the final 
rule. The Bureau asked respondents to the survey to report whether 
their institution primarily served rural or urban communities or an 
even mix. All respondents in the impacts of implementation sample 
answered this question. Of the 44 respondents in the impacts of 
implementation sample, 13 primarily serve rural communities, 15 
primarily serve urban communities, and 16 serve an even mix. Table 18 
presents the potential responses to implementing section 1071 and the 
average ranking assigned by respondents that serve rural communities, 
urban communities, an even mix, and all of the respondents in the 
impacts of implementation sample. The responses are listed in order of 
most to least likely on average across all respondents, where a lower 
average ranking number means that respondents ranked that response most 
likely. Respondents that primarily serve rural communities or an even 
mix rank raising rates or fees on small business or other credit 
products as the most likely response. These institutions also rank 
exiting some geographic markets and no longer offering small business 
credit products as the least likely response to a rule implementing 
section 1071.

        Table 18--One-Time Cost Survey Responses to Impacts of Implementation by Type of Community Served
----------------------------------------------------------------------------------------------------------------
                                                    Rural  (n =     Urban  (n =    Even mix (n =
                    Response                            13)             15)             16)        All  (n = 44)
----------------------------------------------------------------------------------------------------------------
Raise rates or fees on small business products..            1.62             1.6            2.06            1.77
Raise rates/fees on other credit products.......            2.54            2.73            3.44            2.93
Tighten underwriting standards..................            3.46            4.27            3.44            3.73
Accept lower profits............................            3.77             4.2             3.5            3.82
Offer fewer or less complex products............            4.62            4.07            5.06            4.59
Exit some geographic markets....................            5.69            5.13            6.38            5.75
No longer offer small business credit products..            6.62            6.13            6.94            6.57
----------------------------------------------------------------------------------------------------------------

    The Bureau thus does not anticipate any material adverse effect on 
credit access in the long or short term to rural small businesses.

X. Regulatory Flexibility Act Analysis

    The Regulatory Flexibility Act (RFA) \964\ generally requires an 
agency to conduct an initial regulatory flexibility analysis (IRFA) and 
a final regulatory flexibility analysis (FRFA) of any rule subject to 
notice-and-comment rulemaking requirements. These analyses must 
``describe the impact of the proposed rule on small entities.'' \965\ 
An IRFA or FRFA is not required if the agency certifies that the rule 
will not have a significant economic impact on a substantial number of 
small entities.\966\ The Bureau also is subject to certain additional 
procedures under the RFA involving the convening of a panel to consult 
with small business representatives prior to proposing a rule for which 
an IRFA is required.\967\
---------------------------------------------------------------------------

    \964\ 5 U.S.C. 601 et seq.
    \965\ 5 U.S.C. 603(a). For purposes of assessing the impacts of 
the proposed rule on small entities, ``small entities'' is defined 
in the RFA to include small businesses, small not-for-profit 
organizations, and small government jurisdictions. 5 U.S.C. 601(6). 
A ``small business'' is determined by application of SBA regulations 
and reference to the NAICS classifications and size standards. 5 
U.S.C. 601(3). A ``small organization'' is any ``not-for-profit 
enterprise which is independently owned and operated and is not 
dominant in its field.'' 5 U.S.C. 601(4). A ``small governmental 
jurisdiction'' is the government of a city, county, town, township, 
village, school district, or special district with a population of 
less than 50,000. 5 U.S.C. 601(5).
    \966\ 5 U.S.C. 605(b).
    \967\ 5 U.S.C. 609.
---------------------------------------------------------------------------

    In the proposal, the Bureau did not certify that the proposed rule 
would not have a significant economic impact on a substantial number of 
small entities within the meaning of the RFA. Accordingly, the Bureau 
convened and chaired a Small Business Review Panel under SBREFA to 
consider the impact of the proposals under consideration on small 
entities that would be subject to the rule implementing section 1071 
and to obtain feedback from representatives of such small entities. The 
proposal preamble included detailed information on the Small Business 
Review Panel. The Panel's advice and recommendations are found in the 
Small Business Review Panel Final Report \968\ and were discussed in 
the section-by-section analysis of the proposed rule.\969\ The proposal 
also contained an IRFA pursuant to section 603 of the RFA. In this 
IRFA, the Bureau solicited comment on any costs, recordkeeping 
requirements, compliance requirements, or changes in operating 
procedures arising from the application of the proposed rule to small 
businesses; comment regarding any Federal rules that would duplicate, 
overlap or conflict with the proposed rule; and comment on alternative 
means of compliance for small entities. Comments addressing individual 
provisions of the proposed rule are addressed in the section-by-section 
analysis above. Comments addressing the impact on small entities are 
discussed below. Many of these comments implicated individual 
provisions of the final rule or the Bureau's Dodd-Frank Act section 
1022 discussion and are also addressed in those parts.
---------------------------------------------------------------------------

    \968\ CFPB, Final Report of the Small Business Review Panel on 
the CFPB's Proposals Under Consideration for the Small Business 
Lending Data Collection Rulemaking (Dec. 14, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-sbrefa-report.pdf.
    \969\ 86 FR 56356, 56378-510 (Oct. 8, 2021).
---------------------------------------------------------------------------

    Based on the comments received, and for the reasons stated below, 
the Bureau believes the final rule will have a significant economic 
impact on a substantial number of small entities. Accordingly, the 
Bureau has prepared the following final regulatory flexibility analysis 
pursuant to section 604 of the RFA.

Final Regulatory Flexibility Analysis

    Under RFA section 604(a), when promulgating a final rule under 5 
U.S.C. 553, after publishing a notice of proposed rulemaking, the 
Bureau must prepare a FRFA. Section 603(a) of the RFA also sets forth 
the required elements of the FRFA. Section 604(a)(1) requires the FRFA 
to contain a statement of the need for, and objectives of, the rule. 
Section 604(a)(2) requires the FRFA to contain a statement of the 
significant issues raised by the public comments in response to the 
initial regulatory flexibility analysis, a statement of the assessment 
of the agency of such issues, and a statement of any changes made in 
the proposed rule as a result of such comments. Section 604(a)(3) 
requires the Bureau to respond to any comments filed by the

[[Page 35519]]

Chief Counsel for Advocacy of the SBA in response to the proposed rule 
and provide a detailed statement of any change made to the proposed 
rule in the final rule as a result of the comments.
    The FRFA further must contain a description of and an estimate of 
the number of small entities to which the rule will apply or an 
explanation of why no such estimate is available.\970\ Section 
603(b)(5) requires a description of the projected reporting, 
recordkeeping, and other compliance requirements of the rule, including 
an estimate of the classes of small entities that will be subject to 
the requirement and the type of professional skills necessary for the 
preparation of the report or record. In addition, the Bureau must 
describe any steps it has taken to minimize the significant economic 
impact on small entities consistent with the stated objectives of 
applicable statutes, including a statement of the factual, policy, and 
legal reasons for selecting the alternative adopted in the final rule 
and why each one of the other significant alternatives to the rule 
considered by the agency which affect the impact on small entities was 
rejected. Finally, as amended by the Dodd-Frank Act, RFA section 
604(a)(6) requires that the FRFA include a description of the steps the 
agency has taken to minimize any additional cost of credit for small 
entities.
---------------------------------------------------------------------------

    \970\ 5 U.S.C. 603(a)(4).
---------------------------------------------------------------------------

A. Statement of the Need for, and Objectives of, the Rule
    As discussed in part I above, section 1071 of the Dodd-Frank Act 
amended ECOA to require that financial institutions collect and report 
to the Bureau certain data regarding applications for credit for women-
owned, minority-owned, and small businesses.\971\ Section 1071's 
statutory purposes are (1) to facilitate enforcement of fair lending 
laws, and (2) to enable communities, governmental entities, and 
creditors to identify business and community development needs and 
opportunities of women-owned, minority-owned, and small businesses.
---------------------------------------------------------------------------

    \971\ ECOA section 704B.
---------------------------------------------------------------------------

    Section 1071 specifies a number of data points that financial 
institutions are required to collect and report, and also provides 
authority for the Bureau to require any additional data that the Bureau 
determines would aid in fulfilling 1071's statutory purposes. Section 
1071 also contains a number of other requirements, including those that 
address restricting the access of underwriters and other persons to 
certain data, publication of data, and the Bureau's discretion to 
modify or delete data prior to publication in order to advance a 
privacy interest.
    As discussed throughout this document, Congress amended ECOA by 
adding section 1071, which directs the Bureau to adopt regulations 
governing the collection and reporting of small business lending data. 
Section 1071 directs the Bureau to prescribe such rules and issue such 
guidance as may be necessary to carry out, enforce, and compile data 
pursuant to section 1071, and permits the Bureau to adopt exceptions to 
any requirement or to exempt financial institutions from the 
requirements of section 1071 as the Bureau deems necessary or 
appropriate to carry out the purposes of section 1071.
    In addition, as discussed in part II above, currently available 
data on small business lending are fragmented, incomplete, and not 
standardized, making it difficult to make meaningful comparisons across 
products, financial institutions, and over time. This hinders attempts 
by policymakers and other stakeholders to understand the size, 
composition, and dynamics of the small business lending marketplace, 
including the interaction of supply and demand, as well as potentially 
problematic lending practices, gaps, or trends in funding that may be 
holding back some communities.\972\
---------------------------------------------------------------------------

    \972\ While Call Report and CRA data provide some indication of 
the level of supply of small business credit, the lack of data on 
small business credit applications makes demand for credit by small 
businesses more difficult to assess, including with respect to local 
markets or protected classes.
---------------------------------------------------------------------------

    Data collected under the final rule will constitute the largest and 
most comprehensive data in the United States on credit availability for 
small businesses. The data collection will also provide an 
unprecedented window into the small business lending market, and such 
transparency will benefit financial institutions covered by the rule. 
The public data published under the final rule will allow financial 
institutions to better understand the demand for small business credit 
products and the conditions under which they are being supplied by 
other lenders. Lenders will likely use the data to understand small 
business lending market conditions more effectively and at a more 
granular level than is possible with existing data sources, such as 
Call Reports, data from public lending programs, or privately purchased 
data. Data collected under the final rule will enable lenders to 
identify promising opportunities to extend credit to small businesses.
    The final rule will also provide some reduction of the compliance 
burden of fair lending reviews for lower risk financial institutions by 
reducing the ``false positive'' rates during fair lending review 
prioritization by regulators. Currently, financial institutions are 
subject to fair lending reviews by regulators to ensure that they are 
complying with ECOA in their small business lending. Data reported 
under the final rule will allow regulators to prioritize fair lending 
reviews of lenders with higher risk of potential fair lending 
violations, which reduces the burden on institutions with lower fair 
lending risk.
    The final rule effectuates Congress's specific mandate to the 
Bureau to adopt rules to implement section 1071. For a further 
description of the reasons why agency action is being considered, see 
the background discussion for the final rule in part II above.
    This rulemaking has multiple objectives. The final rule is intended 
to advance the two statutory purposes of section 1071, which are (1) 
facilitating enforcement of fair lending laws and (2) enabling 
communities, governmental entities, and creditors to identify business 
and community development needs and opportunities of women-owned, 
minority-owned, and small businesses. To achieve these objectives, the 
rule will require covered financial institutions to collect and report 
certain data on applications for covered credit transactions for small 
businesses, including minority-owned, women-owned, and LGBTQI+-owned 
small businesses. The data to be collected and reported will include a 
number of statutorily required data fields regarding small business 
applications, as well as several additional data fields that the Bureau 
determined will help fulfill the purposes of section 1071. The Bureau 
will make available to the public, annually on the Bureau's website, 
the data submitted to it by financial institutions, subject to 
deletions or modifications made by the Bureau if the Bureau determines 
that such deletions or modifications would advance a privacy interest.
B. Statement of the Significant Issues Raised by the Public Comments in 
Response to the Initial Regulatory Flexibility Analysis, a Statement of 
the Assessment of the Agency of Such Issues, and a Statement of Any 
Changes Made to the Proposed Rule in the Final Rule as a Result of Such 
Comments
    In accordance with section 603(a) of the RFA, the Bureau prepared 
an IRFA. In the IRFA, the Bureau estimated the possible compliance cost 
for small entities with respect to a pre-statute

[[Page 35520]]

baseline. Additionally, the IRFA discussed possible impacts on small 
entities, such as small businesses to whom lenders provide credit.
    Very few commenters specifically address the IRFA included in the 
proposal. Comments made by the SBA Office of Advocacy related to the 
estimates included in the IRFA are addressed below in part X.B.3. A 
comprehensive discussion of comments that relate to parts of the 
regulatory flexibility analysis can be found throughout part IX above. 
This section addresses specific significant comments that affects the 
FRFA analysis.
    Commenters provided feedback on the overall magnitudes of the one-
time and ongoing cost estimates, which form a core part of the IRFA 
analysis. Some industry commenters provided their own estimates of 
either their institution's specific one-time or ongoing costs. With 
respect to one-time costs, the Bureau has reviewed estimates and 
considered the information provided by the commenters, together with 
the existing evidence provided in the One-Time Cost Survey. The Bureau 
considers most estimates provided by commenters as broadly consistent 
with the Bureau's one-time cost estimates. With respect to ongoing 
costs, industry commenters' estimates ranged from estimates that were 
quite similar to the Bureau's estimate for institutions of similar 
small business credit volume to estimates that were considerably higher 
than the Bureau's estimates. The Bureau has reviewed these estimates 
and considered the information provided by the commenters.
    Many industry commenters claimed a need to hire additional staff, 
both with respect to the one-time cost of implementing the rule and the 
ongoing cost of reporting 1071 data annually. Many provided estimates 
of the additional FTEs that the institution would have to hire to 
comply with the proposed rule. These estimates ranged from one 
additional FTE to up to 10 additional FTEs. A survey of community banks 
by a national trade association found that 88 percent of respondents 
would need to hire an additional FTE and, on average, institutions 
would have to hire 2-3 FTEs. Several commenters asserted that the 
hiring of additional staff alone showed that the Bureau's one-time and 
ongoing cost estimates in the proposal were inadequate. In the ongoing 
costs estimates of the Bureau's proposal, the Bureau calculated the 
number of hours required to be spent on 1071-related tasks, without 
distinguishing between existing or newly-hired staff. The Bureau 
assumes that the time spent on 1071-related tasks necessarily takes 
time away from otherwise profitable activity to which the hours would 
be put in the rule's absence. Since the Bureau is accounting for time 
spent in this way, the Bureau believes that its estimates account for 
the additional staff activity required to be spent to collect, check, 
and report data under the final rule. For this reason, the Bureau did 
not change any staffing time estimates, with exceptions mentioned 
below.
    However, hiring additional FTEs would lead some institutions to 
incur fixed one-time costs of hiring, including search, administrative 
burden, and additional training, that they would not have incurred in 
the absence of the final rule. The Bureau categorizes this type of cost 
as a one-time cost, where the institution staffs up to be able to 
comply with the rule. So, while the Bureau has not changed ongoing 
costs estimates with respect to staff hours, it is incorporating the 
fixed cost of hiring new staff in its estimation of one-time costs.
    Several commenters also suggested that the specific ongoing costs 
for training staff were too low in the proposal. As described in the 
proposal, the Bureau received similar comments during the SBREFA 
process, but wished to learn additional information through comments on 
the proposed rule to better estimate the cost of training. Several 
institutions provided specific annual costs of training employees or 
estimates of the overall employee time expected to be required to 
comply with the final rule. Others more generally described the need to 
train more staff than just loan officers, but also administrative and 
other staff.
    The Bureau's ongoing cost estimates only reflected the assumed 
training time required to train loan officers that directly handle the 
underwriting process. The Bureau decided, based on the comments to the 
proposed rule, to double the amount of assumed training hours required 
on an annual basis to account for the additional staff that would have 
to be trained on an annual basis besides simply the loan officers. The 
estimates in this final rule reflect the doubling of annual training 
hours.
C. Response of the Agency to Any Comments Filed by the Chief Counsel 
for Advocacy of the Small Business Administration in Response to the 
Proposed Rule, and a Detailed Statement of Any Change Made to the 
Proposed Rule in the Final Rule as a Result of the Comments
    SBA Office of Advocacy provided a formal comment letter to the 
Bureau in response to the proposed rule. This letter expressed concerns 
that the Bureau underestimated the costs of the proposed rule, that the 
Bureau did not adequately consider the scope of coverage, and that the 
Bureau additionally underestimated the effect of the proposed rule on 
the cost of credit to small entities. Additionally, SBA Office of 
Advocacy provided specific feedback related to certain provisions of 
the proposed rule, which are addressed below.
    Comments related to the Bureau's cost estimates. SBA Office of 
Advocacy asserted that the Bureau's estimated costs of compliance in 
the proposal were too low, arguing, specifically, that training costs 
were too low and stated that the Bureau had acknowledged that small 
entity representatives, during the SBREFA process, had noted that the 
Bureau's training costs might be low because they did not account for 
enough staff being trained. Regarding these training costs, the Bureau 
notes that, as SBA Office of Advocacy observed, the proposal identified 
the feedback from small entity representatives that the training costs 
might be underestimated. In part VIII.F.3 of the proposal the Bureau 
sought comments on the training and other estimates to inform the 
ongoing cost estimation. As noted in part IX.F above, the Bureau has 
increased its estimates of training costs in response to SBA Office of 
Advocacy and other comments to account for additional staff that would 
need to be trained on an ongoing basis.
    SBA Office of Advocacy expressed concerns that the Bureau has 
underestimated the one-time costs, specifically with regard to training 
costs. As noted in the above methods (part IX.E) and estimations (part 
IX.F) discussions, the Bureau estimated one-time costs from the 
Bureau's One-Time Cost Survey, which was conducted of industry 
participants potentially subject to the Bureau's rule implementing 
section 1071. The Bureau's Tables 14 through 16 provide averages of 
survey responses. To obtain final estimates, the Bureau combined this 
information with relevant information from comments on the proposal. 
The Bureau reviewed and considered comments on the cost estimates 
included in its proposal.
    SBA Office of Advocacy also asserted that the Bureau underestimated 
the pass through of compliance costs to small businesses in the form of 
rates and fees. SBA Office of Advocacy also asserted that, because 
institutions could charge an application fee, the fee may be a 
disincentive for small businesses to shop for a better priced loan, and

[[Page 35521]]

therefore the overall cost of credit may be higher than indicated.
    Regarding these comments on the pass through of costs, the Bureau 
notes in part IX.F.4 above that it expects the variable portion of 
ongoing costs to be passed on to small business credit borrowers in the 
form of higher interest rates and fees. It made this determination from 
the results to its One-Time Cost Survey, economic theory, and comments 
on the proposed rule. Additionally, lenders presently have the ability 
to charge applicants application fees, something that the potential 
increase in fees from compliance costs associated with this final rule 
does not change.
    Comments related to other aspects of the proposed rule. In the 
section-by-section analysis of the final rule in part V above, the 
Bureau has responded to the SBA Office of Advocacy's comments 
concerning a number of topics in the proposed rule, including the 
definition of financial institution, the small business definition, the 
coverage of automobile dealers, the data points generally, the proposed 
visual observation and surname requirement related to applicants' 
demographic information, data points adopted pursuant to ECOA section 
704B(e)(2)(H), and the compliance date of the rule. SBA Office of 
Advocacy's comments and the Bureau's responses on these topics are 
summarized below.
    Scope of coverage/definition of financial institution. Initially, 
SBA Office of Advocacy expressed concern about the scope of coverage, 
particularly as related to who would be a covered financial institution 
required to collect and report 1071 data. SBA Office of Advocacy argued 
that the proposed 25-origination threshold may be too low, and that the 
Bureau has not analyzed the data fully to determine whether a higher 
threshold would garner an appropriate amount of information to fulfill 
the purposes of section 1071. SBA Office of Advocacy further urged the 
Bureau to consider additional alternative thresholds, and supplement 
its analysis, including 50-, 100-, 200- and 500-origination threshold 
alternatives. In the final rule, the Bureau has increased the 
institutional coverage threshold from 25 to 100 originations annually 
to address industry concerns regarding the impact on the smallest 
financial institutions. Smaller lenders play an integral role in 
lending to parts of the small business sector and the Bureau does not 
want to risk disruption to this sector, which would run contrary to the 
business and community development purpose of section 1071. The Bureau 
also considered higher thresholds, but believes that raising the 
threshold further would undermine the purposes of section 1071.
    Definition of small business. Next, SBA Office of Advocacy 
commended the Bureau for proposing an alternative size standard to 
SBA's approach to defining a small business, noting prior feedback 
concerning the need for a simpler definition that is easy for small 
business applicants to understand and financial institutions to 
implement. However, SBA Office of Advocacy noted concern from 
stakeholders that the $5 million gross annual revenue threshold may be 
too high for small financial institutions to implement and may cause 
some of those entities to forgo making business loans. SBA Office of 
Advocacy urged the Bureau to analyze other possible thresholds at a 
lower amount that would garner sufficient data, without the risk of 
smaller banks discontinuing business loans. Although the Bureau 
considered different threshold amounts and different size standards, it 
believes that a $5 million gross annual revenue threshold strikes the 
right balance in terms of broadly covering the small business credit 
market to fulfill section 1071's statutory purposes while meeting the 
SBA's criteria for an alternative size standard. The final rule also 
anticipates updates to this threshold every five years to account for 
inflation.
    Data points--collection of ethnicity and race via visual 
observation or surname, and data points adopted pursuant to ECOA 
section 704B(e)(2)(H). SBA Office of Advocacy raised two concerns 
related to data points required to be collected under section 1071. 
First, SBA Office of Advocacy argued that the requirement in the 
proposed rule to collect ethnicity and race information based on visual 
observation or surname should be removed. SBA Office of Advocacy 
reiterated concerns expressed during the SBREFA panel about a visual 
observation requirement. SBA Office of Advocacy further argued that 
data collected through visual observation or surname could be corrupted 
by bias or other forms of discrimination, and would therefore be in 
opposition to the intent of section 1071. They further stated that even 
well trained and well-motivated financial institutions could make wrong 
assumptions and taint the quality of the data. After considering the 
issue further as explained in the section-by-section analysis of Sec.  
1002.107(a)(19) above, the final rule does not include a requirement to 
collect applicant demographic information based on visual observation 
or surname.
    Second, SBA Office of Advocacy urged the Bureau to remove from the 
rule all data points proposed pursuant to its statutory authority set 
forth in ECOA section 704B(e)(2)(H), arguing that such data points are 
not required by section 1071, are costly, and potentially raise privacy 
concerns. SBA Office of Advocacy noted that these data points could be 
reverse engineered to determine what businesses were denied credit, 
particularly in small communities. They focused particularly on pricing 
data, asserting that these data would be costly and could damage the 
reputation of the institution by creating unjustified inferences that 
pricing disparities are due to fair lending violations. The Bureau 
believes that pricing and the other data points provide valuable 
information that furthers the dual purposes of section 1071. The Bureau 
believes that any risks to privacy interests can be addressed through 
modifications or deletions to public, application-level data, as 
appropriate.
    Next, SBA Office of Advocacy urged the Bureau to work with small 
automobile dealers to make the direct and indirect impacts of the 
rulemaking as least burdensome as possible. SBA Office of Advocacy 
stated that dealers may either directly issue credit or, as noted by a 
trade association, in many cases, act as intermediaries between buyers 
and financial institutions, and in those roles may be asked to support 
financial institutions' compliance with the rule. The Bureau's rule 
does not apply to motor vehicle dealers.\973\ The Bureau has also made 
revisions to the rule's provisions addressing reporting obligations 
when multiple financial institutions are involved in originating a 
single covered credit transaction, which the Bureau believes will 
provide greater clarity to motor vehicle dealers and the covered 
financial institutions that work with them, as well as to other covered 
financial institutions that originate covered credit transactions for 
small businesses through third parties. In addition, the Bureau has 
sought to reduce burden on small covered financial institutions through 
many provisions in the final rule, including, for example, by issuing a 
sample data collection form that institutions can use to collect 
protected demographic data from applicants. Finally, SBA Office of 
Advocacy encouraged the Bureau to consider an implementation period of 
three years or longer for the rule, rather

[[Page 35522]]

than 18 months as proposed. SBA Office of Advocacy reiterated feedback 
from a roundtable session it held that an 18-month compliance period 
would not be sufficient, and it may take up to three years for small 
financial institutions to comply. They noted that unlike HMDA, 
financial institutions are not building off a system already in place, 
and instead need to develop new systems. SBA Office of Advocacy also 
reiterated feedback during the SBREFA process that supported a two- to 
three-year implementation period. The Bureau is adopting a tiered 
compliance date schedule because it believes that smaller and mid-sized 
lenders would have particular difficulties complying within the single 
18-month compliance period proposed in the NPRM. Compliance with the 
rule beginning October 1, 2024 is required for financial institutions 
that originate the most covered credit transactions for small 
businesses. However, institutions with a moderate transaction volume 
have until April 1, 2025 to begin complying with the rule, and those 
with the lowest volume have until January 1, 2026.\974\ The Bureau 
believes that approximately 90 percent of all covered financial 
institutions that are themselves ``small'' under the SBA's size 
standards will fall under the latest compliance date, giving them 
nearly three years to prepare for compliance with the Bureau's final 
rule.
---------------------------------------------------------------------------

    \973\ The Bureau's rules, including this final rule to implement 
section 1071, generally do not apply to motor vehicle dealers, as 
defined in section 1029(f)(2) of the Dodd-Frank Act, that are 
predominantly engaged in the sale and servicing of motor vehicles, 
the leasing and servicing of motor vehicles, or both. 12 U.S.C. 
5519.
    \974\ The Bureau estimates that most small depository 
institutions will fall into Tier 3 and will be required to begin 
complying with the final rule in 2026.
---------------------------------------------------------------------------

D. Description of and an Estimate of the Number of Small Entities to 
Which the Rule Will Apply
    For the purposes of assessing the impacts of the final rule on 
small entities, ``small entities'' is defined in the RFA to include 
small businesses, small nonprofit organizations, and small government 
jurisdictions.\975\ A ``small business'' is determined by application 
of SBA regulations in reference to the North American Industry 
Classification System (NAICS) classification and size standards.\976\ 
Under such standards, the Bureau identified several categories of small 
entities that may be subject to the proposed provisions: depository 
institutions; online lenders and merchant cash advance providers; 
commercial finance companies; nondepository CDFIs; Farm Credit System 
members; and governmental lending entities. The NAICS codes covered by 
these categories are described below.
---------------------------------------------------------------------------

    \975\ 5 U.S.C. 601(6).
    \976\ The current SBA size standards are found on the SBA's 
website, Small Bus. Admin., Table of size standards (Mar. 17, 2023), 
https://www.sba.gov/document/support-table-size-standards.
---------------------------------------------------------------------------

    The following table provides the Bureau's estimate of the number 
and types of entities that may be affected by the proposed rule:

                 Table 19--Estimated Number of Affected Entities and Small Entities by Category
----------------------------------------------------------------------------------------------------------------
                                                                                    Est. total    Est. number of
                                                                Small entity          covered          small
             Category                       NAICS                threshold           financial       financial
                                                                                   institutions    institutions
----------------------------------------------------------------------------------------------------------------
Depository Institutions...........  522110, 522180,        $850 million in                 1,900           1,000
                                     522130, 522210.        assets.
Online Lenders and Merchant Cash    522299, 522291,        $40 million (NAICS                100              90
 Advance Providers.                  522320, 518210.        518210); $47 million
                                                            (NAICS 522299,
                                                            522291, 522320).
Commercial Finance Companies......  513210, 532411,        $47 million (NAICS                240             216
                                     532490, 522220,        513210, 522220,
                                     522291.                522291); $40 million
                                                            (NAICS 532490);
                                                            $45.5 million (NAICS
                                                            532411).
Nondepository CDFIs...............  522390, 523910,        $9.5 million (NAICS               139             132
                                     813410, 522310.        813410); $15 million
                                                            (NAICS 522310); $47
                                                            million (NAICS
                                                            523910, 522390).
Farm Credit System members........  522299...............  $47 million..........              71              31
Governmental Lending Entities.....  NA...................  Population below                   70               0
                                                            50,000.
----------------------------------------------------------------------------------------------------------------

    The following paragraphs describe the categories of entities that 
the Bureau expects would be affected by the final rule.
    Depository institutions (banks and credit unions): The Bureau 
estimates that there are about 1,900 banks, savings associations, and 
credit unions engaged in small business lending that originate enough 
covered transactions to be covered by the final rule.\977\ These 
companies potentially fall into four different industry categories, 
including ``Commercial Banking'' (NAICS 522110), ``Savings 
Institutions'' (NAICS 522120), ``Credit Unions'' (NAICS 522130), and 
``Credit Card Issuing'' (NAICS 522210). All of these industries have a 
size standard threshold of $850 million in assets. The Bureau estimates 
that about 1,000 of these institutions are small entities according to 
this threshold. See part IX.D above for more detail on how the Bureau 
arrived at these estimates.
---------------------------------------------------------------------------

    \977\ The Bureau notes that the category of depository 
institutions also includes CDFIs that are also depository 
institutions.
---------------------------------------------------------------------------

    Online lenders and merchant cash advance providers: As discussed in 
more detail in part II.D above, the Bureau estimates that there are 
about 100 fintech lenders and merchant cash advance providers engaged 
in small business lending that originate enough covered transactions to 
be covered by the final rule. These companies span multiple industries, 
including ``All Other Nondepository Credit Intermediation'' (NAICS 
522298), ``Consumer Lending'' (NAICS 522291), ``Financial Transactions, 
Processing, Reserve, and Clearinghouse Activities'' (NAICS 522320), and 
``Data Processing, Housing and Related Services'' (NAICS 518210). All 
of these industries have a size standard threshold of $40 million in 
sales (NAICS 518210) or $47 million in sales (all other NAICS). The 
Bureau assumes that about 90 percent, or 90, of these entities are 
small according to these size standards.
    Commercial finance companies: As discussed in more detail in part 
II.D above, the Bureau estimates that there are about 240 commercial 
finance companies, including captive and independent financing, engaged 
in small business lending that originate enough covered credit 
transactions to be covered by the final rule. These companies span 
multiple industries, including ``Software Publishers'' (NAICS 513210), 
``Commercial Air, Rail, and Water Transportation Equipment Rental and 
Leasing'' (NAICS 532411), ``Other Commercial and Industrial Machinery 
and Equipment Rental and Leasing'' (NAICS 532490), ``Sales financing'' 
(NAICS 522220) and ``Consumer Lending'' (NAICS 522291). These 
industries have size standard thresholds of $47 million in sales (NAICS 
513210, 522220, 522291), $45.5

[[Page 35523]]

million in sales (NAICS 532411), or $40 million in sales (NAICS 
532490). The Bureau assumes that about 90 percent, or 216, commercial 
finance companies are small according to these size standards.
    Nondepository CDFIs: As discussed in more detail in part II.D 
above, the Bureau estimates that there are 139 nondepository CDFIs 
engaged in small business lending that originate enough covered credit 
transactions to be covered by the final rule. CDFIs generally fall into 
``Activities Related to Credit Intermediation (Including Loan 
Brokers)'' (NAICS 522390), ``Miscellaneous Intermediation'' (NAICS 
523910), ``Civic and Social Organizations'' (NAICS 813410), and 
``Mortgage and Nonmortgage Loan Brokers'' (NAICS 522310). These 
industries have size standard thresholds of $9.5 million in sales 
(NAICS 813410), $15 million in sales (NAICS 522310), and $47 million in 
sales (NAICS 522390, 523910). The Bureau assumes that about 95 percent, 
or 132, nondepository CDFIs are small entities.
    Farm Credit System members: The Bureau estimates that there are 71 
members of the Farm Credit System (banks and associations) that are 
engaged in small business lending and that originate enough covered 
credit transactions to be covered by the final rule.\978\ These 
institutions are in the ``International, Secondary Market, and All 
Other Credit Intermediation'' (NAICS 522299) industry. The size 
standard for this industry is $47 million in sales. The Bureau 
estimates that 18 members of the Farm Credit System are small entities.
---------------------------------------------------------------------------

    \978\ Fed. Farm Credit Banks Funding Corp., Farm Credit 2019 
Annual Information Statement of the Farm Credit System, at 7 (Feb. 
28, 2020), https://www.farmcreditfunding.com/ffcb_live/serve/public/pressre/finin/report.pdf?assetId=395570. The Bureau notes that Farm 
Credit System banks do not report FFIEC Call Reports and are thus 
not counted in the number of banks and savings associations 
discussed above. To estimate the number of small Farm Credit System 
members, the Bureau considered FCA Call Reports and Young, 
Beginning, and Small Farmers Reports for all Farm Credit System 
members as of December 31, 2019. The reports can be found at https://reports.fca.gov/CRS/. A Farm Credit System is covered if it 
reported more than 100 total number of loans on its Young, 
Beginning, and Small Farmers Report in 2019. A Farm Credit System 
member is considered small if its net interest income plus total 
non-interest income is less than $41.5 million.
---------------------------------------------------------------------------

    Governmental lending entities: As discussed in more detail in part 
II.D above, the Bureau estimates that there are about 70 governmental 
lending entities engaged in small business lending that originate 
enough covered credit transactions to be covered by the final rule. 
``Small governmental jurisdictions'' are the governments of cities, 
counties, towns, townships, villages, school districts, or special 
districts, with a population of less than fifty thousand. The Bureau 
assumes that none of the governmental lending entities covered by the 
final rule are considered small.
E. Projected Reporting, Recordkeeping, and Other Compliance 
Requirements of the Final Rule, Including an Estimate of the Classes of 
Small Entities Which Will Be Subject to the Requirement and the Type of 
Professional Skills Necessary for the Preparation of the Report or 
Record
    Reporting requirements. ECOA section 704B(f)(1) provides that 
``[t]he data required to be compiled and maintained under [section 
1071] by any financial institution shall be submitted annually to the 
Bureau.'' Section 1071 requires financial institutions to collect and 
report information regarding any application for ``credit'' made by 
women-owned, minority-owned, and small businesses. In its rule to 
implement section 1071, the Bureau is not covering the following 
transactions: leases, factoring, consumer-designated credit used for 
business purposes, HMDA-reportable transactions, insurance premium 
financing, trade credit, public utilities credit, securities credit, 
and incidental credit.
    Under the final rule, financial institutions would be required to 
report data on small business credit applications if they originated at 
least 100 covered transactions in each of the previous two calendar 
years. The Bureau is requiring that data collection occur on a 
calendar-year basis and submitted to the Bureau by the following June 
1. Under the final rule, covered financial institutions are required to 
collect and report the following data points: (1) a unique identifier, 
(2) application date, (3) application method, (4) application 
recipient, (5) credit type, (6) credit purpose, (7) amount applied for, 
(8) amount approved or originated, (9) action taken, (10) action taken 
date, (11) denial reasons, (12) pricing information, (13) census tract, 
(14) gross annual revenue, (15) NAICS code, (16) number of workers, 
(17) time in business, (18) minority-owned business status, women-owned 
business status, and LGBTQI+-owned business status, (19) ethnicity, 
race, and sex of principal owners, and (20) the number of principal 
owners. The section-by-section analyses in part V above discuss the 
required data points and the scope of the final rule in greater detail.
    Recordkeeping requirements. ECOA section 704B(f)(2)(A) requires 
that information compiled and maintained under section 1071 be 
``retained for not less than 3 years after the date of preparation.'' 
The Bureau is requiring that financial institutions retain 1071 data 
for at least three years after it is submitted to the Bureau. In 
accordance with 704B(e)(3), the Bureau is also instituting a 
prohibition on including certain personally identifiable information 
about any individuals associated with small business applicants in the 
data that a financial institution is required to compile, maintain, and 
report to the Bureau, other than information specifically required to 
be collected and reported (such as the ethnicity, race, and sex of 
principal owners and whether the business is women-owned, minority-
owned, or LGBTQI+-owned). Financial institutions must, unless subject 
to an exception, limit the access of certain officers and employees to 
applicants' responses to the inquiries regarding women-owned, minority-
owned, and LGBTQI+-owned business status, as well as the ethnicity, 
race, and sex of principal owners. In addition, applicants' responses 
to the inquiries regarding women-owned, minority-owned, and LGBTQI+-
owned business status, as well as the ethnicity, race, and sex of 
principal owners, must be maintained separately from the application 
and accompanying information.
    Costs to small entities. The Bureau expects that the proposed rule 
may impose one-time and ongoing costs on small-entity providers of 
credit to small businesses. The Bureau has identified eight categories 
of one-time costs that make up the components necessary for a financial 
institution to develop the infrastructure to collect and report data 
required by the rule. Those categories are preparation/planning; 
updating computer systems; testing/validating systems; developing 
forms/applications; training staff and third parties (such as dealers 
and brokers); developing policies/procedures; legal/compliance review; 
and post-implementation review of compliance policies and procedures. 
The Bureau conducted a survey regarding potential one-time 
implementation costs for section 1071 compliance targeted at financial 
institutions who extend small business credit. The Bureau used the 
results of this survey to estimate the one-time costs for financial 
institutions covered by the proposed rule using the methodology 
described in part VIII.E.1 above. The Bureau estimates that depository 
institutions with the lowest level of complexity in compliance

[[Page 35524]]

operations (i.e., Type A DIs) would incur one-time costs of $63,825, 
including expected hiring costs. The Bureau estimates that depository 
institutions with a middle level of complexity in compliance operations 
(i.e., Type B DIs) would incur one-time costs of $49,225, including 
expected hiring costs. The Bureau estimates that depository 
institutions with the highest level of complexity in compliance 
operations (i.e., Type C DIs) would incur one-time costs of $91,075, 
including expected hiring costs. Finally, the Bureau estimates that 
Non-DIs would incur one-time costs of $105,250, including the costs of 
hiring two additional staff.
    The Bureau estimates that the overall market impact of one-time 
costs for small depository institutions will be between $56,000,000 and 
$67,000,000.\979\ The Bureau estimates that the overall market impact 
of one-time costs for Non-DIs will be about $45,000,000.
---------------------------------------------------------------------------

    \979\ The Bureau notes that the variation in this range comes 
primarily from the uncertainty in the number of originations made by 
small banks and savings associations. The range does not fully 
account for the uncertainty associated with estimates of the one-
time costs for each type of institution.
---------------------------------------------------------------------------

    Adapting ongoing cost methodology from previous HMDA rulemaking 
efforts, the Bureau identified 15 specific data collection and 
reporting activities that would impose ongoing costs to financial 
institutions covered by the rule.\980\ The Bureau estimates that 
representative financial institutions with the lowest level of 
complexity in compliance operations (i.e., Type A FIs) would incur 
around $8,349 in total annual ongoing costs, or about $83 in total cost 
per application processed (assuming a representative 100 applications 
per year). For financial institutions of this type, the largest drivers 
of the ongoing costs are activities that require employee time to 
complete. Activities like transcribing data, transferring data to the 
data management software, standard edits and internal checks, and 
training all require loan officer time. The Bureau estimates that 
financial institutions with a middle level of complexity in compliance 
operations (i.e., Type B FIs), which are somewhat automated, would 
incur approximately $40,079 in additional ongoing costs per year, or 
around $100 per application (assuming a representative 400 applications 
per year). The largest components of this ongoing cost are the expenses 
of the small business application management software and geocoding 
software (in the form of an annual software subscription fee) and the 
external audit of the data. The Bureau estimates that financial 
institutions with the highest level of complexity in compliance 
operations (i.e., Type C FIs), which are significantly automated, would 
incur approximately $278,618 in additional ongoing costs per year, or 
around $46 per application (assuming a representative 6,000 
applications per year). The largest components of this ongoing cost are 
the cost of an internal audit, transcribing data, and annual edits and 
internal checks.
---------------------------------------------------------------------------

    \980\ The Bureau applied the same methodology for the ongoing 
costs for small entities as that found in part IX.E.2 above.
---------------------------------------------------------------------------

    The Bureau estimates that the overall market impact of ongoing 
costs for small entities will be between $83,000,000 and $96,000,000 
per year.
    Estimate of the classes of small entities that will be subject to 
the requirement and the type of professional skills necessary for the 
preparation of the report or record. Section 603(b)(4) of the RFA also 
requires an estimate of the type of professional skills necessary for 
the preparation of the reports or records. The recordkeeping and 
compliance requirements of the final rule that would affect small 
entities are summarized above. Based on outreach with financial 
institutions, vendors, and governmental agency representatives, the 
Bureau classified the operational activities that financial 
institutions would likely use for section 1071 data collection and 
reporting into 15 operational ``tasks'' which can be further grouped 
into four ``primary tasks.'' These are:
    1. Data collection: Transcribing data, resolving reportability 
questions, and transferring data to a 1071 data management system.
    2. Reporting and resubmission: Geocoding, standard annual edit and 
internal checks, researching questions, resolving question responses, 
checking post-submission edits, filing post-submission documents, and 
using vendor data management software.
    3. Compliance and internal audits: Training, internal audits, and 
external audits.
    4. Section 1071-related exams: Exam preparation and exam 
assistance.
    All these tasks are related to the preparation of reports or 
records and most of them are performed by compliance personnel in the 
compliance department of financial institutions. For some financial 
institutions, however, the data intake and transcribing stage could 
involve loan officers or processors whose primary function is to 
evaluate or process loan applications. For example, at some financial 
institutions the loan officers would take in information from the 
applicant to complete the application and input that information into 
the reporting system. However, the Bureau believes that such roles 
generally do not require any additional professional skills related for 
the recordkeeping or other compliance requirements of this final rule 
that are not otherwise required during the ordinary course of business 
for small entities. The Bureau also notes that small nondepository 
institutions might not be subject to fair lending exams and might, 
therefore, have reduced costs.
    The type of professional skills required for compliance varies 
depending on the particular task involved. For example, data 
transcribing requires data entry skills. Transferring data to a data 
entry system and using vendor data management software requires 
knowledge of computer systems and the ability to use them. Researching 
and resolving reportability questions requires a more complex 
understanding of the regulatory requirements and the details of the 
relevant line of business. Geocoding requires skills in using the 
geocoding software, web systems, or, in cases where geocoding is 
difficult, knowledge of the local area in which the property is 
located. Standard annual editing, internal checks, and post-submission 
editing require knowledge of the relevant data systems, data formats, 
and section 1071 regulatory requirements in addition to skills in 
quality control and assurance. Filing post-submission documents 
requires skills in information creation, dissemination, and 
communication. Training, internal audits, and external audits require 
communications skills, educational skills, and regulatory knowledge. 
Section 1071-related exam preparation and exam assistance involve 
knowledge of regulatory requirements, the relevant line of business, 
and the relevant data systems.
    The Standard Occupational Classification code has compliance 
officers listed under code 13-1041. The Bureau believes that most of 
the skills required for preparation of the reports or records related 
to this rule are the skills required for job functions performed in 
this occupation. However, the Bureau recognizes that under this general 
occupational code there is a high level of heterogeneity in the type of 
skills required as well as the corresponding labor costs incurred by 
the financial institutions performing these functions. During the 
SBREFA process, some small entity representatives noted that, for 
instance, high-level corporate officers

[[Page 35525]]

such as CEOs and senior vice presidents could be directly involved in 
some regulatory tasks. The Bureau acknowledges the possibility that 
certain aspects of the final rule may require some small entities to 
hire additional compliance staff. The Bureau received many comments on 
its proposal that asserted that industry participants would have to 
hire additional employees to comply with the rule. The Bureau made 
changes to its estimates of one-time costs to reflect the additional 
one-time cost of hiring new staff. Compliance with the final rule may 
emphasize certain skills. For example, new data points may increase 
demand for skills involved in researching questions, standard annual 
editing, and post-submission editing. Nevertheless, the Bureau believes 
that compliance would still involve the general set of skills 
identified above. The recordkeeping and reporting requirements 
associated with the final rule would also involve skills for 
information technology system development, integration, and 
maintenance. Financial institutions required to report data under HMDA 
often use data management systems called HMDA Management Systems for 
existing regulatory purposes. A similar software for reporting the data 
required under the final rule could be developed by the institution 
internally or purchased from a third-party vendor. It is possible that 
other systems used by financial institutions, such as loan origination 
systems, might also need to be upgraded to capture new data fields 
required to be collected and reported under the final rule. The 
professional skills required for this one-time upgrade would be related 
to software development, testing, system engineering, information 
technology project management, budgeting and operation.
F. Description of the Steps the Agency Has Taken To Minimize the 
Significant Economic Impact on Small Entities Consistent With the 
Stated Objectives of Applicable Statutes, Including a Statement of the 
Factual, Policy, and Legal Reasons for Selecting the Alternative 
Adopted in the Final Rule and Why Each One of the Other Significant 
Alternatives to the Rule Considered by the Agency Which Affect the 
Impact on Small Entities Was Rejected; and for a Covered Agency, as 
Defined in Section 609(d)(2), a Description of the Steps the Agency Has 
Taken To Minimize Any Additional Cost of Credit for Small Entities
    In drafting this final rule, the Bureau considered multiple 
financial institution reporting thresholds. In particular, the Bureau 
considered whether to exempt financial institutions with fewer than 25, 
50, 200, or 500 originations of covered credit transactions for small 
businesses in each of the two preceding calendar years, instead of 100 
originations as finalized. The Bureau also considered whether to exempt 
depository institutions with assets under $100 million or $200 million 
from section 1071's data collection and reporting requirements. The 
Bureau expects that some burden reduction will result from the higher 
threshold of 100 loans.
    The following table shows the estimated impact that different 
reporting thresholds the Bureau considered would have had on financial 
institution coverage. For the purposes of considering the asset-based 
threshold alternatives, the Bureau estimates how institutional coverage 
and costs would be different if the Bureau required a 25-origination 
threshold in addition to an asset-based threshold for depository 
institutions. For the asset-based threshold alternatives, the Bureau 
assumes that the alternative proposal would have been that a depository 
institution would be required to report its small business lending 
activity for 2019 if it had more than 25 originations in both 2017 and 
2018 and had assets over the asset-based threshold on December 31, 
2018. The Bureau further assumes that if two institutions merged in 
2019 then the resulting institution would be required to report if the 
sum of the separate institutions' assets on December 31, 2018 exceeded 
the asset-based threshold.

  Table 20--Estimated Impact of Different Reporting Thresholds on the Number and Percentage of Small Depository
                                              Institutions Covered
----------------------------------------------------------------------------------------------------------------
                                                                    Number of small
                     Threshold considered                       depository institutions   % of small depository
                                                                        covered            institutions covered
----------------------------------------------------------------------------------------------------------------
25 originations...............................................              2,900-3,000                    32-33
50 originations...............................................              1,900-2,100                    21-23
100 originations..............................................              1,000-1,100                    11-12
200 originations..............................................                  400-500                      4-6
500 originations..............................................                   50-100                    0.6-1
25 originations AND $100 million in assets....................              2,400-2,500                    26-28
25 originations AND $200 million in assets....................              1,600-1,700                    18-19
----------------------------------------------------------------------------------------------------------------

    Further, the Bureau is finalizing several data points pursuant to 
its authority under ECOA section 704B(e)(2)(H) that is has concluded 
would help the data collection fulfill the purposes of section 1071: 
application method, application recipient, pricing, number of principal 
owners, NAICS code, number of workers, and time in business.
    During the SBREFA process, small entity representatives provided 
detailed feedback on the data points that the Bureau was considering 
proposing pursuant to ECOA section 704B(e)(2)(H).\981\ One small entity 
representative stated that the cost of collecting and reporting such 
data points under consideration would be significant, and another 
stated that the Bureau should include as few data points as possible to 
avoid unnecessary costs. Another small entity representative stated 
that the Bureau should finalize a rule with just the data points 
enumerated in 704B(e)(2)(A) through (G) and avoid adding any additional 
data points. Other small entity representatives favored or opposed the 
inclusion of some or all of the individual data points under 
consideration during the SBREFA process. Many industry commenters and 
SBA Office of Advocacy opposed the collection of any data points 
pursuant to section 704B(e)(2)(H). These commenters stated that such 
data points would be burdensome to collect and report, while some, 
particularly the

[[Page 35526]]

pricing data point, could be subject to misinterpretation by data 
users.
---------------------------------------------------------------------------

    \981\ The small entity representative feedback discussed herein 
can be found in the SBREFA Panel Report at 30-32.
---------------------------------------------------------------------------

    The Bureau understands that certain data points may introduce 
additional burden to small entities. However, the Bureau has determined 
that these data points would aid in fulfilling the statutory purposes 
of section 1071--facilitating enforcement of fair lending laws and 
enabling communities, governmental entities, and creditors to identify 
business and community development needs and opportunities of women-
owned, minority-owned, and small businesses.
    Three types of costs (one-time, fixed ongoing, and variable 
ongoing) have the potential to influence the price and availability of 
credit to small businesses. In a competitive marketplace, standard 
microeconomics suggests that lenders will extend loans up to the point 
at which the value of granting an additional loan is equal to the 
additional cost associated with the financial institution providing the 
loan. One-time costs and fixed ongoing costs affect the overall 
profitability of a lender's loan portfolio but do not affect the 
profitability of extending an additional loan. Variable ongoing costs, 
however, affect the profitability of each additional loan and will 
influence the number of loans a lender provides. Based on the Bureau's 
available evidence, it expects that the variable ongoing costs to 
comply with the proposed rule will be passed on in full to small 
business credit applicants in the form of higher prices or fees to 
small businesses.
    In the One-Time Cost Survey, the Bureau asked respondents to rank a 
list of potential actions they may take in response to the compliance 
costs of implementing section 1071.\982\ Respondents ranked the 
following list: ``Raise rates or fees on small business products''; 
``Raise rates/fees on other credit products''; ``Accept lower 
profits''; ``Exit some geographic markets''; ``Tighten underwriting 
standards''; ``Offer fewer or less complex products''; ``No longer 
offer small business credit products''; or ``Other'' with two write-in 
options. Respondents ranked these options from ``1'' to ``9'' 
indicating their most to least likely responses. Respondents also had 
the opportunity to write in their own responses. Consistent with 
economic theory, respondents reported that they would be most likely to 
raise rates or fees on small business products and other credit 
products. On average, respondents reported that they would be least 
likely to exit some geographic markets or cease offering small business 
credit products. Accordingly, the Bureau expects the likely impact of 
the rule on the cost of credit to small entities to be higher rates and 
fees because financial institutions pass on the variable ongoing costs 
of the required data collection. The Bureau estimates that $32, $26, 
and $7.50 in variable costs would be passed through per application to 
Type A, B, and C FIs, respectively. To put these values in context, the 
Bureau estimates that the per application net income is in a range of 
$66,000-$83,000; $33,000-$38,000; and $83,000-$92,000 for covered banks 
and savings associations of Types A, B, and C, respectively.
---------------------------------------------------------------------------

    \982\ See One-Time Cost Survey at 11.
---------------------------------------------------------------------------

    The Bureau also carefully considered the rule's potential impact on 
small entities in its decision related to transactional scope. For 
example, the Bureau is not covering trade credit in its 1071 final rule 
because it believes that trade credit is categorically different from 
products like loans, lines of credit, credit cards, and merchant cash 
advances and that there are several reasons to exclude it from 
coverage. As discussed in the section-by-section analysis of Sec.  
1002.104(b)(1), one such reason is that the Bureau understands that 
trade credit can be offered by entities that are themselves very small 
businesses; these entities, in particular, may incur large costs 
relative to their size to collect and report 1071 data in an accurate 
and consistent manner.\983\ The Bureau is also adding new Sec.  
1002.104(b)(5) to exclude all HMDA reportable transactions (i.e., 
covered loans as defined by Regulation C, 12 CFR 1003.2(e)). The Bureau 
is finalizing this exclusion of HMDA-reportable transactions in order 
to alleviate concerns from a broad range of industry commenters, 
including small entities, about the difficulties associated with dual 
reporting, particularly in light of potential inconsistences related to 
demographic data collection and recordkeeping. Moreover, the final rule 
makes clear that the term covered credit transaction does not include 
consumer-designated credit used for business or agricultural purposes, 
because such transactions are not business credit. The Bureau believes 
that this interpretation will reduce burden for financial institutions 
(including smaller ones) that offer only consumer-designated credit.
---------------------------------------------------------------------------

    \983\ See Leora Klapper et al., Trade Credit Contracts, 25(3) 
Review of Fin. Studies 838-67 (2012), https://academic.oup.com/rfs/article/25/3/838/1616515, and Justin Murfin & Ken Njoroge, The 
Implicit Costs of Trade Credit Borrowing by Large Firms, 28(1) 
Review of Fin. Studies 112-45 (2015) https://academic.oup.com/rfs/article/28/1/112/1681329.
---------------------------------------------------------------------------

    In response to the suggestion to exempt agricultural lending 
because of the impact on small local community financial institutions, 
such as credit unions, the Bureau is not defining a ``covered credit 
transaction'' in a way that would exclude agricultural credit from the 
final rule. As detailed in the section-by-section analysis of Sec.  
1002.104(a), the Bureau believes that covering agricultural credit in 
this rulemaking is important for both of section 1071's statutory 
purposes. The Bureau does note, however, that it is increasing its 
institutional coverage threshold, as discussed above, to minimize 
compliance costs for smaller financial institutions with lower lending 
volumes.
    The Bureau believes that its adoption of a simplified small 
business definition better meets the needs of small entities. The final 
rule provides that a business is a small business if its gross annual 
revenue for its preceding fiscal year is $5 million or less. As 
discussed in the section-by-section analysis of Sec.  1002.106(b)(1), 
the Bureau believes that this approach addresses the concerns that the 
Bureau has heard (during the SBREFA process and in response to the 
NPRM) with respect to determining whether applicants are small 
businesses for purposes of complying with section 1071, particularly 
with respect to the concerns regarding determining the applicant's 
NAICS code.

XI. Paperwork Reduction Act

    Under the Paperwork Reduction Act of 1995 (PRA),\984\ Federal 
agencies are generally required to seek approval from the Office of 
Management and Budget (OMB) for information collection requirements 
prior to implementation. Under the PRA, the Bureau may not conduct nor 
sponsor, and, notwithstanding any other provision of law, a person is 
not required to respond to, an information collection unless the 
information collection displays a valid control number assigned by OMB.
---------------------------------------------------------------------------

    \984\ 44 U.S.C. 3501 et seq.
---------------------------------------------------------------------------

    As part of its continuing effort to reduce paperwork and respondent 
burden, the Bureau conducted a preclearance consultation program to 
provide the general public and Federal agencies with an opportunity to 
comment on the information collection requirements in accordance with 
the PRA. This helps ensure that the public understands the Bureau's 
requirements or instructions, respondents can provide the requested 
data in the desired format,

[[Page 35527]]

reporting burden (time and financial resources) is minimized, 
information collection instruments are clearly understood, and the 
Bureau can properly assess the impact of information collection 
requirements on respondents. The Bureau conducted several rounds of 
message, form, and user testing that were approved under OMB control 
number 3170-0022 after appropriate public notice and a 30-day comment 
period.
    The final rule amends 12 CFR part 1002 (Regulation B), which 
implements ECOA. The Bureau's OMB control number for Regulation B is 
3170-0013. This final rule will revise the information collection 
requirements contained in Regulation B that OMB has approved under that 
OMB control number.
    Under the rule, the Bureau adds four information collection 
requirements to Regulation B:
    1. Compilation of reportable data (Sec.  1002.107), including a 
notice requirement (in Sec.  1002.107(a)(18) and (19)).
    2. Reporting data to the Bureau (Sec.  1002.109).
    3. Firewall notice requirement (Sec.  1002.108(d)).
    4. Recordkeeping (Sec.  1002.111).
    The information collection requirements in this final rule are 
mandatory. Certain data fields will be modified or deleted by the 
Bureau, in its discretion, to advance a privacy interest before the 
1071 data are made available to the public (as permitted by section 
1071 and the Bureau's final rule). The data that are not modified or 
deleted will be made available to the public. The rest of the data will 
be considered confidential if the information:
     Identifies any applicants or natural persons who might not 
be applicants (e.g., owners of a business where a legal entity is the 
applicant); or
     Implicates the relevant privacy interests of applicants, 
related natural persons, or financial institutions.
    The collections of information contained in this rule, and 
identified as such, have been submitted to OMB for review under section 
3507(d) of the PRA. A complete description of the information 
collection requirements (including the burden estimate methods) is 
provided in the information collection request that the Bureau has 
submitted to OMB under the requirements of the PRA. The information 
collection request submitted to OMB requesting approval under the PRA 
for the information collection requirements contained herein is 
available at www.regulations.gov as well as on OMB's public-facing 
docket at www.reginfo.gov.
    Title of Collection: Regulation B: Equal Credit Opportunity Act.
    OMB Control Number: 3170-0013.
    Type of Review: Revision of a currently approved collection.
    Affected Public: Private Sector; Federal and State Governments.
    Estimated Number of Respondents: 2,470 (subpart B only).
    Estimated Total Annual Burden Hours: 8,302,000 (subpart B only).
    The Bureau will publish a separate Federal Register notice once OMB 
concludes its review announcing OMB approval of the information 
collections contained in this final rule.
    In the NPRM, the Bureau invited comments on: (a) Whether the 
collection of information is necessary for the proper performance of 
the functions of the Bureau, including whether the information will 
have practical utility; (b) the accuracy of the Bureau's estimate of 
the burden of the collection of information, including the validity of 
the methods and the assumptions used; (c) ways to enhance the quality, 
utility, and clarity of the information to be collected; and (d) ways 
to minimize the burden of the collection of information on respondents, 
including through the use of automated collection techniques or other 
forms of information technology.
    No comments pertaining specifically to this section were received. 
The other comments on the rule generally are summarized above.

XII. Congressional Review Act

    Pursuant to the Congressional Review Act,\985\ the Bureau will 
submit a report containing this rule and other required information to 
the U.S. Senate, the U.S. House of Representatives, and the Comptroller 
General of the United States at least 60 days prior to the rule's 
published effective date. The Office of Information and Regulatory 
Affairs has designated this rule as a ``major rule'' as defined by 5 
U.S.C. 804(2).
---------------------------------------------------------------------------

    \985\ 5 U.S.C. 801 et seq.
---------------------------------------------------------------------------

List of Subjects in 12 CFR Part 1002

    Banks, banking, Civil rights, Consumer protection, Credit, Credit 
unions, Marital status discrimination, National banks, Penalties.

Authority and Issuance

    For the reasons set forth in the preamble, the Bureau amends 
Regulation B, 12 CFR part 1002, as set forth below:

PART 1002--EQUAL CREDIT OPPORTUNITY ACT (REGULATION B)

0
1. The authority citation for part 1002 is revised to read as follows:

    Authority: 12 U.S.C. 5512, 5581; 15 U.S.C. 1691b. Subpart B is 
also issued under 15 U.S.C. 1691c-2.


0
2. Designate Sec. Sec.  1002.1 through 1002.16 as subpart A under the 
following heading:

Subpart A--General


Sec.  1002.1  [Amended

0
3. In Sec.  1002.1 amend the second sentence of paragraph (a) by 
removing the phrase ``this part applies'' and adding in its place 
``this subpart applies''.


0
4. Section 1002.2 is amended by revising the introductory text to read 
as follows:


Sec.  1002.2  Definitions.

    For the purposes of this part, unless the context indicates 
otherwise or as otherwise defined in subpart B, the following 
definitions apply:
* * * * *

0
5. Section 1002.5 is amended by revising the introductory text of 
paragraph (a)(4) and adding paragraphs (a)(4)(vii) through (x) to read 
as follows:


Sec.  1002.5  Rules concerning requests for information.

    (a) * * *
    (4) Other permissible collection of information. Notwithstanding 
paragraph (b) of this section, a creditor may collect information under 
the following circumstances provided that the creditor collects the 
information in compliance with Sec.  1002.107(a)(18) and (19) and 
accompanying commentary, or appendix B to 12 CFR part 1003, as 
applicable:
* * * * *
    (vii) A creditor that was required to report small business lending 
data pursuant to Sec.  1002.109 for any of the preceding five calendar 
years but is not currently a covered financial institution under Sec.  
1002.105(b) may collect information pursuant to subpart B of this part 
for covered applications from small businesses as defined in Sec. Sec.  
1002.103 and 1002.106(b) regarding whether an applicant is a minority-
owned business, a women-owned business, or an LGBTQI+-owned business, 
and the ethnicity, race, and sex of the applicant's principal owners if 
it complies with the requirements for covered financial institutions 
pursuant to Sec. Sec.  1002.107(a)(18) and (19), 1002.108, 1002.111, 
and 1002.112 for that

[[Page 35528]]

application. Such a creditor is permitted, but not required, to report 
data to the Bureau collected pursuant to subpart B of this part if it 
complies with the requirements of subpart B as otherwise required for 
covered financial institutions pursuant to Sec. Sec.  1002.109 and 
1002.110.
    (viii) A creditor that exceeded the loan-volume threshold in the 
first year of the two-year threshold period provided in Sec.  
1002.105(b) may, in the second year, collect information pursuant to 
subpart B of this part for covered applications from small businesses 
as defined in Sec. Sec.  1002.103 and 1002.106(b) regarding whether an 
applicant is a minority-owned business, a women-owned business, or an 
LGBTQI+-owned business, and the ethnicity, race, and sex of the 
applicant's principal owners if it complies with the requirements for 
covered financial institutions pursuant to Sec. Sec.  1002.107(a)(18) 
and (19), 1002.108, 1002.111, and 1002.112 for that application. Such a 
creditor is permitted, but not required, to report data to the Bureau 
collected pursuant to subpart B of this part if it complies with the 
requirements of subpart B as otherwise required for covered financial 
institutions pursuant to Sec. Sec.  1002.109 and 1002.110.
    (ix) A creditor that is not currently a covered financial 
institution under Sec.  1002.105(b), and is not otherwise a creditor to 
which Sec.  1002.5(a)(4)(vii) or (viii) applies, may collect 
information pursuant to subpart B of this part for covered applications 
from small businesses as defined in Sec. Sec.  1002.103 and 1002.106(b) 
regarding whether an applicant for a covered credit transaction is a 
minority-owned business, a women-owned business, or an LGBTQI+-owned 
business, and the ethnicity, race, and sex of the applicant's principal 
owners for a transaction if it complies with the requirements for 
covered financial institutions pursuant to Sec. Sec.  1002.107 through 
1002.112 for that application.
    (x) A creditor that is collecting information pursuant to subpart B 
of this part or as described in paragraphs (a)(4)(vii) through (ix) of 
this section for covered applications from small businesses as defined 
in Sec. Sec.  1002.103 and 1002.106(b) regarding whether an applicant 
for a covered credit transaction is a minority-owned business, a women-
owned business, or an LGBTQI+-owned business, and the ethnicity, race, 
and sex of the applicant's principal owners may also collect that same 
information for any co-applicants provided that it also complies with 
the relevant requirements of subpart B of this part or as described in 
paragraphs (a)(4)(vii) through (ix) of this section with respect to 
those co-applicants.
* * * * *

0
6. Section 1002.12 is amended by revising paragraphs (b)(1) 
introductory text, (b)(2) introductory text, (b)(3), (4), and (5), and 
paragraph (b)(7) introductory text to read as follows:


Sec.  1002.12  Record retention.

* * * * *
    (b) * * * (1) Applications. For 25 months (12 months for business 
credit, except as provided in paragraph (b)(5) of this section or 
otherwise provided for in subpart B of this part) after the date that a 
creditor notifies an applicant of action taken on an application or of 
incompleteness, the creditor shall retain in original form or a copy 
thereof:
* * * * *
    (2) Existing accounts. For 25 months (12 months for business 
credit, except as provided in paragraph (b)(5) of this section or 
otherwise provided for in subpart B of this part) after the date that a 
creditor notifies an applicant of adverse action regarding an existing 
account, the creditor shall retain as to that account, in original form 
or a copy thereof:
* * * * *
    (3) Other applications. For 25 months (12 months for business 
credit, except as provided in paragraph (b)(5) of this section or 
otherwise provided for in subpart B of this part) after the date that a 
creditor receives an application for which the creditor is not required 
to comply with the notification requirements of Sec.  1002.9, the 
creditor shall retain all written or recorded information in its 
possession concerning the applicant, including any notation of action 
taken.
    (4) Enforcement proceedings and investigations. A creditor shall 
retain the information beyond 25 months (12 months for business credit, 
except as provided in paragraph (b)(5) of this section or otherwise 
provided for in subpart B) if the creditor has actual notice that it is 
under investigation or is subject to an enforcement proceeding for an 
alleged violation of the Act or this part, by the Attorney General of 
the United States or by an enforcement agency charged with monitoring 
that creditor's compliance with the Act and this part, or if it has 
been served with notice of an action filed pursuant to section 706 of 
the Act and Sec.  1002.16 of this part. The creditor shall retain the 
information until final disposition of the matter, unless an earlier 
time is allowed by order of the agency or court.
    (5) Special rule for certain business credit applications. With 
regard to a business that had gross revenues in excess of $1 million in 
its preceding fiscal year, or an extension of trade credit, credit 
incident to a factoring agreement, or other similar types of business 
credit, the creditor shall retain records for at least 60 days, except 
as otherwise provided for in subpart B, after notifying the applicant 
of the action taken. If within that time period the applicant requests 
in writing the reasons for adverse action or that records be retained, 
the creditor shall retain records for 12 months.
* * * * *
    (7) Prescreened solicitations. For 25 months after the date on 
which an offer of credit is made to potential customers (12 months for 
business credit, except as provided in paragraph (b)(5) of this section 
or otherwise provided for in subpart B), the creditor shall retain in 
original form or a copy thereof:
* * * * *

0
7. Subpart B is added to read as follows:
Subpart B--Small Business Lending Data Collection
Sec.
Sec.  1002.101 Authority, purpose, and scope.
Sec.  1002.102 Definitions.
Sec.  1002.103 Covered applications.
Sec.  1002.104 Covered credit transactions and excluded 
transactions.
Sec.  1002.105 Covered financial institutions and exempt 
institutions.
Sec.  1002.106 Business and small business.
Sec.  1002.107 Compilation of reportable data.
Sec.  1002.108 Firewall.
Sec.  1002.109 Reporting of data to the Bureau.
Sec.  1002.110 Publication of data and other disclosures.
Sec.  1002.111 Recordkeeping.
Sec.  1002.112 Enforcement.
Sec.  1002.113 Severability.
Sec.  1002.114 Effective date, compliance date, and special 
transitional rules.

Subpart B--Small Business Lending Data Collection


Sec.  1002.101  Authority, purpose, and scope.

    (a) Authority and scope. This subpart to Regulation B is issued by 
the Bureau pursuant to section 704B of the Equal Credit Opportunity Act 
(15 U.S.C. 1691c-2). Except as otherwise provided herein, this subpart 
applies to covered financial institutions, as defined in Sec.  
1002.105(b), other than a person excluded from coverage of this part by 
section 1029 of the Consumer Financial Protection Act of 2010, title X 
of the Dodd-Frank Wall Street Reform and Consumer Protection Act, 
Public Law 111-203, 124 Stat. 1376, 2004 (2010).
    (b) Purpose. This subpart implements section 704B of the Equal 
Credit

[[Page 35529]]

Opportunity Act, which Congress intended:
    (1) To facilitate enforcement of fair lending laws; and
    (2) To enable communities, governmental entities, and creditors to 
identify business and community development needs and opportunities of 
women-owned, minority-owned, and small businesses.


Sec.  1002.102  Definitions.

    In this subpart:
    (a) Affiliate means, with respect to a financial institution, any 
company that controls, is controlled by, or is under common control 
with, another company, as set forth in the Bank Holding Company Act of 
1956 (12 U.S.C. 1841 et seq.). With respect to a business or an 
applicant, affiliate shall have the same meaning as in 13 CFR 121.103.
    (b) Applicant means any person who requests or who has received an 
extension of business credit from a financial institution.
    (c) Business is defined in Sec.  1002.106(a).
    (d) Business credit shall have the same meaning as in Sec.  
1002.2(g).
    (e) Closed-end credit transaction means an extension of business 
credit that is not an open-end credit transaction under paragraph (n) 
of this section.
    (f) Covered application is defined in Sec.  1002.103.
    (g) Covered credit transaction is defined in Sec.  1002.104.
    (h) Covered financial institution is defined in Sec.  1002.105(b).
    (i) Credit shall have the same meaning as in Sec.  1002.2(j).
    (j) Financial institution is defined in Sec.  1002.105(a).
    (k) LGBTQI+ individual includes an individual who identifies as 
lesbian, gay, bisexual, transgender, queer, or intersex.
    (l) LGBTQI+-owned business means a business for which one or more 
LGBTQI+ individuals hold more than 50 percent of its ownership or 
control, and for which more than 50 percent of the net profits or 
losses accrue to one or more such individuals.
    (m) Minority-owned business means a business for which one or more 
American Indian or Alaska Native, Asian, Black or African American, 
Native Hawaiian or Other Pacific Islander, or Hispanic or Latino 
individuals hold more than 50 percent of its ownership or control, and 
for which more than 50 percent of the net profits or losses accrue to 
one or more such individuals.
    (n) Open-end credit transaction means an open-end credit plan as 
defined in Regulation Z, 12 CFR 1026.2(a)(20), but without regard to 
whether the credit is consumer credit, as defined in Sec.  
1026.2(a)(12), is extended by a creditor, as defined in Sec.  
1026.2(a)(17), or is extended to a consumer, as defined in Sec.  
1026.2(a)(11).
    (o) Principal owner means an individual who directly owns 25 
percent or more of the equity interests of a business.
    (p) Small business is defined in Sec.  1002.106(b).
    (q) Small business lending application register or register means 
the data reported, or required to be reported, annually pursuant to 
Sec.  1002.109.
    (r) State shall have the same meaning as in Sec.  1002.2(aa).
    (s) Women-owned business means a business for which more than 50 
percent of its ownership or control is held by one or more women, and 
more than 50 percent of its net profits or losses accrue to one or more 
women.


Sec.  1002.103  Covered applications.

    (a) Covered application. Except as provided in paragraph (b) of 
this section, covered application means an oral or written request for 
a covered credit transaction that is made in accordance with procedures 
used by a financial institution for the type of credit requested.
    (b) Circumstances that are not covered applications. A covered 
application does not include:
    (1) Reevaluation, extension, or renewal requests on an existing 
business credit account, unless the request seeks additional credit 
amounts.
    (2) Inquiries and prequalification requests.


Sec.  1002.104  Covered credit transactions and excluded transactions.

    (a) Covered credit transaction means an extension of business 
credit that is not an excluded transaction under paragraph (b) of this 
section.
    (b) Excluded transactions. The requirements of this subpart do not 
apply to:
    (1) Trade credit. A financing arrangement wherein a business 
acquires goods or services from another business without making 
immediate payment in full to the business providing the goods or 
services.
    (2) Home Mortgage Disclosure Act (HMDA)-reportable transactions. A 
covered loan, or application therefor, as defined by Regulation C, 12 
CFR 1003.2(e).
    (3) Insurance premium financing. A financing arrangement wherein a 
business agrees to pay to a financial institution, in installments, the 
principal amount advanced by the financial institution to an insurer or 
insurance producer in payment of premium on the business's insurance 
contract or contracts, plus charges, and, as security for repayment, 
the business assigns to the financial institution certain rights, 
obligations, and/or considerations (such as the unearned premiums, 
accrued dividends, or loss payments) in its insurance contract or 
contracts. Insurance premium financing does not include the financing 
of insurance policy premiums obtained in connection with the financing 
of goods and services.
    (4) Public utilities credit. Public utilities credit as defined in 
Sec.  1002.3(a)(1).
    (5) Securities credit. Securities credit as defined in Sec.  
1002.3(b)(1).
    (6) Incidental credit. Incidental credit as defined in Sec.  
1002.3(c)(1), but without regard to whether the credit is consumer 
credit, as defined in Sec.  1002.2(h).


Sec.  1002.105  Covered financial institutions and exempt institutions.

    (a) Financial institution means any partnership, company, 
corporation, association (incorporated or unincorporated), trust, 
estate, cooperative organization, or other entity that engages in any 
financial activity.
    (b) Covered financial institution means a financial institution 
that originated at least 100 covered credit transactions for small 
businesses in each of the two preceding calendar years.


Sec.  1002.106  Business and small business.

    (a) Business has the same meaning as the term ``business concern or 
concern'' in 13 CFR 121.105.
    (b) Small business definition--(1) Small business has the same 
meaning as the term ``small business concern'' in 15 U.S.C. 632(a), as 
implemented in 13 CFR 121.101 through 121.107. Notwithstanding the size 
standards set forth in 13 CFR 121.201, for purposes of this subpart, a 
business is a small business if its gross annual revenue, as defined in 
Sec.  1002.107(a)(14), for its preceding fiscal year is $5 million or 
less.
    (2) Inflation adjustment. Every 5 years after January 1, 2025, the 
gross annual revenue threshold set forth in paragraph (b)(1) of this 
section shall adjust based on changes to the Consumer Price Index for 
All Urban Consumers (U.S. city average series for all items, not 
seasonally adjusted), as published by the United States Bureau of Labor 
Statistics. Any adjustment that takes effect under this paragraph shall 
be rounded to the nearest multiple of $500,000. If an adjustment is to 
take

[[Page 35530]]

effect, it will do so on January 1 of the following calendar year.


Sec.  1002.107  Compilation of reportable data.

    (a) Data format and itemization. A covered financial institution 
shall compile and maintain data regarding covered applications from 
small businesses. The data shall be compiled in the manner prescribed 
herein and the Filing Instructions Guide for this subpart for the 
appropriate year. The data compiled shall include the items described 
in paragraphs (a)(1) through (20) of this section.
    (1) Unique identifier. An alphanumeric identifier, starting with 
the legal entity identifier of the financial institution, unique within 
the financial institution to the specific covered application, and 
which can be used to identify and retrieve the specific file or files 
corresponding to the application for or extension of credit.
    (2) Application date. The date the covered application was received 
or the date shown on a paper or electronic application form.
    (3) Application method. The means by which the applicant submitted 
the covered application directly or indirectly to the financial 
institution.
    (4) Application recipient. Whether the applicant submitted the 
covered application directly to the financial institution or its 
affiliate, or whether the applicant submitted the covered application 
indirectly to the financial institution via a third party.
    (5) Credit type. The following information regarding the type of 
credit applied for or originated:
    (i) Credit product. The credit product.
    (ii) Guarantees. The type or types of guarantees that were obtained 
for an extension of credit, or that would have been obtained if the 
covered credit transaction were originated.
    (iii) Loan term. The length of the loan term, in months, if 
applicable.
    (6) Credit purpose. The purpose or purposes of the credit applied 
for or originated.
    (7) Amount applied for. The initial amount of credit or the initial 
credit limit requested by the applicant.
    (8) Amount approved or originated. (i) For an application for a 
closed-end credit transaction that is approved but not accepted, the 
amount approved by the financial institution; or
    (ii) For a closed-end credit transaction that is originated, the 
amount of credit originated; or
    (iii) For an application for an open-end credit transaction that is 
originated or approved but not accepted, the amount of the credit limit 
approved.
    (9) Action taken. The action taken by the financial institution on 
the covered application, reported as originated, approved but not 
accepted, denied, withdrawn by the applicant, or incomplete.
    (10) Action taken date. The date of the action taken by the 
financial institution.
    (11) Denial reasons. For denied applications, the principal reason 
or reasons the financial institution denied the covered application.
    (12) Pricing information. The following information regarding the 
pricing of a covered credit transaction that is originated or approved 
but not accepted, as applicable:
    (i) Interest rate. (A) If the interest rate is fixed, the interest 
rate that is or would be applicable to the covered credit transaction; 
or
    (B) If the interest rate is adjustable, the margin, index value, 
initial rate period expressed in months (if applicable), and index name 
that is or would be applicable to the covered credit transaction;
    (ii) Total origination charges. The total amount of all charges 
payable directly or indirectly by the applicant and imposed directly or 
indirectly by the financial institution at or before origination as an 
incident to or a condition of the extension of credit, expressed in 
dollars;
    (iii) Broker fees. The total amount of all charges included in 
paragraph (a)(12)(ii) of this section that are fees paid by the 
applicant directly to a broker or to the financial institution for 
delivery to a broker, expressed in dollars;
    (iv) Initial annual charges. The total amount of all non-interest 
charges that are scheduled to be imposed over the first annual period 
of the covered credit transaction, expressed in dollars;
    (v) Additional cost for merchant cash advances or other sales-based 
financing. For a merchant cash advance or other sales-based financing 
transaction, the difference between the amount advanced and the amount 
to be repaid, expressed in dollars; and
    (vi) Prepayment penalties. (A) Notwithstanding whether such a 
provision was in fact included, whether the financial institution could 
have included a charge to be imposed for paying all or part of the 
transaction's principal before the date on which the principal is due 
under the policies and procedures applicable to the covered credit 
transaction; and
    (B) Notwithstanding the response to paragraph (a)(12)(vi)(A) of 
this section, whether the terms of the covered credit transaction do in 
fact include a charge imposed for paying all or part of the 
transaction's principal before the date on which the principal is due.
    (13) Census tract. The census tract in which is located:
    (i) The address or location where the proceeds of the credit 
applied for or originated will be or would have been principally 
applied; or
    (ii) If the information in paragraph (a)(13)(i) of this section is 
unknown, the address or location of the main office or headquarters of 
the applicant; or
    (iii) If the information in both paragraphs (a)(13)(i) and (ii) of 
this section is unknown, another address or location associated with 
the applicant.
    (iv) The financial institution shall also indicate which one of the 
three types of addresses or locations listed in paragraphs (a)(13)(i), 
(ii), or (iii) of this section the census tract is based on.
    (14) Gross annual revenue. The applicant's gross annual revenue for 
its preceding fiscal year.
    (15) NAICS code. A 3-digit North American Industry Classification 
System (NAICS) code for the applicant.
    (16) Number of workers. The number of non-owners working for the 
applicant.
    (17) Time in business. The time the applicant has been in business.
    (18) Minority-owned, women-owned, and LGBTQI+-owned business 
statuses. Whether the applicant is a minority-owned, women-owned, and/
or LGBTQI+-owned business. When requesting minority-owned, women-owned, 
and LGBTQI+-owned business statuses from an applicant, the financial 
institution shall inform the applicant that the financial institution 
cannot discriminate on the basis of minority-owned, women-owned, or 
LGBTQI+-owned business statuses, or on whether the applicant provides 
this information.
    (19) Ethnicity, race, and sex of principal owners. The ethnicity, 
race, and sex of the applicant's principal owners. When requesting 
ethnicity, race, and sex information from an applicant, the financial 
institution shall inform the applicant that the financial institution 
cannot discriminate on the basis of a principal owner's ethnicity, 
race, or sex, or on whether the applicant provides this information.
    (20) Number of principal owners. The number of the applicant's 
principal owners.
    (b) Reliance on and verification of applicant-provided data. Unless 
otherwise provided in this subpart, the financial institution may rely 
on information from the applicant, or appropriate third-party sources, 
when compiling data. If the financial institution verifies applicant-
provided data, however, it shall report the verified data.

[[Page 35531]]

    (c) Time and manner of collection--(1) In general. A covered 
financial institution shall not discourage an applicant from responding 
to requests for applicant-provided data under paragraph (a) of this 
section and shall otherwise maintain procedures to collect such data at 
a time and in a manner that are reasonably designed to obtain a 
response.
    (2) Applicant-provided data collected directly from the applicant. 
For data collected directly from the applicant, procedures that are 
reasonably designed to obtain a response shall include provisions for 
the following:
    (i) The initial request for applicant-provided data occurs prior to 
notifying an applicant of final action taken on a covered application;
    (ii) The request for applicant-provided data is prominently 
displayed or presented;
    (iii) The collection does not have the effect of discouraging an 
applicant from responding to a request for applicant-provided data; and
    (iv) Applicants can easily respond to a request for applicant-
provided data.
    (3) Procedures to monitor compliance. A covered financial 
institution shall maintain procedures to identify and respond to 
indicia of potential discouragement, including low response rates for 
applicant-provided data.
    (4) Low response rates. A low response rate for applicant-provided 
data may indicate discouragement or other failure by a covered 
financial institution to maintain procedures to collect applicant-
provided data that are reasonably designed to obtain a response.
    (d) Previously collected data. A covered financial institution is 
permitted, but not required, to reuse previously collected data to 
satisfy paragraphs (a)(13) through (20) of this section if:
    (1) To satisfy paragraphs (a)(13) and (a)(15) through (20) of this 
section, the data were collected within the 36 months preceding the 
current covered application, or to satisfy paragraph (a)(14) of this 
section, the data were collected within the same calendar year as the 
current covered application; and
    (2) The financial institution has no reason to believe the data are 
inaccurate.


Sec.  1002.108  Firewall.

    (a) Definitions. For purposes of this section, the following terms 
shall have the following meanings:
    (1) Involved in making any determination concerning a covered 
application from a small business means participating in a decision 
regarding the evaluation of a covered application from a small business 
or the creditworthiness of a small business applicant for a covered 
credit transaction.
    (2) Should have access means that an employee or officer may need 
to collect, see, consider, refer to, or otherwise use the information 
to perform that employee's or officer's assigned job duties.
    (b) Prohibition on access to certain information. Unless the 
exception under paragraph (c) of this section applies, an employee or 
officer of a covered financial institution or a covered financial 
institution's affiliate shall not have access to an applicant's 
responses to inquiries that the financial institution makes pursuant to 
this subpart regarding whether the applicant is a minority-owned 
business, a women-owned business, or an LGBTQI+-owned business under 
Sec.  1002.107(a)(18), and regarding the ethnicity, race, and sex of 
the applicant's principal owners under Sec.  1002.107(a)(19), if that 
employee or officer is involved in making any determination concerning 
that applicant's covered application.
    (c) Exception to the prohibition on access to certain information. 
The prohibition in paragraph (b) of this section shall not apply to an 
employee or officer if the financial institution determines that it is 
not feasible to limit that employee's or officer's access to an 
applicant's responses to the financial institution's inquiries under 
Sec.  1002.107(a)(18) or (19) and the financial institution provides 
the notice required under paragraph (d) of this section to the 
applicant. It is not feasible to limit access as required pursuant to 
paragraph (b) of this section if the financial institution determines 
that an employee or officer involved in making any determination 
concerning a covered application from a small business should have 
access to one or more applicants' responses to the financial 
institution's inquiries under Sec.  1002.107(a)(18) or (19).
    (d) Notice. In order to satisfy the exception set forth in 
paragraph (c) of this section, a financial institution shall provide a 
notice to each applicant whose responses will be accessed, informing 
the applicant that one or more employees or officers involved in making 
determinations concerning the covered application may have access to 
the applicant's responses to the financial institution's inquiries 
regarding whether the applicant is a minority-owned business, a women-
owned business, or an LGBTQI+-owned business, and regarding the 
ethnicity, race, and sex of the applicant's principal owners. The 
financial institution shall provide the notice required by this 
paragraph (d) when making the inquiries required under Sec.  
1002.107(a)(18) and (19) and together with the notices required 
pursuant to Sec.  1002.107(a)(18) and (19).


Sec.  1002.109  Reporting of data to the Bureau.

    (a) Reporting to the Bureau--(1) Annual reporting. (i) On or before 
June 1 following the calendar year for which data are compiled and 
maintained as required by Sec.  1002.107, a covered financial 
institution shall submit its small business lending application 
register in the format prescribed by the Bureau.
    (ii) An authorized representative of the covered financial 
institution with knowledge of the data shall certify to the accuracy 
and completeness of the data reported pursuant to this paragraph (a).
    (iii) When the last day for submission of data prescribed under 
paragraph (a)(1) of this section falls on a Saturday or Sunday, a 
submission shall be considered timely if it is submitted on the next 
succeeding Monday.
    (2) Reporting by subsidiaries. A covered financial institution that 
is a subsidiary of another covered financial institution shall complete 
a separate small business lending application register. The subsidiary 
shall submit its small business lending application register, directly 
or through its parent, to the Bureau.
    (3) Reporting obligations where multiple financial institutions are 
involved in a covered credit transaction. Where it is necessary for 
more than one financial institution to make a credit decision in order 
to approve a single covered credit transaction, only the last covered 
financial institution with authority to set the material terms of the 
covered credit transaction is required to report the application. 
Financial institutions report the actions of their agents.
    (b) Financial institution identifying information. A financial 
institution shall provide each of the following with its submission:
    (1) Its name.
    (2) Its headquarters address.
    (3) The name and business contact information of a person that the 
Bureau or other regulators may contact about the financial 
institution's submission.
    (4) Its Federal prudential regulator, if applicable.
    (5) Its Federal Taxpayer Identification Number (TIN).
    (6) Its Legal Entity Identifier (LEI).
    (7) Its Research, Statistics, Supervision, and Discount

[[Page 35532]]

identification (RSSD ID) number, if applicable.
    (8) Parent entity information, if applicable, including:
    (i) The name of the immediate parent entity;
    (ii) The LEI of the immediate parent entity, if available;
    (iii) The RSSD ID number of the immediate parent entity, if 
available;
    (iv) The name of the top-holding parent entity;
    (v) The LEI of the top-holding parent entity, if available; and
    (vi) The RSSD ID number of the top-holding parent entity, if 
available.
    (9) The type of financial institution that it is, indicated by 
selecting the appropriate type or types of institution from the list 
provided.
    (10) Whether the financial institution is voluntarily reporting 
covered applications from small businesses.
    (c) Procedures for the submission of data to the Bureau. The Bureau 
shall make available a Filing Instructions Guide, containing technical 
instructions for the submission of data to the Bureau pursuant to this 
section, as well as any related materials, at https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/.


Sec.  1002.110  Publication of data and other disclosures.

    (a) Publication of small business lending application registers and 
associated financial institution information. The Bureau shall make 
available to the public generally the data reported to it by financial 
institutions pursuant to Sec.  1002.109, subject to deletions or 
modifications made by the Bureau if the Bureau determines that the 
deletion or modification of the data would advance a privacy interest. 
The Bureau shall make such data available on an annual basis.
    (b) Publication of aggregate data. The Bureau may compile and 
aggregate data submitted by financial institutions pursuant to Sec.  
1002.109, and make any compilations or aggregations of such data 
publicly available as the Bureau deems appropriate.
    (c) Statement of financial institution's small business lending 
data available on the Bureau's website. A covered financial institution 
shall make available to the public on its website, or otherwise upon 
request, a statement that the covered financial institution's small 
business lending application register, as modified by the Bureau 
pursuant to Sec.  1002.110(a), is or will be available from the Bureau. 
A financial institution shall use language provided by the Bureau, or 
substantially similar language, to satisfy the requirement to provide a 
statement pursuant to this paragraph (c).
    (d) Availability of statements. A covered financial institution 
shall make the notice required by paragraph (c) of this section 
available to the public on its website when it submits a small business 
lending application register to the Bureau pursuant to Sec.  
1002.109(a)(1), and shall maintain the notice for as long as it has an 
obligation to retain its small business lending application registers 
pursuant to Sec.  1002.111(a).
    (e) Further disclosure prohibited--(1) Disclosure by a financial 
institution. A financial institution shall not disclose or provide to a 
third party the information it collects pursuant to Sec.  
1002.107(a)(18) and (19) except to further compliance with the Act or 
this part or as required by law.
    (2) Disclosure by a third party. A third party that obtains 
information collected pursuant to Sec.  1002.107(a)(18) and (19) for 
the purpose of furthering compliance with the Act or this part is 
prohibited from any further disclosure of such information except to 
further compliance with the Act or this part or as required by law.


Sec.  1002.111  Recordkeeping.

    (a) Record retention. A covered financial institution shall retain 
evidence of compliance with this subpart, which includes a copy of its 
small business lending application register, for at least three years 
after the register is required to be submitted to the Bureau pursuant 
to Sec.  1002.109.
    (b) Certain information kept separate from the rest of the 
application. A financial institution shall maintain, separately from 
the rest of the application and accompanying information, an 
applicant's responses to the financial institution's inquiries pursuant 
to this subpart regarding whether an applicant for a covered credit 
transaction is a minority-owned business, a women-owned business, and/
or an LGBTQI+-owned business under Sec.  1002.107(a)(18), and regarding 
the ethnicity, race, and sex of the applicant's principal owners under 
Sec.  1002.107(a)(19).
    (c) Limitation on personally identifiable information in certain 
records retained under this section. In reporting a small business 
lending application register pursuant to Sec.  1002.109, maintaining 
the register pursuant to paragraph (a) of this section, and maintaining 
a separate record of information pursuant to paragraph (b) of this 
section, a financial institution shall not include any name, specific 
address, telephone number, email address, or any other personally 
identifiable information concerning any individual who is, or is 
connected with, an applicant, other than as required pursuant to Sec.  
1002.107 or paragraph (b) of this section.


Sec.  1002.112  Enforcement.

    (a) Administrative enforcement and civil liability. A violation of 
section 704B of the Act or this subpart is subject to administrative 
sanctions and civil liability as provided in sections 704 (15 U.S.C. 
1691c) and 706 (15 U.S.C. 1691e) of the Act, where applicable.
    (b) Bona fide errors. A bona fide error in compiling, maintaining, 
or reporting data with respect to a covered application is one that was 
unintentional and occurred despite the maintenance of procedures 
reasonably adapted to avoid such an error. A bona fide error is not a 
violation of the Act or this subpart. A financial institution is 
presumed to maintain procedures reasonably adapted to avoid such errors 
with respect to a given data field if the number of errors found in a 
random sample of the financial institution's submission for the data 
field does not equal or exceed a threshold specified by the Bureau for 
this purpose in appendix F to this part. However, an error is not a 
bona fide error if either there is a reasonable basis to believe the 
error was intentional or there is evidence that the financial 
institution does not or has not maintained procedures reasonably 
adapted to avoid such errors.
    (c) Safe harbors--(1) Incorrect entry for application date. A 
financial institution does not violate the Act or this subpart if it 
reports on its small business lending application register an 
application date that is within three business days of the actual 
application date pursuant to Sec.  1002.107(a)(2).
    (2) Incorrect entry for census tract. An incorrect entry for census 
tract is not a violation of the Act or this subpart if the financial 
institution obtained the census tract by correctly using a geocoding 
tool provided by the FFIEC or the Bureau.
    (3) Incorrect entry for NAICS code. An incorrect entry for a 3-
digit NAICS code is not a violation of the Act or this subpart, 
provided that the financial institution obtained the 3-digit NAICS code 
by:
    (i) Relying on an applicant's representations or on an appropriate 
third-party source, in accordance with Sec.  1002.107(b), regarding the 
NAICS code; or
    (ii) Identifying the NAICS code itself, provided that the financial 
institution maintains procedures reasonably adapted to correctly 
identify a 3-digit NAICS code.

[[Page 35533]]

    (4) Incorrect determination of small business status, covered 
credit transaction, or covered application. A financial institution 
that initially collects data regarding whether an applicant for a 
covered credit transaction is a minority-owned business, a women-owned 
business, or an LGBTQI+-owned business, and the ethnicity, race, and 
sex of the applicant's principal owners pursuant to Sec.  
1002.107(a)(18) and (19) but later concludes that it should not have 
collected such data does not violate the Act or this regulation if the 
financial institution, at the time it collected this data, had a 
reasonable basis for believing that the application was a covered 
application for a covered credit transaction from a small business 
pursuant to Sec. Sec.  1002.103, 1002.104, and 1002.106, respectively. 
A financial institution seeking to avail itself of this safe harbor 
shall comply with the requirements of this subpart as otherwise 
required pursuant to Sec. Sec.  1002.107, 1002.108, and 1002.111 with 
respect to the collected data.


Sec.  1002.113  Severability.

    If any provision of this subpart, or any application of a 
provision, is stayed or determined to be invalid, the remaining 
provisions or applications are severable and shall continue in effect.


Sec.  1002.114  Effective date, compliance date, and special 
transitional rules.

    (a) Effective date. The effective date for this subpart is August 
29, 2023.
    (b) Compliance date. The dates by which covered financial 
institutions are initially required to comply with the requirements of 
this subpart are as follows:
    (1) A covered financial institution that originated at least 2,500 
covered credit transactions for small businesses in each of calendar 
years 2022 and 2023 shall comply with the requirements of this subpart 
beginning October 1, 2024.
    (2) A covered financial institution that is not subject to 
paragraph (b)(1) of this section and that originated at least 500 
covered credit transactions for small businesses in each of calendar 
years 2022 and 2023 shall comply with the requirements of this subpart 
beginning April 1, 2025.
    (3) A covered financial institution that is not subject to 
paragraphs (b)(1) or (2) of this section and that originated at least 
100 covered credit transactions for small businesses in each of 
calendar years 2022 and 2023 shall comply with the requirements of this 
subpart beginning January 1, 2026.
    (4) A financial institution that did not originate at least 100 
covered credit transactions for small businesses in each of calendar 
years 2022 and 2023 but subsequently originates at least 100 such 
transactions in two consecutive calendar years shall comply with the 
requirements of this subpart in accordance with Sec.  1002.105(b), but 
in any case no earlier than January 1, 2026.
    (c) Special transitional rules--(1) Collection of certain 
information prior to a financial institution's compliance date. A 
financial institution as described in paragraphs (b)(1), (2), or (3) of 
this section is permitted, but not required, to collect information 
regarding whether an applicant for a covered credit transaction is a 
minority-owned business, a women-owned business, and/or an LGBTQI+-
owned business under Sec.  1002.107(a)(18), and the ethnicity, race, 
and sex of the applicant's principal owners under Sec.  1002.107(a)(19) 
beginning 12 months prior to its applicable compliance date as set 
forth in paragraphs (b)(1), (2), or (3) of this section. A financial 
institution collecting such information pursuant to this paragraph 
(c)(1) must do so in accordance with the requirements set out in 
Sec. Sec.  1002.107(a)(18) and (19), 1002.108, and 1002.111(b) and (c).
    (2) Determining which compliance date applies to a financial 
institution that does not collect information sufficient to determine 
small business status. A financial institution that is unable to 
determine the number of covered credit transactions it originated for 
small businesses in each of calendar years 2022 and 2023 for purposes 
of determining its compliance date pursuant to paragraph (b) of this 
section, because for some or all of this period it does not have 
readily accessible the information needed to determine whether its 
covered credit transactions were originated for small businesses as 
defined in Sec.  1002.106(b), is permitted to use any reasonable method 
to estimate its originations to small businesses for either or both of 
the calendar years 2022 and 2023.

[[Page 35534]]


0
7. Appendices E and F are added to read as follows:

Appendix E to Part 1002--Sample Form for Collecting Certain Applicant-
Provided Data Under Subpart B

BILLING CODE 4810-AM-P
[GRAPHIC] [TIFF OMITTED] TR31MY23.211


[[Page 35535]]


[GRAPHIC] [TIFF OMITTED] TR31MY23.212

BILLING CODE 4810-AM-C

Appendix F to Part 1002--Tolerances for Bona Fide Errors in Data 
Reported Under Subpart B

    As set out in Sec.  1002.112(b) and in comment 112(b)-1, a 
financial institution is presumed to maintain procedures reasonably 
adapted to avoid errors with respect to a given data field if the 
number of errors found in a random sample of a financial 
institution's data submission for a given data field do not equal or 
exceed the threshold in column C of the following table (Table 1, 
Tolerance Thresholds for Bona Fide Errors):

[[Page 35536]]



                        Table 1 to Appendix F--Tolerance Thresholds for Bona Fide Errors
----------------------------------------------------------------------------------------------------------------
                                                                  Random  sample
       Small business lending application register count            size \986\    Threshold  (#)  Threshold  (%)
(A)                                                                          (B)             (C)             (D)
----------------------------------------------------------------------------------------------------------------
100-130........................................................               47               3             6.4
131-190........................................................               56               3             5.4
191-500........................................................               59               3             5.1
501-100,000....................................................               79               4             5.1
100,001+.......................................................              159               4             2.5
----------------------------------------------------------------------------------------------------------------

    The size of the random sample, under column B, shall depend on 
the size of the financial institution's small business lending 
application register, as shown in column A of the Threshold Table.
---------------------------------------------------------------------------

    \986\ For a financial institution with fewer than 30 entries in 
its small business lending application register, the full sample 
size is the financial institution's total number of entries. The 
threshold number for such financial institutions remains three. 
Accordingly, the threshold percentage will be higher for financial 
institutions with fewer than 30 entries in their registers
---------------------------------------------------------------------------

    The thresholds in column C of the Threshold Table reflect the 
number of unintentional errors a financial institution may make 
within a particular data field (e.g., the credit product data field 
within the credit type data point or the ethnicity data field for a 
particular principal owner within the ethnicity, race, and sex of 
principal owners data point) in a small business lending application 
register that would be deemed bona fide errors for purposes of Sec.  
1002.112(b).
    For instance, a financial institution that submitted a small 
business lending application register containing 105 applications 
would be subject to a threshold of three errors per data field. If 
the financial institution had made two errors in reporting loan 
amount and two errors reporting gross annual income, all of these 
errors would be covered by the bona fide error provision of Sec.  
1002.112(b) and would not constitute a violation of the Act or this 
part. If the same financial institution had made four errors in 
reporting loan amount and two errors reporting gross annual income, 
the bona fide error provision of Sec.  1002.112(b) would not apply 
to the four loan amount errors but would still apply to the two 
gross annual income errors.
    Even when the number of errors in a particular data field do not 
equal or exceed the threshold in column C, if either there is a 
reasonable basis to believe that errors in that field were 
intentional or there is evidence that the financial institution did 
not maintain procedures reasonably adapted to avoid such errors, 
then the errors are not bona fide errors under Sec.  1002.112(b).
    For purposes of determining bona fide errors under Sec.  
1002.112(b), the term ``data field'' generally refers to individual 
fields. Some data fields may allow for more than one response. For 
example, with respect to information on the ethnicity or race of an 
applicant's principal owners, a data field may identify more than 
one race or more than one ethnicity for a given person. If one or 
more of the ethnicities or races identified in a data field are 
erroneous, they count as one (and only one) error for that data 
field.


0
8. In Supplement I to part 1002:
0
a. Under Section 1002.5--Rules Concerning Requests for Information, 
revise Paragraph 5(a)(2) and Paragraph 5(a)(4);
0
b. Under Section 1002.12--Record Retention, revise 12(b)(7) 
Preapplication marketing information;
0
c. Under Section 1002.13--Information for Monitoring Purposes, revise 
13(b) Obtaining of information; and
0
d. Add: Section 1002.102--Definitions; Section 1002.103--Covered 
Applications; Section 1002.104--Covered Credit Transactions and 
Excluded Transactions; Section 1002.105--Covered Financial Institutions 
and Exempt Institutions; Section 1002.106--Business and Small Business; 
Section 1002.107--Compilation of Reportable Data; Section 1002.108--
Firewall; Section 1002.109--Reporting of Data to the Bureau; Section 
1002.110--Publication of Data and Other Disclosures; Section 1002.111--
Recordkeeping; Section 1002.112--Enforcement; and Section 1002.114--
Effective Date, Compliance Date, and Special Transition Rules.
    The revisions and additions read as follows:

Supplement I to Part 1002--Official Interpretations

* * * * *

Section 1002.5--Rules Concerning Requests for Information

* * * * *
5(a)(2) Required Collection of Information
    1. Local laws. Information that a creditor is allowed to collect 
pursuant to a ``state'' statute or regulation includes information 
required by a local statute, regulation, or ordinance.
    2. Information required by Regulation C. Regulation C, 12 CFR part 
1003, generally requires creditors covered by the Home Mortgage 
Disclosure Act (HMDA) to collect and report information about the race, 
ethnicity, and sex of applicants for certain dwelling-secured loans, 
including some types of loans not covered by Sec.  1002.13.
    3. Collecting information on behalf of creditors. Persons such as 
loan brokers and correspondents do not violate the ECOA or Regulation B 
if they collect information that they are otherwise prohibited from 
collecting, where the purpose of collecting the information is to 
provide it to a creditor that is subject to subpart B of this part, the 
Home Mortgage Disclosure Act, or another Federal or State statute or 
regulation requiring data collection.
    4. Information required by subpart B. Subpart B of this part 
generally requires creditors that are covered financial institutions as 
defined in Sec.  1002.105(b) to collect and report information about 
the ethnicity, race, and sex of the principal owners of applicants for 
certain small business credit, as well as whether the applicant is a 
minority-owned business, a women-owned business, or an LGBTQI+-owned 
business, as defined in Sec.  1002.102(m), (s), and (l), respectively.
5(a)(4) Other Permissible Collection of Information
    1. Other permissible collection of information. Information 
regarding ethnicity, race, and sex that is not required to be collected 
pursuant to Regulation C, 12 CFR part 1003, or subpart B of this part, 
may nevertheless be collected under the circumstances set forth in 
Sec.  1002.5(a)(4) without violating Sec.  1002.5(b). The information 
collected pursuant to 12 CFR part 1003 must be retained pursuant to the 
requirements of Sec.  1002.12. The information collected pursuant to 
subpart B of this part must be retained pursuant to the requirements 
set forth in Sec.  1002.111.
* * * * *

Section 1002.12--Record Retention

* * * * *
12(b) Preservation of Records
* * * * *

[[Page 35537]]

12(b)(7) Preapplication Marketing Information
    1. Prescreened credit solicitations. The rule requires creditors to 
retain copies of prescreened credit solicitations. For purposes of this 
part, a prescreened solicitation is an ``offer of credit'' as described 
in 15 U.S.C. 1681a(1) of the Fair Credit Reporting Act. A creditor 
complies with Sec.  1002.12(b)(7) if it retains a copy of each 
solicitation mailing that contains different terms, such as the amount 
of credit offered, annual percentage rate, or annual fee.
    2. List of criteria. A creditor must retain the list of criteria 
used to select potential recipients. This includes the criteria used by 
the creditor both to determine the potential recipients of the 
particular solicitation and to determine who will actually be offered 
credit.
    3. Correspondence. A creditor may retain correspondence relating to 
consumers' complaints about prescreened solicitations in any manner 
that is reasonably accessible and is understandable to examiners. There 
is no requirement to establish a separate database or set of files for 
such correspondence, or to match consumer complaints with specific 
solicitation programs.
* * * * *

Section 1002.13--Information for Monitoring Purposes

* * * * *
13(b) Obtaining of Information
    1. Forms for collecting data. A creditor may collect the 
information specified in Sec.  1002.13(a) either on an application form 
or on a separate form referring to the application. Appendix B to this 
part provides for two alternative data collection model forms for use 
in complying with the requirements of Sec.  1002.13(a)(1)(i) and (ii) 
to collect information concerning an applicant's ethnicity, race, and 
sex. When a creditor collects ethnicity and race information pursuant 
to Sec.  1002.13(a)(1)(i)(A), the applicant must be offered the option 
to select more than one racial designation. When a creditor collects 
ethnicity and race information pursuant to Sec.  1002.13(a)(1)(i)(B), 
the applicant must be offered the option to select more than one 
ethnicity designation and more than one racial designation.
    2. Written applications. The regulation requires written 
applications for the types of credit covered by Sec.  1002.13. A 
creditor can satisfy this requirement by recording on paper or by means 
of computer the information that the applicant provides orally and that 
the creditor normally considers in a credit decision.
    3. Telephone, mail applications. i. A creditor that accepts an 
application by telephone or mail must request the monitoring 
information.
    ii. A creditor that accepts an application by mail need not make a 
special request for the monitoring information if the applicant has 
failed to provide it on the application form returned to the creditor.
    iii. If it is not evident on the face of an application that it was 
received by mail, telephone, or via an electronic medium, the creditor 
should indicate on the form or other application record how the 
application was received.
    4. Video and other electronic-application processes. i. If a 
creditor takes an application through an electronic medium that allows 
the creditor to see the applicant, the creditor must treat the 
application as taken in person. The creditor must note the monitoring 
information on the basis of visual observation or surname, if the 
applicant chooses not to provide the information.
    ii. If an applicant applies through an electronic medium without 
video capability, the creditor treats the application as if it were 
received by mail.
    5. Applications through loan-shopping services. When a creditor 
receives an application through an unaffiliated loan-shopping service, 
it does not have to request the monitoring information for purposes of 
the ECOA or subpart A of this Regulation B. Creditors subject to the 
Home Mortgage Disclosure Act should be aware, however, that data 
collection may be called for under Regulation C (12 CFR part 1003), 
which generally requires creditors to report, among other things, the 
sex and race of an applicant on brokered applications or applications 
received through a correspondent. Similarly, creditors that are covered 
financial institutions under subpart B of this Regulation may also be 
required to collect, report, and maintain certain data, as set forth in 
subpart B of this Regulation.
    6. Inadvertent notation. If a creditor inadvertently obtains the 
monitoring information in a dwelling-related transaction not covered by 
Sec.  1002.13, the creditor may process and retain the application 
without violating the regulation.
* * * * *

Section 1002.102--Definitions

102(b) Applicant
    1. General. In no way are the limitations to the term applicant in 
Sec.  1002.102(b) of subpart B intended to repeal, abrogate, annul, 
impair, change, or interfere with the scope of the term applicant in 
Sec.  1002.2(e) as applicable to subpart A.
102(l) LGBTQI+-Owned Business
    1. General. In order to be an LGBTQI+-owned business for purposes 
of subpart B of this part, a business must satisfy both prongs of the 
definition of LGBTQI+-owned business. First, one or more LGBTQI+ 
individuals must own or control more than 50 percent of the business. 
However, it is not necessary that one or more LGBTQI+ individuals both 
own and control more than 50 percent of the business. For example, a 
business that is owned entirely by one or more LGBTQI+ individuals but 
is not controlled by any one or more such individuals satisfies the 
first prong of the definition. Similarly, a business that is controlled 
by an LGBTQI+ individual satisfies this first prong of the definition, 
even if none of the individuals with ownership in the business are 
LGBTQI+ individuals. If a business does not satisfy this first prong of 
the definition, it is not an LGBTQI+-owned business. Second, 50 percent 
or more of the net profits or losses must accrue to one or more LGBTQI+ 
individuals. If a business does not satisfy this second prong of the 
definition, it is not an LGBTQI+-owned business, regardless of whether 
it satisfies the first prong of the definition.
    2. Purpose of definition. The definition of LGBTQI+-owned business 
is used only when an applicant determines if it is an LGBTQI+-owned 
business for purposes of Sec.  1002.107(a)(18). A financial institution 
shall provide an applicant with the definition of LGBTQI+-owned 
business when asking the applicant to provide its LGBTQI+-owned 
business status pursuant to Sec.  1002.107(a)(18). A financial 
institution satisfies this requirement if it provides the definition as 
set forth in the sample data collection form in appendix E. The 
financial institution must provide additional clarification by 
referencing the definition of LGBTQI+ individual as set forth in Sec.  
1002.102(k) if asked by the applicant. The financial institution is 
neither permitted nor required to make its own determination regarding 
the applicant's LGBTQI+-owned business status.
    3. Further clarifications of terms used in the definition of 
LGBTQI+-owned

[[Page 35538]]

business. In order to assist an applicant when determining whether it 
is an LGBTQI+-owned business, a financial institution may provide the 
applicant with the definitions of ownership, control, and accrual of 
net profits or losses and related concepts set forth in comments 
102(l)-4 through -6. A financial institution may assist an applicant 
when the applicant is determining its LGBTQI+-owned business status but 
is not required to do so. For purposes of reporting an applicant's 
status, a financial institution relies on the applicant's 
determinations of its ownership, control, and accrual of net profits 
and losses.
    4. Ownership. For purposes of determining if a business is an 
LGBTQI+-owned business, an individual owns a business if that 
individual directly or indirectly, through any contract, arrangement, 
understanding, relationship or otherwise, has an equity interest in the 
business. Examples of ownership include being the sole proprietor of a 
sole proprietorship, directly or indirectly owning or holding the stock 
of a corporation or company, directly or indirectly having a 
partnership interest in a business, or directly or indirectly having a 
membership interest in a limited liability company. Indirect as well as 
direct ownership are used when determining ownership for purposes of 
Sec. Sec.  1002.102(l) and 1002.107(a)(18). Thus, where applicable, 
ownership must be traced through corporate or other indirect ownership 
structures. For example, assume that the applicant is company A. If 
company B owns 60 percent of applicant company A and an individual owns 
100 percent of company B, the individual owns 60 percent of applicant 
company A. Similarly, if an individual directly owns 20 percent of 
applicant company A and is an equal partner in partnership B that owns 
the remaining 80 percent of applicant company A, the individual owns 60 
percent of applicant company A (i.e., 20 percent due through direct 
ownership and 40 percent indirectly through partnership B). A trustee 
is considered the owner of the trust. Thus, if a trust owns a business 
and the trust has two co-trustees, each co-trustee owns 50 percent of 
the business.
    5. Control. An individual controls a business if that individual 
has significant responsibility to manage or direct the business. An 
individual controls a business if the individual is an executive 
officer or senior manager (e.g., a chief executive officer, chief 
financial officer, chief operating officer, managing member, general 
partner, president, vice president, or treasurer) or regularly performs 
similar functions. Additionally, a business may be controlled by two or 
more LGBTQI+ individuals if those individuals collectively control the 
business, such as constituting a majority of the board of directors or 
a majority of the partners of a partnership.
    6. Accrual of net profits or losses. A business's net profits and 
losses accrue to an individual if that individual receives the net 
profits or losses, is legally entitled or required to receive the net 
profits or losses, or is legally entitled or required to recognize the 
net profits or losses for tax purposes.
102(m) Minority-Owned Business
    1. General. In order to be a minority-owned business for purposes 
of subpart B of this part, a business must satisfy both prongs of the 
definition of minority-owned business. First, one or more American 
Indian or Alaska Native, Asian, Black or African American, Native 
Hawaiian or Other Pacific Islander, or Hispanic or Latino individuals 
must own or control more than 50 percent of the business. However, it 
is not necessary that one or more American Indian or Alaska Native, 
Asian, Black or African American, Native Hawaiian or Other Pacific 
Islander, or Hispanic or Latino individuals both own and control more 
than 50 percent of the business. For example, a business that is owned 
entirely, but is not controlled by, individuals belonging to one of 
these groups satisfies the first prong of the definition. Similarly, a 
business that is controlled by an American Indian or Alaska Native, 
Asian, Black or African American, Native Hawaiian or Other Pacific 
Islander, or Hispanic or Latino individual satisfies this first prong 
of the definition, even if none of the individuals with ownership in 
the business are American Indian or Alaska Native, Asian, Black or 
African American, Native Hawaiian or Other Pacific Islander, or 
Hispanic or Latino. If a business does not satisfy this first prong of 
the definition, it is not a minority-owned business. Second, 50 percent 
or more of the net profits or losses must accrue to one or more 
individuals belonging to these groups. If a business does not satisfy 
this second prong of the definition, it is not a minority-owned 
business, regardless of whether it satisfies the first prong of the 
definition.
    2. Purpose of definition. The definition of minority-owned business 
is used only when an applicant determines if it is a minority-owned 
business for purposes of Sec.  1002.107(a)(18). A financial institution 
shall provide an applicant with the definition of minority-owned 
business when asking the applicant to provide its minority-owned 
business status pursuant to Sec.  1002.107(a)(18), but the financial 
institution is neither permitted nor required to make its own 
determination regarding the applicant's minority-owned business status.
    3. Further clarifications of terms used in the definition of 
minority-owned business. In order to assist an applicant when 
determining whether it is a minority-owned business, a financial 
institution may provide the applicant with the definitions of 
ownership, control, and accrual of net profits or losses and related 
concepts set forth in comments 102(m)-4 through -6. A financial 
institution may assist an applicant when the applicant is determining 
its minority-owned business status but is not required to do so. For 
purposes of reporting an applicant's status, a financial institution 
relies on the applicant's determinations of its ownership, control, and 
accrual of net profits and losses.
    4. Ownership. For purposes of determining if a business is a 
minority-owned business, an individual owns a business if that 
individual directly or indirectly, through any contract, arrangement, 
understanding, relationship or otherwise, has an equity interest in the 
business. Examples of ownership include being the sole proprietor of a 
sole proprietorship, directly or indirectly owning or holding the stock 
of a corporation or company, directly or indirectly having a 
partnership interest in a business, or directly or indirectly having a 
membership interest in a limited liability company. Indirect as well as 
direct ownership are used when determining ownership for purposes of 
Sec. Sec.  1002.102(m) and 1002.107(a)(18). Thus, where applicable, 
ownership must be traced through corporate or other indirect ownership 
structures. For example, assume that the applicant is company A. If 
company B owns 60 percent of applicant company A and an individual owns 
100 percent of company B, the individual owns 60 percent of applicant 
company A. Similarly, if an individual directly owns 20 percent of 
applicant company A and is an equal partner in partnership B that owns 
the remaining 80 percent of applicant company A, the individual owns 60 
percent of applicant company A (i.e., 20 percent due through direct 
ownership and 40 percent indirectly through partnership B). A trustee 
is considered the owner of the trust. Thus, if a trust owns a business 
and the trust

[[Page 35539]]

has two co-trustees, each co-trustee owns 50 percent of the business.
    5. Control. An individual controls a business if that individual 
has significant responsibility to manage or direct the business. An 
individual controls a business if the individual is an executive 
officer or senior manager (e.g., a chief executive officer, chief 
financial officer, chief operating officer, managing member, general 
partner, president, vice president, or treasurer) or regularly performs 
similar functions. Additionally, a business may be controlled by two or 
more American Indian or Alaska Native, Asian, Black or African 
American, Native Hawaiian or Other Pacific Islander, or Hispanic or 
Latino individuals if those individuals collectively control the 
business, such as constituting a majority of the board of directors or 
a majority of the partners of a partnership.
    6. Accrual of net profits or losses. A business's net profits and 
losses accrue to an individual if that individual receives the net 
profits or losses, is legally entitled or required to receive the net 
profits or losses, or is legally entitled or required to recognize the 
net profits or losses for tax purposes.
    7. Multi-racial and multi-ethnic individuals. For purposes of 
subpart B of this part, an individual who is multi-racial or multi-
ethnic constitutes an individual for whom the definition of minority-
owned business may apply, depending on whether the individual meets the 
other requirements of the definition. For example, an individual who is 
both Asian and White is an individual for whom the definition of 
minority-owned business shall apply if the individual meets the other 
requirements of the definition related to ownership or control and 
accrual of profits or losses.
    8. Relationship to disaggregated subcategories used to determine 
ethnicity and race of principal owners. The ethnicity and race 
categories used in this section are aggregate ethnicity (Hispanic or 
Latino) and race (American Indian or Alaska Native, Asian, Black or 
African American, and Native Hawaiian or Other Pacific Islander) 
categories. Those ethnicity and race categories are the same aggregate 
categories used (along with Not Hispanic or Latino for ethnicity, and 
White for race) to collect an applicant's principal owners' ethnicity 
and race pursuant to Sec.  1002.107(a)(19).
102(o) Principal Owner
    1. Individual. Only an individual can be a principal owner of a 
business for purposes of subpart B of this part. Entities, such as 
trusts, partnerships, limited liability companies, and corporations, 
are not principal owners for this purpose. Additionally, an individual 
must directly own an equity share of 25 percent or more in the business 
in order to be a principal owner. Unlike the determination of ownership 
for purposes of collecting and reporting minority-owned business 
status, women-owned business status, and LGBTQI+-owned business status, 
indirect ownership is not considered when determining if someone is a 
principal owner for purposes of collecting and reporting principal 
owners' ethnicity, race, and sex or the number of principal owners. 
Thus, when determining who is a principal owner, ownership is not 
traced through multiple corporate structures to determine if an 
individual owns 25 percent or more of the equity interests. For 
example, if individual A directly owns 20 percent of a business, 
individual B directly owns 20 percent, and partnership C owns 60 
percent, the business does not have any owners who satisfy the 
definition of principal owner set forth in Sec.  1002.102(o), even if 
individual A and individual B are the only partners in the partnership 
C. Similarly, if individual A directly owns 30 percent of a business, 
individual B directly owns 20 percent, and trust D owns 50 percent, 
individual A is the only principal owner as defined in Sec.  
1002.102(o), even if individual B is the sole trustee of trust D.
    2. Trustee. Although a trust is not considered a principal owner of 
a business for the purposes of subpart B, if the applicant for a 
covered credit transaction is a trust, a trustee is considered the 
owner of the trust. Thus, if a trust is an applicant for a covered 
credit transaction and the trust has two co-trustees, each co-trustee 
is considered to own 50 percent of the business and would each be a 
principal owner as defined in Sec.  1002.102(o). In contrast, if the 
trust has five co-trustees, each co-trustee is considered to own 20 
percent of the business and would not meet the definition of principal 
owner under Sec.  1002.102(o).
    3. Purpose of definition. A financial institution shall provide an 
applicant with the definition of principal owner when asking the 
applicant to provide the number of its principal owners pursuant to 
Sec.  1002.107(a)(20) and the ethnicity, race, and sex of its principal 
owners pursuant to Sec.  1002.107(a)(19). See comments 107(a)(19)-2 and 
107(a)(20)-1.
102(s) Women-Owned Business
    1. General. In order to be a women-owned business for purposes of 
subpart B of this part, a business must satisfy both prongs of the 
definition of women-owned business. First, one or more women must own 
or control more than 50 percent of the business. However, it is not 
necessary that one or more women both own and control more than 50 
percent of the business. For example, a business that is owned entirely 
by women but is not controlled by any women satisfies the first prong 
of the definition. Similarly, a business that is controlled by a woman 
satisfies this first prong of the definition, even if none of the 
individuals with ownership in the business are women. If a business 
does not satisfy this first prong of the definition, it is not a women-
owned business. Second, 50 percent or more of the net profits or losses 
must accrue to one or more women. If a business does not satisfy this 
second prong of the definition, it is not a women-owned business, 
regardless of whether it satisfies the first prong of the definition.
    2. Purpose of definition. The definition of women-owned business is 
used only when an applicant determines if it is a women-owned business 
pursuant to Sec.  1002.107(a)(18). A financial institution shall 
provide an applicant with the definition of women-owned business when 
asking the applicant to provide its women-owned business status 
pursuant to Sec.  1002.107(a)(18), but the financial institution is 
neither permitted nor required to make its own determination regarding 
the applicant's women-owned business status.
    3. Further clarifications of terms used in the definition of women-
owned business. In order to assist an applicant when determining 
whether it is a women-owned business, a financial institution may 
provide the applicant with the definitions of ownership, control, and 
accrual of net profits or losses and related concepts set forth in 
comments 102(s)-4 through -6. A financial institution may assist an 
applicant when the applicant is determining its women-owned business 
status but is not required to do so. For purposes of reporting an 
applicant's status, a financial institution relies on the applicant's 
determinations of its ownership, control, and accrual of net profits 
and losses.
    4. Ownership. For purposes of determining if a business is a women-
owned business, an individual owns a business if that individual 
directly or indirectly, through any contract, arrangement, 
understanding, relationship or otherwise, has an equity interest in the 
business. Examples of ownership include being the sole proprietor of a 
sole proprietorship,

[[Page 35540]]

directly or indirectly owning or holding the stock of a corporation or 
company, directly or indirectly having a partnership interest in a 
business, or directly or indirectly having a membership interest in a 
limited liability company. Indirect as well as direct ownership are 
used when determining ownership for purposes of Sec. Sec.  1002.102(s) 
and 1002.107(a)(18). Thus, where applicable, ownership must be traced 
through corporate or other indirect ownership structures. For example, 
assume that the applicant is company A. If company B owns 60 percent of 
the applicant company A and an individual owns 100 percent of company 
B, the individual owns 60 percent of the applicant company A. 
Similarly, if an individual directly owns 20 percent of the applicant 
company A and is an equal partner in a partnership B that owns the 
remaining 80 percent of the applicant company A, the individual owns 60 
percent of applicant company A (i.e., 20 percent due through direct 
ownership and 40 percent indirectly through partnership B). A trustee 
is considered the owner of the trust. Thus, if a trust owns a business 
and the trust has two co-trustees, each co-trustee owns 50 percent of 
the business.
    5. Control. An individual controls a business if that individual 
has significant responsibility to manage or direct the business. An 
individual controls a business if the individual is an executive 
officer or senior manager (e.g., a chief executive officer, chief 
financial officer, chief operating officer, managing member, general 
partner, president, vice president, or treasurer) or regularly performs 
similar functions. Additionally, a business may be controlled by two or 
more women if those women collectively control the business, such as 
constituting a majority of the board of directors or a majority of the 
partners of a partnership.
    6. Accrual of net profits or losses. A business's net profits and 
losses accrue to an individual if that individual receives the net 
profits or losses, is legally entitled or required to receive the net 
profits or losses, or is legally entitled or required to recognize the 
net profits or losses for tax purposes.

Section 1002.103--Covered Applications

103(a) Covered Application
    1. General. Subject to the requirements of subpart B of this part, 
a financial institution has latitude to establish its own application 
procedures, including designating the type and amount of information it 
will require from applicants.
    2. Procedures used. The term ``procedures'' refers to the actual 
practices followed by a financial institution as well as its stated 
application procedures. For example, if a financial institution's 
stated policy is to require all applications to be in writing on the 
financial institution's application form, but the financial institution 
also makes credit decisions based on oral requests, the financial 
institution's procedures are to accept both oral and written 
applications.
    3. Consistency with subpart A. Bureau interpretations that appear 
in this supplement I in connection with Sec. Sec.  1002.2(f) and 1002.9 
are generally applicable to the definition of a covered application in 
Sec.  1002.103. However, the definition of a covered application in 
Sec.  1002.103 does not include inquiries and prequalification 
requests. The definition of a covered application also does not include 
reevaluation, extension, or renewal requests on an existing business 
credit account, unless the request seeks additional credit amounts. See 
Sec.  1002.103(b).
    4. Solicitations and firm offers of credit. For purposes of subpart 
B of this part, the term covered application does not include 
solicitations, firm offers of credit, or other evaluations initiated by 
the financial institution because in these situations the business has 
not made a request for credit. For example, if a financial institution 
sends a firm offer of credit to a business for a $10,000 line of 
credit, and the business does not respond, it is not a covered 
application because the business never made a request for credit. 
However, using the same example, if the business seeks to obtain the 
credit offered, assuming the requirements of a covered application are 
otherwise met, the business's request constitutes a covered application 
for purposes of subpart B of this part. See also comment 103(b)-4.
    5. Requests for multiple covered credit transactions at one time. 
Assuming the requirements of a covered application are met, if an 
applicant makes a request for two or more covered credit transactions 
at the same time, the financial institution reports each request as a 
separate covered application. For example, if an applicant is seeking 
both a term loan and a line of credit and requests them both on the 
same application form, the financial institution reports the requests 
as two separate covered applications, one for a term loan and another 
for a line of credit. See Sec.  1002.107(d) for the requirements for 
reusing data so that a financial institution need only ask once for 
certain data required under Sec.  1002.107(a). If, on the other hand, 
the applicant is only requesting a single covered credit transaction, 
but has not decided on which particular product, the financial 
institution reports the request as a single covered application. For 
example, if the applicant indicates interest in either a term loan or a 
line of credit, but not both, the financial institution reports the 
request as a single covered application. See comment 107(a)(5)-1 for 
instructions on reporting credit product in this situation.
    6. Initial request for a single covered credit transaction that 
would result in the origination of multiple covered credit 
transactions. Assuming the requirements of a covered application are 
met, if an applicant initially makes a request for one covered credit 
transaction, but over the course of the application process requests 
multiple covered credit transactions, each covered credit transaction 
must be reported as a separate covered application. See Sec.  
1002.107(d) for the requirements for reusing data so that a financial 
institution need only ask once for certain data required under Sec.  
1002.107(a).
    7. Requests for multiple lines of credit at one time. Assuming the 
requirements of a covered application are met, if an applicant requests 
multiple lines of credit on a single credit account, it is reported as 
one or more covered applications based on the procedures used by the 
financial institution for the type of credit account. For example, if a 
financial institution treats a request for multiple lines of credit at 
one time as sub-components of a single account, the financial 
institution reports the request as a single covered application. If, on 
the other hand, the financial institution treats each line of credit as 
a separate account, then the financial institution reports each request 
for a line of credit as a separate covered application, as set forth in 
comment 103(a)-5.
    8. Duplicate applications. If a financial institution receives two 
or more duplicate covered applications (i.e., from the same applicant, 
for the same credit product, for the same amount, at or around the same 
time), the financial institution may treat the request as a single 
covered application for purposes of subpart B, so long as for purposes 
of determining whether to extend credit, it would also treat one or 
more of the applications as a duplicate under its procedures.
    9. Changes in whether there is a covered credit transaction. In 
certain circumstances, an applicant may change the type of product 
requested during the course of the application process.

[[Page 35541]]

Assuming other requirements of a covered application are met, if an 
applicant initially requests a product that is not a covered credit 
transaction, but prior to final action taken decides to seek instead a 
product that is a covered credit transaction, the application is a 
covered application and must be reported pursuant to Sec.  1002.109. In 
this circumstance, the financial institution shall endeavor to compile, 
maintain, and report the data required under Sec.  1002.107(a) in a 
manner that is reasonable under the circumstances. If, on the other 
hand, an applicant initially requests a product that is a covered 
credit transaction, but prior to final action taken decides instead to 
seek a product that is not a covered credit transaction, the 
application is not a covered application and thus is not reported. See 
also Sec.  1002.112(c)(4), which provides a safe harbor for incorrect 
collection of certain data if, at the time of collection, the financial 
institution had a reasonable basis for believing that the application 
was a covered application. Assuming other requirements of a covered 
application are met, if an applicant initially requests a product that 
is a covered credit transaction, the financial institution 
counteroffers with a product that is not a covered credit transaction, 
and the applicant declines to proceed or fails to respond, the 
application is reported as a covered application. For example, if an 
applicant initially applies for a term loan, but then, after 
consultation with the financial institution, decides that a lease would 
better meet its needs and decides to proceed with that product, the 
application is not a covered application and thus is not reported. 
However, if an applicant initially applies for a term loan, the 
financial institution offers to consider the applicant only for a 
lease, and the applicant refuses, the transaction is a covered 
application that must be reported.
    10. Multiple unaffiliated co-applicants. If a covered financial 
institution receives a covered application from multiple businesses 
that are not affiliates, as defined by Sec.  1002.102(a), it shall 
compile, maintain, and report data pursuant to Sec. Sec.  1002.107 
through 1002.109 for only a single applicant that is a small business, 
as defined in Sec.  1002.106(b). A covered financial institution shall 
establish consistent procedures for designating a single small business 
for purposes of collecting and reporting data under subpart B in 
situations where there is more than one small business co-applicant, 
such as reporting on the first small business listed on an application 
form. For example, if three businesses jointly apply as co-applicants 
for a term loan to purchase a piece of equipment, but only one of the 
businesses is a small business, as defined in Sec.  1002.106(b), the 
financial institution reports on the single small business. If, 
however, two of the businesses are small businesses, as defined in 
Sec.  1002.106(b), the financial institution must have a procedure for 
designating which small business among multiple small business co-
applicants it will report information on, such as consistently 
reporting on the first small business listed on an application form. 
See also Sec.  1002.5(a)(4)(x), which permits a creditor to collect 
certain protected information about co-applicants under certain 
circumstances.
    11. Refinancings and evaluation, extension, or renewal requests 
that request additional credit amounts. As discussed in comments 
103(b)-2 and -3, assuming other requirements of a covered application 
are met, an applicant's request to refinance and an applicant's request 
for additional credit amounts on an existing account both constitute 
covered applications.
103(b) Circumstances That Are Not Covered Applications
    1. In general. The circumstances set forth in Sec.  1002.103(b) are 
not covered applications for purposes of subpart B of this part, even 
if considered applications under subpart A of this part. However, in no 
way are the exclusions in Sec.  1002.103(b) intended to repeal, 
abrogate, annul, impair, change, or interfere with the scope of the 
term application in Sec.  1002.2(f) as applicable to subpart A.
    2. Reevaluation, extension, or renewal requests that do not request 
additional credit amounts. An applicant's request to change one or more 
terms of an existing account does not constitute a covered application, 
unless the applicant is requesting additional credit amounts on the 
account. For example, an applicant's request to extend the duration on 
a line of credit or to remove a guarantor would not be a covered 
application. However, assuming other requirements of a covered 
application are met, an applicant's request to refinance would be 
reportable. A refinancing occurs when an existing obligation is 
satisfied and replaced by a new obligation undertaken by the same 
borrower.
    3. Reevaluation, extension, or renewal requests that request 
additional credit amounts. A Assuming other requirements of a covered 
application are met, an applicant's request for additional credit 
amounts on an existing account constitutes a covered application. For 
example, an applicant's request for a line increase on an existing line 
of credit, made in accordance with a financial institution's procedures 
for the type of credit requested, would be a covered application. As 
discussed in comment 107(a)(7)-4, when reporting a covered application 
that seeks additional credit amounts on an existing account, the 
financial institution need only report the additional credit amount 
sought, and not the entire credit amount. For example, if an applicant 
currently has a line of credit account for $100,000, and seeks to 
increase the line to $150,000, the financial institution reports the 
amount applied for as $50,000.
    4. Reviews or evaluations initiated by the financial institution. 
For purposes of subpart B of this part, the term covered application 
does not include evaluations or reviews of existing accounts initiated 
by the financial institution because the business has not made a 
request for credit. For example, if a financial institution conducts 
periodic reviews of its existing lines of credit and decides to 
increase the business's line by $10,000, it is not a covered 
application because the business never made a request for the 
additional credit amounts. However, if such an evaluation or review of 
an existing account by a financial institution results in the financial 
institution inviting the business to apply for additional credit 
amounts on an existing account and the business does so, the business's 
request constitutes a covered application for purposes of subpart B of 
this part, assuming other requirements of a covered application are 
met. Similarly, as noted in comment 103(a)-4, the term covered 
application also does not include solicitations and firm offers of 
credit.
    5. Inquiries and prequalification requests. An inquiry is a request 
by a prospective applicant for information about credit terms offered 
by the financial institution. A prequalification request is a request 
by a prospective applicant for a preliminary determination on whether 
the prospective applicant would likely qualify for credit under a 
financial institution's standards or for a determination on the amount 
of credit for which the prospective applicant would likely qualify. 
Inquiries and prequalification requests are not covered applications 
under subpart B of this part, even though in certain circumstances 
inquiries and prequalification requests may constitute

[[Page 35542]]

applications under subpart A. For example, while an inquiry or 
prequalification request may become an ``application'' under subpart A 
if the creditor evaluates information about the business, decides to 
decline the request, and communicates this to the business, such 
inquiries or prequalifications would not be ``covered applications'' 
under subpart B of this part. Whether a particular request is a covered 
application, or whether instead it is an inquiry or prequalification 
request that is not reportable under subpart B, may turn, for instance, 
on how a financial institution structures and processes such requests: 
does the financial institution require or encourage a preliminary 
review in order for a business to be considered for a covered credit 
transaction, or does the business voluntarily seek preliminary feedback 
as a tool to explore its options before it decides whether to apply for 
credit with the financial institution? The name used by the financial 
institution for such a request is not determinative. For example, under 
subpart B, a review is a reportable covered application if the 
financial institution requires the business, before it may apply for 
credit, to pass through a mandatory screening process that considers 
particular information about the business and denies or turns away the 
business if it is ineligible or unlikely to qualify for credit. In 
contrast, a business that requests a financial institution to identify 
credit products for which the business might qualify based on limited 
or self-described characteristics, and without any commitment from the 
financial institution to extend credit, may not have submitted a 
covered application for purposes of subpart B.

Section 1002.104--Covered Credit Transactions and Excluded Transactions

104(a) Covered Credit Transaction
    1. General. The term ``covered credit transaction'' includes all 
business credit (including loans, lines of credit, credit cards, and 
merchant cash advances) unless otherwise excluded under Sec.  
1002.104(b).
104(b) Excluded Transactions
    1. Factoring. The term ``covered credit transaction'' does not 
cover factoring as described herein. For the purpose of this subpart, 
factoring is an accounts receivable purchase transaction between 
businesses that includes an agreement to purchase, transfer, or sell a 
legally enforceable claim for payment for goods that the recipient has 
supplied or services that the recipient has rendered but for which 
payment in full has not yet been made. The name used by the financial 
institution for a product is not determinative of whether or not it is 
a ``covered credit transaction.'' This description of factoring is not 
intended to repeal, abrogate, annul, impair, or interfere with any 
existing interpretations, orders, agreements, ordinances, rules, or 
regulations adopted or issued pursuant to comment 9(a)(3)-3. A 
financial institution shall report an extension of business credit 
incident to a factoring arrangement that is otherwise a covered credit 
transaction as ``Other sales-based financing transaction'' under Sec.  
1002.107(a)(5).
    2. Leases. The term ``covered credit transaction'' does not cover 
leases as described herein. A lease, for the purpose of this subpart, 
is a transfer from one business to another of the right to possession 
and use of goods for a term, and for primarily business or commercial 
(including agricultural) purposes, in return for consideration. A lease 
does not include a sale, including a sale on approval or a sale or 
return, or a transaction resulting in the retention or creation of a 
security interest. The name used by the financial institution for a 
product is not determinative of whether or not it is a ``covered credit 
transaction.''
    3. Consumer-designated credit. The term ``covered credit 
transaction'' does not include consumer-designated credit that is used 
for business or agricultural purposes. A transaction qualifies as 
consumer-designated credit if the financial institution offers or 
extends the credit primarily for personal, family, or household 
purposes. For example, an open-end credit account used for both 
personal and business/agricultural purposes is not business credit for 
the purpose of subpart B of this part unless the financial institution 
designated or intended for the primary purpose of the account to be 
business/agricultural-related.
    4. Credit transaction purchases, purchases of an interest in a pool 
of credit transactions, and purchases of a partial interest in a credit 
transaction. The term ``covered credit transaction'' does not cover the 
purchase of an originated credit transaction, the purchase of an 
interest in a pool of credit transactions, or the purchase of a partial 
interest in a credit transaction such as through a loan participation 
agreement. Such purchases do not, in themselves, constitute an 
application for credit. See also comment 109(a)(3)-2.i.
104(b)(1) Trade Credit
    1. General. Trade credit, as defined in Sec.  1002.104(b)(1), is 
excluded from the definition of a covered credit transaction. An 
example of trade credit involves a supplier that finances the sale of 
equipment, supplies, or inventory. However, an extension of business 
credit by a financial institution other than the supplier for the 
financing of such items is not trade credit. Also, credit extended by a 
business providing goods or services to another business is not trade 
credit for the purposes of this subpart where the supplying business 
intends to sell or transfer its rights as a creditor to a third party.
    2. Trade credit under subpart A. The definition of trade credit 
under comment 9(a)(3)-2 applies to relevant provisions under subpart A, 
and Sec.  1002.104(b)(1) is not intended to repeal, abrogate, annul, 
impair, or interfere with any existing interpretations, orders, 
agreements, ordinances, rules, or regulations adopted or issued 
pursuant to comment 9(a)(3)-2.

Section 1002.105--Covered Financial Institutions and Exempt 
Institutions

105(a) Financial Institution
    1. Examples. Section 1002.105(a) defines a financial institution as 
any partnership, company, corporation, association (incorporated or 
unincorporated), trust, estate, cooperative organization, or other 
entity that engages in any financial activity. This definition 
includes, but is not limited to, banks, savings associations, credit 
unions, online lenders, platform lenders, community development 
financial institutions, Farm Credit System lenders, lenders involved in 
equipment and vehicle financing (captive financing companies and 
independent financing companies), commercial finance companies, 
organizations exempt from taxation pursuant to 26 U.S.C. 501(c), and 
governments or governmental subdivisions or agencies.
    2. Motor vehicle dealers. Pursuant to Sec.  1002.101(a), subpart B 
of this part excludes from coverage persons defined by section 1029 of 
the Consumer Financial Protection Act of 2010, title X of the Dodd-
Frank Wall Street Reform and Consumer Protection Act, Public Law 111-
203, 124 Stat. 1376, 2004 (2010).
105(b) Covered Financial Institution
    1. Preceding calendar year. The definition of covered financial 
institution refers to preceding calendar years. For example, in 2029, 
the two preceding calendar years are 2027 and 2028. Accordingly, in 
2029, Financial Institution A does not meet the loan-

[[Page 35543]]

volume threshold in Sec.  1002.105(b) if did not originate at least 100 
covered credit transactions for small businesses both during 2027 and 
during 2028.
    2. Origination threshold. A financial institution qualifies as a 
covered financial institution based on total covered credit 
transactions originated for small businesses, rather than covered 
applications received from small businesses. For example, if in both 
2024 and 2025, Financial Institution B received 105 covered 
applications from small businesses and originated 95 covered credit 
transactions for small businesses, then for 2026, Financial Institution 
B is not a covered financial institution.
    3. Counting originations when multiple financial institutions are 
involved in originating a covered credit transaction. For the purpose 
of counting originations to determine whether a financial institution 
is a covered financial institution under Sec.  1002.105(b), in a 
situation where multiple financial institutions are involved in 
originating a single covered credit transaction, only the last 
financial institution with authority to set the material terms of the 
covered credit transaction is required to count the origination.
    4. Counting originations after adjustments to the gross annual 
revenue threshold due to inflation. Pursuant to Sec.  1002.106(b)(2), 
every five years, the gross annual revenue threshold used to define a 
small business in Sec.  1002.106(b)(1) shall be adjusted, if necessary, 
to account for inflation. The first time such an adjustment could occur 
is in 2030, with an effective date of January 1, 2031. A financial 
institution seeking to determine whether it is a covered financial 
institution applies the gross annual revenue threshold that is in 
effect for each year it is evaluating. For example, a financial 
institution seeking to determine whether it is a covered financial 
institution in 2032 counts its originations of covered credit 
transactions for small businesses in calendar years 2030 and 2031. The 
financial institution applies the initial $5 million threshold to 
evaluate whether its originations were to small businesses in 2030. In 
this example, if the small business threshold were increased to $5.5 
million effective January 1, 2031, the financial institution applies 
the $5.5 million threshold to count its originations for small 
businesses in 2031.
    5. Reevaluation, extension, or renewal requests, as well as credit 
line increases and other requests for additional credit amounts. While 
requests for additional credit amounts on an existing account can 
constitute a ``covered application'' pursuant to Sec.  1002.103(b)(1), 
such requests are not counted as originations for the purpose of 
determining whether a financial institution is a covered financial 
institution pursuant to Sec.  1002.105(b). In addition, transactions 
that extend, renew, or otherwise amend a transaction are not counted as 
originations. For example, if a financial institution originates 50 
term loans and 30 lines of credit for small businesses in each of the 
preceding two calendar years, along with 25 line increases for small 
businesses in each of those years, the financial institution is not a 
covered financial institution because it has not originated at least 
100 covered credit transactions in each of the two preceding calendar 
years.
    6. Annual consideration. Whether a financial institution is a 
covered financial institution for a particular year depends on its 
small business lending activity in the preceding two calendar years. 
Therefore, whether a financial institution is a covered financial 
institution is an annual consideration for each year that data may be 
compiled and maintained for purposes of subpart B of this part. A 
financial institution may be a covered financial institution for a 
given year of data collection (and the obligations arising from 
qualifying as a covered financial institution shall continue into 
subsequent years, pursuant to Sec. Sec.  1002.110 and 1002.111), but 
the same financial institution may not be a covered financial 
institution for the following year of data collection. For example, 
Financial Institution C originated 105 covered transactions for small 
businesses in both 2024 and 2025. In 2026, Financial Institution C is a 
covered financial institution and therefore is obligated to compile and 
maintain applicable 2026 small business lending data under Sec.  
1002.107(a). During 2026, Financial Institution C originates 95 covered 
transactions for small businesses. In 2027, Financial Institution C is 
not a covered financial institution with respect to 2027 small business 
lending data, and is not obligated to compile and maintain 2027 data 
under Sec.  1002.107(a) (although Financial Institution C may volunteer 
to collect and maintain 2027 data pursuant to Sec.  1002.5(a)(4)(vii) 
and as explained in comment 105(b)-10). Pursuant to Sec.  1002.109(a), 
Financial Institution C shall submit its small business lending 
application register for 2026 data in the format prescribed by the 
Bureau by June 1, 2027 because Financial Institution C is a covered 
financial institution with respect to 2026 data, and the data 
submission deadline of June 1, 2027 applies to 2026 data.
    7. Merger or acquisition--coverage of surviving or newly formed 
institution. After a merger or acquisition, the surviving or newly 
formed financial institution is a covered financial institution under 
Sec.  1002.105(b) if it, considering the combined lending activity of 
the surviving or newly formed institution and the merged or acquired 
financial institutions (or acquired branches or locations), satisfies 
the criteria included in Sec.  1002.105(b). For example, Financial 
Institutions A and B merge. The surviving or newly formed financial 
institution meets the threshold in Sec.  1002.105(b) if the combined 
previous components of the surviving or newly formed financial 
institution (A plus B) would have originated at least 100 covered 
credit transactions for small businesses for each of the two preceding 
calendar years. Similarly, if the combined previous components and the 
surviving or newly formed financial institution would have reported at 
least 100 covered transactions for small businesses for the year 
previous to the merger as well as 100 covered transactions for small 
businesses for the year of the merger, the threshold described in Sec.  
1002.105(b) would be met and the surviving or newly formed financial 
institution would be a covered institution under Sec.  1002.105(b) for 
the year following the merger. Comment 105(b)-8 discusses a financial 
institution's responsibilities with respect to compiling and 
maintaining (and subsequently reporting) data during the calendar year 
of a merger.
    8. Merger or acquisition--coverage specific to the calendar year of 
the merger or acquisition. The scenarios described below illustrate a 
financial institution's responsibilities specifically for data from the 
calendar year of a merger or acquisition. For purposes of these 
illustrations, an ``institution that is not covered'' means either an 
institution that is not a financial institution, as defined in Sec.  
1002.105(a), or a financial institution that is not a covered financial 
institution, as defined in Sec.  1002.105(b).
    i. Two institutions that are not covered financial institutions 
merge. The surviving or newly formed institution meets all of the 
requirements necessary to be a covered financial institution. No data 
are required to be compiled, maintained, or reported for the calendar 
year of the merger (even though the merger creates an institution that 
meets all of the requirements necessary to be a covered financial 
institution).

[[Page 35544]]

    ii. A covered financial institution and an institution that is not 
covered merge. The covered financial institution is the surviving 
institution, or a new covered financial institution is formed. For the 
calendar year of the merger, data are required to be compiled, 
maintained, and reported for covered applications from the covered 
financial institution and is optional for covered applications from the 
financial institution that was previously not covered.
    iii. A covered financial institution and an institution that is not 
covered merge. The institution that is not covered is the surviving 
institution and remains not covered after the merger, or a new 
institution that is not covered is formed. For the calendar year of the 
merger, data are required to be compiled and maintained (and 
subsequently reported) for covered applications from the previously 
covered financial institution that took place prior to the merger. 
After the merger date, compiling, maintaining, and reporting data is 
optional for applications from the institution that was previously 
covered for the remainder of the calendar year of the merger.
    iv. Two covered financial institutions merge. The surviving or 
newly formed financial institution is a covered financial institution. 
Data are required to be compiled and maintained (and subsequently 
reported) for the entire calendar year of the merger. The surviving or 
newly formed financial institution files either a consolidated 
submission or separate submissions for that calendar year.
    9. Foreign applicability. As discussed in comment 1(a)-2, 
Regulation B (including subpart B) generally does not apply to lending 
activities that occur outside the United States.
    10. Voluntary collection and reporting. Section 1002.5(a)(4)(vii) 
through (x) permits a creditor that is not a covered financial 
institution under Sec.  1002.105(b) to voluntarily collect and report 
information regarding covered applications from small businesses in 
certain circumstances. If a creditor is voluntarily collecting 
information for covered applications regarding whether the applicant is 
a minority-owned business, a women-owned business, and/or an LGBTQI+-
owned business under Sec.  1002.107(a)(18), and regarding the 
ethnicity, race, and sex of the applicant's principal owners under 
Sec.  1002.107(a)(19), it shall do so in compliance with Sec. Sec.  
1002.107, 1002.108, 1002.111, 1002.112 as though it were a covered 
financial institution. If a creditor is reporting those covered 
applications from small businesses to the Bureau, it shall do so in 
compliance with Sec. Sec.  1002.109 and 1002.110 as though it were a 
covered financial institution.

Section 1002.106--Business and Small Business

106(b) Small Business Definition
106(b)(1) Small Business
    1. Change in determination of small business status--business is 
ultimately not a small business. If a financial institution initially 
determines an applicant is a small business as defined in Sec.  
1002.106 based on available information and collects data required by 
Sec.  1002.107(a)(18) and (19) but later concludes that the applicant 
is not a small business, the financial institution does not violate the 
Act or this regulation if it meets the requirements of Sec.  
1002.112(c)(4). The financial institution shall not report the 
application on its small business lending application register pursuant 
to Sec.  1002.109.
    2. Change in determination of small business status--business is 
ultimately a small business. Consistent with comment 107(a)(14)-1, a 
financial institution need not independently verify gross annual 
revenue. If a financial institution initially determines that the 
applicant is not a small business as defined in Sec.  1002.106(b), but 
later concludes the applicant is a small business prior to taking final 
action on the application, the financial institution must report the 
covered application pursuant to Sec.  1002.109. In this situation, the 
financial institution shall endeavor to compile, maintain, and report 
the data required under Sec.  1002.107(a) in a manner that is 
reasonable under the circumstances. For example, if the applicant 
initially provides a gross annual revenue of $5.5 million (that is, 
above the threshold for a small business as initially defined in Sec.  
1002.106(b)(1)), but during the course of underwriting the financial 
institution discovers the applicant's gross annual revenue was in fact 
$4.75 million (meaning that the applicant is within the definition of a 
small business under Sec.  1002.106(b)), the financial institution is 
required to report the covered application pursuant to Sec.  1002.109. 
In this situation, the financial institution shall take reasonable 
steps upon discovery to compile, maintain, and report the data 
necessary under Sec.  1002.107(a) to comply with subpart B of this part 
for that covered application. Thus, in this example, even if the 
financial institution's procedure is typically to request applicant-
provided data together with the application form, in this circumstance, 
the financial institution shall seek to collect the data during the 
application process necessary to comply with subpart B in a manner that 
is reasonable under the circumstances.
    3. Applicant's representations regarding gross annual revenue; 
inclusion of affiliate revenue; updated or verified information. A 
financial institution is permitted to rely on an applicant's 
representations regarding gross annual revenue (which may or may not 
include any affiliate's revenue) for purposes of determining small 
business status under Sec.  1002.106(b). However, if the applicant 
provides updated gross annual revenue information or the financial 
institution verifies the gross annual revenue information (see comment 
107(b)-1), the financial institution must use the updated or verified 
information in determining small business status.
    4. Multiple unaffiliated co-applicants--size determination. The 
financial institution shall not aggregate unaffiliated co-applicants' 
gross annual revenues for purposes of determining small business status 
under Sec.  1002.106(b). If a covered financial institution receives a 
covered application from multiple businesses who are not affiliates, as 
defined by Sec.  1002.102(a), where at least one business is a small 
business under Sec.  1002.106(b), the financial institution shall 
compile, maintain, and report data pursuant to Sec. Sec.  1002.107 
through 1002.109 regarding the covered application for only a single 
applicant that is a small business. See comment 103(a)-10 for 
additional details.
106(b)(2) Inflation Adjustment
    1. Inflation adjustment methodology. The small business gross 
annual revenue threshold set forth in Sec.  1002.106(b)(1) will be 
adjusted upward or downward to reflect changes, if any, in the Consumer 
Price Index for All Urban Consumers (U.S. city average series for all 
items, not seasonally adjusted), as published by the United States 
Bureau of Labor Statistics (``CPI-U''). The base for computing each 
adjustment is the January 2025 CPI-U; this base value shall be compared 
to the CPI-U value in January 2030 and every five years thereafter. For 
example, after the January 2030 CPI-U is made available, the adjustment 
is calculated by determining the percentage change in the CPI-U between 
January 2025 and January 2030, applying this change to the $5 million 
gross annual revenue threshold, and rounding to the nearest $500,000. 
If, as a result of this rounding, there is no change in the gross 
annual revenue threshold, there will be no adjustment. For example, if 
in January

[[Page 35545]]

2030 the adjusted value were $4.9 million (reflecting a $100,000 
decrease from January 2025 CPI-U), then the threshold would not adjust 
because $4.9 million would be rounded up to $5 million. If on the other 
hand, the adjusted value were $5.7 million, then the threshold would 
adjust to $5.5 million. Where the adjusted value is a multiple of 
$250,000 (e.g., $5,250,000), then the threshold adjusts upward (in this 
example, to $5,500,000).
    2. Substitute for CPI-U. If publication of the CPI-U ceases, or if 
the CPI-U otherwise becomes unavailable or is altered in such a way as 
to be unusable, then the Bureau shall substitute another reliable cost 
of living indicator from the United States Government for the purpose 
of calculating adjustments pursuant to Sec.  1002.106(b)(2).

Section 1002.107--Compilation of Reportable Data

107(a) Data Format and Itemization
    1. General. Section 1002.107(a) describes a covered financial 
institution's obligation to compile and maintain data regarding the 
covered applications it receives from small businesses.
    i. A covered financial institution reports these data even if the 
credit originated pursuant to the reported application was subsequently 
sold by the institution.
    ii. A covered financial institution annually reports data for 
covered applications for which final action was taken in the previous 
calendar year.
    iii. A covered financial institution reports data for a covered 
application on its small business lending application register for the 
calendar year during which final action was taken on the application, 
even if the institution received the application in a previous calendar 
year.
    2. Free-form text fields. A covered financial institution may use 
technology such as autocorrect and predictive text when requesting 
applicant-provided data under subpart B of this part that the financial 
institution reports via free-form text fields, provided that such 
technology does not restrict the applicant's ability to write in its 
own response instead of using text suggested by the technology.
    3. Filing Instructions Guide. Additional details and procedures for 
compiling data pursuant to Sec.  1002.107 are included in the Filing 
Instructions Guide, which is available at https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/.
    4. Additional data point response options. The Bureau may add 
additional response options to the lists of responses contained in the 
commentary that follows for certain of the data points set forth in 
Sec.  1002.107(a), via the Filing Instructions Guide. Refer to the 
Filing Instructions Guide for any updates for each reporting year.
107(a)(1) Unique Identifier
    1. Unique within the financial institution. A financial institution 
complies with Sec.  1002.107(a)(1) by compiling and reporting an 
alphanumeric application or loan identifier unique within the financial 
institution to the specific application. The identifier must not exceed 
45 characters, and must begin with the financial institution's Legal 
Entity Identifier (LEI), as defined in comment 109(b)(6)-1. Separate 
applications for the same applicant must have separate identifiers. The 
identifier may only include standard numerical and/or upper-case 
alphabetical characters and cannot include dashes, other special 
characters, or characters with diacritics. The financial institution 
may assign the unique identifier at any time prior to reporting the 
application. Refinancings or applications for refinancing must be 
assigned a different identifier than the transaction that is being 
refinanced. A financial institution with multiple branches must ensure 
that its branches do not use the same identifiers to refer to multiple 
applications.
    2. Does not include directly identifying information. The unique 
identifier must not include any directly identifying information, such 
as a whole or partial Social Security number or employer identification 
number, about the applicant or persons (natural or legal) associated 
with the applicant. See also Sec.  1002.111(c) and related commentary.
107(a)(2) Application Date
    1. Consistency. Section 1002.107(a)(2) requires that, in reporting 
the date of covered application, a financial institution shall report 
the date the covered application was received or the date shown on a 
paper or electronic application form. Although a financial institution 
need not choose the same approach for its entire small business lending 
application register, it should generally be consistent in its approach 
by, for example, establishing procedures for how to report this date 
within particular scenarios, products, or divisions. If the financial 
institution chooses to report the date shown on an application form and 
the institution retains multiple versions of the application form, the 
institution reports the date shown on the first application form 
satisfying the definition of covered application pursuant to Sec.  
1002.103.
    2. Application received. For an application submitted directly to 
the financial institution or its affiliate (as described in Sec.  
1002.107(a)(4)), the financial institution shall report the date it 
received the covered application, as defined under Sec.  1002.103, or 
the date shown on a paper or electronic application form. For an 
application initially submitted to a third party, see comment 
107(a)(2)-3.
    3. Indirect applications. For an application that was not submitted 
directly to the financial institution or its affiliate (as described in 
Sec.  1002.107(a)(4)), the financial institution shall report the date 
the application was received by the party that initially received the 
application, the date the application was received by the financial 
institution, or the date shown on the application form. Although a 
financial institution need not choose the same approach for its entire 
small business lending application register, it should generally be 
consistent in its approach by, for example, establishing procedures for 
how to report this date within particular scenarios, products, or 
divisions.
    4. Safe harbor. Pursuant to Sec.  1002.112(c)(1), a financial 
institution that reports on its small business lending application 
register an application date that is within three business days of the 
actual application date pursuant to Sec.  1002.107(a)(2) does not 
violate the Act or subpart B of this part. For purposes of this 
paragraph, a business day means any day the financial institution is 
open for business.
107(a)(3) Application Method
    1. General. A financial institution complies with Sec.  
1002.107(a)(3) by reporting the means by which the applicant submitted 
the application from one of the following options: in-person, 
telephone, online, or mail. If the financial institution retains 
multiple versions of the application form, the institution reports the 
means by which the first application form satisfying the definition of 
covered application pursuant to Sec.  1002.103 was submitted.
    i. In-person. A financial institution reports the application 
method as ``in-person'' if the applicant submitted the application to 
the financial institution, or to another party acting on the financial 
institution's behalf, in person. The in-person application method 
applies, for example, to applications submitted at a branch office 
(including applications hand delivered by the applicant), at the 
applicant's place of

[[Page 35546]]

business, or via electronic media with a video component).
    ii. Telephone. A financial institution reports the application 
method as ``telephone'' if the applicant submitted the application to 
the financial institution, or another party acting on the financial 
institution's behalf, by telephone call or via audio-based electronic 
media without a video component.
    iii. Online. A financial institution reports the application method 
as ``online'' if the applicant submitted the application to the 
financial institution, or another party acting on the financial 
institution's behalf, through a website, mobile application (app), fax 
transmission, electronic mail, text message, or some other form of 
text-based electronic communication.
    iv. Mail. A financial institution reports the application method as 
``mail'' if the applicant submitted the application to the financial 
institution, or another party acting on the financial institution's 
behalf, via United States mail, courier or overnight service, or an 
overnight drop box.
107(a)(4) Application Recipient
    1. Agents. When a financial institution is reporting actions taken 
by its agent consistent with comment 109(a)(3)-3, the agent is 
considered the financial institution for the purposes of Sec.  
1002.107(a)(4). For example, assume that an applicant submitted an 
application to Financial Institution B, and Financial Institution B 
made the credit decision acting as Financial Institution A's agent 
under State law. Financial Institution A reports the application and 
indicates that the application was submitted directly to Financial 
Institution A.
107(a)(5) Credit Type
    1. Reporting credit product--in general. A financial institution 
complies with Sec.  1002.107(a)(5)(i) by selecting the credit product 
applied for or originated, from the list below. If the credit product 
applied for or originated is not included on this list, the financial 
institution selects ``other,'' and reports the credit product via free-
form text field. If an applicant requested more than one credit product 
at the same time, the financial institution reports each credit product 
requested as a separate application. However, if the applicant only 
requested a single covered credit transaction, but had not decided on 
which particular product, the financial institution complies with Sec.  
1002.107(a)(5)(i) by reporting the credit product originated (if 
originated), or the credit product denied (if denied), or the credit 
product of greater interest to the applicant, if readily determinable. 
If the credit product of greater interest to the applicant is not 
readily determinable, the financial institution complies with Sec.  
1002.107(a)(5)(i) by reporting one of the credit products requested as 
part of the request for a single covered credit transaction, in its 
discretion. See comment 103(a)-5 for instructions on reporting requests 
for multiple covered credit transactions at one time.
    i. Term loan--unsecured.
    ii. Term loan--secured.
    iii. Line of credit--unsecured.
    iv. Line of credit--secured.
    v. Credit card account, not private-label.
    vi. Private-label credit card account.
    vii. Merchant cash advance.
    viii. Other sales-based financing transaction.
    ix. Other.
    x. Not provided by applicant and otherwise undetermined.
    2. Credit card account, not private-label. A financial institution 
complies with Sec.  1002.107(a)(5)(i) by reporting the credit product 
as a ``credit card account, not private-label'' when the product is a 
business-purpose open-end credit account that is not private label and 
that may be accessed from time to time by a card, plate, or other 
single credit device to obtain credit, except that accounts or lines of 
credit secured by real property and overdraft lines of credit accessed 
by debit cards are not credit card accounts. The term credit card 
account does not include debit card accounts or closed-end credit that 
may be accessed by a card, plate, or single credit device. The term 
credit card account does include charge card accounts that are 
generally paid in full each billing period, as well as hybrid prepaid-
credit cards. A financial institution reports multiple credit card 
account, not private-label applications requested at one time using the 
guidance in comment 103(a)-7.
    3. Private-label credit card account. A financial institution 
complies with Sec.  1002.107(a)(5)(i) by reporting the credit product 
as a ``private-label credit card account'' when the product is a 
business-purpose open-end private-label credit account that otherwise 
meets the description of a credit card account in comment 107(a)(5)-2. 
A private-label credit card account is a credit card account that can 
only be used to acquire goods or services provided by one business (for 
example, a specific merchant, retailer, independent dealer, or 
manufacturer) or a small group of related businesses. A co-branded or 
other card that can also be used for purchases at unrelated businesses 
is not a private-label credit card. A financial institution reports 
multiple private-label credit card account applications requested at 
one time in the same manner as credit card account, not private-label 
applications, using the guidance in comment 103(a)-7.
    4. Credit product not provided by the applicant and otherwise 
undetermined. Pursuant to Sec.  1002.107(c), a financial institution is 
required to maintain procedures reasonably designed to collect 
applicant-provided data, which includes credit product. However, if a 
financial institution is nonetheless unable to collect or otherwise 
determine credit product information because the applicant does not 
indicate what credit product it seeks and the application is denied, 
withdrawn, or closed for incompleteness before a credit product is 
identified, the financial institution reports that the credit product 
is ``not provided by applicant and otherwise undetermined.''
    5. Reporting credit product involving counteroffers. If a financial 
institution presents a counteroffer for a different credit product than 
the product the applicant had initially requested, and the applicant 
does not agree to proceed with the counteroffer, the financial 
institution reports the application for the original credit product as 
denied pursuant to Sec.  1002.107(a)(9). If the applicant agrees to 
proceed with consideration of the financial institution's counteroffer, 
the financial institution reports the disposition of the application 
based on the credit product that was offered and does not report the 
original credit product applied for. See comment 107(a)(9)-2.
    6. Other sales-based financing transaction. For an extension of 
business credit incident to a factoring arrangement that is otherwise a 
covered credit transaction, a financial institution selects ``other 
sales-based financing transaction'' as the credit product. See comment 
104(b)-1.
    7. Guarantees. A financial institution complies with Sec.  
1002.107(a)(5)(ii) by selecting the type or types of guarantees that 
were obtained for an originated covered credit transaction, or that 
would have been obtained if the covered credit transaction was 
originated, from the list below. The financial institution selects, if 
applicable, up to a maximum of five guarantees for a single 
application. If the type of guarantee does not appear on the list, the 
financial institution selects ``other'' and reports the type of 
guarantee via free-form text field. If no guarantee is obtained or 
would have been obtained if the covered credit transaction was 
originated, the

[[Page 35547]]

financial institution selects ``no guarantee.'' If an application is 
denied, withdrawn, or closed for incompleteness before any guarantee 
has been identified, the financial institution selects ``no 
guarantee.'' The financial institution chooses State government 
guarantee or local government guarantee, as applicable, based on the 
entity directly administering the program, not the source of funding.
    i. Personal guarantee--owner(s).
    ii. Personal guarantee--non-owner(s).
    iii. SBA guarantee--7(a) program.
    iv. SBA guarantee--504 program.
    v. SBA guarantee--other.
    vi. USDA guarantee.
    vii. FHA insurance.
    viii. Bureau of Indian Affairs guarantee.
    ix. Other Federal guarantee.
    x. State government guarantee.
    xi. Local government guarantee.
    xii. Other.
    xiii. No guarantee.
    8. Loan term. A financial institution complies with Sec.  
1002.107(a)(5)(iii) by reporting the number of months in the loan term 
for the covered credit transaction. The loan term is the number of 
months after which the legal obligation will mature or terminate, 
measured from the date of origination. For transactions involving real 
property, the financial institution may instead measure the loan term 
from the date of the first payment period and disregard the time that 
elapses, if any, between the settlement of the transaction and the 
first payment period. For example, if a loan closes on April 12, but 
the first payment is not due until June 1 and includes the interest 
accrued in May (but not April), the financial institution may choose 
not to include the month of April in the loan term. In addition, the 
financial institution may round the loan term to the nearest full month 
or may count only full months and ignore partial months, as it so 
chooses. If a credit product, such as a credit card, does not have a 
loan term, the financial institution reports that the loan term is 
``not applicable.'' The financial institution also reports that the 
loan term is ``not applicable'' if the credit product is reported as 
``not provided by applicant and otherwise undetermined.'' For a credit 
product that generally has a loan term, the financial institution 
reports ``not provided by applicant and otherwise undetermined'' if the 
application is denied, withdrawn, or determined to be incomplete before 
a loan term has been identified. For merchant cash advances and other 
sales-based financing transactions, the financial institution complies 
with Sec.  1002.107(a)(5)(iii) by reporting the loan term, if any, that 
the financial institution estimated or specified in processing, 
underwriting or providing disclosures for the application or 
transaction. If more than one such loan term is estimated or specified, 
the financial institution reports the one it considers to be most 
accurate, in its discretion. For merchant cash advances and other 
sales-based financing transactions that do not have a loan term, the 
financial institution reports ``not provided by applicant and otherwise 
undetermined.''
107(a)(6) Credit Purpose
    1. General. A financial institution complies with Sec.  
1002.107(a)(6) by selecting the purpose or purposes of the covered 
credit transaction applied for or originated from the list below.
    i. Purchase, construction/improvement, or refinance of non-owner-
occupied real property.
    ii. Purchase, construction/improvement, or refinance of owner-
occupied real property.
    iii. Purchase, refinance, or rehabilitation/repair of motor 
vehicle(s) (including light and heavy trucks).
    iv. Purchase, refinance, or rehabilitation/repair of equipment.
    v. Working capital (includes inventory or floor planning).
    vi. Business start-up.
    vii. Business expansion.
    viii. Business acquisition.
    ix. Refinance existing debt (other than refinancings listed above).
    x. Line increase.
    xi. Overdraft.
    xii. Other.
    xiii. Not provided by applicant and otherwise undetermined.
    xiv. Not applicable.
    2. More than one purpose. If the applicant indicates or the 
financial institution is otherwise aware of more than one purpose for 
the credit applied for or originated, the financial institution reports 
those purposes, up to a maximum of three, using the list provided, in 
any order it chooses. For example, if an applicant refinances a 
commercial building it owns and uses the funds to purchase a motor 
vehicle and expand the business it runs in a part of that building, the 
financial institution reports that the three purposes of the credit are 
purchase, construction/improvement, or refinance of owner-occupied real 
property; purchase, refinance, or rehabilitation/repair of motor 
vehicle(s) (including light and heavy trucks); and business expansion. 
If an application has more than three purposes, the financial 
institution reports any three of those purposes. In the example above, 
if the funds were also used to purchase equipment, the financial 
institution would select only three of the relevant purposes to report.
    3. ``Other'' credit purpose. If a purpose of an application does 
not appear on the list of purposes provided, the financial institution 
reports ``other'' as the credit purpose and reports the credit purpose 
via free-form text field. If the application has more than one 
``other'' purpose, the financial institution chooses the most 
significant ``other'' purpose, in its discretion, and reports that 
``other'' purpose. The financial institution reports a maximum of three 
credit purposes, including any ``other'' purpose.
    4. Credit purpose not provided by applicant and otherwise 
undetermined. Pursuant to Sec.  1002.107(c), a financial institution 
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes credit purpose. However, if a financial 
institution is nonetheless unable to collect or determine credit 
purpose information, the financial institution reports that the credit 
purpose is ``not provided by applicant and otherwise undetermined.''
    5. Not applicable. If the application is for a credit product that 
generally has indeterminate or numerous potential purposes, such as a 
credit card, the financial institution may report credit purpose as 
``not applicable.''
    6. Collecting credit purpose. Pursuant to Sec.  1002.107(c), a 
financial institution shall maintain procedures reasonably designed to 
collect applicant-provided data, including credit purpose. The 
financial institution is permitted, but not required, to present the 
list of credit purposes provided in comment 107(a)(6)-1 to the 
applicant. The financial institution is also permitted to ask about 
purposes not included on the list provided in comment 107(a)(6)-1. If 
the applicant chooses a purpose or purposes not included on the 
provided list, the financial institution follows the instructions in 
comment 107(a)(6)-3 regarding reporting of ``other'' as the credit 
purpose. If an applicant chooses a purpose or purposes that are similar 
to purposes on the list provided, but uses different language, the 
financial institution reports the purpose or purposes from the list 
provided.
    7. Owner-occupied real property. Real property is owner-occupied if 
any physical portion of the property is used by the owner for any 
activity, including storage.
    8. Overdraft. When overdraft is provided as an aspect of the 
covered credit transaction applied for or

[[Page 35548]]

originated, the financial institution reports ``Overdraft'' as a 
purpose of the credit. The financial institution reports credit type 
pursuant to Sec.  1002.107(a)(5)(i) as appropriate for the underlying 
covered credit transaction, such as ``Line of credit--unsecured.'' 
Providing occasional overdraft services as part of a deposit account 
offering would not be reported for the purpose of subpart B.
107(a)(7) Amount Applied For
    1. Initial amount requested. A financial institution complies with 
Sec.  1002.107(a)(7) by reporting the initial amount of credit or the 
initial credit limit requested by the applicant. The financial 
institution is not required to report credit amounts or limits 
discussed before an application is made, but must capture the initial 
amount requested at the application stage. If the applicant requests an 
amount as a range of numbers, the financial institution reports the 
midpoint of that range.
    2. No amount requested. If the applicant does not request a 
specific amount at the application stage, but the financial institution 
underwrites the application for a specific amount, the financial 
institution complies with Sec.  1002.107(a)(7) by reporting the amount 
considered for underwriting as the amount applied for. If the 
particular type of credit product applied for does not involve a 
specific amount requested, the financial institution reports that the 
requirement is ``not applicable.''
    3. Firm offers. When an applicant responds to a ``firm offer'' that 
specifies an amount or limit, which may occur in conjunction with a 
pre-approved credit solicitation, the financial institution reports the 
amount of the firm offer as the amount applied for, unless the 
applicant requests a different amount. If the firm offer does not 
specify an amount or limit and the applicant does not request a 
specific amount, the amount applied for is the amount underwritten by 
the financial institution. If the firm offer specifies an amount or 
limit as a range and the applicant does not request a specific amount, 
the amount applied for is the amount underwritten by the financial 
institution.
    4. Additional amounts on an existing account. When reporting a 
covered application that seeks additional credit amounts on an existing 
account, the financial institution reports only the additional credit 
amount sought, and not any previous amounts extended. See comment 
103(b)-3.
    5. Initial amount otherwise undetermined. Pursuant to Sec.  
1002.107(c), a financial institution shall maintain procedures 
reasonably designed to collect applicant-provided data, which includes 
the credit amount initially requested by the applicant (other than for 
products that do not involve a specific amount requested). However, if 
a financial institution is nonetheless unable to collect or otherwise 
determine the amount initially requested, the financial institution 
reports that the amount applied for is ``not provided by applicant and 
otherwise undetermined.'' But see comment 107(a)(7)-2 for how to report 
the credit amount initially requested by the applicant for particular 
types of credit products that do not involve a specific amount 
requested.
107(a)(8) Amount Approved or Originated
    1. General. A financial institution complies with Sec.  
1002.107(a)(8) by reporting the amount approved or originated for 
credit that is originated or approved but not accepted. For 
applications that the financial institution, pursuant to Sec.  
1002.107(a)(9), reports as denied, withdrawn by the applicant, or 
incomplete, the financial institution reports that the amount approved 
or originated is ``not applicable.''
    2. Multiple approval amounts. A financial institution may sometimes 
approve an applicant for more than one credit amount, allowing the 
applicant to choose which amount the applicant prefers for the 
extension or line of credit. When multiple approval amounts are offered 
for a closed-end credit transaction for which the action taken is 
approved but not accepted, and the applicant does not accept the 
approved offer of credit in any amount, the financial institution 
reports the highest amount approved. If the applicant accepts the offer 
of closed-end credit, the financial institution reports the amount 
originated. When multiple approval amounts are offered for an open-end 
credit transaction for which the action taken is approved but not 
accepted, and the applicant does not accept the approved offer of 
credit in any amount, the financial institution reports the highest 
amount approved. If the applicant accepts the offer of open-end credit, 
the financial institution reports the actual credit limit established.
    3. Amount approved or originated--closed-end credit transaction. 
For an originated closed-end credit transaction, the financial 
institution reports the principal amount to be repaid. This amount will 
generally be disclosed on the legal obligation.
    4. Amount approved or originated--refinancing. For a refinancing, 
the financial institution reports the amount of credit approved or 
originated under the terms of the new debt obligation.
    5. Amount approved or originated--counteroffer. If an applicant 
agrees to proceed with consideration of a counteroffer for an amount or 
limit different from the amount for which the applicant applied, and 
the covered credit transaction is approved and originated, the 
financial institution reports the amount granted. If an applicant does 
not agree to proceed with consideration of a counteroffer or fails to 
respond, the institution reports the application as denied and reports 
``not applicable'' for the amount approved or originated. See comment 
107(a)(9)-2.
    6. Amount approved or originated--existing accounts. For additional 
credit amounts that were approved for or originated on an existing 
account, the financial institution reports only the additional credit 
amount approved or originated, and not any previous amounts extended.
107(a)(9) Action Taken
    1. General. A financial institution complies with Sec.  
1002.107(a)(9) by selecting the action taken by the financial 
institution on the application from the following list: originated, 
approved but not accepted, denied, withdrawn by the applicant, or 
incomplete. A financial institution identifies the applicable action 
taken code based on final action taken on the covered application.
    i. Originated. A financial institution reports that the application 
was originated if the financial institution made a credit decision 
approving the application and that credit decision resulted in an 
extension of credit.
    ii. Approved but not accepted. A financial institution reports that 
the application was approved but not accepted if the financial 
institution made a credit decision approving the application, but the 
applicant or the party that initially received the application failed 
to respond to the financial institution's approval within the specified 
time, or the covered credit transaction was not otherwise consummated 
or the account was not otherwise opened.
    iii. Denied. A financial institution reports that the application 
was denied if it made a credit decision denying the application before 
an applicant withdrew the application, before the application was 
closed for incompleteness, or before the application was denied on the 
basis of incompleteness.

[[Page 35549]]

    iv. Withdrawn by the applicant. A financial institution reports 
that the application was withdrawn if the application was expressly 
withdrawn by the applicant before the financial institution made a 
credit decision approving or denying the application, before the 
application was closed for incompleteness, or before the application 
was denied on the basis of incompleteness.
    v. Incomplete. A financial institution reports that the application 
was incomplete if the financial institution took adverse action on the 
basis of incompleteness under Sec.  1002.9(a)(1)(ii) and (c)(1)(i) or 
provided a written notice of incompleteness under Sec.  
1002.9(c)(1)(ii) and (2), and the applicant did not respond to the 
request for additional information within the period of time specified 
in the notice.
    2. Treatment of counteroffers. If a financial institution makes a 
counteroffer to grant credit on terms other than those originally 
requested by the applicant (for example, for a shorter loan maturity, 
with a different interest rate, or in a different amount) and the 
applicant declines the counteroffer or fails to respond, the 
institution reports the action taken as a denial on the original terms 
requested by the applicant. If the applicant agrees to proceed with 
consideration of the financial institution's counteroffer, the 
financial institution reports the action taken as the disposition of 
the application based on the terms of the counteroffer. For example, 
assume an applicant applies for a term loan and the financial 
institution makes a counteroffer to proceed with consideration of a 
line of credit. If the applicant declines to be considered for a line 
of credit, the financial institution reports the application as a 
denied request for a term loan. If, on the other hand, the applicant 
agrees to be considered for a line of credit, then the financial 
institution reports the action taken as the disposition of the 
application for the line of credit. For instance, using the same 
example, if the financial institution makes a credit decision approving 
the line of credit, but the applicant fails to respond to the financial 
institution's approval within the specified time by accepting the 
credit offer, the financial institution reports the application on the 
line of credit as approved but not accepted.
    3. Treatment of rescinded transactions. If a borrower successfully 
rescinds a transaction after closing but before a financial institution 
is required to submit its small business lending application register 
containing the information for the application under Sec.  1002.109, 
the institution reports the application as approved but not accepted.
    4. Treatment of pending applications. A financial institution does 
not report any application still pending at the end of the calendar 
year; it reports such applications on its small business lending 
application register for the year in which final action is taken.
    5. Treatment of conditional approvals. If a financial institution 
issues an approval that is subject to the applicant meeting certain 
conditions prior to closing, the financial institution reports the 
action taken as provided below dependent on whether the conditions are 
solely customary commitment or closing conditions or if the conditions 
include any underwriting or creditworthiness conditions. Customary 
commitment or closing conditions may include, for example, a clear-
title requirement, proof of insurance policies, or a subordination 
agreement from another lienholder. Underwriting or creditworthiness 
conditions may include, for example, conditions that constitute a 
counteroffer (such as a demand for a higher down-payment), satisfactory 
loan-to-value ratios, or verification or confirmation, in whatever form 
the institution requires, that the applicant meets underwriting 
conditions concerning applicant creditworthiness, including 
documentation or verification of revenue, income or assets.
    i. Conditional approval--denial. If the approval is conditioned on 
satisfying underwriting or creditworthiness conditions, those 
conditions are not met, and the financial institution takes adverse 
action on some basis other than incompleteness, the financial 
institution reports the action taken as denied.
    ii. Conditional approval--incompleteness. If the approval is 
conditioned on satisfying underwriting or creditworthiness conditions 
that the financial institution needs to make the credit decision, and 
the financial institution takes adverse action on the basis of 
incompleteness under Sec.  1002.9(a)(1)(ii) and (c)(1)(i), or has sent 
a written notice of incompleteness under Sec.  1002.9(c)(1)(ii) and 
(2), and the applicant did not respond within the period of time 
specified in the notice, the financial institution reports the action 
taken as incomplete.
    iii. Conditional approval--approved but not accepted. If the 
approval is conditioned on satisfying conditions that are solely 
customary commitment or closing conditions and the conditions are not 
met, the financial institution reports the action taken as approved but 
not accepted. If all the conditions (underwriting, creditworthiness, or 
customary commitment or closing conditions) are satisfied and the 
financial institution agrees to extend credit but the covered credit 
transaction is not originated (for example, because the applicant 
withdraws), the financial institution reports the action taken as 
approved but not accepted.
    iv. Conditional approval--withdrawn by the applicant. If the 
applicant expressly withdraws before satisfying all underwriting or 
creditworthiness conditions and before the institution denies the 
application or before the institution closes the file for 
incompleteness, the financial institution reports the action taken as 
withdrawn.
107(a)(10) Action Taken Date
    1. Reporting action taken date for denied applications. For 
applications that are denied, a financial institution reports either 
the date the application was denied or the date the denial notice was 
sent to the applicant.
    2. Reporting action taken date for applications withdrawn by 
applicant. For applications that are withdrawn by the applicant, the 
financial institution reports the date the express withdrawal was 
received, or the date shown on the notification form in the case of a 
written withdrawal.
    3. Reporting action taken date for applications that are approved 
but not accepted. For applications approved by a financial institution 
but not accepted by the applicant, the financial institution reports 
any reasonable date, such as the approval date, the deadline for 
accepting the offer, or the date the file was closed. A financial 
institution should generally be consistent in its approach to reporting 
by, for example, establishing procedures for how to report this date 
for particular scenarios, products, or divisions.
    4. Reporting action taken date for originated applications. For 
applications that result in an extension of credit, a financial 
institution generally reports the closing or account opening date. If 
the disbursement of funds takes place on a date later than the closing 
or account opening date, the institution may, alternatively, use the 
date of initial disbursement. A financial institution should generally 
be consistent in its approach to reporting by, for example, 
establishing procedures for how to report this date for particular 
scenarios, products, or divisions.
    5. Reporting action taken date for incomplete applications. For 
applications closed for incompleteness or denied for incompleteness, 
the financial institution reports either the date the action was taken 
or the date the

[[Page 35550]]

denial or incompleteness notice was sent to the applicant.
107(a)(11) Denial Reasons
    1. Reason for denial--in general. A financial institution complies 
with Sec.  1002.107(a)(11) by reporting the principal reason or reasons 
it denied the application, indicating up to four reasons. The financial 
institution reports only the principal reason or reasons it denied the 
application. For example, if a financial institution denies an 
application due to insufficient cashflow, unacceptable collateral, and 
unverifiable business information, the financial institution is 
required to report these three reasons. The reasons reported must 
accurately describe the principal reason or reasons the financial 
institution denied the application. A financial institution reports 
denial reasons by selecting its principal reason or reasons for denying 
the application from the following list:
    i. Credit characteristics of the business. A financial institution 
reports the denial reason as ``credit characteristics of the business'' 
if it denies the application based on an assessment of the business's 
ability to meet its current or future credit obligations. Examples 
include business credit score, history of business bankruptcy or 
delinquency, and/or a high number of recent business credit inquiries.
    ii. Credit characteristics of the principal owner(s) or 
guarantor(s). A financial institution reports the denial reason as 
``credit characteristics of the principal owner(s) or guarantor(s)'' if 
it denies the application based on an assessment of the principal 
owner(s) or guarantor(s)'s ability to meet its current or future credit 
obligations. Examples include principal owner(s) or guarantor(s)'s 
credit score, history of charge offs, bankruptcy or delinquency, low 
net worth, limited or insufficient credit history, or history of 
excessive overdraft.
    iii. Use of credit proceeds. A financial institution reports the 
denial reason as ``use of credit proceeds'' if it denies an application 
because, as a matter of policy or practice, it places limits on lending 
to certain kinds of businesses, products, or activities it has 
identified as high risk.
    iv. Cashflow. A financial institution reports the denial reason as 
``cashflow'' when it denies an application due to insufficient or 
inconsistent cashflow.
    v. Collateral. A financial institution reports the denial reason as 
``collateral'' when it denies an application due to collateral that it 
deems insufficient or otherwise unacceptable.
    vi. Time in business. A financial institution reports the denial 
reason as ``time in business'' when it denies an application due to 
insufficient time or experience in a line of business.
    vii. Government loan program criteria. Certain loan programs are 
backed by government agencies that have specific eligibility 
requirements. When those requirements are not met by an applicant, and 
the financial institution denies the application, the financial 
institution reports the denial reason as ``government loan program 
criteria.'' For example, if an applicant cannot meet a government-
guaranteed loan program's requirement to provide a guarantor or proof 
of insurance, the financial institution reports the reason for the 
denial as ``government loan program criteria.''
    viii. Aggregate exposure. Aggregate exposure is a measure of the 
total exposure or level of indebtedness of the business and its 
principal owner(s) associated with an application. A financial 
institution reports the denial reason as ``aggregate exposure'' where 
the total debt associated with the application is deemed high or 
exceeds certain debt thresholds set by the financial institution. For 
example, if an application for unsecured credit exceeds the maximum 
amount a financial institution is permitted to approve per applicant, 
as stated in its credit guidelines, and the financial institution 
denies the application for this reason, the financial institution 
reports the reason for denial as ``aggregate exposure.''
    ix. Unverifiable information. A financial institution reports the 
denial reason as ``unverifiable information'' when it is unable to 
verify information provided as part of the application, and denies the 
application for that reason. The unverifiable information must be 
necessary for the financial institution to make a credit decision based 
on its procedures for the type of credit requested. Examples include 
unverifiable assets or collateral, unavailable business credit report, 
and unverifiable business ownership composition.
    x. Other. A financial institution reports the denial reason as 
``other'' where none of the enumerated denial reasons adequately 
describe the principal reason or reasons it denied the application, and 
the institution reports the denial reason or reasons via free-form text 
field.
    2. Reason for denial--not applicable. A financial institution 
complies with Sec.  1002.107(a)(11) by reporting that the requirement 
is not applicable if the action taken on the application, pursuant to 
Sec.  1002.107(a)(9), is not a denial. For example, if the application 
resulted in an originated covered credit transaction, or the 
application was approved but not accepted, the financial institution 
complies with Sec.  1002.107(a)(11) by reporting not applicable.
107(a)(12) Pricing Information
    1. General. For applications that a financial institution, pursuant 
to Sec.  1002.107(a)(9), reports as denied, withdrawn by the applicant, 
or incomplete, the financial institution reports that pricing 
information is ``not applicable.''
107(a)(12)(i) Interest Rate
    1. General. A financial institution complies with Sec.  
1002.107(a)(12)(i) by reporting the interest rate applicable to the 
amount of credit approved or originated as reported pursuant to Sec.  
1002.107(a)(8).
    2. Interest rate--initial period. If a covered credit transaction 
includes an initial period with an introductory interest rate of 12 
months or less, after which the interest rate adjusts upwards or shifts 
from a fixed to variable rate, a financial institution complies with 
Sec.  1002.107(a)(12)(i) by reporting information about the interest 
rate applicable after the initial period. If a covered transaction 
includes an initial period with an interest rate of more than 12 months 
after which the interest rate resets, a financial institution complies 
with Sec.  1002.107(a)(12)(i) by reporting information about the 
interest rate applicable prior to the reset period. For example, if a 
financial institution originates a covered credit transaction with a 
fixed, initial interest rate of 0 percent for six months following 
origination, after which the interest rate will adjust according to a 
Prime index rate plus a 3 percent margin, the financial institution 
reports the 3 percent margin, Prime as the name of the index used to 
adjust the interest rate, the number 6 for the length of the initial 
period, and ``not applicable'' for the index value. As another example, 
in a 10/1 adjustable-rate mortgage transaction, where the first 10 
years of the repayment period has a fixed rate of 3 percent and after 
year 10 the interest rate will adjust according to a Prime index rate 
plus a 3 percent margin, a financial institution complies with Sec.  
1002.107(a)(12)(i) by reporting the fixed rate of 3 percent, the number 
120 for the initial period, and ``not applicable'' in the fields for 
the index, margin, and index value.
    3. Multiple interest rates. If a covered credit transaction 
includes multiple

[[Page 35551]]

interest rates applicable to different credit features, a financial 
institution complies with Sec.  1002.107(a)(12)(i) by reporting the 
interest rate applicable to the amount of credit approved or originated 
reported pursuant to Sec.  1002.107(a)(8). For example, if a financial 
institution originates a credit card with different interest rates for 
purchases, balance transfers, cash advances, and overdraft advances, 
the financial institution reports the interest rate applicable for 
purchases.
    4. Index names. A financial institution complies with Sec.  
1002.107(a)(12)(i) by selecting the index used from the following list: 
Wall Street Journal Prime, 6-month CD rate, 1-year T-Bill, 3-year T-
Bill, 5-year T-Note, 12-month average of 10-year T-Bill, Cost of Funds 
Index (COFI)-National, Cost of Funds Index (COFI)-11th District, 
Constant Maturity Treasury (CMT). If the index used is internal to the 
financial institution, the financial institution reports ``internal 
index'' via the list of indices provided. If the index used does not 
appear on the list of indices provided (and is not internal to the 
financial institution), the financial institution reports ``other'' and 
reports the name of the index via free-form text field.
    5. Index value. For covered transactions with an adjustable 
interest rate, a financial institution complies with Sec.  
1002.107(a)(12)(i)(B) by reporting the index value used to set the rate 
that is or would be applicable to the covered transaction.
107(a)(12)(ii) Total Origination Charges
    1. Charges in comparable cash transactions. Charges imposed 
uniformly in cash and credit transactions are not reportable under 
Sec.  1002.107(a)(12)(ii). In determining whether an item is part of 
the total origination charges, a financial institution should compare 
the covered credit transaction in question with a similar cash 
transaction. A financial institution financing the sale of property or 
services may compare charges with those payable in a similar cash 
transaction by the seller of the property or service.
    2. Charges by third parties. A financial institution includes fees 
and amounts charged by someone other than the financial institution in 
the total charges reported if the financial institution:
    i. Requires the use of a third party as a condition of or an 
incident to the extension of credit, even if the applicant can choose 
the third party; or
    ii. Retains a portion of the third-party charge, to the extent of 
the portion retained.
    3. Special rule; broker fees. A financial institution complies with 
Sec.  1002.107(a)(12)(ii) by including fees charged by a broker 
(including fees paid by the applicant directly to the broker or to the 
financial institution for delivery to the broker) in the total 
origination charges reported even if the financial institution does not 
require the applicant to use a broker and even if the financial 
institution does not retain any portion of the charge. For more 
information on broker fees, see commentary for Sec.  
1002.107(a)(12)(iii).
    4. Bundled services. Total origination charges include all charges 
imposed directly or indirectly by the financial institution at or 
before origination as an incident to or a condition of the extension of 
credit. Accordingly, a financial institution complies with Sec.  
1002.107(a)(12)(ii) by including charges for other products or services 
paid at or before origination in the total origination charges reported 
if the financial institution requires the purchase of such other 
product or service as a condition of or an incident to the extension of 
credit.
    5. Origination charges--examples. Examples of origination charges 
may include application fees, credit report fees, points, appraisal 
fees, and other similar charges.
    6. Net lender credit. If a financial institution provides a credit 
to an applicant that is greater than the total origination charges the 
applicant would have paid, the financial institution complies with 
Sec.  1002.107(a)(12)(ii) by reporting the net lender credit as a 
negative amount. For example, if a covered transaction has $500 
provided to the applicant at origination to offset closing costs, and 
the financial institution does not charge any origination charges, the 
financial institution complies with Sec.  1002.107(a)(12)(ii) by 
reporting negative $500 as the total origination charges.
107(a)(12)(iii) Broker Fees
    1. Amount. A financial institution complies with Sec.  
1002.107(a)(12)(iii) by including the fees reported in Sec.  
1002.107(a)(12)(ii) that are fees paid by the applicant directly to the 
broker or to the financial institution for delivery to the broker. For 
example, a covered transaction has $3,000 of total origination charges. 
Of that $3,000, $250 are fees paid by the applicant directly to a 
broker and an additional $300 are fees paid to the financial 
institution for delivery to the broker. The financial institution 
complies with Sec.  1002.107(a)(12)(iii) by reporting $550 in the 
broker fees reported.
    2. Fees paid directly to a broker by an applicant. A financial 
institution complies with Sec.  1002.107(a)(12)(iii) by relying on the 
best information readily available to the financial institution at the 
time final action is taken. Information readily available could 
include, for example, information provided by an applicant or broker 
that the financial institution reasonably believes regarding the amount 
of fees paid by the applicant directly to the broker.
107(a)(12)(iv) Initial Annual Charges
    1. Charges during the initial annual period. The total initial 
annual charges include all charges scheduled to be imposed during the 
initial annual period following origination. For example, if a 
financial institution originates a covered credit transaction with a 
$50 monthly fee and a $100 annual fee, the financial institution 
complies with Sec.  1002.107(a)(12)(iv) by reporting $700 in the 
initial annual charges reported. If there will be a charge in the 
initial annual period following origination but the amount of that 
charge is uncertain at the time of origination, a financial institution 
complies with Sec.  1002.107(a)(12)(iv) by not reporting that charge as 
scheduled to be imposed during the initial annual period following 
origination.
    2. Interest excluded. A financial institution complies with Sec.  
1002.107(a)(12)(iv) by excluding any interest expense from the initial 
annual charges reported.
    3. Avoidable charges. A financial institution complies with Sec.  
1002.107(a)(12)(iv) by only including scheduled charges and excluding 
any charges for events that are avoidable by the applicant from the 
initial annual charges reported. Examples of avoidable charges include 
charges for late payment, for exceeding a credit limit, for delinquency 
or default, or for paying items that overdraw an account.
    4. Initial annual charges--examples. Examples of charges scheduled 
to be imposed during the initial annual period may include monthly 
fees, annual fees, and other similar charges.
    5. Scheduled charges with variable amounts. A financial institution 
complies with Sec.  1002.107(a)(12)(iv) by reporting as the default the 
highest amount for a charge scheduled to be imposed. For example, if a 
covered credit transaction has a $75 monthly fee, but the fee is 
reduced to $0 if the applicant maintains an account at the financial 
institution originating the

[[Page 35552]]

covered credit transaction, the financial institution complies with 
Sec.  1002.107(a)(12)(iv) by reporting $900 ($75 x 12) in the initial 
annual charges reported.
    6. Transactions with a term of less than one year. For a 
transaction with a term of less than one year, a financial institution 
complies with Sec.  1002.107(a)(12)(iv) by reporting all charges 
scheduled to be imposed during the term of the transaction.
107(a)(12)(v) Additional Cost for Merchant Cash Advances or Other 
Sales-Based Financing
    1. Merchant cash advances. Section 1002.107(a)(12)(v) requires a 
financial institution to report the difference between the amount 
advanced and the amount to be repaid for a merchant cash advance or 
other sales-based financing transaction. Thus, in a merchant cash 
advance, a financial institution reports the difference between the 
amount advanced and the amount to be repaid, using the amounts 
(expressed in dollars) provided in the contract between the financial 
institution and the applicant.
107(a)(12)(vi) Prepayment Penalties
    1. Policies and procedures applicable to the covered credit 
transaction. The policies and procedures applicable to the covered 
credit transaction include the practices that the financial institution 
follows when evaluating applications for the specific credit type and 
credit purpose requested. For example, assume that a financial 
institution's written procedures permit it to include prepayment 
penalties in the loan agreement for its term loans secured by non-owner 
occupied commercial real estate. For such transactions, the financial 
institution includes prepayment penalties in some loan agreements but 
not others. For an application for, or origination of, a term loan 
secured by non-owner occupied commercial real estate, the financial 
institution reports under Sec.  1002.107(a)(12)(vi)(A) that a 
prepayment penalty could have been included under the policies and 
procedures applicable to the transaction, regardless of whether the 
term loan secured by non-owner occupied commercial real estate actually 
includes a prepayment penalty.
    2. Balloon finance charges. A financial institution complies with 
Sec.  1002.107(a)(12)(vi) by reporting as a prepayment penalty any 
balloon finance charge that may be imposed for paying all or part of 
the transaction's principal before the date on which the principal is 
due. For example, under the terms of a transaction, the amount of funds 
advanced is $12,000, the amount to be repaid is $24,000 (which includes 
$12,000 in principal and $12,000 in interest and fees), the length of 
the transaction is 12 months, and the applicant must repay $2,000 per 
month. The terms of the transaction state that if the applicant prepays 
the principal before the 12-month period is over, the applicant is 
responsible for paying the difference between $24,000 and the amount 
the applicant has already repaid prior to initiating prepayment. The 
difference between the $24,000 to be repaid and what the applicant has 
already repaid prior to initiating prepayment is a balloon finance 
charge and should be reported as a prepayment penalty.
107(a)(13) Census Tract
    1. General. A financial institution complies with Sec.  
1002.107(a)(13) by reporting a census tract number as defined by the 
U.S. Census Bureau, which includes State and county numerical codes. A 
financial institution complies with Sec.  1002.107(a)(13) if it uses 
the boundaries and codes in effect on January 1 of the calendar year 
covered by the small business lending application register that it is 
reporting. The financial institution reports census tract based on the 
following:
    i. Proceeds address. A financial institution complies with Sec.  
1002.107(a)(13) by reporting a census tract based on the address or 
location where the proceeds of the credit applied for or originated 
will be or would have been principally applied, if known. For example, 
a financial institution would report a census tract based on the 
address or location of the site where the proceeds of a construction 
loan will be applied.
    ii. Main office or headquarters address. If the address or location 
where the proceeds of the credit applied for or originated will be or 
would have been principally applied is unknown, a financial institution 
complies with Sec.  1002.107(a)(13) by reporting a census tract number 
based on the address or location of the main office or headquarters of 
the applicant, if known. For example, the address or location of the 
main office or headquarters of the applicant may be the home address of 
a sole proprietor or the office address of a sole proprietor or other 
applicant.
    iii. Another address or location. If neither the address or 
location where the proceeds of the credit applied for or originated 
will be or would have been principally applied nor the address or 
location of the main office or headquarters of the applicant are known, 
a financial institution complies with Sec.  1002.107(a)(13) by 
reporting a census tract number based on another address or location 
associated with the applicant.
    iv. Type of address used. In addition to reporting the census 
tract, pursuant to Sec.  1002.107(a)(13)(iv) a financial institution 
must report which one of the three types of addresses or locations 
listed in Sec.  1002.107(a)(13)(i) through (iii) and described in 
comments 107(a)(13)-1.i through iii that the census tract is determined 
from.
    2. Financial institution discretion. A financial institution 
complies with Sec.  1002.107(a)(13) by identifying the appropriate 
address or location and the type of that address or location in good 
faith, using appropriate information from the applicant's credit file 
or otherwise known by the financial institution. A financial 
institution is not required to make inquiries beyond its standard 
procedures as to the nature of the addresses or locations it collects.
    3. Address or location not provided by applicant and otherwise 
undetermined. Pursuant to Sec.  1002.107(c), a financial institution 
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes at least one address or location for an 
applicant for census tract reporting. However, if a financial 
institution is nonetheless unable to collect or otherwise determine any 
address or location for an application, the financial institution 
reports that the census tract information is ``not provided by 
applicant and otherwise undetermined.''
    4. Safe harbor. As described in Sec.  1002.112(c)(2) and comment 
112(c)-1, a financial institution that obtains an incorrect census 
tract by correctly using a geocoding tool provided by the FFIEC or the 
Bureau does not violate the Act or subpart B of this part.
107(a)(14) Gross Annual Revenue
    1. Collecting gross annual revenue. A financial institution reports 
the applicant's gross annual revenue, expressed in dollars, for its 
fiscal year preceding when the information was collected. A financial 
institution may rely on the applicant's statements or on information 
provided by the applicant in collecting and reporting gross annual 
revenue, even if the applicant's statement or information is based on 
estimation or extrapolation. However, pursuant to Sec.  1002.107(b), if 
the financial institution verifies the gross annual revenue provided by 
the applicant, it must report the verified information. Also, pursuant 
to comment 107(c)(1)-5, a financial institution reports updated gross 
annual revenue

[[Page 35553]]

data if it obtains more current data from the applicant during the 
application process. If a financial institution has already verified 
gross annual revenue data and then the applicant updates it, the 
financial institution reports the information it believes to be more 
accurate, in its discretion. The financial institution may use the 
following language to ask about gross annual revenue and may rely on 
the applicant's answer (unless subsequently verified or updated):
    What was the gross annual revenue of the business applying for 
credit in its last full fiscal year? Gross annual revenue is the amount 
of money the business earned before subtracting taxes and other 
expenses. You may provide gross annual revenue calculated using any 
reasonable method.
    2. Gross annual revenue not provided by applicant and otherwise 
undetermined. Pursuant to Sec.  1002.107(c), a financial institution 
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes the gross annual revenue of the 
applicant. However, if a financial institution is nonetheless unable to 
collect or determine the gross annual revenue of the applicant, the 
financial institution reports that the gross annual revenue is ``not 
provided by applicant and otherwise undetermined.''
    3. Affiliate revenue. A financial institution is permitted, but not 
required, to report the gross annual revenue for the applicant that 
includes the revenue of affiliates as well. Likewise, as explained in 
comment 106(b)(1)-3, in determining whether the applicant is a small 
business under Sec.  1002.106(b), a financial institution may rely on 
an applicant's representations regarding gross annual revenue, which 
may or may not include affiliates' revenue.
    4. Gross annual revenue for a startup business. In a typical 
startup business situation where the applicant has no gross annual 
revenue for its fiscal year preceding when the information is 
collected, the financial institution reports that the applicant's gross 
annual revenue in the preceding fiscal year is ``zero.'' The financial 
institution shall not report pro forma projected revenue figures 
because these figures do not reflect actual gross revenue.
107(a)(15) NAICS Code
    1. General. NAICS stands for North American Industry Classification 
System. The Office of Management and Budget has charged the Economic 
Classification Policy Committee with the maintenance and review of 
NAICS. A financial institution complies with Sec.  1002.107(a)(15) if 
it uses the 3-digit NAICS subsector codes in effect on January 1 of the 
calendar year covered by the small business lending application 
register that it is reporting.
    2. NAICS not provided by applicant and otherwise undetermined. 
Pursuant to Sec.  1002.107(c), a financial institution shall maintain 
procedures reasonably designed to collect applicant-provided data, 
which includes NAICS code. However, if a financial institution is 
nonetheless unable to collect or otherwise determine a NAICS code for 
the applicant, the financial institution reports that the NAICS code is 
``not provided by applicant and otherwise undetermined.''
    3. Safe harbor. As described in Sec.  1002.112(c)(3) and comment 
112(c)-2, a financial institution that obtains an incorrect NAICS code 
does not violate the Act or subpart B of this part if it either relies 
on an applicant's representations or on an appropriate third-party 
source, in accordance with Sec.  1002.107(b), regarding the NAICS code, 
or identifies the NAICS code itself, provided that the financial 
institution maintains procedures reasonably adapted to correctly 
identify a 3-digit NAICS code.
107(a)(16) Number of Workers
    1. General. A financial institution complies with Sec.  
1002.107(a)(16) by reporting the number of people who work for the 
applicant, using the ranges prescribed in the Filing Instructions 
Guide.
    2. Collecting number of workers. A financial institution may 
collect number of workers from an applicant using the ranges for 
reporting as specified by the Bureau (see comment 107(a)(16)-1) or as a 
numerical value. When asking for the number of workers from an 
applicant, a financial institution shall explain that full-time, part-
time and seasonal employees, as well as contractors who work primarily 
for the applicant, would be counted as workers, but principal owners of 
the applicant would not. If asked, the financial institution shall 
explain that volunteers are not counted as workers, and workers for 
affiliates of the applicant are counted if the financial institution 
were also collecting the affiliates' gross annual revenue. The 
financial institution may use the following language to ask about the 
number of workers and may rely on the applicant's answer (unless 
subsequently verified or updated):
    Counting full-time, part-time and seasonal workers, as well as 
contractors who work primarily for the business applying for credit, 
but not counting principal owners of the business, how many people work 
for the business applying for credit?
    3. Number of workers not provided by applicant and otherwise 
undetermined. Pursuant to Sec.  1002.107(c), a financial institution 
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes the number of workers of the applicant. 
However, if a financial institution is nonetheless unable to collect or 
determine the number of workers of the applicant, the financial 
institution reports that the number of workers is ``not provided by 
applicant and otherwise undetermined.''
107(a)(17) Time in Business
    1. Collecting time in business. A financial institution complies 
with Sec.  1002.107(a)(17) by reporting the time the applicant has been 
in business.
    i. If a financial institution collects or otherwise obtains the 
number of years an applicant has been in business as part of its 
procedures for evaluating an application for credit, it reports the 
time in business in whole years, rounded down to the nearest whole 
year.
    ii. If a financial institution does not collect time in business as 
described in comment 107(a)(17)-1.i, but as part of its procedures 
determines whether or not the applicant's time in business is less than 
two years, it reports the applicant's time in business as either less 
than two years or two or more years in business.
    iii. If a financial institution does not collect time in business 
as part of its procedures for evaluating an application for credit as 
described in comments 107(a)(17)-1.i or .ii, the financial institution 
complies with Sec.  1002.107(a)(17) by asking the applicant whether it 
has been in existence for less than two years or two or more years and 
reporting the information provided by the applicant accordingly.
    2. Time in business collected as part of the financial 
institution's procedures for evaluating an application for credit. A 
financial institution that collects or obtains an applicant's time in 
business as part of its procedures for evaluating an application for 
credit is not required to collect or obtain time in business pursuant 
to any particular definition of time in business for this purpose. For 
example, if the financial institution collects the number of years the 
applicant has existed (such as by asking the applicant when its 
business was started, or by obtaining the applicant's date of 
incorporation from a Secretary of State or other State or Federal 
agency that registers or licenses businesses) as

[[Page 35554]]

the time in business, the financial institution reports that 
information accordingly pursuant to comment 107(a)(17)-1.i. Similarly, 
if the financial institution collects the number of years of experience 
the applicant's owners have in the current line of business, the 
financial institution reports that information accordingly pursuant to 
comment 107(a)(17)-1.i. If, however, the financial institution collects 
both the number of years the applicant has existed as well as some 
other measure of time in business (such as the number of years of 
experience the applicant's owners have in the current line of 
business), the financial institution reports the number of years the 
applicant has existed as the time in business pursuant to comment 
107(a)(17)-1.i.
    3. Time in business not provided by applicant and otherwise 
undetermined. Pursuant to Sec.  1002.107(c), a financial institution 
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes the applicant's time in business. 
However, if a financial institution is nonetheless unable to collect or 
determine the applicant's time in business, the financial institution 
reports that the time in business is ``not provided by applicant and 
otherwise undetermined.''
107(a)(18) Minority-Owned, Women-Owned, and LGBTQI+-Owned Business 
Statuses
    1. General. A financial institution must ask an applicant whether 
it is a minority-owned, women-owned, and/or LGBTQI+-owned business. The 
financial institution must permit an applicant to refuse (i.e., 
decline) to answer the financial institution's inquiry regarding 
business status and must inform the applicant that the applicant is not 
required to provide the information. See the sample data collection 
form in appendix E to this part for sample language for providing this 
notice to applicants. The financial institution must report the 
applicant's substantive response regarding each business status, that 
the applicant declined to answer the inquiry (that is, selected an 
answer option of ``I do not wish to provide this information'' or 
similar), or its failure to respond to the inquiry (that is, ``not 
provided by applicant''), as applicable.
    2. Definitions. When inquiring about minority-owned, women-owned, 
and LGBTQI+-owned business statuses (regardless of whether the request 
is made on a paper form, electronically, or orally), the financial 
institution also must provide the applicant with definitions of the 
terms ``minority-owned business,'' ``women-owned business,'' and 
``LGBTQI+-owned business'' as set forth in Sec.  1002.102 (m), (s) and 
(l), respectively. The financial institution satisfies this requirement 
if it provides the definitions as set forth in the sample data 
collection form in appendix E.
    3. Combining questions. A financial institution may combine on the 
same paper or electronic data collection form the questions regarding 
minority-owned, women-owned, and LGBTQI+-owned business status pursuant 
to Sec.  1002.107(a)(18) with principal owners' ethnicity, race, and 
sex pursuant to Sec.  1002.107(a)(19) and the applicant's number of 
principal owners pursuant to Sec.  1002.107(a)(20). See the sample data 
collection form in appendix E.
    4. Notices. When requesting minority-owned, women-owned, and 
LGBTQI+-owned business statuses from an applicant, a financial 
institution must inform the applicant that the financial institution 
cannot discriminate on the basis of the applicant's minority-owned, 
women-owned, or LGBTQI+-owned business statuses, or on whether the 
applicant provides its minority-owned, women-owned, or LGBTQI+-owned 
business statuses. A financial institution must also inform the 
applicant that Federal law requires it to ask for an applicant's 
minority-owned, women-owned, and LGBTQI+-owned business statuses to 
help ensure that all small business applicants for credit are treated 
fairly and that communities' small business credit needs are being 
fulfilled. A financial institution may combine these notices regarding 
minority-owned, women-owned, and LGBTQI+-owned business statuses with 
the notices that a financial institution is required to provide when 
requesting principal owners' ethnicity, race, and sex if a financial 
institution requests information pursuant to Sec.  1002.107(a)(18) and 
(19) in the same data collection form or at the same time. See the 
sample data collection form in appendix E for sample language that a 
financial institution may use for these notices.
    5. Maintaining the record of an applicant's response regarding 
minority-owned, women-owned, and LGBTQI+-owned business statuses 
separate from the application. A financial institution must maintain 
the record of an applicant's responses to the financial institution's 
inquiry pursuant to Sec.  1002.107(a)(18) separate from the application 
and accompanying information. See Sec.  1002.111(b) and comment 111(b)-
1. If the financial institution provides a paper or electronic data 
collection form, the data collection form must not be part of the 
application form or any other document that the financial institution 
uses to provide or collect any information other than minority-owned 
business status, women-owned business status, LGBTQI+-owned business 
status, principal owners' ethnicity, race, and sex, and the number of 
the applicant's principal owners. See the sample data collection form 
in appendix E. For example, if the financial institution sends the data 
collection form via email, the data collection form should be a 
separate attachment to the email or accessed through a separate link in 
the email. If the financial institution uses a web-based data 
collection form, the form should be on its own page.
    6. Minority-owned, women-owned, and/or LGBTQI+-owned business 
statuses not provided by applicant. Pursuant to Sec.  1002.107(c), a 
financial institution shall maintain procedures reasonably designed to 
collect applicant-provided data, which includes the applicant's 
minority-owned, women-owned, and LGBTQI+-owned business statuses. 
However, if a financial institution does not receive a response to the 
financial institution's inquiry pursuant to Sec.  1002.107(a)(18), the 
financial institution reports that the applicant's business statuses 
were ``not provided by applicant.''
    7. Applicant declines to provide information about minority-owned, 
women-owned, and/or LGBTQI+-owned business statuses. A financial 
institution reports that the applicant responded that it did not wish 
to provide the information about an applicant's minority-owned, women-
owned, and LGBTQI+-owned business statuses, if the applicant declines 
to provide the information by selecting such a response option on a 
paper or electronic form (e.g., by selecting an answer option of ``I do 
not wish to provide this information'' or similar). The financial 
institution also reports an applicant's refusal to provide such 
information in this way, if the applicant orally declines to provide 
such information for a covered application taken by telephone or 
another medium that does not involve providing any paper or electronic 
documents.
    8. Conflicting responses provided by applicants. If the applicant 
both provides a substantive response to the financial institution's 
inquiry regarding business status (that is, indicates that it is a 
minority-owned, women-owned, and/or LGBTQI+-owned business, or checks 
``none apply'' or similar) and also checks the box indicating ``I do 
not wish to provide this information'' or

[[Page 35555]]

similar, the financial institution reports the substantive response(s) 
provided by the applicant (rather than reporting that the applicant 
declined to provide the information).
    9. No verification of business statuses. Notwithstanding Sec.  
1002.107(b), a financial institution must report the applicant's 
substantive response(s), that the applicant declined to answer the 
inquiry (that is, selected an answer option of ``I do not wish to 
provide this information'' or similar), or the applicant's failure to 
respond to the inquiry (that is, that the information was ``not 
provided by applicant'') pursuant to Sec.  1002.107(a)(18), even if the 
financial institution verifies or otherwise obtains an applicant's 
minority-owned, women-owned, and/or LGBTQI+-owned business statuses for 
other purposes. For example, if a financial institution uses a paper 
data collection form to ask an applicant if it is a minority-owned 
business, a women-owned business, and/or an LGBTQI+-owned business and 
the applicant does not indicate that it is a minority-owned business, 
the financial institution must not report that the applicant is a 
minority-owned business, even if the applicant indicates that it is a 
minority-owned business for other purposes, such as for a special 
purpose credit program or a Small Business Administration program.
107(a)(19) Ethnicity, Race, and Sex of Principal Owners
    1. General. A financial institution must ask an applicant to 
provide its principal owners' ethnicity, race, and sex. The financial 
institution must permit an applicant to refuse (i.e., decline) to 
answer the financial institution's inquiry and must inform the 
applicant that it is not required to provide the information. See the 
sample data collection form in appendix E to this part for sample 
language for providing this notice to applicants. The financial 
institution must report the applicant's substantive responses regarding 
principal owners' ethnicity, race, and sex, that the applicant declined 
to answer an inquiry (that is, selected an answer option of ``I do not 
wish to provide this information'' or similar), or its failure to 
respond to an inquiry (that is, ``not provided by applicant''), as 
applicable. The financial institution must report an applicant's 
responses about its principal owners' ethnicity, race, and sex, 
regardless of whether an applicant declines or fails to answer an 
inquiry about the number of its principal owners under Sec.  
1002.107(a)(20). If an applicant provides some, but not all, of the 
requested information about the ethnicity, race, and sex of a principal 
owner, the financial institution reports the information that was 
provided by the applicant and reports that the applicant declined to 
provide or did not provide (as applicable) the remainder of the 
information. See comments 107(a)(19)-6 and -7.
    2. Definition of principal owner. When requesting a principal 
owner's ethnicity, race, and sex, the financial institution must also 
provide the applicant with the definition of the term ``principal 
owner'' as set forth in Sec.  1002.102(o). The financial institution 
satisfies this requirement if it provides the definition of principal 
owner as set forth in the sample data collection form in appendix E.
    3. Combining questions. A financial institution may combine on the 
same paper or electronic data collection form the questions regarding 
the principal owners' ethnicity, race, and sex pursuant to Sec.  
1002.107(a)(19) with the applicant's number of principal owners 
pursuant to Sec.  1002.107(a)(20) and the applicant's minority-owned, 
women-owned, and LGBTQI+-owned business statuses pursuant to Sec.  
1002.107(a)(18). See the sample data collection form in appendix E.
    4. Notices. When requesting a principal owner's ethnicity, race, 
and sex from an applicant, a financial institution must inform the 
applicant that the financial institution cannot discriminate on the 
basis of a principal owner's ethnicity, race, or sex/gender, or on 
whether the applicant provides the information. A financial institution 
must also inform the applicant that Federal law requires it to ask for 
the principal owners' ethnicity, race, and sex/gender to help ensure 
that all small business applicants for credit are treated fairly and 
that communities' small business credit needs are being fulfilled. A 
financial institution may combine these notices with the similar 
notices that a financial institution is required to provide when 
requesting minority-owned business status, women-owned business status, 
and LGBTQI+-owned business status, if a financial institution requests 
information pursuant to Sec.  1002.107(a)(18) and (19) in the same data 
collection form or at the same time. See the sample data collection 
form in appendix E for sample language that a financial institution may 
use for these notices.
    5. Maintaining the record of an applicant's responses regarding 
principal owners' ethnicity, race, and sex separate from the 
application. A financial institution must maintain the record of an 
applicant's response to the financial institution's inquiries pursuant 
to Sec.  1002.107(a)(19) separate from the application and accompanying 
information. See Sec.  1002.111(b) and comment 111(b)-1. If the 
financial institution provides a paper or electronic data collection 
form, the data collection form must not be part of the application form 
or any other document that the financial institution uses to provide or 
collect any information other than minority-owned business status, 
women-owned business status, LGBTQI+-owned business status, principal 
owners' ethnicity, race, and sex, and the number of the applicant's 
principal owners. See the sample data collection form in appendix E for 
sample language. For example, if the financial institution sends the 
data collection form via email, the data collection form should be a 
separate attachment to the email or accessed through a separate link in 
the email. If the financial institution uses a web-based data 
collection form, the form should be on its own page.
    6. Ethnicity, race, or sex of principal owners not provided by 
applicant. Pursuant to Sec.  1002.107(c), a financial institution shall 
maintain procedures reasonably designed to collect applicant-provided 
data, which includes the ethnicity, race, and sex of an applicant's 
principal owners. However, if an applicant does not provide the 
information, such as in response to a request for a principal owner's 
ethnicity, race, or sex on a paper or electronic data collection form, 
the financial institution reports the ethnicity, race, or sex (as 
applicable) as ``not provided by applicant'' for that principal owner. 
For example, if the financial institution provides a paper data 
collection form to an applicant with two principal owners, and asks the 
applicant to complete and return the form but the applicant does not do 
so, the financial institution reports that the two principal owners' 
ethnicity, race, and sex were ``not provided by applicant.'' Similarly, 
if the financial institution provides an electronic data collection 
form, the applicant indicates that it has two principal owners, the 
applicant provides ethnicity, race, and sex for the first principal 
owner, and the applicant does not make any selections for the second 
principal owner's ethnicity, race, and sex, the financial institution 
reports the ethnicity, race, and sex that the applicant provided for 
the first principal owner and reports that each of the ethnicity, race, 
and sex for the second principal owner was ``not provided by 
applicant.'' Additionally, if the financial institution provides an

[[Page 35556]]

electronic or paper data collection form, the applicant indicates that 
it has one principal owner, provides the principal owner's ethnicity 
and sex information, but does not provide information about the 
principal owner's race and also does not select a response of ``I do 
not wish to provide this information'' with regard to race, the 
financial institution reports the ethnicity and sex provided by the 
applicant and reports that the race of the principal owner was ``not 
provided by applicant.''
    7. Applicant declines to provide information about a principal 
owner's ethnicity, race, or sex. A financial institution reports that 
the applicant responded that it did not wish to provide the information 
about a principal owner's ethnicity, race, or sex (as applicable), if 
the applicant declines to provide the information by selecting such a 
response option on a paper or electronic form (e.g., by selecting an 
answer option of ``I do not wish to provide this information'' or 
similar). The financial institution also reports an applicant's refusal 
to provide such information in this way, if the applicant orally 
declines to provide such information for a covered application taken by 
telephone or another medium that does not involve providing any paper 
or electronic documents.
    8. Conflicting responses provided by applicant. If the applicant 
both provides a substantive response to a request for a principal 
owner's ethnicity, race, or sex (that is, identifies a principal 
owner's race, ethnicity, or sex) and also checks the box indicating ``I 
do not wish to provide this information'' or similar, the financial 
institution reports the information on ethnicity, race, or sex that was 
provided by the applicant (rather than reporting that the applicant 
declined provide the information). For example, if an applicant is 
completing a paper data collection form and writes in a response that a 
principal owner's sex is female and also indicates on the form that the 
applicant does not wish to provide information regarding that principal 
owner's sex, the financial institution reports the principal owner's 
sex as female.
    9. No verification of ethnicity, race, and sex of principal owners. 
Notwithstanding Sec.  1002.107(b), a financial institution must report 
the applicant's substantive responses as to its principal owners' 
ethnicity, race, and sex (that is, the applicant's identification of 
its principal owners' race, ethnicity, and sex), that the applicant 
declined to answer the inquiry (that is, selected an answer option of 
``I do not wish to provide this information'' or similar), or the 
applicant's failure to respond to the inquiry (that is, the information 
was ``not provided by applicant'') pursuant to Sec.  1002.107(a)(19), 
even if the financial institution verifies or otherwise obtains the 
ethnicity, race, or sex of the applicant's principal owners for other 
purposes.
    10. Reporting for fewer than four principal owners. If an applicant 
has fewer than four principal owners, the financial institution reports 
ethnicity, race, and sex information for the number of principal owners 
that the applicant has and reports the ethnicity, race, and sex fields 
for additional principal owners as ``not applicable.'' For example, if 
an applicant has only one principal owner, the financial institution 
reports ethnicity, race, and sex information for the first principal 
owner and reports as ``not applicable'' the ethnicity, race, and sex 
data fields for principal owners two through four.
    11. Previously collected ethnicity, race, and sex information. If a 
financial institution reports one or more principal owners' ethnicity, 
race, or sex information based on previously collected data under Sec.  
1002.107(d), the financial institution does not need to collect any 
additional ethnicity, race, or sex information for other principal 
owners (if any). See also comment 107(d)-9.
    12. Guarantors. A financial institution does not collect or report 
a guarantor's ethnicity, race, and sex unless the guarantor is also a 
principal owner of the applicant, as defined in Sec.  1002.102(o).
    13. Ethnicity. i. Aggregate categories. A financial institution 
must permit an applicant to provide each principal owner's ethnicity 
for purposes of Sec.  1002.107(a)(19) using one or more of the 
following aggregate categories:
    A. Hispanic or Latino.
    B. Not Hispanic or Latino.
    ii. Disaggregated subcategories. A financial institution must 
permit an applicant to provide each principal owner's ethnicity for 
purposes of Sec.  1002.107(a)(19) using one or more of the following 
disaggregated subcategories, regardless of whether the applicant has 
indicated that the relevant principal owner is Hispanic or Latino and 
regardless of whether the applicant selects any aggregate categories: 
Cuban; Mexican; Puerto Rican; or Other Hispanic or Latino. If an 
applicant indicates that a principal owner is Other Hispanic or Latino, 
the financial institution must permit the applicant to provide 
additional information regarding the principal owner's ethnicity, by 
using free-form text on a paper or electronic data collection form or 
using language that informs the applicant of the opportunity to self-
identify when taking the application by means other than a paper or 
electronic data collection form, such as by telephone. The financial 
institution must permit the applicant to provide additional information 
indicating, for example, that the principal owner is Argentinean, 
Colombian, Dominican, Nicaraguan, Salvadoran, or Spaniard. See the 
sample data collection form in appendix E for sample language. If an 
applicant chooses to provide additional information regarding a 
principal owner's ethnicity, such as by indicating that a principal 
owner is Argentinean orally or in writing on a paper or electronic 
form, a financial institution must report that additional information 
via free-form text. If the applicant provides such additional 
information but does not also indicate that the principal owner is 
Other Hispanic or Latino (e.g., by selecting Other Hispanic or Latino 
on a paper or electronic form), a financial institution is permitted, 
but not required, to report Other Hispanic or Latino as well.
    iii. Selecting multiple categories. The financial institution must 
permit the applicant to select one, both, or none of the aggregate 
categories and as many disaggregated subcategories as the applicant 
chooses. A financial institution must permit an applicant to select a 
disaggregated subcategory even if the applicant does not select the 
corresponding aggregate category. For example, an applicant must be 
permitted to select the Mexican disaggregated subcategory for a 
principal owner without being required to select the Hispanic or Latino 
aggregate category. If an applicant provides ethnicity information for 
a principal owner, the financial institution reports all of the 
aggregate categories and disaggregated subcategories provided by the 
applicant. For example, if an applicant selects both aggregate 
categories and four disaggregated subcategories for a principal owner, 
the financial institution reports the two aggregate categories that the 
applicant selected and all four of the disaggregated subcategories that 
the applicant selected. Additionally, if an applicant selects only the 
Mexican disaggregated subcategory for a principal owner and no 
aggregate categories, the financial institution reports Mexican for the 
ethnicity of the applicant's principal owner but does not also report 
Hispanic or Latino. Further, if the applicant selects an aggregate 
category (e.g., Not Hispanic or Latino) and a disaggregated

[[Page 35557]]

subcategory that does not correspond to the aggregate category (e.g., 
Puerto Rican), the financial institution reports the information as 
provided by the applicant (e.g., Not Hispanic or Latino, and Puerto 
Rican).
    14. Race. i. Aggregate categories. A financial institution must 
permit an applicant to provide each principal owner's race for purposes 
of Sec.  1002.107(a)(19) using one or more of the following aggregate 
categories:
    A. American Indian or Alaska Native.
    B. Asian.
    C. Black or African American.
    D. Native Hawaiian or Other Pacific Islander.
    E. White.
    ii. Disaggregated subcategories. The financial institution must 
permit an applicant to provide a principal owner's race for purposes of 
Sec.  1002.107(a)(19) using one or more of the disaggregated 
subcategories as listed in this comment 107(a)(19)-14.ii, regardless of 
whether the applicant has selected the corresponding aggregate 
category.
    A. The Asian aggregate category includes the following 
disaggregated subcategories: Asian Indian; Chinese; Filipino; Japanese; 
Korean; Vietnamese; and Other Asian. An applicant must also be 
permitted to provide the principal owner's race using one or more of 
these disaggregated subcategories regardless of whether the applicant 
indicates that the principal owner is Asian and regardless of whether 
the applicant selects any aggregate categories. Additionally, if an 
applicant indicates that a principal owner is Other Asian, the 
financial institution must permit the applicant to provide additional 
information about the principal owner's race, by using free-form text 
on a paper or electronic data collection form or using language that 
informs the applicant of the opportunity to self-identify when taking 
the application by means other than a paper or electronic data 
collection form, such as by telephone. The financial institution must 
permit the applicant to provide additional information indicating, for 
example, that the principal owner is Cambodian, Hmong, Laotian, 
Pakistani, or Thai. See the sample data collection form in appendix E 
for sample language.
    B. The Black or African American aggregate category includes the 
following disaggregated subcategories: African American; Ethiopian; 
Haitian; Jamaican; Nigerian; Somali; or Other Black or African 
American. An applicant must also be permitted to provide the principal 
owner's race using one or more of these disaggregated subcategories 
regardless of whether the applicant indicates that the principal owner 
is Black or African American and regardless of whether the applicant 
selects any aggregate categories. Additionally, if an applicant 
indicates that a principal owner is Other Black or African American, 
the financial institution must permit the applicant to provide 
additional information about the principal owner's race, by using free-
form text on a paper or electronic data collection form or using 
language that informs the applicant of the opportunity to self-identify 
when taking the application by means other than a paper or electronic 
data collection form, such as by telephone. The financial institution 
must permit the applicant to provide additional information indicating, 
for example, that the principal owner is Barbadian, Ghanaian, or South 
African. See the sample data collection form in appendix E for sample 
language.
    C. The Native Hawaiian or Other Pacific Islander aggregate category 
includes the following disaggregated subcategories: Guamanian or 
Chamorro; Native Hawaiian; Samoan; and Other Pacific Islander. An 
applicant must also be permitted to provide the principal owner's race 
using one or more of these disaggregated subcategories regardless of 
whether the applicant indicates that the principal owner is Native 
Hawaiian or Other Pacific Islander and regardless of whether the 
applicant selects any aggregate categories. Additionally, if an 
applicant indicates that a principal owner is Other Pacific Islander, 
the financial institution must permit the applicant to provide 
additional information about the principal owner's race, by using free-
form text on a paper or electronic data collection form or using 
language that informs the applicant of the opportunity to self-identify 
when taking the application by means other than a paper or electronic 
data collection form, such as by telephone. The financial institution 
must permit the applicant to provide additional information indicating, 
for example, that the principal owner is Fijian or Tongan. See the 
sample data collection form in appendix E for sample language.
    D. If an applicant chooses to provide additional information 
regarding a principal owner's race, such as indicating that a principal 
owner is Cambodian, Barbadian, or Fijian orally or in writing on a 
paper or electronic form, a financial institution must report that 
additional information via free-form text in the appropriate data 
reporting field. If the applicant provides such additional information 
but does not also indicate that the principal owner is Other Asian, 
Other Black or African American, or Other Pacific Islander, as 
applicable (e.g., by selecting Other Asian on a paper or electronic 
form), a financial institution is permitted, but not required, to 
report the corresponding ``Other'' race disaggregated subcategory 
(i.e., Other Asian, Other Black or African American, or Other Pacific 
Islander).
    E. In addition to permitting an applicant to indicate that a 
principal owner is American Indian or Alaska Native, a financial 
institution must permit an applicant to provide the name of an enrolled 
or principal tribe, by using free-form text on a paper or electronic 
data collection form or using language that informs the applicant of 
the opportunity to self-identify when taking the application by means 
other than a paper or electronic data collection form, such as by 
telephone. If an applicant chooses to provide the name of an enrolled 
or principal tribe, a financial institution must report that 
information via free-form text in the appropriate data reporting field. 
If the applicant provides the name of an enrolled or principal tribe 
but does not also indicate that the principal owner is American Indian 
or Alaska Native (e.g., by selecting American Indian or Alaska Native 
on a paper or electronic form), a financial institution is permitted, 
but not required, to report American Indian or Alaska Native as well.
    iii. Selecting multiple categories. The financial institution must 
permit the applicant to select as many aggregate categories and 
disaggregated subcategories as the applicant chooses. A financial 
institution must permit an applicant to select one or more 
disaggregated subcategories even if the applicant does not select an 
aggregate category. For example, an applicant must be permitted to 
select the Chinese disaggregated subcategory for a principal owner 
without being required to select the Asian aggregate category. If an 
applicant provides race information for a principal owner, the 
financial institution reports all of the aggregate categories and 
disaggregated subcategories provided by the applicant. For example, if 
an applicant selects two aggregate categories and five disaggregated 
subcategories for a principal owner, the financial institution reports 
the two aggregate categories that the applicant selected and the five 
disaggregated subcategories that the applicant selected. Additionally, 
if an applicant selects only the Chinese disaggregated subcategory for 
a principal owner, the financial institution reports Chinese for the 
race of the principal owner but does

[[Page 35558]]

not also report that the principal owner is Asian. Similarly, if the 
applicant selects an aggregate category (e.g., Asian) and a 
disaggregated subcategory that does not correspond to the aggregate 
category (e.g., Native Hawaiian), the financial institution reports the 
information as provided by the applicant (e.g., Asian and Native 
Hawaiian).
    15. Sex. Generally, a financial institution must permit an 
applicant to provide each principal owner's sex for purposes of Sec.  
1002.107(a)(19). When requesting information about a principal owner's 
sex, a financial institution shall use the term ``sex/gender.'' If the 
financial institution uses a paper or electronic data collection form 
to collect the information, the financial institution must allow the 
applicant to provide each principal owner's sex/gender using free-form 
text. When a financial institution collects the information orally, 
such as by telephone, the financial institution must inform the 
applicant of the opportunity to provide each principal owner's sex/
gender and record the applicant's response. A financial institution 
reports the substantive information provided by the applicant (reported 
via free-form text in the appropriate data reporting field), or reports 
that the applicant declined to provide the information.
    16. Ethnicity and race information requested orally. As described 
in comments 107(a)(19)-13 and -14, when collecting principal owners' 
ethnicity and race pursuant to Sec.  1002.107(a)(19), a financial 
institution must present the applicant with the specified aggregate 
categories and disaggregated subcategories. When collecting ethnicity 
and race information orally, such as by telephone, a financial 
institution may not present the applicant with the option to decline to 
provide the information without also presenting the applicant with the 
specified aggregate categories and disaggregated subcategories.
    i. Ethnicity and race categories. Notwithstanding comments 
107(a)(19)-13 and -14, a financial institution is not required to read 
aloud every disaggregated subcategory when collecting ethnicity and 
race information orally, such as by telephone. Rather, the financial 
institution must orally present the lists of aggregate ethnicity and 
race categories, followed by the disaggregated subcategories (if any) 
associated with the aggregate categories selected by the applicant or 
which the applicant requests to be presented. After the applicant makes 
any disaggregated category selections associated with the aggregate 
ethnicity or race category, the financial institution must also ask if 
the applicant wishes to hear the lists of disaggregated subcategories 
for any aggregate categories not selected by the applicant. The 
financial institution must record any aggregate categories selected by 
the applicant, as well as any disaggregated subcategories regardless of 
whether such subcategories were selected based on the disaggregated 
subcategories read by the financial institution or were otherwise 
provided by the applicant.
    ii. More than one principal owner. If an applicant has more than 
one principal owner, the financial institution is permitted to ask 
about ethnicity and race in a manner that reduces repetition when 
collecting ethnicity and race information orally, such as by telephone. 
For example, if an applicant has two principal owners, the financial 
institution may ask for both principal owners' ethnicity at the same 
time, rather than asking about ethnicity, race, and sex for the first 
principal owner followed by ethnicity, race, and sex for the second 
principal owner.
107(a)(20) Number of Principal Owners
    1. General. If the financial institution asks the applicant to 
provide the number of its principal owners pursuant to Sec.  
1002.107(a)(20), a financial institution must provide the definition of 
principal owner set forth in Sec.  1002.102(o). The financial 
institution satisfies this requirement if it provides the definition of 
principal owner as set forth in the sample data collection form in 
appendix E.
    2. Number of principal owners provided by applicant; verification 
of number of principal owners. The financial institution may rely on 
statements or information provided by the applicant in collecting and 
reporting the number of the applicant's principal owners. However, 
pursuant to Sec.  1002.107(b), if the financial institution verifies 
the number of principal owners provided by the applicant, it must 
report the verified information.
    3. Number of principal owners not provided by applicant and 
otherwise undetermined. Pursuant to Sec.  1002.107(c), a financial 
institution shall maintain procedures reasonably designed to collect 
applicant-provided data, which includes the number of principal owners 
of the applicant. However, if a financial institution is nonetheless 
unable to collect or otherwise determine the applicant's number of 
principal owners, the financial institution reports that the number of 
principal owners is ``not provided by applicant and otherwise 
undetermined.''
107(b) Reliance on and Verification of Applicant-Provided Data
    1. Reliance on information provided by an applicant or appropriate 
third-party sources. A financial institution may rely on statements 
made by an applicant (whether made in writing or orally) or information 
provided by an applicant when compiling and reporting data pursuant to 
subpart B of this part for applicant-provided data; the financial 
institution is not required to verify those statements or that 
information. However, if the financial institution does verify 
applicant statements or information for its own business purposes, such 
as statements relating to gross annual revenue or time in business, the 
financial institution reports the verified information. Depending on 
the circumstances and the financial institution's procedures, certain 
applicant-provided data can be collected from appropriate third-party 
sources without a specific request from the applicant, and such 
information may also be relied on. For example, gross annual revenue or 
NAICS code may be collected from tax return documents; a financial 
institution may also collect an applicant's NAICS code using third-
party sources such as business information products. Applicant-provided 
data are the data that are or could be provided by the applicant, 
including Sec.  1002.107(a)(5) through (7) and (13) through (20). See 
comment 107(c)(1)-3. In regard to restrictions on verification of 
minority-owned, women-owned, and LGBTQI+-owned business statuses, and 
principal owners' ethnicity, race, and sex, see comments 107(a)(18)-9 
and 107(a)(19)-9.
107(c) Time and Manner of Collection
107(c)(1) In General
    1. Procedures. The term ``procedures'' refers to the actual 
practices followed by a financial institution as well as its stated 
procedures. For example, if a financial institution's stated procedure 
is to collect applicant-provided data on or with a paper application 
form, but employees encourage applicants to skip the page that asks 
whether the applicant is a minority-owned business, a women-owned 
business, or an LGBTQI+-owned business under Sec.  1002.107(a)(18), the 
financial institution's procedures are not reasonably designed to 
obtain a response.
    2. Latitude to design procedures. A financial institution has 
flexibility to establish procedures concerning the

[[Page 35559]]

timing and manner in which it collects applicant-provided data that 
work best for its particular lending model and product offerings, 
provided those procedures are reasonably designed to collect the 
applicant-provided data in Sec.  1002.107(a), as required pursuant to 
Sec.  1002.107(c)(1), and where applicable comply with the minimum 
requirements set forth in Sec.  1002.107(c)(2).
    3. Applicant-provided data. Applicant-provided data are the data 
that are or could be provided by the applicant, including Sec.  
1002.107(a)(5) (credit type), Sec.  1002.107(a)(6) (credit purpose), 
Sec.  1002.107(a)(7) (amount applied for), Sec.  1002.107(a)(13) 
(address or location for purposes of determining census tract), Sec.  
1002.107(a)(14) (gross annual revenue), Sec.  1002.107(a)(15) (NAICS 
code, or information about the business such that the financial 
institution can determine the applicant's NAICS code), Sec.  
1002.107(a)(16) (number of workers), Sec.  1002.107(a)(17) (time in 
business), Sec.  1002.107(a)(18) (minority-owned business status, 
women-owned business status, and LGBTQI+-owned business status), Sec.  
1002.107(a)(19) (ethnicity, race, and sex of the applicant's principal 
owners), and Sec.  1002.107(a)(20) (number of principal owners). 
Applicant-provided data do not include data that are generated or 
supplied only by the financial institution, including Sec.  
1002.107(a)(1) (unique identifier), Sec.  1002.107(a)(2) (application 
date), Sec.  1002.107(a)(3) (application method), Sec.  1002.107(a)(4) 
(application recipient), Sec.  1002.107(a)(8) (amount approved or 
originated), Sec.  1002.107(a)(9) (action taken), Sec.  1002.107(a)(10) 
(action taken date), Sec.  1002.107(a)(11) (denial reasons), Sec.  
1002.107(a)(12) (pricing information), and Sec.  1002.107(a)(13) 
(census tract, based on address or location provided by the applicant).
    4. Collecting applicant-provided data without a direct request to 
the applicant. Depending on the circumstances and the financial 
institution's procedures, certain applicant-provided data can be 
collected without a direct request to the applicant. For example, 
credit type may be collected based on the type of product chosen by the 
applicant. Similarly, a financial institution may rely on appropriate 
third-party sources to collect certain applicant-provided data. See 
Sec.  1002.107(b) concerning the use of third-party sources.
    5. Data updated by the applicant. A financial institution reports 
updated data if it obtains more current data from the applicant during 
the application process. For example, if an applicant states its gross 
annual revenue for the preceding fiscal year was $3 million, but then 
the applicant notifies the financial institution that its revenue in 
the preceding fiscal year was actually $3.2 million, the financial 
institution reports gross annual revenue of $3.2 million. For reporting 
verified applicant-provided data, see Sec.  1002.107(b) and comment 
107(b)-1. If a financial institution has already verified data and then 
the applicant updates it, the financial institution reports the 
information it believes to be more accurate, in its discretion. If a 
financial institution receives updates from the applicant after the 
application process has closed (for example, after closing or account 
opening), the financial institution may, at its discretion, update the 
data at any time prior to reporting the covered application to the 
Bureau.
107(c)(2) Applicant-Provided Data Collected Directly From the Applicant
    1. In general. Whether a financial institution's procedures are 
reasonably designed to collect applicant-provided data is a fact-based 
determination and may depend on the financial institution's particular 
lending model, product offerings, and other circumstances; procedures 
that are reasonably designed to obtain a response may therefore require 
additional provisions beyond the minimum criteria set forth in Sec.  
1002.107(c)(2). In general, reasonably designed procedures will seek to 
maximize collection of applicant-provided data and minimize missing or 
erroneous data. While the requirements of Sec.  1002.107(c)(2) do not 
apply to applicant-provided data that a financial institution obtains 
without a direct request to the applicant, as explained in comment 
107(c)(1)-4, in such instances, a covered financial institution must 
still comply with Sec.  1002.107(c)(1).
    2. Specific components. i. Timing of initial collection attempt. 
While a financial institution has some flexibility concerning when 
applicant-provided data is are collected, under no circumstances may 
the initial request for applicant-provided data occur simultaneous with 
or after notifying an applicant of final action taken on a covered 
application. Generally, the earlier in the application process the 
financial institution initially seeks to collect applicant-provided 
data, the more likely the timing of collection is reasonably designed 
to obtain a response.
    ii. The request for applicant-provided data is prominently 
displayed or presented. Pursuant to Sec.  1002.107(c)(2)(ii), a 
financial institution must ensure an applicant actually sees, hears, or 
is otherwise presented with the request for applicant-provided data. If 
an applicant is likely to overlook or miss a request for applicant-
provided data, the financial institution does not have reasonably 
designed procedures. Similarly, a financial institution also does not 
have reasonably designed procedures if it obscures, prevents, or 
inhibits an applicant from accessing or reviewing a request for 
applicant-provided data.
    iii. The collection does not have the effect of discouraging an 
applicant from responding to a request for applicant-provided data. A. 
A covered financial institution avoids discouraging a response by, for 
example, communicating to the applicant that the collection of 
applicant-provided data is worthy of the applicant's attention or is as 
important as information collected in connection with the financial 
institution's creditworthiness determination. In contrast, a covered 
financial institution that collects applicant-provided data in a time 
or manner that directly or indirectly discourages or obstructs an 
applicant from responding or providing a particular response violates 
Sec.  1002.107(c)(2)(iii). For example, a financial institution may not 
discourage a response to inquiries regarding the demographic data 
pursuant to Sec.  1002.107(a)(18) and (19) by communicating to the 
applicant that the request is unimportant, encouraging the applicant to 
bypass the form altogether, or attempting to influence or alter the 
applicant's preferred response.
    B. A covered financial institution also avoids discouraging a 
response by requiring an applicant to provide a response to one or more 
requests for applicant-provided data in order to proceed with a covered 
application, including, as applicable, a response of ``I do not wish to 
provide this information'' or similar. (As described in comments 
107(a)(18)-1 and 107(a)(19)-1, a financial institution must permit an 
applicant to decline to provide the demographic data required by Sec.  
1002.107(a)(18) and (19), which can be satisfied by providing a 
response option of ``I do not wish to provide this information'' or 
similar.) For example, in an electronic application, a financial 
institution may require the applicant to either make a substantive 
selection about a principal owner's ethnicity, race, or sex, select an 
option of ``I do not wish to provide this information'' or similar, or 
indicate there are no principal owners before allowing the applicant to 
proceed to the next page of requested information.

[[Page 35560]]

    iv. The applicant can easily provide a response. Pursuant to Sec.  
1002.107(c)(2)(iv), a financial institution must structure the request 
for information in a manner that makes it easy for the applicant to 
provide a response. For example, a financial institution requests 
applicant-provided data in the same format as other information 
required for the covered application, provides applicants multiple 
methods to provide or return applicant-provided data (for example, on a 
written form, through a web portal, or through other means), or 
provides the applicant some other type of straightforward and seamless 
method to provide a response. Conversely, a financial institution must 
avoid imposing unnecessary burden on an applicant to provide the 
information requested or requiring the applicant to take steps that are 
inconsistent with the rest of its application process. For example, a 
financial institution does not have reasonably designed procedures if 
it collects application information related to its own creditworthiness 
determination in electronic form, but mails a paper form to the 
applicant initially seeking the data required under Sec.  1002.107(a) 
that the financial institution does not otherwise need for its 
creditworthiness determination and requiring the applicant to mail it 
back. On the other hand, a financial institution complies with Sec.  
1002.107(c)(2)(iv) if, at its discretion, it requests the applicant to 
respond to inquiries made pursuant to Sec.  1002.107(a)(18) and (19) 
through a reasonable method intended to keep the applicant's responses 
discrete and protected from view.
    v. Multiple requests for applicant-provided data. A financial 
institution is permitted, but not required, to make more than one 
attempt to obtain applicant-provided data if the applicant does not 
respond to an initial request. For example, if an applicant initially 
does not respond when asked early in the application process (before 
notifying the applicant of final action taken on the application, 
pursuant to Sec.  1002.107(c)(2)(i)) to inquiries made pursuant to 
Sec.  1002.107(a)(18) and (19), a financial institution may request 
this information again, for example, during a subsequent in-person 
meeting with the applicant or after notifying the applicant of final 
action taken on the covered application.
107(c)(3) Procedures To Monitor Compliance
    1. Procedures to identify and respond to indicia of potential 
discouragement, including low response rates. Section 1002.107(c)(3) 
requires a covered financial institution to maintain procedures 
designed to identify and respond to indicia of potential 
discouragement, including low response rates for applicant-provided 
data. In general, these include monitoring for low response rates 
(i.e., the percentage of covered applications for which the financial 
institution has obtained some type of response to requests for 
applicant-provided data, including, as applicable, an applicant 
response of ``I do not wish to provide this information'' or similar); 
monitoring for significant irregularities in any particular response 
that may indicate steering, improper interference, or other potential 
discouragement or obstruction of applicants' preferred responses; 
monitoring response rates and responses by division, location, loan 
officer, or other factors to ensure that no discouragement or improper 
conduct is occurring in some parts of a financial institution, even if 
the financial institution maintains adequate response rates and 
responses overall; providing adequate training to loan officers and 
other persons involved in collecting applicant-provided data; promptly 
investigating any indicia of potential discouragement; and taking 
prompt remedial action if discouragement or other improper conduct is 
identified.
107(c)(4) Low Response Rates
    1. In general. A low response rate for applicant-provided data may 
indicate that the financial institution has engaged in discouragement 
or otherwise failed to maintain reasonably designed procedures. 
Response rate generally refers to whether the financial institution has 
obtained some type of response to requests for applicant-provided data 
(including, as applicable, an applicant response of ``I do not wish to 
provide this information'' or similar). A response rate may be 
measured, as appropriate, as compared to financial institutions of a 
similar size, type, and/or geographic reach, or other factors, as 
appropriate. Similarly, significant irregularities in a particular 
response (for example, very high rates of an applicant response of ``I 
do not wish to provide this information'' or similar) may also indicate 
that a financial institution does not have reasonably designed 
procedures, for example, because of steering, improper interference, or 
other potential discouragement or obstruction of applicants' preferred 
responses. Response rates may be relevant across all applicant-provided 
data, though are particularly relevant for the collection of the 
demographic data pursuant to Sec.  1002.107(a)(18) and (19) given the 
heightened sensitivity of these inquiries and the importance of those 
data to the purposes of subpart B.
107(d) Previously Collected Data
    1. In general. A financial institution may, for the purpose of 
reporting such data pursuant to Sec.  1002.109, reuse certain 
previously collected data if the requirements of Sec.  1002.107(d) are 
met. In that circumstance, a financial institution need not seek to 
collect the data anew in connection with a subsequent covered 
application to satisfy the requirements of this subpart. For example, 
if an applicant applies for and is granted a term loan, and then 
subsequently applies for a credit card in the same calendar year, the 
financial institution need not request again the data specified in 
Sec.  1002.107(d). Similarly, if an applicant applies for more than one 
covered credit transaction at one time, a financial institution need 
only ask once for the data specified in Sec.  1002.107(d).
    2. Data that can be reused. Subject to the requirements of Sec.  
1002.107(d), a financial institution may reuse the following data: 
Sec.  1002.107(a)(13) (address or location for purposes of determining 
census tract), Sec.  1002.107(a)(14) (gross annual revenue) (subject to 
comment 107(d)-7), Sec.  1002.107(a)(15) (NAICS code), Sec.  
1002.107(a)(16) (number of workers), Sec.  1002.107(a)(17) (time in 
business) (subject to comment 107(d)-8), Sec.  1002.107(a)(18) 
(minority-owned business status, women-owned business status, and 
LGBTQI+-owned business status) (subject to comment 107(d)-9), Sec.  
1002.107(a)(19) (ethnicity, race, and sex of applicant's principal 
owners) (subject to comment 107(d)-9), and Sec.  1002.107(a)(20) 
(number of principal owners). A financial institution is not, however, 
permitted to reuse other data, such as Sec.  1002.107(a)(6) (credit 
purpose).
    3. Previously reported data without a substantive response. Data 
have not been ``previously collected'' within the meaning of Sec.  
1002.107(d) if the applicant did not provide a substantive response to 
the financial institution's request for that data and the financial 
institution was not otherwise able to obtain the requested data (for 
example, from the applicant's credit report, or tax returns).
    4. Updated data. If, after the application process has closed on a 
prior covered application, a financial institution obtains updated 
information relevant to the data required to be collected and reported 
pursuant to Sec.  1002.107(a)(13) through (20), and the

[[Page 35561]]

applicant subsequently submits a new covered application, the financial 
institution must use the updated information in connection with the new 
covered application (if the requirements of Sec.  1002.107(d) are 
otherwise met) or seek to collect the data again. For example, if a 
business notifies a financial institution of a change of address of its 
sole business location, and subsequently submits a covered application 
within the time period specified in Sec.  1002.107(d)(1) for reusing 
previously collected data, the financial institution must report census 
tract based on the updated information. In that circumstance, the 
financial institution may still reuse other previously collected data 
to satisfy Sec.  1002.107(a)(14) through (20) if the requirements of 
Sec.  1002.107(d) are met.
    5. Collection within the preceding 36 months. Pursuant to Sec.  
1002.107(d)(1), data can be reused to satisfy Sec.  1002.107(a)(13) and 
(15) through (20) if they are collected within the preceding 36 months. 
A financial institution may measure the 36-month period from the date 
of final action taken (Sec.  1002.107(a)(9)) on a prior application to 
the application date (Sec.  1002.107(a)(2)) on a subsequent 
application. For example, if a financial institution takes final action 
on an application on February 1, 2025, it may reuse certain previously 
collected data pursuant to Sec.  1002.107(d)(1) for subsequent covered 
applications dated or received by the financial institution through 
January 31, 2028.
    6. Reason to believe data are inaccurate. Whether a financial 
institution has reason to believe data are inaccurate pursuant to Sec.  
1002.107(d)(2) depends on the particular facts and circumstances. For 
example, a financial institution may have reason to believe data on the 
applicant's minority-owned business status, women-owned business 
status, and LGBTQI+-owned business status may be inaccurate if it knows 
that the applicant has had a change in ownership or a change in an 
owner's percentage of ownership.
    7. Collection of gross annual revenue in the same calendar year. 
Pursuant to Sec.  1002.107(d)(1), gross annual revenue information can 
be reused to satisfy Sec.  1002.107(a)(14) provided it is collected in 
the same calendar year as the current covered application, as measured 
from the application date. For example, if an application is received 
and gross annual revenue is collected in connection with a covered 
application in one calendar year, but then final action was taken on 
the application in the following calendar year, the data may only be 
reused for the calendar year in which it was collected and not the 
calendar year in which final action was taken on the application. 
However, if an application is received and gross annual revenue is 
collected in connection with a covered application in one calendar 
year, a financial institution may reuse that data pursuant to Sec.  
1002.107(d) in a subsequent application initiated in the same calendar 
year, even if final action was taken on the subsequent application in 
the following calendar year.
    8. Time in business. A financial institution that decides to reuse 
previously collected data to satisfy Sec.  1002.107(a)(17) (time in 
business) must update the data to reflect the passage of time since the 
data were collected. If a financial institution only knows that the 
applicant had been in business less than two years at the time the data 
was initially collected, as described in comment 107(a)(17)-1.ii or 
iii, it updates the data based on the assumption that the applicant had 
been in business for 12 months at the time of the prior collection. For 
example:
    i. If a financial institution previously collected data on a prior 
covered application that the applicant has been in business for four 
years, and then seeks to reuse that data for a subsequent covered 
application submitted one year later, it must update the data to 
reflect that the applicant has been in business for five years.
    ii. If a financial institution previously collected data on a prior 
covered application that the applicant had been in business less than 
two years (and was not aware of the business's actual length of time in 
business at the time), and then seeks to reuse that data for a 
subsequent covered application submitted 18 months later, the financial 
institution reports time in business on the subsequent covered 
application as over two years in business.
    9. Minority-owned business status, women-owned business status, 
LGBTQI+-owned business status, and principal owners' ethnicity, race, 
and sex. A financial institution may not reuse data to satisfy Sec.  
1002.107(a)(18) and (19) unless the data were collected in connection 
with a prior covered application pursuant to this subpart B. If the 
financial institution previously asked the applicant to provide its 
minority-owned business status, women-owned business status, and 
LGBTQI+-owned business status, and principal owners' ethnicity, race, 
and sex for purposes of Sec.  1002.107(a)(18) and (19), and the 
applicant declined to provide the information (such as by selecting ``I 
do not wish to provide this information'' or similar on a data 
collection form or by telling the financial institution that it did not 
wish to provide the information), the financial institution may use 
that response when reporting data for a subsequent application pursuant 
to Sec.  1002.107(d). However, if the applicant failed to respond (such 
as by leaving the response to the question blank or by failing to 
return a data collection form), the financial institution must inquire 
about the applicant's minority-owned business status, women-owned 
business status, LGBTQI+-owned business status, and principal owners' 
ethnicity, race, or sex, as applicable, in connection with a subsequent 
application because the data were not previously obtained. See also 
comment 107(a)(19)-11 concerning previously collected ethnicity, race, 
and sex information.

Section 1002.108--Firewall

108(a) Definitions
    1. Involved in making any determination concerning a covered 
application from a small business. i. General. An employee or officer 
is involved in making a determination concerning a covered application 
from a small business for purposes of Sec.  1002.108 if the employee or 
officer makes, or otherwise participates in, a decision regarding the 
evaluation of a covered application from a small business or the 
creditworthiness of a small business applicant for a covered credit 
transaction. This includes, but is not limited to, employees and 
officers serving as underwriters. The decision that an employee or 
officer makes or participates in must be about a specific covered 
application or about the creditworthiness of a specific applicant. An 
employee or officer is not involved in making a determination 
concerning a covered application if the employee or officer is only 
involved in making a decision that affects covered applications 
generally, or if the employee or officer only interacts with small 
businesses prior to them becoming applicants or submitting an 
application. An employee or officer may be participating in a 
determination concerning a covered application even if the employee or 
officer is not the ultimate decision maker or the sole decision maker. 
For example, an employee participates in a determination concerning a 
covered application if the employee recommends that another employee or 
officer approve or deny the application. Similarly, an employee or 
officer participates in a determination concerning a covered 
application if the employee or officer is part of a larger group, such 
as a committee, that makes

[[Page 35562]]

a determination concerning a covered application. For example, an 
employee participates in a decision if the employee is a member of a 
committee that approves the terms offered to an applicant for a covered 
application. This is true even if the employee does not support the 
committee's ultimate decision regarding the terms offered. Conversely, 
an employee or officer does not participate in a determination 
concerning a covered application if the employee or officer only 
performs ministerial functions for the committee, such as recording the 
minutes, or if the committee does not make a determination concerning a 
specific covered application.
    ii. Examples of activities that do not constitute being involved in 
making a determination concerning a covered application from a small 
business. The following are examples of activities that do not 
constitute being involved in making a determination concerning a 
covered application:
    A. Developing policies and procedures, designing or programming 
computer or other systems, or conducting marketing.
    B. Discussing credit products, loan terms, or loan requirements 
with a small business before it submits a covered application.
    C. Making or participating in a decision after the financial 
institution has taken final action on the covered application, such as 
a decision about servicing or collecting a covered credit transaction.
    D. Using a check box form to confirm whether an applicant has 
submitted all necessary documents or handling a minor or clerical 
matter during the application process, such as suggesting or selecting 
a time for an appointment with an applicant.
    E. Gathering information (including information collected pursuant 
to Sec.  1002.107(a)(18) or (19)) and forwarding the information or a 
covered application to other individuals or entities.
    F. Reviewing previously collected data to determine if it can be 
reused for a later covered application pursuant to Sec.  1002.107(d).
    iii. Examples of activities that constitute being involved in 
making a determination concerning a covered application from a small 
business. The following are examples of activities (done individually 
or as part of a group) that constitute being involved in making a 
determination concerning a covered application:
    A. Making or participating in a decision to approve or deny a 
specific covered application. This includes, but is not limited to, 
making or participating in a decision that an applicant does not 
satisfy one or more of the requirements for the covered credit 
transaction for which it has applied.
    B. Making or participating in a decision regarding the reason(s) 
for denial of a covered application.
    C. Making or participating in a decision that a guarantor or 
collateral is required in order to approve a specific covered 
application.
    D. Making or participating in a decision regarding the credit 
amount or credit limit that will be approved for a specific covered 
application.
    E. Making or participating in a decision to set one or more of the 
other terms that will be offered for a specific covered credit 
transaction. This includes, but is not limited to, making or 
participating in a decision regarding the interest rate, the loan term, 
or the payment schedule that will be offered for a specific covered 
credit transaction.
    F. Making or participating in a decision regarding a counteroffer 
made to a specific applicant, including a decision regarding the terms 
of such a counteroffer.
    G. Recommending that another decision maker approve or deny a 
specific covered application, provide a specific reason for denying a 
covered application, require a guarantor or collateral in order to 
approve a covered application, approve a credit amount or credit limit 
for a covered credit transaction, set one or more other terms for a 
covered credit transaction, make a counteroffer regarding a covered 
application, or set a specific term for such a counteroffer.
    2. Should have access. i. General. A financial institution may 
determine that an employee or officer who is involved in making a 
determination concerning a covered application from a small business 
should have access to information otherwise subject to the prohibition 
in Sec.  1002.108(b) if that employee or officer is assigned one or 
more job duties that may require the employee or officer to collect, 
see, consider, refer to, or otherwise use information subject to the 
prohibition in Sec.  1002.108(b). If the employee or officer might need 
to collect, see, consider, refer to, or use such information to perform 
the employee's or officer's assigned job duties, the financial 
institution may determine that the employee or officer should have 
access. For example, if a loan officer is involved in making a 
determination concerning a covered application and that loan officer's 
job description or the financial institution's policies and procedures 
state that the loan officer may need to collect information pursuant to 
Sec.  1002.107(a)(18) or (19), the financial institution may determine 
that the loan officer should have access.
    ii. When a group of employees or officers should have access. A 
financial institution may determine that all employees or officers with 
the same job description or assigned duties should have access for 
purposes of Sec.  1002.108. For example, if a job description, a 
policy, a procedure, or another document states that a loan officer may 
have to collect or explain any part of a data collection form that 
includes the inquiries described in Sec.  1002.107(a)(18) and (19), the 
financial institution may determine that all employees and officers who 
have been assigned the position of loan officer should have access for 
purposes of Sec.  1002.108.
    iii. Making a determination regarding who should have access. A 
financial institution is permitted to choose what lawful factors it 
will consider when determining whether an employee or officer should 
have access. A financial institution's determination that an employee 
or officer should have access may take into account relevant 
operational factors and lawful business practices. For example, a 
financial institution may consider its size, the number of employees 
and officers within the relevant line of business or at a particular 
branch or office location, and/or the number of covered applications 
the financial institution has received or expects to receive. 
Additionally, a financial institution may consider its current or its 
reasonably anticipated staffing levels, operations, systems, processes, 
policies, and procedures. A financial institution is not required to 
hire additional staff, upgrade its systems, change its lending or 
operational processes, or revise its policies or procedures for the 
sole purpose of limiting who should have access.
108(b) Prohibition on Access to Certain Information
    1. Scope of persons subject to the prohibition. The prohibition in 
Sec.  1002.108(b) applies to an employee or officer of a covered 
financial institution or its affiliate if the employee or officer is 
involved in making any determination concerning a covered application 
from a small business. For example, if a financial institution is 
affiliated with company B and an employee of company B is involved in 
making a determination concerning a covered application on behalf of 
the financial institution, then the financial institution must comply 
with Sec.  1002.108 with regard to company B's employee.

[[Page 35563]]

Section 1002.108 does not require a financial institution to limit the 
access of employees and officers of third parties who are not 
affiliates of the financial institution.
    2. Scope of information that cannot be accessed when the 
prohibition applies to an employee or officer. i. Information that 
cannot be accessed when the prohibition applies. If a particular 
employee or officer is involved in making a determination concerning a 
covered application from a small business, the prohibition in Sec.  
1002.108(b) only limits that employee's or officer's access to that 
small business applicant's responses to the inquiries that the covered 
financial institution makes to satisfy Sec.  1002.107(a)(18) and (19). 
For example, if a financial institution uses a paper data collection 
form to request information pursuant to Sec.  1002.107(a)(18) and (19), 
an employee or officer that is subject to the prohibition is not 
permitted access to the paper data collection form that contains the 
applicant's responses to the inquiries made pursuant to pursuant to 
Sec.  1002.107(a)(18) and (19), or to any other record that identifies 
how the particular applicant responded to those inquires. Similarly, if 
a financial institution makes the inquiries required pursuant to Sec.  
1002.107(a)(18) and (19) during a telephone call, the prohibition 
applies to the applicant's responses to those inquiries provided during 
that telephone call and to any record that identifies how the 
particular applicant responded to those inquiries.
    ii. Information that can be accessed when the prohibition applies. 
If a particular employee or officer is involved in making a 
determination concerning a covered application, the prohibition in 
Sec.  1002.108(b) does not limit that employee's or officer's access to 
an applicant's responses to inquiries regarding whether the applicant 
is a minority-owned, women-owned, or LGBTQI+-owned business, or 
principal owners' ethnicity, race, or sex, made for purposes other than 
compliance with Sec.  1002.107(a)(18) or (19). Thus, for example, an 
employee or officer who is subject to the prohibition in Sec.  
1002.108(b) may have access to information regarding whether an 
applicant is eligible for a Small Business Administration program for 
women-owned businesses without regard to whether the exception in Sec.  
1002.108(c) is satisfied. Additionally, an employee or officer who 
knows that an applicant is a minority-owned business, women-owned 
business, or LGBTQI+-owned business, or who knows the ethnicity, race, 
or sex of any of the applicant's principal owners due to activities 
unrelated to the inquiries made to satisfy the financial institution's 
obligations under Sec.  1002.107(a)(18) and (19) is not prohibited from 
making a determination concerning the applicant's covered application. 
Thus, an employee or officer who knows, for example, that an applicant 
is a minority-owned business due to a social relationship or another 
professional relationship with the applicant or any of its principal 
owners may make determinations concerning the applicant's covered 
application. Furthermore, an employee or officer that is involved in 
making a determination concerning a covered application may see, 
consider, refer to, or use data collected to satisfy aspects of Sec.  
1002.107 other than Sec.  1002.107(a)(18) or (19), such as gross annual 
revenue, number of workers, and time in business.
108(c) Exception to the Prohibition on Access to Certain Information
    1. General. A financial institution is not required to limit the 
access of an employee or officer who is involved in making 
determinations concerning a covered application from a small business 
if the financial institution determines that the particular employee or 
officer should have access to the information collected pursuant to 
Sec.  1002.107(a)(18) or (19), and the financial institution provides 
the notice required by Sec.  1002.108(d). A financial institution is 
not required to perform a separate analysis of the feasibility of 
maintaining a firewall. A determination that an employee or officer 
should have access means that it is not feasible to maintain a firewall 
as to that particular employee or officer, and the exception applies to 
that employee or officer if the financial institution provides the 
notice required by Sec.  1002.108(d). However, the fact that a 
financial institution has made a determination that an employee or 
officer should have access does not mean that the financial institution 
can permit other employees and officers who are involved in making 
determinations concerning a covered application to have access to the 
information collected pursuant to Sec.  1002.107(a)(18) and (19). A 
financial institution may only permit an employee or officer who is 
involved in making a determination concerning a covered application to 
have access to information collected pursuant to Sec.  1002.107(a)(18) 
and (19) if it has determined that employee or officer or a group of 
which the employee or officer is a member should have access to the 
information.
    2. Applying the exception to a specific employee or officer or 
group of similarly situated employees or officers. The exception 
applies to an employee or officer if the financial institution 
determines that the employee or officer should have access to the 
information collected pursuant to Sec.  1002.107(a)(18) or (19), and 
the financial institution provides the notice required by Sec.  
1002.108(d). A financial institution can also determine that several 
employees and officers should have access, that all of a group of 
similarly situated employees or officers should have access, and that 
multiple groups of similarly situated employees or officers should have 
access to information collected pursuant to Sec.  1002.107(a)(18) or 
(19). See also comment 108(a)-2. For example, a financial institution 
could determine that all its small business loan officers, small 
business loan processors, compliance officers, and legal officers 
should have access. If the financial institution provides the notice 
required in Sec.  1002.108(d), the financial institution may permit all 
of its small business loan officers, small business loan processors, 
compliance officers, and legal officers to have access. However, the 
financial institution cannot permit other employees and officers to 
have access simply because it has determined that the small business 
loan officers, loan processors, compliance officers, and legal officers 
should have access. For example, in this case, the financial 
institution may not permit its underwriters or chief executive officer 
to have access to the information collected from the applicant pursuant 
to Sec.  1002.107(a)(18) or (19) if they are involved in making any 
determination concerning a covered application, unless the financial 
institution also determines that they should have access. This would be 
true even if the chief executive officer or underwriter had some of the 
same assigned duties as a loan officer, such as being a member of a 
credit committee, but has not been assigned the task(s) that may 
require access to one or more applicants' responses to the financial 
institution's inquiries under Sec.  1002.107(a)(18) or (19). If the 
financial institution separately determines that underwriters and the 
chief executive officer should have access, then the underwriters and 
chief executive officer may also have access.
108(d) Notice
    1. General. If a financial institution determines that one or more 
employees or officers should have access pursuant to Sec.  1002.108(c), 
the financial institution must provide the required notice to, at

[[Page 35564]]

a minimum, the applicant or applicants whose responses will be accessed 
by an employee or officer involved in making determinations concerning 
the applicant's or applicants' covered applications. Alternatively, a 
financial institution may also provide the required notice to 
applicants whose responses will not or might not be accessed. For 
example, a financial institution could provide the notice to all 
applicants for covered credit transactions or all applicants for a 
specific type of product.
    2. Content of the required notice. The notice must inform the 
applicant that one or more employees and officers involved in making 
determinations concerning the applicant's covered application may have 
access to the applicant's responses regarding the applicant's minority-
owned business status, women-owned business status, LGBTQI+-owned 
business status, and its principal owners' ethnicity, race, and sex. 
See the sample data collection form in appendix E to this part for 
sample language for providing this notice to applicants. If a financial 
institution establishes and maintains a firewall and chooses to use the 
sample data collection form, the financial institution can delete this 
sample language from the form.
    3. Timing for providing the notice. If the financial institution is 
providing the notice orally, it must provide the notice required by 
Sec.  1002.108(d) prior to asking the applicant if it is a minority-
owned business, women-owned business, or LGBTQI+-owned business and 
prior to asking for a principal owner's ethnicity, race, or sex. If the 
notice is provided on the same paper or electronic data collection form 
as the inquiries about minority-owned business status, women-owned 
business status, LGBTQI+-owned business status and the principal 
owners' ethnicity, race, or sex, the notice must appear before the 
inquiries. If the notice is provided in an electronic or paper document 
that is separate from the data collection form, the notice must be 
provided at the same time as the data collection form or prior to 
providing the data collection form. Additionally, the notice must be 
provided with the non-discrimination notices required pursuant to Sec.  
1002.107(a)(18) and (19). See appendix E for sample language.

Section 1002.109--Reporting of Data to the Bureau

109(a) Reporting to the Bureau
109(a)(2) Reporting by Subsidiaries
    1. Subsidiaries. A covered financial institution is considered a 
subsidiary of another covered financial institution for purposes of 
reporting data pursuant to Sec.  1002.109 if more than 50 percent of 
the ownership or control of the first covered financial institution is 
held by the second covered financial institution.
109(a)(3) Reporting Obligations Where Multiple Financial Institutions 
Are Involved in a Covered Credit Transaction
    1. General. The following clarifies how to report applications 
involving more than one financial institution. The discussion below 
assumes that all parties involved with the covered credit transaction 
are covered financial institutions. However, the same principles apply 
if any party is not a covered financial institution.
    i. A financial institution shall report the action that it takes on 
a covered application, whether or not the covered credit transaction 
closed in the financial institution's name and even if the financial 
institution used underwriting criteria supplied by another financial 
institution. However, where it is necessary for more than one financial 
institution to make a credit decision in order to approve a single 
covered credit transaction, only the last financial institution with 
authority to set the material terms of the covered credit transaction 
is required to report. Setting the material terms of the covered credit 
transaction include, for example, selecting among competing offers, or 
modifying pricing information, amount approved or originated, or 
repayment duration. In this situation, the determinative factor is not 
which financial institution actually made the last credit decision 
prior to closing, but rather which financial institution last had the 
authority for setting the material terms of the covered credit 
transaction prior to closing. Whether a financial institution has taken 
action for purposes of Sec.  1002.109(a)(3) and comment 109(a)(3)-1 is 
not relevant to, and is not intended to repeal, abrogate, annul, 
impair, or interfere with, section 701(d) (15 U.S.C. 1691(d)) of the 
Act, Sec.  1002.9, or any other provision within subpart A of this 
Regulation.
    ii. A financial institution takes action on a covered application 
for purposes of Sec.  1002.109(a)(3) if it denies the application, 
originates the application, approves the application but the applicant 
did not accept the transaction, or closes the file or denies for 
incompleteness. The financial institution must also report the 
application if it was withdrawn. For reporting purposes, it is not 
relevant whether the financial institution receives the application 
directly from the applicant or indirectly through another party, such 
as a broker, or (except as otherwise provided in comment 109(a)(3)-1.i) 
whether another financial institution also reviews and reports an 
action taken on a covered application involving the same credit 
transaction.
    iii. Where it is necessary for more than one financial institution 
to make a credit decision in order to approve a single covered credit 
transaction and where more than one financial institution denies the 
application or otherwise does not approve the application, the 
reporting financial institution (the last financial institution with 
authority to set the material terms of the covered credit transaction) 
shall have a consistent procedure for determining how it reports 
inconsistent or differing data points for purposes of subpart B. For 
example, Financial Institution A is the reporting entity because it has 
the last authority to set the material credit terms. Financial 
Institution A sends the application to Financial Institution B and 
Financial Institution C for review, but both Financial Institution B 
and Financial Institution C deny the application, with different denial 
reasons. Based on these denials, Financial Institution A follows suit 
and denies the application. Financial Institution A must have a 
consistent procedure for what denial reason(s) to report, such as 
reporting the denial reason(s) from the first financial institution 
that denied the covered application.
    2. Examples. The following scenarios illustrate how a financial 
institution reports a particular covered application. The illustrations 
assume that all parties involved with the covered credit transaction 
are covered financial institutions. However, the same principles apply 
if any party is not a covered financial institution. Examples i through 
iv involve a single financial institution with responsibility for 
making a credit decision without the involvement of an intermediary. 
Example v describes a financial institution intermediary with only 
passive involvement in the covered credit transaction. Example vi 
describes a transaction where multiple financial institutions 
independently decision and take action on a covered application. 
Examples vii and viii describe situations where more than one financial 
institution must make a credit decision in order to approve the covered 
credit transaction. Examples ix and x describe situations involving 
pooled and participation interests.
    i. Financial Institution A received a covered application from an 
applicant

[[Page 35565]]

and approved the application before closing the covered credit 
transaction in its name. Financial Institution A was not acting as 
Financial Institution B's agent. Financial Institution B later 
purchased the covered credit transaction from Financial Institution A. 
Financial Institution A was not acting as Financial Institution B's 
agent. Financial Institution A reports the application. Financial 
Institution B has no reporting obligation for this transaction.
    ii. Financial Institution A received a covered application from an 
applicant. If approved, the covered credit transaction would have 
closed in Financial Institution B's name. Financial Institution A 
denied the application without sending it to Financial Institution B 
for approval. Financial Institution A was not acting as Financial 
Institution B's agent. Since Financial Institution A took action on the 
application, Financial Institution A reports the application as denied. 
Financial Institution B does not report the application.
    iii. Financial Institution A reviewed a covered application and 
made a credit decision to approve it using the underwriting criteria 
provided by a Financial Institution B. Financial Institution B did not 
review the application and did not make a credit decision prior to 
closing. Financial Institution A was not acting as Financial 
Institution B's agent. Financial Institution A reports the application. 
Financial Institution B has no reporting obligation for this 
application.
    iv. Financial Institution A reviewed and made the credit decision 
on a covered application based on the criteria of a third-party insurer 
or guarantor (for example, a government or private insurer or 
guarantor). Financial Institution A reports the action taken on the 
application.
    v. Financial Institution A received a covered application from an 
applicant and forwarded that application to Financial Institution B. 
Financial Institution B reviewed the application and made a credit 
decision approving the application prior to closing. The covered credit 
transaction closed in Financial Institution A's name. Financial 
Institution B purchased the covered credit transaction from Financial 
Institution A after closing. Financial Institution B was not acting as 
Financial Institution A's agent. Since Financial Institution B made the 
credit decision prior to closing, and Financial Institution A's 
approval was not necessary for the credit transaction, Financial 
Institution B reports the origination. Financial Institution A does not 
report the application. Assume the same facts, except that Financial 
Institution B reviewed the application before the covered credit 
transaction would have closed, but Financial Institution B denied the 
application. Financial Institution B reports the application as denied. 
Financial Institution A does not report the application because it did 
not take an action on the application. If, under the same facts, the 
application was withdrawn before Financial Institution B made a credit 
decision, Financial Institution B would report the application as 
withdrawn and Financial Institution A would not report the application 
for the same reason.
    vi. Financial Institution A received a covered application and 
forwarded it to Financial Institutions B and C. Financial Institution A 
made a credit decision, acting as Financial Institution D's agent, and 
approved the application. Financial Institutions B and C are not 
working together with Financial Institutions A or D, or with each 
other, and are solely responsible for setting the terms of their own 
credit transactions. Financial Institution B made a credit decision 
approving the application, and Financial Institution C made a credit 
decision denying the application. The applicant did not accept the 
covered credit transaction from Financial Institution D. Financial 
Institution D reports the application as approved but not accepted. 
Financial Institution A does not report the application, because it was 
acting as Financial Institution D's agent. The applicant accepted the 
offer of credit from Financial Institution B, and credit was extended. 
Financial Institution B reports the application as originated. 
Financial Institution C reports the application as denied.
    vii. Financial Institution A received a covered application and 
made a credit decision to approve it using the underwriting criteria 
provided by Financial Institution B. Financial Institution A was not 
acting as Financial Institution B's agent. Financial Institution A 
forwarded the application to Financial Institution B. Financial 
Institution B reviewed the application and made a credit decision 
approving the application prior to closing. Financial Institution A 
makes a credit decision on the application and modifies the credit 
terms (the interest rate and repayment term) offered by Financial 
Institution B. The covered credit transaction reflecting the modified 
terms closes in Financial Institution A's name. Financial Institution B 
purchases the covered credit transaction from Financial Institution A 
after closing. As the last financial institution with the authority for 
setting the material terms of the covered credit transaction, Financial 
Institution A reports the application as originated. Financial 
Institution B does not report the origination because it was not the 
last financial institution with the authority to set the material terms 
on the application. If, under the same facts, Financial Institution A 
did not modify the credit terms offered by Financial Institution B, 
Financial Institution A still reports the application as originated 
because it was still the last financial institution with the authority 
for setting the material terms, even if it chose not to so do in a 
particular instance. Financial Institution B does not report the 
origination.
    viii. Financial Institution A received a covered application and 
forwarded it to Financial Institutions B, C, and D. Financial 
Institution A was not acting as anyone's agent. Financial Institution B 
and C reviewed the application and made a credit decision approving the 
application and Financial Institution D reviewed the application and 
made a credit decision denying the application. Prior to closing, 
Financial Institution A makes a credit decision on the application by 
deciding to offer to the applicant the credit terms offered by 
Financial Institution B and does not convey to the applicant the credit 
terms offered by Financial Institution C. The applicant does not accept 
the covered credit transaction. As the last financial institution with 
the authority for setting the material terms of the covered credit 
transaction, Financial Institution A reports the application as 
approved but not accepted. Financial Institutions B, C, and D do not 
report the application because they were not the last financial 
institution with the authority for setting the material terms of the 
covered credit transaction. Assume the same facts, except the applicant 
accepts the terms of the covered credit transaction from Financial 
Institution B as offered by Financial Institution A. The covered credit 
transaction closes in Financial Institution A's name. Financial 
Institution B purchases the transaction after closing. Here, Financial 
Institution A reports the application as originated. Financial 
Institutions B, C, and D do not report the application because they 
were not the last financial institution responsible for setting the 
material terms of the covered credit transaction.
    ix. Financial Institution A receives a covered application and 
approves it, and then Financial Institution A elects to organize a loan 
participation agreement where Financial Institutions B and C agree to 
purchase a partial interest in the covered credit

[[Page 35566]]

transaction. Financial Institution A reports the application. Financial 
Institutions B and C have no reporting obligation for this application.
    x. Financial Institution A purchases an interest in a pool of 
covered credit transactions, such as credit-backed securities or real 
estate investment conduits. Financial Institution A does not report 
this purchase.
    3. Agents. If a covered financial institution takes action on a 
covered application through its agent, the financial institution 
reports the application. For example, acting as Financial Institution 
A's agent, Financial Institution B approved an application prior to 
closing and a covered credit transaction was originated. Financial 
Institution A reports the covered credit transaction as an origination. 
State law determines whether one party is the agent of another.
109(b) Financial Institution Identifying Information
    1. Changes to financial institution identifying information. If a 
financial institution's information required pursuant to Sec.  
1002.109(b) changes, the financial institution shall provide the new 
information with the data submission for the collection year of the 
change. For example, assume two financial institutions that previously 
reported data under subpart B of this part merge and the surviving 
institution retained its Legal Entity Identifier but obtained a new TIN 
in February 2026. The surviving institution must report the new TIN 
with its data submission for its 2026 data (which is due by June 1, 
2027) pursuant to Sec.  1002.109(b)(5). Likewise, if that financial 
institution's Federal prudential regulator changes in February 2026 as 
a result of the merger, it must identify its new Federal prudential 
regulator in its annual submission for its 2026 data.
Paragraph 109(b)(4)
    1. Federal prudential regulator. For purposes of Sec.  
1002.109(b)(4), Federal prudential regulator means, if applicable, the 
Federal prudential regulator for a financial institution that is a 
depository institution as determined pursuant to section 3q of the 
Federal Deposit Insurance Act (12 U.S.C. 1813(q)), including the Office 
of the Comptroller of the Currency, the Federal Deposit Insurance 
Corporation, or the Board of Governors of the Federal Reserve System; 
or the National Credit Union Administration Board for financial 
institutions that are Federal credit unions.
Paragraph 109(b)(6)
    1. Legal Entity Identifier (LEI). A Legal Entity Identifier is a 
utility endorsed by the LEI Regulatory oversight committee, or a 
utility endorsed or otherwise governed by the Global LEI Foundation 
(GLEIF) (or any successor of the GLEIF) after the GLEIF assumes 
operational governance of the global LEI system. A financial 
institution complies with Sec.  1002.109(b)(6) by reporting its current 
LEI number. A financial institution that does not currently possess an 
LEI number must obtain an LEI number, and has an ongoing obligation to 
maintain the LEI number. The GLEIF website provides a list of LEI 
issuing organizations. A financial institution may obtain an LEI, for 
purposes of complying with Sec.  1002.109(b)(6), from any one of the 
issuing organizations listed on the GLEIF website.
Paragraph 109(b)(7)
    1. RSSD ID number. The RSSD ID is a unique identifying number 
assigned to institutions, including main offices and branches, by the 
Board of Governors of the Federal Reserve System. A financial 
institution's RSSD ID may be found on the website of the National 
Information Center, which provides comprehensive financial and 
structure information on banks and other institutions for which the 
Federal Reserve Board has a supervisory, regulatory, or research 
interest including both domestic and foreign banking organizations that 
operate in the United States. If a financial institution does not have 
an RSSD ID, it reports that this information is not applicable.
Paragraph 109(b)(8)
    1. Immediate parent entity. An entity is the immediate parent of a 
financial institution for purposes of Sec.  1002.109(b)(8)(i) through 
(iii) if it is a separate entity that directly owns more than 50 
percent of the financial institution.
    2. Top-holding parent entity. An entity is the top-holding parent 
of a financial institution for purposes of Sec.  1002.109(b)(8)(iv) 
through (vi) if it ultimately owns more than 50 percent of the 
financial institution, and the entity itself is not controlled by any 
other entity. If the immediate parent entity and the top-holding parent 
entity are the same, the financial institution reports that Sec.  
1002.109(b)(8)(iv) through (vi) are not applicable.
    3. LEI. For purposes of Sec.  1002.109(b)(8)(ii) and (v), a 
financial institution shall report the LEI of a parent entity if the 
parent entity has an LEI number. If a financial institution's parent 
entity does not have an LEI, the financial institution reports that 
this information is not applicable.
    4. RSSD ID numbers. For purposes of Sec.  1002.109(b)(8)(iii) and 
Sec.  1002.109(b)(8)(vi), a financial institution shall report the RSSD 
ID number of a parent entity if the entity has an RSSD ID number. If a 
financial institution's parent entity does not have an RSSD ID, the 
financial institution reports that this information is not applicable.
Paragraph 109(b)(9)
    1. Type of financial institution. A financial institution complies 
with Sec.  1002.109(b)(9) by selecting the applicable type or types of 
financial institution from the list below. A financial institution 
shall select all applicable types.
    i. Bank or savings association.
    ii. Minority depository institution.
    iii. Credit union.
    iv. Nondepository institution.
    v. Community development financial institution (CDFI).
    vi. Other nonprofit financial institution.
    vii. Farm Credit System institution.
    viii. Government lender.
    ix. Commercial finance company.
    x. Equipment finance company.
    xi. Industrial loan company.
    xii. Online lender.
    xiii. Other.
    2. Use of ``other'' for type of financial institution. A financial 
institution reports type of financial institution as ``other'' where 
none of the enumerated types of financial institution appropriately 
describe the applicable type of financial institution, and the 
institution reports the type of financial institution via free-form 
text field. A financial institution that selects at least one type from 
the list is permitted, but not required, to also report ``other'' (with 
appropriate free-form text) if there is an additional aspect of its 
business that is not one of the enumerated types set out in comment 
109(b)(9)-1.
    3. Additional types of financial institution. The Bureau may add 
additional types of financial institutions via the Filing Instructions 
Guide and related materials. Refer to the Filing Instructions Guide for 
any updates for each reporting year.
Paragraph 109(b)(10)
    1. Financial institutions that voluntarily report covered 
applications under subpart B of this part. A financial institution that 
is not a covered financial institution pursuant to Sec.  1002.105(b) 
but that elects to voluntarily compile, maintain, and

[[Page 35567]]

report data under Sec. Sec.  1002.107 through 1002.109 (see comment 
105(b)-10) complies with Sec.  1002.109(b)(10) by selecting ``voluntary 
reporter.''

Section 1002.110--Publication of Data and Other Disclosures

110(c) Statement of Financial Institution's Small Business Lending Data 
Available on the Bureau's Website
    1. Statement. A financial institution shall provide the statement 
required by Sec.  1002.110(c) using the following, or substantially 
similar, language:
Small Business Lending Data Notice
    Data about our small business lending are available online for 
review at the Consumer Financial Protection Bureau's (CFPB's) website 
at https://www.consumerfinance.gov/data-research/small-business-lending/. The data show the geographic distribution of our small 
business lending applications; information about our loan approvals and 
denials; and demographic information about the principal owners of our 
small business applicants. The CFPB may delete or modify portions of 
our data prior to posting it if doing so would advance a privacy 
interest. Small business lending data for many other financial 
institutions are also available at this website.
    2. Website. A financial institution without a website complies with 
Sec.  1002.110(c) by making a written statement using the language in 
comment 110(c)-1, or substantially similar language, available upon 
request.
    3. Revised location for publicly available data. The Bureau may 
modify the location specified in comment 110(c)-1 at which small 
business lending data are available via the Filing Instructions Guide 
and related materials. Refer to the Filing Instructions Guide for any 
updates for each reporting year.

Section 1002.111--Recordkeeping

111(a) Record Retention
    1. Evidence of compliance. Section 1002.111(a) requires a financial 
institution to retain evidence of compliance with subpart B of this 
part for at least three years after its small business lending 
application register is required to be submitted to the Bureau pursuant 
to Sec.  1002.109. In addition to the financial institution's small 
business lending application register, such evidence of compliance is 
likely to include, but is not limited to, the applications for credit 
from which information in the register is drawn, as well as the files 
or documents that, under Sec.  1002.111(b), are kept separate from the 
applications for credit. This three-year record retention requirement 
applies to any records covered by Sec.  1002.111(a), notwithstanding 
the more general 12-month retention period for records related to 
business credit specified in Sec.  1002.12(b).
    2. Record retention for creditors under Sec.  1002.5(a)(4)(vii) and 
(viii). A creditor that is voluntarily, under Sec.  1002.5(a)(4)(vii) 
and (viii), collecting information pursuant to subpart B of this part 
complies with Sec.  1002.111(a) by retaining evidence of compliance 
with subpart B for at least three years after June 1 of the year 
following the year that data was collected.
111(b) Certain Information Kept Separate From the Rest of the 
Application
    1. Separate from the application. A financial institution may 
satisfy the requirement in Sec.  1002.111(b) by keeping an applicant's 
responses to the financial institution's request pursuant to Sec.  
1002.107(a)(18) and (19) in a file or document that is discrete or 
distinct from the application and its accompanying information. For 
example, such information could be collected on a piece of paper that 
is separate from the rest of the application form. In order to satisfy 
the requirement in Sec.  1002.111(b), an applicant's responses to the 
financial institution's request pursuant to Sec.  1002.107(a)(18) and 
(19) need not be maintained in a separate electronic system, nor need 
they be removed from the physical files containing the application so 
long as there is some separation between the demographic information 
and the rest of the application and its accompanying information. 
However, the financial institution may nonetheless need to keep this 
information in a different electronic or physical file in order to 
satisfy the prohibition in Sec.  1002.108(b).
    2. Number of principal owners. A financial institution is permitted 
to maintain information regarding the applicant's number of principal 
owners pursuant to Sec.  1002.107(a)(20) with an applicant's responses 
to the financial institution's request pursuant to Sec.  
1002.107(a)(18) and (19).
111(c) Limitation on Personally Identifiable Information in Certain 
Records Retained Under This Section
    1. Small business lending application register. The prohibition in 
Sec.  1002.111(c) applies to data in the small business lending 
application register submitted by the financial institution to the 
Bureau under Sec.  1002.109, the version of the register that the 
financial institution maintains under Sec.  1002.111(a), and the 
separate record of certain information created pursuant to Sec.  
1002.111(b).
    2. Examples. Section 1002.111(c) prohibits a financial institution 
from including any name, specific address (other than the census tract 
required under Sec.  1002.107(a)(13)), telephone number, or email 
address of any individual who is, or is connected with, an applicant in 
the small business lending application register it reports pursuant to 
Sec.  1002.109, in the copy of the register the financial institution 
retains under Sec.  1002.111(a), and in the records of certain 
information it must retain separately from the application pursuant to 
Sec.  1002.111(b). It likewise prohibits a financial institution from 
including any other personally identifiable information concerning any 
individual who is, or is connected with, an applicant, except as 
required pursuant to Sec.  1002.107 or Sec.  1002.111(b). Examples of 
such personally identifiable information that a financial institution 
may not include in its small business lending application register 
include, but are not limited to, the following: date of birth, Social 
Security number, official government-issued driver's license or 
identification number, alien registration number, government passport 
number, or employer or taxpayer identification number.
    3. Other records. The prohibition in Sec.  1002.111(c) does not 
extend to an application for credit, or any other records that the 
financial institution maintains that are not specifically enumerated in 
Sec.  1002.111(c).
    4. Name and business contact information for submission. The 
prohibition in Sec.  1002.111(c) does not bar financial institutions 
from providing to the Bureau, pursuant to Sec.  1002.109(b)(3), the 
name and business contact information of the person who may be 
contacted by the Bureau or other regulators with questions about the 
financial institution's submission under Sec.  1002.109.

Section 1002.112--Enforcement

112(b) Bona Fide Errors
    1. Tolerances for bona fide errors. Section 1002.112(b) provides 
that a financial institution is presumed to maintain procedures 
reasonably adapted to avoid errors with respect to a given data field 
if the number of errors found in a random sample of the financial 
institution's data submission for the data field does not equal or 
exceed a threshold specified by the Bureau for this purpose. The 
Bureau's thresholds

[[Page 35568]]

appear in column C of the table in appendix F. The size of the random 
sample, set out in column B, shall depend on the size of the financial 
institution's small business lending application register, as shown in 
column A of the table in appendix F. A financial institution has not 
maintained procedures reasonably adapted to avoid errors if either 
there is a reasonable basis to believe the error was intentional or 
there is evidence that the financial institution has not maintained 
procedures reasonably adapted to avoid errors.
    2. Tolerances and data fields. For purposes of determining whether 
an error is bona fide under Sec.  1002.112(b), the term ``data field'' 
generally refers to individual fields. All required data fields, and 
valid response options for those fields, are set forth in the Bureau's 
Filing Instructions Guide, available at https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/. Some data fields may allow for more than one 
response. For example, with respect to information on the ethnicity and 
race of an applicant's principal owner, a data field may identify more 
than one race or ethnicity. If there are one or more errors within an 
ethnicity data field, or within a race data field, for a particular 
principal owner, they would count as one (and only one) error for that 
data field. For instance, in the ethnicity data field, if an applicant 
indicates that one of its principal owners is Cuban, but the financial 
institution reports that the principal owner is Mexican and Puerto 
Rican, the financial institution has made one error in the ethnicity 
data field for that principal owner. For purposes of the error 
threshold table in appendix F, the financial institution is deemed to 
have made one error, not two.
    3. Tolerances and safe harbors. An error that meets the criteria 
for one of the four safe harbor provisions in Sec.  1002.112(c) is not 
counted as an error for purposes of determining whether a financial 
institution has exceeded the relevant error threshold in appendix F for 
a given data field.
112(c) Safe Harbors
    1. Information from a Federal agency--census tract. Section 
1002.112(c)(2) provides that an incorrect entry for census tract is not 
a violation of the Act or subpart B of this part, if the financial 
institution obtained the census tract using a geocoding tool provided 
by the FFIEC or the Bureau. However, this safe harbor provision does 
not extend to a financial institution's failure to provide the correct 
census tract number for a covered application on its small business 
lending application register, as required by Sec.  1002.107(a)(13), 
because the FFIEC or Bureau geocoding tool did not return a census 
tract for the address provided by the financial institution. In 
addition, this safe harbor provision does not extend to a census tract 
error that results from a financial institution entering an inaccurate 
address into the FFIEC or Bureau geocoding tool.
    2. Applicability of NAICS code safe harbor. The safe harbor in 
Sec.  1002.112(c)(3) applies to an incorrect entry for the 3-digit 
NAICS code that financial institutions must collect and report pursuant 
to Sec.  1002.107(a)(15), provided certain conditions are met. For 
purposes of Sec.  1002.112(c)(3)(i), a financial institution is 
permitted to rely on statements made by the applicant, information 
provided by the applicant, or on other information obtained through its 
use of appropriate third-party sources, including business information 
products. See also comments 107(a)(15)-4 and 107(b)-1.
    3. Incorrect determination of small business status, covered credit 
transaction, or covered application--examples. Section 1002.112(c)(4) 
provides a safe harbor from violations of the Act or this regulation 
for a financial institution that initially collects data under Sec.  
1002.107(a)(18) and (19) regarding whether an applicant for a covered 
credit transaction is a minority-owned, a women-owned, or LGBTQI+-owned 
business, and the ethnicity, race, and sex of the applicant's principal 
owners, but later concludes that it should not have collected this 
data, if certain conditions are met. Specifically, to qualify for this 
safe harbor, Sec.  1002.112(c)(4) requires that the financial 
institution have had a reasonable basis at the time it collected data 
under Sec.  1002.107(a)(18) and (19) for believing that the application 
was a covered application for a covered credit transaction from a small 
business pursuant to Sec. Sec.  1002.103, 1002.104, and 1002.106, 
respectively. For example, Financial Institution A collected data under 
Sec.  1002.107(a)(18) and (19) from an applicant for a covered credit 
transaction that had self-reported its gross annual revenue as $4.8 
million. Sometime after Financial Institution A had collected this data 
from the applicant, the financial institution reviewed the applicant's 
tax returns, which indicated the applicant's gross annual revenue was 
in fact $5.2 million. Financial Institution A is permitted to rely on 
representations made by the applicant regarding gross annual revenue in 
determining whether an applicant is a small business (see Sec.  
1002.107(b) and comments 106(b)(1)-3 and 107(a)(14)-1). Thus, Financial 
Institution A may have had a reasonable basis to believe, at the time 
it collected data under Sec.  1002.107(a)(18) and (19), that the 
applicant was a small business pursuant to Sec.  1002.106, in which 
case Financial Institution A's collection of such data would not 
violate the Act or this regulation.

Section 1002.114--Effective Date, Compliance Date, and Special 
Transition Rules

114(b) Compliance Date
    1. Application of compliance date. The applicable compliance date 
in Sec.  1002.114(b) is the date by which the covered financial 
institution must begin to compile data as specified in Sec.  1002.107, 
comply with the firewall requirements of Sec.  1002.108, and begin to 
maintain records as specified in Sec.  1002.111. In addition, the 
covered financial institution must comply with Sec.  1002.110(c) and 
(d) no later than June 1 of the year after the applicable compliance 
date. For instance, if Sec.  1002.114(b)(2) applies to a financial 
institution, it must comply with Sec. Sec.  1002.107 and 1002.108, and 
portions of Sec.  1002.111, beginning April 1, 2025, and it must comply 
with Sec.  1002.110(c) and (d), and portions of Sec.  1002.111, no 
later than June 1, 2026.
    2. Initial partial year collections pursuant to Sec.  1002.114(b). 
i. When the compliance date of October 1, 2024 specified in Sec.  
1002.114(b)(1) applies to a covered financial institution, the 
financial institution is required to collect data for covered 
applications during the period from October 1, 2024 to December 31, 
2024. The financial institution must compile data for this period 
pursuant to Sec.  1002.107, comply with the firewall requirements of 
Sec.  1002.108, and maintain records as specified in Sec.  1002.111. In 
addition, for data collected during this period, the covered financial 
institution must comply with Sec. Sec.  1002.109 and 1002.110(c) and 
(d) by June 1, 2025.
    ii. When the compliance date of April 1, 2025 specified in Sec.  
1002.114(b)(2) applies to a covered financial institution, the 
financial institution is required to collect data for covered 
applications during the period from April 1, 2025 to December 31, 2025. 
The financial institution must compile data for this period pursuant to 
Sec.  1002.107, comply with the firewall requirements of Sec.  
1002.108, and maintain records as specified in Sec.  1002.111. In 
addition, for data collected during this period, the covered financial 
institution must

[[Page 35569]]

comply with Sec. Sec.  1002.109 and 1002.110(c) and (d) by June 1, 
2026.
    3. Informal names for compliance date provisions. To facilitate 
discussion of the compliance dates specified in Sec.  1002.114(b)(1), 
(2), and (3), in the official commentary and any other documents 
referring to these compliance dates, the Bureau adopts the following 
informal simplified names. Tier 1 refers to the cohort of covered 
financial institutions that have a compliance date of October 1, 2024 
pursuant to Sec.  1002.114(b)(1). Tier 2 refers to the cohort of 
covered financial institutions that have a compliance date of April 1, 
2025 pursuant to Sec.  1002.114(b)(2). Tier 3 refers to the cohort of 
covered financial institutions that have a compliance date of January 
1, 2026 pursuant to Sec.  1002.114(b)(3).
    4. Examples. The following scenarios illustrate how to determine 
whether a financial institution is a covered financial institution and 
which compliance date specified in Sec.  1002.114(b) applies.
    i. Financial Institution A originated 3,000 covered credit 
transactions for small businesses in calendar year 2022, and 3,000 in 
calendar year 2023. Financial Institution A is in Tier 1 and has a 
compliance date of October 1, 2024.
    ii. Financial Institution B originated 2,000 covered credit 
transactions for small businesses in calendar year 2022, and 3,000 in 
calendar year 2023. Because Financial Institution B did not originate 
at least 2,500 covered credit transactions for small businesses in each 
of 2022 and 2023, it is not in Tier 1. Because Financial Institution B 
did originate at least 500 covered credit transactions for small 
businesses in each of 2022 and 2023, it is in Tier 2 and has a 
compliance date of April 1, 2025.
    iii. Financial Institution C originated 400 covered credit 
transactions to small businesses in calendar year 2022, and 1,000 in 
calendar year 2023. Because Financial Institution C did not originate 
at least 2,500 covered credit transactions for small businesses in each 
of 2022 and 2023, it is not in Tier 1, and because it did not originate 
at least 500 covered credit transactions for small businesses in each 
of 2022 and 2023, it is not in Tier 2. Because Financial Institution C 
did originate at least 100 covered credit transactions for small 
businesses in each of 2022 and 2023, it is in Tier 3 and has a 
compliance date of January 1, 2026.
    iv. Financial Institution D originated 90 covered credit 
transactions to small businesses in calendar year 2022, 120 in calendar 
year 2023, and 90 in both of the calendar years 2024 and 2025. Because 
Financial Institution D did not originate at least 100 covered credit 
transactions for small businesses in each of 2022 and 2023, it is not 
in Tier 1, Tier 2, or Tier 3. Because Financial Institution D did not 
originate at least 100 covered credit transactions for small businesses 
in subsequent consecutive calendar years, it is not a covered financial 
institution under Sec.  1002.105(b) and is not required to comply with 
the rule in 2024, 2025, or 2026.
    v. Financial Institution E originated 120 covered credit 
transactions for small businesses in each of calendar years 2022, 2023, 
and 2024, and 90 in 2025. Because Financial Institution E did not 
originate at least 2,500 or 500 covered credit transactions for small 
businesses in each of 2022 and 2023, it is not in Tier 1 or Tier 2. 
Because Financial Institution E originated at least 100 covered credit 
transactions for small businesses in each of 2022 and 2023, it is in 
Tier 3 and has a compliance date of January 1, 2026. However, because 
Financial Institution E did not originate at least 100 covered credit 
transactions for small businesses in each of 2024 and 2025, it no 
longer satisfies the definition of a covered financial institution in 
Sec.  1002.105(b) at the time of the compliance date for Tier 3 
institutions and thus is not required to comply with the rule in 2026.
    vi. Financial Institution F originated 90 covered credit 
transactions for small businesses in calendar year 2022, and 120 in 
2023, 2024, and 2025. Because Financial Institution F did not originate 
at least 100 covered credit transactions for small businesses in each 
of 2022 and 2023, it is not in Tier 1, Tier 2, or Tier 3. Because 
Financial Institution F originated at least 100 covered credit 
transactions for small businesses in subsequent calendar years, Sec.  
1002.114(b)(4), which cross-references Sec.  1002.105(b), applies to 
Financial Institution F. Because Financial Institution F originated at 
least 100 covered credit transactions for small businesses in each of 
2024 and 2025, it is a covered financial institution under Sec.  
1002.105(b) and is required to comply with the rule beginning January 
1, 2026.
    vii. Financial Institution G originated 90 covered credit 
transactions for small businesses in each of calendar years 2022, 2023, 
2024, and 2025, and 120 in each of 2026 and 2027. Because Financial 
Institution F did not originate at least 100 covered credit 
transactions for small businesses in each of 2022 and 2023, it is not 
in Tier 1, Tier 2, or Tier 3. Because Financial Institution G 
originated at least 100 covered credit transactions for small 
businesses in subsequent calendar years, Sec.  1002.114(b)(4), which 
cross-references Sec.  1002.105(b), applies to Financial Institution G. 
Because Financial Institution G originated at least 100 covered credit 
transactions for small businesses in each of 2026 and 2027, it is a 
covered financial institution under Sec.  1002.105(b) and is required 
to comply with the rule beginning January 1, 2028.
114(c) Special Transition Rules
    1. Collection of certain information prior to a financial 
institution's compliance date. Notwithstanding Sec.  1002.5(a)(4)(ix), 
a financial institution that chooses to collect information on covered 
applications as permitted by Sec.  1002.114(c)(1) in the 12 months 
prior to its initial compliance date as specified in Sec.  
1002.114(b)(1), (2) or (3) need comply only with the requirements set 
out in Sec. Sec.  1002.107(a)(18) and (19), 1002.108, and 1002.111(b) 
and (c) with respect to the information collected. During this 12-month 
period, a covered financial institution need not comply with the 
provisions of Sec.  1002.107 (other than Sec. Sec.  1002.107(a)(18) and 
(19)), 1002.109, 1002.110, 1002.111(a), or 1002.114.
    2. Transition rule for applications received prior to a compliance 
date but final action is taken after a compliance date. If a covered 
financial institution receives a covered application from a small 
business prior to its initial compliance date specified in Sec.  
1002.114(b), but takes final action on or after that date, the 
financial institution is not required to collect data regarding that 
application pursuant to Sec.  1002.107 nor to report the application 
pursuant to Sec.  1002.109. For example, if a financial institution is 
subject to a compliance date of October 1, 2024, and it receives an 
application on September 15, 2024 but does not take final action on the 
application until October 5, 2024, the financial institution is not 
required to collect data pursuant to Sec.  1002.107 nor to report data 
to the Bureau pursuant to Sec.  1002.109 regarding that application.
    3. Has readily accessible the information needed to determine small 
business status. A financial institution has readily accessible the 
information needed to determine whether its originations of covered 
credit transactions were for small businesses as defined in Sec.  
1002.106 if, for instance, it in the ordinary course of business 
collects data on the precise gross annual revenue of the businesses for 
which it originates loans, it obtains information sufficient to 
determine whether an applicant for business credit had gross annual 
revenues of $5 million or less, or if it collects and reports similar 
data to

[[Page 35570]]

Federal or State government agencies pursuant to other laws or 
regulations.
    4. Does not have readily accessible the information needed to 
determine small business status. A financial institution does not have 
readily accessible the information needed to determine whether its 
originations of covered credit transactions were for small businesses 
as defined in Sec.  1002.106 if it did not in the ordinary course of 
business collect either precise or approximate information on whether 
the businesses to which it originated covered credit had gross annual 
revenue of $5 million or less. In addition, even if precise or 
approximate information on gross annual revenue was initially 
collected, a financial institution does not have readily accessible 
this information if, to retrieve this information, for example, it must 
review paper loan files, recall such information from either archived 
paper records or scanned records in digital archives, or obtain such 
information from third parties that initially obtained this information 
but did not transmit such information to the financial institution.
    5. Reasonable method to estimate the number of originations. The 
reasonable methods that financial institutions may use to estimate 
originations for 2022 and 2023 include, but are not limited to, the 
following:
    i. A financial institution may comply with Sec.  1002.114(c)(2) by 
determining the small business status of covered credit transactions by 
asking every applicant, prior to the closing of approved transactions, 
to self-report whether it had gross annual revenue for its preceding 
fiscal year of $5 million or less, during the period October 1 through 
December 31, 2023. The financial institution may annualize the number 
of covered credit transactions it originates to small businesses from 
October 1 through December 31, 2023 by quadrupling the originations for 
this period, and apply the annualized number of originations to both 
calendar years 2022 and 2023.
    ii. A financial institution may comply with Sec.  1002.114(c)(2) by 
assuming that every covered credit transaction it originates for 
business customers in calendar years 2022 and 2023 is to a small 
business.
    iii. A financial institution may comply with Sec.  1002.114(c)(2) 
by using another methodology provided that such methodology is 
reasonable and documented in writing.
    6. Examples. The following scenarios illustrate the potential 
application of Sec.  1002.114(c)(2) to a financial institution's 
compliance date under Sec.  1002.114(b).
    i. Prior to October 1, 2023, Financial Institution A did not 
collect gross annual revenue or other information that would allow it 
to determine the small business status of the businesses for whom it 
originated covered credit transactions in calendar years 2022 and 2023. 
Financial Institution A chose to use the methodology set out in comment 
114(c)-5.i and as of October 1, 2023 began to collect information on 
gross annual revenue as defined in Sec.  1002.107(a)(14) for its 
covered credit transactions originated for businesses. Using this 
information, Financial Institution A determined that it had originated 
750 covered credit transactions for businesses that were small as 
defined in Sec.  1002.106. On an annualized basis, Financial 
Institution A originated 3,000 covered credit transactions for small 
businesses (750 originations * 4 = 3,000 originations per year). 
Applying this annualized figure of 3,000 originations to both calendar 
years 2022 and 2023, Financial Institution A is in Tier 1 and has a 
compliance date of October 1, 2024.
    ii. Prior to July 1, 2023, Financial Institution B collected gross 
annual revenue information for some applicants for business credit, but 
such information was only noted in its paper loan files. Financial 
Institution B thus does not have reasonable access to information that 
would allow it to determine the small business status of the businesses 
for whom it originated covered credit transactions for calendar years 
2022 and 2023. Financial Institution B chose to use the methodology set 
out in comment 114(c)-5.i, and as of October 1, 2023, Financial 
Institution B began to ask all businesses for whom it was closing 
covered credit transactions if they had gross annual revenues in the 
preceding fiscal year of $5 million or less. Using this information, 
Financial Institution B determined that it had originated 350 covered 
credit transactions for businesses that were small as defined in Sec.  
1002.106. On an annualized basis, Financial Institution B originated 
1,400 covered credit transactions for small businesses (350 
originations * 4 = 1,400 originations per year). Applying this 
estimated figure of 1,400 originations to both calendar years 2022 and 
2023, Financial Institution B is in Tier 2 and has a compliance date of 
April 1, 2025.
    iii. Prior to April 1, 2023, Financial Institution C did not 
collect gross annual revenue or other information that would allow it 
to determine the small business status of the businesses for whom it 
originated covered credit transactions in calendar years 2022 and 2023. 
Financial Institution C chose its own methodology pursuant to comment 
114(c)-5.iii, basing it in part on the methodology specified in comment 
114(c)-5.i. Starting on April 1, 2023, Financial Institution C began to 
ask all business applicants for covered credit transactions if they had 
gross annual revenue in their preceding fiscal year of $5 million or 
less. Using this information, Financial Institution C determined that 
it had originated 100 covered credit transactions for businesses that 
were small as defined in Sec.  1002.106. On an annualized basis, 
Financial Institution C originated approximately 133 covered credit 
transactions for small businesses ((100 originations * 365 days)/275 
days = 132.73 originations per year). Applying this estimate of 133 
originations to both calendar years 2022 and 2023, Financial 
Institution C is in Tier 3 and has a compliance date of January 1, 
2026.
    iv. Financial Institution D did not collect gross annual revenue or 
other information that would allow it to determine the small business 
status of the businesses for whom it originated covered credit 
transactions in calendar years 2022 and 2023. Financial Institution D 
determined that it had originated 3,000 total covered credit 
transactions for businesses in each of 2022 and 2023. Applying the 
methodology specified in comment 114(c)-5.ii, Financial Institution D 
assumed that all 3,000 covered credit transactions originated in each 
of 2022 and 2023 were to small businesses. On that basis, Financial 
Institution D is in Tier 1 and has a compliance date of October 1, 
2024.
    v. Financial Institution E did not collect gross annual revenue or 
other information that would allow it to determine the small business 
status of the businesses for whom it originated covered credit 
transactions in calendar years 2022 and 2023. Financial Institution E 
determined that it had originated 700 total covered credit transactions 
for businesses in each of 2022 and 2023. Applying the methodology 
specified in comment 114(c)-5.ii, Financial Institution E assumed that 
all such transactions in each of 2022 and 2023 were originated for 
small businesses. On that basis, Financial Institution E is in Tier 2 
and has a compliance date of April 1, 2025.
    vi. Financial Institution F did does not have readily accessible 
gross annual revenue or other information that would allow it to 
determine the small business status of the businesses for whom it 
originated covered credit transactions in calendar years 2022 and 2023. 
Financial Institution F determined that it had originated 80 total 
covered credit transactions for businesses in 2022 and

[[Page 35571]]

150 total covered credit transactions for businesses in 2023. Applying 
the methodology set out in comment 114(c)-5.ii, Financial Institution F 
assumed that all such transactions originated in 2022 and 2023 were 
originated for small businesses. On that basis, Financial Institution E 
is not in Tier 1, Tier 2 or Tier 3, and is subject to the compliance 
date provision specified in Sec.  1002.114(b)(4).
* * * * *

Rohit Chopra,
Director, Consumer Financial Protection Bureau.
[FR Doc. 2023-07230 Filed 5-30-23; 8:45 am]
 BILLING CODE 4810-AM-P